last executing test programs:

7m49.909646866s ago: executing program 32 (id=653):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r1, 0x40383d0c, &(0x7f0000000080)={{0x0, 0xfffffffb}, {0x7, 0x2800}, 0xf, 0x1})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
ioctl$PTP_EXTTS_REQUEST2(r1, 0x40603d10, &(0x7f0000000040))
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0, <r2=>0x0})
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000300)={{r0}, r2, 0x1c, @unused=[0x6, 0x0, 0x9, 0x37], @subvolid=0x38a3})
openat$ashmem(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)

5m41.834371992s ago: executing program 4 (id=2660):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x1c1900, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0xc0011029}]})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x52, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a4"})
mmap$binder(&(0x7f00000a0000)=nil, 0x0, 0x1, 0x11, r3, 0x20000000)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x8)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0xd0, 0x0, &(0x7f0000000600)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000140)={@flat=@weak_binder={0x77622a85, 0x110b}, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x1, &(0x7f0000000000)=""/72, 0x48, 0x0, 0x3e}}, &(0x7f0000000080)={0x0, 0x18, 0x30}}}, @acquire_done={0x40106309, 0x3}, @clear_death, @acquire={0x40046305, 0x1}, @register_looper, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000440)={@flat=@handle={0x73682a85, 0x101, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000340)=""/244, 0xf4, 0x2, 0xe}, @fd={0x66642a85, 0x0, r4}}, &(0x7f00000004c0)={0x0, 0x18, 0x40}}}, @decrefs={0x40046307, 0x2}, @register_looper, @exit_looper], 0x0, 0x0, 0x0})

5m40.889620446s ago: executing program 4 (id=2673):
r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f0000000040))
r1 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$selinux_create(r1, &(0x7f00000000c0)=@objname={'system_u:object_r:update_modules_exec_t:s0', 0x20, '/usr/sbin/cupsd', 0x20, 0x4, 0x20, './file0\x00'}, 0x58)
r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@x86={0x0, 0x3, 0x3, 0x0, 0x200, 0xf7, 0x3, 0xfb, 0x4e, 0x9, 0x3, 0x8, 0x0, 0x4, 0x5, 0x8, 0x1, 0x5, 0xfd, '\x00', 0x6, 0x8})
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r1, 0x40089413, &(0x7f0000000180))
syz_clone3(&(0x7f0000000440)={0x8000200, &(0x7f00000001c0)=<r3=>0xffffffffffffffff, &(0x7f0000000200), &(0x7f0000000240), {0x3e}, &(0x7f0000000280)=""/136, 0x88, &(0x7f0000000340)=""/189, &(0x7f0000000400)=[0x0], 0x1, {r0}}, 0x58)
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x11, r3, 0x8b02f000)
write$binfmt_register(r0, &(0x7f00000004c0)={0x3a, 'syz1', 0x3a, 'E', 0x3a, 0x7ff, 0x3a, '/selinux/create\x00', 0x3a, '-(}', 0x3a, './file0', 0x3a, [0x4f, 0x46, 0x4f, 0x43, 0x50, 0x46]}, 0x40)
ioctl$BTRFS_IOC_SPACE_INFO(r2, 0xc0109414, &(0x7f0000000500)={0xdeb, 0x2, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000015340)={0x4})
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r1, 0x82307201, &(0x7f0000015380)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000155c0)='./binderfs/custom0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000015980)={0x88, 0x0, &(0x7f00000157c0)=[@dead_binder_done, @increfs={0x40046304, 0x1}, @release={0x40046306, 0x3}, @increfs={0x40046304, 0x2}, @decrefs={0x40046307, 0x3}, @increfs={0x40046304, 0x2}, @acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x70, 0x18, &(0x7f0000015700)={@ptr={0x70742a85, 0x1, &(0x7f0000015600)=""/81, 0x51, 0x2, 0x2d}, @ptr={0x70742a85, 0x1, &(0x7f0000015680)=""/111, 0x6f, 0x2, 0x39}, @fda={0x66646185, 0x3, 0x2, 0x2c}}, &(0x7f0000015780)={0x0, 0x28, 0x50}}, 0x400}], 0xdd, 0x0, &(0x7f0000015880)="4ead5cc450674fc31a974a6ccd7c125e926a81c764a907ddf2bb48d35daa646508349b309be57726886442a8fd84b1210e6e0b3be6b80d872b8f6516fab459e8f6b8d44ca403a61604d470181bc019c19fd50f7e7f1c797a4d6e8b7278aa6946680c6917ecbaa1e96357a41dd4f0eef129a47c7256868c2a2a2c65fa855522f4641925e63a543187074aa7b81bc263728e7556ed6f7687d11e10f22c004e7859d12f9098902b880df7150a8577cc525fa63b5351ff93125cb762b953eb9c2ef15b196bce1bad1d206cd62b608825bcbe3051d8114643afac348a202ab5"})
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f00000159c0)={0x0, 0x3, 0x7, 0xfff})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000015d80)={0xa4, 0x0, &(0x7f0000015c80)=[@register_looper, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000015b00)={@flat=@weak_binder={0x77622a85, 0x101, 0x3}, @flat=@weak_handle={0x77682a85, 0x100b}, @ptr={0x70742a85, 0x1, &(0x7f0000015a00)=""/224, 0xe0, 0x1, 0xf}}, &(0x7f0000015b80)={0x0, 0x18, 0x30}}}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000015bc0)={@fda={0x66646185, 0x3, 0x1, 0x22}, @fda={0x66646185, 0xa, 0x2, 0x26}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000015c40)={0x0, 0x20, 0x40}}}, @clear_death={0x400c630f, 0x2}], 0x39, 0x0, &(0x7f0000015d40)="087a8b96b7d40b27e8cb61d395d9e7f99cb28c9e47686be2bee4101d3eb75c02a83510efd941b5a69ff3af321c86185ed18c940eb7977e2ca2"})
write$UHID_CREATE(r0, &(0x7f0000015e40)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000015dc0)=""/111, 0x6f, 0x1, 0x6, 0x7, 0x9}}, 0x120)
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000015f80)={[0x11e3, 0xd8f, 0x10, 0x5, 0x1, 0x5, 0x2, 0x5ea, 0x8db3, 0x2, 0x5, 0x8, 0xf3f2, 0x0, 0xffff, 0x8], 0xd000, 0x203000})
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000016040)='./file0\x00', 0x800, 0x1)
r7 = openat(r6, &(0x7f0000016080)='./file0\x00', 0x600800, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f00000160c0)={0x4, 0xf570804f0f2764e4, 0x100000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000016100)='./cgroup.net/syz1\x00', 0x200002, 0x0)
mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x9)
openat$cgroup_devices(r8, &(0x7f0000016140)='devices.deny\x00', 0x2, 0x0)
ioctl$NS_GET_PARENT(r0, 0xb702, 0x0)
ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f00000161c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000016180)=0x200})

5m40.734828408s ago: executing program 4 (id=2674):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'vcan0\x00', 0x4000})
ioctl$TUNGETVNETHDRSZ(r1, 0x800454d3, 0xffffffffffffffff)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0xa, 0x2})
mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0xc001001b}]})
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='memory.low\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x44, 0x0, &(0x7f0000000200)=[@reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000180)={@ptr={0x70742a85, 0x1, &(0x7f0000000000)=""/3, 0x3, 0x1, 0x6}, @flat=@binder={0x73622a85, 0x0, 0x3}, @flat=@weak_handle={0x77682a85, 0x1000, 0x1}}, &(0x7f0000000080)={0x0, 0x28, 0x40}}}], 0x0, 0x0, 0x0})

5m40.523649891s ago: executing program 4 (id=2677):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder1\x00', 0x2, 0x0)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x7)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/255, 0xff, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x9, 0x18, 0x40}}, 0x10}], 0x52, 0x0, &(0x7f0000000380)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948"})
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder1\x00', 0x2, 0x0) (async)
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x7) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/255, 0xff, 0x0, 0x33}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x9, 0x18, 0x40}}, 0x10}], 0x52, 0x0, &(0x7f0000000380)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948"}) (async)

5m40.390487304s ago: executing program 4 (id=2680):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x40086602, 0x100000000000000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000d80), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD64(r2, 0x400454a4, &(0x7f00000000c0)) (async)
ioctl$SNDRV_TIMER_IOCTL_TREAD64(r2, 0x400454a4, &(0x7f00000000c0))
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0xe2402, 0x0) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0xe2402, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x8101, 0x0)
ioctl$PTP_ENABLE_PPS(r4, 0x40043d04, 0x0) (async)
ioctl$PTP_ENABLE_PPS(r4, 0x40043d04, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000540)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000c00)=ANY=[@ANYBLOB="01000000000000000100001a2d743ec17c66ed"])
ioctl$KVM_RUN(r7, 0xae80, 0x0)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats'])

5m40.066295379s ago: executing program 4 (id=2687):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000002a80)={0x1, 0x0, [{0x560, 0x0, 0x800}]})
write$UHID_CREATE(r1, &(0x7f0000000140)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000002c0)=""/4096, 0x1000, 0x9, 0x81, 0x4, 0x8, 0x1}}, 0x120)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0x413}]})
r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0)
read(r7, &(0x7f0000000000)=""/103, 0x67)
r8 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x100000, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)

5m30.584781683s ago: executing program 0 (id=2823):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000300)=@arm64={0x8, 0x0, 0x5, '\x00', 0x2})
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000000)={0x150001, 0x0, [0x6, 0x5, 0x1, 0x3715701a, 0x8, 0x299c0e99, 0x1ff, 0x92]})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r3, 0x0, 0xffdd)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000080), 0x400, &(0x7f00000000c0)=ANY=[@ANYBLOB='non'])

5m30.105150961s ago: executing program 0 (id=2828):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x143202, 0x0)
r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000400), 0x1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0)
read(r5, &(0x7f0000000080)=""/93, 0xffffff6c)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000cc0)={{0x3, 0x3, 0x1, 0x1, 0x9}})
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
ioctl$PPPIOCGIDLE64(r7, 0x8010743f, &(0x7f0000000100))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r4, 0xfffff000)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000030000000000000000000000000500000000000000ffffffffffffff7f0b177c4dd49fbec0758c984f2ff2dcbe01000000000000808000000003000000000000"])
write(r1, &(0x7f0000001c80)="b12a42ebda0a", 0x6)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xffffeffffffff7fb)
mmap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x13, r0, 0x4758f000)

5m29.894068234s ago: executing program 0 (id=2831):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/kernel/fscaps', 0x2200, 0xe0)
ioctl$FS_IOC_RESVSP(r1, 0x4030582b, &(0x7f0000000300)={0x1100, 0x2, 0x75, 0x2a40})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000400)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x5, 0x0, &(0x7f0000000500)="7da3644468"})

5m29.889347864s ago: executing program 0 (id=2833):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0)
read(r1, &(0x7f0000000080)=""/93, 0xffffff6c)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000083c0)={{0x1}})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0xc, 0x0, &(0x7f0000000200)=[@dead_binder_done], 0x40, 0x0, &(0x7f0000000580)="de546e22bade76f1a03b79e954ee20bc43f7ee47218a02ff8ba942478a7b69462fc21a9218c8d9b1b0d1961372525872b17948adf2dcbba03d2f3e0e647c2e70"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0x50, 0x0, &(0x7f0000000300)="9a29cd1fb4ccd347afc934b1ef3922299c16637f5766dd4f2e5497f28b98b220ceaa8df22e1f4e2e83f31d76ecb812966cb2cc5590b2dbd9496a895f52df578a2b2897f00914e3bfa2b9ea55c39cd5b7"})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000480000000000000006"])
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000cc0)={{0x3, 0x3, 0x1, 0x1, 0x9}})
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x105000)
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r7, 0x40505412, &(0x7f0000000380)={0x4, 0x9, 0xade, 0x0, 0x2})
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r9, 0x40345410, &(0x7f0000000040)={{0x1}})
r10 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r10, 0x54a3)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r10, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_START(r10, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_START(r9, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r9, 0x5423, 0x0)
ioctl$PPPIOCGIDLE64(r8, 0x8010743f, &(0x7f0000000100))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r0, 0xfffff000)

5m28.866964499s ago: executing program 0 (id=2840):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
unlinkat(0xffffffffffffffff, 0x0, 0x134)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
close(r3)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000100)=[@acquire={0x40046305, 0x1}, @register_looper], 0x51, 0x0, &(0x7f0000000340)="a89aff67520a7335b849b4f88a6db06e45e3f5e648a65b8003975be8a982d5135e161a783d3d01fddcbd838bac308358a7e349f333e620505e4cf1982c991b516a9e26b6bb537c85f5ad467697f0d78b9a"})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000000)=[@release={0x40046306, 0x3}], 0xe6, 0x0, &(0x7f0000000400)="c552a29e03eb0d4ff2bcd6ff07b1ea39e02b0b8ce0995259ec8c05dcbc90a94b7d88ee459613660aaad499961b7776737d9868bdd6b6fe4767dc8393e0108936959f27ee70c9d5a4b58f25773eb4aec86b54bec8a91daa77f9e1edfb9b284b5a4bfdfaa35a235f01e1411a4c935f460ca311638c7ff1698780bca49b5c762b27cc31df52c906096c3ffc5948ce3b9000d77b6969362bca08d0e385acdaddb9ece2a0569272b51457bd87b0f01f6f23cd842c0281176d149618fcc14f6dbac4096d549ded2a5c8c862fb42ce63d980a2fc3007acc5aff514ce7fdde0ec5951015b32c41fe77ba"})

5m27.825003425s ago: executing program 0 (id=2842):
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
prctl$PR_SET_THP_DISABLE(0x41, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000240)=ANY=[@ANYBLOB="c572547748a19ef651d141d26e517a6d1c6d33e9a50d680303f24875d202f5bfa357584112f1d97c4c59144f66c22fdccf6c6c952e9ce202e4ae653283fe9ebf2d0991b617cfe3971678df3dc0673c47ecd323d217441b116db2bc2e9399913189bec8dd1082c469acf7b9159ee1eef41daa2c4154c87aa962a648af070952943116e0a7cead6d639fbc05b854f058fae69f9e70bb0168609350040923c2807b19bdf3903476a4ce28cc", @ANYRESHEX=r0, @ANYRES8=r0, @ANYBLOB="917d73d49a202642e7c1981657b0a9b04e66f5d6b6909f7cf5700cab41314fa4f63c4684bc5a8f4c4456c09551527599567e301c289b305aa5af8cbe99793dda09150e7d6bcfa164bfaf27896895785b6ef6e1f96eda1285b18690d2eac124a07ef1280a61f4adf691a100554821c23aa6ed60410caf77f1f6ae74324a53940e7135", @ANYBLOB="8d087b2c1a88c8d225c80b76db82ad767c8306b1abdc85cf8b330a215207819a2d8b941a29d30c00dda09103592a912f8ccb1f0d37b7c962ebb0eaaa94e84b4080926762c032131037f0d68a5d43d25ba0343d80378a1b57786688cf2c404ad7c1acaa5ae297e6a8928d00efdab2095059553dcbdc70e8960ba64efcf5e9034bb280dc57c375153697cad4faa908a190b023181363bebf7877ff2358ba61342578421c24334ff7c6fc1de374f511219fce6a1738965cf290ddef0ec9130d1885d6b52fd1a69c1b147cf6b8e416737830bc4295c6e690f5d5022d6cffd0fd92c1807cbb0d8089321e1c3de4414cea431b2f8f16800101bcdf16249f21", @ANYRESOCT=r0, @ANYRES16=r0])

5m27.255144454s ago: executing program 1 (id=2845):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000340), 0x140002, 0x0)
write$vga_arbiter(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='lock '], 0xc)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, &(0x7f0000001400)=0xe)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r3, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2, 0xc98f, 0x3, 0x0, 0x0, 0xc07}}, 0x120)
prctl$PR_SET_SECCOMP(0x35, 0x2, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_QGROUP_CREATE(r3, 0x4010942a, &(0x7f0000000400)={0x0, 0x5})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x101, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000080)={0x717d, 0x1, 0xbe10, 0x9c, 0x40, "078e000000006e00"})
read$FUSE(r3, &(0x7f0000001040)={0x2020}, 0x2020)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000100)=[@acquire={0x40046305, 0x1}, @register_looper], 0x51, 0x0, &(0x7f0000000340)="a89aff67520a7335b849b4f88a6db06e45e3f5e648a65b8003975be8a982d5135e161a783d3d01fddcbd838bac308358a7e349f333e620505e4cf1982c991b516a9e26b6bb537c85f5ad467697f0d78b9a"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})

5m26.9019173s ago: executing program 1 (id=2847):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f00000003c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat=@binder={0x73622a85, 0x1, 0x2}, @fd, @ptr={0x70742a85, 0x2, 0x0, 0x0, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0})
r1 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000000)='memory.pressure\x00', 0x2, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000008c0)={0x14c, 0x0, &(0x7f0000000640)=[@transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000002c0)={@fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, &(0x7f0000000100)=""/92, 0x5c, 0x0, 0x2f}, @flat=@binder={0x73622a85, 0x1000}}, &(0x7f0000000040)={0x0, 0x18, 0x40}}}, @enter_looper, @register_looper, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000440)={@fda={0x66646185, 0x8, 0x0, 0x2d}, @fda={0x66646185, 0x0, 0x2, 0x1e}, @fda={0x66646185, 0x4, 0x1, 0x18}}, &(0x7f0000000180)={0x0, 0x20, 0x40}}, 0x400}, @request_death={0x400c630e, 0x3}, @reply={0x40406301, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f00000004c0)={@fda={0x66646185, 0x7, 0x1, 0x1c}, @flat=@weak_handle={0x77682a85, 0x101, 0x2}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000240)={0x0, 0x20, 0x38}}}, @acquire_done={0x40106309, 0x1}, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f00000005c0)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000540)=""/123, 0x7b, 0x1, 0x3}}, &(0x7f0000000340)={0x0, 0x18, 0x30}}, 0x400}], 0xce, 0x0, &(0x7f00000007c0)="69f4803caed4c6baf4fb6df12b2218edffe030e3ee75a04e19b253252bcaf18e6460c6d46b7f0fe895a5f3a50b0ece3a5363ba922d0e3a654394fdb2f4628659d00e203ea74bbddea1046136acc52c20bf9e50675e573867f68256c92b5905fcba4abe040f36e6a85d656f8a1eab20660ecddac6a0fa370a860b7b7b73cd800cb76f15b33fe492ba334368d6676b74bf0499d16d55d02ae92bd9683502454294625c0c1b968c6914d06d8ad1b89e4ef6bf9689ea4f9d686457650966c324fb3b7f1b863af3260b327debbf87acd3"})

5m26.89958778s ago: executing program 1 (id=2848):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) (async)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000980)='/sys/power/pm_trace', 0x0, 0x0)
read$FUSE(r2, &(0x7f0000002b40)={0x2020}, 0x2020) (async)
read$FUSE(r2, &(0x7f0000002b40)={0x2020}, 0x2020)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000002a00), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000340)={0x100, 0x0, &(0x7f0000002a40)=[@release={0x40046306, 0xffffffff}, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000180)={@flat=@handle={0x73682a85, 0xe, 0x1}, @fda={0x66646185, 0x6, 0x0, 0x3}, @fda={0x66646185, 0x9, 0x0, 0x9}}, &(0x7f0000000240)={0x0, 0x18, 0x38}}}, @acquire_done={0x40106309, 0x1}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000600)={@fda={0x66646185, 0xc, 0x1, 0x16}, @flat=@weak_binder={0x77622a85, 0xa, 0x1}, @fd={0x66642a85, 0x0, r1}}, &(0x7f00000004c0)={0x0, 0x20, 0x38}}, 0x400}, @release={0x40046306, 0x1}, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000780)={@fda={0x66646185, 0x4, 0x0, 0xd}, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x1, &(0x7f0000000680)=""/227, 0xe3, 0x2, 0x2f}}, &(0x7f0000000800)={0x0, 0x20, 0x38}}}], 0xd4, 0x0, &(0x7f0000000940)="710bcda9688562df3f1480050000000000000083ad83e63e83eb069290e133ab569fd778cccdc33e4edf535ffdc6bd888c26867bd8c4d5720001010fb4d94ec9d07233a5a71c1ee3130fdc6276e8be3d0d36b18688343a3a32c8f2b88c01025339485dc85f82953847fb1fb24a4a48095b14458530b03662b9b64e5188b784d74bf21bd8ee3ec11e64eafc449638c8dba693ed8bc77d5eb71fecaf2c064cb1b288942765c481d82f542fb136d3a4be57edccaa246252bd012b5747bb766e4c3396586421dcab5410320a08a99ce6cbebc05546d1"})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'\x00', 0x8411}) (async)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'\x00', 0x8411})
ioctl$TUNSETLINK(r3, 0x400454cd, 0x0) (async)
ioctl$TUNSETLINK(r3, 0x400454cd, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x29)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x101002, 0x0)
ioctl$FS_IOC_SETVERSION(r5, 0x40087602, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x401, 0x0) (async)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x401, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000c40)=0x1b)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) (async)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x100, 0x0) (async)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x100, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) (async)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x0, 0xffff1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r12 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_RUN(r12, 0xae80, 0x0)
mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r8, 0x0)

5m26.534830115s ago: executing program 1 (id=2850):
openat$pfkey(0xffffffffffffff9c, &(0x7f0000003340), 0x165a42, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x28012, r0, 0x0)
mmap(&(0x7f00009c5000/0x1000)=nil, 0x1000, 0x3, 0x28012, r0, 0x0)
r1 = openat(r0, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x2)
mmap(&(0x7f00004e9000/0x3000)=nil, 0x3000, 0x4, 0x11, r1, 0xc1282000)
read(r1, &(0x7f0000000080)=""/1, 0x1)
read(r1, &(0x7f00000002c0)=""/222, 0xde)
prctl$PR_GET_NAME(0x35, &(0x7f0000000000)=""/4096)
r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$FIBMAP(r2, 0x1, &(0x7f0000013c00))
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f00000001c0)=ANY=[@ANYBLOB='nXI'])

5m26.458058066s ago: executing program 1 (id=2851):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000597000/0x3000)=nil, 0x3000, 0x9, 0x28011, r1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000cf0800008f04"])
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0xd, 0x0, &(0x7f0000000340)=[@increfs_done={0x40106308, 0x3}, @decrefs, @register_looper, @register_looper], 0x0, 0x0, &(0x7f00000002c0)})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000000000000910000400eca"])
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r6, 0x4040ae77, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x101ff, 0x6, 0xeeee0000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x2515, 0x0, 0x0, 0x1000, &(0x7f0000fec000/0x1000)=nil})
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000ffe000/0x1000)=nil})
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/rcu_normal', 0x22202, 0x0)
write$cgroup_int(r8, &(0x7f0000000200)=0x1000009ee8, 0x12)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x80000000, 0x4, 0xc2, 0x4f, 0x40, 0x2, 0x80, 0x1, 0x3, 0x44, 0x8, 0x0, 0x9}, {0xb, 0x1, 0x6, 0x8, 0x9, 0xff, 0x4, 0x3, 0xa, 0x13, 0x7, 0x6, 0x1}, {0x1ff, 0x7, 0xd, 0x10, 0x25, 0x9, 0x0, 0xfb, 0x4, 0x5, 0x0, 0x2, 0x4}], 0x9})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000200)={[0x4000000000000000, 0x6, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x3, 0x7fffffffffffffff], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51)
ioctl$FS_IOC_FSSETXATTR(r9, 0x401c5820, &(0x7f0000000080)={0x8})
ioctl$SNAPSHOT_S2RAM(r9, 0x330b)

5m25.888215845s ago: executing program 1 (id=2854):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xffffffffffdfffff, 0x0, 0x10, r0, 0x0) (async)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) (async)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) (async, rerun: 64)
r3 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0) (rerun: 64)
syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0x58) (async)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r2, 0x0)

5m24.533742376s ago: executing program 33 (id=2687):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000002a80)={0x1, 0x0, [{0x560, 0x0, 0x800}]})
write$UHID_CREATE(r1, &(0x7f0000000140)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000002c0)=""/4096, 0x1000, 0x9, 0x81, 0x4, 0x8, 0x1}}, 0x120)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0x413}]})
r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0)
read(r7, &(0x7f0000000000)=""/103, 0x67)
r8 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x100000, 0x0)
ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)

5m12.107963575s ago: executing program 34 (id=2842):
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
prctl$PR_SET_THP_DISABLE(0x41, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
ioctl$SNAPSHOT_UNFREEZE(r0, 0x3302)
mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', 0x0, 0x2010860, &(0x7f0000000240)=ANY=[@ANYBLOB="c572547748a19ef651d141d26e517a6d1c6d33e9a50d680303f24875d202f5bfa357584112f1d97c4c59144f66c22fdccf6c6c952e9ce202e4ae653283fe9ebf2d0991b617cfe3971678df3dc0673c47ecd323d217441b116db2bc2e9399913189bec8dd1082c469acf7b9159ee1eef41daa2c4154c87aa962a648af070952943116e0a7cead6d639fbc05b854f058fae69f9e70bb0168609350040923c2807b19bdf3903476a4ce28cc", @ANYRESHEX=r0, @ANYRES8=r0, @ANYBLOB="917d73d49a202642e7c1981657b0a9b04e66f5d6b6909f7cf5700cab41314fa4f63c4684bc5a8f4c4456c09551527599567e301c289b305aa5af8cbe99793dda09150e7d6bcfa164bfaf27896895785b6ef6e1f96eda1285b18690d2eac124a07ef1280a61f4adf691a100554821c23aa6ed60410caf77f1f6ae74324a53940e7135", @ANYBLOB="8d087b2c1a88c8d225c80b76db82ad767c8306b1abdc85cf8b330a215207819a2d8b941a29d30c00dda09103592a912f8ccb1f0d37b7c962ebb0eaaa94e84b4080926762c032131037f0d68a5d43d25ba0343d80378a1b57786688cf2c404ad7c1acaa5ae297e6a8928d00efdab2095059553dcbdc70e8960ba64efcf5e9034bb280dc57c375153697cad4faa908a190b023181363bebf7877ff2358ba61342578421c24334ff7c6fc1de374f511219fce6a1738965cf290ddef0ec9130d1885d6b52fd1a69c1b147cf6b8e416737830bc4295c6e690f5d5022d6cffd0fd92c1807cbb0d8089321e1c3de4414cea431b2f8f16800101bcdf16249f21", @ANYRESOCT=r0, @ANYRES16=r0])

5m10.879106924s ago: executing program 35 (id=2854):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xffffffffffdfffff, 0x0, 0x10, r0, 0x0) (async)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) (async)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) (async, rerun: 64)
r3 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0) (rerun: 64)
syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0x58) (async)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r2, 0x0)

3m27.133900408s ago: executing program 7 (id=4239):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x2, 0x8000000, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000002580)=ANY=[@ANYBLOB="c23c96478dc2e00100090000000000004d564b001119000009"])
ioctl$FS_IOC_RESVSP(r1, 0x4030582a, &(0x7f0000000300)={0x113e, 0x0, 0x2000000, 0x10000})
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x0, 0x3})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x420400, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/wakeup_count', 0x0, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/consoles\x00', 0x0, 0x0)
read$FUSE(r7, &(0x7f0000000080)={0x2020}, 0x2020)
r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0)
ioctl$BLKGETSIZE(r8, 0x1260, &(0x7f0000000400))
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r10 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x42000, 0x0)
read(r10, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
r11 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x200)
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_INTERRUPT(r11, 0x4004ae86, 0x0)
read$FUSE(r6, &(0x7f0000000540)={0x2020}, 0x2020)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)

3m26.856149602s ago: executing program 7 (id=4244):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x26e1, 0x0)
close(r2)
write$UHID_INPUT(r2, &(0x7f00000011c0)={0x8, {"2864e0b2e9944e859f0f76750bdb140b9246cec5a6029b5238381e926850c7ea9f647b5afe38173015d77556120bcab5d6526041083f0bbe79d5589def034cbddf719bc5d67d87e2416904d5d6cf15538fea9e141c74e3c6c004264bbd93ecba9dd8c9dcd25489d1a21395102c5dac1d54e2e850e1f0d63e433a392e4c9716d427e6b4e489e55c7a06c3438b2bdeb63a542b63db9a21e674ad1362accf960d8cf3ceedaab49f10981f4f260ddbe0abb623824ac17475cc65a61b9571f1ea42ed87fb05f582f43f65a934e79a13a21727b8c84559e02e654ba28750f8621dff8b8fd2d2d51aae182a287397d8048436979e2c812a2df909977c94b29327b942887151d648b0dda10fb855d52047f42e0df3b5049e1080ef42610f4bf0ffe2b6c105665d638498da93c1d208b772ba8e3353e72d79e96289964e97208b004ba0ab9c3671b82b52b33d345980c930d49eeeaa01d33c15d45890f44afd3d207870183006971066338da61ab0ea623d436bbfff1686c696a9152bd2fb4ec5547c940edfb20f29fbc0fb70065cde25a3e334a6e2356ecddc656a7edab451286ce82d61cde2eb09bc74d256485caa9b92a163dcd7da6c3fdcd78596bf3265a2bd45e51cd8075c93028d3107e5730a3e2d6f8b5df3057b32694d72a6c5c1b69a2498472341129c731df8d9a711c26867dc5e1a5dad5c09217349aeeccad6b1e89be44eabbac73fec56cc159657894b1534e9537ae6d539429e9af6b2d3dd1fb38add4b91ee36ed2d6c94b6469ee2b72196433604e54a5fabd79bd001b91d5c76bb30542ff30cb8fda8f9d84c678dfd809c300ca1c7e3c6b7a660538b5811d56c5fbedfc7528bb3bdd06459f89f6bc008193483035effcb3e130186c5df384253b2052e0a237a7085feadda2b02475260d11e316b6140f41869077f75455ff9cd29f0a113177efb454b6347abe7df8928f7823bbd4c6cf7087ea03b935a6fa8682f7e5b01b4a0b63f9366a927aa554391006a633afec0573e83d8cc74421fa156d64443b244a7ea0517c5c77869084de278dbd39c4ea4ee3694046c86ba736e37fee9ea0e2c9a07bec183e2cd3cf0e38cc8469b712e0488b4622231bcb1ecfb3dff76d6db75eccbbc36dd009fe6bb783356a20404593490cd5bd1e058cdefdb193e95cfc6d7b7207a59efc6f87450f661fbf1c7f35b7437e6f7b19154e11921243adfb87df29d2c7695486f0ce12d321d608eccd37c5729c33dc0a7bb07eb5bbfeacff68969bc6250d6ed944898e7f0b50d413881f250f459e7884429c223d352ab72c9cea1d2f91f6b1c44b4cfc62929a2c8de4b14ebba1019a4f43cf6e41ca9a0689a6bc4e47c5d3b0b46554445d2e5ac9a3e5a173b674de9a9917c23f81b980e957943ed0dea52ff7f48d3d12045453a0aea26e7b275c66a8244a22dbb31bacaa63da17f3aadaaab675ab5e2650f00d962c6c2e899d9e396461aa100a192a1d2ae6273788b978a41932a1630bc2b29ac8bd4cae1f01e3409a984c5619d559dcc9ec64517f5a7aec53478f11b3657b87859f37c22e1d993c407dc90ce26399245499d82ba9b618db20c48e9de2c2f550d8e5a9f532cdfca118bfa43ea01e1bcfaac1fba0a6a859658f407459ebe0df20321d3dbd4c96839eba6ee4e65f55dabe562702c8eaa4e9d53bfd5abb7c0a47083b71391b2678a9f80bfa89cc6a53288e8828f31d7c7a88b75739c94a7b7ed36de246cf96a8f228f5fc2d0258e869884eadba562d587c066fbc3d494c37558ecb64000da83e126535a7ef58e32cbee6e35db1d02a5e3f7c02ab12e2b81b6e4293c0564890d77422c4ae6fab5258acd3e7f34637b629fd96d49406ec4f64333930b35e86134d0c91b630e086c35d112026df03d1871cbf536fad122edceaf7fce78a03a14ea052c3cb232bb33658a6e56a1626720172aa09a17a6d51880b1b302d8e1bbcb86434fc3afe4c9fad5d96a2fcce46acf8b1ee816a8112be1fe6335375fffb079ef9a37e068384dd53579d84b87d2e7ab93f443c129b19e639f5c56599cad55cca1c591454fe514b6c5d8e5de4f3b35062fdede1fe8efcb89caf8c29316b4560b89008be54c1c2ea4800376d705d4aed6b5ccdff87cf30a690d7e3ba6c6235c97b3cae1a8ee3fed97b896c8045f800fa1ad7c01916f9e32c4545bf59136142732ed60f411641fee24109e608592d670286e89d57e37913c3efbf76f7ad9bd8f7ab6c9edc216dbbc91bc12db41288579d56f1e23c89babe1d98d7b174d0c581725cae6915fb83e734fa900694975b541b94f98afd7a30ce89d98748a47b868244fb9f00d36e03148d6ba135385b03b5433561ecd9156d9faf9b6010217baa0ae4bc0aa53f2c02cd78c7e540002d52545c76f9749fd14e12a680b8d3150a47b4e0a8c6c8708c905426d89d8ee9ca23a2f10680252445198cef2e3f42df36daadb89320fa9f0abe233b68babb5bd40366f60750e97e3da5362cd628df57af9d9b0839f1d06cb9f6b41705e6b2a2109374fea4201683568c3eba4575c064bbc7212c109371c8150173bf96987e4dd13c645fef995eb698401b395dcfdd43fa9fed0dbb79019344008b6cac5937c5a557f1f6502772fe886ea70800615fe9282295ffcb795717d47903a14a47be94c292a5abc08c2a7bc11e76af5068d29a64fd93f4e3091c4fabd9ec10d2866b30a7b1ce387ef925d57764ff63f19eda65ebb999c89041f3a319f5f4530cbc9037007f8b82016b6e04dc3e21aa53bfd2278a2103a2fcd9bd3fb30d0148ff279e3d3b30b9b65342c079fae9f1ec21f3cdac67d5d05b653b7c502281b92a4cc4d24f9d7d77a67a81b265101d6c33119c0e314bdf0af5efbadeeff1b272897463bd97d4ce0844377e3df2f7d3ecee1ccb4c4c7cf5e03f0b0d446b71a7c7ab07c3c3b5687f27941a0e85704711ca105f12c1bfb916ad2cfff847b3885b3a5339953d5d91358d585a8978996284b71c349013a437db116d230e4201e2773812816ce1a5d1391ca0c79b826e11c7a558f709a0d2060505c471cfcd30cdb000b7b936612bb7dc001add80510fb8bf9ddbc0598e08cc70b979950dc54743332e0b351f52fcfe3346f0ca727e8d5dd8138d3abe2170fc81e1e8307a816998c3631c4a5a547972ee4c989c77d737707186dac037dc09c3bd85b54564263e8d0f675d8d672c28b02d1915cd521491cdb231449a5ce64de9986223a11fb0de67dd863428619c2b93a02b81ef644ab03e0468f3425788c7df89aeb11b0ffeba935bfab58b9ba506701fe6f6bf302189850e96f5da5aa2fa800627bab5149d802e7a4d22cb1a7ea5b3200ca48dd9667558be88007c08ecdceb3c4db75a3ae6328016abbcf2e7423447acd9c59d4981988e11317d9851d19d6d02553d444963977f85773bf16557721e7a64f56dd0866580d8e95e87968a5bcba4d9bb93ef23a510342c4a35082f2350be771991180c5db5ea3b3e7c94f88b1f8433126a119a42f661795dd4e952f403a23db2745ae642880f72c3751cf4b96716d33fa1b8c773015c9269512b6873cb81e5f4be7b499d937c7358fc67dd07e249f5b957c0f52e87b2154df13a93e6cd752a639f1f149d0c8987e9e40a89265c9743186baca3fdbd3f4d582ad084b3f8994001f3eb89e9a485482ca949481cec507b5c223b90441b3e38d3baac9a407807ac923c7789adad8abd6ebed95bba74be15fc6f5cc95837cb480c7439a0b19af3808535882dde067d04b8783f33bf2a27dbd4c2d1a5033055bc39416c174a1c84967f3bc9c9bab939a5d64eb3150098bb9754eda5840ec0cb2c22f3b4e42b91490d24351c788629c75050ea48bc570e722baa17d319eec4ee0cbc9b6e3ad9b42c350abdec8fac0a9bba606775cb69091966af82419bb40288c73bf9e648ac856721b0c002b88022af3862c2ef3434f484fb8b0273c28cc0c187a8685f54cb4b393ab02bc64e52f6ab4f4ffc12ab9078af5d5aee2078bd607fa5c24438740c04a93fdf9032d4147f441a1d9ff6ea48718e5e85661a1a16f90be2c583c571f84a056638ae36cd5e064c72c330a0fa83d8ea3b5db1fd45e18b33ced5c05b04ef5a90400550aa0d076c90ce8a53fcf1704b49a49b852442c13a012280442d45a3df111e9b14f46b3a01c75b9693e466a750343f5b93c949e824f65c70e0bd58d8209560153e542adccd48dba83bd081df57df00576f1b4f089cc58443482c7cf3f3d837b8e3997b9800066ba51e7d0b97dc095979442183ff3181c7abd5bef7d9d36e0ec47008a72c8cebd74ec2844214515f22c59fe3a7d8c45ef96d7ae20284e36b9e9ca30ec178770bfff43d60da745f8e4b94d1c61944b46ff924395f06af32a661c1a5d462f0bce3332aef38f1eb22e7d8e18867a5e57111bd7b49086ab5ca67730d00bfb7bd836c64ef2d50dd54323fbecdf9a35555102b8a740dd497b7f9034dca6cd69a527b131da2e0597161869db8abb204a7ca46b9f8e96ad8b0fa198b4ba8871f1de756722dcbd98c3a21f44a7d40d6a53876783aab06432e24eeaf0cd67bd31d76e772e2551b4a4c77dd964691cf6207bc62a815454fd1dc921cd2d86435ef8cf95575918e0c827beba72bdfbd0a9a989cabfdcc3fad0125c7181c728895331ddc3d38d758166efabf80856ac2fc7a041767e7a91edaf3b6afd36d5e7357d21869d1a014afe3b6374901071f15a67fbcfd966673b89b62684a8e9084890981516223e07ed0509a04c80fc8a955e40341886579741f3d0127e5775244a898e440e7d894a984705a7d3d5f3ac5f28580c33c888f1b14dd3e822c188d7cffda9448065bf06f7b8686a9650067465e3beae583fac210d551eb5465860ac67d48de9619170e60c788e0452132787810b1c2a12616f33947b1814b8474275a731b7794034eb2fb0debb73db20dc8da5a887918ff022b31c825765f3bd26dd65bf2697f1f190366afa94cd35ced568773e96a225e33669811d229d81fbab84a7ac1fef5d2ae734952d39177cd174c5bde1c6e8cf60133954838d3c7c2e025e5700140a4e0e4b0b3514aab758607b26db5d273211106a73457f800233b3ce94ec8093feb54fd9cc218d7186df01697f9fddd2b155093a5b82aa60f91deab7dd77dd5fcba6e055150b2d1b1534c36c6751a387c9c19ac278e16ff626d0220cac9629594523bb3848f1f524e08f67ba6d911d1a0ad8ccacbf983b4e59d58a7b6d91804005dd630de054bb48add4f887dd3a7f5b0847b9a38cbec10914b0afb99fb7511717a6ea983681865125eafc6b3e6286ccedcf9236a4d6f0bb04ef5ab0116a4c75f037b7a1538e4a87ef7b0b27016820df7114955c2fc500a820dcd6668a2200af87819a4b59463eb5e640a03f5258b4167376c4ae92e5f9601b6566c1422d7a129e57478e388a092755b955936b7b4e2090d0788fa060333274d9268e01693956f7c8686982530da73fbda671c964952a1dc9752b9dc7f29fcef761c99209f30eb0742897afdce8990cf12640630c3e7da042245be702bb6886136a99549ccec40e66dc9b0d771cd36bb7e094fe07fd24281f8a2274d2a71ba889797002fe2932302c16d399c4a2db9adad11410cbd1b4588c35fa4ed325cec605491dd266c9c46985d1043bd4c368ddeaa35c18c7105e4be02fdc4983556e74e772d33b3c0bcb4c528e982d5d3f5b5255f6ce16f429fbcd30e4d8afa9ad00cd48dbb78ed6f6094103857c69a75305fa33035de8963e2ac1e9f0cddfd45e536e2e8316e784102e", 0x1000}}, 0x1006)
syz_clone3(&(0x7f00000013c0)={0x249848100, 0x0, 0x0, 0x0, {0xc}, 0x0, 0x76, 0x0, 0x0, 0x0, {r2}}, 0x58)
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r1, 0x0)

3m26.669203765s ago: executing program 7 (id=4248):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f00000002c0)={0x3f})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller0\x00', 0x1})
ioctl$TUNSETLINK(r1, 0x400454cd, 0x339)
close(r1)
write$uinput_user_dev(r0, &(0x7f0000001740)={'syz1\x00', {}, 0x0, [0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdb], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd]}, 0x45c)
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f00000001c0)={'pimreg0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}})
ioctl$UI_DEV_CREATE(r0, 0x5501)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0xa, 0x2})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0)
write$vga_arbiter(r4, &(0x7f0000000040)=@other={'decodes', ' ', 'mem'}, 0xc)
r5 = openat$cgroup_ro(r3, &(0x7f0000000180)='pids.current\x00', 0x300, 0x0)
read$FUSE(r5, &(0x7f000001aa80)={0x2020}, 0x2020)
write$cgroup_devices(r5, &(0x7f0000000000)={'c', ' *:* ', 'rm\x00'}, 0x9)
mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffc9a, 0x18, 0x0, &(0x7f0000000240)={0x30, 0x30, 0xfffffffffffffce6}}, 0x10}], 0x0, 0x0, 0x0})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sysvipc/sem\x00', 0x0, 0x0)

3m26.161965583s ago: executing program 7 (id=4251):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f00000001c0))
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x8800, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x35}, {0x6}]})
read(r2, &(0x7f0000000200)=""/99, 0x63)
read(r2, &(0x7f0000000080)=""/93, 0xffffff6c)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x1}})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r5, 0x4068aea3, &(0x7f00000004c0)={0x79, 0x0, 0x3})
ioctl$KVM_SET_GSI_ROUTING(r5, 0x4008ae6a, &(0x7f0000000540)=ANY=[@ANYBLOB="01000000000000000100000002000000000000000000007f00ec97630000f1ffffff"])
ioctl$KVM_CAP_X2APIC_API(r5, 0x4068aea3, &(0x7f0000000000)={0x81, 0x0, 0x3})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000cc0)={{0x3, 0x3, 0x1, 0x1, 0x9}})
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
ioctl$PPPIOCGIDLE64(r7, 0x8010743f, &(0x7f0000000100))
ioctl$PPPIOCSPASS(r7, 0x40107447, &(0x7f0000000180)={0x7, &(0x7f0000000140)=[{0x4, 0x3, 0x10, 0x5}, {0x2, 0x5, 0x0, 0xfffffffa}, {0xb, 0x2, 0x6, 0x4}, {0x4, 0x10, 0x5, 0x35}, {0x2, 0x51, 0x9}, {0x2, 0x1, 0x6, 0x6}, {0x2, 0x0, 0x9, 0x40}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x22052, r1, 0xfffff000)

3m25.116933499s ago: executing program 7 (id=4266):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000080)={0x8})
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
ioctl$ASHMEM_GET_NAME(r0, 0x81007702, &(0x7f0000000000)=""/249)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, 0x0)
ioctl$F2FS_IOC_FLUSH_DEVICE(r0, 0x4008f50a, &(0x7f0000000100)={0x4bbe, 0x7})

3m24.933985661s ago: executing program 7 (id=4269):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x100000001) (async, rerun: 32)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32)
mmap(&(0x7f0000701000/0x4000)=nil, 0x4000, 0x200000a, 0x80010, r1, 0x2546c000) (async)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000001500)='\x00\x00\b\x00\xff\xff\xf7\xff\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q\x00\x00\x00\x00\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a\x00\x80\xff\xff\xff\xff\xff\xff\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xc3\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a<W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00!\xd1\xe2\x92\x01@\xe6\xa0\xa4.tt\xf1\x13\xcd\xdf\x90\xf4\xb5\v\x852\x9eT\xb84\xf1\r\x1d\x1e\x15\xec}\x8a\x84\xca*6<O\\=\xd1q\v7\xcb\xe6\x1c\f\xd1\xcd\x95s\xc61\x9c\a\xc9\xb5\x8f\x15c\x03|\xcfA1Uva\xa7\x051AyN\x06\xed\xbb6\xc2$\xe7+:w\n\x89\xc8s>\xde]X1`d\x9d\x9e\xd0\n\xa1\xa9\x8cO\xb8p\"\xe7\xdb\xab\x0eAW&+\xe8\xf7p\v\x01\\\x98\xeey\xc4c\x18\x91\xd9\x00\x1c\xf0.\x9f\x1e?\xea\xea\'0\"\x94\xd1\xd3P\xa8\xc5wP`\xa6\xd5Q\x11\xc3o\x04\vat\xb9}\x83g\xca\xfe\xf4\xe6;\x18\xb9\xe7<\xcf\x96~\x0f\xb0\xd3\x1bl\x9e\xc2\xc6\xcc\xbe\x8c#\xd0\x9f\x050\x1csf\x84\x06Z\xf4\xd2!\a\x8a\xc8\xbe\xdb\xf6y\x94Z\xed0\xdbZ\x9b8~\xc0\xbbU\xd5I\x14\xb6\xeb\xa7V\x00\x18A%')

3m9.889960331s ago: executing program 36 (id=4269):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x100000001) (async, rerun: 32)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32)
mmap(&(0x7f0000701000/0x4000)=nil, 0x4000, 0x200000a, 0x80010, r1, 0x2546c000) (async)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000001500)='\x00\x00\b\x00\xff\xff\xf7\xff\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q\x00\x00\x00\x00\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a\x00\x80\xff\xff\xff\xff\xff\xff\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xc3\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a<W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00!\xd1\xe2\x92\x01@\xe6\xa0\xa4.tt\xf1\x13\xcd\xdf\x90\xf4\xb5\v\x852\x9eT\xb84\xf1\r\x1d\x1e\x15\xec}\x8a\x84\xca*6<O\\=\xd1q\v7\xcb\xe6\x1c\f\xd1\xcd\x95s\xc61\x9c\a\xc9\xb5\x8f\x15c\x03|\xcfA1Uva\xa7\x051AyN\x06\xed\xbb6\xc2$\xe7+:w\n\x89\xc8s>\xde]X1`d\x9d\x9e\xd0\n\xa1\xa9\x8cO\xb8p\"\xe7\xdb\xab\x0eAW&+\xe8\xf7p\v\x01\\\x98\xeey\xc4c\x18\x91\xd9\x00\x1c\xf0.\x9f\x1e?\xea\xea\'0\"\x94\xd1\xd3P\xa8\xc5wP`\xa6\xd5Q\x11\xc3o\x04\vat\xb9}\x83g\xca\xfe\xf4\xe6;\x18\xb9\xe7<\xcf\x96~\x0f\xb0\xd3\x1bl\x9e\xc2\xc6\xcc\xbe\x8c#\xd0\x9f\x050\x1csf\x84\x06Z\xf4\xd2!\a\x8a\xc8\xbe\xdb\xf6y\x94Z\xed0\xdbZ\x9b8~\xc0\xbbU\xd5I\x14\xb6\xeb\xa7V\x00\x18A%')

2m8.196208423s ago: executing program 2 (id=5194):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000000)={0x2})
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r0, 0x4008ae48, &(0x7f0000000040)=0x4000)
ioctl$KVM_REINJECT_CONTROL(r0, 0xae71, &(0x7f0000000080)={0x3}) (async)
ioctl$KVM_REINJECT_CONTROL(r0, 0xae71, &(0x7f0000000080)={0x3})
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r0, 0x4068aea3, &(0x7f00000000c0)={0xa8, 0x0, 0x2})
close(r0) (async)
close(r0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0x11) (async)
ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0x11)
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000180)={0x2, 0x0, &(0x7f0000ff9000/0x4000)=nil}) (async)
ioctl$KVM_GET_DIRTY_LOG(r0, 0x4010ae42, &(0x7f0000000180)={0x2, 0x0, &(0x7f0000ff9000/0x4000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_TSC_KHZ(r2, 0xaea2, 0x3)
close(r0) (async)
close(r0)
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f00000001c0)={[{0x7, 0x2, 0x8, 0x2, 0x81, 0x8, 0x3, 0x9, 0x9, 0x45, 0x8, 0x98, 0x4}, {0x6, 0x1, 0x7, 0xff, 0x6c, 0x0, 0x2, 0x5, 0x4, 0xe6, 0x0, 0x2, 0x2}, {0xfffffffa, 0x8, 0x7, 0x0, 0x33, 0x5, 0x3, 0x1, 0x8, 0x3, 0x5, 0x40, 0x2}], 0x8})
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)={0x6, 0x0, [{0x80000019, 0x9, 0x4, 0x2, 0x1, 0x0, 0x4}, {0x989677a6fdf5a3ba, 0x2, 0x1, 0x7ff, 0x4, 0x400, 0x5}, {0x6, 0xab91, 0x1, 0x20, 0x1, 0x5, 0x8000}, {0x80000008, 0x200, 0x6, 0xdc6, 0x2, 0x3c6, 0x9}, {0x40000000, 0x2c15813a, 0x0, 0x80000001, 0x94a, 0x80000000, 0x70000000}, {0x40000001, 0x9, 0x2, 0x7, 0x7, 0x5, 0x2}]})
r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000380)=@arm64_fp_extra={0x60200000001000d4, &(0x7f0000000340)=0x7})
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r0, 0x4068aea3, &(0x7f00000003c0)) (async)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r0, 0x4068aea3, &(0x7f00000003c0))
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, &(0x7f0000000440)={0x0, @aes256, 0x0, @desc4})
r4 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000480)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r4, &(0x7f00000004c0)={'c', ' *:* ', 'm\x00'}, 0x8)
close(r4)
ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x0) (async)
ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3) (async)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$BTRFS_IOC_START_SYNC(r2, 0x80089418, &(0x7f0000000500)) (async)
ioctl$BTRFS_IOC_START_SYNC(r2, 0x80089418, &(0x7f0000000500)=<r7=>0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r3, 0xc0c89425, &(0x7f0000000540)={"aad0ef8bd05e017a0df41c71da5b6aff", r7, 0x0, {0x2, 0x4}, {0x6, 0x4}, 0x6, [0x5, 0x2, 0x0, 0x6, 0x8, 0x7, 0x3, 0x9, 0x400, 0x40, 0xfdb8, 0x6, 0xb8, 0x2, 0x3, 0x2]})
ioctl$KVM_GET_CPUID2(r6, 0xc008ae91, &(0x7f0000000640)={0x4, 0x0, [{}, {}, {}, {}]})
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x0)

2m8.049826565s ago: executing program 2 (id=5195):
r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$FUSE_DIRENTPLUS(r0, 0x0, 0xb0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'nr0\x00', 0x2})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x2, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0)
openat$cgroup_ro(r3, &(0x7f0000000040)='net_prio.prioidx\x00', 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000100)={r2, 0x3, 0x542, 0x383})
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x882, 0x0)
read$FUSE(r4, &(0x7f00000028c0)={0x2020}, 0x2020)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000), 0xa4b, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c1ae2008448e5750c3a3d5733b4a2486788550e6353e9b12cc09750d5b9dcd2aedba61d0520e99a51e880d3dd78a2b502029deac1860cf50885f8bf5119491c6b1e06492e98ca64e5e32afbb3b0630cb35b58640afc2188a232f77968c18d2d0e8f91c974edcb3198b4520f530acacb12017216338cc479de3651e8f15f1672397c730e3ca2a189ca4cc85f35dd46aeb67b6a2eb7268a653b190d8ba670490d50f761c1fa25f1954d8fe6bcb15dbc23698c945262b991e6245b9a25b12b13c87bf8a8a06f51784007abd06e01a0c03ee80b236fabb5b22ce797c4d8a739ac96dcf16c93f454463d3631c4cdd2dea6732a486015dc9937ee4e6efbfff46bdd8887094ca4bd94d995f411421c7ef07f949fcc10132f58b7c99a871780d92464594c930b80596baab77b0d68a05d71ca8a1888f3128f12aebac362c4d80870ab3d9f2e77d51f9af16472faff98dda1e0133c8bc2510345d5eb1d64bce64761f4cc39ac6655902338bf1335dc55393995af4447ed1aa4c50bfacd576842560abca3e6c74dcea6dd03d36f9e7f8bda2cf33e3b7da195fba79f5a60421e19910f1fef31b9fa52064ce9ee8c415746a3cab47a8ad8477e9f21e9ee804a85dc568439b95c01bbbc3fa16a8c26bd81b01b8849795b2370f591e2a8e175cd465a600a541839bc734271b4b3afb2303dc1cf12bee00080ad10658c97672ad023e89f23d9301b5dbf1a7ba6d6c2b8dbd300f05f36a095f188b56fd3ba8e871aaf22e2128696e7232cb22f4f5404a3d1256a11665caaead326faad340031cafb99edbceba7bac44c7d2720aedba9cb708dae55b192a1e31835fae8756f062c151f6778b1d93c2d1f8b479ae9bbe1255abcef9beaa95b558fbbc9a979d46580aa85b10f160b438bea64f23b8e605ce34d2b46bbf8bfbfa683b10f55b3d30c58675dd1a524495e5d42c7d02dc60b853e8b3ed2caf41cd24a8a1d044e27d48b2184bac00730f7c20a1ba2bb6b6a5381a3d359d8e721504bbbce18ee49031b48c278a5730f31fb83f6cf32ac98326b722d3e2d7b38a7b80b94a3eb2b69fb1aefc8c0bbe431191f0ed76141a8365621e4f7118dd4465b4642bdb0af21d30c8cfb1d5201852c0428b1983d91f706e814c1395888b1"})

2m7.138942789s ago: executing program 2 (id=5206):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2542, 0x0) (async)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)) (async, rerun: 32)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x4, 0x0) (rerun: 32)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@increfs], 0x0, 0x0, 0x0}) (async)
close(r2) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async, rerun: 32)
ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f00000002c0)={[{0x4, 0x200, 0x3e, 0x8, 0x8, 0x35, 0x9, 0x8, 0x0, 0xc0, 0x6b, 0x80, 0x1}, {0x1, 0xfff, 0x9, 0x11, 0x3, 0x3, 0x10, 0x7f, 0x8c, 0x6, 0x5, 0x8, 0x58}, {0x9a57, 0x8, 0x9, 0xf, 0x9, 0x8, 0x4, 0x3, 0x3, 0xb, 0xc, 0x10, 0x6}], 0x3}) (async, rerun: 32)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0xfc, 0x1000000, 0x0}) (async)
r7 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r7, 0x8208ae63, &(0x7f0000000980)={0x3, 0x0, @pic={0x5, 0x3, 0x4, 0x8, 0x8, 0x2, 0x7f, 0xa5, 0x7, 0xa, 0xb8, 0x8, 0x6, 0x0, 0x3, 0x8}}) (async, rerun: 64)
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000000)={[0x34, 0x6, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x8000000000000, 0x80000000000000, 0x0, 0x9, 0x400000005, 0x0, 0x0, 0x800008001], 0xeeee8000, 0x3c4210}) (rerun: 64)
ioctl$KVM_RUN(r8, 0xae80, 0x0) (async, rerun: 64)
r9 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140), 0x40002, 0x0) (rerun: 64)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000180)='*\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x82080, 0x80)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xc, 0x12, r9, 0x6e548000) (async, rerun: 64)
openat$random(0xffffffffffffff9c, &(0x7f0000000940), 0x800, 0x0) (rerun: 64)
mkdirat(r9, &(0x7f00000001c0)='./file0\x00', 0x1ec) (async)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r2) (async)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)='#%\\h*@#Lw\x9e5\x9f6k\x886\xafm\xa0\b\x81\xdc\xd1\x8f\x93r2\x0eeu}\xf7\"\xbd&-~\xeahJ\xee\'X\x9a\xd4\xfeI6\xd9\x1b\xc8\x14.\xfa\xb8\x03\x16\x96\x11\xa8\x90{\xc5\xe2\xf1u\xd1\xca\x8a>\xc3\x84\xd3\xcf\xa7\x1f\xc1\xb5\x12\xd0\x1e\x98\xce+\x12\xaex{\x91\xc7bw\xcaC\xe1/\x19\xfei\xf0\xa2\x9c3\xee/\xcf\xdew \x1c\xc7=\xfb\xb8\x88\x132\xf9\xbf7K\x8d\x16\xa6\xbf4\v\xces\xa4\x13\xb1\x14\x89\xa0\x14P\x97\x81%)\xa1\x0e)2a2\xa2\xef\f\xef\x8a\x95\xdd\xac\xab\xff#T}`\x88r\xb3\xd8\x19\x06\xde\xb7\xf0GR.?i|\xafhs\x1d\xdc\x12\x85!\xaaqg\x10\xec\x1b\xcb\xfc6\xba\xde\x13\xdf\xc6Z+\r\xb4\x9a\xe8V1\x82\xce\xdd\xddx\xe7H\xa3N\x92\xdb\xaa\xdbe\xc1\x05P\b<\x1e\xd6\x92\x89\xaa\xbe\xda\\|\xcf\xaf$.\x10\x8d\x9aie\xd3W\x1e\xd2L\xfa\xcc\xfb\xc2\x90\x99\xa9\x9f\xcd\xfasX\x9d\xbb\x8f\x1a')

2m6.999268901s ago: executing program 2 (id=5210):
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000140), 0x804800, &(0x7f0000000000)={[], [{@seclabel}]})

2m6.878169583s ago: executing program 2 (id=5214):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS(0xffffffffffffffff, 0x4068aea3, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, 0x0)
mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x31f2552d984251b8, 0xffffffffffffffff, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000500), 0x0, 0x0, 0x0})

2m6.733973695s ago: executing program 2 (id=5215):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0)
write(r0, &(0x7f0000000040)="9035d1a1facb75526d6b945626cb323969646b3b7fb576bd24722caa3253a2de0742df98bc2bd761a5c0c1075dbf00c808ccfc2dd61ca065bc47048658ffb80f03dc7758cacafcc22ddfd7963bd0c5e63085ae4c18071e298262090a0d377b8de28339830b955ae18d346babd288571ec8c5c53f287a703be84eac0a4f3011e2b2ee6ac5e56ce93b6c70971ca9203c34159559be", 0xfffffdbc)
mount$binderfs(0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats=globCl,stats=global,max=00000000000000000000003,max=0000000000000000000001:,silent,rootcontext'])
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000002c0)={0xf, 0x0, [{0x4b564d02, 0x0, 0x7f}]})
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[])
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0) (async)
write(r0, &(0x7f0000000040)="9035d1a1facb75526d6b945626cb323969646b3b7fb576bd24722caa3253a2de0742df98bc2bd761a5c0c1075dbf00c808ccfc2dd61ca065bc47048658ffb80f03dc7758cacafcc22ddfd7963bd0c5e63085ae4c18071e298262090a0d377b8de28339830b955ae18d346babd288571ec8c5c53f287a703be84eac0a4f3011e2b2ee6ac5e56ce93b6c70971ca9203c34159559be", 0xfffffdbc) (async)
mount$binderfs(0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats=globCl,stats=global,max=00000000000000000000003,max=0000000000000000000001:,silent,rootcontext']) (async)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000002c0)={0xf, 0x0, [{0x4b564d02, 0x0, 0x7f}]}) (async)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[]) (async)

1m51.745079244s ago: executing program 37 (id=5215):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0)
write(r0, &(0x7f0000000040)="9035d1a1facb75526d6b945626cb323969646b3b7fb576bd24722caa3253a2de0742df98bc2bd761a5c0c1075dbf00c808ccfc2dd61ca065bc47048658ffb80f03dc7758cacafcc22ddfd7963bd0c5e63085ae4c18071e298262090a0d377b8de28339830b955ae18d346babd288571ec8c5c53f287a703be84eac0a4f3011e2b2ee6ac5e56ce93b6c70971ca9203c34159559be", 0xfffffdbc)
mount$binderfs(0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats=globCl,stats=global,max=00000000000000000000003,max=0000000000000000000001:,silent,rootcontext'])
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000002c0)={0xf, 0x0, [{0x4b564d02, 0x0, 0x7f}]})
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[])
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4b301, 0x0) (async)
write(r0, &(0x7f0000000040)="9035d1a1facb75526d6b945626cb323969646b3b7fb576bd24722caa3253a2de0742df98bc2bd761a5c0c1075dbf00c808ccfc2dd61ca065bc47048658ffb80f03dc7758cacafcc22ddfd7963bd0c5e63085ae4c18071e298262090a0d377b8de28339830b955ae18d346babd288571ec8c5c53f287a703be84eac0a4f3011e2b2ee6ac5e56ce93b6c70971ca9203c34159559be", 0xfffffdbc) (async)
mount$binderfs(0x0, 0x0, 0x0, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats=globCl,stats=global,max=00000000000000000000003,max=0000000000000000000001:,silent,rootcontext']) (async)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000002c0)={0xf, 0x0, [{0x4b564d02, 0x0, 0x7f}]}) (async)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[]) (async)

1m32.297788741s ago: executing program 6 (id=5566):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x28012, r0, 0x0)
mount$binderfs(0x0, 0x0, &(0x7f0000000140), 0x4800, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) (async)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x0, 0x180, 0x200000004, 0x10, 0xf1, 0x2000, 0x7fffffffffffe, 0xa2a, 0x0, 0x5, 0xf0, 0x80000001, 0xb, 0xbdb], 0xeeee8000, 0x3c4210}) (async)
ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @pic={0xb, 0x4, 0x10, 0x0, 0x10, 0xfc, 0x2, 0x4, 0x8, 0x9, 0x4, 0x0, 0x7d, 0x40, 0x7, 0x60}}) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r7, 0x4138ae84, &(0x7f0000000100)={{0xffff0000, 0xd000, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {0xdddd1000, 0x0, 0x0, 0x0, 0x6d, 0x7}, {0x5002, 0xd000, 0x0, 0x6, 0x4, 0x0, 0x81, 0x0, 0x44, 0xe, 0x0, 0x3}, {0x100004, 0x0, 0xf}, {0x0, 0xffff1000, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1a}, {0x3000, 0xeeee8000, 0x0, 0xfe, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x0, 0x84}, {0xeeee8000, 0x80a0000, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x9}, {0x100000, 0x0, 0x9, 0x82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, {0x6000}, {0x1, 0xfffe}, 0x20040021, 0x0, 0x4000, 0x0, 0xfffffffffffffffc, 0x0, 0xeeef0000, [0x0, 0x0, 0x0, 0x3]}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) (async)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0xaa4, 0x0, &(0x7f0000000100)})
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)}) (async)
ioctl$KVM_SET_CLOCK(r9, 0x4188aec6, &(0x7f0000000040)={0x0, 0x8}) (async)
close(0x4)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, 0x0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, &(0x7f00000002c0)})

1m32.251616571s ago: executing program 6 (id=5567):
r0 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
prctl$PR_SET_MM(0x23, 0x1, &(0x7f0000ffd000/0x2000)=nil)
prctl$PR_SET_MM(0x23, 0x2, &(0x7f0000ffe000/0x2000)=nil)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f00000003c0)={{0x10000, 0x3000, 0x0, 0x1, 0x0, 0x64}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5}, {0x3000}, {0x0, 0xffff1000, 0xf, 0x0, 0x0, 0x0, 0x0, 0xfc}, {0x0, 0x0, 0xc, 0x9, 0x3, 0x1, 0x0, 0x0, 0x1}, {0xf000, 0x10000, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0x6}, {0x0, 0x0, 0xa, 0x1, 0x0, 0x0, 0x0, 0x5, 0x3a, 0x2}, {0x0, 0xeeee8000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, 0xddf8ffdb, 0x0, 0x0, 0x1400b0, 0x8000000000000a, 0x8000, 0x3000, [0x0, 0x0, 0x2]})
write$tcp_congestion(r0, &(0x7f0000000100)='cdg\x00', 0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
write$cgroup_pid(r6, &(0x7f00000000c0), 0x12)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_procs(r7, &(0x7f0000000840)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f0000000380), 0x12)
ioctl$BINDER_GET_EXTENDED_ERROR(r1, 0xc00c6211, &(0x7f0000000000))
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x123900, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r12, 0xc008ae88, &(0x7f0000000240)={0x1, 0x0, [{0xc0010112}]})
r13 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r14, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000000000092fe0000000000000600000000000000209954742c529cb3c3218eb9dc890e780ecc0e5079"])
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xb, 0x810, 0xffffffffffffffff, 0x6a0b1000)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0xc4fea534d284fe21, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)

1m31.764724349s ago: executing program 6 (id=5576):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_GET_EXTENDED_ERROR(r0, 0xc00c6211, &(0x7f0000000000)) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000380)=[@increfs_done, @register_looper, @release], 0x0, 0x0, 0x0})

1m31.69651016s ago: executing program 6 (id=5578):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x2, 0x46)
write$cgroup_subtree(r1, &(0x7f0000000180)=ANY=[], 0x7)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000002100)={'\x00', 0x5, 0x2, 0x8ef, 0x2, 0x3, <r2=>0x0})
write$cgroup_pid(r1, &(0x7f0000002180)=r2, 0x12)
syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNGETDEVNETNS(r0, 0xff06, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0xa000, 0x1da)
read$FUSE(r3, &(0x7f0000000080)={0x2020}, 0x2020)
ioctl$BLKALIGNOFF(r3, 0x127a, &(0x7f0000000000))
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
ioctl$IOC_PR_CLEAR(r5, 0x401070cd, &(0x7f00000020c0)={0x80000001})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0)
write$cgroup_int(r5, &(0x7f0000000040)=0x900, 0x12)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/power/pm_async', 0x1, 0x2)
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f0000002580)={0x30, 0x5, 0x0, {0x0, 0x3, 0x5, 0x8000000}}, 0x30)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000100))

1m31.525967832s ago: executing program 6 (id=5579):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cpuinfo\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000180)={0x2020}, 0x2020)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000002c0)={0x1}) (async)
mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[])

1m31.329844166s ago: executing program 6 (id=5582):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000001c0), 0x12)
r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f0000000140)={0xbe, 0x0, 0x1})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000080)={0x6, 0x10, '\x00', 0x1, &(0x7f0000000040)=[0x0, 0x0]})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000001300)=""/92, 0x80a0000})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x4, 0xffffffffffffffff, 0x2], 0xeeee8000, 0x42240})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x6, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
openat$cgroup_ro(r4, &(0x7f00000001c0)='cgroup.stat\x00', 0x300, 0x0)
r9 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r9, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r9, 0x4008af03, &(0x7f00000001c0))
ioctl$VHOST_SET_VRING_ADDR(r9, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r9, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f0000000480)=""/86, 0x0, 0x10000})
ioctl$VHOST_VSOCK_SET_RUNNING(r9, 0x4004af61, &(0x7f0000000000)=0x1)

1m16.359519564s ago: executing program 38 (id=5582):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f00000001c0), 0x12)
r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f0000000140)={0xbe, 0x0, 0x1})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO(0xffffffffffffffff, 0xc0389424, &(0x7f0000000080)={0x6, 0x10, '\x00', 0x1, &(0x7f0000000040)=[0x0, 0x0]})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000001300)=""/92, 0x80a0000})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x4, 0xffffffffffffffff, 0x2], 0xeeee8000, 0x42240})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x6, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
openat$cgroup_ro(r4, &(0x7f00000001c0)='cgroup.stat\x00', 0x300, 0x0)
r9 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r9, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r9, 0x4008af03, &(0x7f00000001c0))
ioctl$VHOST_SET_VRING_ADDR(r9, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r9, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f0000000480)=""/86, 0x0, 0x10000})
ioctl$VHOST_VSOCK_SET_RUNNING(r9, 0x4004af61, &(0x7f0000000000)=0x1)

1.900576641s ago: executing program 8 (id=6981):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0xdddd1000, 0x0, 0x0, 0x8, 0xb, 0x0, 0x2, 0x0, 0x6, 0x9, 0x10}, {0x8080000, 0x4, 0x10, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x3000, 0xeeee8000, 0xc, 0x0, 0x7, 0x4, 0x5, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x10000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xf7, 0xdd, 0x8, 0x0, 0x4}, {0x2000, 0xdddd0000, 0x8, 0x6, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c, 0x7d}, {0x0, 0x5000, 0xd, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80, 0x40}, {0xdddd0000, 0x0, 0xa, 0x6, 0x5, 0x0, 0xe8}, {0x0, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xc, 0x26, 0x3, 0x10}, {0xf000}, {0xeeef0000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0xf801, 0x0, [0x0, 0x0, 0x7aa]})
ioctl$KVM_TRANSLATE(r3, 0xc018ae85, &(0x7f0000000080)={0xeeee0000, 0x2000, 0x6, 0x7e, 0xff}) (async)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x720, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d81ab54b5c8faa760ef5c0493af13a9327c9432521ed6bfcb9d778d25031da41a983027fe7d794c26326053d38172444307d88501cdd26c3fdeafdf5f599d3dcfd39972f28ec3fb1fb40982615f5d71d6693a8774df072576834c69b89f209b458fad4671f0108fdfc8548a6fcf76a843369a3bca4d2974221ed9af224d151fa8aa73276ba65ca3d8bc98d6504f16bcac30c697f68cb1625b4f2259ee0c694951752845fa11c20fc4dda369d53918c3746918692ee2cda958612808b841b8d36ef3933f5340e1fc8fb10ac2ae97da921f6a67806831356d515c7a32468dfd3385c"})
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_freezer_state(r4, &(0x7f00000000c0), 0x2, 0x0) (async)
r6 = openat$cgroup_ro(r4, &(0x7f0000000040)='cpuacct.usage_all\x00', 0x0, 0x0) (async)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
r7 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write$cgroup_freezer_state(r5, &(0x7f0000000280)='THAWED\x00', 0x7) (async)
mmap(&(0x7f0000597000/0x3000)=nil, 0x3000, 0x9, 0x28011, r7, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r9 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000e00), 0x203, 0x0)
ioctl$PTP_PIN_GETFUNC(r9, 0xc0603d06, &(0x7f0000000e40)={'\x00', 0xf, 0x2, 0x3f})
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f00000003c0)={{0xdddd1000, 0xeeef0000, 0x5, 0xd, 0x0, 0x3c, 0x5, 0x9, 0x76, 0x9, 0x1, 0x9}, {0xf000, 0x2, 0x8, 0x2, 0x9, 0x5, 0x8, 0x7, 0x7, 0x4, 0x7e, 0x7}, {0x7b70f99ea44a56c0, 0xf000, 0xa, 0x0, 0x6, 0x0, 0x40, 0x0, 0x9, 0xc4, 0xc7, 0xa}, {0xffff1000, 0x4000, 0xa, 0x2, 0x9, 0x1, 0x1, 0x6, 0x9, 0x1, 0xb, 0x40}, {0xffff1000, 0x100000, 0xa, 0x40, 0x9, 0x4, 0x0, 0x4, 0x0, 0x8, 0x9, 0x8}, {0x0, 0xeeee0000, 0x10, 0xa, 0x0, 0xc, 0x3, 0x7, 0x2, 0xf, 0x4}, {0x8080000, 0x8000000, 0x9, 0x1, 0x6, 0x6, 0x6, 0x4, 0x9, 0x6, 0x8, 0x3}, {0x2, 0x5000, 0x8, 0x8, 0x47, 0xd, 0x0, 0x5, 0xc, 0x6, 0xbe, 0x6}, {0x8080000, 0x400}, {0x103002, 0x94d}, 0x0, 0x0, 0xffff1000, 0xc4084, 0xe, 0x7001, 0x4, [0x1ff, 0x5611800000000000, 0xb, 0x10001]})
ioctl$BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x44, 0x0, &(0x7f0000000340)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000180)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})

1.796038802s ago: executing program 9 (id=6985):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0xa00, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000040))
ioctl$PPPIOCSACTIVE(r0, 0x40047459, &(0x7f0000000080)={0xfffffffffffffe43, 0x0})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="81000000000000002a1001c0000000009003000000000000"])
read(r0, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r4, 0x4030582b, &(0x7f0000000000)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})
write$cgroup_subtree(r4, &(0x7f0000000140)=ANY=[], 0xfdef)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22000, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r7, 0xc008ae05, &(0x7f0000000080))
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r10, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2})
ioctl$KVM_RUN(r10, 0xae80, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0xaa4, 0x0, &(0x7f00000001c0)="a1b75bb9843b29ff05c24169b23587cb0149f2bde178b217430b894b232e19c4e2b143fa732b00a06e335fc5d25a25cf87709bd36110e3e6f607", 0x0, 0x3a})
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0x3a9, 0x0, &(0x7f0000000200)="1bd023608f3d00f080ac46d1a267f8e8240f2a9c947235e96e7e7172bc8cf2998d57b2c7e56b06dd90eae7eeac24347ceaf731605fd746f7a1ca", 0x0, 0x3a})
ioctl$KVM_SET_CLOCK(r6, 0x4188aec6, &(0x7f0000000040)={0x0, 0x8})
close(0x4)
r11 = openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r11, &(0x7f00000000c0)=ANY=[@ANYBLOB='j *:+ wm\x00\x00'], 0xa)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1e1243, 0x0)

1.546666796s ago: executing program 8 (id=6988):
openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001600)='/proc/slabinfo\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000001640)={0x2020}, 0xffffff4c)
read$FUSE(r1, &(0x7f0000003680)={0x2020}, 0x2020)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_netprio_ifpriomap(r2, &(0x7f0000000040), 0x2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x2)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r3, 0x2000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0xc2a4a000)

1.339303009s ago: executing program 9 (id=6991):
r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x22201, 0x0)
write$UHID_INPUT(r0, &(0x7f0000000040)={0x8, {"725ea20fcad57cf5a67e19c14bc3a1c4bc047bee70b4ad22e046bff7e159a7119881d23305f8d35bee3444e4ea783d44794d1f56accd4fb02cf63b52da3032c9f53175e2e38ddb7df0fb7f3125fb76b26cee660f3862842bf61f2e003c661b61d8277fbd60c237447da2a4dd64497235d2ee3b48384fb92be687a1b97fb00cf84793ff6e30433e9b6b9cc677a950e80b7dc5aa23b26e2e405713ccde6ab115988305343666143df6c0caf53c2dcdbfa9c4bdadd092c75e761cab6603f2d66b518ecb267d2e90026d2c1d8d84a10a9cb4267dec27cd50bd698ea2f756d272c1c722252370e538f68be9202a512b2c02decdaab75a4c5da563f35f2b2bf36fea24158c52970bd475efc56342c61483a82538d8f650810a5749f55df8e6b90eb8289b525d45696f4c3a8c7c975d03bd2f78023d57ffabe20dac2cbf3ce899644992217ac10bfecf76d931875451da53bb457f7eca6da882e1883a6ba05f3a2e452d09b0d85a4b74c44d740aaa1bdb7f5e5b437ad554cdb4beb4a636ea490d61f813451b1278c86d3776a6cc64ee7f96d705698c3a6e593e9ac6e54c9a56eef63f9212ddeaba6e0fee9470e5895052c0af2308381d449d30b07b55c83d3fc90f0108267f38caee85041bad735a9f6b26a4f898ab83e28a04c46af305e9bbad154bfffdfa016d65db07ebae685ac6c03e35ee29e9e71b96807b4ef14ed212ff5b6edc56366a2197146b3f4973f88c946070c94ae546b3c705bf44bbaa4d5be476f34c551b99333497012559a4196138afefc1f2a9a8cddb4c9dee3877c260d77460336c055762b2e9e4d4a0cb332ff5a422d94113279424afe3299ffe72573b8f3a2ea3228d954225778706532deb23dbf30132859f480ef997a49433028c748290f6dd15aeda4da010ace8ea1bd5c24aa671616471bf46171e646ce11e3f1eb15fcd36df6f1efb35bb8bc2657dc05264a8ab8179ec231df23ae4b39ee6c6b76d22874b87f67d07d4752e1df9a6a1883c44d4f661c77019a8b1eba34f2cda50781feb8b971ab325c8a03007b97c920b9520c8c4a71eb4dc931b5efe7a46c478d5d7b9f35d1f4d2fd3763b18e78b00e0be0433990306fde8f68a88ebaf76eb6300b2fe9570627543c973ec61492fef66812b19c942436683f20090c751faebd3fa7711e7161a8d05d2d7860f63c8ed8dda522edd245fa3bf584cd834ccf6279ee0c8386693aa32699a9ea98ce2c587dbe3b472079a720ea09a6f6de5ff3ae6fadc048e5490cb08b75b3423212b910549a4fb9233341459bd5b4d3d6c25d3b5390bdcc7ec22706f8ebcf14febc133f992daf7de4b014d18a0dcbdf6f662c5b8ee9792b15c59d43897e140aeef5ebac14515c9650220dcc332c5891c640843b403805089ef08da8fde511e58b7083dac71277d8978c60573f1c08f867ca20f6a884b2833a5af628cc4cb278b4487ca988528f9dff110a2bc7ee04fcb045626550fe1c62bb2d2cdf583ed1138fb464fe21107f84baa1853ed79083467f24a04dc04b1802813cbafa8428bddaff82218bb2909e8a0fbce31b00d8020c9d5e175c848fcb6a8644845f7b82b98964b2c598b880fa9121dad46723829de5953da3ea9fece2f0a8da0cda7a6a1c0c811fe607396ea9ef738fc5da655554a6c9be38c6979aad767988b96c743a12fee08a054c9595ce51ddb13b7951e72e5904e5d196e88cc089b00d997903d1864c449234ee894e198c537fba2e2312e85d5e2f2ea2f44d60ca67bb1fb2964427271067fdd05fea9f2b1ee60c720a7fcb58b39d6475b5ed1f4b468e7e401a8ad4b51ebfa6262cf31f6aaad92d27f7ffeb0db2a2a4e8106a7b04466e78ea991f30e6dc5aaf8ae9153b5bc8d7a43e79e34d8b48728219f5a31f384e3c4cc78b61a393c206edd1071257a45d032808c3c5ee9db293ee6909000c2dcfe1b1c618484bc39b060e256864d2f50ac6b462eed42b38346c217bc8b3b0d3e837f228a3bab1540a282c9a42a29e7f94cd0075099a73188190ce9346d0dfc850d528a62792ddb59d063d11943cbd8b58bf82f5520907963bbfec7f3a922944bb08646212fbd1c727213e5f4513d3e0f3573e8372bad854ac4830a49c49970ec5502045a3e6552a70073f734d33f683fdb8f0bb885b27fde96da341711da71dfd45fd056dc984ca04c6ccfd93655af40b6b50084de66a342b4b1b251f962e3530381cb6a60bfada039e4ec9497d00db26542abc16f1a0f7275085efb2fe1dda5c5670a2139bd8d8fbdc5d492c6d8ba6c4ae838be3945a0b5de30d9655b9a5920f432be445864e92e63f4d76cb88ae0b4eda0d89a41d450c08fd7b6f1374d78e1237961c91bfe7baec995a529c48386b756d66d9c927012078ba75fcd56aa51fbc5fc7949dc765629aa31c7133d56adf7543f0398e39af6b03a452b1915fa743dfed1efe780b826c490148a4f025235b2f9f7f87e4a0d176f4cb0bce3c28147ccaf031a8ed9eb75974825f7a0336290a9e9b2a859af88d2ed8b8ddc71dfaaa701cb71574e5ab4a0887feba38e73f6f84cf38cf4efc8c2299afe65db58a53ef0b0194d463e9d432bed660299463392271a4fa664fc98e6948f922413306aa3778863606c1003e28c16f2530e5da42193cb068c88b11eee48c66604213263bb8c23542feae16b85978cb04092a996524406b2c6b13d42083f1458b176dd1368ce469c7c4a698e4f41156b87854745ed0a065b6661fffef4b303d6eb34ff5ab808697c234f23b6cbac337668b7d0f3d0f0212e4589b5a7c5517f6891c258140033ab1271a0871c9fd3a7111d9cb267454a20a944ffdc29343b6d87a7d1158b1090b9321b81342a5f4eb9f21655e70caa7a939cb754b3350a738fa3325965ad2fe89efc731522868ae1a2515ca7203db76033f9fac777dfd3185b8746de4cb10842a9d339ad23ace5349cade3592d95e44e2624018571eb228df070704b5ee0a37e7c1c5300a262eb8d95038a58e770d3e352176e19f1c283c122f0276a1f381601672ad6e2654a6a8f943335de578813fc42d954b4c8480fc74b3d62928c0b79a548877d3112fdf0a879f944450dae201b3389483db9849dc2b71eca82b5292293cf6d66879abc8b8470c8ab7dfbd815245252b4e1886857818a6450cd126b4cf0e454ec89e11a91f4b4733ffd7ae2f4b5204cea0be15b6c5f637fc70ed300e0266d9a0b0d1bdba4e205022cd0969911c8e7909fb814a43d67d96151e3ab925ea63f8f1601302a8b341dc16b4597bb5b273dddff0bf8bc7d3b1ce87d75bd1ab1f55e04e9e1482f0698a8701196e19ee7ba3ba0cbb8f731c354814d6ac71caedcb0fe293e905e5c60bad51668107fc1704d672fc5adaf2b35d81823e0fc379117d4aec46ebd73a6620b400d94b5dd163063f4f31ec5ab2773058dfa0f8d849579c415901f92510b74fc2d4ed7a9c51e3394f4eeeb7ac9f892803a9d0c75b0b025a87e94f658419b10b4b40a2d2727d6bcee995cf517a6890551ea75e9dee1b7643878823c954c0dffe331cbf7f96464af52a3ab062acce95aa64c66ea1c11e3b13b529c96549a319d82cbea040e54c10ae682d3fb0a0b0f8ea8b9f0372c2b4ea17a440ae0c26edf5070de411822d67b8280d48518cba9f67b0b9caf83c35998ee0739ae7e87289890254c39842fdd0265d29fa204c60a7d6b732050412621f22fa1ec5722ffe2577f7d4697a251d3c7296f4db57ef2c669d0f05d0770cdbeafaa0f4adb44e7343a0cd82a75ca0139eff14acea88ce69c47bfbe9286ece067e558da362da14172905b0fb371543c2268e39fe81715907d7498646d9d9a3589699dafb048ee8eddb5862883c5f5f4e5839378c0edade81bc45d32a5dc744c5f3dd823186f3e5a6210189a851f534066f5b3a711cd3605dd5cd54b21945d8305de0af7da21dc1828bc91d39f91acf7cb32fee5c49ad950d838f354a1956db9377654d953e85b95c79693ff70656e32044073f4ccf9ec692bc661dbd52e0f2b8d236c66d4c10ef9e63aea307fdbacfea64d4e0f5324ba60e394f8f3a41348582fbd29d26caab020a1af5f70754c20d7c033ba17318b0f36a420bf58de987b4ee3326e69ff63b6ae1c519eeeb1c94c08881ad6e7ed49e63da3b27529c0a7eb871bebe5504fb889d515a2e0682fa41dce7f4fa0947b02e6987236e5dd5c1d3870eafe19e1c927a874edde2e6e7ad5ae19f7fab604de75f59db9128e9f4b64c12d85fc58423c2fab218f7ed09d403992526290a1cc173735ea82d516a69494add7d6e0b9c937315f881051580299f83e23a13872ffe5c69ca611ba3ccc70ac065ca8f0da7d79bbf31aece8eca85fcebc9590f465ee364900011ecde87d74594350e96879ec76098e38772ba993a7cc28738f3c761012daecdae340e0369669f8bde15888a0abea7854918017c3dea9229d1a3aa3aba667b5bb2f30581961ad784c2662adff22114d7e16f5909d99f7ba52ca65b243ee172f5fa5975d3a9d358da6a077220f956bd00ed634d7c26345d6c88980bd84f2547e9452811600b971ca3fc0aef08ceb9d02c8f0f2b32c74ff6e0c38146e669747196edebdce8c75eba26dc8a10900e0235c2ad8c6eab8141665fa1d774726eac91548684f3c63242c1af938bb6ad7fab979a87bdee5c918e8d0d03fba7fa2e04dc1ddfca9b6c6a0342ec88c3ee82247d455795b98e3c09266a0ebdf3c689b6b27a30edf491b9284d41b1cd368177d5e74a4621237676e9dc89aaa459d108bb9ad0e6c954c76ca28054f2d529a345031eff31597751380c84360c3efe03d4d3b853a518c85d5b8584c635a146f14f79402fd7c52c330c87ed0df7c8c99567af80e7a794478d066cca922487536cc8605fc11159a8fc8dc164a3433f4ef87763450cbb4a3ce277cd6ab9e0685b2532a2ea2741f44b2f28b4cda498b727ac52117fbd4a6e9af4a92c4ef4d523ea67d6dca4df636c07cab8055c2f32b889f88f64ac66000dc4defab5fff9d81e602c797de749f2bea48b86b0741fb9948d84fe6d9e051ecde61bb41e65159bbcf599c49ca89c2aebb2a17319b4f4d25c24343c6983d710e8ce9372e25539326e8377ea5cb1648338cafe65ccb16267dac74352fb5935f263829ddfc024b9f708aff6648bc19351fbeed4f10c36628f165c5991a17cd9504d0d341832cce9f09b4ca5db7092ea0263a782e348715e1f44e795d4a4095041b4a3a41a522c220c9e50586cd848747f1a4ee0b7832f41cb285eb46df61f2d7f4567bc65f450f08158c7d8f3260aca45d34bb920625f948b940285efa92e35ea4509ccc5439c5266fed1f7ae7336579ea9b7a4ce4897f4117b7f1e96c85faad9bce1db749b6e26994a3aaae1e621bd53634b31052f136c82701a486baeb5d08f1ad014871dcd280bb4838643b84dba942de918d2f40555d91cf3dbf3391e4f7a16c8ab68d1c3ebc16c6cc4423eaf4674ad577a14c448b4eb19d2f5e686ee05eb182c9130a89e6105f39174c2fe82e3bdb041df2f6e5d31bdf2b0aa247967ef632c874b3ef44f12eb5304de8e1ee6c47f19cb394d3eaccb97e451c66c8dfac3c7f6f560ab308a231b55d66f7bcbfe4f71753b1a8df6dbc6c6667f6913f7b92f3dc3e1bb9337d82216f4cb93c78ce54076e6969fb8ea2a6d3f7f6c9cbcab89afe30e30974eb5289535c285420f3fc8f60b06880644a241842b209449a73f6aedebe636ce0188dabc7b64d8478ef689710482b96f9ce93ea165d832a20e36e2ecf79055c30e6fe8f3c4dda55ceb55c", 0x1000}}, 0x1006)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$ASHMEM_SET_NAME(r1, 0x41007701, &(0x7f0000000000)='/dev/ashmem\x00')
close(r1)

1.249388461s ago: executing program 3 (id=6993):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x113000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000000c0))
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @ioapic={0x1000, 0xfffffffb, 0xfff, 0x49, 0x0, [{0x8, 0x6, 0xe, '\x00', 0x6}, {0x0, 0xa, 0x5, '\x00', 0x4}, {0x1, 0x7, 0x1}, {0xc7, 0x3, 0x5}, {0x0, 0x5, 0x13}, {0x9, 0x9, 0x7f, '\x00', 0x10}, {0x6, 0xfe, 0x8, '\x00', 0x38}, {0x6, 0xfe, 0x4, '\x00', 0x5}, {0x3, 0x4, 0xd, '\x00', 0x6}, {0x60, 0x4, 0x6, '\x00', 0x5}, {0x5, 0x7, 0x8}, {0x5, 0xb7, 0x7, '\x00', 0x74}, {0x6, 0xf, 0x0, '\x00', 0xd2}, {0x9, 0x80, 0x7f, '\x00', 0x5}, {0x5c, 0x1f, 0x9, '\x00', 0x7f}, {0x8, 0x40, 0x7}, {0x7f, 0xc, 0xf3, '\x00', 0xfe}, {0x0, 0x1, 0x3, '\x00', 0xff}, {0xb3, 0x6, 0x7f, '\x00', 0x4}, {0x1, 0x9, 0x6, '\x00', 0xd}, {0x1, 0x0, 0x1, '\x00', 0x4}, {0x7, 0x4f, 0xf9, '\x00', 0x40}, {0x4, 0x8, 0xe0, '\x00', 0x40}, {0x54, 0x6, 0x98, '\x00', 0xf}]}})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x0, 0x180, 0x7, 0x0, 0xf1, 0x0, 0x8000000000000, 0x5, 0x26a, 0x8, 0x0, 0x0, 0x0, 0xbd9], 0x1, 0x3c4210})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180), 0x200002, 0x0)
mkdirat$cgroup(r4, &(0x7f0000000080)='syz0\x00', 0x1ff)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000340)={0x73622a85, 0xb, 0x20000})
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x802, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000200)=[@acquire, @enter_looper], 0x53, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000480)={0x5c, 0x0, &(0x7f00000004c0)=[@request_death, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000180)={@fda={0x66646185, 0x8, 0x2, 0x2b}, @fd={0x66642a85, 0x0, r4}, @fd={0x66642a85, 0x0, r2}}, &(0x7f0000000280)={0x0, 0x20, 0x38}}}], 0x0, 0x0, 0x0})
ioctl$RNDZAPENTCNT(0xffffffffffffffff, 0x5204, &(0x7f00000003c0)=0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, 0x0)
r7 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0)
write$cgroup_type(r7, &(0x7f00000000c0), 0x9)
ioctl$FUSE_DEV_IOC_CLONE(r0, 0x4010e501, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000240)={0x10, 0x0, &(0x7f0000000100)=[@clear_death], 0x394, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a8bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5f"})
r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$BLKRASET(r8, 0x1262, &(0x7f0000000480)=0xffffffffffffffff)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)

1.24900313s ago: executing program 9 (id=6994):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x394, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5f"}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x8000, 0x0) (async)
r1 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, &(0x7f0000000140)='!\n\x00')
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async)
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_HYPERV_TLBFLUSH(r3, 0x4068aea3, &(0x7f00000002c0))
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$EXT4_IOC_CHECKPOINT(r2, 0x4004662b, &(0x7f0000000040)=0x1)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000005000000014d564b00000000af"]) (async)
close(0x5) (async)
close(0x4) (async, rerun: 32)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x8, 0x8000, 0x0, 0x700000, 0x9a, 0x6, 0x1000, 0x8, 0x7fffffffffffffff, 0x7, 0x2, 0x2, 0x8, 0x0, 0x8, 0x1], 0xffff1000, 0x10210}) (rerun: 32)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x20000000ec071, 0xffffffffffffffff, 0x4000) (async, rerun: 32)
mmap(&(0x7f0000724000/0x1000)=nil, 0x1000, 0x0, 0x4000932, 0xffffffffffffffff, 0x0) (async, rerun: 32)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000004c0)={0x2c, 0x0, &(0x7f0000000180)=[@dead_binder_done, @dead_binder_done, @free_buffer={0x40086303, r1}, @decrefs={0x40046307, 0x2}], 0x0, 0x0, 0x0}) (async)
ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r3, 0x40046210, &(0x7f0000000440))

1.064631833s ago: executing program 3 (id=6996):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCSBRKP(r0, 0x5425, 0x2000000)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x9250)
mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r1, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0x0, 0x0)
read$FUSE(r2, &(0x7f0000001100)={0x2020}, 0x2020)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000100)={0x1, 0x0, [{0x277, 0x0, 0x7}]})
ioctl$GIO_UNISCRNMAP(r2, 0x4b69, &(0x7f0000000300)=""/213)
ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000340)={0xdc, 0x0, 0x4})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)={0xbe, 0x0, 0x1})
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x4000002a, 0x0, 0x4}]})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
mount$binderfs(0x0, 0x0, 0x0, 0x1c2020, &(0x7f0000000140)=ANY=[])
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000002c0)={0xf, 0x0, [{0x4b564d02, 0x0, 0x7f}]})
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[])

986.140705ms ago: executing program 9 (id=6998):
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x0, 0x3})
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x2c0, 0x0, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0x0, 0x100000000000004, 0x10000, 0x100, 0x9004, 0x0, 0x3, 0x5, 0x5, 0x49, 0x3ff, 0x5, 0x0, 0x9, 0x8, 0x7, 0x1c1, 0x1000000003, 0x2, 0x2, 0x6, 0x7, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x4, 0x7, 0x23b, 0x3, 0x2, 0x888f, 0x4, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x20000000006, 0x8, 0x5c3e, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x7, 0x4, 0xe6, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0xc, 0xd, 0x9, 0xe8, 0x80000000, 0xfffffffffffffc00, 0x2, 0x4, 0x2, 0xcdc, 0x7, 0x2, 0x3, 0x2, 0x5, 0xfff, 0x6, 0x4, 0x6, 0xab6, 0x0, 0x4, 0xfff, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x400000000008061d, 0x3, 0x8, 0xf6, 0x4, 0x6, 0x200, 0x7, 0xe53e, 0x2c, 0x8, 0x2293332f, 0x6, 0x5, 0x0, 0xd, 0x2, 0x5, 0x2, 0x2, 0x7, 0xdfd4, 0xfffd, 0x10, 0x8, 0x8, 0x1, 0x53e0f100, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0xcc, 0x8, 0x3]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x2, 0x5, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2], 0x8080000, 0x1144})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_NAME(r3, 0x41007701, 0x0)

793.231797ms ago: executing program 8 (id=7000):
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000007c0)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00')
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)='\x00')
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000095}]})
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCSETS(r4, 0x5406, 0xfffffffffffffffe)
ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000300)='\x00\x00\x00\a\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00\x00\x00\x00')

746.080908ms ago: executing program 9 (id=7001):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x38d, 0x0, 0xfffffffffffffffc}]})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000400)={0x98, 0x0, &(0x7f0000000300)=[@increfs, @reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000040)={@fd={0x66642a85, 0x0, r3}, @flat=@weak_handle={0x77682a85, 0x101, 0x1}, @fd={0x66642a85, 0x0, r3}}, &(0x7f0000000100)={0x0, 0x18, 0x30}}}, @transaction_sg={0x40486311, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000240)={@fd, @fd={0x66642a85, 0x0, r3}, @ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/163, 0xa3, 0x2, 0x3a}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x400}], 0x4, 0x0, 0x0})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000003c0)=@arm64={0x5, 0x80, 0x9, '\x00', 0x8001})

693.853619ms ago: executing program 3 (id=7002):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000})
unlinkat(0xffffffffffffffff, 0x0, 0x134)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder1\x00', 0x3, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS(0xffffffffffffffff, 0x4068aea3, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000080)=0x16)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000240))
ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000140)={0x6, 0x1eb, 0x9, 0x64, 0x5, "de80c07e3bc9a1dc"})
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x10003, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SMI(r5, 0xaeb7)
ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f00000001c0)={0x70003, 0x0, [0x7, 0x9b, 0x40000ffffffff, 0x9, 0xfffffffffffffff7, 0x37ba2f52, 0x3000000002, 0xd]})
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r7, 0x8004e500, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x0, 0x0, 0xfffffffffffffffe, 0x1000, 0x0, &(0x7f0000000580)="c20f3f031e5285decde5d9bca3e70e2f103749dd9fa02fab870847957ac475728a1a1b0b0436fe1ceef9d76e3aadb4ce44c45f33fae09b99fd16e72ea6eb9a7ee970d84e5c4551e594eba667df2d2402beb13c6a94c7fe82d6309894243a7a4700f9cccda375e8b6853009195c9a3bf4e1b9527c1ea45c3435e7e095ee235500451f0d0cd50b7fdf22025e5eede856bfe2093d134b5defcea477f18b9dfa71499f25fb6e3447c42561deb9f8d9221eee789c9e6be2cdb7bcffb107b447206f6f62307a99f2f14563e0b480ae12b51c3e8a911f60893ea1c0f8e97cae4f2337f0a4f47a7cc53dc2bd41b7139eb1754db9f7d3801a87f1658c6038d80e9ff670ccb5e6ed7159010538129b2813545b5b838b5295187e2f8da2f62a7b6999ed9742dbd50cf31e2b52a29e52243a1054a4c777094550afc308e4fdcf6ab2b9cab89ae6bdddd2bb77ad52b5a5720e043120bf35f9287a5122af66aa6e1d3be5fd841f8a2c340f075f8ef1d5e5b73d886d27e4f085b02cfa0759176f47fb5c8df60b52deab2ca42fcc633e4e6110c3b5cb061ef7a8b2f45ff5db34fe0df9871fc46e1c7a58df168daed1d5db4eaa94f243cc65c89e0f41532d6d768adc90ce499f2527987f2528cae596b63dcd4d8ba3b9fe3d2bab3af2e0ae6f6d639c5cf0f87d70986dfe26be9330255f1c0d8c48e2fa5fbddf24f1396d4236ebd3d18930722be6dcfb4659e71fff4cde4c1b0d0577cc5d545b8c5233b18ca6ec557a483463936fecc94ef616c2131741e3b625efe852c62ffa9d3d460544f24411592bf7bbaebd76ab8896df10e8ab91e988260a77dce3c2f158374de806d84bbc17bdfad1fab1e3ce74fd46ccd6017d4c842ac122f32d9556d30ad4b0370a16fa1d7a3101fddfb1fe0b90b463f923471047b6350942c44f173ede2685ca666155368fb7af4f4aef8ed0f60e39b1da7020a574d9b544c62dceb7c273de8c31a70674e3cece6d8bcc5f956cb2b73be4f2a793f5ec68859406e1ebfc44cd271acc9e1e623baff9b9445d39b80ffd608e9270c1fa4ad84e3d53a2ab11721c82ffcad70e9829435343ffe3db932581316897ca8cca6253901a5f799ab13bb4d6bb4b9053d05426e73cbf84d6254524f6ef86a1d6295be97fd1f97ee9af805464d3102a5f6574131f426b2374190284c80233fc24f8dd6c0968b44a2ba21ed076740ccac196c600e7a899a8deca914fed3eeae6e42b11552d7e3c35638c7c765979f8a7c7edc3aeba35096b63c728ff03d9a9691f578a85a6c557bb435c3f786bde20167bf96f00c1dcab0cf4119a9e321d1c06c74494e9d00f7fe9b64a4730e91885de3de05ad73963505a03c7cad26d7d078cbdb16b3cf5517b520fc267b91053533aa2ef83e273d873b10d902b113065682dafe21806b517b0ec0f2d1804d9958d9f69491a0e476bb7ab81c29f21ed57db1882a28a6d10b90c9df21de653eea8f2745a5a130278b8b3df9ec27c214b8df918dddf730e2525676bbfc806f493645222fec621d95a183ef8a4a743b07ac4f01db6a8486f73dd229015ae8644bab3d60585556b0853e664faa413c11d1d55c027d7c70e935e3c0325fb117b1df5da94652f198ea4c419488b2c7a4f8f8e9a5caecdb7d51675ea30a6a8a9cd6df248ea0294161239421d71df52236d2723fcc7a93d85704be483ce034442f9a0777dd933c3c1168f9bb3ddf4e7fd161d3267650909fe024e04cfba2464d77802dd84782407eeb3691ca74f87e2c32560dd58649bf0d8f8c6a7c3efb1903415f57791ba9ebd67916850a4a580e21d66c9df4ab5321442fe5ed575396f6ef5a12b52955d4ffb5171f8f9dc18a20aa4d52237e14f866a46c399967f999fdbe390a43b172b177b188e6cc76982a023cec5678325d4141c489f7016adbae90a16c4c6b0449cffb5e0eb9cb372c1fe233a30b7ac527d62cfe8a9fc23b25ffeacdfc798d869e514f72ceef5cf1dc1d94b4136720d7c7b6b8f8a020d76be98313baccfb4639ec5bc1441cbf559e10ea4bfaa2d956f25440ffb72831ca2f6679c8270f4e39c30c6893f038658f47d2cadced592e7df6164bd5ed417430ed7e9418163746f972a0e2df6cdadbd840d3a1deb8dd77bdb86ed977b9274592f736393e3223c913efe6edf9460d8baa352d0e3c22bd24712949782e351506177d08e5ccb2a4e50e16429f3126e1938c226cf3c3639c80ea959221b00668d6749742e2865715ee6768b1cf275ee2937710930a72f06f4c10aa444dbf9941e4483785692cd3cd39ffc10c53e5d3657e7dbce593caba938b21d8b5c1ea1404efb55bf10b31b0a8e1f609fc6d8bde2ea22b4d691fec028011325d182c2f36a3a131b368980a15236c9d7609e7a31b0645d25b4b63dd97e5d497854bc7b655cb13ed37c71235346efe848452ac965667ad60306f10baf448d11385d579e514e96e495f7a327be4af388c174c793d6ed79db5d566315bbd0f3020af4d9dce4cce422a7b4b3e3c7b8fac9c3c68981ae8ecbb776a053b5b6504a5f8e06a7ac6505acbd3e71561426bccc49c5ebc75b44f9e1eb1555c4755ae14781b7476e32f215bc1d077d4b3414ae3ba592227e290ab4d0a90f99fc11ec8ad23c3eda260dca6eb4d1fa60bbc0db44fb6c53c54201428afc6fe929f939b03405b3e9b243d9805b952d5c153dc7324cd58a477bdb586f133947d86e621a58f02dc600af25311e817b81a24e756de151cc3d2a51e9fdda82d7027d9dd7ad4f67bab9efab74bbc3d1207b0ae09ec0539d440d8e1553725c51f864b0947a955e83fd9c3ac6a8f9b20f639d8962049deb77dc667a1d714fcb4044650256d1ee68f5bc00043ddf561ed9faef9af5879fc28b8556a0cfb1ed1db0c13d03b559728ef54e6aef07d585f332aa6eaede3dd525aa34e68f5490e7b0eb5ea03a6a1e24eab8a4abab29a926305b3defc3fe9746d8ce51dfabc67464009fd2402b429a37c1eb29172c7fb9f9bb7f0dff1c722de033281c103aadbabb6da3285824ca447eecad8b0e00eb47265393ec74407785c463fe84e71812a555479a9458542b527400fa5b7ee46a97dcbefc7b82bc0797c78cb7d6a3521ca19a1f48b8ed8bd2f5a473d612d6e26f2ce292f9c65b7bd42fa5e92306b6cab4ead2f21ab8fc49631d4a6a8c4f6299ea33f5b3aa4c4e24c14795a0eca25d3b019e66dc9d3217741b61c5c5ed8a0137fce065ba05535f9c8bd773419fbe9461a2b81107823620a45032601e1fd4feab5d4b164acfee94b975d8acb87ddd97af1ad13beb6e09ad749fe9ed1ab3bc6c43e7f3e13547d0f398dd91dd6edd40651f73bd8013a9379b4527145217cbd05cd385a25930e4c17af5de2561f0bbb5edddb5016887873684a07028e3317d88aa17e2591fc11a6066ca7adf6a3ab8f751f9c8468c20357e01c905ecdfa6ab7f3c2e8645976a04b89bd59f6066233ca0eea06393a1908fa58a1cb81983525ef3157e79296c09d41ab34e4693d1e86f42659b24716f6d8e69af84750ddfdaeed6f0690d8e6a2e87481511872b4f973f1697de7442a209ecf225bc86dba086cdb3a30d6033bde7581fd466ea884216922bb55221fabbe89108d1fc743826dafb58ae3fd55e7be228fd4101421186fe622d6213fecfa76743339f28330a3630b61a185d5814844a4f0c9210783dd565f619368ab536be2279add34a69ccfad22bdd44a3fec9db5a0e99d291cdc6d7de9c22712b8473c009f222c52f4e51b3573e26a4f4b23bf59a32f5e562dd464d8e656418ffa7c9090b1fba9bd1e89fc923de63a37ba3ef76e85d244200604bc4aef88b2b02a3eb45373c45e4dd70d721524c53cc6d5a5c4f209e8ec2fd49984cac6e6e2ec238349710322d3e7e92c47f7f747d4350e34bc5025903aa270a3a71de5fd6ee020e62d605c2e09c4163fb2c49f2bdfb017550019f846fae2d544d68575d7105c0affb5306a045aaa65b8efb1828690d247f048cb5afec83a52c1a2249e1b2236329a850969b2447a51e8d7b124dc5c64d46f38252b491576070c9aa23d214551afcbef0217c6681ae713e02c2eff851336b1bf1c475d9495e21dd0d9a91bf3fe75b0fd15e912f3d23c42ee4f6b29acdce779bbd8ff886dc3a08fa0a3134d6d5bfc6ee2764a3e06a854ccb60014ad2a8fff289ff51db13537863c60da6634483163824022020f96a6914b3628f7e545eb0a4fc1c2af8b73ac203d2c8dd073a30826fc2e4d756222e33252dc9ca341886111b57f6b17199f7b95dfdff3876c6770b96706bfa815bccaf13e9e01d5e9b047548a6cddabe5eb53ca1ca1e68eae05e5e9516e191450e8b6646d79fc64b72ef7fe91c0427205393f03a2d776a5b8e053196ee711b1e5f71f9b30cf41020d11b31f194d6d8deb036ced06d24bb29e4a43b90e9fc6e44da4edd3c105078d77622b64db9a5494151cc6b36b45495eda54b732e260482cd47d6be9748b709f33fff1545d6f2f95bd33080344a2c472415adcb9e1e0201c297af0f443f2bc14b4d332ed34a38767136f1e2c22230571b815d5e36b1ab79feae5dbd445e983984a8e882e0147e11baf28a3830ec91feb1f080e32364050e4dbee78914b7290703ac2ee3bd655d16cc3c850c7972bc2f2f4c172ddb2562156c0c6ae0582720de9b19411afa0d58c81fc35b2dfbd797d9a88a9da7608edd0a20a23b2614c31c6bbbb74eb8bbe5377f1f070bd5ff92830d357a3427b3812c36555fd126b5baacece89edee97c5bf1cb1ec9867b3325eb53e70ed42a94c79a99b87af299cafdb7177825e6198c928881ddf207a22ba467ade9dc36d1b1a0c0468eebf828fa32cc7dfffacaca77badbb36f51ec02d8b99299bc16a229bd966c8e1da3784f0eb05d7a0ceb63f4bf2071b7931af81fd9ef63fdd6a16730ecc36cb5dcf2e46221c5e41f4f6db5c87a28762152470d7f9a52f82af9c38f4492b1720f41f8154e6614e244997fbef77ee1f4fd9429f8f0831ee85eddd96bf5d1e5c901f736c1d2d7d9740701d74c0ab7da763e28c084cda666cd84221f30793ffd2e78c18a2d70e15d67162d073b42a47cb8d6c15a653ef8dca124a5ec39be7b9fbc8ea24e3a3003c95db826bb8b507fa9339ecf4c182f23b4f223b25faa7559e8557227eb78996513424aeeeb831cd161a259f76eb79364e865a1f8d7847b306d23cd9069594d7aca6ab21fd85b20eeb6c8e09922dc3255729d280c042c60b9e9d6fa13e04aa00fcccab26ad74794be946e4b3f537149bc326b875eb026f4ddbc8fb691e1f7342f29673a74f857b5e9920cad06a95d1b17755ad2c59ae0e3ef7eaa44682806a5c7525ceb6af9d9d51b84aacee271784a99925b075a474b5c1681e2b79543383d2faee034ab10073e3f0a5b3a37e81983f4073190895e3683bc625374ec867dc92b3f9f522c0ba1108dbd0fe86a4cc25d5c725c1906aeea5fa7a98a0594a8e379f622e3a4d0d4cff723d8b689ca285bb4a3c0f88d053ee86676e2bf9faa3a2c705644928e3df47aa583b1b0753682197371fdedebd48c93e4aaaf6bc2fb3395cb578054215847903f6067ed43d59b3f59e0fed8a02c54000fa11aed1e406b4891ed025e85c7ebeda9bbaab5f5c4995c7dc5fb1fb1c13f02dc5b592d27c531ed3b46734ae4ac45cab386663e6da9988423d996d75016aaca0956aad89b98ffd2584de4f359cd8f65589ecb311a95552bde5f59eb18020d22966c8812c8715bc186faf60c68f2be3b0b7d883875d18d62122c92acb6d61340f402abbf382d1c4b3b48d9"})
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0xffffffffffffffe1, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0})

669.12563ms ago: executing program 5 (id=7003):
openat$rnullb(0xffffffffffffff9c, 0x0, 0x200, 0x0) (async)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000800)='/sys/power/image_size', 0x141a82, 0x0)
write$UHID_GET_REPORT_REPLY(r0, &(0x7f0000000000), 0xa) (async)
r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000033c0), 0x0, 0x0) (async)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1e1243, 0x0)
ioctl$BLKRRPART(r2, 0x125f, 0x0)
read$FUSE(r1, 0x0, 0x0) (async)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0) (async)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x30, 0x5, 0x0, {0x0, 0x3, 0x28, 0x7}}, 0x30)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x80040, 0x0) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_int(r6, &(0x7f0000001180)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0)
write$cgroup_int(r7, &(0x7f0000000040), 0x12)
write$vga_arbiter(r5, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000206e6ffe8015"], 0xa)
ioctl$BLKROSET(r4, 0x125d, &(0x7f0000000540)=0x10001)
ioctl$BLKRRPART(r3, 0x125f, 0x0)

582.077471ms ago: executing program 8 (id=7004):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) (async, rerun: 64)
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x70d040, 0x0) (rerun: 64)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYBLOB="a322000000000000f10b0000000000000900000000000000"]) (async)
ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0x566afa30a48730) (async)
mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000080), 0x400, &(0x7f00000000c0)=ANY=[@ANYBLOB='context']) (async)
ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000140))

573.713761ms ago: executing program 9 (id=7005):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000ecffffff9202"])
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x2, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0xbfd3d37869228228, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x9})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000000580001c0"])
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92, 0x80a0000})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000640)={[0x202a0, 0x8, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x8000000000000000, 0x0, 0x40000009, 0x7, 0x3, 0x8000000000000000, 0xff], 0xdddd0000, 0x60a55})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
r10 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0)
syz_clone3(&(0x7f00000013c0)={0x240040480, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0, 0x0, {r10}}, 0x58)
openat$kvm(0xffffffffffffff9c, &(0x7f0000007a80), 0x101000, 0x0)

526.631562ms ago: executing program 5 (id=7006):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
ioctl$BINDER_FREEZE(r0, 0x400c620e, &(0x7f00000002c0)={0x0, 0x0, 0x6})

433.984773ms ago: executing program 8 (id=7007):
openat$rnullb(0xffffffffffffff9c, 0x0, 0x200, 0x0) (async)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000800)='/sys/power/image_size', 0x141a82, 0x0) (async)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x2) (async)
read(r1, 0x0, 0x0)
ioctl$TIOCVHANGUP(r1, 0x5437, 0x0)
write$UHID_GET_REPORT_REPLY(r0, &(0x7f0000000000), 0xa) (async)
r2 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000033c0), 0x0, 0x0) (async)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1e1243, 0x0)
ioctl$BLKRRPART(r3, 0x125f, 0x0)
read$FUSE(r2, 0x0, 0x0) (async)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000002a40), 0x200, 0x0) (async)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
write$vga_arbiter(r6, &(0x7f0000000100)=@other={'lock', ' ', 'none'}, 0xa) (async)
ioctl$BLKROSET(r5, 0x125d, &(0x7f0000000540)=0x10001)
ioctl$BLKRRPART(r4, 0x125f, 0x0)

431.493473ms ago: executing program 3 (id=7008):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x40010, r0, 0x362ea000)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@decrefs={0x40046307, 0x3}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={@fda={0x66646185, 0x8, 0x1, 0x16}, @flat=@handle={0x73682a85, 0x1000, 0x3}, @fda={0x66646185, 0x9, 0x1, 0x38}}, &(0x7f00000001c0)={0x0, 0x0, 0xfffffffffffffd98}}, 0x40}, @register_looper], 0x0, 0x0, 0x0})

426.130073ms ago: executing program 5 (id=7009):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8500, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x8140aecc, &(0x7f0000000280))
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})

326.003015ms ago: executing program 3 (id=7010):
mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff)
openat$rnullb(0xffffffffffffff9c, 0x0, 0x164e80, 0x0) (async)
r0 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r0, 0x0) (async, rerun: 32)
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (rerun: 32)
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f00000002c0)={0x2, &(0x7f0000000040)=[{0x28, 0x0, 0x0, 0xfffff018}, {0x6}]}) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder0\x00', 0x1802, 0x0)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x111000, 0x0)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x30, r0, 0x92dca000) (async, rerun: 64)
ioctl$RTC_WKALM_SET(r4, 0x40187014, &(0x7f0000000000)={0x3, 0xfd, {0x1, 0x0, 0x0, 0x3, 0x6, 0x60, 0x1, 0x4, 0x1}}) (rerun: 64)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) (async, rerun: 64)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) (rerun: 64)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x2, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xff, 0x8, 0x10, 0x0, 0x5, 0x0, 0x0, 0x4, 0x0, 0x80, '\x00', 0x2, 0x5})
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r7, 0x40046205, 0x0) (async)
mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', &(0x7f0000001e00), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="faa9df60b74ef8c06bfb31773e8d84fff7e0c94036fd11a025e63c9488ccaa5f8a5826d23f478bc8b94afa8943ca211bb987cdf7734945de374b6504a2c6bc6acc3fbce016"]) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000002500)='./binderfs2/binder0\x00', 0x0, 0x0)

226.137346ms ago: executing program 5 (id=7011):
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x35c, 0x0)
mount$binderfs(0x0, &(0x7f0000000280)='./binderfs\x00', 0x0, 0x2000063, &(0x7f0000000400)={[], [{@flag='dirsync'}]})
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0)
openat$cgroup_ro(r0, &(0x7f0000000040)='blkio.bfq.io_service_time\x00', 0x0, 0x0)

225.306296ms ago: executing program 8 (id=7012):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
ioctl$SNAPSHOT_UNFREEZE(r1, 0x3302)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008e02"])
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000200)={0x1, 0x0, [{0xffff1000, 0x31, &(0x7f00000001c0)=""/49}]})
close_range(r0, 0xffffffffffffffff, 0x0)
mount$binderfs(0x0, &(0x7f00000000c0)='./binderfs\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)={[{@max={'max', 0x3d, 0x7fffffff}}]})
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) (async)
ioctl$SNAPSHOT_UNFREEZE(r1, 0x3302) (async)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008e02"]) (async)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000200)={0x1, 0x0, [{0xffff1000, 0x31, &(0x7f00000001c0)=""/49}]}) (async)
close_range(r0, 0xffffffffffffffff, 0x0) (async)
mount$binderfs(0x0, &(0x7f00000000c0)='./binderfs\x00', &(0x7f0000000140), 0x0, &(0x7f0000000280)={[{@max={'max', 0x3d, 0x7fffffff}}]}) (async)

179.834347ms ago: executing program 3 (id=7013):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, &(0x7f0000000080)={0x49de, 0x3, 0x2, 0x7ff, 0x0, "03880d17f2cf8baf"})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004cc, 0x8000000, 0x0, 0x10000000, 0xfffffffffffffffe, 0x100, 0x0, 0x0, 0x5]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$binfmt_format(0xffffff9c, &(0x7f0000003040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
prctl$PR_MCE_KILL(0x21, 0x0, 0x1)
write$binfmt_format(r3, &(0x7f0000000040)='-1\x00', 0x3)
r4 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r4, 0x40087703, 0x100000002000c)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r4, 0x0)

156.021467ms ago: executing program 5 (id=7014):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x68800, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) (async)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000001c0), 0x12) (async)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r4, 0x4068aea3, &(0x7f0000000140)={0xbe, 0x0, 0x1})
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (async)
ioctl$BLKRRPART(r0, 0x125f, 0x0)

0s ago: executing program 5 (id=7015):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0)
r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
r3 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r3, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r4, &(0x7f0000000840)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x10, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x8000, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xffffffff, 0x2, 0x0, 0x3], [0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x3, 0x0, 0x4, 0x0, 0xffeffffe, 0x0, 0x5], [0x0, 0x0, 0x0, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5b2bb47c], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcc5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x239]}, 0x45c)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x2000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92, 0x80a0000})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee8000, 0x42240})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r8, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/custom0\x00', 0x2, 0x0)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000001380), 0x101100, 0x0)

kernel console output (not intermixed with test programs):

 483.960480][   T36] kauditd_printk_skb: 1077 callbacks suppressed
[  483.960493][   T36] audit: type=1400 audit(1750389368.240:103480): avc:  denied  { map } for  pid=19841 comm="syz.9.5963" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  483.998991][   T36] audit: type=1400 audit(1750389368.240:103481): avc:  denied  { read } for  pid=19841 comm="syz.9.5963" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  484.064929][   T36] audit: type=1400 audit(1750389368.340:103482): avc:  denied  { read write } for  pid=19637 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  484.089441][   T36] audit: type=1400 audit(1750389368.340:103483): avc:  denied  { read write open } for  pid=19637 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  484.115251][   T36] audit: type=1400 audit(1750389368.340:103484): avc:  denied  { ioctl } for  pid=19637 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  484.141077][   T36] audit: type=1400 audit(1750389368.360:103485): avc:  denied  { read write } for  pid=19844 comm="syz.3.5964" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  484.165110][   T36] audit: type=1400 audit(1750389368.360:103486): avc:  denied  { read write open } for  pid=19844 comm="syz.3.5964" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  484.189544][   T36] audit: type=1400 audit(1750389368.360:103487): avc:  denied  { ioctl } for  pid=19844 comm="syz.3.5964" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  484.223295][   T36] audit: type=1400 audit(1750389368.500:103488): avc:  denied  { read write } for  pid=19637 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  484.247824][   T36] audit: type=1400 audit(1750389368.500:103489): avc:  denied  { read write open } for  pid=19637 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  484.364885][T19853] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus
[  484.795229][T19875] binder: Unknown parameter 'context'
[  484.904593][T19881] geneve1: tun_chr_ioctl cmd 1074025672
[  484.913802][T19884] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:629
[  484.948677][T19881] geneve1: ignored: set checksum enabled
[  484.976541][T19887] rust_binder: Failed copying remainder into alloc: EFAULT
[  484.976565][T19887] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[  484.990478][T19887] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  484.999492][T19887] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:401
[  485.174528][T19900] rust_binder: Read failure Err(EAGAIN) in pid:631
[  485.208995][T19893] rust_binder: Read failure Err(EAGAIN) in pid:631
[  485.237737][T19900] rust_binder: Write failure EINVAL in pid:631
[  485.247714][T19893] rust_binder: Write failure EINVAL in pid:631
[  485.605331][T19909] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  485.652272][T19909] kvm: requested 54476 ns i8254 timer period limited to 200000 ns
[  485.702774][T19909] kvm: requested 98895 ns i8254 timer period limited to 200000 ns
[  485.726679][T19909] kvm: requested 62019 ns i8254 timer period limited to 200000 ns
[  486.054055][T19930] rust_binder: got new transaction with bad transaction stack
[  486.054079][T19930] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:414
[  486.219141][T19934] SELinux: security_context_str_to_sid () failed with errno=-22
[  486.330568][T19937] rust_binder: Write failure EINVAL in pid:70
[  486.393502][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.414170][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.429589][T19942] rust_binder: Error in use_page_slow: ESRCH
[  486.429612][T19942] rust_binder: use_range failure ESRCH
[  486.437967][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.459766][T19942] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  486.459792][T19942] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  486.477459][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.494363][T19942] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:72
[  486.539727][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.569665][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.576232][T19944] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89)
[  486.577062][T19944] rust_binder: Error while translating object.
[  486.577083][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.608616][T19946] rust_binder: Write failure EINVAL in pid:74
[  486.609933][T19946] binder: Bad value for 'stats'
[  486.617472][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.621014][T19944] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  486.635407][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.644974][T19944] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:420
[  486.658404][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.707458][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.726848][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.745588][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.761813][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.776774][   T10] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  486.787881][   T10] hid-generic 009C:0008:0003.0021: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  486.799367][T19948] rust_binder: Write failure EFAULT in pid:639
[  486.842187][T19957] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:76
[  487.053753][T19960] fido_id[19960]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  487.067739][T19967] binder: Unknown parameter 'processor	: 0
[  487.067739][T19967] vendor_id	: GenuineIntel
[  487.067739][T19967] cpu family	: 6
[  487.067739][T19967] model		: 79
[  487.067739][T19967] model name	: Intel(R) Xeon(R) CPU @ 2.20GHz
[  487.067739][T19967] stepping	: 0
[  487.067739][T19967] microcode	: 0xffffffff
[  487.067739][T19967] cpu MHz		: 2200.224
[  487.067739][T19967] cache size	: 56320 KB
[  487.067739][T19967] physical id	: 0
[  487.067739][T19967] siblings	: 2
[  487.067739][T19967] core id		: 0
[  487.067739][T19967] cpu cores	: 1
[  487.067739][T19967] apicid		: 0
[  487.067739][T19967] initial apicid	: 0
[  487.067739][T19967] fpu		: yes
[  487.067739][T19967] fpu_exception	: yes
[  487.067739][T19967] cpuid level	: 13
[  487.067739][T19967] wp		: yes
[  487.067739][T19967] flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities
[  487.067739][T19967] vmx flags	: vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi
[  487.117722][T19966] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:642
[  487.182268][T19972] rust_binder: Failed to allocate buffer. len:136, is_oneway:true
[  487.275674][T19966] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  487.294381][T19975] rust_binder: Error while translating object.
[  487.307634][T19970] kvm: kvm [19969]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x187) = 0xfff
[  487.323951][T19978] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  487.325225][T19976] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  487.342649][T19966] rust_binder: Read failure Err(EFAULT) in pid:642
[  487.356810][T19976] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:731
[  487.374732][T19975] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  487.386635][T19980] SELinux: security_context_str_to_sid (sytem_u�Gй�:��) failed with errno=-22
[  487.406506][T19975] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:731
[  487.455715][T19982] rust_binder: Write failure EFAULT in pid:88
[  487.502212][T19990] binder: Unknown parameter 'context'
[  487.693087][T20000] rust_binder: Error in use_page_slow: ESRCH
[  487.693111][T20000] rust_binder: use_range failure ESRCH
[  487.715660][T20000] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  487.736758][T20000] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  487.772374][T20000] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:647
[  487.939928][T20009] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89)
[  487.967467][T20009] rust_binder: Error while translating object.
[  487.997522][T20009] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  488.026765][T20009] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:92
[  488.033694][T20018] binder: Unknown parameter '0x0000000000000000'
[  488.228679][T20025] SELinux: ebitmap: truncated map
[  488.255567][T20025] SELinux: failed to load policy
[  488.280515][T20025] binder: Bad value for 'context'
[  488.447420][T20032] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:97
[  488.460423][T20030] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:658
[  488.503608][T20032] rust_binder: Read failure Err(EFAULT) in pid:97
[  488.585887][T20035] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  488.704599][T20042] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false
[  488.712548][T20042] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  488.717475][T20044] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  488.737042][T20042] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:661
[  488.972248][   T36] kauditd_printk_skb: 1130 callbacks suppressed
[  488.972267][   T36] audit: type=1400 audit(1750389373.250:104620): avc:  denied  { read } for  pid=20058 comm="syz.3.6030" name="binder1" dev="binder" ino=130 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  489.013859][T20059] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false
[  489.013884][T20059] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  489.037698][T20059] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:111
[  489.054069][   T36] audit: type=1400 audit(1750389373.260:104621): avc:  denied  { read write } for  pid=17769 comm="syz-executor" name="loop9" dev="devtmpfs" ino=58 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  489.113978][   T36] audit: type=1400 audit(1750389373.260:104622): avc:  denied  { read write open } for  pid=17769 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=58 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  489.177462][   T36] audit: type=1400 audit(1750389373.260:104623): avc:  denied  { ioctl } for  pid=17769 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=58 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  489.202307][T20073] kvm: kvm [20072]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x187) = 0xfff
[  489.242071][T20076] audit: audit_backlog=65 > audit_backlog_limit=64
[  489.248813][T18235] audit: audit_backlog=65 > audit_backlog_limit=64
[  489.255975][T18235] audit: audit_lost=680 audit_rate_limit=0 audit_backlog_limit=64
[  489.259329][   T36] audit: type=1400 audit(1750389373.290:104624): avc:  denied  { read open } for  pid=20058 comm="syz.3.6030" path="/dev/binderfs/binder1" dev="binder" ino=130 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  489.265163][T20076] audit: audit_lost=681 audit_rate_limit=0 audit_backlog_limit=64
[  489.297791][T18235] audit: backlog limit exceeded
[  489.443783][T20085] can0: slcan on ttyS3.
[  489.502328][T20089] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  489.502991][T20089] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  489.528262][T20084] can0 (unregistered): slcan off ttyS3.
[  489.558835][T20091] binder: Unknown parameter 'dont_hash'
[  490.086522][T20116] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[  490.106029][T20130] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  490.116756][T20116] rust_binder: Error while translating object.
[  490.151311][T20116] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  490.164882][T20116] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:671
[  490.192908][T20135] rust_binder: Write failure EFAULT in pid:772
[  490.284346][T20137] SELinux: security_context_str_to_sid () failed with errno=-22
[  490.303662][T20137] rust_binder: Write failure EFAULT in pid:774
[  490.352189][T20139] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:776
[  490.358519][T20139] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  490.367706][T20139] rust_binder: Read failure Err(EFAULT) in pid:776
[  490.377271][T20139] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  490.391019][T20139] rust_binder: Write failure EINVAL in pid:776
[  490.524976][T20151] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:679
[  490.582628][T20155] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  490.869442][T20171] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27
[  490.869466][T20171] rust_binder: Error while translating object.
[  490.887643][T20171] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  490.893911][T20171] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:470
[  491.038060][T20177] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found
[  491.068206][T20177] rust_binder: Write failure EINVAL in pid:142
[  491.188261][T20189] SELinux: security_context_str_to_sid (syste_u�Gй�:��) failed with errno=-22
[  491.204828][T20186] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  491.205377][T20186] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  491.295001][T20193] rust_binder: Failed to allocate buffer. len:4216, is_oneway:true
[  491.301559][T20193] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  491.321766][T20193] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:792
[  491.476874][T20202] rust_binder: Failed to allocate buffer. len:144, is_oneway:false
[  491.531399][T20207] SELinux:  policydb magic number 0xcc7cff8c does not match expected magic number 0xf97cff8c
[  491.551944][T20207] SELinux: failed to load policy
[  491.605327][T20211] rust_binder: inc_ref_done called when no active inc_refs
[  492.039811][T20231] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  492.047063][T20231] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:801
[  492.125120][T20234] input: syz0 as /devices/virtual/input/input268
[  492.365334][T20250] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  492.365364][T20250] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:503
[  492.442628][T20253] rust_binder: Write failure EINVAL in pid:807
[  492.620536][T20262] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  492.980644][T20281] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  492.980686][T20281] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:691
[  492.998304][T20281] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  493.008966][T20281] rust_binder: Read failure Err(EFAULT) in pid:691
[  493.068736][T20283] rust_binder: Write failure EFAULT in pid:524
[  493.074593][T20286] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89)
[  493.084182][T20286] rust_binder: Error while translating object.
[  493.099014][T20283] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  493.099737][T20286] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  493.116076][T20286] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:170
[  493.134043][T20287] rust_binder: Write failure EFAULT in pid:693
[  493.217525][T20294] input: syz0 as /devices/virtual/input/input269
[  493.242097][T20294] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  493.242119][T20294] rust_binder: Read failure Err(EFAULT) in pid:810
[  493.263305][T20294] rust_binder: Write failure EINVAL in pid:810
[  493.402738][T20296] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  493.417461][T20296] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:696
[  493.483648][T20300] SELinux: failed to load policy
[  493.519798][T20308] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  493.538140][T20300] input: syz0 as /devices/virtual/input/input270
[  493.547482][T20300] input: failed to attach handler leds to device input270, error: -6
[  493.565804][T20308] SELinux: failed to load policy
[  493.580325][T20300] rust_binder: Read failure Err(EAGAIN) in pid:527
[  493.604667][T20314] binder: Binderfs stats mode cannot be changed during a remount
[  493.932784][T20329] rust_binder: Error while translating object.
[  493.932825][T20329] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  493.956931][T20329] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:704
[  493.980582][   T36] kauditd_printk_skb: 1392 callbacks suppressed
[  493.980600][   T36] audit: type=1400 audit(1750389378.260:105989): avc:  denied  { read } for  pid=20327 comm="syz.9.6116" name="binder0" dev="binder" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  494.028748][T20332] __vm_enough_memory: pid: 20332, comm: syz.5.6118, bytes: 281474976845824 not enough memory for the allocation
[  494.075638][   T36] audit: type=1400 audit(1750389378.300:105990): avc:  denied  { read append } for  pid=20327 comm="syz.9.6116" name="binder1" dev="binder" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  494.106814][   T36] audit: type=1400 audit(1750389378.300:105991): avc:  denied  { read open } for  pid=20327 comm="syz.9.6116" path="/dev/binderfs/binder1" dev="binder" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  494.179816][   T36] audit: type=1400 audit(1750389378.300:105992): avc:  denied  { read } for  pid=20330 comm="syz.5.6118" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  494.217607][T20340] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  494.217937][T20340] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  494.250875][   T36] audit: type=1400 audit(1750389378.300:105993): avc:  denied  { read open } for  pid=20330 comm="syz.5.6118" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  494.299791][   T36] audit: type=1400 audit(1750389378.300:105994): avc:  denied  { read open } for  pid=20327 comm="syz.9.6116" path="/dev/binderfs/binder0" dev="binder" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  494.387440][   T36] audit: type=1400 audit(1750389378.310:105995): avc:  denied  { ioctl } for  pid=20330 comm="syz.5.6118" path="/dev/ashmem" dev="devtmpfs" ino=201 ioctlcmd=0x7703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  494.426046][   T36] audit: type=1400 audit(1750389378.310:105996): avc:  denied  { map } for  pid=20330 comm="syz.5.6118" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  494.455437][T20353] rust_binder: Error while translating object.
[  494.455469][T20353] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  494.464110][T20353] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:539
[  494.478587][T20353] audit: audit_backlog=65 > audit_backlog_limit=64
[  494.502307][   T36] audit: type=1400 audit(1750389378.310:105997): avc:  denied  { read } for  pid=20330 comm="syz.5.6118" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  494.570111][T20358] binder: Unknown parameter 'hash'
[  494.575597][T20359] binder: Unknown parameter 'hash'
[  494.582829][T20347] SELinux: failed to load policy
[  494.794795][T20376] binder: Unknown parameter 'coyBLV�"i5������ntext'
[  495.314474][T20408] geneve1: tun_chr_ioctl cmd 1074025672
[  495.338942][T20408] geneve1: ignored: set checksum enabled
[  495.578868][T20430] binder: Unknown parameter 'coyBLV�"i5������ntext'
[  495.714171][T20443] binder: Bad value for 'max'
[  495.801781][T20445] input: syz0 as /devices/virtual/input/input271
[  495.907294][T20450] binder: Unknown parameter 'context'
[  495.967779][T20456] binder: Unknown parameter 'maxv/net/tun'
[  496.394272][T20490] kvm: user requested TSC rate below hardware speed
[  496.419270][T20490] SELinux: security_context_str_to_sid (syste_u�Gй�:��) failed with errno=-22
[  496.421978][T20492] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:560
[  496.483090][T20493] rust_binder: Write failure EINVAL in pid:560
[  496.507709][T20494] binder: Unknown parameter 'obj_user'
[  496.574541][T20496] kvm: kvm [20495]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010005) = 0x1
[  496.584800][T20496] binder: Bad value for 'stats'
[  496.868774][T20504] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  496.880638][T20504] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false
[  497.129103][T20520] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  497.527301][T20549] binder: Bad value for 'max'
[  497.891754][T20575] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false
[  497.891780][T20575] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  497.922358][T20575] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:569
[  497.965227][T20573] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found
[  498.029717][T20573] rust_binder: Write failure EINVAL in pid:239
[  498.226872][T20588] rust_binder: Write failure EINVAL in pid:243
[  498.357990][T20593] binder: Unknown parameter 'coyBLV�"i5������ntext'
[  498.374808][T20595] binder: Unknown parameter 'coyBLV�"i5������ntext'
[  498.497244][T20597] rust_binder: Error while translating object.
[  498.497287][T20597] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  498.527455][T20597] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:577
[  498.570417][T20605] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:906
[  498.777625][T20620] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  498.816249][T20620] rust_binder: Read failure Err(EFAULT) in pid:913
[  498.928629][T20629] input: syz0 as /devices/virtual/input/input273
[  498.988258][   T36] kauditd_printk_skb: 1201 callbacks suppressed
[  498.988276][   T36] audit: type=1400 audit(1750389383.270:107146): avc:  denied  { ioctl } for  pid=20630 comm="syz.5.6214" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  499.032700][T20629] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0
[  499.032726][T20629] rust_binder: Error while translating object.
[  499.054767][T20631] KVM: debugfs: duplicate directory 20631-6
[  499.066975][T20629] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  499.067015][T20629] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:254
[  499.077613][   T36] audit: type=1400 audit(1750389383.300:107147): avc:  denied  { read write } for  pid=20632 comm="syz.8.6215" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  499.127543][   T36] audit: type=1400 audit(1750389383.310:107149): avc:  denied  { map } for  pid=20628 comm="syz.3.6213" path="/dev/binderfs/binder0" dev="binder" ino=129 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  499.152106][   T36] audit: type=1400 audit(1750389383.310:107150): avc:  denied  { read } for  pid=20628 comm="syz.3.6213" path="/dev/binderfs/binder0" dev="binder" ino=129 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  499.214167][   T36] audit: type=1400 audit(1750389383.310:107151): avc:  denied  { ioctl } for  pid=20628 comm="syz.3.6213" path="/dev/binderfs/binder0" dev="binder" ino=129 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  499.274186][   T36] audit: type=1400 audit(1750389383.310:107152): avc:  denied  { call } for  pid=20628 comm="syz.3.6213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  499.302315][   T36] audit: type=1400 audit(1750389383.310:107153): avc:  denied  { transfer } for  pid=20628 comm="syz.3.6213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  499.335480][   T36] audit: type=1400 audit(1750389383.310:107154): avc:  denied  { ioctl open } for  pid=20632 comm="syz.8.6215" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  499.342631][T17351] audit: audit_backlog=65 > audit_backlog_limit=64
[  499.360357][T20639] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  499.381604][T17351] audit: audit_lost=709 audit_rate_limit=0 audit_backlog_limit=64
[  499.679038][T20665] input: syz0 as /devices/virtual/input/input274
[  500.045565][T20683] input: syz0 as /devices/virtual/input/input275
[  500.109691][T20685] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:601
[  500.175387][T20686] kvm: kvm [20684]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010005) = 0x1
[  500.232342][T20690] rust_binder: Write failure EFAULT in pid:260
[  500.359679][T20694] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:942
[  500.398507][T20699] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:262
[  501.018776][T20731] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  501.076325][T20731] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  501.263249][T20739] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:816
[  501.299248][T20739] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  501.338865][T20739] rust_binder: Read failure Err(EFAULT) in pid:816
[  501.425889][T20746] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  501.438930][T20749] rust_binder: Read failure Err(EAGAIN) in pid:819
[  501.458593][T20746] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  501.470369][T20746] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  501.586643][   T10] hid-generic 0000:0000:0000.0022: unknown main item tag 0x0
[  501.615138][   T10] hid-generic 0000:0000:0000.0022: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  501.815281][T20769] fido_id[20769]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  501.900879][T20772] input: syz0 as /devices/virtual/input/input277
[  502.080873][T20779] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  502.311756][T20787] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  502.311789][T20787] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:275
[  502.360756][T20792] SELinux: security_context_str_to_sid (syte) failed with errno=-22
[  502.413344][T20794] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:278
[  502.505416][T20800] binder: Bad value for 'max'
[  502.522309][T20802] binder: Bad value for 'max'
[  502.536022][T20808] rust_binder: Write failure EFAULT in pid:829
[  502.619632][T20812] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:980
[  502.688475][T20815] binder: Unknown parameter 'defcontext01777777777777777777777'
[  502.762949][T20817] random: crng reseeded on system resumption
[  502.769296][T20815] SELinux: security_context_str_to_sid (syte) failed with errno=-22
[  502.835380][ T9847] hid-generic 0000:0000:0000.0023: item fetching failed at offset 0/1
[  502.845723][ T9847] hid-generic 0000:0000:0000.0023: probe with driver hid-generic failed with error -22
[  502.981842][T20830] rust_binder: Write failure EINVAL in pid:836
[  503.182298][T20840] binder: Bad value for 'max'
[  503.211278][T20842] SELinux:  policydb version -242519378 does not match my version range 15-33
[  503.257485][T20842] SELinux: failed to load policy
[  503.272236][T20843] SELinux:  policydb version -242519378 does not match my version range 15-33
[  503.295999][T20843] SELinux: failed to load policy
[  503.466888][ T4414] hid (null): invalid report_size 28520
[  503.477166][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.495624][T20859] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:990
[  503.497336][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.513930][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.521387][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.528810][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.536178][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.543615][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.551111][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.563495][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.570963][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.582786][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.591660][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.599776][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.607307][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.615766][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.623830][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.631771][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.644642][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.652812][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.665145][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.673959][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.682680][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.690632][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.698611][T20870] binder: Unknown parameter 'hash'
[  503.703119][T20869] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:634
[  503.704466][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.710466][T20869] rust_binder: Failed copying remainder into alloc: EFAULT
[  503.719275][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.735560][T20869] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[  503.735612][T20869] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  503.737213][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.753173][T20869] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:634
[  503.763981][T20872] input: syz1 as /devices/virtual/input/input279
[  503.780211][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.788179][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.795584][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.803007][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.810398][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.818626][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.826083][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.834305][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.842279][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.850348][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.858282][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.865685][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.873798][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.881775][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.889708][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.897191][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.908490][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.916875][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.927308][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.928380][T20885] binder: Bad value for 'stats'
[  503.935534][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.947585][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.955083][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.962523][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.969971][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.977425][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.984093][T20885] rust_binder: Write failure EFAULT in pid:310
[  503.984873][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.998514][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  503.999110][   T36] kauditd_printk_skb: 1159 callbacks suppressed
[  503.999124][   T36] audit: type=1400 audit(1750389388.280:108312): avc:  denied  { read write } for  pid=20881 comm="syz.9.6296" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  504.005898][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.005924][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.036105][   T36] audit: type=1400 audit(1750389388.300:108313): avc:  denied  { read open } for  pid=20881 comm="syz.9.6296" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  504.042945][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.042975][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.091623][   T36] audit: type=1400 audit(1750389388.300:108314): avc:  denied  { read write } for  pid=20881 comm="syz.9.6296" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  504.101754][T20887] rust_binder: Failed to allocate buffer. len:112, is_oneway:false
[  504.119958][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.135319][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.142768][   T36] audit: type=1400 audit(1750389388.300:108315): avc:  denied  { read open } for  pid=20881 comm="syz.9.6296" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  504.166572][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.174019][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.181541][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.188982][   T36] audit: type=1400 audit(1750389388.300:108316): avc:  denied  { read write } for  pid=20881 comm="syz.9.6296" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  504.212427][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.213588][   T36] audit: type=1400 audit(1750389388.300:108317): avc:  denied  { read open } for  pid=20881 comm="syz.9.6296" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  504.224622][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.243693][   T36] audit: type=1400 audit(1750389388.300:108318): avc:  denied  { read write } for  pid=20881 comm="syz.9.6296" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  504.255401][T20891] audit: audit_backlog=65 > audit_backlog_limit=64
[  504.281015][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.285520][T17769] audit: audit_backlog=65 > audit_backlog_limit=64
[  504.289403][T20891] audit: audit_lost=710 audit_rate_limit=0 audit_backlog_limit=64
[  504.303496][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.313490][T20894] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found
[  504.314693][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.321846][T20894] rust_binder: Write failure EINVAL in pid:314
[  504.330722][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.345197][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.353189][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.363984][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.371410][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.378838][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.386211][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.393730][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.401140][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.408600][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.415982][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.423491][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.430964][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.438523][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.445926][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.453823][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.461824][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.469788][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.477194][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.494395][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.502414][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.516099][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.524225][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.532465][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.539963][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.547409][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.554802][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.562233][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.570358][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.578080][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.587023][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.593492][T20908] rust_binder: Write failure EINVAL in pid:637
[  504.595621][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.609324][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.617093][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.624548][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.638094][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.645524][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.659067][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.667287][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.673017][T20913] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  504.675423][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.680671][T20915] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 144, limit: 184, size: 85)
[  504.683565][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.696687][T20915] rust_binder: Error while translating object.
[  504.700649][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.708150][T20915] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  504.714072][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.720985][T20915] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:866
[  504.730855][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.754334][T20914] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:640
[  504.754396][T20913] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  504.758287][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.780329][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.787790][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.795262][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.802805][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.810402][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.820113][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.828127][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.835537][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.843678][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.856325][T20906] rust_binder: Read failure Err(EFAULT) in pid:317
[  504.856414][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.871345][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.879278][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.886763][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.894005][T20920] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  504.895102][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.910390][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.918339][ T4414] hid-generic 01FF:0004:0400.0024: unknown main item tag 0x0
[  504.925884][ T4414] hid-generic 01FF:0004:0400.0024: invalid report_size 28520
[  504.933729][ T4414] hid-generic 01FF:0004:0400.0024: item 0 2 1 7 parsing failed
[  504.941585][ T4414] hid-generic 01FF:0004:0400.0024: probe with driver hid-generic failed with error -22
[  505.271576][T20930] binder: Unknown parameter 'defcontext01777777777777777777777M�(�F�~�3+������0'
[  505.615844][T20944] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:649
[  505.738616][T20950] binder: Binderfs stats mode cannot be changed during a remount
[  506.041420][T20965] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false
[  506.041446][T20965] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  506.063952][T20965] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:884
[  506.079004][T20963] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:654
[  506.091453][T20957] rust_binder: Write failure EINVAL in pid:330
[  506.168240][T20974] random: crng reseeded on system resumption
[  506.291824][T20973] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1003
[  506.324292][T20974] Unrecognized hibernate image header format!
[  506.372862][T20979] rust_binder: Read failure Err(EAGAIN) in pid:659
[  506.378933][T20974] PM: hibernation: Image mismatch: architecture specific data
[  506.478638][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.517318][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.537924][T20990] rust_binder: Write failure EINVAL in pid:661
[  506.538450][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.585671][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.604697][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.625551][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.640893][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.657447][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.662743][T20992] binder: Bad value for 'max'
[  506.676671][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.692440][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.698243][T20995] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  506.700034][T20995] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  506.712071][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.727052][T20995] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  506.727287][T20995] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  506.730939][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.748713][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.756333][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.764028][T10073] hid-generic 009C:0008:0003.0025: unknown main item tag 0x0
[  506.773723][T10073] hid-generic 009C:0008:0003.0025: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  506.830993][T21002] binder: Unknown parameter 'w'
[  507.005777][T21005] binder: Bad value for 'max'
[  507.068765][T21003] fido_id[21003]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  507.127617][T21007] SELinux:  policydb magic number 0xb65 does not match expected magic number 0xf97cff8c
[  507.167516][T21007] SELinux: failed to load policy
[  507.223166][T21011] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY
[  507.223198][T21011] rust_binder: Error in use_page_slow: EBUSY
[  507.267459][T21011] rust_binder: use_range failure EBUSY
[  507.297491][T21011] rust_binder: Failed to allocate buffer. len:8, is_oneway:true
[  507.303476][T21013] kvm: kvm [21012]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc2) = 0xffffffffffff6253
[  507.313278][T21011] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY }
[  507.335808][T21014] input: syz0 as /devices/virtual/input/input280
[  507.398457][T21013] PM: Enabling pm_trace changes system date and time during resume.
[  507.398457][T21013] PM: Correct system time has to be restored manually after resume.
[  507.414440][T21011] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender.
[  507.444094][T21011] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:341
[  507.456532][T21024] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  507.482527][T21024] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:668
[  507.768600][T21045] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1
[  507.778435][T21044] rust_binder: Error while translating object.
[  507.805398][T21044] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  507.805785][T21045] rust_binder: Write failure EINVAL in pid:349
[  507.815528][T21044] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:913
[  507.898868][T21047] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:351
[  508.058277][T21061] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:674
[  508.059197][T21063] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3
[  508.090051][T21057] binder: Unknown parameter '����secla�l'
[  508.117645][T21058] binder: Unknown parameter '����secla�l'
[  508.125950][T21063] rust_binder: Write failure EINVAL in pid:674
[  508.196855][T21069] SELinux: security_context_str_to_sid () failed with errno=-22
[  508.341418][T21078] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[  508.393064][T21078] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  508.457466][T21083] rust_binder: Write failure EFAULT in pid:684
[  508.485643][T21085] rust_binder: Write failure EFAULT in pid:1022
[  508.526887][T21089] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  508.543846][T21089] SELinux: failed to load policy
[  508.811730][T21113] rust_binder: Read failure Err(EAGAIN) in pid:929
[  508.831875][T21118] input: syz0 as /devices/virtual/input/input281
[  508.855743][T21118] input: failed to attach handler leds to device input281, error: -6
[  508.882641][T21120] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:931
[  508.947002][T21123] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27
[  508.957428][T21123] rust_binder: Error while translating object.
[  508.977274][T21123] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  509.007418][   T36] kauditd_printk_skb: 1010 callbacks suppressed
[  509.007436][   T36] audit: type=1400 audit(1750389393.280:109320): avc:  denied  { ioctl } for  pid=21122 comm="syz.5.6373" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  509.067682][T21123] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:690
[  509.123977][T21123] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  509.139729][T21123] rust_binder: Got transaction with invalid offset.
[  509.160283][   T36] audit: type=1400 audit(1750389393.340:109321): avc:  denied  { read write } for  pid=19637 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  509.205098][T21123] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  509.205131][T21123] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:690
[  509.215372][   T36] audit: type=1400 audit(1750389393.340:109322): avc:  denied  { read write open } for  pid=19637 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  509.302301][T21139] input: syz1 as /devices/virtual/input/input282
[  509.332707][   T36] audit: type=1400 audit(1750389393.340:109323): avc:  denied  { ioctl } for  pid=19637 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  509.361572][T21134] input: syz0 as /devices/virtual/input/input283
[  509.402045][T21145] audit: audit_backlog=65 > audit_backlog_limit=64
[  509.417542][T21145] audit: audit_lost=714 audit_rate_limit=0 audit_backlog_limit=64
[  509.421041][T17351] audit: audit_backlog=65 > audit_backlog_limit=64
[  509.426366][   T94] audit: audit_backlog=65 > audit_backlog_limit=64
[  509.437809][   T36] audit: type=1400 audit(1750389393.360:109324): avc:  denied  { ioctl } for  pid=21128 comm="syz.8.6376" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  509.442535][T21145] audit: backlog limit exceeded
[  509.613124][T21155] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  509.717553][T21159] kvm: kvm [21158]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010006) = 0xaf
[  509.748266][T21159] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:372
[  509.786093][T21175] rust_binder: Failed to allocate buffer. len:144, is_oneway:false
[  509.955595][T21182] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27
[  509.964047][T21182] rust_binder: Error while translating object.
[  509.976094][T21182] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  509.983358][T21182] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1059
[  510.005370][T21183] rust_binder: Write failure EFAULT in pid:703
[  510.178711][T21185] binder: Bad value for 'max'
[  510.362421][T21199] can0: slcan on ttyS3.
[  510.408102][T21199] can0 (unregistered): slcan off ttyS3.
[  510.463620][T21207] binder: Unknown parameter 'subj_role'
[  510.498541][T21207] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:956
[  510.568569][T21211] kvm: user requested TSC rate below hardware speed
[  510.607832][T21213] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:958
[  510.615385][T21211] kvm: user requested TSC rate below hardware speed
[  510.647289][T21215] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:958
[  510.670209][T21220] rust_binder: Write failure EFAULT in pid:1066
[  510.748154][T21223] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  510.787498][T21223] rust_binder: Write failure EINVAL in pid:963
[  510.880294][T21226] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  511.149822][T21232] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1069
[  511.151028][T21230] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1069
[  511.181340][T21238] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:393
[  511.304916][T21240] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  511.600050][T21245] rust_binder: Write failure EFAULT in pid:971
[  511.722327][T21250] input: syz0 as /devices/virtual/input/input285
[  511.906475][T21259] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4234274794 (67748396704 ns) > initial count (26801589552 ns). Using initial count to start timer.
[  512.048424][T21263] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1079
[  512.236330][T21272] rust_binder: Write failure EINVAL in pid:718
[  512.393910][T21286] rust_binder: Error while translating object.
[  512.401578][T21286] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  512.408145][T21286] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:720
[  512.408950][T21284] SELinux: security_context_str_to_sid (syste_u�Gй�:��) failed with errno=-22
[  512.474141][T21295] rust_binder: Write failure EINVAL in pid:725
[  512.680786][T21308] KVM: debugfs: duplicate directory 21308-6
[  512.715702][T21310] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  512.717303][T21310] rust_binder: Error in use_page_slow: ESRCH
[  512.757153][T21310] rust_binder: use_range failure ESRCH
[  512.777466][T21310] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false
[  512.796044][T21310] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  512.831072][T21310] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:411
[  513.026736][T21323] __vm_enough_memory: pid: 21323, comm: syz.5.6433, bytes: 9223372036854775808 not enough memory for the allocation
[  513.059225][T21329] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  513.155890][T21332] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:741
[  513.279222][T21329] rust_binder: Error in use_page_slow: ESRCH
[  513.309637][T21329] rust_binder: use_range failure ESRCH
[  513.360669][T21329] rust_binder: Failed to allocate buffer. len:128, is_oneway:false
[  513.376656][T21329] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  513.397435][T21329] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:413
[  513.515597][T21343] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  513.563417][T21344] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  513.788581][T21347] rust_binder: Write failure EFAULT in pid:746
[  514.018025][   T36] kauditd_printk_skb: 864 callbacks suppressed
[  514.018044][   T36] audit: type=1400 audit(1750389398.300:110170): avc:  denied  { ioctl } for  pid=21351 comm="syz.3.6444" path="/dev/binderfs/binder0" dev="binder" ino=140 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  514.090873][T21352] KVM: debugfs: duplicate directory 21352-9
[  514.145846][T21352] rust_binder: Error while translating object.
[  514.145873][T21352] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  514.164684][T21354] binder: Bad value for 'stats'
[  514.175838][   T36] audit: type=1400 audit(1750389398.340:110171): avc:  denied  { map } for  pid=21350 comm="syz.5.6443" path="/dev/binderfs/binder0" dev="binder" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  514.187495][T21352] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:749
[  514.211861][   T36] audit: type=1400 audit(1750389398.340:110172): avc:  denied  { read } for  pid=21350 comm="syz.5.6443" path="/dev/binderfs/binder0" dev="binder" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  514.260300][   T36] audit: type=1400 audit(1750389398.340:110173): avc:  denied  { read } for  pid=21350 comm="syz.5.6443" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  514.270738][T21354] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:419
[  514.321958][   T36] audit: type=1400 audit(1750389398.340:110174): avc:  denied  { read open } for  pid=21350 comm="syz.5.6443" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  514.344650][T21354] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:419
[  514.398917][T21360] input: syz1 as /devices/virtual/input/input287
[  514.416472][T21357] rust_binder: Error in use_page_slow: ESRCH
[  514.416492][T21357] rust_binder: use_range failure ESRCH
[  514.418313][   T36] audit: type=1400 audit(1750389398.340:110175): avc:  denied  { set_context_mgr } for  pid=21351 comm="syz.3.6444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  514.447815][T21357] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  514.448005][T21357] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  514.490960][T21365] audit: audit_backlog=65 > audit_backlog_limit=64
[  514.497489][T21357] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1104
[  514.500404][   T36] audit: type=1400 audit(1750389398.340:110176): avc:  denied  { read } for  pid=21351 comm="syz.3.6444" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  514.533051][T17351] audit: audit_backlog=65 > audit_backlog_limit=64
[  514.539749][T21365] audit: audit_lost=722 audit_rate_limit=0 audit_backlog_limit=64
[  514.739460][T21376] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1109
[  514.767882][T21374] rust_binder: Write failure EFAULT in pid:991
[  514.841690][T21378] rust_binder: Error in use_page_slow: ESRCH
[  514.841714][T21378] rust_binder: use_range failure ESRCH
[  514.849225][T21378] rust_binder: Failed to allocate buffer. len:40, is_oneway:false
[  514.864920][T21378] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  514.891439][T21378] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:423
[  514.918013][T21380] rust_binder: Error while translating object.
[  514.937315][T21380] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  514.955605][T21380] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1113
[  514.967712][T21383] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  515.131429][T21396] rust_binder: Failed copying remainder into alloc: EFAULT
[  515.131456][T21396] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT }
[  515.150521][T21396] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  515.159972][T21399] tap1: tun_chr_ioctl cmd 1074025678
[  515.187473][T21396] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1118
[  515.197078][T21399] tap1: group set to 0
[  515.228559][T21399] rust_binder: Write failure EFAULT in pid:997
[  515.264221][T21405] binder: Bad value for 'max'
[  515.497817][T21417] input: syz1 as /devices/virtual/input/input290
[  515.654179][T21426] random: crng reseeded on system resumption
[  516.145553][T21443] input: syz1 as /devices/virtual/input/input291
[  516.250800][T21447] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  516.261252][T21447] rust_binder: validate_parent_fixup: fixup_min_offset=46, parent_offset=27
[  516.261275][T21447] rust_binder: Error while translating object.
[  516.289449][T21447] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  516.295727][T21447] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:447
[  516.346797][T21450] kvm: kvm [21449]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010000) = 0x79a38c48ff000000
[  516.749112][T21463] rust_binder: Read failure Err(EFAULT) in pid:1010
[  517.014470][T21486] binder: Bad value for 'stats'
[  517.172567][T21496] rust_binder: Error in use_page_slow: ESRCH
[  517.172591][T21496] rust_binder: use_range failure ESRCH
[  517.184694][T21496] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  517.200371][T21496] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  517.219255][T21507] rust_binder: Write failure EFAULT in pid:1161
[  517.223108][T21496] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1018
[  517.259334][T21507] binder: Unknown parameter '�_���E0+�ֹ���H^c1%�a��oW���9��uA/��Qߓ��h�V����YG�M�)� }�b����̰�Z�#>�^~�M��(�V�K�Avؗ��H�h��m�i�ݶ�e�Ng�}TX�L�n'��YE�Nb;
G��Gg���6ija�������0*Bұ7	A�b�އ �J�#�'
[  517.287488][T21509] input: syz0 as /devices/virtual/input/input293
[  517.542427][T21521] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:768
[  517.563458][T21521] kvm: user requested TSC rate below hardware speed
[  517.565380][T21522] rust_binder: Write failure EINVAL in pid:466
[  517.575837][T21525] SELinux:  Context system_u: is not valid (left unmapped).
[  517.604905][T21526] rust_binder: Write failure EFAULT in pid:1165
[  517.695186][T21527] rust_binder: Write failure EINVAL in pid:768
[  517.697537][T21525] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  517.727214][T21525] rust_binder: Write failure EINVAL in pid:1026
[  517.841689][T21536] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1031
[  517.869276][T21536] rust_binder: Error while translating object.
[  517.881196][T21543] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3
[  517.888169][T21536] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  517.894791][T21536] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1031
[  517.913581][T21543] rust_binder: Write failure EINVAL in pid:473
[  518.040954][T21549] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89)
[  518.047146][T21549] rust_binder: Error while translating object.
[  518.052603][T21551] random: crng reseeded on system resumption
[  518.059808][T21549] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  518.080374][T21549] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1033
[  518.181645][T21559] rust_binder: Write failure EFAULT in pid:483
[  518.199968][T21557] kvm: user requested TSC rate below hardware speed
[  518.276598][T21564] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1035
[  518.283592][T21566] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:488
[  518.381195][T21568] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  518.412671][T21568] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  518.430014][T21568] rust_binder: Read failure Err(EFAULT) in pid:490
[  518.487838][T21568] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:490
[  518.846036][T21601] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  518.871697][T21601] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  518.946673][T21603] SELinux: security_context_str_to_sid (syste_u�Gй�:��) failed with errno=-22
[  519.069490][   T36] kauditd_printk_skb: 1170 callbacks suppressed
[  519.069507][   T36] audit: type=1400 audit(1750389403.350:111341): avc:  denied  { read } for  pid=21606 comm="syz.3.6526" name="binder0" dev="binder" ino=146 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  519.127054][   T36] audit: type=1400 audit(1750389403.350:111342): avc:  denied  { read open } for  pid=21606 comm="syz.3.6526" path="/dev/binderfs/binder0" dev="binder" ino=146 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  519.152362][   T36] audit: type=1400 audit(1750389403.350:111343): avc:  denied  { ioctl } for  pid=21606 comm="syz.3.6526" path="/dev/binderfs/binder0" dev="binder" ino=146 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  519.178166][   T36] audit: type=1400 audit(1750389403.350:111344): avc:  denied  { set_context_mgr } for  pid=21606 comm="syz.3.6526" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  519.198775][   T36] audit: type=1400 audit(1750389403.350:111345): avc:  denied  { map } for  pid=21606 comm="syz.3.6526" path="/dev/binderfs/binder0" dev="binder" ino=146 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  519.250229][   T36] audit: type=1400 audit(1750389403.350:111346): avc:  denied  { read } for  pid=21606 comm="syz.3.6526" path="/dev/binderfs/binder0" dev="binder" ino=146 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  519.274576][   T36] audit: type=1400 audit(1750389403.350:111347): avc:  denied  { read } for  pid=21606 comm="syz.3.6526" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  519.297724][   T36] audit: type=1400 audit(1750389403.350:111348): avc:  denied  { read open } for  pid=21606 comm="syz.3.6526" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  519.333943][   T36] audit: type=1400 audit(1750389403.350:111349): avc:  denied  { ioctl } for  pid=21606 comm="syz.3.6526" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  519.358891][   T36] audit: type=1400 audit(1750389403.470:111350): avc:  denied  { read write } for  pid=18235 comm="syz-executor" name="loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  519.705237][T21621] rust_binder: Write failure EFAULT in pid:1186
[  519.755204][T21622] rust_binder: inc_ref_done called when no active inc_refs
[  519.774450][T21622] rust_binder: Write failure EINVAL in pid:503
[  519.799041][T21622] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585)
[  519.811343][T21622] rust_binder: Error while translating object.
[  519.837450][T21622] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  519.867415][T21622] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:503
[  519.886495][T21633] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1
[  519.961792][T21633] rust_binder: Write failure EINVAL in pid:1053
[  520.243473][T21660] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  520.270146][T21664] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  520.276638][T21664] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:510
[  520.291583][T21665] rust_binder: Write failure EFAULT in pid:1192
[  520.373018][T21674] binder: Bad value for 'defcontext'
[  520.448222][T21672] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false
[  520.448248][T21672] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  520.491080][T21672] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:801
[  520.570994][T21688] binder: Unknown parameter 'contextstate'
[  520.738476][T21701] input: syz1 as /devices/virtual/input/input294
[  521.338697][T21727] can0: slcan on ttyS3.
[  521.401920][T21725] can0 (unregistered): slcan off ttyS3.
[  521.497714][T21738] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 178)
[  521.497738][T21738] rust_binder: Error while translating object.
[  521.525831][T21738] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  521.546443][T21738] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:531
[  521.794357][T21744] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY
[  521.815793][T21749] binder: Bad value for 'max'
[  521.837431][T21744] rust_binder: Error in use_page_slow: EBUSY
[  521.837453][T21744] rust_binder: use_range failure EBUSY
[  521.843459][T21744] rust_binder: Failed to allocate buffer. len:8, is_oneway:true
[  521.865817][T21744] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY }
[  521.877119][T21753] rust_binder: Write failure EFAULT in pid:814
[  521.883737][T21744] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender.
[  521.912589][T21744] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:534
[  521.949002][T21755] SELinux: security_context_str_to_sid () failed with errno=-22
[  522.211526][T21767] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  522.378911][T21776] rust_binder: Write failure EINVAL in pid:828
[  522.437176][T21774] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  522.453557][T21777] rust_binder: Failed to allocate buffer. len:144, is_oneway:false
[  522.728152][T21788] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:832
[  522.759399][T21788] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  522.776317][T21788] rust_binder: Read failure Err(EFAULT) in pid:832
[  522.880129][T21799] SELinux: security_context_str_to_sid (sytem_u�Gй) failed with errno=-22
[  523.201798][T21810] binder: Unknown parameter '00000000000000000004000000000000000000000040x0000000000000007'
[  523.528411][T21823] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  523.718577][T21821] binder: Unknown parameter 'max5000000000000000000000'
[  523.800511][T21835] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  523.833709][T21836] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1
[  523.841626][T21835] SELinux: failed to load policy
[  523.846953][T21821] SELinux:  policydb version 905587468 does not match my version range 15-33
[  523.872258][T21836] rust_binder: Write failure EINVAL in pid:1123
[  523.919527][T21821] SELinux: failed to load policy
[  523.941395][T21845] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  524.078222][   T36] kauditd_printk_skb: 957 callbacks suppressed
[  524.078241][   T36] audit: type=1400 audit(1750389408.360:112308): avc:  denied  { read write } for  pid=21849 comm="syz.9.6601" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  524.161280][   T36] audit: type=1400 audit(1750389408.360:112309): avc:  denied  { read open } for  pid=21849 comm="syz.9.6601" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  524.214671][   T36] audit: type=1400 audit(1750389408.360:112310): avc:  denied  { ioctl } for  pid=21847 comm="syz.3.6602" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  524.289127][   T36] audit: type=1400 audit(1750389408.380:112311): avc:  denied  { write } for  pid=21847 comm="syz.3.6602" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  524.313994][   T36] audit: type=1400 audit(1750389408.380:112312): avc:  denied  { write open } for  pid=21847 comm="syz.3.6602" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  524.350182][   T36] audit: type=1400 audit(1750389408.380:112313): avc:  denied  { ioctl } for  pid=21847 comm="syz.3.6602" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  524.390187][   T36] audit: type=1400 audit(1750389408.380:112314): avc:  denied  { read } for  pid=21847 comm="syz.3.6602" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  524.437227][   T36] audit: type=1400 audit(1750389408.380:112315): avc:  denied  { read open } for  pid=21847 comm="syz.3.6602" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  524.511625][   T36] audit: type=1400 audit(1750389408.380:112316): avc:  denied  { ioctl } for  pid=21847 comm="syz.3.6602" path="/dev/kvm" dev="devtmpfs" ino=13 ioctlcmd=0xae04 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  524.563297][   T36] audit: type=1400 audit(1750389408.380:112317): avc:  denied  { read } for  pid=21847 comm="syz.3.6602" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  524.659862][T21870] binder: Unknown parameter ''
[  524.819923][T21870] SELinux: failed to load policy
[  524.896352][T21878] rust_binder: Error while translating object.
[  524.896394][T21878] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  524.921702][T21878] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:556
[  525.118900][T21885] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1131
[  525.129755][T21888] input: syz1 as /devices/virtual/input/input296
[  525.147090][T21890] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  525.149270][T21885] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  525.156028][T21885] rust_binder: Read failure Err(EFAULT) in pid:1131
[  525.161431][T21890] rust_binder: Write failure EFAULT in pid:1232
[  525.186206][T21888] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  525.241030][T21888] rust_binder: Write failure EFAULT in pid:560
[  525.264856][T21894] SELinux: security_context_str_to_sid (syste_u�Gй�:��) failed with errno=-22
[  525.321755][T21899] rust_binder: Write failure EINVAL in pid:1133
[  525.330985][T21899] rust_binder: inc_ref_done called when no active inc_refs
[  525.337328][T21899] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1133
[  525.577261][T21910] random: crng reseeded on system resumption
[  525.634569][T21912] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:875
[  525.641190][T21912] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:875
[  525.699654][T21917] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1138
[  525.729596][T21917] rust_binder: Read failure Err(EFAULT) in pid:1138
[  525.773906][T21920] rust_binder: Write failure EINVAL in pid:1237
[  525.796334][T21920] rust_binder: Write failure EINVAL in pid:1237
[  525.864962][T21922] binder: Bad value for 'defcontext'
[  525.874009][T21924] SELinux: failed to load policy
[  526.023488][T21928] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:882
[  526.357313][  T417] hid-generic 0000:0000:0000.0026: unknown main item tag 0x0
[  526.407592][  T417] hid-generic 0000:0000:0000.0026: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  526.481510][T21959] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  526.481748][T21959] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  526.501904][T21958] rust_binder: Error in use_page_slow: ESRCH
[  526.501925][T21958] rust_binder: use_range failure ESRCH
[  526.509612][T21959] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  526.510331][T21958] rust_binder: Failed to allocate buffer. len:40, is_oneway:false
[  526.515504][T21959] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  526.524651][T21958] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  526.546776][T21958] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1151
[  526.632411][T21959] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  526.710907][T21963] fido_id[21963]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  526.754697][T21972] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  526.754729][T21972] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:579
[  526.766692][T21974] rust_binder: Error while translating object.
[  526.790398][T21974] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  526.802105][T21974] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1157
[  526.847664][T21977] binder: Unknown parameter 'context'
[  527.071466][T21990] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  527.130810][T21998] rust_binder: Write failure EINVAL in pid:587
[  527.131213][T21998] SELinux: failed to load policy
[  527.148309][T22000] rust_binder: Write failure EINVAL in pid:587
[  527.409434][T22016] rust_binder: Write failure EINVAL in pid:1171
[  527.418879][T22012] kvm: user requested TSC rate below hardware speed
[  527.473686][T22012] rust_binder: Write failure EINVAL in pid:1257
[  527.580089][T22024] binder: Bad value for 'stats'
[  527.628885][T22022] input: syz1 as /devices/virtual/input/input297
[  527.750603][T22022] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3387457228 (6774914456 ns) > initial count (1018374228 ns). Using initial count to start timer.
[  527.806685][T22034] rust_binder: Error while translating object.
[  527.806710][T22034] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  527.828362][T22034] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1173
[  527.857021][T22036] SELinux:  policydb version -530467710 does not match my version range 15-33
[  527.900575][T22036] SELinux: failed to load policy
[  527.909317][T22039] rust_binder: Error while translating object.
[  527.909347][T22039] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  527.919059][T22040] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:601
[  527.921448][T22039] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:902
[  527.973703][T22040] rust_binder: Read failure Err(EFAULT) in pid:601
[  528.075884][T22044] rust_binder: Error while translating object.
[  528.089886][T22044] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  528.096092][T22044] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:905
[  528.220146][T22052] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  528.238436][T22055] SELinux: security_context_str_to_sid (syste_u�Gй�:��) failed with errno=-22
[  528.250145][T22053] SELinux:  truncated policydb string identifier
[  528.280365][T22060] rust_binder: Error while translating object.
[  528.280405][T22060] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM }
[  528.280657][T22053] SELinux: failed to load policy
[  528.310565][T22060] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:908
[  528.329564][T22058] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  528.357770][T22058] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1179
[  528.379230][T22058] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  528.397462][T22058] rust_binder: Read failure Err(EFAULT) in pid:1179
[  528.626492][T22076] SELinux: security_context_str_to_sid (syste_u�Gй�:��) failed with errno=-22
[  528.736543][T22087] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3
[  528.745123][T22087] rust_binder: Write failure EINVAL in pid:610
[  528.778065][T22082] binder: Unknown parameter '
W�xO8�z�b���#
[  528.778065][T22082] �!#v^M�Ì}P-��/1Ɯ4��ǝY�t��~�Y�+�����������'
[  528.839810][T22094] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  528.857494][T22091] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1
[  528.876894][T22091] rust_binder: Write failure EINVAL in pid:614
[  528.977533][T22097] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  529.023385][T22103] binder: Bad value for 'max'
[  529.049741][T22102] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:922
[  529.050198][T22102] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:922
[  529.082053][T22106] rust_binder: Write failure EFAULT in pid:1183
[  529.097610][   T36] kauditd_printk_skb: 1214 callbacks suppressed
[  529.097627][   T36] audit: type=1400 audit(1750389413.380:113532): avc:  denied  { read } for  pid=22107 comm="syz.3.6684" name="binder1" dev="binder" ino=147 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  529.136890][   T36] audit: type=1400 audit(1750389413.380:113533): avc:  denied  { read open } for  pid=22107 comm="syz.3.6684" path="/dev/binderfs/binder1" dev="binder" ino=147 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  529.186919][T22112] binder: Bad value for 'max'
[  529.217873][   T36] audit: type=1400 audit(1750389413.380:113534): avc:  denied  { read } for  pid=22107 comm="syz.3.6684" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  529.266480][T22115] audit: audit_backlog=65 > audit_backlog_limit=64
[  529.268970][T22118] audit: audit_backlog=65 > audit_backlog_limit=64
[  529.278347][T22119] audit: audit_backlog=65 > audit_backlog_limit=64
[  529.293295][T22115] audit: audit_lost=725 audit_rate_limit=0 audit_backlog_limit=64
[  529.297474][   T36] audit: type=1400 audit(1750389413.380:113535): avc:  denied  { read open } for  pid=22107 comm="syz.3.6684" path="/dev/kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  529.303470][T22119] audit: audit_lost=726 audit_rate_limit=0 audit_backlog_limit=64
[  529.326665][T22118] audit: audit_lost=727 audit_rate_limit=0 audit_backlog_limit=64
[  529.513840][T22122] rust_binder: Write failure EINVAL in pid:623
[  529.522675][T22125] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  529.632997][T22130] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:932
[  530.198341][T22146] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1285
[  530.268563][T22152] SELinux: failed to load policy
[  530.418315][T22158] input: syz1 as /devices/virtual/input/input300
[  530.464489][T22164] rtc_cmos 00:00: Alarms can be up to one day in the future
[  530.491755][T22162] rtc_cmos 00:00: Alarms can be up to one day in the future
[  530.654455][T22178] rust_binder: Write failure EINVAL in pid:1205
[  530.736814][T22184] rust_binder: Read failure Err(EAGAIN) in pid:947
[  530.838021][T22189] rust_binder: inc_ref_done called when no active inc_refs
[  530.857801][ T4414] rtc_cmos 00:00: Alarms can be up to one day in the future
[  530.907175][ T4414] rtc_cmos 00:00: Alarms can be up to one day in the future
[  530.934463][ T4414] rtc_cmos 00:00: Alarms can be up to one day in the future
[  530.957982][ T4414] rtc_cmos 00:00: Alarms can be up to one day in the future
[  530.984620][ T4414] rtc rtc0: __rtc_set_alarm: err=-22
[  531.070063][T22204] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  531.100972][T22207] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  531.104034][T22204] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  531.127472][T22204] rust_binder: Read failure Err(EFAULT) in pid:1301
[  531.162307][T22207] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  531.185182][T22207] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:643
[  531.285787][T22218] binder: Unknown parameter 'tats'
[  531.301346][T22218] rust_binder: Write failure EINVAL in pid:952
[  531.484095][T22228] SELinux:  policydb string  does not match my string SE Linux
[  531.499836][T22228] SELinux: failed to load policy
[  531.505817][T22229] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:954
[  531.839107][T22246] rust_binder: Write failure EFAULT in pid:658
[  531.989249][T22253] rust_binder: Read failure Err(EAGAIN) in pid:963
[  531.989804][T22255] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585)
[  532.002022][T22255] rust_binder: Error while translating object.
[  532.015772][T22255] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  532.025433][T22253] rust_binder: Failed to allocate buffer. len:40, is_oneway:false
[  532.049492][T22255] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1221
[  532.065159][T22253] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:963
[  532.147050][T22260] binder: Unknown parameter 'nXI'
[  532.148846][T22259] rust_binder: Write failure EFAULT in pid:665
[  532.722599][T22296] rust_binder: Write failure EINVAL in pid:1230
[  532.866825][T22306] __vm_enough_memory: pid: 22306, comm: syz.3.6752, bytes: 281474976845824 not enough memory for the allocation
[  532.891737][T22305] __vm_enough_memory: pid: 22305, comm: syz.3.6752, bytes: 281474976845824 not enough memory for the allocation
[  532.909358][T22311] input: syz1 as /devices/virtual/input/input301
[  532.916186][T22311] input: failed to attach handler leds to device input301, error: -6
[  532.934852][T22311] binder: Unknown parameter '�z���[�nUW���;����3%�+�aS?�^B�.A�a��`�v�^ߍ�b����0��b�j��j�{IX�f��Ubz�����d�<lj�B6rm��~����r��M��`Z��nD�ސ0>okY���i�H������VV7�'
[  532.959703][T22298] rust_binder: Error while translating object.
[  532.959746][T22298] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  532.965939][T22298] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:981
[  533.099610][T22315] rust_binder: Error while translating object.
[  533.130239][T22315] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  533.131014][T22315] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:1314
[  533.138796][T22322] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  533.168361][T22322] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  533.170214][T22324] random: crng reseeded on system resumption
[  533.238731][T22324] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  533.370465][T22338] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  533.379845][T22338] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 128, size: 18446744073709551585)
[  533.397408][T22338] rust_binder: Error while translating object.
[  533.429021][T22338] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  533.447797][T22338] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1321
[  533.519621][T22345] binder: Unknown parameter 'appraise_type'
[  533.676131][T22351] kvm_intel: kvm [22347]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x3
[  533.998700][T22359] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27
[  533.998723][T22359] rust_binder: Error while translating object.
[  534.010802][T22359] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  534.021033][T22359] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1252
[  534.102808][T22365] binder: Unknown parameter 'm���ax'
[  534.119323][   T36] kauditd_printk_skb: 1467 callbacks suppressed
[  534.119340][   T36] audit: type=1400 audit(1750389418.400:114805): avc:  denied  { write } for  pid=22367 comm="syz.3.6773" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  534.194402][   T36] audit: type=1400 audit(1750389418.430:114806): avc:  denied  { read write } for  pid=18235 comm="syz-executor" name="loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  534.219256][T22368] rust_binder: Write failure EINVAL in pid:682
[  534.219596][T22368] rust_binder: Write failure EINVAL in pid:682
[  534.248164][   T36] audit: type=1400 audit(1750389418.430:114807): avc:  denied  { read write open } for  pid=18235 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  534.310032][   T36] audit: type=1400 audit(1750389418.430:114808): avc:  denied  { ioctl } for  pid=18235 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  534.373434][T22371] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  534.391053][   T36] audit: type=1400 audit(1750389418.440:114809): avc:  denied  { write open } for  pid=22367 comm="syz.3.6773" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  534.448782][T22371] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27
[  534.448805][T22371] rust_binder: Error while translating object.
[  534.461134][T22380] rust_binder: Write failure EFAULT in pid:684
[  534.473201][T22377] audit: audit_backlog=65 > audit_backlog_limit=64
[  534.473526][T22380] audit: audit_backlog=65 > audit_backlog_limit=64
[  534.492239][T22377] audit: audit_lost=793 audit_rate_limit=0 audit_backlog_limit=64
[  534.497642][   T36] audit: type=1400 audit(1750389418.440:114810): avc:  denied  { ioctl } for  pid=22367 comm="syz.3.6773" path="/dev/rnullb0" dev="devtmpfs" ino=31 ioctlcmd=0x70ca scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  534.501835][T22371] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  534.536952][T22377] audit: backlog limit exceeded
[  534.568172][T22377] binder: Unknown parameter '0x0000000000000003'
[  534.576025][T22371] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1000
[  534.637175][T22386] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  534.751877][T22395] rust_binder: Write failure EFAULT in pid:1260
[  535.098241][T22414] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  535.145644][T22414] rust_binder: Error while translating object.
[  535.174802][T22414] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT }
[  535.207589][T22414] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1009
[  535.233360][T22419] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:696
[  535.383915][T22422] binder: Bad value for 'max'
[  535.538980][T22429] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false
[  535.584357][T22426] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  535.603641][T22427] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  535.717839][T22440] rust_binder: Error while translating object.
[  535.724318][T22440] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  535.741689][T22440] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:705
[  535.840734][T22452] binder: Unknown parameter 'statsNglo'
[  535.899775][T22446] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1011
[  536.055109][T22466] rtc_cmos 00:00: Alarms can be up to one day in the future
[  536.080063][T22466] binder: Unknown parameter '0000000000000000000300000000000000000003'
[  536.118634][T22465] rtc_cmos 00:00: Alarms can be up to one day in the future
[  536.248958][T22469] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  536.774333][T22485] binder: Bad value for 'stats'
[  536.793158][T22484] binder: Bad value for 'stats'
[  536.855685][   T31] rtc_cmos 00:00: Alarms can be up to one day in the future
[  536.864037][   T31] rtc_cmos 00:00: Alarms can be up to one day in the future
[  536.875609][   T31] rtc_cmos 00:00: Alarms can be up to one day in the future
[  536.888796][   T31] rtc_cmos 00:00: Alarms can be up to one day in the future
[  536.908372][T22496] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1019
[  536.911617][T22496] rust_binder: Error while translating object.
[  536.920981][   T31] rtc rtc0: __rtc_set_alarm: err=-22
[  536.942300][T22496] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  536.942334][T22496] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1019
[  537.054416][T22504] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1282
[  537.172006][T22511] binder: Bad value for 'stats'
[  537.268656][T22512] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  537.397885][T22525] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1030
[  537.447710][T22528] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1288
[  537.502172][T22532] rust_binder: Write failure EINVAL in pid:1376
[  537.713918][T22546] binder: Unknown parameter 'sy"te'
[  537.747907][T22537] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  537.859580][T22551] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  537.861187][T22551] rust_binder: Write failure EINVAL in pid:1385
[  537.893427][T22555] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION already set
[  537.909537][T22555] rust_binder: Write failure EINVAL in pid:1037
[  538.005611][T22565] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1298
[  538.235335][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.253065][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.261149][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.269084][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.276606][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.285109][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.292932][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.301780][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.310066][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.318142][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.325780][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.335352][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.343158][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.350685][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.358179][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.365697][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.373177][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.380745][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.388211][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.395716][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.403189][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.410701][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.418173][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.425676][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.433148][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.440696][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.448155][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.455656][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.463135][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.470648][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.478109][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.485622][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.493108][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.500892][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.508370][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.515880][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.524205][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.532586][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.540106][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.550804][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.558353][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.565852][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.573337][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.581169][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.588635][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.596025][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.603474][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.610878][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.618289][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.625672][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.633084][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.640487][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.647935][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.655371][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.662809][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.670343][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.679109][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.686608][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.694173][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.701698][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.709249][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.716763][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.724328][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.731867][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.739448][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.746890][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.754321][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.761750][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.769152][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.776536][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.783937][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.791344][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.798757][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.806159][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.813592][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.821012][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.828434][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.835847][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.843258][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.850709][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.858144][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.865526][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.872930][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.880344][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.887778][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.895180][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.902614][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.910045][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.918013][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.925428][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.935668][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.943670][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.951712][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.961321][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.965469][T22589] binder: Unknown parameter '0177777777777777777777700000000000000000000'
[  538.969480][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.984768][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.992319][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  538.999797][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.007218][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.014638][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.022519][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.030529][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.038971][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.046424][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.054541][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.063066][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.071044][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.079231][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.086675][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.097757][T22592] SELinux: security_context_str_to_sid (system_u) failed with errno=-22
[  539.103305][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.117289][T22593] input: syz0 as /devices/virtual/input/input305
[  539.123727][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.133444][   T36] kauditd_printk_skb: 975 callbacks suppressed
[  539.133459][   T36] audit: type=1400 audit(1750389423.420:115784): avc:  denied  { read } for  pid=94 comm="acpid" name="event3" dev="devtmpfs" ino=653 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  539.135034][T22593] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  539.162662][   T36] audit: type=1400 audit(1750389423.420:115785): avc:  denied  { map } for  pid=22591 comm="syz.5.6844" path="/dev/binderfs/binder1" dev="binder" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  539.196367][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.204800][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.212420][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.220814][T22593] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1045
[  539.220853][T22593] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  539.230112][T22593] rust_binder: Read failure Err(EFAULT) in pid:1045
[  539.230453][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.253423][   T36] audit: type=1400 audit(1750389423.420:115786): avc:  denied  { read } for  pid=22591 comm="syz.5.6844" path="/dev/binderfs/binder1" dev="binder" ino=166 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  539.277773][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.285251][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.292748][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.300786][   T36] audit: type=1400 audit(1750389423.420:115787): avc:  denied  { ioctl } for  pid=22591 comm="syz.5.6844" path="/dev/binderfs/binder1" dev="binder" ino=166 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  539.329570][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.337967][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.345529][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.353019][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.377693][   T36] audit: type=1400 audit(1750389423.420:115788): avc:  denied  { call } for  pid=22591 comm="syz.5.6844" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  539.380609][T22607] audit: audit_backlog=65 > audit_backlog_limit=64
[  539.400148][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.409445][T22603] audit: audit_backlog=65 > audit_backlog_limit=64
[  539.412538][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.419154][T22610] audit: audit_backlog=65 > audit_backlog_limit=64
[  539.424727][   T36] audit: type=1400 audit(1750389423.450:115789): avc:  denied  { read open } for  pid=94 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=653 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  539.431271][T22603] audit: audit_lost=795 audit_rate_limit=0 audit_backlog_limit=64
[  539.456371][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.471107][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.480308][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.488440][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.513599][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.524966][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.532482][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.539911][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.547417][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.555252][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.562761][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.570965][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.578467][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.585868][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.593334][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.609548][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.616988][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.625945][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.640828][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.649360][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.656808][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.664226][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.671664][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.679546][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.687000][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.695409][   T31] hid-generic 0008:FD99:0008.0027: unknown main item tag 0x0
[  539.704636][   T31] hid-generic 0008:FD99:0008.0027: hidraw0: <UNKNOWN> HID v0.02 Device [syz0] on syz0
[  539.732610][T22616] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  539.732643][T22616] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:744
[  539.948750][T22624] kvm: Disabled LAPIC found during irq injection
[  540.187643][T22640] binder: Unknown parameter ''
[  540.305583][T22644] fido_id[22644]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  540.383251][T22649] rust_binder: Write failure EINVAL in pid:1325
[  540.473697][T22655] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1414
[  540.482030][T22653] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  540.501937][T22655] rust_binder: Read failure Err(EFAULT) in pid:1414
[  540.518612][T22658] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1050
[  540.526425][T22653] input: syz1 as /devices/virtual/input/input306
[  540.678007][T22653] rust_binder: Write failure EFAULT in pid:1327
[  540.744303][T22664] rust_binder: Write failure EINVAL in pid:1418
[  540.763389][T22663] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  540.791992][T22663] rust_binder: Read failure Err(EFAULT) in pid:1053
[  540.896816][T22672] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  540.922473][T22672] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1420
[  540.949465][T22671] rust_binder: Write failure EFAULT in pid:761
[  540.997402][T22669] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1420
[  541.010641][T22678] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  541.036743][T22678] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1056
[  541.430099][T22693] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0
[  541.430127][T22693] rust_binder: Error while translating object.
[  541.450711][T22693] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  541.458923][T22693] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:767
[  541.540747][T22701] rust_binder: Write failure EFAULT in pid:1429
[  541.562182][T22699] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  541.588951][T22702] rust_binder: Write failure EINVAL in pid:771
[  541.730289][T22710] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  541.808152][T22709] SELinux:  policydb version 971394425 does not match my version range 15-33
[  541.842547][T22716] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  541.851520][T22709] SELinux: failed to load policy
[  541.863915][T22709] rust_binder: Error in use_page_slow: ESRCH
[  541.863936][T22709] rust_binder: use_range failure ESRCH
[  541.886698][T22709] rust_binder: Failed to allocate buffer. len:160, is_oneway:false
[  541.892856][T22709] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  541.901627][T22709] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:775
[  542.558752][T22757] tun1: tun_chr_ioctl cmd 1074025675
[  542.585586][T22751] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  542.597474][T22757] tun1: persist enabled
[  542.607433][T22756] tun1: tun_chr_ioctl cmd 1074025675
[  542.625614][T22757] rust_binder: Write failure EFAULT in pid:1448
[  542.625696][T22756] tun1: persist enabled
[  542.737443][T22771] rust_binder: Got transaction with invalid offset.
[  542.737483][T22771] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  542.745697][T22770] SELinux: security policydb version 17 (MLS) not backwards compatible
[  542.776586][T22771] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1452
[  542.798025][T22770] SELinux: failed to load policy
[  542.835328][T22777] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  542.954651][T22784] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0
[  542.954672][T22784] rust_binder: Error while translating object.
[  542.977559][T22784] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  542.989390][T22784] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:796
[  543.008099][T22787] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  543.030945][T22787] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1457
[  543.087277][T22794] rust_binder: Write failure EFAULT in pid:1069
[  543.150148][T22797] input: syz1 as /devices/virtual/input/input309
[  543.204661][T22797] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  543.255398][T22802] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  543.282473][T22803] binder: Bad value for 'max'
[  543.286196][T22802] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  543.360753][T22808] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  543.475534][T22814] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1360
[  543.475573][T22814] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  543.499023][T22813] rust_binder: Failed to allocate buffer. len:16, is_oneway:false
[  543.525040][T22814] rust_binder: Read failure Err(EFAULT) in pid:1360
[  543.595919][T22817] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 120, limit: 136, size: 89)
[  543.599401][T22819] rust_binder: Write failure EFAULT in pid:1467
[  543.619277][T22817] rust_binder: Error while translating object.
[  543.637429][T22817] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  543.662506][T22817] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:804
[  543.699564][T22823] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0
[  543.729174][T22823] rust_binder: Error while translating object.
[  543.750569][T22823] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  543.784305][T22823] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1080
[  543.911162][T22835] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT }
[  543.964595][T22835] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:1469
[  543.988671][T22837] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  543.991213][T22835] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  544.001097][T22838] rust_binder: Write failure EINVAL in pid:1084
[  544.004500][T22835] rust_binder: Read failure Err(EFAULT) in pid:1469
[  544.137981][   T36] kauditd_printk_skb: 1370 callbacks suppressed
[  544.138000][   T36] audit: type=1400 audit(1750389428.420:117143): avc:  denied  { read } for  pid=22843 comm="syz.8.6931" name="binder0" dev="binder" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  544.183166][   T36] audit: type=1400 audit(1750389428.460:117144): avc:  denied  { read open } for  pid=22843 comm="syz.8.6931" path="/dev/binderfs/binder0" dev="binder" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  544.214495][   T36] audit: type=1400 audit(1750389428.460:117145): avc:  denied  { ioctl } for  pid=22843 comm="syz.8.6931" path="/dev/binderfs/binder0" dev="binder" ino=162 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  544.253440][T22844] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM }
[  544.253472][T22844] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:1473
[  544.293120][   T36] audit: type=1400 audit(1750389428.460:117146): avc:  denied  { set_context_mgr } for  pid=22843 comm="syz.8.6931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  544.328413][T22848] binder: Unknown parameter 'ma�'
[  544.336229][   T36] audit: type=1400 audit(1750389428.500:117147): avc:  denied  { read write } for  pid=17769 comm="syz-executor" name="loop9" dev="devtmpfs" ino=58 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  544.360816][   T36] audit: type=1400 audit(1750389428.500:117148): avc:  denied  { read write open } for  pid=17769 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=58 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  544.389237][   T36] audit: type=1400 audit(1750389428.500:117149): avc:  denied  { ioctl } for  pid=17769 comm="syz-executor" path="/dev/loop9" dev="devtmpfs" ino=58 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  544.415110][   T36] audit: type=1400 audit(1750389428.520:117150): avc:  denied  { read } for  pid=22845 comm="syz.9.6932" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  544.438016][   T36] audit: type=1400 audit(1750389428.520:117151): avc:  denied  { read open } for  pid=22845 comm="syz.9.6932" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  544.462526][   T36] audit: type=1400 audit(1750389428.520:117152): avc:  denied  { ioctl } for  pid=22845 comm="syz.9.6932" path="/dev/ashmem" dev="devtmpfs" ino=201 ioctlcmd=0x7703 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  544.797563][T22864] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  544.834717][T22864] random: crng reseeded on system resumption
[  545.068759][T22883] binder: Unknown parameter 'uid>00000000000000000000'
[  545.123186][T22887] input: syz1 as /devices/virtual/input/input311
[  545.271575][T22894] rust_binder: Write failure EFAULT in pid:1375
[  545.278142][T22896] rust_binder: Write failure EFAULT in pid:1375
[  545.298785][T22879] random: crng reseeded on system resumption
[  545.353138][T22904] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:822
[  545.544257][T22911] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  545.547106][T22911] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false
[  545.563076][T22911] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC }
[  545.571529][T22911] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1384
[  545.604456][T22916] input: syz0 as /devices/virtual/input/input313
[  545.690463][T22919] binder: Unknown parameter 'fscontext?}'
[  545.810586][T22925] rust_binder: Write failure EINVAL in pid:1487
[  545.823978][T22926] rust_binder: Error while translating object.
[  545.837568][T22926] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF }
[  545.844448][T22926] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:1117
[  546.020835][T22937] SELinux: failed to load policy
[  546.288079][T22958] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  546.294034][T22958] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1404
[  546.371142][T22967] SELinux:  policydb string  does not match my string SE Linux
[  546.418725][T22967] SELinux: failed to load policy
[  546.449565][T22967] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  546.455491][T22967] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  546.462919][T22967] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1406
[  546.507905][T22967] random: crng reseeded on system resumption
[  546.716230][T22989] input: syz0 as /devices/virtual/input/input314
[  546.812430][T22992] input: syz1 as /devices/virtual/input/input315
[  546.869929][T22996] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  547.080231][T23011] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  547.142858][T23018] input: syz0 as /devices/virtual/input/input316
[  547.163112][T23015] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL }
[  547.163143][T23015] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1509
[  547.341920][T23024] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:847
[  547.465582][T23030] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1140
[  547.666249][T23041] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  547.676841][T23041] rust_binder: Read failure Err(EFAULT) in pid:851
[  547.686217][T23042] rust_binder: BINDER_SET_CONTEXT_MGR already set
[  547.698097][T23041] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:851
[  547.746632][T23045] rust_binder: Write failure EINVAL in pid:1421
[  547.772603][T23044] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[  547.793094][T23044] SELinux: failed to load policy
[  548.161708][T23067] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1429
[  548.161751][T23067] rust_binder: Failure when writing BR_NOOP at beginning of buffer.
[  548.184824][T23067] rust_binder: Read failure Err(EFAULT) in pid:1429
[  548.482617][T23086] serio: Serial port ttynull
[  548.541215][T23080] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  548.677054][T23102] random: crng reseeded on system resumption
[  548.770620][T23106] __vm_enough_memory: pid: 23106, comm: syz.3.7013, bytes: 281474976845824 not enough memory for the allocation
[  548.798410][T23111] binder: Bad value for 'max'
[  548.867767][T23115] rust_binder: Error in use_page_slow: ESRCH
[  548.867788][T23115] rust_binder: use_range failure ESRCH
[  548.874052][T23115] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false
[  548.880296][T23115] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH }
[  548.888424][T23115] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1170
[  548.901484][T23115] ------------[ cut here ]------------
[  548.916112][T23115] WARNING: CPU: 1 PID: 23115 at mm/page_alloc.c:5157 __alloc_pages_noprof+0xe4/0x6c0
[  548.925599][T23115] Modules linked in:
[  548.929508][T23115] CPU: 1 UID: 0 PID: 23115 Comm: syz.5.7015 Not tainted 6.12.23-syzkaller-gf9fbc66f8444 #0 b8de21ba31122219d6c6778e419c74a11adc861d
[  548.943152][T23115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  548.953244][T23115] RIP: 0010:__alloc_pages_noprof+0xe4/0x6c0
[  548.959192][T23115] Code: 0f 1f 44 00 00 41 83 fd 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d a4 78 ee 05 00 0f 85 c4 00 00 00 c6 05 97 78 ee 05 01 <0f> 0b 31 c0 e9 b6 00 00 00 41 83 fd 0a 0f 87 aa 00 00 00 44 89 6c
[  548.978996][T23115] RSP: 0018:ffffc90007397680 EFLAGS: 00010246
[  548.985082][T23115] RAX: 0000000000000000 RBX: 1ffff92000e72ed4 RCX: 0000000000000000
[  548.993096][T23115] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90007397728
[  549.001118][T23115] RBP: ffffc900073977a8 R08: ffffc90007397727 R09: 0000000000000000
[  549.009142][T23115] R10: ffffc90007397710 R11: fffff52000e72ee5 R12: ffffc900073976c0
[  549.017213][T23115] R13: 000000000000000e R14: dffffc0000000000 R15: 0000000000000000
[  549.025217][T23115] FS:  00007f8f94ccb6c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  549.034181][T23115] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  549.040915][T23115] CR2: 00007f8f93fb7bac CR3: 0000000121cc2000 CR4: 00000000003526b0
[  549.048927][T23115] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000800
[  549.056901][T23115] DR3: 0000000100000001 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  549.064899][T23115] Call Trace:
[  549.068196][T23115]  <TASK>
[  549.071130][T23115]  ? __cfi___alloc_pages_noprof+0x10/0x10
[  549.076852][T23115]  ? __kasan_slab_alloc+0x73/0x90
[  549.081910][T23115]  ? hashtab_init+0xdb/0x1f0
[  549.086512][T23115]  ___kmalloc_large_node+0x9c/0x1d0
[  549.091732][T23115]  ? ebitmap_read+0x21d/0x990
[  549.096415][T23115]  ? hashtab_init+0xdb/0x1f0
[  549.101042][T23115]  __kmalloc_large_node_noprof+0x1e/0xe0
[  549.108709][T23115]  ? hashtab_init+0xdb/0x1f0
[  549.113305][T23115]  __kmalloc_noprof+0x26d/0x450
[  549.118188][T23115]  hashtab_init+0xdb/0x1f0
[  549.122612][T23115]  ? policydb_read+0x86f/0x28c0
[  549.127498][T23115]  symtab_init+0x44/0x70
[  549.131748][T23115]  policydb_read+0x8fe/0x28c0
[  549.136422][T23115]  ? kasan_save_alloc_info+0x40/0x50
[  549.141740][T23115]  ? __cfi_policydb_read+0x10/0x10
[  549.146863][T23115]  ? security_load_policy+0x128/0x12f0
[  549.152348][T23115]  security_load_policy+0x162/0x12f0
[  549.157684][T23115]  ? __kasan_check_write+0x18/0x20
[  549.162791][T23115]  ? _raw_spin_lock+0x8c/0x120
[  549.167579][T23115]  ? __cfi__raw_spin_lock+0x10/0x10
[  549.172799][T23115]  ? sel_write_load+0x226/0x5e0
[  549.177696][T23115]  ? vmalloc_noprof+0xfd/0x1d0
[  549.182467][T23115]  ? _raw_spin_unlock+0x45/0x60
[  549.187328][T23115]  ? __cfi_security_load_policy+0x10/0x10
[  549.193087][T23115]  ? __kasan_check_write+0x18/0x20
[  549.198223][T23115]  sel_write_load+0x298/0x5e0
[  549.202913][T23115]  ? futex_wait+0x288/0x540
[  549.207443][T23115]  ? __cfi_sel_write_load+0x10/0x10
[  549.212653][T23115]  ? __cfi_futex_wait+0x10/0x10
[  549.217538][T23115]  ? bpf_lsm_file_permission+0xd/0x20
[  549.222916][T23115]  ? __cfi_sel_write_load+0x10/0x10
[  549.228143][T23115]  vfs_write+0x3c0/0xe80
[  549.232397][T23115]  ? __cfi_vfs_write+0x10/0x10
[  549.237153][T23115]  ? __kasan_check_write+0x18/0x20
[  549.242304][T23115]  ? mutex_lock+0x92/0x1c0
[  549.246723][T23115]  ? __cfi_mutex_lock+0x10/0x10
[  549.251602][T23115]  ? __fget_files+0x2c5/0x340
[  549.256289][T23115]  ksys_write+0x141/0x250
[  549.260647][T23115]  ? __cfi_ksys_write+0x10/0x10
[  549.265500][T23115]  ? __kasan_check_write+0x18/0x20
[  549.270643][T23115]  ? fpregs_restore_userregs+0x11d/0x260
[  549.276287][T23115]  __x64_sys_write+0x7f/0x90
[  549.280915][T23115]  x64_sys_call+0x271c/0x2ee0
[  549.285596][T23115]  do_syscall_64+0x58/0xf0
[  549.290037][T23115]  ? clear_bhb_loop+0x35/0x90
[  549.294717][T23115]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  549.300645][T23115] RIP: 0033:0x7f8f93d8e929
[  549.305062][T23115] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  549.324706][T23115] RSP: 002b:00007f8f94ccb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  549.333148][T23115] RAX: ffffffffffffffda RBX: 00007f8f93fb5fa0 RCX: 00007f8f93d8e929
[  549.341166][T23115] RDX: 0000000000002000 RSI: 0000200000000000 RDI: 0000000000000003
[  549.349168][T23115] RBP: 00007f8f93e10b39 R08: 0000000000000000 R09: 0000000000000000
[  549.357145][T23115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  549.365173][T23115] R13: 0000000000000000 R14: 00007f8f93fb5fa0 R15: 00007ffdd39f2838
[  549.373198][T23115]  </TASK>
[  549.376208][T23115] ---[ end trace 0000000000000000 ]---
[  549.381763][T23115] SELinux: failed to load policy
[  549.419462][   T36] kauditd_printk_skb: 1092 callbacks suppressed
[  549.419500][   T36] audit: type=1400 audit(1750389433.700:118245): avc:  denied  { read write } for  pid=19637 comm="syz-executor" name="loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  549.451394][   T36] audit: type=1400 audit(1750389433.700:118246): avc:  denied  { read write open } for  pid=19637 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  549.476670][   T36] audit: type=1400 audit(1750389433.700:118247): avc:  denied  { ioctl } for  pid=19637 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=52 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  549.524308][   T36] audit: type=1400 audit(1750389433.730:118248): avc:  denied  { read write } for  pid=17351 comm="syz-executor" name="loop8" dev="devtmpfs" ino=57 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  549.548757][   T36] audit: type=1400 audit(1750389433.730:118249): avc:  denied  { read write open } for  pid=17351 comm="syz-executor" path="/dev/loop8" dev="devtmpfs" ino=57 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  549.574016][   T36] audit: type=1400 audit(1750389433.730:118250): avc:  denied  { ioctl } for  pid=17351 comm="syz-executor" path="/dev/loop8" dev="devtmpfs" ino=57 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  549.600404][   T36] audit: type=1400 audit(1750389433.790:118251): avc:  denied  { read write } for  pid=18235 comm="syz-executor" name="loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  549.624827][   T36] audit: type=1400 audit(1750389433.790:118252): avc:  denied  { read write open } for  pid=18235 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  549.650297][   T36] audit: type=1400 audit(1750389433.790:118253): avc:  denied  { ioctl } for  pid=18235 comm="syz-executor" path="/dev/loop5" dev="devtmpfs" ino=54 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  549.695208][   T36] audit: type=1400 audit(1750389433.970:118254): avc:  denied  { read write } for  pid=17769 comm="syz-executor" name="loop9" dev="devtmpfs" ino=58 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1