last executing test programs: 512.381993ms ago: executing program 1 (id=2): setresgid(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f00000000c0)={0x0, 0x0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) modify_ldt$write(0x1, &(0x7f0000000900)={0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x10) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max']) setresgid(0x0, 0x0, 0x0) (async) socket$inet6(0xa, 0x80002, 0x0) (async) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f00000000c0)={0x0, 0x0}, 0x10) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) (async) modify_ldt$write(0x1, &(0x7f0000000900)={0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x10) (async) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max']) (async) 443.076924ms ago: executing program 1 (id=6): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0xc) keyctl$chown(0x4, 0x0, r4, r5) recvfrom$packet(r2, 0x0, 0x0, 0x2, 0x0, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0x1201000, 0x3800, 0x7f, 0x7}, 0xffffffffffffffd2) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) mount_setattr(0xffffffffffffffff, 0x0, 0x8100, &(0x7f0000000300)={0x8, 0xf8, 0x40000}, 0x20) r6 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r6, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) r7 = socket$inet(0x2, 0x5, 0x0) setsockopt$inet_mreqn(r7, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc) r8 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') preadv(r8, &(0x7f0000001b80)=[{&(0x7f0000000a40)=""/65, 0x41}, {&(0x7f0000000080)=""/101, 0x65}], 0x2, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) userfaultfd(0x81000) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x20, 0x1, 0x4, "94c161ee"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 442.737464ms ago: executing program 2 (id=3): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0xc8, &(0x7f0000000000)=0x1000, 0x4) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="1e0308003c5c980128876360864668f82ffdd569d2f630b5e033ff11edf1c5ffc733d2acb165fe588cd568cd1f31b87b68b00ad84305"], 0xffdd) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYRES16=r1, @ANYRES32=r3, @ANYBLOB="010000000a0000000000001900000000000001410000001c001700000000000000006574683a385d559685b0437137d0e6028a99115ccb3e57b88864909e47a2ba91fc26"], 0x38}}, 0x40006000) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4, 0x0, @mcast2, 0x7}, 0x1c) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000040)={{0x7, 0xf9, 0x8be, 0xffff}, 'syz0\x00', 0x2}) listen(r0, 0x3) ioctl$UI_DEV_CREATE(r4, 0x5501) ioctl$UI_DEV_SETUP(r4, 0x405c5503, 0x0) r5 = socket(0x1e, 0x4, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, 0x0, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$ARPT_SO_SET_REPLACE(r6, 0x0, 0x60, &(0x7f00000003c0)={'filter\x00', 0x7, 0x4, 0x3d8, 0x1f0, 0x1f0, 0x0, 0x2f0, 0x2f0, 0x2f0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz1\x00', {0x81}}}}, {{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0x0, 0x0, 0x9, 0xf, {@empty, {[0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0x0, 0xff, 0x0, 0xff]}}, 0x8, 0x1c, 0x200, 0x8, 0x2, 0x9832, 'ip6gre0\x00', 'lo\x00', {}, {0xff}, 0x0, 0x224}, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x1, 0x10, {0x3}}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x428) sendmmsg$inet6(r0, &(0x7f00000006c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000380)="886a572b", 0x4}], 0x1}}], 0x1, 0x1004) 416.088964ms ago: executing program 0 (id=1): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000280), r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0) fcntl$lock(r2, 0x6, &(0x7f0000000000)={0x1, 0x2, 0x1b8, 0x2}) fcntl$lock(r2, 0x26, &(0x7f0000000200)={0x0, 0x0, 0x1000000020, 0x1fd}) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x54, 0x1, 0x4, 0x201, 0x0, 0x0, {0x0, 0x0, 0x3}, [@NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x7}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x5}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x7}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x6}, @NFULA_CFG_NLBUFSIZ={0x8, 0x3, 0x1, 0x0, 0x800}, @NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x8cd110c08fff145e}, @NFULA_CFG_QTHRESH={0x8, 0x5, 0x1, 0x0, 0x4}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x8}]}, 0x54}, 0x1, 0x0, 0x0, 0x40081}, 0x80d5) 345.457745ms ago: executing program 0 (id=7): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='ns\x00') getdents64(r1, &(0x7f0000000080)=""/32, 0x20) read$FUSE(0xffffffffffffffff, &(0x7f0000000580)={0x2020, 0x0, 0x0}, 0x2020) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000180)=0x0) stat(&(0x7f0000000200)='./file1\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_CREATE_OPEN(r1, &(0x7f00000002c0)={0xa0, 0x0, r2, {{0x1, 0x3, 0x1, 0xffffffff, 0x5, 0x1, {0x5, 0x7, 0x80, 0x1, 0x5, 0x890, 0x3ff, 0xb, 0x7, 0x4000, 0x10001, r3, r4, 0x698, 0x8}}, {0x0, 0x1a}}}, 0xa0) ioctl$PPPIOCSMAXCID(r0, 0x4010744d, &(0x7f0000000100)=0x20004005) r5 = socket$igmp(0x2, 0x3, 0x2) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2183, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r9 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) setsockopt$XDP_UMEM_FILL_RING(r9, 0x11b, 0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='./file0/file0\x00') r10 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x109542, 0x0) fcntl$setlease(r10, 0x400, 0x0) openat$cgroup_int(r10, &(0x7f0000000000)='memory.high\x00', 0x2, 0x0) ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x412, 0x0, 0x8c7}]}) getsockopt$inet_int(r5, 0x0, 0x21, 0x0, &(0x7f0000000100)) 261.403306ms ago: executing program 2 (id=9): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r0, &(0x7f0000000cc0)={'syz1\x00', {}, 0x0, [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd77f, 0x0, 0x8, 0x2, 0x0, 0x0, 0x4, 0x3, 0xe, 0x721a2d63, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc7, 0x0, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x3]}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000140)={0x1, 0x0, [{0xd90, 0x0, 0x5}]}) readv(r0, &(0x7f0000001900)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1) r2 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$setsig(r2, 0xa, 0x13) fcntl$setlease(r2, 0x400, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r3 = syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000400)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x5d, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x40, 0x0, 0x0, 0xfe}}], {{0x9, 0x5, 0x82, 0x2, 0x60}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0xfe}}}}}]}}]}}, 0x0) syz_usb_ep_write(r3, 0x82, 0xfffffffffffffd6e, &(0x7f0000000140)="16688a4a3f1cd2db8dcf350051f14ac00d7c36e54167f08f961d2fc0c37d7c8c2136536697a794f470c5f444560dedb1b190fa34325a3c256fb8b4e2297215f331") truncate(&(0x7f0000000140)='./file0\x00', 0x0) 197.613017ms ago: executing program 3 (id=10): r0 = socket$inet_icmp(0x2, 0x2, 0x1) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f00000026c0)={0x0, {0x2, 0x4e23, @loopback}, {0x2, 0x4e21, @private=0xa010102}, {0x2, 0x4e20, @broadcast}, 0x22, 0x0, 0x20, 0x0, 0x4, &(0x7f0000002680)='bridge0\x00', 0x0, 0x5c, 0x7f}) 197.195857ms ago: executing program 0 (id=11): r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) read(r0, &(0x7f0000000180)=""/89, 0x59) 197.017927ms ago: executing program 0 (id=12): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0x0, 0x6, 0xa, 0x0, 0x9}) socket$xdp(0x2c, 0x3, 0x0) r0 = getpgid(0x0) capget(&(0x7f0000000000)={0x20080522, r0}, &(0x7f00000000c0)={0x1, 0x2, 0x3, 0x1, 0x92, 0x4}) 196.344487ms ago: executing program 3 (id=13): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getpgrp(0xffffffffffffffff) lchown(0x0, 0x0, 0x0) setxattr$incfs_size(0x0, 0x0, 0x0, 0x0, 0x3) bind$inet6(r0, &(0x7f000000cf00)={0xa, 0x4e28, 0x7f, @private1={0xfc, 0x1, '\x00', 0x1}, 0xfffffffe}, 0x1c) 193.686317ms ago: executing program 3 (id=14): sched_setscheduler(0x0, 0x1, 0x0) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x10, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000140)=0x0) statx(0xffffffffffffffff, &(0x7f0000000180)='\x00', 0x100, 0x20, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x2, 0x4000, 0x1000, &(0x7f0000ec4000/0x1000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x6000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x5000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) r5 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r5, &(0x7f0000004700)=[{{&(0x7f0000000540)={0xa, 0x4e20, 0xffffffc8, @loopback, 0x5}, 0x1c, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000290000003600000088000000000000001400000000000000290000004300000010000000000000004b72875c865e6b6b04a326f9a717d9a6db1c56efde150cf2811f092cd3ac5677d24333497b0c886e569e593a257b4c6662533f0b4cb95a1b8429dcdfeac9d7534c5a5d8526e02d54a55deaa071e1b42114410fbbab957e8130ea723a390df70ea82a7f17683b4f518f410e17361844886c78e66ca45323e052a2d1b7841da1a68d76a34dff3c07f9e66feee8abf1cf73ac2c91f4785d0614f28eceb0a684ee3c7eaf48f850072c072dcd0b625f1cde8addc7ffac830450af59"], 0x30}}], 0x1, 0x80040c4) mount$fuseblk(&(0x7f0000002440), &(0x7f0000002480)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f00000002c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[], [{@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@dont_measure}, {@fowner_gt={'fowner>', r1}}]}}) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') socket$nl_generic(0x10, 0x3, 0x10) read$FUSE(r6, &(0x7f0000000c40)={0x2020}, 0x2020) 185.961368ms ago: executing program 0 (id=15): rt_sigprocmask(0x2, &(0x7f0000000040)={[0x3]}, &(0x7f0000000080), 0x8) syz_usb_connect$printer(0x1, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x40, 0x2, [{{0x9, 0x4, 0x0, 0x3, 0x2, 0x7, 0x1, 0x2, 0x8, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x7, 0x3, 0x2}}, [{{0x9, 0x5, 0x82, 0x2, 0x20, 0x81, 0x1, 0x4}}]}}}]}}]}}, &(0x7f0000002380)={0x0, 0x0, 0x0, 0x0, 0x4, [{0x4, &(0x7f0000002240)=@lang_id={0x4, 0x3, 0xf0ff}}, {0x0, 0x0}, {0x0, 0x0}, {0x4, &(0x7f0000002300)=@lang_id={0x4, 0x3, 0x40a}}]}) 102.416779ms ago: executing program 3 (id=16): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x101400, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r1, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) write$binfmt_elf32(r1, &(0x7f00000014c0)=ANY=[], 0x46b) sendmmsg$inet(r1, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000100)="55481f", 0x3}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0x5}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x48042, 0x0) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f00000000c0)={{r2}, 0x8, 0x6, 0x9}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='cgroup.kill\x00', 0x275a, 0x0) fchmod(r3, 0x80) r4 = openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000380), 0x1, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) read(r4, &(0x7f0000000640)=""/4096, 0x1000) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x3, @local, 0x40}, 0x1c) 397.86µs ago: executing program 3 (id=17): mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff) mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', &(0x7f0000001e00), 0x0, &(0x7f0000001e40)={[{@stats}]}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000002500)='./binderfs2/binder0\x00', 0x2, 0x0) 0s ago: executing program 3 (id=18): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001080)={0x18, 0x19, 0x1, 0x0, 0x25dfdbfb, {0x1d, 0xd601, 0x9}, [@nested={0x4, 0x6}]}, 0x18}, 0x1, 0x0, 0x0, 0x5}, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x2ff, 0x0, 0x5}]}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETTXFILTER(r1, 0x400454ca, &(0x7f0000000000)=ANY=[]) setuid(0xee00) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f00000000c0)) ptrace(0x10, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000040)=0x7f) ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000100)=0x5) close(0x3) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000240)={0x2, 0x0, [{0x204, 0x0, 0x80000000}, {0xbb6, 0x0, 0x8}]}) r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000006680), 0x0, 0x0) ioctl$UI_ABS_SETUP(r8, 0x401c5504, &(0x7f0000006980)={0x0, {0x0, 0x80000000}}) r9 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r9, 0x89f1, &(0x7f0000000a40)={'ip6tnl0\x00', 0x0}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.149' (ED25519) to the list of known hosts. [ 23.450865][ T36] audit: type=1400 audit(1750447504.950:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 23.452331][ T281] cgroup: Unknown subsys name 'net' [ 23.473530][ T36] audit: type=1400 audit(1750447504.950:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.500869][ T36] audit: type=1400 audit(1750447504.970:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 23.501108][ T281] cgroup: Unknown subsys name 'devices' [ 23.662668][ T281] cgroup: Unknown subsys name 'hugetlb' [ 23.668295][ T281] cgroup: Unknown subsys name 'rlimit' [ 23.845319][ T36] audit: type=1400 audit(1750447505.340:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 23.868556][ T36] audit: type=1400 audit(1750447505.340:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 23.893403][ T36] audit: type=1400 audit(1750447505.340:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 23.904741][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 23.925306][ T36] audit: type=1400 audit(1750447505.420:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.950837][ T36] audit: type=1400 audit(1750447505.420:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 23.981079][ T36] audit: type=1400 audit(1750447505.480:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.006695][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.006694][ T36] audit: type=1400 audit(1750447505.480:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.276237][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.283401][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.290561][ T289] bridge_slave_0: entered allmulticast mode [ 25.296837][ T289] bridge_slave_0: entered promiscuous mode [ 25.307013][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.314200][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.321333][ T289] bridge_slave_1: entered allmulticast mode [ 25.327577][ T289] bridge_slave_1: entered promiscuous mode [ 25.356096][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.363225][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.370374][ T288] bridge_slave_0: entered allmulticast mode [ 25.376632][ T288] bridge_slave_0: entered promiscuous mode [ 25.395434][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.402540][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.409664][ T288] bridge_slave_1: entered allmulticast mode [ 25.416151][ T288] bridge_slave_1: entered promiscuous mode [ 25.462268][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.469338][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.476448][ T291] bridge_slave_0: entered allmulticast mode [ 25.482873][ T291] bridge_slave_0: entered promiscuous mode [ 25.500008][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.507096][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.514199][ T291] bridge_slave_1: entered allmulticast mode [ 25.520541][ T291] bridge_slave_1: entered promiscuous mode [ 25.546313][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.553428][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.560596][ T290] bridge_slave_0: entered allmulticast mode [ 25.566855][ T290] bridge_slave_0: entered promiscuous mode [ 25.580417][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.587490][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.594850][ T290] bridge_slave_1: entered allmulticast mode [ 25.601320][ T290] bridge_slave_1: entered promiscuous mode [ 25.682330][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.689396][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.696751][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.703808][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.780631][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.787720][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.795053][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.802110][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.811273][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.818350][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.825675][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.833258][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.851889][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.859437][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.866815][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.874404][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.882397][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.889766][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.916362][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.923453][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.939258][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.946338][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.963571][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.970665][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.982350][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.989416][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.021855][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.028921][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.036683][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.043765][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.066756][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.073830][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.081862][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.088915][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.109447][ T290] veth0_vlan: entered promiscuous mode [ 26.119629][ T289] veth0_vlan: entered promiscuous mode [ 26.150533][ T289] veth1_macvtap: entered promiscuous mode [ 26.158131][ T290] veth1_macvtap: entered promiscuous mode [ 26.178822][ T288] veth0_vlan: entered promiscuous mode [ 26.214110][ T290] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 26.214627][ T288] veth1_macvtap: entered promiscuous mode [ 26.240507][ T291] veth0_vlan: entered promiscuous mode [ 26.254474][ T291] veth1_macvtap: entered promiscuous mode [ 26.272994][ T310] SELinux: security_context_str_to_sid () failed with errno=-22 [ 26.320862][ T315] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 26.339422][ T315] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 26.388851][ T321] input: syz0 as /devices/virtual/input/input4 [ 26.397545][ T321] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 26.430525][ T315] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 26.439650][ T321] x_tables: duplicate underflow at hook 1 [ 26.531416][ T329] Zero length message leads to an empty skb [ 26.547654][ T334] input: syz1 as /devices/virtual/input/input5 [ 26.622717][ T45] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 26.639294][ T348] fuseblk: Unknown parameter 'mask' [ 26.749376][ T9] ================================================================== [ 26.757525][ T9] BUG: KASAN: null-ptr-deref in down_write+0x83/0x2a0 [ 26.764344][ T9] Write of size 8 at addr 0000000000000098 by task kworker/0:0/9 [ 26.772082][ T9] [ 26.774425][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 26.774448][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 26.774459][ T9] Workqueue: events _RNvXs6_NtCs43vyB533jt3_6kernel9workqueueINtNtNtB7_4sync3arc3ArcNtNtCshgDM7dBCdno_11rust_binder7process7ProcessEINtB5_15WorkItemPointerKy0_E3runB13_ [ 26.774514][ T9] Call Trace: [ 26.774520][ T9] [ 26.774527][ T9] __dump_stack+0x21/0x30 [ 26.774547][ T9] dump_stack_lvl+0x10c/0x190 [ 26.774564][ T9] ? __cfi_dump_stack_lvl+0x10/0x10 [ 26.774583][ T9] print_report+0x3d/0x70 [ 26.774597][ T9] kasan_report+0x163/0x1a0 [ 26.774619][ T9] ? down_write+0x83/0x2a0 [ 26.774636][ T9] ? down_write+0x83/0x2a0 [ 26.774651][ T9] kasan_check_range+0x299/0x2a0 [ 26.774673][ T9] __kasan_check_write+0x18/0x20 [ 26.774689][ T9] down_write+0x83/0x2a0 [ 26.774704][ T9] ? __cfi_down_write+0x10/0x10 [ 26.774719][ T9] ? _raw_spin_lock+0x8c/0x120 [ 26.774743][ T9] ? __cfi__raw_spin_lock+0x10/0x10 [ 26.774761][ T9] ? mutex_unlock+0x8b/0x240 [ 26.774775][ T9] ? __cfi_mutex_unlock+0x10/0x10 [ 26.774795][ T9] ? mroute6_is_socket+0x201/0x2f0 [ 26.774813][ T9] rust_binderfs_remove_file+0x6c/0x110 [ 26.774828][ T9] _RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x9d4/0x2860 [ 26.774855][ T9] ? update_curr_dl_se+0x10c/0xb20 [ 26.774875][ T9] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 26.774891][ T9] ? update_curr+0x60d/0xc60 [ 26.774911][ T9] ? __cfi__RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x10/0x10 [ 26.774936][ T9] ? update_load_avg+0x506/0x19a0 [ 26.774950][ T9] ? detach_entity_load_avg+0x7b0/0x7b0 [ 26.774972][ T9] ? dequeue_entity+0xa9c/0x1750 [ 26.774986][ T9] ? __cfi_ip6table_mangle_hook+0x10/0x10 [ 26.775010][ T9] ? tg_unthrottle_up+0x980/0x980 [ 26.775025][ T9] ? ip6_output+0x1d5/0x3c0 [ 26.775041][ T9] ? kvm_sched_clock_read+0x15/0x30 [ 26.775057][ T9] ? sched_clock_noinstr+0xd/0x30 [ 26.775070][ T9] ? sched_clock+0x44/0x60 [ 26.775094][ T9] ? sched_clock_cpu+0x75/0x400 [ 26.775116][ T9] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 26.775137][ T9] ? sched_clock+0x44/0x60 [ 26.775156][ T9] ? __cfi_sched_clock_cpu+0x10/0x10 [ 26.775180][ T9] ? __kasan_check_write+0x18/0x20 [ 26.775196][ T9] ? __switch_to+0xc7b/0x1310 [ 26.775214][ T9] ? psi_group_change+0xb44/0x1130 [ 26.775230][ T9] ? __cfi___switch_to+0x10/0x10 [ 26.775249][ T9] ? _raw_spin_unlock+0x45/0x60 [ 26.775268][ T9] ? __switch_to_asm+0x3d/0x70 [ 26.775288][ T9] ? __schedule+0x1463/0x1f10 [ 26.775316][ T9] ? kick_pool+0xad/0x550 [ 26.775339][ T9] process_scheduled_works+0x7d2/0x1020 [ 26.775367][ T9] worker_thread+0xc58/0x1250 [ 26.775389][ T9] kthread+0x2c7/0x370 [ 26.775410][ T9] ? __cfi_worker_thread+0x10/0x10 [ 26.775436][ T9] ? __cfi_kthread+0x10/0x10 [ 26.775462][ T9] ret_from_fork+0x64/0xa0 [ 26.775478][ T9] ? __cfi_kthread+0x10/0x10 [ 26.775499][ T9] ret_from_fork_asm+0x1a/0x30 [ 26.775521][ T9] [ 26.775526][ T9] ================================================================== [ 26.780539][ T45] usb 2-1: Using ep0 maxpacket: 32 [ 26.789061][ T9] Disabling lock debugging due to kernel taint [ 26.800352][ T45] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 26.816076][ T9] BUG: kernel NULL pointer dereference, address: 0000000000000098 [ 26.835660][ T45] usb 2-1: config 0 has no interface number 0 [ 26.836487][ T9] #PF: supervisor write access in kernel mode [ 26.851816][ T45] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 26.854159][ T9] #PF: error_code(0x0002) - not-present page [ 26.854174][ T9] PGD 8000000109737067 P4D 8000000109737067 PUD 0 [ 26.859129][ T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.864060][ T9] [ 26.864072][ T9] Oops: Oops: 0002 [#1] PREEMPT SMP KASAN PTI [ 26.864095][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Tainted: G B 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 26.864125][ T9] Tainted: [B]=BAD_PAGE [ 26.864132][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 26.864145][ T9] Workqueue: events _RNvXs6_NtCs43vyB533jt3_6kernel9workqueueINtNtNtB7_4sync3arc3ArcNtNtCshgDM7dBCdno_11rust_binder7process7ProcessEINtB5_15WorkItemPointerKy0_E3runB13_ [ 26.864199][ T9] RIP: 0010:down_write+0x9a/0x2a0 [ 26.864224][ T9] Code: 48 c7 44 24 20 00 00 00 00 be 08 00 00 00 e8 2d 34 55 fc 4c 89 f7 be 08 00 00 00 e8 20 34 55 fc 48 8b 44 24 20 b9 01 00 00 00 48 0f b1 0b 0f 85 a0 00 00 00 48 c7 c0 c0 b9 20 87 48 c1 e8 03 [ 26.879201][ T45] usb 2-1: Product: syz [ 26.883273][ T9] RSP: 0018:ffffc90000097500 EFLAGS: 00010256 [ 26.883296][ T9] RAX: 0000000000000000 RBX: 0000000000000098 RCX: 0000000000000001 [ 26.883309][ T9] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000097520 [ 26.883322][ T9] RBP: ffffc90000097598 R08: ffffc90000097527 R09: 1ffff92000012ea4 [ 26.883339][ T9] R10: dffffc0000000000 R11: fffff52000012ea5 R12: dffffc0000000000 [ 26.890309][ T31] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 26.892964][ T9] R13: 1ffff92000012ea0 R14: ffffc90000097520 R15: 0000000000000000 [ 26.898197][ T45] usb 2-1: Manufacturer: syz [ 26.903631][ T9] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 26.903655][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 26.903669][ T9] CR2: 0000000000000098 CR3: 000000010cf06000 CR4: 00000000003526b0 [ 26.903686][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 26.903698][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 26.903711][ T9] Call Trace: [ 26.903718][ T9] [ 26.903727][ T9] ? __cfi_down_write+0x10/0x10 [ 26.903754][ T9] ? _raw_spin_lock+0x8c/0x120 [ 26.936849][ T45] usb 2-1: SerialNumber: syz [ 26.945460][ T9] ? __cfi__raw_spin_lock+0x10/0x10 [ 26.945496][ T9] ? mutex_unlock+0x8b/0x240 [ 26.945515][ T9] ? __cfi_mutex_unlock+0x10/0x10 [ 26.945533][ T9] ? mroute6_is_socket+0x201/0x2f0 [ 26.945557][ T9] rust_binderfs_remove_file+0x6c/0x110 [ 26.945578][ T9] _RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x9d4/0x2860 [ 26.958861][ T45] usb 2-1: config 0 descriptor?? [ 26.961106][ T9] ? update_curr_dl_se+0x10c/0xb20 [ 26.961138][ T9] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 26.961161][ T9] ? update_curr+0x60d/0xc60 [ 26.961186][ T9] ? __cfi__RNvXs2_NtCshgDM7dBCdno_11rust_binder7processNtB5_7ProcessNtNtCs43vyB533jt3_6kernel9workqueue8WorkItem3run+0x10/0x10 [ 26.973459][ T45] smsc95xx v2.0.0 [ 26.976443][ T9] ? update_load_avg+0x506/0x19a0 [ 26.976472][ T9] ? detach_entity_load_avg+0x7b0/0x7b0 [ 27.070401][ T31] usb 3-1: Using ep0 maxpacket: 16 [ 27.074194][ T9] ? dequeue_entity+0xa9c/0x1750 [ 27.074225][ T9] ? __cfi_ip6table_mangle_hook+0x10/0x10 [ 27.074258][ T9] ? tg_unthrottle_up+0x980/0x980 [ 27.080066][ T31] usb 3-1: config 1 interface 0 altsetting 93 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.083269][ T9] ? ip6_output+0x1d5/0x3c0 [ 27.083301][ T9] ? kvm_sched_clock_read+0x15/0x30 [ 27.083324][ T9] ? sched_clock_noinstr+0xd/0x30 [ 27.083343][ T9] ? sched_clock+0x44/0x60 [ 27.089265][ T31] usb 3-1: config 1 interface 0 altsetting 93 bulk endpoint 0x82 has invalid maxpacket 96 [ 27.091151][ T9] ? sched_clock_cpu+0x75/0x400 [ 27.091181][ T9] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 27.091203][ T9] ? sched_clock+0x44/0x60 [ 27.091224][ T9] ? __cfi_sched_clock_cpu+0x10/0x10 [ 27.099901][ T31] usb 3-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 8 [ 27.104402][ T9] ? __kasan_check_write+0x18/0x20 [ 27.104431][ T9] ? __switch_to+0xc7b/0x1310 [ 27.104455][ T9] ? psi_group_change+0xb44/0x1130 [ 27.104478][ T9] ? __cfi___switch_to+0x10/0x10 [ 27.104502][ T9] ? _raw_spin_unlock+0x45/0x60 [ 27.104531][ T9] ? __switch_to_asm+0x3d/0x70 [ 27.112513][ T31] usb 3-1: config 1 interface 0 altsetting 93 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 27.118751][ T9] ? __schedule+0x1463/0x1f10 [ 27.127130][ T31] usb 3-1: config 1 interface 0 has no altsetting 0 [ 27.132656][ T9] ? kick_pool+0xad/0x550 [ 27.132695][ T9] process_scheduled_works+0x7d2/0x1020 [ 27.132734][ T9] worker_thread+0xc58/0x1250 [ 27.140222][ T31] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 27.147816][ T9] kthread+0x2c7/0x370 [ 27.154109][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 27.160315][ T9] ? __cfi_worker_thread+0x10/0x10 [ 27.160350][ T9] ? __cfi_kthread+0x10/0x10 [ 27.172415][ T31] usb 3-1: SerialNumber: syz [ 27.176761][ T9] ret_from_fork+0x64/0xa0 [ 27.176794][ T9] ? __cfi_kthread+0x10/0x10 [ 27.201090][ T343] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 27.205769][ T9] ret_from_fork_asm+0x1a/0x30 [ 27.223278][ T343] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 27.227544][ T9] [ 27.396021][ T45] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 27.407367][ T9] Modules linked in: [ 27.407397][ T9] CR2: 0000000000000098 [ 27.407413][ T9] ---[ end trace 0000000000000000 ]--- [ 27.407422][ T9] RIP: 0010:down_write+0x9a/0x2a0 [ 27.407452][ T9] Code: 48 c7 44 24 20 00 00 00 00 be 08 00 00 00 e8 2d 34 55 fc 4c 89 f7 be 08 00 00 00 e8 20 34 55 fc 48 8b 44 24 20 b9 01 00 00 00 48 0f b1 0b 0f 85 a0 00 00 00 48 c7 c0 c0 b9 20 87 48 c1 e8 03 [ 27.407470][ T9] RSP: 0018:ffffc90000097500 EFLAGS: 00010256 [ 27.412615][ T45] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 27.417520][ T9] [ 27.417529][ T9] RAX: 0000000000000000 RBX: 0000000000000098 RCX: 0000000000000001 [ 27.417545][ T9] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc90000097520 [ 27.763130][ T9] RBP: ffffc90000097598 R08: ffffc90000097527 R09: 1ffff92000012ea4 [ 27.771117][ T9] R10: dffffc0000000000 R11: fffff52000012ea5 R12: dffffc0000000000 [ 27.779121][ T9] R13: 1ffff92000012ea0 R14: ffffc90000097520 R15: 0000000000000000 [ 27.787115][ T9] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 27.796078][ T9] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.802669][ T9] CR2: 0000000000000098 CR3: 000000010cf06000 CR4: 00000000003526b0 [ 27.810655][ T9] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 27.818632][ T9] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 27.826611][ T9] Kernel panic - not syncing: Fatal exception [ 27.833003][ T9] Kernel Offset: disabled [ 27.837334][ T9] Rebooting in 86400 seconds..