Warning: Permanently added '10.128.0.34' (ED25519) to the list of known hosts.
2025/06/19 15:20:22 ignoring optional flag "sandboxArg"="0"
2025/06/19 15:20:23 parsed 1 programs
[   54.619079][   T36] audit: type=1400 audit(1750346424.860:106): avc:  denied  { unlink } for  pid=390 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   54.682486][  T390] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   55.885760][   T36] audit: type=1400 audit(1750346426.120:107): avc:  denied  { create } for  pid=411 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   56.084699][   T36] audit: type=1401 audit(1750346426.320:108): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[   56.418712][  T440] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.426047][  T440] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.433201][  T440] bridge_slave_0: entered allmulticast mode
[   56.439961][  T440] bridge_slave_0: entered promiscuous mode
[   56.446390][  T440] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.453462][  T440] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.460723][  T440] bridge_slave_1: entered allmulticast mode
[   56.467071][  T440] bridge_slave_1: entered promiscuous mode
[   56.517381][  T440] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.524526][  T440] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.532404][  T440] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.539590][  T440] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.563814][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.571303][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.580709][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.587975][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.603099][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.610233][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.634712][  T440] veth0_vlan: entered promiscuous mode
[   56.648094][  T440] veth1_macvtap: entered promiscuous mode
[   56.731139][   T47] bridge_slave_1: left allmulticast mode
[   56.737022][   T47] bridge_slave_1: left promiscuous mode
[   56.742942][   T47] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.754725][   T47] bridge_slave_0: left allmulticast mode
[   56.760733][   T47] bridge_slave_0: left promiscuous mode
[   56.766395][   T47] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.869960][   T47] veth1_macvtap: left promiscuous mode
[   56.875623][   T47] veth0_vlan: left promiscuous mode
2025/06/19 15:20:27 executed programs: 0
[   56.977877][  T451] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.984973][  T451] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.992366][  T451] bridge_slave_0: entered allmulticast mode
[   56.998678][  T451] bridge_slave_0: entered promiscuous mode
[   57.005011][  T451] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.012169][  T451] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.019300][  T451] bridge_slave_1: entered allmulticast mode
[   57.025913][  T451] bridge_slave_1: entered promiscuous mode
[   57.074566][  T451] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.081757][  T451] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.089088][  T451] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.096226][  T451] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.118715][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.126667][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.136038][  T444] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.143127][  T444] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.152051][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.159229][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.185054][  T451] veth0_vlan: entered promiscuous mode
[   57.196292][  T451] veth1_macvtap: entered promiscuous mode
[   57.223866][   T36] audit: type=1400 audit(1750346427.460:109): avc:  denied  { read } for  pid=455 comm="syz.2.16" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   57.224929][  T456] ------------[ cut here ]------------
[   57.247616][   T36] audit: type=1400 audit(1750346427.460:110): avc:  denied  { open } for  pid=455 comm="syz.2.16" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   57.254062][  T456] RUST PANIC: CPU: 1 PID: 456 at drivers/android/binder/node.rs:877
[   57.278731][   T36] audit: type=1400 audit(1750346427.460:111): avc:  denied  { ioctl } for  pid=455 comm="syz.2.16" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   57.284722][  T456] Kernel panic - not syncing: attempt to subtract with overflow
[   57.284749][  T456] CPU: 1 UID: 0 PID: 456 Comm: syz.2.16 Not tainted 6.12.23-syzkaller-08449-gf9fbc66f8444-dirty #0 0edd2ae16b47c413d0017121c21a76294fed1afc
[   57.284787][  T456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   57.284815][  T456] Call Trace:
[   57.284825][  T456]  <TASK>
[   57.284836][  T456]  __dump_stack+0x21/0x30
[   57.284888][  T456]  dump_stack_lvl+0x7b/0x190
[   57.284919][  T456]  ? __cfi_dump_stack_lvl+0x10/0x10
[   57.284952][  T456]  dump_stack+0x19/0x20
[   57.284982][  T456]  panic+0x297/0x700
[   57.285018][  T456]  ? __cfi_panic+0x10/0x10
[   57.285053][  T456]  ? printk_percpu_data_ready+0xd/0x20
[   57.285092][  T456]  rust_panic+0xc0/0xf0
[   57.285127][  T456]  _RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x2be/0x330
[   57.285185][  T456]  ? __cfi__RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x10/0x10
[   57.285223][  T456]  ? _RNvMs0_NtCshgDM7dBCdno_11rust_binder4nodeNtB5_4Node22update_refcount_locked+0x401/0x810
[   57.285280][  T456]  ? __cfi__RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process23insert_or_update_handle+0x10/0x10
[   57.285321][  T456]  ? __cfi__RNvXs1_NtNtCs9jEwPDbx20M_4core5panic10panic_infoNtB5_12PanicMessageNtNtB9_3fmt7Display3fmt+0x10/0x10
[   57.285368][  T456]  ? __kasan_check_write+0x18/0x20
[   57.285399][  T456]  ? _raw_spin_lock+0x8c/0x120
[   57.285434][  T456]  ? __cfi__raw_spin_lock+0x10/0x10
[   57.285470][  T456]  _RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x84/0x90
[   57.285511][  T456]  ? __cfi__RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x10/0x10
[   57.285555][  T456]  _RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_sub_overflow+0xb2/0xc0
[   57.285592][  T456]  ? __cfi__RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_sub_overflow+0x10/0x10
[   57.285632][  T456]  _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process10update_ref+0x17e5/0x1860
[   57.285673][  T456]  ? __cfi__RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process10update_ref+0x10/0x10
[   57.285717][  T456]  ? __kasan_check_write+0x18/0x20
[   57.285747][  T456]  ? _raw_spin_lock+0x8c/0x120
[   57.285780][  T456]  ? __cfi__raw_spin_lock+0x10/0x10
[   57.285816][  T456]  ? __kasan_check_write+0x18/0x20
[   57.285847][  T456]  _RNvMs2_NtCshgDM7dBCdno_11rust_binder6threadNtB5_6Thread10write_read+0x278d/0x9d20
[   57.285907][  T456]  ? __cfi__RNvMs2_NtCshgDM7dBCdno_11rust_binder6threadNtB5_6Thread10write_read+0x10/0x10
[   57.285969][  T456]  ? is_bpf_text_address+0x17b/0x1a0
[   57.286008][  T456]  ? kernel_text_address+0xa9/0xe0
[   57.286037][  T456]  ? __kasan_check_write+0x18/0x20
[   57.286066][  T456]  ? _raw_spin_lock_irqsave+0xaf/0x150
[   57.286100][  T456]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[   57.286141][  T456]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[   57.286186][  T456]  ? stack_depot_save_flags+0x399/0x800
[   57.286222][  T456]  ? kasan_save_track+0x4f/0x80
[   57.286258][  T456]  ? kasan_save_track+0x3e/0x80
[   57.286290][  T456]  ? kasan_save_alloc_info+0x40/0x50
[   57.286317][  T456]  ? __kasan_kmalloc+0x96/0xb0
[   57.286353][  T456]  ? __kmalloc_cache_noprof+0x1a5/0x3c0
[   57.286385][  T456]  ? __set_page_owner+0x294/0x5d0
[   57.286423][  T456]  ? post_alloc_hook+0x3b9/0x3f0
[   57.286462][  T456]  ? prep_new_page+0x1c/0x120
[   57.286500][  T456]  ? get_page_from_freelist+0x46bb/0x4750
[   57.286527][  T456]  ? __alloc_pages_noprof+0x30d/0x6c0
[   57.286552][  T456]  ? alloc_slab_page+0x6b/0x1f0
[   57.286588][  T456]  ? allocate_slab+0x69/0x450
[   57.286624][  T456]  ? ___slab_alloc+0x59a/0x8b0
[   57.286657][  T456]  ? __kmalloc_node_track_caller_noprof+0x23a/0x440
[   57.286691][  T456]  ? krealloc_noprof+0x8d/0x130
[   57.286723][  T456]  ? rust_helper_krealloc+0x33/0xd0
[   57.286751][  T456]  ? _RNvMNtNtCs43vyB533jt3_6kernel5alloc9allocatorNtB2_11ReallocFunc4call+0xaf/0x100
[   57.286790][  T456]  ? _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0x715/0x1440
[   57.286826][  T456]  ? _RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x1a9/0x2c20
[   57.286862][  T456]  ? _RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0xa0/0x100
[   57.286902][  T456]  ? __se_sys_ioctl+0x132/0x1b0
[   57.286937][  T456]  ? __x64_sys_ioctl+0x7f/0xa0
[   57.286971][  T456]  ? x64_sys_call+0x1878/0x2ee0
[   57.287006][  T456]  ? do_syscall_64+0x58/0xf0
[   57.287040][  T456]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   57.287086][  T456]  ? __kasan_check_write+0x18/0x20
[   57.287120][  T456]  ? _raw_spin_lock_irqsave+0xaf/0x150
[   57.287155][  T456]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[   57.287201][  T456]  ? __set_page_owner+0x294/0x5d0
[   57.287241][  T456]  ? __kasan_check_write+0x18/0x20
[   57.287270][  T456]  ? __set_page_owner+0x3bf/0x5d0
[   57.287310][  T456]  ? __cfi___set_page_owner+0x10/0x10
[   57.287350][  T456]  ? kasan_unpoison+0x4a/0x70
[   57.287380][  T456]  ? post_alloc_hook+0x3b9/0x3f0
[   57.287420][  T456]  ? __cfi_post_alloc_hook+0x10/0x10
[   57.287458][  T456]  ? gfp_to_alloc_flags_cma+0x1c0/0x1c0
[   57.287490][  T456]  ? _raw_spin_trylock+0xaf/0x130
[   57.287525][  T456]  ? __cfi__raw_spin_trylock+0x10/0x10
[   57.287568][  T456]  ? is_bpf_text_address+0x17b/0x1a0
[   57.287609][  T456]  ? kernel_text_address+0xa9/0xe0
[   57.287638][  T456]  ? __kasan_check_write+0x18/0x20
[   57.287667][  T456]  ? _raw_spin_lock_irqsave+0xaf/0x150
[   57.287703][  T456]  ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[   57.287742][  T456]  ? _raw_spin_unlock_irqrestore+0x4a/0x70
[   57.287776][  T456]  ? stack_depot_save_flags+0x399/0x800
[   57.287811][  T456]  ? kasan_save_track+0x4f/0x80
[   57.287843][  T456]  ? kasan_save_track+0x3e/0x80
[   57.287878][  T456]  ? kasan_save_alloc_info+0x40/0x50
[   57.287903][  T456]  ? __kasan_kmalloc+0x96/0xb0
[   57.287938][  T456]  ? __kmalloc_node_track_caller_noprof+0x1ad/0x440
[   57.287970][  T456]  ? krealloc_noprof+0x8d/0x130
[   57.288004][  T456]  ? rust_helper_krealloc+0x33/0xd0
[   57.288031][  T456]  ? _RNvMNtNtCs43vyB533jt3_6kernel5alloc9allocatorNtB2_11ReallocFunc4call+0xaf/0x100
[   57.288071][  T456]  ? _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0x715/0x1440
[   57.288106][  T456]  ? _RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x1a9/0x2c20
[   57.288143][  T456]  ? _RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0xa0/0x100
[   57.288192][  T456]  ? __se_sys_ioctl+0x132/0x1b0
[   57.288227][  T456]  ? __x64_sys_ioctl+0x7f/0xa0
[   57.288263][  T456]  ? do_syscall_64+0x58/0xf0
[   57.288298][  T456]  ? entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   57.288343][  T456]  ? __kasan_kmalloc+0x96/0xb0
[   57.288379][  T456]  ? kasan_save_alloc_info+0x40/0x50
[   57.288405][  T456]  ? __kasan_kmalloc+0x96/0xb0
[   57.288442][  T456]  ? __kmalloc_node_track_caller_noprof+0x1ad/0x440
[   57.288476][  T456]  ? __kasan_check_write+0x18/0x20
[   57.288507][  T456]  ? _raw_spin_lock+0x8c/0x120
[   57.288539][  T456]  ? __cfi__raw_spin_lock+0x10/0x10
[   57.288573][  T456]  ? cgroup_rstat_updated+0x132/0x7f0
[   57.288606][  T456]  ? _raw_spin_unlock+0x45/0x60
[   57.288639][  T456]  ? rust_helper_spin_unlock+0x19/0x30
[   57.288667][  T456]  ? _RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0x934/0x1440
[   57.288706][  T456]  ? arch_scale_cpu_capacity+0x1c/0xb0
[   57.288743][  T456]  ? __cfi__RNvMs3_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process18get_current_thread+0x10/0x10
[   57.288780][  T456]  ? xfd_validate_state+0x68/0x150
[   57.288812][  T456]  ? save_fpregs_to_fpstate+0x196/0x230
[   57.288852][  T456]  ? __kasan_check_write+0x18/0x20
[   57.288881][  T456]  ? __switch_to+0xc7b/0x1310
[   57.288916][  T456]  ? pick_next_task_fair+0x870/0x900
[   57.288945][  T456]  ? _raw_spin_lock+0x8c/0x120
[   57.288982][  T456]  ? _raw_spin_unlock+0x45/0x60
[   57.289019][  T456]  ? finish_task_switch+0x13a/0x780
[   57.289046][  T456]  _RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x411/0x2c20
[   57.289082][  T456]  ? __schedule+0x1463/0x1f10
[   57.289121][  T456]  ? avc_has_extended_perms+0x7c7/0xdd0
[   57.289149][  T456]  ? __asan_memcpy+0x5a/0x80
[   57.289187][  T456]  ? avc_has_extended_perms+0x921/0xdd0
[   57.289214][  T456]  ? __cfi__RNvMs5_NtCshgDM7dBCdno_11rust_binder7processNtB5_7Process5ioctl+0x10/0x10
[   57.289252][  T456]  ? do_vfs_ioctl+0xeda/0x1e30
[   57.289289][  T456]  ? preempt_schedule_common+0x2d/0x60
[   57.289327][  T456]  ? __ia32_compat_sys_ioctl+0x850/0x850
[   57.289366][  T456]  ? __cfi_preempt_schedule+0x10/0x10
[   57.289406][  T456]  ? preempt_schedule_thunk+0x1a/0x40
[   57.289447][  T456]  ? try_to_wake_up+0xe17/0x1aa0
[   57.289488][  T456]  ? ioctl_has_perm+0x384/0x4d0
[   57.289527][  T456]  ? has_cap_mac_admin+0xd0/0xd0
[   57.289565][  T456]  ? futex_wake+0x63a/0x900
[   57.289591][  T456]  ? __cfi_futex_wake+0x10/0x10
[   57.289616][  T456]  ? selinux_file_ioctl+0x6e0/0x1360
[   57.289654][  T456]  ? __cfi_selinux_file_ioctl+0x10/0x10
[   57.289693][  T456]  ? do_futex+0x356/0x500
[   57.289728][  T456]  ? __cfi_do_futex+0x10/0x10
[   57.289766][  T456]  ? __fget_files+0x2c5/0x340
[   57.289803][  T456]  _RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0xa0/0x100
[   57.289843][  T456]  ? __se_sys_ioctl+0x114/0x1b0
[   57.289878][  T456]  ? __cfi__RNvCshgDM7dBCdno_11rust_binder26rust_binder_unlocked_ioctl+0x10/0x10
[   57.289919][  T456]  __se_sys_ioctl+0x132/0x1b0
[   57.289956][  T456]  __x64_sys_ioctl+0x7f/0xa0
[   57.289991][  T456]  x64_sys_call+0x1878/0x2ee0
[   57.290026][  T456]  do_syscall_64+0x58/0xf0
[   57.290060][  T456]  ? clear_bhb_loop+0x35/0x90
[   57.290099][  T456]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   57.290138][  T456] RIP: 0033:0x7f1c49f8e929
[   57.290176][  T456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.290199][  T456] RSP: 002b:00007f1c4ad94038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   57.290236][  T456] RAX: ffffffffffffffda RBX: 00007f1c4a1b5fa0 RCX: 00007f1c49f8e929
[   57.290258][  T456] RDX: 0000200000000480 RSI: 00000000c0306201 RDI: 0000000000000004
[   57.290277][  T456] RBP: 00007f1c4a010b39 R08: 0000000000000000 R09: 0000000000000000
[   57.290296][  T456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   57.290314][  T456] R13: 0000000000000000 R14: 00007f1c4a1b5fa0 R15: 00007fff6ca27fd8
[   57.290337][  T456]  </TASK>
[   57.309961][  T456] Kernel Offset: disabled