last executing test programs: 1.027504714s ago: executing program 1 (id=111): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_int(r1, 0x107, 0x7, &(0x7f0000000240)=0xe9, 0x4) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x2015, 0x100000000000}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x54, 0x0, &(0x7f00000001c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x100, 0x2}, @ptr={0x70742a85, 0x1, &(0x7f00000003c0)=""/236, 0xec, 0x0, 0x1b}, @ptr={0x70742a85, 0x1, &(0x7f00000004c0)=""/235, 0xeb, 0x2, 0x14}}, &(0x7f00000000c0)={0x0, 0x18, 0x40}}}, @clear_death={0x400c630f, 0x1}], 0x0, 0x0, 0x0}) 855.860067ms ago: executing program 1 (id=112): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000500)='./file1/file0\x00', 0x0, 0x201008, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000001180)='./bus\x00') r0 = syz_open_dev$loop(&(0x7f0000000100), 0x80000006, 0x48002) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000000000000000000000001200", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 855.562477ms ago: executing program 1 (id=113): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="04010000110007000000000000000000ff020000000000000000000000000001e0000002000000006c00000000"], 0x104}}, 0x0) 854.931147ms ago: executing program 1 (id=114): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x2, 0xd, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x2, 0x0, 0x0, 0x0, 0x0, {0x6, 0x32, 0x3, 0x0, 0x0, 0x0, 0x0, @in=@rand_addr=0x10003300, @in6=@mcast2}}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @local}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0xffff, @private}}]}, 0x80}}, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000280)=[@reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000040)={@ptr={0x70742a85, 0x0, &(0x7f0000001640)=""/4096, 0x1000, 0x2, 0x14}, @fd={0x66642a85, 0x0, r1}, @ptr={0x70742a85, 0x0, &(0x7f00000003c0)=""/240, 0xf0, 0x1, 0x1b}}, &(0x7f0000000140)={0x0, 0x28, 0x40}}, 0x1000}], 0xb0, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac1"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x1e5003, 0x0) (async) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) (async) close(r2) (async) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x10, 0x0, &(0x7f0000000340)=[@clear_death={0x400c630f, 0x1}], 0x0, 0x0, 0x0}) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x40300, 0x0) 854.734587ms ago: executing program 1 (id=115): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r1, &(0x7f0000000080)='\x00\x00\x00\x00&\x00\x00\x00\x00\x00', 0xa, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) recvfrom(r0, &(0x7f0000000100)=""/10, 0xa, 0x0, 0x0, 0x0) 769.244628ms ago: executing program 3 (id=116): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000500)='./file1/file0\x00', 0x0, 0x201008, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000001180)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) lseek(r0, 0x3, 0x0) 768.890908ms ago: executing program 3 (id=117): openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_netprio_ifpriomap(r1, &(0x7f0000000040), 0x2, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'nr0\x00', 0xe43986f95b0e4309}) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCMIWAIT(r3, 0x545c, 0x7cb7562f2d67) ioctl$TIOCMSET(r3, 0x5418, &(0x7f0000000140)=0xfffffdfb) ioctl$TUNGETSNDBUF(r2, 0x400454dc, &(0x7f0000001700)) close_range(r0, 0xffffffffffffffff, 0x2) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$KVM_CHECK_EXTENSION(r7, 0xae03, 0x8) ioctl$PPPIOCSDEBUG(r4, 0x40047440, 0x0) close(r6) r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000280)={{{@in=@loopback, @in6=@mcast1}}, {{@in=@local}, 0x0, @in6=@dev}}, &(0x7f0000000180)=0xe8) openat$cgroup_netprio_ifpriomap(r1, &(0x7f00000001c0), 0x2, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x180) close(r9) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r8, 0x2000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r8, 0xc2a4a000) 568.735081ms ago: executing program 3 (id=118): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000058c0)=ANY=[@ANYBLOB="fc01000013000100000000000000000000000000000000000000002000000001fc020000000000000000000000000001", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000010000000000000000000000000000000000000000ffffffffffffffff00000000000000000300000000000000090000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000feffffff00000000000000000000000044010500e0000002000000000000000000000000000004d632"], 0x1fc}, 0x1, 0x0, 0x0, 0x11}, 0x0) 555.592612ms ago: executing program 3 (id=119): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x1ed2a000) mremap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil) (async) r0 = userfaultfd(0x80001) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000900)={'ip6gre0\x00', &(0x7f0000000880)={'syztnl2\x00', 0x0, 0x4, 0x8, 0x86, 0x5, 0x11, @empty, @remote, 0x80, 0x1, 0x9, 0x8}}) (async) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, &(0x7f00000001c0)={0x3, 0x0, 0x0, 0x0, 0xffff8000}) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) (async) ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x5, 0x2, 0xc, 0x3}]}) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_NEIGHBORS(r2, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="26fb299ec8409562b5da6cbf430002", @ANYRES16=r5, @ANYBLOB="000425bd7000fddbdf25090000000600280000000000080032000700000005002e0001000000050030000000000005002f0000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4c080}, 0x2000a000) (async) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) (async) r6 = getpid() r7 = syz_pidfd_open(r6, 0x0) (async) r8 = syz_open_procfs(r6, &(0x7f0000000040)='net/arp\x00') (async) quotactl$Q_GETFMT(0xffffffff80000402, &(0x7f0000001740)=@loop={'/dev/loop', 0x0}, 0xee00, 0x0) mkdir(&(0x7f0000001f40)='./file0\x00', 0x84) ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000b00000/0x2000)=nil, 0x2000}, 0x2}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async) mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[]) (async) madvise(&(0x7f00001d7000/0x4000)=nil, 0x4000, 0x12) r9 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r9, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) (async) sendto$inet(r9, 0x0, 0x0, 0x847ed, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) syz_usb_connect(0x1, 0x36, &(0x7f0000000000)=ANY=[@ANYRES8=r7, @ANYRES32=0x0, @ANYRES32=r4], 0x0) (async) sendto$inet(r9, &(0x7f0000000580)="17", 0x59a, 0x10008034, 0x0, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) writev(r10, &(0x7f0000001bc0)=[{0x0}, {0x0}, {&(0x7f00000018c0)='`', 0x1}], 0x3) 357.732875ms ago: executing program 0 (id=123): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x80, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x100000000001f, 0xfffffffffffffffa, 0x0, 0x0, 0x5, 0x1c, "ffffffff00000004ddb49a000000000000000000f8e500080000010000000000000000040000ff000000000000ffffffff00000000000000299b00", "2809e8dbe108598948f8ffd54a07c21d875397bdb22d0008b420a1819e01177d3d458dd4992861ac00000080ffffffffff03ffff001700", "90be8bf4bd000000000000ffffffff0000001210000000000000000b00"}}) 339.659075ms ago: executing program 0 (id=124): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x9, 0x80800) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000040)={0x400008001, 0x0, 0x8, r2, 0x1}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0xe703, 0x0, 0x1, r2, 0x1}) 273.283946ms ago: executing program 3 (id=125): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="0100000000000000d901000005000000ff"]) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x18, &(0x7f00000001c0)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/10, 0xa}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, &(0x7f00000002c0)}) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$binderfs(&(0x7f0000000000), &(0x7f0000000040)='./binderfs\x00', &(0x7f00000002c0), 0x10, &(0x7f00000003c0)={[{@max={'max', 0x3d, 0x7}}, {@stats}, {@stats}, {@stats}], [{@uid_lt={'uid<', r4}}, {@euid_eq}, {@subj_type}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@context={'context', 0x3d, 'unconfined_u'}}]}) 261.188496ms ago: executing program 0 (id=126): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000058c0)=ANY=[@ANYBLOB="fc01000013000100000000000000000000000000000300000000000000000001fc0200000000000000000000000000014e24000d040000090a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000010000000000000000000000000000000000000000ffffffffffffffff00000000000000000300000000000000090000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000feffffff00000000000000000000000044010500e0000002000000000000000000000000000004d6320000000a000000ac1414aa000000000000000000000000053500000303030009000000b4000000070000007f000001000000000000000000000000000004d36c00000000000000fc0100000000000006000000000000000000000000000900010000000080000008000000ac1414aa000000000000000000000000000004d2330000000a000000ac1414bb0000000000000000ddffffff023500000002fa00070000000a00000002000000fe80000000000000000000000000000f000004d43c"], 0x1fc}, 0x1, 0x0, 0x0, 0x11}, 0x0) 247.246227ms ago: executing program 0 (id=127): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe8000000000000000000000000000bbff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000320000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000af0000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000000000000000000000000000000000000000000000004c001400636d61632861657329"], 0x1a0}}, 0x0) 182.913517ms ago: executing program 0 (id=128): openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x1, 0x0, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4000000000000000) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x4052, r3, 0xffffd000) 182.589327ms ago: executing program 3 (id=129): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da07fbfd00000001090224000100000000090400000903000000092100000001222200090581030800000000"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x0, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') syz_usb_ep_write(r0, 0x81, 0x7, &(0x7f0000000000)='BBBBBBB') 182.322247ms ago: executing program 2 (id=130): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e000100000000000000000000000000000000000000000a0060"], 0xb8}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000030000000000ac1e000100000000000000300000000000000000000000000a0040"], 0xb8}}, 0x0) 169.144797ms ago: executing program 2 (id=131): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) (async) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0xffffffff00000000) (async) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/kernel/profiling', 0x149a82, 0x0) (async) openat$rtc(0xffffffffffffff9c, 0x0, 0x402, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) (async) rename(0x0, &(0x7f00000002c0)='./file0/file0\x00') (async) r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'nr0\x00', 0xe43986f95b0e4309}) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCMIWAIT(r5, 0x545c, 0x7cb7562f2d67) (async) ioctl$TIOCMSET(r5, 0x5418, &(0x7f0000000140)=0xfffffdfb) ioctl$TUNGETSNDBUF(r4, 0x400454dc, &(0x7f0000001700)) (async, rerun: 32) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async, rerun: 32) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async) openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async, rerun: 32) ioctl$PPPIOCSDEBUG(0xffffffffffffffff, 0x40047440, 0x0) (async, rerun: 32) close(r7) r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (async) openat$cgroup_netprio_ifpriomap(r3, 0x0, 0x2, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000700)={{0x12, 0x1, 0x1, 0x4f, 0xdb, 0x1e, 0x8, 0x4bb, 0x930, 0x1036, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x2, 0x80, 0x50, 0x7, [{{0x9, 0x4, 0x4e, 0xba, 0x0, 0x2c, 0xd3, 0x4b, 0x7}}]}}]}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r8, 0x2000) (async) write$cgroup_int(r2, &(0x7f0000000000)=0xfe8e, 0x12) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@acquire], 0x0, 0x0, 0x0}) 154.788318ms ago: executing program 0 (id=132): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = eventfd2(0x9, 0x80800) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f00000001c0)={0x9, 0xeeee8000, 0x8, r3, 0x7}) ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x1, r3, 0x1}) r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_START(r4, 0x54a0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r8 = eventfd2(0x9, 0x80800) eventfd(0x3d9544d7) ioctl$KVM_IOEVENTFD(r7, 0x4040ae79, &(0x7f0000000040)={0x400008001, 0x0, 0x8, r8, 0x1}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r9 = getpid() sched_setscheduler(r9, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r10, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r11, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r12 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r12, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r12, &(0x7f0000000480), 0x2e9, 0xfc) 99.786919ms ago: executing program 2 (id=133): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffd}]}) clock_adjtime(0x0, &(0x7f0000000000)={0x66b7, 0x11ff, 0x0, 0x7, 0x0, 0xfffffffffffffffd, 0x77, 0x0, 0x0, 0x0, 0x3, 0x248a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00, 0x0, 0x0, 0x6, 0x5, 0x0, 0xf439}) 99.376089ms ago: executing program 2 (id=134): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000300)=&(0x7f0000000240)) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x6e6902, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000c00)={0x5, 0x0, [{0xd000, 0x36, &(0x7f00000001c0)=""/54}, {0x0, 0x83, &(0x7f0000000340)=""/131}, {0x5000, 0x13, &(0x7f0000000200)=""/19}, {0x10000, 0xca, &(0x7f0000000400)=""/202}, {0x100000, 0xd9, &(0x7f0000000580)=""/217}]}) r2 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0100000000000000750000000000000066baf80cb850c0bf88ef66bafc0cb8a8000000efb9e2080000b88f3c0000ba000000000f30c4427d1e29b90b060000b894ffffffbaffffffff0f302e670f01cf6766460fc77032c46135e97cb80066b806000f00d867660ffcd6c461a915941e00300000c300000000000000001800000000000000c1f7ffffffffffff02000000000000001800000000000000470600000600000002000000000000001800000000000000010000000100010002000000000000001800000000000000050000000700000001000000000000004d0000000000000066b88a008ee0c4a17c10c9450f8ae9b7d67d460f01f864363e3626643e0f01c3c483990d6000c5c461f929ee3e0f01bd000001007eb966470f38db27c30200000000000000180000000000000010000000ffffffff01000000000000004d00000000000000c421785b03c4819d7dc7450f07b9330300000f3266baf80cb8665df483ef66bafc0c66b8a30066eff30f1ef1f3400f2dc20f036a0345dcecf22e0f07c301000000000000006e00000000000000c441fee6016566440f3acf550086440f01c4260ff64a00c483a57c9e00000000000f299d0200000066470f6baf7300000066baf80cb8146d5488ef66bafc0cb8fa6f0000eff266470f019d00000000b9800000c00f3235001000000f30c300000000000000001800000000000000090000000000000002000000000000001800000000000000050000000080000002000000000000001800000000000000feffffff0300000001000000000000006800000000000000c744240042000000c7442402151c0000c7442406000000000f01142466bad00466b8302d66ef430f35f264460f013866460f388195f9ffffff420f783966b8a6000f00d0f30fc7b3fcffffffc4c1f9e71b0f0f540f02aac3020000000000000018000000000000000700000008000000020000000000000018000000000000000000000000000000010000000000000055000000000000000f20d835200000000f22d8660f72e2d4450f78dc65f30f1eca66450fd00866ba4100b000eeb9120b0000b800a00000ba000000000f300f18c40f01f88f68088f64896cfdc30200000000000000180000000000000000000000000000000000000000000000180000000000000003000000000000000500000000000000570000000000000066baa100b822000000ef66b807010f00d0420f01df66b895008ee8c4c3a5ce743a06f826f2450f2047f3460f1b66a266410f38823c72c461fa1683000001000f78b206000000c30200000000000000180000000000000005000000fcffffff02000000000000001800000000000000040000000500000000000000000000001800000000000000ffffffffffffffff0200000000000000180000000000000000800000080000000200000000000000180000000000000001000000ff7f0000010000000000000083000000000000003e470f01cfc744240095730000c744240200280000c7442406000000000f011c2448b8cb000000000000000f23d80f21f835800000a00f23f8b805000000b90d7f00000f01c166baf80cb86b2d5f84ef66bafc0cecc441ab7c58080f93ac200000c0fe430f788e00000100410f08640fd8ebc3000000000000000018000000000000000008000000000000020000000000000018000000000000000900000000020000020000000000000018000000000000000800000057070000020000000000000018000000000000000000008081000000"], 0x50c}) openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead) io_setup(0x7, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[]) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) close_range(r1, r0, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.stat\x00', 0x275a, 0x0) sigaltstack(&(0x7f0000000000)={0x0}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x10, r4, 0x45806000) r5 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ASHMEM_SET_NAME(r5, 0x41007701, 0x0) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r5, 0x0) read(r3, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r6, 0x4018aee2, &(0x7f0000000000)) ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0, 0xeeee0000}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)) 99.166599ms ago: executing program 2 (id=135): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="84000000", @ANYRES16=r1, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x84}}, 0x0) 62.564779ms ago: executing program 2 (id=136): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) fcntl$setstatus(r1, 0x4, 0x460c0) socket$inet6(0xa, 0x80002, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) r3 = dup(r2) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) readv(r1, &(0x7f0000000700)=[{&(0x7f0000000200)=""/95, 0x5f}, {0x0}, {0x0}], 0x3) syz_clone3(0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r5, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) 0s ago: executing program 1 (id=137): mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff) mount$binderfs(0x0, &(0x7f0000001dc0)='./binderfs2\x00', &(0x7f0000001e00), 0x0, &(0x7f0000001e40)={[{@stats}]}) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.sectors\x00', 0x26e1, 0x0) close(r0) (async) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x68001, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110e22fff7) write$cgroup_subtree(r0, 0x0, 0x9) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000002500)='./binderfs2/binder0\x00', 0x0, 0x0) kernel console output (not intermixed with test programs): cess permissive=1 [ 18.057608][ T36] audit: type=1400 audit(1750462800.410:63): avc: denied { siginh } for pid=231 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.1.45' (ED25519) to the list of known hosts. [ 25.761806][ T36] audit: type=1400 audit(1750462808.120:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 25.763300][ T281] cgroup: Unknown subsys name 'net' [ 25.785034][ T36] audit: type=1400 audit(1750462808.120:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.814633][ T36] audit: type=1400 audit(1750462808.150:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 25.814883][ T281] cgroup: Unknown subsys name 'devices' [ 25.985964][ T281] cgroup: Unknown subsys name 'hugetlb' [ 25.991687][ T281] cgroup: Unknown subsys name 'rlimit' [ 26.168999][ T36] audit: type=1400 audit(1750462808.530:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 26.197692][ T36] audit: type=1400 audit(1750462808.530:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 26.223809][ T36] audit: type=1400 audit(1750462808.530:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 26.238963][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 26.256433][ T36] audit: type=1400 audit(1750462808.620:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.269713][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 26.283908][ T36] audit: type=1400 audit(1750462808.620:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.321490][ T36] audit: type=1400 audit(1750462808.630:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 26.349319][ T36] audit: type=1400 audit(1750462808.630:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.674697][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.682063][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.696941][ T288] bridge_slave_0: entered allmulticast mode [ 27.703782][ T288] bridge_slave_0: entered promiscuous mode [ 27.723521][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.730687][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.738115][ T288] bridge_slave_1: entered allmulticast mode [ 27.744972][ T288] bridge_slave_1: entered promiscuous mode [ 27.858735][ T292] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.866044][ T292] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.873266][ T292] bridge_slave_0: entered allmulticast mode [ 27.880244][ T292] bridge_slave_0: entered promiscuous mode [ 27.888497][ T292] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.896142][ T292] bridge0: port 2(bridge_slave_1) entered disabled state [ 27.903752][ T292] bridge_slave_1: entered allmulticast mode [ 27.910171][ T292] bridge_slave_1: entered promiscuous mode [ 27.970650][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.977944][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 27.985372][ T294] bridge_slave_0: entered allmulticast mode [ 27.992145][ T294] bridge_slave_0: entered promiscuous mode [ 28.008756][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.015951][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.023756][ T294] bridge_slave_1: entered allmulticast mode [ 28.030120][ T294] bridge_slave_1: entered promiscuous mode [ 28.043643][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.051059][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.058300][ T293] bridge_slave_0: entered allmulticast mode [ 28.064716][ T293] bridge_slave_0: entered promiscuous mode [ 28.071430][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.078579][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.085755][ T293] bridge_slave_1: entered allmulticast mode [ 28.092871][ T293] bridge_slave_1: entered promiscuous mode [ 28.165312][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.172622][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.180123][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.187589][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.272430][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.280480][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.298579][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.308269][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.328073][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.335382][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.381737][ T304] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.389036][ T304] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.396912][ T304] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.404102][ T304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.431306][ T288] veth0_vlan: entered promiscuous mode [ 28.459226][ T288] veth1_macvtap: entered promiscuous mode [ 28.472164][ T304] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.480120][ T304] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.496022][ T304] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.505751][ T304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.540149][ T292] veth0_vlan: entered promiscuous mode [ 28.559733][ T304] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.569283][ T304] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.578576][ T304] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.588951][ T304] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.618150][ T292] veth1_macvtap: entered promiscuous mode [ 28.645012][ T288] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 28.681664][ T294] veth0_vlan: entered promiscuous mode [ 28.704832][ T293] veth0_vlan: entered promiscuous mode [ 28.715530][ T308] netlink: 4276 bytes leftover after parsing attributes in process `syz.1.2'. [ 28.731949][ T294] veth1_macvtap: entered promiscuous mode [ 28.748283][ T293] veth1_macvtap: entered promiscuous mode [ 28.774104][ T312] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5'. [ 28.820911][ T315] rust_binder: Error while translating object. [ 28.820989][ T315] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 28.829144][ T315] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:4 [ 28.900062][ T325] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 28.930320][ T325] binder: Unknown parameter 'defcontext01777777777777777777777' [ 28.959000][ T334] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 28.975112][ T333] tipc: Started in network mode [ 28.984338][ T333] tipc: Node identity e6e8744f503d, cluster identity 4711 [ 28.992932][ T333] tipc: Enabled bearer , priority 0 [ 29.008467][ T333] tipc: Disabling bearer [ 29.057086][ T336] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:12 [ 29.078016][ T338] netlink: 16 bytes leftover after parsing attributes in process `syz.1.13'. [ 29.149645][ T343] netlink: 12 bytes leftover after parsing attributes in process `syz.3.15'. [ 29.164109][ T45] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 29.179314][ T345] binder: Unknown parameter '' [ 29.298960][ T358] netlink: 112 bytes leftover after parsing attributes in process `syz.0.22'. [ 29.332009][ T45] usb 3-1: Using ep0 maxpacket: 32 [ 29.339004][ T45] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 29.351390][ T45] usb 3-1: config 0 has no interface number 0 [ 29.360341][ T45] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 29.368241][ T362] rust_binder: Error while translating object. [ 29.373570][ T362] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 29.374009][ T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 29.382934][ T362] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:20 [ 29.398095][ T45] usb 3-1: Product: syz [ 29.421901][ T45] usb 3-1: Manufacturer: syz [ 29.427087][ T45] usb 3-1: SerialNumber: syz [ 29.449863][ T45] usb 3-1: config 0 descriptor?? [ 29.459832][ T45] smsc95xx v2.0.0 [ 29.504127][ T371] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 29.504199][ T371] rust_binder: Error while translating object. [ 29.518668][ T371] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 29.526859][ T371] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:30 [ 29.754515][ T388] netlink: 168 bytes leftover after parsing attributes in process `syz.3.34'. [ 29.814597][ T392] netlink: 'syz.3.36': attribute type 64 has an invalid length. [ 29.827894][ T390] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 29.828461][ T390] rust_binder: Error in use_page_slow: ESRCH [ 29.838135][ T390] rust_binder: use_range failure ESRCH [ 29.845926][ T390] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 29.855926][ T390] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 29.873157][ T390] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:14 [ 29.885383][ T398] rust_binder: Write failure EINVAL in pid:14 [ 29.893819][ T45] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 29.920552][ T45] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 29.942652][ T402] netlink: 8 bytes leftover after parsing attributes in process `syz.3.40'. [ 30.138466][ T415] random: crng reseeded on system resumption [ 30.147413][ T45] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 30.166021][ T45] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -61 [ 30.234376][ T422] netlink: 112 bytes leftover after parsing attributes in process `syz.1.47'. [ 30.353780][ T435] netlink: 'syz.0.53': attribute type 4 has an invalid length. [ 30.493551][ T445] netlink: 168 bytes leftover after parsing attributes in process `syz.1.58'. [ 30.529582][ T305] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 30.700372][ T305] usb 4-1: Using ep0 maxpacket: 32 [ 30.707066][ T305] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 30.717425][ T305] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 30.728849][ T305] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1792, setting to 1024 [ 30.742102][ T9] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 30.752898][ T305] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 30.789455][ T429] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 30.807522][ T305] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 30.825151][ T448] usb 3-1: USB disconnect, device number 2 [ 30.833820][ T305] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 30.846030][ T305] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.859593][ T305] usb 4-1: config 0 descriptor?? [ 30.865972][ T428] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 30.889217][ T458] netlink: 324 bytes leftover after parsing attributes in process `syz.2.62'. [ 30.937089][ T9] usb 1-1: not running at top speed; connect to a high speed hub [ 30.945662][ T9] usb 1-1: config 11 has an invalid interface number: 182 but max is 0 [ 30.954735][ T9] usb 1-1: config 11 has no interface number 0 [ 30.961052][ T9] usb 1-1: config 11 interface 182 altsetting 11 endpoint 0x3 has invalid maxpacket 1023, setting to 64 [ 30.974026][ T9] usb 1-1: config 11 interface 182 altsetting 11 endpoint 0x4 has invalid maxpacket 959, setting to 64 [ 30.985576][ T9] usb 1-1: config 11 interface 182 altsetting 11 has a duplicate endpoint with address 0xC, skipping [ 30.996822][ T9] usb 1-1: config 11 interface 182 has no altsetting 0 [ 31.005976][ T429] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 31.018527][ T429] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 31.028731][ T429] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 31.042050][ T429] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 31.052003][ T9] usb 1-1: New USB device found, idVendor=1b3d, idProduct=0173, bcdDevice=58.02 [ 31.061444][ T429] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 31.069728][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 31.079749][ T429] usb 2-1: config 0 descriptor?? [ 31.085100][ T9] usb 1-1: Product: 蜈䝬鮋ラ㋡纣磞庂챳庸绮笢睨ꔅण김ᑑᖁᆎ [ 31.098583][ T9] usb 1-1: Manufacturer: 䓤ꋊ㠥 [ 31.099481][ T305] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 31.115730][ T9] usb 1-1: SerialNumber: ࠌ [ 31.235010][ T448] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 31.395288][ T448] usb 3-1: Using ep0 maxpacket: 16 [ 31.401926][ T448] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 31.412359][ T448] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 31.422099][ T448] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 31.431460][ T448] usb 3-1: config 0 descriptor?? [ 31.527640][ T429] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 31.535199][ T429] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 31.543083][ T429] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 31.550994][ T429] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 31.558874][ T429] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 31.566473][ T429] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 31.574078][ T429] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 31.581562][ T429] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 31.589182][ T429] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 31.596793][ T429] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 31.604622][ T429] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 31.614290][ T429] plantronics 0003:047F:FFFF.0001: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 31.802060][ T31] usb 2-1: USB disconnect, device number 2 [ 31.802806][ T447] plantronics 0003:047F:FFFF.0001: usb_submit_urb(ctrl) failed: -19 [ 31.822831][ T36] kauditd_printk_skb: 105 callbacks suppressed [ 31.822850][ T36] audit: type=1400 audit(1750462814.011:179): avc: denied { unlink } for pid=446 comm="syz.1.59" name="#3" dev="tmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 31.857102][ T36] audit: type=1400 audit(1750462814.020:180): avc: denied { mount } for pid=446 comm="syz.1.59" name="/" dev="overlay" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 31.884133][ T9] ftdi_sio 1-1:11.182: FTDI USB Serial Device converter detected [ 31.893905][ T9] ftdi_sio ttyUSB0: unknown device type: 0x5802 [ 31.907150][ T9] usb 1-1: USB disconnect, device number 2 [ 31.915093][ T9] ftdi_sio 1-1:11.182: device disconnected [ 31.934935][ T466] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 31.935870][ T36] audit: type=1400 audit(1750462814.123:181): avc: denied { execute } for pid=465 comm="syz.0.65" name="file0" dev="tmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 31.936409][ T466] rust_binder: Failed to allocate buffer. len:18446744073709551608, is_oneway:false [ 31.969795][ T466] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 31.980781][ T466] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:35 [ 32.180236][ T36] audit: type=1400 audit(1750462814.348:182): avc: denied { read } for pid=481 comm="syz.0.72" dev="nsfs" ino=4026532568 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 32.181641][ T482] rust_binder: Write failure EINVAL in pid:50 [ 32.189611][ T36] audit: type=1400 audit(1750462814.348:183): avc: denied { open } for pid=481 comm="syz.0.72" path="net:[4026532568]" dev="nsfs" ino=4026532568 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 32.241484][ T36] audit: type=1400 audit(1750462814.348:184): avc: denied { create } for pid=481 comm="syz.0.72" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 32.262082][ T36] audit: type=1400 audit(1750462814.385:185): avc: denied { create } for pid=481 comm="syz.0.72" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 32.281917][ T36] audit: type=1400 audit(1750462814.395:186): avc: denied { ioctl } for pid=481 comm="syz.0.72" path="socket:[4043]" dev="sockfs" ino=4043 ioctlcmd=0x89f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 32.308015][ T36] audit: type=1400 audit(1750462814.395:187): avc: denied { setopt } for pid=481 comm="syz.0.72" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 32.375165][ T36] audit: type=1400 audit(1750462814.535:188): avc: denied { unmount } for pid=288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 32.520086][ T502] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 32.520113][ T502] rust_binder: Error while translating object. [ 32.531969][ T502] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.538270][ T502] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:49 [ 32.541981][ T496] rust_binder: Error in use_page_slow: ESRCH [ 32.557423][ T496] rust_binder: use_range failure ESRCH [ 32.576698][ T496] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 32.582736][ T496] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 32.591140][ T496] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:54 [ 32.702320][ T514] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.755087][ T524] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 32.822898][ T530] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:59 [ 32.944125][ T536] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 32.953482][ T537] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.023627][ T536] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 33.193629][ T560] overlayfs: failed to resolve './file1/file0': -2 [ 33.221319][ T562] netlink: 'syz.1.108': attribute type 4 has an invalid length. [ 33.251758][ T564] rust_binder: Error while translating object. [ 33.251794][ T564] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 33.258380][ T564] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:85 [ 33.300722][ T571] rust_binder: Failed to allocate buffer. len:128, is_oneway:true [ 33.359857][ T578] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:98 [ 33.369791][ T578] rust_binder: Write failure EINVAL in pid:98 [ 33.493052][ T448] usb 4-1: USB disconnect, device number 2 [ 33.506999][ T448] usblp0: removed [ 33.516569][ T583] overlayfs: failed to resolve './file1/file0': -2 [ 34.010644][ T609] kvm_intel: kvm [608]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0xff [ 34.020700][ T609] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 34.020733][ T609] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:80 [ 34.031144][ T609] SELinux: security_context_str_to_sid (system_u) failed with errno=-22 [ 34.129978][ T45] usb 3-1: USB disconnect, device number 3 [ 34.221127][ T635] __nla_validate_parse: 11 callbacks suppressed [ 34.221151][ T635] netlink: 112 bytes leftover after parsing attributes in process `syz.2.135'. [ 34.277683][ T637] rust_kernel: panicked at rust/kernel/sync/poll.rs:54:18: [ 34.277683][ T637] null pointer dereference occurred [ 34.297673][ T637] ------------[ cut here ]------------ [ 34.304458][ T637] kernel BUG at rust/helpers/bug.c:7! [ 34.313896][ T637] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 34.321195][ T637] CPU: 0 UID: 0 PID: 637 Comm: syz.2.136 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 34.335144][ T637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 34.345533][ T637] RIP: 0010:rust_helper_BUG+0x8/0x10 [ 34.351388][ T637] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 80 a3 a9 28 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 ca 67 e0 a4 90 90 90 90 90 90 90 90 90 [ 34.371626][ T637] RSP: 0018:ffffc9000b7e71d0 EFLAGS: 00010246 [ 34.377909][ T637] RAX: 000000000000005a RBX: 1ffff920016fce3c RCX: a33c6dc527966100 [ 34.386033][ T637] RDX: ffffc90002e57000 RSI: 000000000000288b RDI: 000000000000288c [ 34.389292][ T643] rust_binder: Failed to register with vma: already registered [ 34.394106][ T637] RBP: ffffc9000b7e71d0 R08: ffffc9000b7e6ec7 R09: 1ffff920016fcdd8 [ 34.394134][ T637] R10: dffffc0000000000 R11: fffff520016fcdd9 R12: 0000000000000000 [ 34.404167][ T643] rust_binder: Error in use_page_slow: ESRCH [ 34.410101][ T637] R13: dffffc0000000000 R14: ffffc9000b7e7200 R15: ffffc9000b7e7230 [ 34.410128][ T637] FS: 00007fb2d4f2a6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 34.410148][ T637] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 34.410164][ T637] CR2: 00007f7874780ab8 CR3: 0000000119e66000 CR4: 00000000003526b0 [ 34.419179][ T643] rust_binder: use_range failure ESRCH [ 34.424160][ T637] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 34.424183][ T637] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 34.424199][ T637] Call Trace: [ 34.424207][ T637] [ 34.433790][ T643] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 34.441853][ T637] _RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x15b/0x160 [ 34.449287][ T643] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 34.457019][ T637] ? __cfi__RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x10/0x10 [ 34.457068][ T637] ? __cfi__RNvXs1b_NtCs9jEwPDbx20M_4core3fmtRNtNtNtB8_5panic10panic_info9PanicInfoNtB6_7Display3fmtCs43vyB533jt3_6kernel+0x10/0x10 [ 34.457109][ T637] ? p9pdu_vwritef+0x2720/0x2720 [ 34.457135][ T637] ? radix_tree_node_alloc+0x1af/0x400 [ 34.457165][ T637] ? __cfi_p9pdu_vwritef+0x10/0x10 [ 34.457189][ T637] ? p9pdu_vwritef+0x1c5e/0x2720 [ 34.457217][ T637] _RNvNtCs9jEwPDbx20M_4core9panicking18panic_nounwind_fmt+0xec/0xf0 [ 34.457252][ T637] ? __cfi__RNvNtCs9jEwPDbx20M_4core9panicking18panic_nounwind_fmt+0x10/0x10 [ 34.457287][ T637] ? p9pdu_writef+0xdb/0x130 [ 34.463795][ T643] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:30 [ 34.470861][ T637] ? p9pdu_vwritef+0x2720/0x2720 [ 34.470908][ T637] _RNvNtCs9jEwPDbx20M_4core9panicking30panic_null_pointer_dereference+0x49/0x4c [ 34.599694][ T637] _RNvMNtNtCs43vyB533jt3_6kernel4sync4pollNtB2_9PollTable8from_ptr+0x40/0x40 [ 34.608925][ T637] ? _RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0xce/0x570 [ 34.616849][ T637] _RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0xe2/0x570 [ 34.624692][ T637] ? p9_client_prepare_req+0x732/0xa10 [ 34.630376][ T637] ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10 [ 34.638871][ T637] ? __kasan_check_write+0x18/0x20 [ 34.644209][ T637] ? _raw_spin_lock+0x8c/0x120 [ 34.649098][ T637] ? tun_chr_poll+0x127/0x770 [ 34.654062][ T637] ? _raw_spin_lock+0x8c/0x120 [ 34.658902][ T637] ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10 [ 34.667234][ T637] p9_fd_request+0x446/0x520 [ 34.672025][ T637] p9_client_rpc+0x2f9/0xb40 [ 34.676839][ T637] ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10 [ 34.685123][ T637] ? p9_fid_create+0x3d0/0x3d0 [ 34.690065][ T637] ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10 [ 34.699073][ T637] ? p9_conn_create+0x4c9/0x570 [ 34.704073][ T637] ? p9_fd_create+0x2f3/0x4c0 [ 34.708929][ T637] p9_client_create+0x96a/0x1190 [ 34.714165][ T637] ? __cfi_p9_client_create+0x10/0x10 [ 34.720185][ T637] ? kasan_save_alloc_info+0x40/0x50 [ 34.725583][ T637] ? __kasan_kmalloc+0x96/0xb0 [ 34.730485][ T637] ? kstrdup+0x7b/0x140 [ 34.734736][ T637] ? __kasan_check_write+0x18/0x20 [ 34.740399][ T637] v9fs_session_init+0x1e1/0x1820 [ 34.745904][ T637] ? __cfi_v9fs_session_init+0x10/0x10 [ 34.751727][ T637] ? kasan_save_alloc_info+0x40/0x50 [ 34.757225][ T637] ? __kasan_kmalloc+0x96/0xb0 [ 34.764019][ T637] ? v9fs_mount+0xbd/0xa00 [ 34.769077][ T637] v9fs_mount+0xd7/0xa00 [ 34.774272][ T637] ? selinux_sb_eat_lsm_opts+0xa69/0xb40 [ 34.781087][ T637] ? __cfi_v9fs_mount+0x10/0x10 [ 34.786406][ T637] ? selinux_capable+0x38/0x50 [ 34.791955][ T637] legacy_get_tree+0x103/0x1b0 [ 34.796945][ T637] ? __cfi_v9fs_mount+0x10/0x10 [ 34.802717][ T637] vfs_get_tree+0x9e/0x290 [ 34.807465][ T637] do_new_mount+0x251/0xb40 [ 34.812089][ T637] path_mount+0x688/0x1050 [ 34.816840][ T637] ? putname+0x113/0x150 [ 34.821468][ T637] __se_sys_mount+0x2bd/0x480 [ 34.826625][ T637] ? __x64_sys_mount+0xf0/0xf0 [ 34.831529][ T637] ? __kasan_check_write+0x18/0x20 [ 34.836990][ T637] ? fpregs_restore_userregs+0x11d/0x260 [ 34.843557][ T637] __x64_sys_mount+0xc3/0xf0 [ 34.848898][ T637] x64_sys_call+0x2021/0x2ee0 [ 34.853925][ T637] do_syscall_64+0x58/0xf0 [ 34.858655][ T637] ? clear_bhb_loop+0x35/0x90 [ 34.863760][ T637] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 34.870007][ T637] RIP: 0033:0x7fb2d418e929 [ 34.874555][ T637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 34.894975][ T637] RSP: 002b:00007fb2d4f2a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 34.903474][ T637] RAX: ffffffffffffffda RBX: 00007fb2d43b5fa0 RCX: 00007fb2d418e929 [ 34.911580][ T637] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 0000000000000000 [ 34.920033][ T637] RBP: 00007fb2d4210b39 R08: 0000200000000240 R09: 0000000000000000 [ 34.928201][ T637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 34.936449][ T637] R13: 0000000000000000 R14: 00007fb2d43b5fa0 R15: 00007ffeaa4d45b8 [ 34.944912][ T637] [ 34.947939][ T637] Modules linked in: [ 34.954913][ T637] ---[ end trace 0000000000000000 ]--- [ 34.962531][ T637] RIP: 0010:rust_helper_BUG+0x8/0x10 [ 34.962779][ T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 34.980436][ T637] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 80 a3 a9 28 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 ca 67 e0 a4 90 90 90 90 90 90 90 90 90 [ 35.001748][ T637] RSP: 0018:ffffc9000b7e71d0 EFLAGS: 00010246 [ 35.008536][ T637] RAX: 000000000000005a RBX: 1ffff920016fce3c RCX: a33c6dc527966100 [ 35.017291][ T637] RDX: ffffc90002e57000 RSI: 000000000000288b RDI: 000000000000288c [ 35.025773][ T637] RBP: ffffc9000b7e71d0 R08: ffffc9000b7e6ec7 R09: 1ffff920016fcdd8 [ 35.034418][ T637] R10: dffffc0000000000 R11: fffff520016fcdd9 R12: 0000000000000000 [ 35.042865][ T637] R13: dffffc0000000000 R14: ffffc9000b7e7200 R15: ffffc9000b7e7230 [ 35.051281][ T637] FS: 00007fb2d4f2a6c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 35.070385][ T637] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 35.087228][ T637] CR2: 00007f7874780ab8 CR3: 0000000119e66000 CR4: 00000000003526b0 [ 35.095391][ T637] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 35.103542][ T637] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 35.111850][ T637] Kernel panic - not syncing: Fatal exception [ 35.118984][ T637] Kernel Offset: disabled [ 35.123526][ T637] Rebooting in 86400 seconds..