last executing test programs: 44.861860749s ago: executing program 0 (id=35): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000340)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000100)={@flat=@binder={0x73622a85, 0x100a}, @flat, @flat=@weak_binder={0x77622a85, 0x0, 0xfffffffffffffffe}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) (fail_nth: 7) 44.44899627s ago: executing program 0 (id=37): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000a80)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000001440)=[@acquire], 0x0, 0x0, 0x0}) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_kvm_setup_syzos_vm$x86(r3, &(0x7f0000bfe000/0x400000)=nil) r5 = syz_kvm_add_vcpu$x86(r4, &(0x7f0000000140)={0x0, &(0x7f00000001c0)=[@cpuid={0x14, 0x18, {0xa, 0xde}}], 0xfffffffffffffc7f}) ioctl$KVM_SET_CPUID2(r5, 0x4008ae90, &(0x7f00000005c0)=ANY=[@ANYBLOB="0200000000000000070000009f0a0000040000000200000000001c0002000000000000000000000000000000000000000b000000"]) munmap(&(0x7f0000002000/0x800000)=nil, 0x800000) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x18, 0x0, &(0x7f00000004c0)=[@request_death, @release], 0x0, 0x0, 0x0}) 43.949332889s ago: executing program 0 (id=40): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_inet_SIOCSIFBRDADDR(r1, 0x891a, &(0x7f0000000100)={'vxcan1\x00', {0x2, 0x4e23, @loopback}}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000140)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d6c2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) add_key$keyring(0x0, &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x9, 0x7, 0x1, 0x4, 0x2, 0x1, 0x1, 0xff, 0x5, 0x36, 0xe, 0x9, 0xc, 0x2, 0xd, 0x5}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x40000000000002, 0x7, 0xeab, 0x180, 0x0, 0x0, 0xf2, 0x9, 0x8, 0x5, 0x0, 0x400, 0x0, 0x0, 0x0, 0x4], 0x1, 0x3c4212}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 43.693000445s ago: executing program 0 (id=44): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = inotify_init() inotify_add_watch(r1, 0xfffffffffffffffe, 0x700008c0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x14) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x8) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x8, 0x2, 0x2, '\x00', 0x2}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 43.579202026s ago: executing program 0 (id=45): r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x8040, 0x0) mknodat(r0, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008) pipe2$9p(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000140)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x4000, &(0x7f0000001200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@debug={'debug', 0x3d, 0x7}}]}}) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') pread64(r4, &(0x7f0000000200)=""/4087, 0xff7, 0xd37) 43.513780672s ago: executing program 0 (id=46): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}, 0x48b}, {{0x0, 0x0, 0x0}, 0xb22d}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000880)=""/4098, 0x1002}, {&(0x7f00000007c0)=""/186, 0xba}, {&(0x7f00000018c0)=""/256, 0x100}, {&(0x7f0000000180)=""/231, 0xe7}, {&(0x7f00000034c0)=""/197, 0xc5}, {&(0x7f0000000080)=""/223, 0xdf}, {&(0x7f00000019c0)=""/144, 0x90}, {&(0x7f0000000380)=""/155, 0x9b}], 0x8}, 0xffffffff}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}, 0x8}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x1ff}], 0x7, 0x2100, 0x0) 43.480064185s ago: executing program 32 (id=46): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}, 0x48b}, {{0x0, 0x0, 0x0}, 0xb22d}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000880)=""/4098, 0x1002}, {&(0x7f00000007c0)=""/186, 0xba}, {&(0x7f00000018c0)=""/256, 0x100}, {&(0x7f0000000180)=""/231, 0xe7}, {&(0x7f00000034c0)=""/197, 0xc5}, {&(0x7f0000000080)=""/223, 0xdf}, {&(0x7f00000019c0)=""/144, 0x90}, {&(0x7f0000000380)=""/155, 0x9b}], 0x8}, 0xffffffff}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600}, 0x8}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x1ff}], 0x7, 0x2100, 0x0) 2.370674686s ago: executing program 2 (id=460): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000940)=ANY=[@ANYBLOB="120100000cb78a405e0483020b990102030109022400010000000009040000025c291d0009050900000000000009050b"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) io_setup(0x3, &(0x7f0000000140)=0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) unlinkat(0xffffffffffffff9c, 0x0, 0x200) sendmmsg$inet(r4, &(0x7f0000003a40)=[{{&(0x7f00000004c0)={0x2, 0x4e23, @loopback}, 0x10, 0x0}}, {{&(0x7f00000007c0)={0x2, 0x4e23, @loopback}, 0x10, 0x0}}], 0x2, 0x4000) io_submit(r3, 0x1, &(0x7f0000000a40)=[&(0x7f0000000840)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}]) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f00000001c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000000)={@fd={0x66642a85, 0x0, r1}, @fd={0x66642a85, 0x0, r1}, @flat=@weak_binder={0x77622a85, 0x100, 0x1}}, &(0x7f00000000c0)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 2.088155724s ago: executing program 4 (id=464): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.031723479s ago: executing program 4 (id=468): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x12b8b000) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) fadvise64(r1, 0x3, 0x0, 0x4) 1.997841793s ago: executing program 4 (id=469): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) (async) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_linger(r2, 0x1, 0xd, 0x0, &(0x7f0000000140)) (async, rerun: 64) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000040)=[@register_looper, @clear_death], 0x0, 0x0, 0x0}) (rerun: 64) 1.968838696s ago: executing program 4 (id=470): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000a80)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000001440)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x10, 0x0, &(0x7f00000004c0)=[@request_death], 0x0, 0x0, 0x0}) 1.968360246s ago: executing program 4 (id=471): syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000081c09668800000000000109022400010000000f0904000004030000000921faff0890a98b1e09058103ff03c9ff"], 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x12b8b000) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) fadvise64(r1, 0x3, 0x0, 0x4) 1.4161447s ago: executing program 1 (id=475): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000100)={'ip6tnl0\x00', &(0x7f0000000180)={'ip6tnl0\x00', 0x0, 0x29, 0x1, 0x9, 0x0, 0x8, @local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xbf519b4d98293a56, 0x8, 0x56d, 0x6}}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x8, 0x2, 0x2, '\x00', 0x2}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.286433033s ago: executing program 3 (id=478): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x400, 0xa88, 0xe691, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x4, 0x453, 0x3, 0x3, 0x6, 0xfff], 0x0, 0x134244}) sendfile(r1, r2, &(0x7f0000000000)=0x68, 0xfffffffffffffff5) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901}) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$inet_buf(r3, 0x0, 0x2c, &(0x7f0000000180)=""/191, &(0x7f0000000040)=0xbf) ioctl$KVM_RUN(r2, 0xae80, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000080), 0x3) 1.269893325s ago: executing program 1 (id=479): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000040)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000100)={@flat=@weak_binder={0x77622a85, 0x1100}, @flat, @flat=@weak_binder}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x44, 0x0, &(0x7f0000000240)=[@transaction={0x630b, {0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000180)={@flat=@weak_handle={0x77682a85, 0x1001, 0x1}, @flat=@handle={0x73682a85, 0x100}, @fda={0x66646185, 0x7, 0x2, 0x13}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 1.236658798s ago: executing program 1 (id=480): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000a80)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000000)={0x8, 0x0, &(0x7f0000001440)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x8, 0x0, &(0x7f00000004c0)=[@release], 0x0, 0x0, 0x0}) 1.236195478s ago: executing program 1 (id=481): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r1, 0x0, 0x0) 1.183961673s ago: executing program 1 (id=482): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f0000000680)={0x0, 0x22, 0xd, {[@local=@item_012={0x2, 0x2, 0xa, "15d4"}, @local=@item_012={0x2, 0x2, 0x8, "c1a1"}, @global=@item_012={0x2, 0x1, 0x1, "7093"}, @main=@item_012={0x2, 0x0, 0x9, 'V\x00'}, @global=@item_012={0x0, 0x1, 0x3}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) ioctl$HIDIOCGFIELDINFO(r1, 0xc038480a, &(0x7f0000000040)={0x2, 0x200, 0x0, 0x8, 0x0, 0xac5, 0x7, 0x4, 0x1, 0x3, 0x8, 0x9, 0x3456, 0x9}) 1.178524893s ago: executing program 3 (id=483): r0 = socket$inet_tcp(0x2, 0x1, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x1, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000)={0x0, 0x5}, 0x8) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r3, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x400, 0xa88, 0xe691, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x4, 0x453, 0x3, 0x3, 0x6, 0xfff], 0x0, 0x134244}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.093926702s ago: executing program 3 (id=484): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x1}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x1000, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x44, 0x110000000000000, &(0x7f0000000340)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000100)={@flat=@binder={0x73622a85, 0x100a}, @flat, @flat=@weak_binder={0x77622a85, 0x0, 0xfffffffffffffffe}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 1.035788288s ago: executing program 3 (id=485): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000100), 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x4000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x800, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x89f1, &(0x7f0000000340)={'sit0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x41, 0x5, 0x0, 0x4, 0x7, 0x2, 0x5, 0xfc, 0x57, 0x8, 0x3, 0x2, 0x8, 0xff, 0x0, 0x45}}) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xd0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0x2, &(0x7f00000001c0)=0x9, 0x4) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x165342, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) mprotect(&(0x7f000000b000/0x2000)=nil, 0x2000, 0x4) write(r4, &(0x7f0000000400)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9358bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6698428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc052f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb686c4207e21aa30bdae1d1602d3e4080784834e213c426ba5446f90d3b3885a5d6942c6b0e637f5bb9c7908460bd7d04497ab054c8fc7f89068f7535976ad051bfe94c243ce7604a63b2099b69f1ed73590a318fad9a170fa0cddfe60e981a92de2e1aab3465b11a968108e08deadfa1fa546c4cbc0c34ac28597848562583ae8d93cb60f2e06c7a1f743add51eb8cd732b40d48fde00117cb2d654100dfcc66b7c9fefac80e137caa5cf43ae897780251a3ebbc4ddd3b003168963c9e2c9446cb29731fc4bbb5e551aca6913f7b8576ce34012581b5a363917970399ca369688e637cf06ff3c8114383d2fcbf9c69f1ca63cd21695254a440df5ef0a8abfdbd0a651a533b6cdb82382e3bd70f87c1d3eb0a6e22452605026fafe6d35158c0728c1050a39330c80ee2ee0b09366fc6382883ecd0796feec657b36aee4091471e406e9faffd5ede27943e5fbf1b7249ab8bad71f60063697f04db52e980a9fb3eb5e53b89be8a5f0e6afea7435789ecd444c28eb411cdc2158e434178749f36cc957dbd17efb2b218592f78d6864f2708e8c6db2da0d3f6de53959afec0c90d3d62a13a0bc3857bce58d81223eddd05cf3c1ec6b3fc5307d0f16d470f2065300295197e9fa81d2e5574b2c7b18f1c6c85156a9b1174d62dcd3cb026f4b67e6babd66c8f427b9687585f37b18c82e0100507035e78ce010b78ea1b5d3884db25df36ae929dd535a854a31cba5e47655873df72be7463c600b704e9da0e7cb2d61d0710248814ecced2eef8f227c8aec308c2c9d0a39d1a6b306080e8eaef8edece0f6d0d1612c582d70c3999a1a6bd529538f51ba4869ce74bc8509a7126d96db118cdb55411a36f4361d53c8027c12a7486e9c84e4de445b454630be27bdc2ec268702d9c1890297bdd1fc7a235f1a47f4645d286146f3cb9a7ce650f4157a1e7f134eb1815001d59905d3103efad3c66479330e8a5da941c9c38bf21bc0770e3fd56cafa19ad6e9d51f94ed4f900062b5602653aacdcc956aeecfb1dd613caf918e1ca8ef2e1504c42768e77df43569d5fe4b48c237cad5285c578b26b4e47c8ce06fd2686e17eb6d5df5645d0fdde7782216be07a1135dabc3a59598bdbab249c5391832f18ac5163aa7a1a890128a4520835a53eb750604c5e328ecb3216516b3eba3f97652caeb4327da8865880a932dc8e7668666ac3b76a2a424ca37b5dfb52495710611e20790427a9f9e7ac59bb86f0fb7a17a5def347a98dd8e733b784d78d5c7f16f327a2606d4252411457465540a60b0757802f470d08337c0fe4eee5f5cfe4f296d0f7068e80828a022c95632beb7b7f802135e246b1adebebf24c821dee7205e9fe1a437b16aaa8dcb4a58b0bdbc8dbc2fce09271c27430cc9ca8141955ec5ff4228627c3816cfe1bb2c0f40f6a61e8bfa4e2dd744e41ed80b83e9aef77119f4b062b98e86690711e83e795bafa7a8db16f241cee76aa01ff749100c113fda966aa8c83ebe975f760c18e3864065a5de6e8028a9e3199f4acff11e14bb13bc50faf97fdeab46edc371e55cab78841a2de17ca116b0183ac38b658c57a64ab11bb0de071c971a7a5175ad0bac6ac1d1118230a5412a35bd005b369df0e04e749ea93d7e56f713b9ceff580547a2a76ea4753a78b4a5cd0311024c5536b536c8ede63bac8e8b4c5851248d9098a7c6bcc3d5f209178b45aef3c1afa4ab73d8feac3e1f771626d73d85f72dc15d16bd3b7b93e622626f6f3d96b4425d328236cf1579f1ca834a7b318b012e27b9a2dc528189cf1eb3705d90de50ce7ac0c256b7e41500113e164fb7d53c74c6f829552a5bce73eeab9a46d01551bdab18fd3a7e82b036872f1e876b12c5676f63a6ef0c6ff159788a0c2fc40f179a259c656e8aba9295e90027e74ef910ce3c56d6e2de917947410b05603b6a5052453f13e6ac058b3f621573bfe6224bad8c3a5f575e1eb774839cb554c53c9b3ad623df6c5c9627cce856f9ba5847557bc9f854cbb37a936f20a733ba352ee5b343b941290a399fb862434d1b551da420053cad3bad65195cde40b345740e30e9a22619add8aedb763473b729c0649f7a1ea45325534c9b629a1fe3a54a78fe44969715182c6df5c9ecf6878380831b2996579332ac37286e72ab16824c3fc9ef8d74a7f1f5cf80fa37f6bb990db3a7a70139887a4eba0763247c58f4fe770a0496a5ef49a3ba4d62bb900644d49b5fba7e58d58af6ae50c96da346618434ed46b8f4c27cde5e8863d5b090dc117f3b16db2c4273fa84f8b06d3df436bf4a8cfa6d33d7f0e78ef422d5d7640c821398c9adf4d6ccb1b2f7cd0e497023cfdd6b5bb9ad6a29edb8b78fb3322414cad1458eb12699853acb165076db7088f518386380850c111cbe74034ddbfe217db714325ebc4d6b46eba640cf125b87eed0832077ab775e475e431079756b3da6f9bb3c861ce7eabf6adf70b76eb9642a1bab3d7afef2d7b40c8a19b98123ad7449c1039c494e73bc91a86e8e92c39a9482cf60605b9e5c209262c4fcfde76ee370bd6a78253b64c5cbb19a11b34c5a9ccf634c52751277268cd97e795b43867af5a4db51bd631ac547906fd52aff43eb98edacecf08f94a060902b5cb82e87ec856305005bd1150e581d9717460e31ba724da5e7ad72fa580f8509fe838dbc1bfbbf53e29688f25ca602d2de702e4411d3d133e2ab2f454f71f98efc2cd0eb468544cacf608c6689ef122009cf61e813e26b7b2b1695143fcd510f509ec2bf7205e674ba6767eaa29605c51e434c298bde0969617292e960d22b085632d241aa2a8e0f6ac6f2d56d0ed2c6bd3eca306a3224915065894480e737c7d7a11901bb7f977525cfcab652476baab0fd3b68dc59fd14ccdd6248bd5c5a0ab1dbae28a848b2d4ad0d973bb149ff4115b0436b7d145a6f8081d314039131f60dc8ed0ccf2c4971f0a59a65b3b1ef638e6d009dff793a4b7266c58f88bb117d665cae8fc6f6c2840470333bdbc8df12c6633a6ac7b664e089a85dc6d49f52459dd2df1be552194eef6027c1b45f62b97647788c3325f05609c1e02cbc9a18be72e4b502df719e4f9cb82615e3a03b5732328e552023dbfdcf91ed5ab51242e7d09a9b73674f0946976d8a8fa9288dce4d54d5820a0f0053b892685f79a6c8dbac724fce4d24a7b75e383f54ac58af3951d666a22f158637acc4f0e09e248e85f8e1439501afc0d5b7e9eab40fa737ae93482a1e29f3e327fa31d0d764c65ab976af1eb91fe08c5bc10a48b93453ad192d1d538cf93b792a70246bde99f46a78b670edea552840e08c787c928ee311f954b73d07287a59b470e38d4e624ddba8e4b21a74d7c07cc684b0ea82212129901029e74312866722dfa2dc53de3e8ddc00adc21deb7510ed15c50d139296297408da3d6beb589e7bb3f1d74e4e8dddec14b9cdf371d7f142136cdca5644d09edd97228a0abcd2e7b402c5cc68683cb980f50ca7aea8338dc5990a6ebb2d2b95a3deecc45f5a4f4e0e40a57e29f3e227c41db00e17dc962e2ea3184b5057c89974bcab651a22e588a527d7d8ec695e7ab5622c1ad3763d045a8393b7acfa04488556ac957777d1aebfc5d0e2a8150a6984d5607ac2400789d8f622c837d6a9b78fcc2d8aa872949edde53e3a99b5f5bf35bff5f0db7874ad3f172f9d8dd6cbb17a770b1482c79b9a15605cd0d89c6bae9aa6db8e886cfff8f843b99df95dde88c96202ae6ced4d539a3f70997ee7b2bdb7bbe529f9bc55b143066de8d9dcd7fa38c54094f2235e4a17ef8e910b4d48c373ce5e6fc9824ca8f115e579b002df16c591557cd6cac1363b8d8fc656075ca703a87f1efa76e4122eb7358389f659681fb49cb82215f73b284a7678b8b1528472d0cfab1980ee3d4410bdc1c31f1f798c3ca5744077e2f6cb4ca6e415f1e3afc8c00dd95d3307de5428883513f01ed19dde487e1c103619fd78583f09d02982512e0ee20a670b3b24986dcb7431f1ef3fd12e801bb2454213ff7b1962a464647eb4c8125cf2ed098160da880024a98add9b2917e133dcee7a8e25387fd5bf2b3f8fb05b2f7ed5f719b30b9cca4b1754e31d48bd2ec79e7e9c155130ea5f0876f3bb4d94ac74b209633ecb03deb8b9448e8cf4b4bcb04ffdb38ac457881f84636246a4e5e7773166129fb8b7803c6dde0ee69fd1f76f1d93b729eacc9d8dbd6e61e638a3f8de972a824936b1d869a15daaa21db04760e9110c5b7c736671d31a72fcd57a6f7424c898791cafa21a48921215a78d60a367aa7c6284a1aaa1fee0c5291bdc91bf8c032c9917fd28e68fc046ea4b17952f1abbe01af5f19e4fa99fc6a985f6264f9efbb208e6146d3465cc603ef36d3d59b5197bca1696bf5658b60cf0e0455cb1e174e52c4acb712a3ed9202a1ae334427b93305939c7f15e9e5eed09b5fc8d1e3836720d46d133841d4482ec2427d3002d95bce996b4b2d5b59b2a43970afe35517674bfdd8807931697422045f60641138fefa27865b9d477ef04847dd02d305e8f15e228522e54d1ffda6d5b26ad831146c66e6f9153ebeb0785ea75283df66816d771c7e4297c1686d06494a59046313169f2e2b4988a2758198fcb166d9d112d187a4456503e6c0bdfb390c89dcebf3cb8260a27fdebddbc6071857010ad4c59c062db35a4", 0x1f000) 954.027276ms ago: executing program 3 (id=486): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x8927, &(0x7f0000000280)={'ip6tnl0\x00', 0x0}) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000500)={0xa, 0x4e20, 0xbb6, @loopback, 0x5}, 0x28) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20, 0x9, @loopback, 0x70a95c23}, 0x1c) r3 = fcntl$dupfd(r2, 0x406, r2) write$binfmt_elf64(r3, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46030459b70400000000000000020006000b0000009601000000000000400000000000000046000000000000000200000000023800010003000300040001000000a5090000ffff000000000000020500000000000002000000000800000100010000000000010400000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000"/2680], 0xa78) read$FUSE(0xffffffffffffffff, &(0x7f0000000480)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_WRITE(r3, &(0x7f0000000040)={0x18, 0x0, r4}, 0x18) add_key$fscrypt_v1(&(0x7f0000000440), 0x0, 0x0, 0x0, 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_BEACON(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000200)={0x2c, r6, 0x1, 0x21, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x20019}}}}, [@NL80211_ATTR_IE_ASSOC_RESP={0x4, 0xe}]}, 0x2c}}, 0x4014080) sendmsg$NL80211_CMD_RADAR_DETECT(r3, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x54, r6, 0x400, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xa}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x29c}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x23}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xee5}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x17}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}]}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x2000c850) r7 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000040)={0x9, 0xffffffff, 0x4e, 0x567}, 0x13) sendfile(r3, r1, &(0x7f00000002c0)=0x1, 0x3) sendmsg$nl_generic(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x30, 0x16, 0x1, 0x0, 0x4, {0xa}, [@nested={0x1c, 0xca, 0x0, 0x1, [@typed={0x17, 0x8, 0x0, 0x0, @str='./binderfs/binder1\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) r8 = syz_open_dev$usbfs(&(0x7f0000000000), 0x76, 0x183281) ppoll(&(0x7f0000000040)=[{r8, 0x2}, {r8, 0xe260}], 0x2, 0x0, 0x0, 0x0) write$UHID_INPUT2(r1, &(0x7f0000000280)=ANY=[], 0x6) socket$inet6_tcp(0xa, 0x1, 0x0) 899.683941ms ago: executing program 2 (id=487): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) add_key$fscrypt_v1(&(0x7f0000000440), 0x0, 0x0, 0x0, 0xffffffffffffffff) write$UHID_INPUT2(r0, &(0x7f0000000280)=ANY=[], 0x6) 884.953073ms ago: executing program 2 (id=488): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008) pipe2$9p(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) write$P9_RREADLINK(r1, &(0x7f0000000000)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000140)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x4000, &(0x7f0000001200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@debug={'debug', 0x3d, 0x7}}]}}) r3 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') pread64(r3, &(0x7f0000000200)=""/4087, 0xff7, 0xd37) 827.523458ms ago: executing program 2 (id=489): r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002b80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x18}}], 0x1, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa0100fe}, 0x10) sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}, 0x500}], 0x68000, 0xe3ff000000000000) 826.677979ms ago: executing program 2 (id=490): r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/cpuset.cpus\x00', 0x2, 0x0) write$tcp_mem(r0, &(0x7f0000000300)={0x0, 0x20, 0x900}, 0x48) 826.295448ms ago: executing program 2 (id=491): r0 = accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x0) sendmsg(r0, &(0x7f0000000380)={&(0x7f0000000200)=@hci={0x1f, 0x0, 0x3}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000280)="8b59a56a2875839d025bfc729b9b31953fdf490339706ed8855da5855eb4fcbfea9bb9397f408d47aa6fb0ecbdca0b1ea13243a98849efd7c956a40505252ed92f2d5380c547a417483df597810582db8908222f868621511ed15346947a8844a152ae447a8fc880cb9a86d9926b287de76762aad9fee694bbcf46d96ae96e6a7ec7561e5619cb60ab71ce426066c984ff41d377dafaef3e89240f16f40572e7d5d215b8555c8ea841631cdf42439935ff7ef4ae4a7256d8f0e3b8b97b0b888c02eda5bca376b453d3450c09b8cfca57b3ba5462f63892fc57c39c46fc30d8c77f7faad3cdeb3c4ae5fdebc84407e6cc9d3722b1a1467c4f4d00a7", 0xfb}], 0x1, &(0x7f0000001980)=ANY=[@ANYBLOB="88000000000000001201000055160000edfa33c136ccb00e0cb97ca24a167f0f4700cc70450b64c6af45ea73e855e2035757acd0bf359f3ea135f872e3d3d042e5c10fae7ea3b81bcae4fa789067f8aa4e4621bc1d8f9e8527d4ac663e3d7446b49d15c87ae27c8234e0d2bf218a83ae8f6d0f01adf9944cd1864d75d9ac78e506ca00000000000090000000000000001101000007000000e4203d9ba94332c6f0545e020c336b51ce50197994996f141fa1daadd898f3a4c2c072eacac44a8411d2536a10c7abc0967015dac2ccb41088e7e89e8c9125c30d62506159f2ec412229c174425c14182d31f03e0eb8f95b00000000000003ff1776d1def84798d5926647d2fa6965175300c7699157e9bc1400000000000000080100000000000015010000090000006e2328ebb5c2989b23e54cc32e69aaa7a60d7c3a7e0c1e55b2eb188a1d6a0419b4c40546b656959dfd86d199174d5a5260260f0cab903ee4d6976cba5fbb6b72f22ae27ab5d59b6c7c55cbf5293d1d31d15c9741ac16c2f9c7fbab71afc23ab010e1e63355a8c4e6b6f2a2b8571cc70fe1638b2df99c6733138d5fcef8e4899936af12e835da1f29fc1a89e94ad0882642c0d81d61f444d42349b14bb48ec3e79b7f1674f91c42d16033fae91276150606655308ecd6c017cdf9d947765a1d4aa745ea4a9b77eb92c19d7326e192543cba4bc85c6b087947188e0dbdbf89fb7350a5d83cf99c54a38cb871c5bc26278cc6e46a2f6ea70000f00000000000000088000000070000000aac2b8de93b08a7cb6ae7999742fc8b727aabb4eda367553f999aa0977475b45f75d8d3ed3860804ceb7d14e2e1074a15e49cccc53601686ae9c21c7f15382296670cdcaae3b3f0861d14bb076063ce1c47387e63d44eda707fdda2b3ee51c9f0a3f7b7327c0ff326d1f342d88f1fcb90587878c6d00681774ebbc54149f810ad5778600c8a96fbdd16a1adffca66390f5cec2f3ba5d44985d1b1cbb4cc7ef8bfc166d8933af4e0140179b2c9337488e2943af093cafcf7f61889f102099c3994dfefdb98c4054106b90b9cf9c495737454b6e66b0ce854474e2023d3035172d992261becbc2dd21eed0a01d000"], 0x310}, 0x40000) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r2, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x27, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0xa, 0x0, 0x6, 0x9, 0xfbfffffb, 0x39, 0x747d5e13, 0x8, 0x99, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x80, 0x800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x0, 0x1ff, 0x8000, 0xfffffffe, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0xde, 0x8, 0x9, 0x1, 0x199f, 0x8, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x9, 0x40, 0x9, 0xa, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x4, 0x7fff, 0x72c, 0x1c33, 0x2, 0x5, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0x8, 0x3ff, 0x5, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x80000009, 0x7, 0xffffffff, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x7ff, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x3], [0x401, 0xc584, 0xffff, 0xcd3, 0x7, 0x20, 0x404, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x9, 0x80000001, 0x8, 0x3f92, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x1000, 0x80000001, 0x4, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x218c, 0x8001, 0x47, 0x0, 0x3, 0x4, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0xc, 0x86, 0x0, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000007, 0x6, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x5, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x800, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x7, 0x0, 0x5, 0x1e2, 0x4, 0x9, 0x3, 0xc7, 0x9, 0x200, 0x1000, 0x3b, 0x20000002, 0x5, 0x800, 0xff, 0x65f413f9, 0xfffffff8, 0x20008, 0x8a8, 0x2, 0x40, 0x40000409, 0x7, 0x8, 0x4, 0x10, 0x4, 0x0, 0x7fff, 0x0, 0xfffffff8, 0x8401, 0x1, 0x200, 0x7, 0x8, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x136, 0x6]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) write$input_event(r2, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x44000, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000140), 0x82084, 0x0) ioctl$TCSETSF2(r5, 0x402c542d, &(0x7f00000003c0)={0xfffffff8, 0xfffffff9, 0x1, 0x9, 0x7, "ea713977e0715f01bbff00", 0x6, 0x75}) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000040)=0x7) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = userfaultfd(0x80801) r8 = socket$inet_udp(0x2, 0x2, 0x0) ppoll(&(0x7f0000000400)=[{r3, 0x2080}, {r3, 0x28}, {r8, 0x8003}], 0x3, &(0x7f0000000440), &(0x7f0000000480)={[0x7fff]}, 0x8) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$UHID_INPUT(r9, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125b2ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb03bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2033aae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b85b7b26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1111c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c669bb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b2967cbfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d6748c2ce5bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4658098549646bd63175adf77b5cdcf102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4baea02fa76fb4830aebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f8426a9049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21abfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e0068607000000fb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9fb4000000f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002afea6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b46e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae66444a8f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0xdd52d6c}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r9, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_WAKE(r7, 0x8010aa02, &(0x7f0000000100)={&(0x7f0000ff9000/0x4000)=nil, 0x4000}) sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000800)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000007c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="28000000960245070601040000000000000000020000010900820073797a30000000000500010007000000"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x2004c081) ioctl$TIOCSTI(r5, 0x5412, &(0x7f00000001c0)=0xa) setsockopt$inet_int(r4, 0x0, 0x3, &(0x7f0000000840)=0x6, 0x4) sendto$inet(r4, 0x0, 0x0, 0x4c8c0, &(0x7f0000000080), 0x10) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'\x00', 0x202}) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x1) close_range(r1, 0xffffffffffffffff, 0x0) 635.305797ms ago: executing program 1 (id=492): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x30, r0, 0x2877000) r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'vcan0\x00'}) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) fchdir(r2) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) getgroups(0x4, &(0x7f0000000300)=[0x0, 0xffffffffffffffff, 0x0, 0xee01]) newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000) setresuid(r5, r5, 0x0) mount$bpf(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x1404, &(0x7f0000000340)={[{@mode={'mode', 0x3d, 0x8}}, {@gid={'gid', 0x3d, r4}}], [{@smackfsfloor={'smackfsfloor', 0x3d, '-\\#+}'}}, {@euid_lt={'euid<', r5}}]}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_START_AP(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_DEAUTHENTICATE(r2, 0x0, 0x20008080) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='gid_map\x00') exit(0x1ff) 450.242305ms ago: executing program 4 (id=493): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x1000001, 0x3ff, 0x8, 0xe691, 0x0, 0xa, 0x0, 0x0, 0xfffffffffffffffe, 0x4, 0x453, 0x1000000000000003, 0x3, 0x5, 0xfffffffffffffff9], 0x0, 0x280004}) ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 4) 0s ago: executing program 3 (id=494): r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000280)={'syztnl1\x00', 0x0, 0x4, 0x6, 0x1f, 0x3f, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}, @private1, 0x40, 0x40, 0x7, 0x7}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000100)={'ip_vti0\x00', &(0x7f0000000140)={'gre0\x00', r1, 0x10, 0x8000, 0x8, 0x4, {{0x5, 0x4, 0x0, 0x19, 0x14, 0x75, 0x0, 0x8, 0x7b, 0x0, @private=0xa010100, @dev={0xac, 0x14, 0x14, 0xf}}}}}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r6, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="002212000000830900fcb20584087c9556d6ae558d2e02e36fbee6a593326deef71fde10f29ace4143f08596354da3f32d6b5754626e0f6081839521cbdddf7b65f82ac077f891ac1c527b0d701ae11f4f3ea4b17b834302430bd8a4d1577dd59fe2b9a1f84a205eada43c8637d2c97f1147fd877200abae20"], 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000040)="b9170a00000f320fc718c4836940493a2067470fc7b8b62100003e360f01c5184fd266b86b000f00d8c4c2c9bd555a66b878000f00d82667f045f79ada360000", 0x40}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000640)={0x0, 0xd000}) io_submit(0x0, 0x0, 0x0) ioctl$KVM_NMI(r5, 0xae9a) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) r7 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r7, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) renameat2(r7, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000180)='./file1\x00', 0x4) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x0, 0x40, &(0x7f0000000000)={0x4b5a9da54893e123, 0x14, 0x8, 0x2}, 0x8, 0x7, 0x200, 0x0, 0x0, 0x40, 0x0}) r8 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$selinux_load(r8, &(0x7f0000000280)=ANY=[@ANYBLOB="8cff7cf9080000005345204c696e757815"], 0x65) renameat2(r7, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r7, &(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r9 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x4100, 0x0) ioctl$BTRFS_IOC_WAIT_SYNC(r9, 0x40089416, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.128' (ED25519) to the list of known hosts. [ 21.924051][ T36] audit: type=1400 audit(1760063470.190:64): avc: denied { mounton } for pid=283 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 21.925503][ T283] cgroup: Unknown subsys name 'net' [ 21.946718][ T36] audit: type=1400 audit(1760063470.190:65): avc: denied { mount } for pid=283 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.974057][ T36] audit: type=1400 audit(1760063470.220:66): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 21.974289][ T283] cgroup: Unknown subsys name 'devices' [ 22.173862][ T283] cgroup: Unknown subsys name 'hugetlb' [ 22.179562][ T283] cgroup: Unknown subsys name 'rlimit' [ 22.315030][ T36] audit: type=1400 audit(1760063470.580:67): avc: denied { setattr } for pid=283 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 22.338572][ T36] audit: type=1400 audit(1760063470.580:68): avc: denied { mounton } for pid=283 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 22.363382][ T36] audit: type=1400 audit(1760063470.580:69): avc: denied { mount } for pid=283 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 22.374574][ T285] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 22.395284][ T36] audit: type=1400 audit(1760063470.660:70): avc: denied { relabelto } for pid=285 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.420815][ T36] audit: type=1400 audit(1760063470.660:71): avc: denied { write } for pid=285 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.458404][ T36] audit: type=1400 audit(1760063470.720:72): avc: denied { read } for pid=283 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.484036][ T36] audit: type=1400 audit(1760063470.720:73): avc: denied { open } for pid=283 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 22.484346][ T283] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 23.694080][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.701151][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.708295][ T290] bridge_slave_0: entered allmulticast mode [ 23.714668][ T290] bridge_slave_0: entered promiscuous mode [ 23.721174][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.728299][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.735438][ T290] bridge_slave_1: entered allmulticast mode [ 23.741788][ T290] bridge_slave_1: entered promiscuous mode [ 23.867707][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.874899][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.882060][ T293] bridge_slave_0: entered allmulticast mode [ 23.888419][ T293] bridge_slave_0: entered promiscuous mode [ 23.896624][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.903723][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.910804][ T293] bridge_slave_1: entered allmulticast mode [ 23.917239][ T293] bridge_slave_1: entered promiscuous mode [ 23.953320][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.960385][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 23.967714][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.974760][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.000939][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.008083][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.015499][ T295] bridge_slave_0: entered allmulticast mode [ 24.022384][ T295] bridge_slave_0: entered promiscuous mode [ 24.037085][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.044158][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.051221][ T295] bridge_slave_1: entered allmulticast mode [ 24.057568][ T295] bridge_slave_1: entered promiscuous mode [ 24.074164][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.081211][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.088345][ T296] bridge_slave_0: entered allmulticast mode [ 24.094836][ T296] bridge_slave_0: entered promiscuous mode [ 24.110681][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.117807][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.125116][ T296] bridge_slave_1: entered allmulticast mode [ 24.131505][ T296] bridge_slave_1: entered promiscuous mode [ 24.204460][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.212102][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.245140][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.252209][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.269428][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.276504][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.358777][ T290] veth0_vlan: entered promiscuous mode [ 24.367206][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.374301][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.401981][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.409030][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.416693][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.423752][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.431700][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.438769][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.460821][ T290] veth1_macvtap: entered promiscuous mode [ 24.493461][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.500521][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.524448][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.531555][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.544150][ T293] veth0_vlan: entered promiscuous mode [ 24.555741][ T290] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 24.574712][ T293] veth1_macvtap: entered promiscuous mode [ 24.583374][ T295] veth0_vlan: entered promiscuous mode [ 24.591243][ T296] veth0_vlan: entered promiscuous mode [ 24.625062][ T295] veth1_macvtap: entered promiscuous mode [ 24.637863][ T296] veth1_macvtap: entered promiscuous mode [ 24.674719][ T335] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 24.728264][ T335] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 24.754032][ T335] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 24.784255][ T343] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 24.809530][ T343] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 24.879127][ T346] rust_binder: Failed copying into alloc: EFAULT [ 24.879153][ T346] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 24.885775][ T346] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 24.894432][ T346] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:5 [ 25.151523][ T365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 25.169089][ T365] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 25.182055][ T31] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 25.342676][ T31] usb 1-1: Using ep0 maxpacket: 8 [ 25.348981][ T31] usb 1-1: config 1 interface 0 altsetting 176 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 25.360127][ T31] usb 1-1: config 1 interface 0 altsetting 176 endpoint 0x2 has an invalid bInterval 247, changing to 11 [ 25.371393][ T31] usb 1-1: config 1 interface 0 has no altsetting 0 [ 25.378377][ T31] usb 1-1: language id specifier not provided by device, defaulting to English [ 25.388507][ T31] usb 1-1: New USB device found, idVendor=056a, idProduct=012c, bcdDevice= 0.40 [ 25.397666][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 25.405713][ T31] usb 1-1: Product: syz [ 25.409942][ T31] usb 1-1: Manufacturer: syz [ 25.414893][ T31] usb 1-1: SerialNumber: syz [ 25.453348][ T369] rust_binder: 4: no such ref 0 [ 25.458594][ T369] rust_binder: 4: no such ref 2 [ 25.463836][ T369] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 25.561259][ T374] IPv6: NLM_F_CREATE should be specified when creating new route [ 25.584668][ T376] FAULT_INJECTION: forcing a failure. [ 25.584668][ T376] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 25.598048][ T376] CPU: 1 UID: 0 PID: 376 Comm: syz.1.17 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627 [ 25.598085][ T376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 25.598105][ T376] Call Trace: [ 25.598113][ T376] [ 25.598121][ T376] __dump_stack+0x21/0x30 [ 25.598163][ T376] dump_stack_lvl+0x10c/0x190 [ 25.598192][ T376] ? __cfi_dump_stack_lvl+0x10/0x10 [ 25.598223][ T376] dump_stack+0x19/0x20 [ 25.598355][ T376] should_fail_ex+0x3d9/0x530 [ 25.598374][ T376] should_fail+0xf/0x20 [ 25.598389][ T376] should_fail_usercopy+0x1e/0x30 [ 25.598407][ T376] _copy_from_user+0x22/0xb0 [ 25.598426][ T376] _RNvMs2_NtCs5gLWsBERDPK_16rust_binder_main6threadNtB5_6Thread10write_read+0x127a/0xa380 [ 25.598463][ T376] ? __cfi__RNvMs2_NtCs5gLWsBERDPK_16rust_binder_main6threadNtB5_6Thread10write_read+0x10/0x10 [ 25.598513][ T376] ? is_bpf_text_address+0x17b/0x1a0 [ 25.598533][ T376] ? kernel_text_address+0xa9/0xe0 [ 25.598557][ T376] ? is_bpf_text_address+0x17b/0x1a0 [ 25.598575][ T376] ? kernel_text_address+0xa9/0xe0 [ 25.598596][ T376] ? __kasan_check_write+0x18/0x20 [ 25.598620][ T376] ? _raw_spin_lock_irqsave+0xaf/0x150 [ 25.598641][ T376] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 25.598675][ T376] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 25.598706][ T376] ? stack_depot_save_flags+0x399/0x800 [ 25.598731][ T376] ? kasan_save_track+0x4f/0x80 [ 25.598757][ T376] ? kasan_save_track+0x3e/0x80 [ 25.598778][ T376] ? kasan_save_alloc_info+0x40/0x50 [ 25.598806][ T376] ? __kasan_kmalloc+0x96/0xb0 [ 25.598829][ T376] ? __kmalloc_cache_noprof+0x24c/0x490 [ 25.598851][ T376] ? __set_page_owner+0x294/0x5d0 [ 25.598876][ T376] ? post_alloc_hook+0x3b9/0x3f0 [ 25.598897][ T376] ? prep_new_page+0x1c/0x120 [ 25.598916][ T376] ? get_page_from_freelist+0x48ce/0x4960 [ 25.598938][ T376] ? __alloc_pages_noprof+0x31f/0x7b0 [ 25.598960][ T376] ? alloc_slab_page+0x6b/0x1f0 [ 25.598978][ T376] ? allocate_slab+0x69/0x440 [ 25.598996][ T376] ? ___slab_alloc+0x59a/0x8b0 [ 25.599013][ T376] ? kmem_cache_alloc_noprof+0x2a0/0x430 [ 25.599027][ T376] ? security_inode_alloc+0x51/0x200 [ 25.599051][ T376] ? inode_init_always_gfp+0x756/0x9e0 [ 25.599069][ T376] ? alloc_inode+0xc5/0x270 [ 25.599086][ T376] ? new_inode+0x25/0x1e0 [ 25.599104][ T376] ? proc_pid_make_inode+0x25/0x140 [ 25.599124][ T376] ? proc_pident_instantiate+0x6d/0x2c0 [ 25.599142][ T376] ? proc_pident_lookup+0x1c7/0x270 [ 25.599159][ T376] ? proc_tid_base_lookup+0x2f/0x40 [ 25.599181][ T376] ? path_openat+0x1301/0x34b0 [ 25.599200][ T376] ? do_filp_open+0x1c6/0x3e0 [ 25.599219][ T376] ? do_sys_openat2+0x12c/0x1c0 [ 25.599246][ T376] ? is_bpf_text_address+0x17b/0x1a0 [ 25.599265][ T376] ? kernel_text_address+0xa9/0xe0 [ 25.599293][ T376] ? __kernel_text_address+0x11/0x40 [ 25.599314][ T376] ? unwind_get_return_address+0x51/0x90 [ 25.599334][ T376] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 25.599360][ T376] ? arch_stack_walk+0x10b/0x170 [ 25.599377][ T376] ? stack_depot_save_flags+0x38/0x800 [ 25.599396][ T376] ? kasan_save_alloc_info+0x40/0x50 [ 25.599420][ T376] ? kasan_save_track+0x4f/0x80 [ 25.599437][ T376] ? kasan_save_track+0x3e/0x80 [ 25.599455][ T376] ? kasan_save_alloc_info+0x40/0x50 [ 25.599478][ T376] ? __kasan_kmalloc+0x96/0xb0 [ 25.599496][ T376] ? __kmalloc_node_track_caller_noprof+0x261/0x520 [ 25.599513][ T376] ? krealloc_noprof+0x8d/0x130 [ 25.599534][ T376] ? rust_helper_krealloc+0x33/0xd0 [ 25.599561][ T376] ? _RNvMNtNtCs43vyB533jt3_6kernel5alloc9allocatorNtB2_11ReallocFunc4call+0x90/0xc0 [ 25.599584][ T376] ? _RNvMs4_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process18get_current_thread+0x6f0/0x1400 [ 25.599620][ T376] ? _RNvMs6_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process5ioctl+0x1a7/0x2cf0 [ 25.599651][ T376] ? _RNvCs5gLWsBERDPK_16rust_binder_main26rust_binder_unlocked_ioctl+0xa0/0x100 [ 25.599674][ T376] ? __se_sys_ioctl+0x135/0x1b0 [ 25.599692][ T376] ? __x64_sys_ioctl+0x7f/0xa0 [ 25.599708][ T376] ? x64_sys_call+0x1878/0x2ee0 [ 25.599732][ T376] ? do_syscall_64+0x58/0xf0 [ 25.599752][ T376] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 25.599783][ T376] ? __kasan_kmalloc+0x96/0xb0 [ 25.599803][ T376] ? kasan_save_alloc_info+0x40/0x50 [ 25.599827][ T376] ? __kasan_kmalloc+0x96/0xb0 [ 25.599845][ T376] ? __kmalloc_node_track_caller_noprof+0x261/0x520 [ 25.599862][ T376] ? rust_helper_krealloc+0x33/0xd0 [ 25.599888][ T376] ? __kasan_check_write+0x18/0x20 [ 25.599912][ T376] ? _raw_spin_lock+0x8c/0x120 [ 25.599932][ T376] ? __cfi__raw_spin_lock+0x10/0x10 [ 25.599952][ T376] ? __asan_memset+0x39/0x50 [ 25.599965][ T376] ? _raw_spin_unlock+0x45/0x60 [ 25.599985][ T376] ? rust_helper_spin_unlock+0x19/0x30 [ 25.600009][ T376] ? _RNvMs4_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process18get_current_thread+0xdeb/0x1400 [ 25.600040][ T376] ? inode_init_always_gfp+0x756/0x9e0 [ 25.600058][ T376] ? alloc_inode+0xc5/0x270 [ 25.600079][ T376] ? __cfi__RNvMs4_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process18get_current_thread+0x10/0x10 [ 25.600112][ T376] ? avc_has_perm_noaudit+0x268/0x360 [ 25.600136][ T376] ? avc_has_perm_noaudit+0x286/0x360 [ 25.600159][ T376] ? avc_has_perm+0x144/0x220 [ 25.600180][ T376] ? __cfi_avc_has_perm+0x10/0x10 [ 25.600202][ T376] ? kasan_save_alloc_info+0x40/0x50 [ 25.600226][ T376] ? selinux_file_open+0x457/0x610 [ 25.600246][ T376] _RNvMs6_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process5ioctl+0x40c/0x2cf0 [ 25.600286][ T376] ? avc_has_extended_perms+0x7c7/0xdd0 [ 25.600308][ T376] ? __asan_memcpy+0x5a/0x80 [ 25.600322][ T376] ? avc_has_extended_perms+0x921/0xdd0 [ 25.600345][ T376] ? __cfi__RNvMs6_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process5ioctl+0x10/0x10 [ 25.600376][ T376] ? do_vfs_ioctl+0xeda/0x1e30 [ 25.600393][ T376] ? arch_stack_walk+0x10b/0x170 [ 25.600408][ T376] ? __ia32_compat_sys_ioctl+0x850/0x850 [ 25.600428][ T376] ? _parse_integer+0x2e/0x40 [ 25.600455][ T376] ? ioctl_has_perm+0x384/0x4d0 [ 25.600481][ T376] ? has_cap_mac_admin+0xd0/0xd0 [ 25.600501][ T376] ? proc_fail_nth_write+0x17e/0x210 [ 25.600524][ T376] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 25.600546][ T376] ? selinux_file_ioctl+0x6e0/0x1360 [ 25.600565][ T376] ? vfs_write+0x93e/0xf30 [ 25.600578][ T376] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 25.600598][ T376] ? __cfi_vfs_write+0x10/0x10 [ 25.600612][ T376] ? __kasan_check_write+0x18/0x20 [ 25.600636][ T376] ? mutex_unlock+0x8b/0x240 [ 25.600659][ T376] ? __cfi_mutex_unlock+0x10/0x10 [ 25.600682][ T376] ? __fget_files+0x2c5/0x340 [ 25.600700][ T376] ? __fget_files+0x2c5/0x340 [ 25.600717][ T376] _RNvCs5gLWsBERDPK_16rust_binder_main26rust_binder_unlocked_ioctl+0xa0/0x100 [ 25.600740][ T376] ? __se_sys_ioctl+0x114/0x1b0 [ 25.600757][ T376] ? __cfi__RNvCs5gLWsBERDPK_16rust_binder_main26rust_binder_unlocked_ioctl+0x10/0x10 [ 25.600780][ T376] __se_sys_ioctl+0x135/0x1b0 [ 25.600798][ T376] __x64_sys_ioctl+0x7f/0xa0 [ 25.600815][ T376] x64_sys_call+0x1878/0x2ee0 [ 25.600839][ T376] do_syscall_64+0x58/0xf0 [ 25.600858][ T376] ? clear_bhb_loop+0x50/0xa0 [ 25.600875][ T376] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 25.600900][ T376] RIP: 0033:0x7ffaf5d8eec9 [ 25.600925][ T376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 25.600940][ T376] RSP: 002b:00007ffaf6bf2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 25.600961][ T376] RAX: ffffffffffffffda RBX: 00007ffaf5fe5fa0 RCX: 00007ffaf5d8eec9 [ 25.600973][ T376] RDX: 00002000000003c0 RSI: 00000000c0306201 RDI: 0000000000000004 [ 25.600984][ T376] RBP: 00007ffaf6bf2090 R08: 0000000000000000 R09: 0000000000000000 [ 25.600994][ T376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 25.601004][ T376] R13: 00007ffaf5fe6038 R14: 00007ffaf5fe5fa0 R15: 00007ffc36958d78 [ 25.601018][ T376] [ 25.601062][ T376] rust_binder: Write failure EFAULT in pid:11 [ 25.634764][ T378] netlink: 'syz.2.18': attribute type 32 has an invalid length. [ 25.705424][ T384] FAULT_INJECTION: forcing a failure. [ 25.705424][ T384] name failslab, interval 1, probability 0, space 0, times 1 [ 25.747149][ T386] rust_binder: 12: no such ref 1 [ 25.753308][ T384] CPU: 1 UID: 0 PID: 384 Comm: syz.1.20 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627 [ 25.753346][ T384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 25.753367][ T384] Call Trace: [ 25.753373][ T384] [ 25.753385][ T384] __dump_stack+0x21/0x30 [ 25.753423][ T384] dump_stack_lvl+0x10c/0x190 [ 25.753455][ T384] ? __cfi_dump_stack_lvl+0x10/0x10 [ 25.753488][ T384] ? kasan_save_track+0x4f/0x80 [ 25.753515][ T384] ? kasan_save_track+0x3e/0x80 [ 25.753540][ T384] ? kasan_save_alloc_info+0x40/0x50 [ 25.753574][ T384] ? __kmalloc_node_track_caller_noprof+0x261/0x520 [ 25.753599][ T384] ? kstrdup+0x4d/0x140 [ 25.753633][ T384] dump_stack+0x19/0x20 [ 25.753665][ T384] should_fail_ex+0x3d9/0x530 [ 25.753692][ T384] should_failslab+0xac/0x100 [ 25.753721][ T384] __kmalloc_cache_noprof+0x41/0x490 [ 25.753746][ T384] ? p9_client_create+0xdb/0x1190 [ 25.753773][ T384] p9_client_create+0xdb/0x1190 [ 25.753799][ T384] ? __cfi_p9_client_create+0x10/0x10 [ 25.753824][ T384] ? kasan_save_alloc_info+0x40/0x50 [ 25.753859][ T384] ? __kasan_kmalloc+0x96/0xb0 [ 25.753886][ T384] ? __kmalloc_node_track_caller_noprof+0x261/0x520 [ 25.753911][ T384] ? path_mount+0x688/0x1050 [ 25.753948][ T384] ? kstrdup+0x7b/0x140 [ 25.753982][ T384] ? __asan_memset+0x39/0x50 [ 25.754004][ T384] v9fs_session_init+0x1e1/0x1820 [ 25.754044][ T384] ? __cfi_v9fs_session_init+0x10/0x10 [ 25.754079][ T384] ? kasan_save_alloc_info+0x40/0x50 [ 25.754112][ T384] ? __kasan_kmalloc+0x96/0xb0 [ 25.754139][ T384] ? __kmalloc_cache_noprof+0x24c/0x490 [ 25.754163][ T384] ? v9fs_mount+0xbd/0xa00 [ 25.754188][ T384] v9fs_mount+0xd7/0xa00 [ 25.754220][ T384] ? __cfi_v9fs_mount+0x10/0x10 [ 25.754245][ T384] ? selinux_capable+0x38/0x50 [ 25.754280][ T384] legacy_get_tree+0x106/0x1b0 [ 25.754309][ T384] ? __cfi_v9fs_mount+0x10/0x10 [ 25.754332][ T384] vfs_get_tree+0x9e/0x290 [ 25.754368][ T384] do_new_mount+0x251/0xb40 [ 25.754390][ T384] ? security_capable+0xcf/0xf0 [ 25.754424][ T384] path_mount+0x688/0x1050 [ 25.754460][ T384] ? putname+0x113/0x150 [ 25.754483][ T384] __se_sys_mount+0x2bd/0x480 [ 25.754507][ T384] ? ksys_write+0x1ef/0x250 [ 25.754529][ T384] ? __x64_sys_mount+0xf0/0xf0 [ 25.754554][ T384] __x64_sys_mount+0xc3/0xf0 [ 25.754577][ T384] x64_sys_call+0x2021/0x2ee0 [ 25.754613][ T384] do_syscall_64+0x58/0xf0 [ 25.754642][ T384] ? clear_bhb_loop+0x50/0xa0 [ 25.754667][ T384] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 25.754705][ T384] RIP: 0033:0x7ffaf5d8eec9 [ 25.754725][ T384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 25.754745][ T384] RSP: 002b:00007ffaf6bf2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 25.754773][ T384] RAX: ffffffffffffffda RBX: 00007ffaf5fe5fa0 RCX: 00007ffaf5d8eec9 [ 25.754794][ T384] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000000000 [ 25.754809][ T384] RBP: 00007ffaf6bf2090 R08: 0000200000000200 R09: 0000000000000000 [ 25.754826][ T384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 25.754842][ T384] R13: 00007ffaf5fe6038 R14: 00007ffaf5fe5fa0 R15: 00007ffc36958d78 [ 25.754863][ T384] [ 25.854990][ T31] usbhid 1-1:1.0: can't add hid device: -71 [ 25.904542][ T393] rust_binder: 18: no such ref 0 [ 25.924023][ T31] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 25.940775][ T393] rust_binder: 18: no such ref 2 [ 25.952270][ T31] usb 1-1: USB disconnect, device number 2 [ 25.969580][ T393] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 26.005112][ T395] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=395 comm=syz.2.24 [ 26.055470][ T399] netlink: 8 bytes leftover after parsing attributes in process `syz.3.26'. [ 26.794220][ T399] netlink: 8 bytes leftover after parsing attributes in process `syz.3.26'. [ 26.803066][ T399] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 26.839629][ T399] rust_binder: Failed to allocate buffer. len:4096, is_oneway:true [ 26.839675][ T399] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 26.849677][ T399] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:22 [ 26.882798][ T412] rust_binder: Read failure Err(EAGAIN) in pid:12 [ 26.922997][ T420] netlink: 64 bytes leftover after parsing attributes in process `syz.0.33'. [ 26.973219][ T423] rust_binder: 16: no such ref 0 [ 26.978650][ T423] rust_binder: 16: no such ref 2 [ 26.983683][ T423] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 27.005496][ T425] FAULT_INJECTION: forcing a failure. [ 27.005496][ T425] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 27.021134][ T425] CPU: 1 UID: 0 PID: 425 Comm: syz.0.35 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627 [ 27.021169][ T425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 27.021194][ T425] Call Trace: [ 27.021201][ T425] [ 27.021209][ T425] __dump_stack+0x21/0x30 [ 27.021243][ T425] dump_stack_lvl+0x10c/0x190 [ 27.021272][ T425] ? __cfi_dump_stack_lvl+0x10/0x10 [ 27.021303][ T425] dump_stack+0x19/0x20 [ 27.021331][ T425] should_fail_ex+0x3d9/0x530 [ 27.021354][ T425] should_fail+0xf/0x20 [ 27.021375][ T425] should_fail_usercopy+0x1e/0x30 [ 27.021398][ T425] _copy_from_user+0x22/0xb0 [ 27.021425][ T425] _RNvMs2_NtCs5gLWsBERDPK_16rust_binder_main6threadNtB5_6Thread10write_read+0x1904/0xa380 [ 27.021473][ T425] ? __cfi__RNvMs2_NtCs5gLWsBERDPK_16rust_binder_main6threadNtB5_6Thread10write_read+0x10/0x10 [ 27.021526][ T425] ? is_bpf_text_address+0x17b/0x1a0 [ 27.021551][ T425] ? kernel_text_address+0xa9/0xe0 [ 27.021580][ T425] ? __kasan_check_write+0x18/0x20 [ 27.021613][ T425] ? _raw_spin_lock_irqsave+0xaf/0x150 [ 27.021641][ T425] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 27.021671][ T425] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 27.021704][ T425] ? is_bpf_text_address+0x17b/0x1a0 [ 27.021728][ T425] ? kernel_text_address+0xa9/0xe0 [ 27.021754][ T425] ? __kernel_text_address+0x11/0x40 [ 27.021781][ T425] ? unwind_get_return_address+0x51/0x90 [ 27.021807][ T425] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 27.021840][ T425] ? arch_stack_walk+0x10b/0x170 [ 27.021861][ T425] ? stack_trace_save+0x9d/0xe0 [ 27.021891][ T425] ? stack_depot_save_flags+0x38/0x800 [ 27.021916][ T425] ? kasan_save_stack+0x4d/0x60 [ 27.021937][ T425] ? kasan_save_stack+0x3e/0x60 [ 27.021959][ T425] ? __kasan_record_aux_stack+0xb2/0xd0 [ 27.021989][ T425] ? kasan_record_aux_stack_noalloc+0xf/0x20 [ 27.022019][ T425] ? __call_rcu_common+0xd5/0x700 [ 27.022039][ T425] ? call_rcu+0x14/0x20 [ 27.022059][ T425] ? __kasan_check_write+0x18/0x20 [ 27.022091][ T425] ? _raw_spin_trylock+0xaf/0x130 [ 27.022116][ T425] ? __cfi__raw_spin_trylock+0x10/0x10 [ 27.022143][ T425] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 27.022189][ T425] ? _raw_spin_unlock+0x45/0x60 [ 27.022213][ T425] ? call_rcu_nocb+0x6bd/0xc10 [ 27.022242][ T425] ? swake_up_one_online_ipi+0x30/0x30 [ 27.022271][ T425] ? __cfi_mt_free_rcu+0x10/0x10 [ 27.022300][ T425] ? is_bpf_text_address+0x17b/0x1a0 [ 27.022323][ T425] ? kernel_text_address+0xa9/0xe0 [ 27.022351][ T425] ? __kernel_text_address+0x11/0x40 [ 27.022378][ T425] ? unwind_get_return_address+0x51/0x90 [ 27.022405][ T425] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 27.022438][ T425] ? arch_stack_walk+0x10b/0x170 [ 27.022461][ T425] ? stack_depot_save_flags+0x38/0x800 [ 27.022487][ T425] ? kasan_save_alloc_info+0x40/0x50 [ 27.022520][ T425] ? kasan_save_track+0x4f/0x80 [ 27.022543][ T425] ? kasan_save_track+0x3e/0x80 [ 27.022565][ T425] ? kasan_save_alloc_info+0x40/0x50 [ 27.022596][ T425] ? __kasan_kmalloc+0x96/0xb0 [ 27.022621][ T425] ? __kmalloc_node_track_caller_noprof+0x261/0x520 [ 27.022644][ T425] ? krealloc_noprof+0x8d/0x130 [ 27.022668][ T425] ? rust_helper_krealloc+0x33/0xd0 [ 27.022701][ T425] ? _RNvMNtNtCs43vyB533jt3_6kernel5alloc9allocatorNtB2_11ReallocFunc4call+0x90/0xc0 [ 27.022734][ T425] ? _RNvMs4_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process18get_current_thread+0x6f0/0x1400 [ 27.022781][ T425] ? _RNvMs6_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process5ioctl+0x1a7/0x2cf0 [ 27.022823][ T425] ? _RNvCs5gLWsBERDPK_16rust_binder_main26rust_binder_unlocked_ioctl+0xa0/0x100 [ 27.022856][ T425] ? __se_sys_ioctl+0x135/0x1b0 [ 27.022881][ T425] ? __x64_sys_ioctl+0x7f/0xa0 [ 27.022904][ T425] ? x64_sys_call+0x1878/0x2ee0 [ 27.022938][ T425] ? do_syscall_64+0x58/0xf0 [ 27.022966][ T425] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 27.023010][ T425] ? __kasan_kmalloc+0x96/0xb0 [ 27.023034][ T425] ? kasan_save_alloc_info+0x40/0x50 [ 27.023061][ T425] ? __kasan_kmalloc+0x96/0xb0 [ 27.023084][ T425] ? __kmalloc_node_track_caller_noprof+0x261/0x520 [ 27.023107][ T425] ? rust_helper_krealloc+0x33/0xd0 [ 27.023142][ T425] ? __kasan_check_write+0x18/0x20 [ 27.023174][ T425] ? _raw_spin_lock+0x8c/0x120 [ 27.023211][ T425] ? __cfi__raw_spin_lock+0x10/0x10 [ 27.023239][ T425] ? __asan_memset+0x39/0x50 [ 27.023259][ T425] ? _raw_spin_unlock+0x45/0x60 [ 27.023285][ T425] ? rust_helper_spin_unlock+0x19/0x30 [ 27.023317][ T425] ? _RNvMs4_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process18get_current_thread+0xdeb/0x1400 [ 27.023359][ T425] ? inode_init_always_gfp+0x756/0x9e0 [ 27.023384][ T425] ? alloc_inode+0xc5/0x270 [ 27.023412][ T425] ? __cfi__RNvMs4_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process18get_current_thread+0x10/0x10 [ 27.023457][ T425] ? avc_has_perm_noaudit+0x268/0x360 [ 27.023490][ T425] ? avc_has_perm_noaudit+0x286/0x360 [ 27.023524][ T425] ? avc_has_perm+0x144/0x220 [ 27.023554][ T425] ? __cfi_avc_has_perm+0x10/0x10 [ 27.023583][ T425] ? kasan_save_alloc_info+0x40/0x50 [ 27.023617][ T425] ? selinux_file_open+0x457/0x610 [ 27.023643][ T425] _RNvMs6_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process5ioctl+0x40c/0x2cf0 [ 27.023688][ T425] ? avc_has_extended_perms+0x7c7/0xdd0 [ 27.023720][ T425] ? __asan_memcpy+0x5a/0x80 [ 27.023741][ T425] ? avc_has_extended_perms+0x921/0xdd0 [ 27.023772][ T425] ? __cfi__RNvMs6_NtCs5gLWsBERDPK_16rust_binder_main7processNtB5_7Process5ioctl+0x10/0x10 [ 27.023816][ T425] ? do_vfs_ioctl+0xeda/0x1e30 [ 27.023841][ T425] ? arch_stack_walk+0x10b/0x170 [ 27.023861][ T425] ? __ia32_compat_sys_ioctl+0x850/0x850 [ 27.023887][ T425] ? _parse_integer+0x2e/0x40 [ 27.023922][ T425] ? ioctl_has_perm+0x384/0x4d0 [ 27.023950][ T425] ? has_cap_mac_admin+0xd0/0xd0 [ 27.023977][ T425] ? proc_fail_nth_write+0x17e/0x210 [ 27.024006][ T425] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 27.024036][ T425] ? selinux_file_ioctl+0x6e0/0x1360 [ 27.024061][ T425] ? vfs_write+0x93e/0xf30 [ 27.024080][ T425] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 27.024107][ T425] ? __cfi_vfs_write+0x10/0x10 [ 27.024127][ T425] ? __kasan_check_write+0x18/0x20 [ 27.024165][ T425] ? mutex_unlock+0x8b/0x240 [ 27.024206][ T425] ? __cfi_mutex_unlock+0x10/0x10 [ 27.024240][ T425] ? __fget_files+0x2c5/0x340 [ 27.024266][ T425] ? __fget_files+0x2c5/0x340 [ 27.024291][ T425] _RNvCs5gLWsBERDPK_16rust_binder_main26rust_binder_unlocked_ioctl+0xa0/0x100 [ 27.024323][ T425] ? __se_sys_ioctl+0x114/0x1b0 [ 27.024347][ T425] ? __cfi__RNvCs5gLWsBERDPK_16rust_binder_main26rust_binder_unlocked_ioctl+0x10/0x10 [ 27.024378][ T425] __se_sys_ioctl+0x135/0x1b0 [ 27.024403][ T425] __x64_sys_ioctl+0x7f/0xa0 [ 27.024428][ T425] x64_sys_call+0x1878/0x2ee0 [ 27.024462][ T425] do_syscall_64+0x58/0xf0 [ 27.024488][ T425] ? clear_bhb_loop+0x50/0xa0 [ 27.024511][ T425] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 27.024544][ T425] RIP: 0033:0x7f4a98d8eec9 [ 27.024562][ T425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 27.024579][ T425] RSP: 002b:00007f4a99c30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 27.024603][ T425] RAX: ffffffffffffffda RBX: 00007f4a98fe5fa0 RCX: 00007f4a98d8eec9 [ 27.024620][ T425] RDX: 00002000000003c0 RSI: 00000000c0306201 RDI: 0000000000000004 [ 27.024635][ T425] RBP: 00007f4a99c30090 R08: 0000000000000000 R09: 0000000000000000 [ 27.024649][ T425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 27.024663][ T425] R13: 00007f4a98fe6038 R14: 00007f4a98fe5fa0 R15: 00007ffd9f596cd8 [ 27.024682][ T425] [ 27.216552][ T330] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 27.221612][ T425] rust_binder: Write failure EFAULT in pid:18 [ 27.365594][ T330] usb 2-1: device descriptor read/64, error -71 [ 27.469509][ T36] kauditd_printk_skb: 75 callbacks suppressed [ 27.469534][ T36] audit: type=1400 audit(1760063475.582:149): avc: denied { setopt } for pid=428 comm="syz.2.38" lport=4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 27.738623][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 27.746303][ T36] audit: type=1400 audit(1760063475.582:150): avc: denied { connect } for pid=428 comm="syz.2.38" lport=4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 27.753327][ T330] usb 2-1: device descriptor read/64, error -71 [ 27.761305][ T36] audit: type=1400 audit(1760063475.582:151): avc: denied { write } for pid=428 comm="syz.2.38" laddr=172.20.20.18 lport=4 faddr=10.1.0.254 fport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 27.876623][ T36] audit: type=1400 audit(1760063475.629:152): avc: denied { ioctl } for pid=432 comm="syz.2.39" path="/dev/rnullb0" dev="devtmpfs" ino=31 ioctlcmd=0x9366 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 27.917371][ T36] audit: type=1400 audit(1760063476.042:153): avc: denied { create } for pid=436 comm="syz.0.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 27.937585][ T36] audit: type=1400 audit(1760063476.061:154): avc: denied { ioctl } for pid=436 comm="syz.0.40" path="socket:[4493]" dev="sockfs" ino=4493 ioctlcmd=0x891a scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 27.939774][ T9] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 27.979501][ T36] audit: type=1400 audit(1760063476.098:155): avc: denied { write } for pid=438 comm="syz.3.41" name="kvm" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 28.002051][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 28.017908][ T9] usb 3-1: Product: syz [ 28.022153][ T9] usb 3-1: Manufacturer: syz [ 28.026824][ T9] usb 3-1: SerialNumber: syz [ 28.037847][ T330] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 28.057798][ T437] kvm: pic: non byte read [ 28.115671][ T443] Zero length message leads to an empty skb [ 28.139587][ T36] audit: type=1400 audit(1760063476.248:156): avc: denied { create } for pid=444 comm="syz.3.43" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 28.175545][ T330] usb 2-1: device descriptor read/64, error -71 [ 28.182280][ T36] audit: type=1400 audit(1760063476.286:157): avc: denied { unmount } for pid=447 comm="syz.0.44" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 28.326892][ T354] bridge_slave_1: left allmulticast mode [ 28.333229][ T354] bridge_slave_1: left promiscuous mode [ 28.339285][ T354] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.347353][ T354] bridge_slave_0: left allmulticast mode [ 28.353101][ T354] bridge_slave_0: left promiscuous mode [ 28.358981][ T354] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.432839][ T330] usb 2-1: device descriptor read/64, error -71 [ 28.474003][ T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 28.483919][ T354] veth1_macvtap: left promiscuous mode [ 28.489507][ T354] veth0_vlan: left promiscuous mode [ 28.537974][ T452] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.545141][ T452] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.548917][ T330] usb usb2-port1: attempt power cycle [ 28.552878][ T452] bridge_slave_0: entered allmulticast mode [ 28.564219][ T452] bridge_slave_0: entered promiscuous mode [ 28.571105][ T452] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.578182][ T452] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.585344][ T452] bridge_slave_1: entered allmulticast mode [ 28.591664][ T452] bridge_slave_1: entered promiscuous mode [ 28.646102][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.650789][ T452] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.664101][ T452] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.664107][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.664152][ T9] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 28.671475][ T452] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.681655][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.690242][ T452] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.705389][ T9] usb 4-1: config 0 descriptor?? [ 28.731854][ T128] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.739418][ T128] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.749580][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.756777][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.766359][ T128] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.773461][ T128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.805284][ T452] veth0_vlan: entered promiscuous mode [ 28.818340][ T452] veth1_macvtap: entered promiscuous mode [ 28.910944][ T330] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 28.919668][ T466] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=466 comm=syz.4.47 [ 28.936646][ T330] usb 2-1: device descriptor read/8, error -71 [ 29.082570][ T330] usb 2-1: device descriptor read/8, error -71 [ 29.337298][ T330] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 29.359823][ T330] usb 2-1: device descriptor read/8, error -71 [ 29.375099][ T9] usbhid 4-1:0.0: can't add hid device: -71 [ 29.391538][ T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 29.400669][ T9] usb 4-1: USB disconnect, device number 3 [ 29.498183][ T330] usb 2-1: device descriptor read/8, error -71 [ 29.614432][ T330] usb usb2-port1: unable to enumerate USB device [ 29.908988][ T36] audit: type=1400 audit(1760063477.909:158): avc: denied { read } for pid=472 comm="syz.4.50" name="rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 30.036083][ T477] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 30.136598][ T487] netlink: 76 bytes leftover after parsing attributes in process `syz.3.53'. [ 30.520180][ T330] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 30.646885][ T31] usb 3-1: USB disconnect, device number 2 [ 30.682942][ T330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 30.694544][ T330] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 30.707565][ T330] usb 2-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00 [ 30.719020][ T330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.728389][ T495] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=495 comm=syz.2.57 [ 30.737589][ T330] usb 2-1: config 0 descriptor?? [ 30.749086][ T486] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 30.757822][ T330] usbhid 2-1:0.0: can't add hid device: -22 [ 30.766912][ T330] usbhid 2-1:0.0: probe with driver usbhid failed with error -22 [ 30.862284][ T502] netlink: 64 bytes leftover after parsing attributes in process `syz.2.59'. [ 30.940198][ T505] rust_binder: validate_parent_fixup: fixup_min_offset=46, parent_offset=35 [ 30.940219][ T505] rust_binder: Error while translating object. [ 30.949070][ T505] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 30.955309][ T505] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:40 [ 31.308874][ T388] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 31.480502][ T388] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 31.491603][ T388] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 31.504712][ T388] usb 4-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00 [ 31.513838][ T388] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 31.522593][ T388] usb 4-1: config 0 descriptor?? [ 31.527834][ T512] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 31.535930][ T388] usbhid 4-1:0.0: can't add hid device: -22 [ 31.541897][ T388] usbhid 4-1:0.0: probe with driver usbhid failed with error -22 [ 31.725100][ T522] tipc: Enabling not permitted [ 31.730725][ T522] tipc: Enabling of bearer rejected, failed to enable media [ 31.795728][ T529] netlink: 'syz.2.68': attribute type 27 has an invalid length. [ 31.886941][ T532] 9pnet: p9_errstr2errno: server reported unknown error 18446744073 [ 31.915212][ T534] FAULT_INJECTION: forcing a failure. [ 31.915212][ T534] name failslab, interval 1, probability 0, space 0, times 0 [ 31.928009][ T534] CPU: 0 UID: 0 PID: 534 Comm: syz.2.70 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627 [ 31.928055][ T534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 31.928070][ T534] Call Trace: [ 31.928076][ T534] [ 31.928083][ T534] __dump_stack+0x21/0x30 [ 31.928110][ T534] dump_stack_lvl+0x10c/0x190 [ 31.928132][ T534] ? __cfi_dump_stack_lvl+0x10/0x10 [ 31.928155][ T534] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 31.928176][ T534] ? __set_cpus_allowed_ptr_locked+0x6e6/0x11e0 [ 31.928195][ T534] dump_stack+0x19/0x20 [ 31.928216][ T534] should_fail_ex+0x3d9/0x530 [ 31.928233][ T534] should_failslab+0xac/0x100 [ 31.928251][ T534] __kmalloc_node_noprof+0x6c/0x520 [ 31.928266][ T534] ? __kvmalloc_node_noprof+0x11d/0x300 [ 31.928291][ T534] ? timer_update_keys+0xd0/0xd0 [ 31.928307][ T534] ? kasan_save_track+0x4f/0x80 [ 31.928324][ T534] __kvmalloc_node_noprof+0x11d/0x300 [ 31.928348][ T534] ? __cfi___kvmalloc_node_noprof+0x10/0x10 [ 31.928372][ T534] ? _raw_spin_lock+0x8c/0x120 [ 31.928392][ T534] ? __kasan_check_write+0x18/0x20 [ 31.928416][ T534] ? enqueue_timer+0x1a4/0x480 [ 31.928432][ T534] __kvm_mmu_topup_memory_cache+0x5f0/0x860 [ 31.928457][ T534] ? mutex_unlock+0x8b/0x240 [ 31.928480][ T534] ? __cfi_mutex_unlock+0x10/0x10 [ 31.928504][ T534] kvm_mmu_topup_memory_cache+0x24/0x30 [ 31.928527][ T534] kvm_mmu_load+0xa2/0x28a0 [ 31.928547][ T534] ? kvm_hv_setup_tsc_page+0x5ee/0xa70 [ 31.928570][ T534] ? kvm_apic_has_interrupt+0x79b/0x7b0 [ 31.928593][ T534] vcpu_run+0x4d2d/0x7830 [ 31.928624][ T534] ? signal_pending+0xc0/0xc0 [ 31.928644][ T534] ? __kasan_check_write+0x18/0x20 [ 31.928668][ T534] ? xfd_validate_state+0x68/0x150 [ 31.928689][ T534] ? fpu_swap_kvm_fpstate+0x93/0x5f0 [ 31.928707][ T534] ? __kasan_check_write+0x18/0x20 [ 31.928731][ T534] ? fpregs_mark_activate+0x69/0x160 [ 31.928748][ T534] ? fpu_swap_kvm_fpstate+0x44d/0x5f0 [ 31.928766][ T534] ? fpu_swap_kvm_fpstate+0x93/0x5f0 [ 31.928785][ T534] kvm_arch_vcpu_ioctl_run+0x101a/0x1aa0 [ 31.928808][ T534] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 31.928829][ T534] ? kstrtoull+0x13b/0x1e0 [ 31.928853][ T534] ? kstrtouint+0x78/0xf0 [ 31.928867][ T534] ? ioctl_has_perm+0x1aa/0x4d0 [ 31.928886][ T534] ? __asan_memcpy+0x5a/0x80 [ 31.928900][ T534] ? ioctl_has_perm+0x3e0/0x4d0 [ 31.928918][ T534] ? has_cap_mac_admin+0xd0/0xd0 [ 31.928937][ T534] ? __kasan_check_write+0x18/0x20 [ 31.928961][ T534] ? mutex_lock_killable+0x92/0x1c0 [ 31.928988][ T534] ? __cfi_mutex_lock_killable+0x10/0x10 [ 31.929012][ T534] ? proc_fail_nth_write+0x17e/0x210 [ 31.929035][ T534] kvm_vcpu_ioctl+0x96f/0xee0 [ 31.929055][ T534] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 31.929070][ T534] ? __cfi_vfs_write+0x10/0x10 [ 31.929084][ T534] ? __kasan_check_write+0x18/0x20 [ 31.929108][ T534] ? mutex_unlock+0x8b/0x240 [ 31.929130][ T534] ? __cfi_mutex_unlock+0x10/0x10 [ 31.929153][ T534] ? __fget_files+0x2c5/0x340 [ 31.929171][ T534] ? __fget_files+0x2c5/0x340 [ 31.929188][ T534] ? bpf_lsm_file_ioctl+0xd/0x20 [ 31.929210][ T534] ? security_file_ioctl+0x34/0xd0 [ 31.929228][ T534] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 31.929241][ T534] __se_sys_ioctl+0x135/0x1b0 [ 31.929259][ T534] __x64_sys_ioctl+0x7f/0xa0 [ 31.929276][ T534] x64_sys_call+0x1878/0x2ee0 [ 31.929299][ T534] do_syscall_64+0x58/0xf0 [ 31.929318][ T534] ? clear_bhb_loop+0x50/0xa0 [ 31.929335][ T534] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 31.929361][ T534] RIP: 0033:0x7f3a0778eec9 [ 31.929375][ T534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 31.929388][ T534] RSP: 002b:00007f3a08544038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 31.929406][ T534] RAX: ffffffffffffffda RBX: 00007f3a079e5fa0 RCX: 00007f3a0778eec9 [ 31.929418][ T534] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 31.929428][ T534] RBP: 00007f3a08544090 R08: 0000000000000000 R09: 0000000000000000 [ 31.929439][ T534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 31.929448][ T534] R13: 00007f3a079e6038 R14: 00007f3a079e5fa0 R15: 00007ffe99a8f478 [ 31.929462][ T534] [ 32.742144][ T551] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 32.766512][ T554] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=554 comm=syz.1.78 [ 32.803100][ T36] kauditd_printk_skb: 21 callbacks suppressed [ 32.803119][ T36] audit: type=1400 audit(1760063480.630:180): avc: denied { write } for pid=556 comm="syz.4.79" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 32.809817][ T560] raw_sendmsg: syz.3.80 forgot to set AF_INET. Fix it! [ 32.839009][ T558] rust_binder: validate_parent_fixup: fixup_min_offset=46, parent_offset=35 [ 32.839032][ T558] rust_binder: Error while translating object. [ 32.840680][ T36] audit: type=1400 audit(1760063480.658:181): avc: denied { read } for pid=556 comm="syz.4.79" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 32.848319][ T558] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 32.862050][ T36] audit: type=1400 audit(1760063480.658:182): avc: denied { open } for pid=556 comm="syz.4.79" path="/10/file0/.pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 32.877464][ T558] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:32 [ 32.895890][ T36] audit: type=1400 audit(1760063480.658:183): avc: denied { ioctl } for pid=556 comm="syz.4.79" path="/10/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x671e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 32.945667][ T36] audit: type=1400 audit(1760063480.658:184): avc: denied { write } for pid=559 comm="syz.3.80" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 32.980894][ T36] audit: type=1400 audit(1760063480.658:185): avc: denied { read } for pid=559 comm="syz.3.80" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 33.002178][ T36] audit: type=1400 audit(1760063480.743:186): avc: denied { unmount } for pid=452 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 33.023506][ T36] audit: type=1400 audit(1760063480.771:187): avc: denied { read } for pid=561 comm="syz.3.81" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 33.045863][ T36] audit: type=1400 audit(1760063480.771:188): avc: denied { open } for pid=561 comm="syz.3.81" path="/dev/ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 33.098036][ T36] audit: type=1400 audit(1760063480.902:189): avc: denied { read } for pid=570 comm="syz.1.84" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 33.176361][ T576] FAULT_INJECTION: forcing a failure. [ 33.176361][ T576] name failslab, interval 1, probability 0, space 0, times 0 [ 33.189214][ T576] CPU: 1 UID: 0 PID: 576 Comm: syz.1.85 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627 [ 33.189246][ T576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 33.189259][ T576] Call Trace: [ 33.189265][ T576] [ 33.189274][ T576] __dump_stack+0x21/0x30 [ 33.189305][ T576] dump_stack_lvl+0x10c/0x190 [ 33.189331][ T576] ? __cfi_dump_stack_lvl+0x10/0x10 [ 33.189357][ T576] ? parse_opts+0x3f9/0x570 [ 33.189382][ T576] dump_stack+0x19/0x20 [ 33.189407][ T576] should_fail_ex+0x3d9/0x530 [ 33.189426][ T576] should_failslab+0xac/0x100 [ 33.189449][ T576] __kmalloc_cache_noprof+0x41/0x490 [ 33.189468][ T576] ? p9_fd_create+0x100/0x4c0 [ 33.189492][ T576] p9_fd_create+0x100/0x4c0 [ 33.189517][ T576] p9_client_create+0x800/0x1190 [ 33.189537][ T576] ? __cfi_p9_client_create+0x10/0x10 [ 33.189557][ T576] ? kasan_save_alloc_info+0x40/0x50 [ 33.189584][ T576] ? __kasan_kmalloc+0x96/0xb0 [ 33.189606][ T576] ? kstrdup+0x7b/0x140 [ 33.189633][ T576] ? __asan_memset+0x39/0x50 [ 33.189650][ T576] v9fs_session_init+0x1e1/0x1820 [ 33.189689][ T576] ? __cfi_v9fs_session_init+0x10/0x10 [ 33.189725][ T576] ? kasan_save_alloc_info+0x40/0x50 [ 33.189753][ T576] ? __kasan_kmalloc+0x96/0xb0 [ 33.189779][ T576] ? __kmalloc_cache_noprof+0x24c/0x490 [ 33.189798][ T576] ? v9fs_mount+0xbd/0xa00 [ 33.189821][ T576] v9fs_mount+0xd7/0xa00 [ 33.189840][ T576] ? __cfi_v9fs_mount+0x10/0x10 [ 33.189859][ T576] ? selinux_capable+0x38/0x50 [ 33.189888][ T576] legacy_get_tree+0x106/0x1b0 [ 33.189911][ T576] ? __cfi_v9fs_mount+0x10/0x10 [ 33.189931][ T576] vfs_get_tree+0x9e/0x290 [ 33.189960][ T576] do_new_mount+0x251/0xb40 [ 33.189976][ T576] ? security_capable+0xcf/0xf0 [ 33.190003][ T576] path_mount+0x688/0x1050 [ 33.190031][ T576] ? putname+0x113/0x150 [ 33.190050][ T576] __se_sys_mount+0x2bd/0x480 [ 33.190069][ T576] ? ksys_write+0x1ef/0x250 [ 33.190087][ T576] ? __x64_sys_mount+0xf0/0xf0 [ 33.190106][ T576] __x64_sys_mount+0xc3/0xf0 [ 33.190123][ T576] x64_sys_call+0x2021/0x2ee0 [ 33.190153][ T576] do_syscall_64+0x58/0xf0 [ 33.190176][ T576] ? clear_bhb_loop+0x50/0xa0 [ 33.190197][ T576] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 33.190230][ T576] RIP: 0033:0x7ffaf5d8eec9 [ 33.190246][ T576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 33.190262][ T576] RSP: 002b:00007ffaf6bf2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 33.190292][ T576] RAX: ffffffffffffffda RBX: 00007ffaf5fe5fa0 RCX: 00007ffaf5d8eec9 [ 33.190306][ T576] RDX: 0000200000000100 RSI: 0000200000000040 RDI: 0000000000000000 [ 33.190320][ T576] RBP: 00007ffaf6bf2090 R08: 0000200000000200 R09: 0000000000000000 [ 33.190333][ T576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 33.190345][ T576] R13: 00007ffaf5fe6038 R14: 00007ffaf5fe5fa0 R15: 00007ffc36958d78 [ 33.190361][ T576] [ 33.524257][ T578] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 33.533186][ T578] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 34.018139][ T589] netlink: 64 bytes leftover after parsing attributes in process `syz.4.91'. [ 34.087072][ T594] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=594 comm=syz.3.93 [ 34.266408][ T601] rust_binder: 76: no such ref 0 [ 34.293701][ T388] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 34.466043][ T388] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 34.486148][ T388] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 34.506000][ T388] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 34.525956][ T388] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 34.544499][ T388] usb 5-1: config 0 descriptor?? [ 34.676167][ T638] tipc: Started in network mode [ 34.681325][ T638] tipc: Node identity fe800000000000000000000000000016, cluster identity 4711 [ 34.690640][ T638] tipc: Enabling of bearer rejected, failed to enable media [ 34.724952][ T641] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=641 comm=syz.1.111 [ 34.754408][ T647] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=647 comm=syz.3.113 [ 34.987750][ T658] __vm_enough_memory: pid: 658, comm: syz.3.117, bytes: 18014402804453376 not enough memory for the allocation [ 35.014283][ T663] rust_binder: Error while translating object. [ 35.014346][ T663] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 35.020713][ T663] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:107 [ 35.045140][ T667] netlink: 'syz.3.121': attribute type 32 has an invalid length. [ 35.062797][ T669] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=669 comm=syz.1.120 [ 35.080319][ T671] rust_binder: Write failure EINVAL in pid:111 [ 35.098632][ T674] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=674 comm=syz.3.123 [ 35.183349][ T680] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=680 comm=syz.2.125 [ 35.314936][ T686] rust_binder: Read failure Err(EAGAIN) in pid:116 [ 35.350440][ T692] rust_binder: Write failure EFAULT in pid:63 [ 35.358149][ T693] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 35.376389][ T697] IPv6: NLM_F_CREATE should be specified when creating new route [ 35.397475][ T698] netlink: 76 bytes leftover after parsing attributes in process `syz.3.128'. [ 35.490450][ T702] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 136, size: 155) [ 35.490471][ T702] rust_binder: Error while translating object. [ 35.501378][ T702] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 35.507646][ T702] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:72 [ 35.556593][ T708] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=708 comm=syz.2.135 [ 35.857517][ T716] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=716 comm=syz.2.138 [ 36.187513][ T726] fuse: Bad value for 'fd' [ 36.205255][ T728] 9pnet_fd: Insufficient options for proto=fd [ 36.227224][ T730] rust_binder: Write failure EFAULT in pid:121 [ 36.258913][ T732] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 36.277285][ T388] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 36.300235][ T736] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 36.300270][ T736] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:125 [ 36.446839][ T388] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 36.467006][ T388] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 36.496929][ T745] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=531 sclass=netlink_route_socket pid=745 comm=syz.3.148 [ 36.509397][ T388] usb 3-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00 [ 36.522109][ T388] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.542260][ T388] usb 3-1: config 0 descriptor?? [ 36.547518][ T724] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 36.556870][ T388] usbhid 3-1:0.0: can't add hid device: -22 [ 36.563116][ T388] usbhid 3-1:0.0: probe with driver usbhid failed with error -22 [ 36.771056][ T31] usb 3-1: USB disconnect, device number 3 [ 37.246174][ T31] usb 5-1: USB disconnect, device number 2 [ 37.341682][ T762] netlink: 64 bytes leftover after parsing attributes in process `syz.2.155'. [ 37.352025][ T766] __vm_enough_memory: pid: 766, comm: syz.4.157, bytes: 18014402804453376 not enough memory for the allocation [ 37.405956][ T768] futex_wake_op: syz.4.158 tries to shift op by -1; fix this program [ 37.564808][ T777] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 37.570893][ T779] rust_binder: 58: no such ref 2 [ 37.577101][ T777] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 37.579499][ T779] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 37.673580][ T795] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 37.675580][ T796] netlink: 12 bytes leftover after parsing attributes in process `syz.2.169'. [ 37.681393][ T795] rust_binder: 146: no such ref 0 [ 37.692875][ T797] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 37.694955][ T797] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:107 [ 37.746280][ T800] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 2 [ 37.844041][ T808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 37.852828][ T808] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 38.001627][ T31] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 38.147266][ T36] kauditd_printk_skb: 23 callbacks suppressed [ 38.147282][ T36] audit: type=1400 audit(1760063485.641:213): avc: denied { write } for pid=811 comm="syz.1.176" name="001" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 38.155719][ T812] rust_binder: Read failure Err(EAGAIN) in pid:108 [ 38.176820][ T36] audit: type=1400 audit(1760063485.650:214): avc: denied { read } for pid=811 comm="syz.1.176" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 38.203889][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 38.204093][ T814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 38.215048][ T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 38.223712][ T814] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 38.236659][ T31] usb 5-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00 [ 38.253662][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.262649][ T31] usb 5-1: config 0 descriptor?? [ 38.268075][ T806] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 38.276734][ T31] usbhid 5-1:0.0: can't add hid device: -22 [ 38.282974][ T31] usbhid 5-1:0.0: probe with driver usbhid failed with error -22 [ 38.341615][ T36] audit: type=1400 audit(1760063485.819:215): avc: denied { append } for pid=813 comm="syz.1.177" name="binder1" dev="binder" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 38.443065][ T36] audit: type=1400 audit(1760063485.922:216): avc: denied { ioctl } for pid=816 comm="syz.3.178" path="/dev/ptp0" dev="devtmpfs" ino=196 ioctlcmd=0x3d03 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 38.514816][ T330] usb 5-1: USB disconnect, device number 3 [ 53.891947][ T36] audit: type=1400 audit(1760063500.419:217): avc: denied { setopt } for pid=838 comm="syz.1.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 53.901263][ T845] kernel profiling enabled (shift: 0) [ 53.921134][ T36] audit: type=1400 audit(1760063500.438:218): avc: denied { write } for pid=838 comm="syz.1.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 53.951439][ T36] audit: type=1400 audit(1760063500.438:219): avc: denied { bind } for pid=838 comm="syz.1.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 53.976714][ T36] audit: type=1400 audit(1760063500.438:220): avc: denied { accept } for pid=838 comm="syz.1.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 53.999642][ T851] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 53.999675][ T851] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:70 [ 54.011869][ T36] audit: type=1400 audit(1760063500.438:221): avc: denied { read } for pid=838 comm="syz.1.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 54.017088][ T844] rust_binder: 118: no such ref 2 [ 54.021433][ T36] audit: type=1400 audit(1760063500.485:222): avc: denied { shutdown } for pid=838 comm="syz.1.185" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 54.066471][ T853] UHID_CREATE from different security context by process 70 (syz.4.188), this is not allowed. [ 54.082786][ T36] audit: type=1400 audit(1760063500.532:223): avc: denied { setopt } for pid=841 comm="syz.2.186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 54.111232][ T36] audit: type=1400 audit(1760063500.579:224): avc: denied { read write } for pid=849 comm="syz.4.188" name="uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 54.135263][ T36] audit: type=1400 audit(1760063500.579:225): avc: denied { open } for pid=849 comm="syz.4.188" path="/dev/uhid" dev="devtmpfs" ino=199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 54.250244][ T36] audit: type=1400 audit(1760063500.748:226): avc: denied { map } for pid=868 comm="syz.1.194" path="socket:[10414]" dev="sockfs" ino=10414 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 54.584373][ T330] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 54.754889][ T330] usb 3-1: Using ep0 maxpacket: 32 [ 54.761142][ T330] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 54.772176][ T330] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 54.805092][ T330] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 54.825734][ T330] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 54.836121][ T888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 54.844789][ T330] usb 3-1: Product: syz [ 54.848996][ T330] usb 3-1: Manufacturer: syz [ 54.854074][ T888] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 54.864834][ T330] hub 3-1:4.0: USB hub found [ 54.939915][ T895] capability: warning: `syz.1.205' uses deprecated v2 capabilities in a way that may be insecure [ 54.953088][ T895] rust_binder: Error while translating object. [ 54.953145][ T895] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 54.959517][ T895] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:133 [ 55.008146][ T897] FAULT_INJECTION: forcing a failure. [ 55.008146][ T897] name failslab, interval 1, probability 0, space 0, times 0 [ 55.030177][ T897] CPU: 0 UID: 0 PID: 897 Comm: syz.1.206 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627 [ 55.030216][ T897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 55.030231][ T897] Call Trace: [ 55.030238][ T897] [ 55.030246][ T897] __dump_stack+0x21/0x30 [ 55.030282][ T897] dump_stack_lvl+0x10c/0x190 [ 55.030304][ T897] ? __cfi_dump_stack_lvl+0x10/0x10 [ 55.030325][ T897] ? avc_has_perm+0x144/0x220 [ 55.030348][ T897] dump_stack+0x19/0x20 [ 55.030368][ T897] should_fail_ex+0x3d9/0x530 [ 55.030391][ T897] should_failslab+0xac/0x100 [ 55.030409][ T897] __kmalloc_cache_noprof+0x41/0x490 [ 55.030425][ T897] ? vhost_task_create+0x101/0x350 [ 55.030441][ T897] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 55.030460][ T897] vhost_task_create+0x101/0x350 [ 55.030475][ T897] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 55.030494][ T897] ? __cfi_vhost_task_create+0x10/0x10 [ 55.030510][ T897] ? __cfi_vhost_task_fn+0x10/0x10 [ 55.030526][ T897] ? __kasan_check_write+0x18/0x20 [ 55.030549][ T897] ? mutex_lock+0x92/0x1c0 [ 55.030572][ T897] ? __cfi_mutex_lock+0x10/0x10 [ 55.030595][ T897] ? kernel_text_address+0xa9/0xe0 [ 55.030615][ T897] kvm_mmu_post_init_vm+0x156/0x2d0 [ 55.030638][ T897] kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0 [ 55.030660][ T897] ? _parse_integer_limit+0x195/0x1e0 [ 55.030685][ T897] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 55.030708][ T897] ? kstrtoull+0x13b/0x1e0 [ 55.030733][ T897] ? kstrtouint+0x78/0xf0 [ 55.030746][ T897] ? ioctl_has_perm+0x1aa/0x4d0 [ 55.030765][ T897] ? __asan_memcpy+0x5a/0x80 [ 55.030779][ T897] ? ioctl_has_perm+0x3e0/0x4d0 [ 55.030797][ T897] ? has_cap_mac_admin+0xd0/0xd0 [ 55.030816][ T897] ? __kasan_check_write+0x18/0x20 [ 55.030839][ T897] ? mutex_lock_killable+0x92/0x1c0 [ 55.030864][ T897] ? __cfi_mutex_lock_killable+0x10/0x10 [ 55.030900][ T897] ? proc_fail_nth_write+0x17e/0x210 [ 55.030931][ T897] kvm_vcpu_ioctl+0x96f/0xee0 [ 55.030950][ T897] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 55.030964][ T897] ? __cfi_vfs_write+0x10/0x10 [ 55.030979][ T897] ? __kasan_check_write+0x18/0x20 [ 55.031003][ T897] ? mutex_unlock+0x8b/0x240 [ 55.031025][ T897] ? __cfi_mutex_unlock+0x10/0x10 [ 55.031048][ T897] ? __fget_files+0x2c5/0x340 [ 55.031066][ T897] ? __fget_files+0x2c5/0x340 [ 55.031082][ T897] ? bpf_lsm_file_ioctl+0xd/0x20 [ 55.031104][ T897] ? security_file_ioctl+0x34/0xd0 [ 55.031122][ T897] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 55.031137][ T897] __se_sys_ioctl+0x135/0x1b0 [ 55.031156][ T897] __x64_sys_ioctl+0x7f/0xa0 [ 55.031172][ T897] x64_sys_call+0x1878/0x2ee0 [ 55.031196][ T897] do_syscall_64+0x58/0xf0 [ 55.031215][ T897] ? clear_bhb_loop+0x50/0xa0 [ 55.031231][ T897] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 55.031257][ T897] RIP: 0033:0x7ffaf5d8eec9 [ 55.031271][ T897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.031284][ T897] RSP: 002b:00007ffaf6bf2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 55.031301][ T897] RAX: ffffffffffffffda RBX: 00007ffaf5fe5fa0 RCX: 00007ffaf5d8eec9 [ 55.031314][ T897] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 55.031324][ T897] RBP: 00007ffaf6bf2090 R08: 0000000000000000 R09: 0000000000000000 [ 55.031334][ T897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 55.031344][ T897] R13: 00007ffaf5fe6038 R14: 00007ffaf5fe5fa0 R15: 00007ffc36958d78 [ 55.031358][ T897] [ 55.383746][ T330] hub 3-1:4.0: config failed, hub has too many ports! (err -19) [ 55.494865][ T908] rust_binder: 79: no such ref 0 [ 55.500118][ T908] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 55.507476][ T908] rust_binder: 79: no such ref 0 [ 55.650311][ T379] usb 3-1: USB disconnect, device number 4 [ 55.698472][ T935] rust_binder: 140: no such ref 0 [ 55.703887][ T935] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 55.711151][ T935] rust_binder: 140: no such ref 0 [ 55.821175][ T955] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 55.821212][ T955] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:187 [ 55.836582][ T957] FAULT_INJECTION: forcing a failure. [ 55.836582][ T957] name failslab, interval 1, probability 0, space 0, times 0 [ 55.851074][ T959] netlink: 'syz.3.232': attribute type 1 has an invalid length. [ 55.865289][ T957] CPU: 1 UID: 0 PID: 957 Comm: syz.4.230 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627 [ 55.865334][ T957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 55.865350][ T957] Call Trace: [ 55.865366][ T957] [ 55.865375][ T957] __dump_stack+0x21/0x30 [ 55.865415][ T957] dump_stack_lvl+0x10c/0x190 [ 55.865447][ T957] ? __cfi_dump_stack_lvl+0x10/0x10 [ 55.865484][ T957] dump_stack+0x19/0x20 [ 55.865518][ T957] should_fail_ex+0x3d9/0x530 [ 55.865542][ T957] should_failslab+0xac/0x100 [ 55.865572][ T957] kmem_cache_alloc_node_noprof+0x45/0x440 [ 55.865596][ T957] ? dup_task_struct+0xbc/0xc50 [ 55.865625][ T957] ? kasan_save_alloc_info+0x40/0x50 [ 55.865659][ T957] ? __kasan_kmalloc+0x96/0xb0 [ 55.865686][ T957] ? __kmalloc_cache_noprof+0x24c/0x490 [ 55.865711][ T957] dup_task_struct+0xbc/0xc50 [ 55.865739][ T957] ? __kasan_check_write+0x18/0x20 [ 55.865775][ T957] ? _raw_spin_lock_irq+0x8d/0x120 [ 55.865805][ T957] ? copy_process+0x3220/0x3220 [ 55.865834][ T957] ? __kasan_check_write+0x18/0x20 [ 55.865870][ T957] copy_process+0x538/0x3220 [ 55.865903][ T957] ? kasan_save_alloc_info+0x40/0x50 [ 55.865937][ T957] ? __cfi_copy_process+0x10/0x10 [ 55.865965][ T957] ? __kmalloc_cache_noprof+0x24c/0x490 [ 55.865989][ T957] ? __kasan_check_write+0x18/0x20 [ 55.866025][ T957] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 55.866055][ T957] vhost_task_create+0x1d6/0x350 [ 55.866076][ T957] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 55.866105][ T957] ? __cfi_vhost_task_create+0x10/0x10 [ 55.866128][ T957] ? __cfi_vhost_task_fn+0x10/0x10 [ 55.866148][ T957] ? __kasan_check_write+0x18/0x20 [ 55.866180][ T957] ? mutex_lock+0x92/0x1c0 [ 55.866213][ T957] ? __cfi_mutex_lock+0x10/0x10 [ 55.866249][ T957] ? kernel_text_address+0xa9/0xe0 [ 55.866285][ T957] kvm_mmu_post_init_vm+0x156/0x2d0 [ 55.866319][ T957] kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0 [ 55.866362][ T957] ? _parse_integer_limit+0x195/0x1e0 [ 55.866401][ T957] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 55.866432][ T957] ? kstrtoull+0x13b/0x1e0 [ 55.866468][ T957] ? kstrtouint+0x78/0xf0 [ 55.866491][ T957] ? ioctl_has_perm+0x1aa/0x4d0 [ 55.866520][ T957] ? __asan_memcpy+0x5a/0x80 [ 55.866547][ T957] ? ioctl_has_perm+0x3e0/0x4d0 [ 55.866577][ T957] ? has_cap_mac_admin+0xd0/0xd0 [ 55.866605][ T957] ? __kasan_check_write+0x18/0x20 [ 55.866641][ T957] ? mutex_lock_killable+0x92/0x1c0 [ 55.866682][ T957] ? __cfi_mutex_lock_killable+0x10/0x10 [ 55.866718][ T957] ? proc_fail_nth_write+0x17e/0x210 [ 55.866751][ T957] kvm_vcpu_ioctl+0x96f/0xee0 [ 55.866775][ T957] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 55.866798][ T957] ? __cfi_vfs_write+0x10/0x10 [ 55.866822][ T957] ? __kasan_check_write+0x18/0x20 [ 55.866858][ T957] ? mutex_unlock+0x8b/0x240 [ 55.866892][ T957] ? __cfi_mutex_unlock+0x10/0x10 [ 55.866927][ T957] ? __fget_files+0x2c5/0x340 [ 55.866955][ T957] ? __fget_files+0x2c5/0x340 [ 55.866980][ T957] ? bpf_lsm_file_ioctl+0xd/0x20 [ 55.867014][ T957] ? security_file_ioctl+0x34/0xd0 [ 55.867041][ T957] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 55.867064][ T957] __se_sys_ioctl+0x135/0x1b0 [ 55.867090][ T957] __x64_sys_ioctl+0x7f/0xa0 [ 55.867115][ T957] x64_sys_call+0x1878/0x2ee0 [ 55.867151][ T957] do_syscall_64+0x58/0xf0 [ 55.867182][ T957] ? clear_bhb_loop+0x50/0xa0 [ 55.867206][ T957] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 55.867246][ T957] RIP: 0033:0x7fb0a3b8eec9 [ 55.867267][ T957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 55.867287][ T957] RSP: 002b:00007fb0a4997038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 55.867314][ T957] RAX: ffffffffffffffda RBX: 00007fb0a3de5fa0 RCX: 00007fb0a3b8eec9 [ 55.867333][ T957] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 55.867350][ T957] RBP: 00007fb0a4997090 R08: 0000000000000000 R09: 0000000000000000 [ 55.867372][ T957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 55.867388][ T957] R13: 00007fb0a3de6038 R14: 00007fb0a3de5fa0 R15: 00007ffc26c41888 [ 55.867410][ T957] [ 56.442904][ T965] rust_binder: Error while translating object. [ 56.442982][ T965] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 56.449578][ T965] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:107 [ 56.459603][ T967] netlink: 12 bytes leftover after parsing attributes in process `syz.3.232'. [ 56.541816][ T971] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 56.554530][ T971] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 56.564222][ T973] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 56.564247][ T973] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:110 [ 56.670055][ T979] tipc: Enabling of bearer rejected, failed to enable media [ 56.854564][ T330] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 56.876104][ T991] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 56.876131][ T991] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:153 [ 56.992944][ T330] usb 5-1: device descriptor read/64, error -71 [ 57.017524][ T994] rust_binder: Error in use_page_slow: ESRCH [ 57.017545][ T994] rust_binder: use_range failure ESRCH [ 57.023550][ T994] rust_binder: Failed to allocate buffer. len:1048, is_oneway:false [ 57.029337][ T994] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 57.037411][ T994] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:155 [ 57.259397][ T330] usb 5-1: device descriptor read/64, error -71 [ 57.525856][ T330] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 57.626646][ T999] netlink: 64 bytes leftover after parsing attributes in process `syz.3.249'. [ 57.649654][ T1001] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 57.657842][ T1001] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 57.657877][ T1001] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:205 [ 57.667425][ T330] usb 5-1: device descriptor read/64, error -71 [ 57.712085][ T1005] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 57.740891][ T1008] rust_binder: 148: no such ref 0 [ 57.830724][ T1015] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 57.830764][ T1015] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:158 [ 57.905600][ T1025] __vm_enough_memory: pid: 1025, comm: syz.1.260, bytes: 18014402804453376 not enough memory for the allocation [ 57.926898][ T1025] __vm_enough_memory: pid: 1025, comm: syz.1.260, bytes: 18014402804453376 not enough memory for the allocation [ 57.939334][ T1025] __vm_enough_memory: pid: 1025, comm: syz.1.260, bytes: 18014402804453376 not enough memory for the allocation [ 57.951510][ T1025] __vm_enough_memory: pid: 1025, comm: syz.1.260, bytes: 18014402804453376 not enough memory for the allocation [ 57.963414][ T330] usb 5-1: device descriptor read/64, error -71 [ 57.963497][ T1025] __vm_enough_memory: pid: 1025, comm: syz.1.260, bytes: 18014402804453376 not enough memory for the allocation [ 57.981722][ T1025] __vm_enough_memory: pid: 1025, comm: syz.1.260, bytes: 18014402804453376 not enough memory for the allocation [ 57.993731][ T1025] __vm_enough_memory: pid: 1025, comm: syz.1.260, bytes: 18014402804453376 not enough memory for the allocation [ 58.006270][ T1025] __vm_enough_memory: pid: 1025, comm: syz.1.260, bytes: 18014402804453376 not enough memory for the allocation [ 58.018608][ T1025] __vm_enough_memory: pid: 1025, comm: syz.1.260, bytes: 18014402804453376 not enough memory for the allocation [ 58.035848][ T1025] __vm_enough_memory: pid: 1025, comm: syz.1.260, bytes: 18014402804453376 not enough memory for the allocation [ 58.081184][ T330] usb usb5-port1: attempt power cycle [ 58.100245][ T1033] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 58.204416][ T1046] rust_binder: Read failure Err(EAGAIN) in pid:225 [ 58.235059][ T1050] tipc: Enabling of bearer rejected, failed to enable media [ 58.295435][ T1058] netlink: 64 bytes leftover after parsing attributes in process `syz.3.274'. [ 58.339067][ T1062] rust_binder: 240: no such ref 0 [ 58.344308][ T1062] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 58.351734][ T1062] rust_binder: 240: no such ref 0 [ 58.448707][ T1066] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 58.457376][ T330] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 58.498439][ T330] usb 5-1: device descriptor read/8, error -71 [ 58.545725][ T1069] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 58.554301][ T1069] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 58.635790][ T330] usb 5-1: device descriptor read/8, error -71 [ 58.870211][ T1081] rust_binder: 172: no such ref 0 [ 58.875569][ T1081] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 58.882898][ T1081] rust_binder: 172: no such ref 0 [ 58.889965][ T330] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 58.905584][ T1083] rust_binder: Read failure Err(EAGAIN) in pid:174 [ 58.912428][ T330] usb 5-1: device descriptor read/8, error -71 [ 58.930157][ T1085] tipc: Started in network mode [ 58.935490][ T1085] tipc: Node identity fe800000000000000000000000000016, cluster identity 4711 [ 58.944643][ T1085] tipc: Enabling of bearer rejected, failed to enable media [ 59.061505][ T330] usb 5-1: device descriptor read/8, error -71 [ 59.087691][ T1099] ======================================================= [ 59.087691][ T1099] WARNING: The mand mount option has been deprecated and [ 59.087691][ T1099] and is ignored by this kernel. Remove the mand [ 59.087691][ T1099] option from the mount to silence this warning. [ 59.087691][ T1099] ======================================================= [ 59.188478][ T330] usb usb5-port1: unable to enumerate USB device [ 59.200479][ T1115] rust_binder: Read failure Err(EAGAIN) in pid:255 [ 59.225644][ T1119] 9pnet_fd: Insufficient options for proto=fd [ 59.235430][ T1121] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 59.261426][ T1121] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 59.350376][ T36] kauditd_printk_skb: 21 callbacks suppressed [ 59.350394][ T36] audit: type=1400 audit(1760063505.543:248): avc: denied { accept } for pid=1125 comm="syz.2.307" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 59.387679][ T36] audit: type=1400 audit(1760063505.571:249): avc: denied { mount } for pid=1130 comm="syz.2.308" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 59.425746][ T36] audit: type=1400 audit(1760063505.608:250): avc: denied { mounton } for pid=1134 comm="syz.1.310" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 59.425776][ T1135] binder: Bad value for 'stats' [ 59.541157][ T1145] netlink: 'syz.1.314': attribute type 4 has an invalid length. [ 59.664723][ T1152] kvm: kvm [1151]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x4000000d) [ 59.673716][ T1152] rust_binder: 213: no such ref 2 [ 59.797891][ T36] audit: type=1400 audit(1760063505.956:251): avc: denied { read } for pid=150 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 59.824367][ T1156] can0: slcan on ptm0. [ 59.834800][ T36] audit: type=1400 audit(1760063505.993:252): avc: denied { search } for pid=150 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 59.866692][ T36] audit: type=1400 audit(1760063505.993:253): avc: denied { read } for pid=150 comm="dhcpcd" name="n15" dev="tmpfs" ino=2100 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 59.889128][ T36] audit: type=1400 audit(1760063505.993:254): avc: denied { open } for pid=150 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=2100 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 59.932355][ T36] audit: type=1400 audit(1760063505.993:255): avc: denied { getattr } for pid=150 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=2100 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 59.992577][ T1179] netlink: 188 bytes leftover after parsing attributes in process `syz.2.322'. [ 60.005447][ T36] audit: type=1400 audit(1760063505.993:256): avc: denied { map } for pid=1155 comm="syz.1.318" path="pipe:[13615]" dev="pipefs" ino=13615 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 60.042930][ T1183] rust_binder: Read failure Err(EAGAIN) in pid:117 [ 60.043827][ T36] audit: type=1400 audit(1760063506.012:257): avc: denied { execute } for pid=1155 comm="syz.1.318" path="pipe:[13615]" dev="pipefs" ino=13615 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 60.171223][ T1199] Bluetooth: hci0: Frame reassembly failed (-84) [ 60.177749][ T128] Bluetooth: hci0: Frame reassembly failed (-84) [ 60.342939][ T1210] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 60.342968][ T1210] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:202 [ 60.350076][ T379] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 60.523865][ T379] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 60.532762][ T379] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 60.548021][ T379] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 60.562303][ T379] usb 5-1: config 1 has no interface number 0 [ 60.574035][ T379] usb 5-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 60.584996][ T379] usb 5-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 60.600335][ T379] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 60.609771][ T379] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 60.617895][ T379] usb 5-1: Product: syz [ 60.622103][ T379] usb 5-1: Manufacturer: syz [ 60.626697][ T379] usb 5-1: SerialNumber: syz [ 60.672228][ T1232] FAULT_INJECTION: forcing a failure. [ 60.672228][ T1232] name failslab, interval 1, probability 0, space 0, times 0 [ 60.685067][ T1232] CPU: 0 UID: 0 PID: 1232 Comm: syz.2.343 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627 [ 60.685104][ T1232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 60.685117][ T1232] Call Trace: [ 60.685123][ T1232] [ 60.685132][ T1232] __dump_stack+0x21/0x30 [ 60.685163][ T1232] dump_stack_lvl+0x10c/0x190 [ 60.685189][ T1232] ? __cfi_dump_stack_lvl+0x10/0x10 [ 60.685219][ T1232] ? avc_has_perm+0x144/0x220 [ 60.685247][ T1232] dump_stack+0x19/0x20 [ 60.685272][ T1232] should_fail_ex+0x3d9/0x530 [ 60.685292][ T1232] should_failslab+0xac/0x100 [ 60.685315][ T1232] __kmalloc_cache_noprof+0x41/0x490 [ 60.685334][ T1232] ? vhost_task_create+0x101/0x350 [ 60.685358][ T1232] ? __cfi_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 60.685381][ T1232] vhost_task_create+0x101/0x350 [ 60.685400][ T1232] ? __cfi_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 60.685422][ T1232] ? __cfi_vhost_task_create+0x10/0x10 [ 60.685444][ T1232] ? __cfi_vhost_task_fn+0x10/0x10 [ 60.685463][ T1232] ? __kasan_check_write+0x18/0x20 [ 60.685495][ T1232] ? mutex_lock+0x92/0x1c0 [ 60.685525][ T1232] ? __cfi_mutex_lock+0x10/0x10 [ 60.685551][ T1232] ? kernel_text_address+0xa9/0xe0 [ 60.685577][ T1232] kvm_mmu_post_init_vm+0x156/0x2d0 [ 60.685605][ T1232] kvm_arch_vcpu_ioctl_run+0xd7/0x1aa0 [ 60.685633][ T1232] ? _parse_integer_limit+0x195/0x1e0 [ 60.685666][ T1232] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 60.685691][ T1232] ? kstrtoull+0x13b/0x1e0 [ 60.685720][ T1232] ? kstrtouint+0x78/0xf0 [ 60.685736][ T1232] ? ioctl_has_perm+0x1aa/0x4d0 [ 60.685758][ T1232] ? __asan_memcpy+0x5a/0x80 [ 60.685793][ T1232] ? ioctl_has_perm+0x3e0/0x4d0 [ 60.685816][ T1232] ? has_cap_mac_admin+0xd0/0xd0 [ 60.685838][ T1232] ? __kasan_check_write+0x18/0x20 [ 60.685867][ T1232] ? mutex_lock_killable+0x92/0x1c0 [ 60.685896][ T1232] ? __cfi_mutex_lock_killable+0x10/0x10 [ 60.685929][ T1232] ? proc_fail_nth_write+0x17e/0x210 [ 60.685957][ T1232] kvm_vcpu_ioctl+0x96f/0xee0 [ 60.685975][ T1232] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 60.685993][ T1232] ? __cfi_vfs_write+0x10/0x10 [ 60.686011][ T1232] ? __kasan_check_write+0x18/0x20 [ 60.686040][ T1232] ? mutex_unlock+0x8b/0x240 [ 60.686075][ T1232] ? __cfi_mutex_unlock+0x10/0x10 [ 60.686102][ T1232] ? __fget_files+0x2c5/0x340 [ 60.686124][ T1232] ? __fget_files+0x2c5/0x340 [ 60.686145][ T1232] ? bpf_lsm_file_ioctl+0xd/0x20 [ 60.686172][ T1232] ? security_file_ioctl+0x34/0xd0 [ 60.686195][ T1232] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 60.686214][ T1232] __se_sys_ioctl+0x135/0x1b0 [ 60.686236][ T1232] __x64_sys_ioctl+0x7f/0xa0 [ 60.686257][ T1232] x64_sys_call+0x1878/0x2ee0 [ 60.686286][ T1232] do_syscall_64+0x58/0xf0 [ 60.686308][ T1232] ? clear_bhb_loop+0x50/0xa0 [ 60.686330][ T1232] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 60.686364][ T1232] RIP: 0033:0x7f3a0778eec9 [ 60.686380][ T1232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 60.686398][ T1232] RSP: 002b:00007f3a08544038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 60.686419][ T1232] RAX: ffffffffffffffda RBX: 00007f3a079e5fa0 RCX: 00007f3a0778eec9 [ 60.686435][ T1232] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 60.686447][ T1232] RBP: 00007f3a08544090 R08: 0000000000000000 R09: 0000000000000000 [ 60.686460][ T1232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 60.686472][ T1232] R13: 00007f3a079e6038 R14: 00007f3a079e5fa0 R15: 00007ffe99a8f478 [ 60.686493][ T1232] [ 60.855681][ T379] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 61.053479][ T379] usb 5-1: USB disconnect, device number 8 [ 61.065596][ T1235] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 61.074299][ T1235] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 61.145866][ T1243] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0) [ 61.155063][ T1243] SELinux: failed to load policy [ 61.197132][ T1247] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 61.291393][ T1254] tipc: Started in network mode [ 61.296491][ T1254] tipc: Node identity fe800000000000000000000000000016, cluster identity 4711 [ 61.305644][ T1254] tipc: Enabling of bearer rejected, failed to enable media [ 61.342589][ T1258] selinux_netlink_send: 2 callbacks suppressed [ 61.342610][ T1258] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35 sclass=netlink_route_socket pid=1258 comm=syz.2.355 [ 61.393231][ T1262] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 61.400582][ T1262] rust_binder: 251: no such ref 0 [ 61.668457][ T1270] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 61.680971][ T1270] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 61.692862][ T379] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 61.714390][ T1276] IPv6: NLM_F_CREATE should be specified when creating new route [ 61.744382][ T1280] tipc: Started in network mode [ 61.749370][ T1280] tipc: Node identity fe800000000000000000000000000016, cluster identity 4711 [ 61.758376][ T1280] tipc: Enabling of bearer rejected, failed to enable media [ 61.777356][ T1282] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 61.784643][ T1282] rust_binder: 134: no such ref 0 [ 61.854019][ T379] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 61.865082][ T379] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 61.877947][ T379] usb 3-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00 [ 61.887028][ T379] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.897462][ T379] usb 3-1: config 0 descriptor?? [ 61.904065][ T1266] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 61.912505][ T379] usbhid 3-1:0.0: can't add hid device: -22 [ 61.918590][ T379] usbhid 3-1:0.0: probe with driver usbhid failed with error -22 [ 62.147351][ T388] usb 3-1: USB disconnect, device number 5 [ 62.172423][ T1022] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 62.311057][ T1200] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 62.311280][ T1201] Bluetooth: hci0: command 0x1003 tx timeout [ 62.333530][ T1022] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 62.344571][ T1022] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 62.357626][ T1022] usb 5-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00 [ 62.366734][ T1022] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.375573][ T1022] usb 5-1: config 0 descriptor?? [ 62.382748][ T1286] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 62.395028][ T1293] usb usb8: usbfs: process 1293 (syz.1.371) did not claim interface 0 before use [ 62.395925][ T1022] usbhid 5-1:0.0: can't add hid device: -22 [ 62.407095][ T1291] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.410431][ T1022] usbhid 5-1:0.0: probe with driver usbhid failed with error -22 [ 62.570025][ T1305] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 62.578612][ T1305] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 62.661124][ T457] usb 5-1: USB disconnect, device number 9 [ 62.854273][ T1319] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 62.861592][ T1319] rust_binder: 271: no such ref 0 [ 62.883460][ T1321] SELinux: Context system_u:object_r:crond_var_run_t:s0 is not valid (left unmapped). [ 62.886148][ T1323] tipc: Enabling of bearer rejected, failed to enable media [ 63.163569][ T65] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 63.257247][ T1340] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 63.265823][ T1340] rust_binder: 247: no such ref 0 [ 63.324603][ T65] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 63.335837][ T65] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 63.349005][ T65] usb 3-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00 [ 63.363148][ T65] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.376888][ T65] usb 3-1: config 0 descriptor?? [ 63.382116][ T1325] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 63.392368][ T65] usbhid 3-1:0.0: can't add hid device: -22 [ 63.398543][ T65] usbhid 3-1:0.0: probe with driver usbhid failed with error -22 [ 63.625611][ T330] usb 3-1: USB disconnect, device number 6 [ 63.834948][ T457] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 63.929810][ T1361] IPv6: NLM_F_CREATE should be specified when creating new route [ 64.006605][ T457] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 64.017320][ T457] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 64.023647][ T1373] __vm_enough_memory: 23 callbacks suppressed [ 64.023668][ T1373] __vm_enough_memory: pid: 1373, comm: syz.1.405, bytes: 18014402804453376 not enough memory for the allocation [ 64.029041][ T457] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 64.053901][ T457] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 64.062320][ T457] usb 5-1: Product: syz [ 64.066562][ T457] usb 5-1: Manufacturer: syz [ 64.071229][ T457] usb 5-1: SerialNumber: syz [ 64.294545][ T457] usb 5-1: 0:2 : does not exist [ 64.301458][ T457] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 64.312649][ T457] usb 5-1: 5:0: cannot get min/max values for control 2 (id 5) [ 64.322184][ T457] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5) [ 64.331983][ T457] usb 5-1: 5:0: cannot get min/max values for control 4 (id 5) [ 64.341531][ T457] usb 5-1: 5:0: cannot get min/max values for control 5 (id 5) [ 64.351369][ T457] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 64.362444][ T457] usb 5-1: 5:0: cannot get min/max values for control 8 (id 5) [ 64.372109][ T457] usb 5-1: USB disconnect, device number 10 [ 64.447943][ T65] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 64.614081][ T65] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 64.625099][ T65] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 64.638035][ T65] usb 3-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00 [ 64.647128][ T65] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.655902][ T65] usb 3-1: config 0 descriptor?? [ 64.661206][ T1381] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 64.669667][ T65] usbhid 3-1:0.0: can't add hid device: -22 [ 64.675631][ T65] usbhid 3-1:0.0: probe with driver usbhid failed with error -22 [ 64.951970][ T65] usb 3-1: USB disconnect, device number 7 [ 65.027917][ T36] kauditd_printk_skb: 25 callbacks suppressed [ 65.027937][ T36] audit: type=1400 audit(1760063510.863:283): avc: denied { rename } for pid=1384 comm="syz.4.410" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 65.077772][ T36] audit: type=1400 audit(1760063510.910:284): avc: denied { create } for pid=1392 comm="syz.1.413" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 65.082180][ T1393] rust_binder: 265: no such ref 2 [ 65.422924][ T31] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 65.591126][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 65.602123][ T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 65.615127][ T31] usb 5-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00 [ 65.624398][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.633062][ T31] usb 5-1: config 0 descriptor?? [ 65.639236][ T1399] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 65.647652][ T31] usbhid 5-1:0.0: can't add hid device: -22 [ 65.653638][ T31] usbhid 5-1:0.0: probe with driver usbhid failed with error -22 [ 65.873498][ T31] usb 5-1: USB disconnect, device number 11 [ 66.199104][ T1422] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 66.207748][ T1422] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 66.438360][ T1427] tipc: Enabling of bearer rejected, failed to enable media [ 66.850963][ T10] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 66.893150][ T36] audit: type=1400 audit(1760063512.608:285): avc: denied { execute } for pid=1439 comm="syz.3.432" path="/cpuacct.usage_percpu" dev="ramfs" ino=15210 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 66.902460][ T1440] netlink: 56 bytes leftover after parsing attributes in process `syz.3.432'. [ 67.032158][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 67.039822][ T10] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 67.049345][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 67.065781][ T1450] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.074219][ T10] usb 3-1: Product: syz [ 67.078562][ T10] usb 3-1: Manufacturer: syz [ 67.083188][ T10] usb 3-1: SerialNumber: syz [ 67.087979][ T1450] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.313036][ T10] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 67.527157][ T36] audit: type=1400 audit(1760063513.209:286): avc: denied { read write } for pid=1432 comm="syz.2.429" name="lp0" dev="devtmpfs" ino=471 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 67.550628][ T36] audit: type=1400 audit(1760063513.209:287): avc: denied { open } for pid=1432 comm="syz.2.429" path="/dev/usb/lp0" dev="devtmpfs" ino=471 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 67.581599][ C0] usblp0: nonzero write bulk status received: -71 [ 67.581652][ T31] usb 3-1: USB disconnect, device number 8 [ 67.594677][ T31] usblp0: removed [ 67.674902][ T1459] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 67.683626][ T1459] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 67.906739][ T1463] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 68.303599][ T1474] tipc: Enabling of bearer rejected, failed to enable media [ 68.417607][ T457] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 68.428237][ T1484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 68.436750][ T1484] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 68.599984][ T457] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 68.611182][ T457] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 68.624463][ T457] usb 3-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00 [ 68.641469][ T457] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 68.656729][ T457] usb 3-1: config 0 descriptor?? [ 68.662789][ T1472] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 68.670820][ T457] usbhid 3-1:0.0: can't add hid device: -22 [ 68.676868][ T457] usbhid 3-1:0.0: probe with driver usbhid failed with error -22 [ 68.922807][ T457] usb 3-1: USB disconnect, device number 9 [ 69.007721][ T1503] /dev/rnullb0: Can't open blockdev [ 69.013466][ T1503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.022095][ T1503] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.739156][ T1022] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 69.752706][ T1520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 69.761490][ T1520] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 69.864443][ T1529] rust_binder: BC_CLEAR_DEATH_NOTIFICATION death notification not active [ 69.900278][ T1022] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 69.915037][ T1022] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 69.928650][ T1022] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 69.939890][ T1022] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 69.947962][ T1022] usb 3-1: Product: syz [ 69.952234][ T1022] usb 3-1: Manufacturer: syz [ 69.956847][ T1022] usb 3-1: SerialNumber: syz [ 69.962023][ T1022] usb 3-1: config 0 descriptor?? [ 69.968591][ T1022] usb 3-1: 0:0 : invalid sync pipe. bmAttributes 00, bLength 9, bSynchAddress 00 [ 70.030476][ T1538] FAULT_INJECTION: forcing a failure. [ 70.030476][ T1538] name failslab, interval 1, probability 0, space 0, times 0 [ 70.043248][ T1538] CPU: 0 UID: 0 PID: 1538 Comm: syz.3.473 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627 [ 70.043286][ T1538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 70.043300][ T1538] Call Trace: [ 70.043307][ T1538] [ 70.043314][ T1538] __dump_stack+0x21/0x30 [ 70.043340][ T1538] dump_stack_lvl+0x10c/0x190 [ 70.043368][ T1538] ? __cfi_dump_stack_lvl+0x10/0x10 [ 70.043400][ T1538] dump_stack+0x19/0x20 [ 70.043428][ T1538] should_fail_ex+0x3d9/0x530 [ 70.043451][ T1538] should_failslab+0xac/0x100 [ 70.043473][ T1538] kmem_cache_alloc_noprof+0x42/0x430 [ 70.043488][ T1538] ? __kvm_mmu_topup_memory_cache+0x1eb/0x860 [ 70.043514][ T1538] __kvm_mmu_topup_memory_cache+0x1eb/0x860 [ 70.043550][ T1538] ? mutex_unlock+0x8b/0x240 [ 70.043584][ T1538] kvm_mmu_topup_memory_cache+0x24/0x30 [ 70.043614][ T1538] kvm_mmu_load+0xa2/0x28a0 [ 70.043635][ T1538] ? kvm_hv_setup_tsc_page+0x5ee/0xa70 [ 70.043658][ T1538] ? kvm_apic_has_interrupt+0x79b/0x7b0 [ 70.043691][ T1538] vcpu_run+0x4d2d/0x7830 [ 70.043719][ T1538] ? x64_sys_call+0xe69/0x2ee0 [ 70.043764][ T1538] ? signal_pending+0xc0/0xc0 [ 70.043785][ T1538] ? vmx_set_nmi_mask+0x13f/0x2a0 [ 70.043807][ T1538] ? __kasan_check_write+0x18/0x20 [ 70.043842][ T1538] ? kvm_vcpu_ioctl_x86_set_vcpu_events+0xc80/0x13c0 [ 70.043868][ T1538] kvm_arch_vcpu_ioctl_run+0x101a/0x1aa0 [ 70.043900][ T1538] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 70.043926][ T1538] ? __kasan_check_write+0x18/0x20 [ 70.043949][ T1538] ? mutex_lock_killable+0x92/0x1c0 [ 70.043987][ T1538] kvm_vcpu_ioctl+0x96f/0xee0 [ 70.044008][ T1538] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 70.044028][ T1538] ? __cfi_vfs_write+0x10/0x10 [ 70.044048][ T1538] ? __kasan_check_write+0x18/0x20 [ 70.044072][ T1538] ? mutex_unlock+0x8b/0x240 [ 70.044095][ T1538] ? __cfi_mutex_unlock+0x10/0x10 [ 70.044135][ T1538] ? __fget_files+0x2c5/0x340 [ 70.044160][ T1538] ? __fget_files+0x2c5/0x340 [ 70.044183][ T1538] ? bpf_lsm_file_ioctl+0xd/0x20 [ 70.044209][ T1538] ? security_file_ioctl+0x34/0xd0 [ 70.044227][ T1538] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 70.044241][ T1538] __se_sys_ioctl+0x135/0x1b0 [ 70.044265][ T1538] __x64_sys_ioctl+0x7f/0xa0 [ 70.044290][ T1538] x64_sys_call+0x1878/0x2ee0 [ 70.044321][ T1538] do_syscall_64+0x58/0xf0 [ 70.044346][ T1538] ? clear_bhb_loop+0x50/0xa0 [ 70.044369][ T1538] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 70.044403][ T1538] RIP: 0033:0x7efd3c18eec9 [ 70.044422][ T1538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.044441][ T1538] RSP: 002b:00007efd3d0d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.044466][ T1538] RAX: ffffffffffffffda RBX: 00007efd3c3e5fa0 RCX: 00007efd3c18eec9 [ 70.044484][ T1538] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 70.044498][ T1538] RBP: 00007efd3d0d5090 R08: 0000000000000000 R09: 0000000000000000 [ 70.044513][ T1538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 70.044529][ T1538] R13: 00007efd3c3e6038 R14: 00007efd3c3e5fa0 R15: 00007ffccbdc5408 [ 70.044548][ T1538] [ 70.227534][ T31] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 70.333065][ T36] audit: type=1400 audit(1760063515.827:288): avc: denied { mounton } for pid=1540 comm="syz.1.474" path="/127/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 70.397209][ T1507] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 70.398029][ T1507] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:294 [ 70.405116][ T330] usb 3-1: USB disconnect, device number 10 [ 70.496803][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 70.507864][ T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 70.520772][ T31] usb 5-1: New USB device found, idVendor=091c, idProduct=8866, bcdDevice= 0.00 [ 70.530136][ T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.544615][ T31] usb 5-1: config 0 descriptor?? [ 70.550469][ T1551] 9pnet_fd: Insufficient options for proto=fd [ 70.563251][ T1533] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 70.576232][ T31] usbhid 5-1:0.0: can't add hid device: -22 [ 70.588186][ T31] usbhid 5-1:0.0: probe with driver usbhid failed with error -22 [ 70.601356][ T1555] rust_binder: Write failure EINVAL in pid:319 [ 70.638288][ T1562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 70.653165][ T1562] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 70.848302][ T1570] IPv6: A: Disabled Multicast RS [ 70.855955][ T31] usb 5-1: USB disconnect, device number 12 [ 70.875787][ T36] audit: type=1400 audit(1760063516.352:289): avc: denied { setopt } for pid=1568 comm="syz.3.485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 71.023443][ T1583] input: syz1 as /devices/virtual/input/input7 [ 71.030871][ T36] audit: type=1400 audit(1760063516.502:290): avc: denied { read } for pid=95 comm="acpid" name="event3" dev="devtmpfs" ino=488 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 71.053242][ T36] audit: type=1400 audit(1760063516.502:291): avc: denied { open } for pid=95 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=488 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 71.076663][ T36] audit: type=1400 audit(1760063516.502:292): avc: denied { ioctl } for pid=95 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=488 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 71.417337][ T1588] FAULT_INJECTION: forcing a failure. [ 71.417337][ T1588] name failslab, interval 1, probability 0, space 0, times 0 [ 71.430122][ T1588] CPU: 1 UID: 0 PID: 1588 Comm: syz.4.493 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627 [ 71.430160][ T1588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 71.430176][ T1588] Call Trace: [ 71.430182][ T1588] [ 71.430189][ T1588] __dump_stack+0x21/0x30 [ 71.430216][ T1588] dump_stack_lvl+0x10c/0x190 [ 71.430238][ T1588] ? __cfi_dump_stack_lvl+0x10/0x10 [ 71.430263][ T1588] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 71.430286][ T1588] ? __set_cpus_allowed_ptr_locked+0x6e6/0x11e0 [ 71.430305][ T1588] dump_stack+0x19/0x20 [ 71.430326][ T1588] should_fail_ex+0x3d9/0x530 [ 71.430342][ T1588] should_failslab+0xac/0x100 [ 71.430361][ T1588] __kmalloc_node_noprof+0x6c/0x520 [ 71.430377][ T1588] ? __kvmalloc_node_noprof+0x11d/0x300 [ 71.430401][ T1588] ? timer_update_keys+0xd0/0xd0 [ 71.430418][ T1588] ? kasan_save_track+0x4f/0x80 [ 71.430435][ T1588] __kvmalloc_node_noprof+0x11d/0x300 [ 71.430459][ T1588] ? __cfi___kvmalloc_node_noprof+0x10/0x10 [ 71.430485][ T1588] ? __kasan_check_write+0x18/0x20 [ 71.430509][ T1588] ? enqueue_timer+0x1a4/0x480 [ 71.430525][ T1588] __kvm_mmu_topup_memory_cache+0x5f0/0x860 [ 71.430551][ T1588] ? mutex_unlock+0x8b/0x240 [ 71.430575][ T1588] ? __cfi_mutex_unlock+0x10/0x10 [ 71.430599][ T1588] kvm_mmu_topup_memory_cache+0x24/0x30 [ 71.430623][ T1588] kvm_mmu_load+0xa2/0x28a0 [ 71.430643][ T1588] ? kvm_hv_setup_tsc_page+0x5ee/0xa70 [ 71.430666][ T1588] ? kvm_apic_has_interrupt+0x79b/0x7b0 [ 71.430689][ T1588] vcpu_run+0x4d2d/0x7830 [ 71.430721][ T1588] ? signal_pending+0xc0/0xc0 [ 71.430741][ T1588] ? __kasan_check_write+0x18/0x20 [ 71.430765][ T1588] ? xfd_validate_state+0x68/0x150 [ 71.430787][ T1588] ? vmx_set_nmi_mask+0x13f/0x2a0 [ 71.430809][ T1588] ? __kasan_check_write+0x18/0x20 [ 71.430833][ T1588] ? kvm_vcpu_ioctl_x86_set_vcpu_events+0xc80/0x13c0 [ 71.430852][ T1588] kvm_arch_vcpu_ioctl_run+0x101a/0x1aa0 [ 71.430875][ T1588] ? __cfi_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 71.430896][ T1588] ? kstrtoull+0x13b/0x1e0 [ 71.430921][ T1588] ? kstrtouint+0x78/0xf0 [ 71.430935][ T1588] ? ioctl_has_perm+0x1aa/0x4d0 [ 71.430954][ T1588] ? __asan_memcpy+0x5a/0x80 [ 71.430969][ T1588] ? ioctl_has_perm+0x3e0/0x4d0 [ 71.430988][ T1588] ? has_cap_mac_admin+0xd0/0xd0 [ 71.431016][ T1588] ? __kasan_check_write+0x18/0x20 [ 71.431039][ T1588] ? mutex_lock_killable+0x92/0x1c0 [ 71.431066][ T1588] kvm_vcpu_ioctl+0x96f/0xee0 [ 71.431080][ T1588] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 71.431095][ T1588] ? __cfi_vfs_write+0x10/0x10 [ 71.431112][ T1588] ? __kasan_check_write+0x18/0x20 [ 71.431146][ T1588] ? mutex_unlock+0x8b/0x240 [ 71.431179][ T1588] ? __cfi_mutex_unlock+0x10/0x10 [ 71.431205][ T1588] ? __fget_files+0x2c5/0x340 [ 71.431224][ T1588] ? __fget_files+0x2c5/0x340 [ 71.431241][ T1588] ? bpf_lsm_file_ioctl+0xd/0x20 [ 71.431265][ T1588] ? security_file_ioctl+0x34/0xd0 [ 71.431282][ T1588] ? __cfi_kvm_vcpu_ioctl+0x10/0x10 [ 71.431296][ T1588] __se_sys_ioctl+0x135/0x1b0 [ 71.431314][ T1588] __x64_sys_ioctl+0x7f/0xa0 [ 71.431331][ T1588] x64_sys_call+0x1878/0x2ee0 [ 71.431355][ T1588] do_syscall_64+0x58/0xf0 [ 71.431374][ T1588] ? clear_bhb_loop+0x50/0xa0 [ 71.431390][ T1588] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 71.431416][ T1588] RIP: 0033:0x7fb0a3b8eec9 [ 71.431430][ T1588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 71.431445][ T1588] RSP: 002b:00007fb0a4997038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 71.431463][ T1588] RAX: ffffffffffffffda RBX: 00007fb0a3de5fa0 RCX: 00007fb0a3b8eec9 [ 71.431477][ T1588] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 71.431487][ T1588] RBP: 00007fb0a4997090 R08: 0000000000000000 R09: 0000000000000000 [ 71.431498][ T1588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 71.431508][ T1588] R13: 00007fb0a3de6038 R14: 00007fb0a3de5fa0 R15: 00007ffc26c41888 [ 71.431522][ T1588] [ 71.825120][ T1591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.834301][ T1591] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.851888][ T1591] kvm: emulating exchange as write [ 71.859260][ T1591] ------------[ cut here ]------------ [ 71.864806][ T1591] WARNING: CPU: 0 PID: 1591 at mm/page_alloc.c:5228 __alloc_pages_noprof+0xe8/0x7b0 [ 71.874277][ T1591] Modules linked in: [ 71.878181][ T1591] CPU: 0 UID: 0 PID: 1591 Comm: syz.3.494 Not tainted syzkaller #0 2560a8339b7509d4724a30b62cb6e32ef3b21627 [ 71.889674][ T1591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 71.899795][ T1591] RIP: 0010:__alloc_pages_noprof+0xe8/0x7b0 [ 71.905755][ T1591] Code: 00 0f 1f 44 00 00 83 fb 0b 72 28 b8 00 20 00 00 23 44 24 40 75 1d 80 3d a2 1f ee 05 00 0f 85 be 00 00 00 c6 05 95 1f ee 05 01 <0f> 0b 31 c0 e9 b0 00 00 00 83 fb 0a 0f 87 a5 00 00 00 44 8b 64 24 [ 71.925589][ T1591] RSP: 0018:ffffc90008d3f540 EFLAGS: 00010246 [ 71.931701][ T1591] RAX: 0000000000000000 RBX: 0000000000000016 RCX: 0000000000000000 [ 71.939995][ T1591] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90008d3f5f8 [ 71.948066][ T1591] RBP: ffffc90008d3f680 R08: ffffc90008d3f5f7 R09: 0000000000000000 [ 71.956142][ T1591] R10: ffffc90008d3f5e0 R11: fffff520011a7ebf R12: ffffc90008d3f580 [ 71.964167][ T1591] R13: dffffc0000000000 R14: 1ffff920011a7eac R15: 0000000000000000 [ 71.972239][ T1591] FS: 00007efd3d0d56c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 71.981277][ T1591] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 71.987966][ T1591] CR2: 0000000000000000 CR3: 000000011dbba000 CR4: 00000000003526b0 [ 71.995981][ T1591] Call Trace: [ 71.999330][ T1591] [ 72.002286][ T1591] ? vfs_write+0x3c0/0xf30 [ 72.006744][ T1591] ? ksys_write+0x141/0x250 [ 72.011320][ T1591] ? x64_sys_call+0x271c/0x2ee0 [ 72.016230][ T1591] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 72.022088][ T1591] ? hashtab_init+0xdb/0x1f0 [ 72.026903][ T1591] ___kmalloc_large_node+0x81/0x220 [ 72.032180][ T1591] ? hashtab_init+0xdb/0x1f0 [ 72.036826][ T1591] __kmalloc_large_node_noprof+0x1e/0xe0 [ 72.042546][ T1591] ? hashtab_init+0xdb/0x1f0 [ 72.047179][ T1591] __kmalloc_noprof+0x336/0x530 [ 72.052118][ T1591] ? kasan_save_alloc_info+0x40/0x50 [ 72.057465][ T1591] hashtab_init+0xdb/0x1f0 [ 72.061937][ T1591] ? class_read+0x162/0x8a0 [ 72.066536][ T1591] symtab_init+0x44/0x70 [ 72.070820][ T1591] class_read+0x1df/0x8a0 [ 72.075243][ T1591] ? hashtab_init+0xdb/0x1f0 [ 72.079881][ T1591] ? __cfi_class_read+0x10/0x10 [ 72.084873][ T1591] ? hashtab_init+0x105/0x1f0 [ 72.089598][ T1591] policydb_read+0xaa8/0x28c0 [ 72.094355][ T1591] ? __kasan_kmalloc+0x96/0xb0 [ 72.099166][ T1591] ? __cfi_policydb_read+0x10/0x10 [ 72.104351][ T1591] ? security_load_policy+0x128/0x12f0 [ 72.109922][ T1591] security_load_policy+0x162/0x12f0 [ 72.115261][ T1591] ? avc_has_perm_noaudit+0x286/0x360 [ 72.120747][ T1591] ? _raw_spin_unlock+0x45/0x60 [ 72.125655][ T1591] ? __check_object_size+0x50a/0x810 [ 72.131122][ T1591] ? __cfi_security_load_policy+0x10/0x10 [ 72.136894][ T1591] ? __kasan_check_write+0x18/0x20 [ 72.142089][ T1591] sel_write_load+0x298/0x5e0 [ 72.146779][ T1591] ? __cfi_sel_write_load+0x10/0x10 [ 72.152031][ T1591] ? bpf_lsm_file_permission+0xd/0x20 [ 72.157449][ T1591] ? __cfi_sel_write_load+0x10/0x10 [ 72.162725][ T1591] vfs_write+0x3c0/0xf30 [ 72.166999][ T1591] ? __cfi_vfs_write+0x10/0x10 [ 72.171816][ T1591] ? __kasan_check_write+0x18/0x20 [ 72.177061][ T1591] ? mutex_lock+0x92/0x1c0 [ 72.181540][ T1591] ? __cfi_mutex_lock+0x10/0x10 [ 72.186431][ T1591] ? __fget_files+0x2c5/0x340 [ 72.191159][ T1591] ksys_write+0x141/0x250 [ 72.195526][ T1591] ? xfd_validate_state+0x68/0x150 [ 72.200665][ T1591] ? __cfi_ksys_write+0x10/0x10 [ 72.205582][ T1591] ? __kasan_check_write+0x18/0x20 [ 72.210739][ T1591] ? fpregs_restore_userregs+0x11d/0x260 [ 72.216429][ T1591] __x64_sys_write+0x7f/0x90 [ 72.221052][ T1591] x64_sys_call+0x271c/0x2ee0 [ 72.225799][ T1591] do_syscall_64+0x58/0xf0 [ 72.230280][ T1591] ? clear_bhb_loop+0x50/0xa0 [ 72.235100][ T1591] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 72.241046][ T1591] RIP: 0033:0x7efd3c18eec9 [ 72.245695][ T1591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.265408][ T1591] RSP: 002b:00007efd3d0d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 72.273855][ T1591] RAX: ffffffffffffffda RBX: 00007efd3c3e5fa0 RCX: 00007efd3c18eec9 [ 72.281909][ T1591] RDX: 0000000000000065 RSI: 0000200000000280 RDI: 000000000000000a [ 72.290013][ T1591] RBP: 00007efd3c211f91 R08: 0000000000000000 R09: 0000000000000000 [ 72.298043][ T1591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 72.306043][ T1591] R13: 00007efd3c3e6038 R14: 00007efd3c3e5fa0 R15: 00007ffccbdc5408 [ 72.314104][ T1591] [ 72.317149][ T1591] ---[ end trace 0000000000000000 ]--- [ 72.323805][ T1591] SELinux: failed to load policy