last executing test programs: 1m3.734413952s ago: executing program 0 (id=1799): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002b00)=ANY=[@ANYBLOB="b01100001900010000000000fcdbdf2500000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200002000000000", @ANYRES32, @ANYRES32=0x0, @ANYBLOB="00000000000000000400000000000000000000000000000000000000000000f50300000000000000020000000000000000000000000000200104000000000000000000000000000002000000000000000300000000200000000000000000000000000000000000000100000000000000440005007f000001000000000000000000000000000000042b0000000a"], 0x11b0}, 0x1, 0x0, 0x0, 0x20048000}, 0x0) 1m3.734131981s ago: executing program 0 (id=1800): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) r3 = getpid() (async) r4 = getpid() (async) r5 = memfd_secret(0x80000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r5, 0x0) ftruncate(r5, 0x3) (async) openat(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', 0x103041, 0x80) (async) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x32, 0xffffffffffffffff, 0x2ec37000) (async) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) (async) r6 = epoll_create(0x9) (async) r7 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) kcmp$KCMP_EPOLL_TFD(r3, r4, 0x7, r0, &(0x7f0000000080)={r6, r7, 0x5}) (async) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_GET_EXTENDED_ERROR(r8, 0xc00c6211, 0x0) (async) ioctl$KVM_SET_XCRS(r2, 0x4188aea7, &(0x7f0000000100)={0x0, 0x4}) (async) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000400)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x5, 0x0, &(0x7f0000000500)="7da3644468"}) 1m3.694112592s ago: executing program 0 (id=1801): mremap(&(0x7f0000ff6000/0x4000)=nil, 0x3000, 0x3000, 0x0, &(0x7f0000ffd000/0x3000)=nil) r0 = socket$netlink(0x10, 0x3, 0xa) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000e00)={0x2c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xa, 0x11}}}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$netlink(0x10, 0x3, 0xf) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r2) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r3, 0x80083314, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c0002800500010084"], 0x64}}, 0x0) 1m3.548459834s ago: executing program 0 (id=1805): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000500)='./file1/file0\x00', 0x0, 0x201008, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000001180)='./bus\x00') r0 = syz_open_dev$loop(&(0x7f0000000100), 0x80000006, 0x48002) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000000000000000001200", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 1m3.462148736s ago: executing program 0 (id=1810): r0 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000100)={'fscrypt:', @desc2}, &(0x7f0000000140)={0x0, "7af9c2add30c3b0d788d9a94b0731ab8d4a8502c36822594c41a3a588f9ea10f4ea91dff6ece7b715bd30d75c5da8c5c4dada466bf73ee60295d1d133135d5c7", 0x14}, 0x48, 0xfffffffffffffffe) add_key$fscrypt_provisioning(&(0x7f0000000000), 0x0, 0x0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000140)=ANY=[@ANYBLOB="01000000000005050000000000009d07000000000000"]) keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x1) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f00000001c0)=@ccm_128={{0x303}, "e2455270ca32f823", "d9d34dd180c59cf225504907a6e24c3d", "96f36c9e", "5dfd234d3d1d207f"}, 0x28) writev(r1, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) close(r1) r5 = syz_open_dev$usbfs(0x0, 0xf, 0x8041) ioctl$USBDEVFS_RELEASEINTERFACE(r5, 0x80045510, &(0x7f0000000100)=0x165) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000780)=ANY=[@ANYBLOB="380100002100010000000000fefffffffc020000000000000000000000000000fc02000000000000000000000000000000000000000000000a00000084000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000e8001100ac140700000000000000000000000000fc000000000000000000000000000001fc020000000000000000000000000000fe8000000000000000000000000000aaff7f00000000000002000a00ac1414aa000000000000000000000000fe8000000000000000000000000000aa00000000000000000000000000000000ac1e0001000000000000000000000000ff040000003500000a00080000000000000000000000ffff7f000001fc02000000000000000000000000000064010102000000000000000000000000fc0200000000000000000000000000003c000000000000000800020047bd775504a517073403d06b57cb258465783676f656d128fde7449a2ad9d3903736ecc43107fbc77e319194a3c835cd549f301cc9139ea2db62e0ad33a1c1fbbd7a635b058a9fc822d174f2a0aed1efe1de062f513c7616a451158ef64bab06"], 0x138}}, 0x0) 1m3.456866456s ago: executing program 0 (id=1812): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe8000000000000000000000000000bbff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000010000000000000000000320000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000af0000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000000000000000000000000000000000000000000000004c001400636d61632861657329"], 0x1a0}}, 0x0) 1m3.421134537s ago: executing program 32 (id=1812): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe8000000000000000000000000000bbff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000010000000000000000000320000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000af0000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017000000000000000000000000000000000000000000000000004c001400636d61632861657329"], 0x1a0}}, 0x0) 1.514861977s ago: executing program 2 (id=2730): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x486601, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)=""/163, &(0x7f00000001c0)=""/133, &(0x7f0000000280)=""/139, 0xeeee0000}) socket$vsock_stream(0x28, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r0, 0x45809000) mprotect(&(0x7f00001df000/0x4000)=nil, 0x4000, 0x1) read(r0, &(0x7f0000000040)=""/106, 0x6a) 1.438426218s ago: executing program 2 (id=2731): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = epoll_create1(0x0) r2 = creat(&(0x7f00000001c0)='./bus\x00', 0x11f) close(r2) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r2) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c0002800500010084"], 0x64}}, 0x0) 1.410341758s ago: executing program 2 (id=2733): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r1 = socket$pptp(0x18, 0x1, 0x2) connect$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x3, @broadcast}}, 0x1e) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom1\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x54, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000200)={@ptr={0x70742a85, 0x0, &(0x7f0000000100)=""/41, 0x29, 0x0, 0x11}, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/7, 0x7, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x28, 0x40}}, 0x10}, @release={0x40046306, 0x3}], 0x5a, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948409bc69ce5464f37"}) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10) r4 = dup(r3) sendmsg$inet(r4, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000000)="be39", 0xffeb}], 0x1, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}], 0xf}, 0x0) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000380), 0xffffffffffffffff) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) sendto$packet(r6, &(0x7f0000000080)="18", 0x10, 0x0, &(0x7f00000000c0)={0x11, 0xc, r7, 0x1, 0x0, 0x6, @multicast}, 0x14) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'lo\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000540)={&(0x7f0000000400)={0x140, r5, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_OURS={0xe8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0xb4, 0x3, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x17, 0x2, './binderfs/binder1\x00'}]}, {0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x17, 0x2, './binderfs/binder1\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x17, 0x2, './binderfs/binder1\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x17, 0x2, './binderfs/binder1\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x12b5}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, ':%&/\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80000000}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_BITS={0x24, 0x3, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x17, 0x2, './binderfs/binder0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x3}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x2}, @ETHTOOL_A_LINKMODES_LANES={0x8}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x2}, @ETHTOOL_A_LINKMODES_HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0xffffff00}]}, 0x140}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) socket$pptp(0x18, 0x1, 0x2) (async) connect$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x3, @broadcast}}, 0x1e) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/custom1\x00', 0x802, 0x0) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x54, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000200)={@ptr={0x70742a85, 0x0, &(0x7f0000000100)=""/41, 0x29, 0x0, 0x11}, @fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/7, 0x7, 0x0, 0x31}}, &(0x7f0000000280)={0x0, 0x28, 0x40}}, 0x10}, @release={0x40046306, 0x3}], 0x5a, 0x0, &(0x7f00000002c0)="1920ff09471b1099c7961fdcc405843a41a786d3ed8ebe8e80e4b4144e1cf51c728b926c80eb2a8e4f6b2dab5b6ac95dd16066dc703442a9132a8dd210e45df98d795a638622681df1cb222612051f612948409bc69ce5464f37"}) (async) socket$inet_icmp_raw(0x2, 0x3, 0x1) (async) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10) (async) dup(r3) (async) sendmsg$inet(r4, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000000)="be39", 0xffeb}], 0x1, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}], 0xf}, 0x0) (async) syz_genetlink_get_family_id$ethtool(&(0x7f0000000380), 0xffffffffffffffff) (async) socket$packet(0x11, 0x2, 0x300) (async) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000200)={'vcan0\x00'}) (async) sendto$packet(r6, &(0x7f0000000080)="18", 0x10, 0x0, &(0x7f00000000c0)={0x11, 0xc, r7, 0x1, 0x0, 0x6, @multicast}, 0x14) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'lo\x00'}) (async) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f0000000580)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000540)={&(0x7f0000000400)={0x140, r5, 0x200, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_OURS={0xe8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0xb4, 0x3, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x17, 0x2, './binderfs/binder1\x00'}]}, {0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x17, 0x2, './binderfs/binder1\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x17, 0x2, './binderfs/binder1\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x17, 0x2, './binderfs/binder1\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x12b5}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, ':%&/\x00'}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80000000}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_BITS={0x24, 0x3, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x17, 0x2, './binderfs/binder0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x3}]}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x2}, @ETHTOOL_A_LINKMODES_LANES={0x8}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x2}, @ETHTOOL_A_LINKMODES_HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0xffffff00}]}, 0x140}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) (async) 1.243934741s ago: executing program 2 (id=2740): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') read$FUSE(r1, &(0x7f0000000640)={0x2020}, 0x2020) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000002c0), 0x10, 0x0) r5 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) r6 = socket(0x10, 0x803, 0x0) sendto(r6, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r6, &(0x7f0000009800)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000002180)=""/4096, 0x1000}, {&(0x7f0000003180)=""/177, 0xb1}, {&(0x7f0000003240)=""/106, 0x6a}, {&(0x7f0000000780)=""/18, 0x12}, {&(0x7f00000032c0)=""/246, 0xf6}, {&(0x7f00000033c0)=""/231, 0xe7}, {&(0x7f00000034c0)=""/211, 0xd3}, {&(0x7f00000035c0)=""/76, 0x4c}], 0x8}, 0x81}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x1ff}], 0x7, 0x2100, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x12, r5, 0x7d23000) read(r4, &(0x7f0000000440)=""/72, 0x87) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0xfffffffffffffffe) ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000006005000000080000fffffffff8bf720629fa4e7bbb0b3ef105c2cc5582b4fa6729504d43fc56ef055506ab9655353e03a030e02c7669"]) r9 = ioctl$KVM_CREATE_VCPU(r3, 0xaece, 0x2) preadv(r9, &(0x7f0000000280)=[{&(0x7f00000031c0)=""/154, 0x9a}], 0x1, 0x3a, 0xfffffffc) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000140)={0x5, 0x0, 0x6000, 0x1000, &(0x7f00004cf000/0x1000)=nil}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"}) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r10, &(0x7f0000000200)=ANY=[@ANYRESDEC=r10], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r10, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) 729.516739ms ago: executing program 3 (id=2748): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000014c0)=ANY=[@ANYBLOB="a0010000100001000000000000000000fe8000000000000000000000000000bbff01000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000320000000000000000000000000002000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000af0000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c0017"], 0x1a0}}, 0x0) 685.942369ms ago: executing program 3 (id=2750): openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x202, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000040)) ppoll(&(0x7f0000000000)=[{r2, 0x2201}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x48, 0x0, 0x0) socket$nl_audit(0x10, 0x3, 0x9) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000640)=0x4) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xf9, 0x3, 0xd5, '\x00', 0x8}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 650.15928ms ago: executing program 4 (id=2753): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0xb03cdf087638818c, 0x3}) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000093c0), 0x0, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000009400)={0x20000000, 0x0, {0x0, 0xfffe, 0x9, {0x0, 0x200}, {}, @const={0x81, {0x5, 0x2004, 0x3, 0x6}}}, {0x57, 0x8, 0x0, {0xfff9, 0x2}, {0x2, 0x82}, @rumble}}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x80, 0x0, &(0x7f0000000340)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000140)={@ptr={0x70742a85, 0x0, &(0x7f0000000000)=""/186, 0xba, 0x2, 0x36}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/208, 0xd0, 0x0, 0x39}, @fd={0x66642a85, 0x0, r2}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}}, @decrefs, @clear_death={0x400c630f, 0x3}, @dead_binder_done, @acquire={0x40046305, 0x1}, @acquire={0x40046305, 0x3}], 0x0, 0x0, 0x0}) 584.497971ms ago: executing program 3 (id=2754): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_INIT(r0, 0x0, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x4020aeb2, 0x0) syz_fuse_handle_req(r0, &(0x7f00000067c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000080100", 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 537.967072ms ago: executing program 3 (id=2757): r0 = userfaultfd(0x80801) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000140)={0x0, 0x4, 0x9, 0x7fffffff, 0x7}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x29}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000140)={&(0x7f0000564000/0x4000)=nil, 0x4000}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x1c, 0x1, 0x4, 0x101, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFULA_CFG_CMD={0x5, 0x1, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2}, 0x400c800) r2 = socket$pptp(0x18, 0x1, 0x2) accept(r2, 0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="f80000002100010000000000fefffffffc020000000000000000000000000000fc02000000000000000000000000000000000000000000000a00000084000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b66b6e0003000000500011"], 0xf8}}, 0x0) 534.438791ms ago: executing program 1 (id=2759): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) inotify_add_watch(0xffffffffffffffff, 0x0, 0x81000010) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000200)={0x73622a85, 0x1081, 0x200000000000}) (async) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x6) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) setuid(0xee00) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000001640)) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) (async) ioctl$KVM_CAP_DISABLE_QUIRKS(0xffffffffffffffff, 0x4068aea3, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) fcntl$lock(r2, 0x5, &(0x7f0000000000)={0x0, 0x1, 0x9, 0x8}) (async) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) recvmmsg(r3, &(0x7f0000004cc0)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x2043, 0x0) r4 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0xa6, &(0x7f0000000000)=[{0x9, 0x480000000000000, 0x7}, {0xe9, 0x1000, 0x63}, {0x7fffffffffffffff, 0x0, 0x2000000000000000}], 0x3, 0xb, 0x10, 0x3a, 0x23, 0x2}) (async) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0xffffffffffffffe1, 0x0, 0x0, 0x0}, 0x10}], 0x0, 0x0, 0x0}) 533.991962ms ago: executing program 4 (id=2760): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000900)={0x34, r4, 0x1, 0x0, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}]}, 0x34}}, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r2, 0x11a, 0x1d, 0x0, 0x0) r5 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x1084008, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB="2c756e616d653d5c2c756e616d653d402a2c63616368653d6c6f6f73652c646972656374696f2c63616368653d6c6f6f73652c63616368653d6c6f6f73652c706f73697861636c2c667363616368652c646566636f6e746578743d73746166665f752c000270c008510c0fb1d2862aa6c8b932cf136fc1fdae305269b194912a8516086e329623f9fb245ef6d8994da2fad415f13cf47bef07f8308858410ff4393c111f3065c0cbedab648b1bb1136751c9d7df5d8a0ed97e8561ef808d3fe6a5718aa1ebc75452dbcd4739b43ba2751c99ecfc6a8918"]) sendmsg$inet(r5, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000000)="be39", 0x2}], 0x1, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private=0x1}}}], 0x20}, 0x0) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r7 = dup(r6) accept$inet(r7, 0x0, 0x0) getdents64(r5, &(0x7f00000001c0)=""/181, 0xb5) syz_clone(0x100000, &(0x7f00000004c0)="27815cead335a0ea63905d18c691e46a8f2d841b336d37387ddfa98136466e07cd8d974fb7e90d21dff2e699dda438d9d07092c42456691d0e527e8945d4be93889532ddd42f73ec803f10d9b2a871713a233aba81b1cd9005a8719e195e0c8921078c9b521bb81769af404866b08cc96b32fd1698197fa86f97c9c68dde7472829dd2bbdda1577896a78ea0b88940fac8991d365800488462872ea4bdcfd535570b977a18065a964377", 0xaa, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000580)="ddf1ece4") ioctl$TUNSETQUEUE(r5, 0x400454d9, &(0x7f0000000000)={'ip_vti0\x00', 0x400}) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000f00)=ANY=[@ANYBLOB="200200001a0013070000000000000000fe880000000000000000000000000001ffffffff00"/64, @ANYRES32=0x0, @ANYRES32, @ANYRES32=0x0], 0x220}}, 0x0) 520.389752ms ago: executing program 1 (id=2761): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002b00)=ANY=[@ANYBLOB="b01100001900010000000000fcdbdf2500000000000000000000000000000000fe8000000000000000000000000000bb00000000000000000200002000000000", @ANYRES32, @ANYRES32=0x0, @ANYBLOB="00000000000000000400000000000000000000000000000000000000000000f50300000000000000020000000000000000000000000000000104000000000000000000000000002002000000000000000300000000200000000000000000000000000000000000000100000000000000440005007f000001000000000000000000000000000000042b0000000a000000fe8000000000000000000000000000aa0000000004000b000000000000000000000000000c1008000810080000810010"], 0x11b0}, 0x1, 0x0, 0x0, 0x20048000}, 0x0) 458.345043ms ago: executing program 3 (id=2762): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCSIFBR(r4, 0x8941, &(0x7f0000000a40)=@add_del={0x7ffffffe, 0x0}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xffff1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) 458.141713ms ago: executing program 1 (id=2763): openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x202, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000040)) ppoll(&(0x7f0000000000)=[{r2, 0x2201}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x48, 0x0, 0x0) socket$nl_audit(0x10, 0x3, 0x9) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f0000000640)=0x4) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xf9, 0x3, 0xd5, '\x00', 0x8}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 457.923703ms ago: executing program 4 (id=2764): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000500)='./file1/file0\x00', 0x0, 0x201008, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000001180)='./bus\x00') r0 = syz_open_dev$loop(&(0x7f0000000100), 0x80000006, 0x48002) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000000000001400", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 441.101053ms ago: executing program 3 (id=2765): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_pidfd_open(r0, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x8100) sendmmsg$unix(r3, &(0x7f00000bd000), 0x0, 0x0) process_madvise(r1, 0x0, 0x0, 0x14, 0x0) 433.840643ms ago: executing program 4 (id=2766): futex(0x0, 0x1, 0x4000000, 0x0, 0x0, 0x0) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB='max=00000000000000000000001,stats']) 85.801058ms ago: executing program 4 (id=2767): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000f00)=ANY=[@ANYBLOB="200200001a0013070000000000000000fe880000000000000000000000000001ffffffff00"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8000000000000000000000000000aa000000003300000000000000000000000000ffffac14143900000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fdffffff0000000000000000fe3400000200000000000000000000002f011400736861310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001807000080"], 0x220}}, 0x0) (fail_nth: 9) 76.235239ms ago: executing program 1 (id=2768): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="04010000110007000000000000000000ff020000000000000000000000000001e0000002000000000000000000"], 0x104}, 0x1, 0x0, 0x0, 0x6c}, 0x0) 68.367649ms ago: executing program 4 (id=2769): ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) lseek(r1, 0x7fffffffffffffff, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffffffffffb) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) r2 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) mmap(&(0x7f0000fec000/0x4000)=nil, 0x4000, 0x0, 0x13, r2, 0x0) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r2, 0x0) openat$selinux_status(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) mmap(&(0x7f0000ff4000/0x4000)=nil, 0x4000, 0x300000e, 0x810, r3, 0xd1383000) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000007, 0x13, r0, 0x0) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r0, 0x0) 6.31485ms ago: executing program 1 (id=2770): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000800)=ANY=[@ANYBLOB="08010000160001000000000000000000fe880000000000000000000000000101ffffffff00000000000000000000000000000000000000010000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000006c", @ANYRES32, @ANYRESHEX, @ANYRES64=r0, @ANYBLOB="3b0d07ea773e3ed72c6bab341f42d799c925b9bb20a54b83b69d0140ef3f2b6f2745c0eccf98a24d21529850aa9be8483f38bb9542b111795ed26e08bc995588c95d6bbc0cb358d796daa1ee00ecc54d34e7e30ea8061874f2a5308baf092ebfa936e7"], 0x108}, 0x1, 0x0, 0x0, 0x1}, 0x0) 5.99897ms ago: executing program 2 (id=2771): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="f80000002100010000000000fefffffffc020000000000000000030000000000fc02000000000000000000000000000000000000000000000200000084000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b66b6e0000000000500011"], 0xf8}}, 0x0) 2.1427ms ago: executing program 1 (id=2772): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x9cc6d000) r1 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0xfffffffffffffffe) mmap$KVM_VCPU(&(0x7f0000ff9000/0x3000)=nil, 0x930, 0xe, 0x2012, r3, 0x6000) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2, 0x4052, r4, 0x0) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x1, 0x840000000000a132, 0xffffffffffffffff, 0x1000) r5 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000215000/0x1000)=nil, 0x1000, 0x0, 0x6011, r6, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000007, 0x13, r5, 0x0) 0s ago: executing program 2 (id=2773): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000058c0)=ANY=[@ANYBLOB="fc01000013000100000000000000000000000000000000010000000000000001fc0200000000000000000000000000014e24000d040000090a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000010000000000000000000000000000000000000000ffffffffffffffff00000000000000000300000000000000090000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000feffffff00000000000000000000000044010500e0000002000000000000000000000000000004d632"], 0x1fc}, 0x1, 0x0, 0x0, 0x11}, 0x0) kernel console output (not intermixed with test programs): do_syscall_64+0x58/0xf0 [ 116.473399][ T5131] ? clear_bhb_loop+0x35/0x90 [ 116.473431][ T5131] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 116.473464][ T5131] RIP: 0033:0x7f511938e929 [ 116.473481][ T5131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 116.473500][ T5131] RSP: 002b:00007f511a18c038 EFLAGS: 00000246 [ 116.473520][ T5131] RAX: fffffffffffffffc RBX: 00007f51195b5fa0 RCX: 00007f511938e929 [ 116.473538][ T5131] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000005 [ 116.473552][ T5131] RBP: 00007f511a18c090 R08: fffffffffffffffd R09: 0000000000000000 [ 116.473568][ T5131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 116.473582][ T5131] R13: 0000000000000000 R14: 00007f51195b5fa0 R15: 00007ffd9a770fa8 [ 116.473600][ T5131] [ 116.555124][ T45] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 116.735436][ T5144] binder: Unknown parameter '' [ 116.777552][ T5157] binder: Unknown parameter 'context' [ 116.844037][ T5165] x_tables: duplicate underflow at hook 2 [ 116.876886][ T45] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.888131][ T45] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.898019][ T45] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 116.910976][ T45] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 116.920172][ T45] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.929124][ T45] usb 5-1: config 0 descriptor?? [ 117.025532][ T398] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 117.111026][ T10] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 117.187075][ T398] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1023 [ 117.197356][ T398] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 117.212433][ T398] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 117.221561][ T398] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 117.229636][ T398] usb 2-1: SerialNumber: syz [ 117.235387][ T5155] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 117.250009][ T10] usb 4-1: device descriptor read/64, error -71 [ 117.365198][ T45] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 117.374813][ T45] plantronics 0003:047F:FFFF.0013: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 117.457139][ T5155] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 117.506612][ T10] usb 4-1: device descriptor read/64, error -71 [ 117.690235][ T5201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.699200][ T5201] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.763159][ T10] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 117.820039][ T5202] usb usb8: usbfs: process 5202 (syz.4.1911) did not claim interface 0 before use [ 117.893034][ T398] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 117.902112][ T10] usb 4-1: device descriptor read/64, error -71 [ 118.054768][ T36] kauditd_printk_skb: 29 callbacks suppressed [ 118.054787][ T36] audit: type=1326 audit(1750495777.709:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5196 comm="syz.2.1944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f511932ab19 code=0x7fc00000 [ 118.108284][ T5155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.117546][ T5155] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 118.127478][ T5155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.136247][ T5155] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 118.150366][ T5155] rust_binder: Write failure EINVAL in pid:1089 [ 118.150947][ T552] usb 2-1: USB disconnect, device number 23 [ 118.172913][ T10] usb 4-1: device descriptor read/64, error -71 [ 118.274129][ T5217] rust_binder: Error while translating object. [ 118.274166][ T5217] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 118.280440][ T5217] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1261 [ 118.289919][ T10] usb usb4-port1: attempt power cycle [ 118.526205][ T36] audit: type=1326 audit(1750495778.149:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5224 comm="syz.2.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f511938e929 code=0x7fc00000 [ 118.661973][ T10] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 118.683814][ T10] usb 4-1: device descriptor read/8, error -71 [ 118.758765][ T5231] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 118.767306][ T5231] rust_binder: Write failure EINVAL in pid:1093 [ 118.767349][ T5232] rust_binder: BC_FREEZE_NOTIFICATION_DONE 0000000000000000 not found [ 118.781972][ T5232] rust_binder: Write failure EINVAL in pid:1093 [ 118.822702][ T10] usb 4-1: device descriptor read/8, error -71 [ 119.088860][ T10] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 119.099533][ T398] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 119.111228][ T10] usb 4-1: device descriptor read/8, error -71 [ 119.249944][ T36] audit: type=1326 audit(1750495778.831:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5224 comm="syz.2.1953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f511932ab19 code=0x7fc00000 [ 119.273498][ T10] usb 4-1: device descriptor read/8, error -71 [ 119.273704][ T398] usb 2-1: Using ep0 maxpacket: 16 [ 119.286526][ T398] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.297628][ T398] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 119.322397][ T398] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 119.331798][ T398] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 119.345592][ T398] usb 2-1: SerialNumber: syz [ 119.351164][ T398] usb 2-1: config 0 descriptor?? [ 119.379379][ T5243] __nla_validate_parse: 14 callbacks suppressed [ 119.379406][ T5243] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1961'. [ 119.395284][ T10] usb usb4-port1: unable to enumerate USB device [ 119.431923][ T5247] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 119.431958][ T5247] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:114 [ 119.460866][ T5249] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1964'. [ 119.464051][ T5252] 9pnet_fd: Insufficient options for proto=fd [ 119.479533][ T5253] 9pnet_fd: Insufficient options for proto=fd [ 119.520767][ T36] audit: type=1400 audit(1750495779.084:705): avc: denied { getopt } for pid=5250 comm="syz.4.1963" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 119.670767][ T36] audit: type=1326 audit(1750495779.224:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5254 comm="syz.2.1965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f511938e929 code=0x7fc00000 [ 119.869449][ T960] usb 5-1: USB disconnect, device number 2 [ 120.018878][ T960] usb 5-1: new low-speed USB device number 3 using dummy_hcd [ 120.103461][ T5259] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1966'. [ 120.168546][ T960] usb 5-1: device descriptor read/64, error -71 [ 120.394453][ T36] audit: type=1326 audit(1750495779.907:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5254 comm="syz.2.1965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f511932ab19 code=0x7fc00000 [ 120.429606][ T960] usb 5-1: device descriptor read/64, error -71 [ 120.447076][ T5269] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1970'. [ 120.576207][ T5274] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1295 [ 120.576262][ T5274] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 120.595135][ T5274] rust_binder: Read failure Err(EFAULT) in pid:1295 [ 120.630633][ T5279] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1974'. [ 120.665585][ T5281] netlink: 220 bytes leftover after parsing attributes in process `syz.3.1975'. [ 120.692365][ T960] usb 5-1: new low-speed USB device number 4 using dummy_hcd [ 120.842053][ T960] usb 5-1: device descriptor read/64, error -71 [ 120.974853][ T36] audit: type=1326 audit(1750495780.440:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5286 comm="syz.3.1978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a178e929 code=0x7fc00000 [ 121.098627][ T960] usb 5-1: device descriptor read/64, error -71 [ 121.216472][ T960] usb usb5-port1: attempt power cycle [ 121.468100][ T5293] netlink: 'syz.2.1980': attribute type 4 has an invalid length. [ 121.579726][ T960] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 121.602591][ T960] usb 5-1: device descriptor read/8, error -71 [ 121.679189][ T5311] rust_binder: Write failure EFAULT in pid:1319 [ 121.692264][ T36] audit: type=1326 audit(1750495781.114:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5286 comm="syz.3.1978" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f60a172ab19 code=0x7fc00000 [ 121.741150][ T960] usb 5-1: device descriptor read/8, error -71 [ 121.778957][ T5315] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 121.778985][ T5315] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1165 [ 121.801647][ T5319] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1989'. [ 121.846249][ T5321] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=5321 comm=syz.3.1990 [ 121.849486][ T5323] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1991'. [ 121.868358][ T5323] FAULT_INJECTION: forcing a failure. [ 121.868358][ T5323] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 121.881859][ T5323] CPU: 1 UID: 0 PID: 5323 Comm: syz.2.1991 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 121.881888][ T5323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 121.881898][ T5323] Call Trace: [ 121.881903][ T5323] [ 121.881909][ T5323] __dump_stack+0x21/0x30 [ 121.881932][ T5323] dump_stack_lvl+0x10c/0x190 [ 121.881949][ T5323] ? __cfi_dump_stack_lvl+0x10/0x10 [ 121.881980][ T5323] ? vsnprintf+0x7b4/0x1aa0 [ 121.882005][ T5323] ? __asan_memcpy+0x5a/0x80 [ 121.882027][ T5323] dump_stack+0x19/0x20 [ 121.882050][ T5323] should_fail_ex+0x3d9/0x530 [ 121.882074][ T5323] should_fail+0xf/0x20 [ 121.882094][ T5323] should_fail_usercopy+0x1e/0x30 [ 121.882121][ T5323] _copy_from_user+0x22/0xb0 [ 121.882195][ T5323] kstrtouint_from_user+0xc2/0x150 [ 121.882212][ T5323] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 121.882228][ T5323] ? selinux_file_permission+0x309/0xb30 [ 121.882251][ T5323] ? __cfi_selinux_file_permission+0x10/0x10 [ 121.882274][ T5323] proc_fail_nth_write+0x89/0x210 [ 121.882288][ T5323] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 121.882303][ T5323] ? bpf_lsm_file_permission+0xd/0x20 [ 121.882319][ T5323] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 121.882333][ T5323] vfs_write+0x3c0/0xe80 [ 121.882351][ T5323] ? __cfi_vfs_write+0x10/0x10 [ 121.882368][ T5323] ? __kasan_check_write+0x18/0x20 [ 121.882384][ T5323] ? mutex_lock+0x92/0x1c0 [ 121.882399][ T5323] ? __cfi_mutex_lock+0x10/0x10 [ 121.882412][ T5323] ? __fget_files+0x2c5/0x340 [ 121.882442][ T5323] ksys_write+0x141/0x250 [ 121.882467][ T5323] ? __cfi_ksys_write+0x10/0x10 [ 121.882493][ T5323] ? __kasan_check_read+0x15/0x20 [ 121.882509][ T5323] __x64_sys_write+0x7f/0x90 [ 121.882527][ T5323] x64_sys_call+0x271c/0x2ee0 [ 121.882546][ T5323] do_syscall_64+0x58/0xf0 [ 121.882565][ T5323] ? clear_bhb_loop+0x35/0x90 [ 121.882589][ T5323] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 121.882611][ T5323] RIP: 0033:0x7f511938d3df [ 121.882623][ T5323] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 121.882637][ T5323] RSP: 002b:00007f511a18c030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 121.882653][ T5323] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f511938d3df [ 121.882664][ T5323] RDX: 0000000000000001 RSI: 00007f511a18c0a0 RDI: 0000000000000004 [ 121.882674][ T5323] RBP: 00007f511a18c090 R08: 0000000000000000 R09: 0000000000000000 [ 121.882683][ T5323] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 121.882692][ T5323] R13: 0000000000000000 R14: 00007f51195b5fa0 R15: 00007ffd9a770fa8 [ 121.882704][ T5323] [ 121.972747][ T5328] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1170 [ 122.005701][ T5332] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 122.013544][ T5328] rust_binder: Error while translating object. [ 122.015472][ T5332] rust_binder: Error while translating object. [ 122.019695][ T5328] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 122.025240][ T5332] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 122.029401][ T960] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 122.035831][ T5332] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1331 [ 122.039052][ T5328] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1170 [ 122.089685][ T5334] geneve1: tun_chr_ioctl cmd 1074025672 [ 122.120556][ T5337] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1996'. [ 122.127280][ T5334] geneve1: ignored: set checksum enabled [ 122.139747][ T960] usb 5-1: device descriptor read/8, error -71 [ 122.144365][ T398] usbhid 2-1:0.0: can't add hid device: -71 [ 122.207129][ T36] audit: type=1400 audit(1750495781.591:710): avc: denied { read } for pid=95 comm="acpid" name="mouse0" dev="devtmpfs" ino=756 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 122.213962][ T398] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 122.232449][ T36] audit: type=1400 audit(1750495781.591:711): avc: denied { open } for pid=95 comm="acpid" path="/dev/input/mouse0" dev="devtmpfs" ino=756 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 122.239832][ T398] usb 2-1: USB disconnect, device number 24 [ 122.297167][ T960] usb 5-1: device descriptor read/8, error -71 [ 122.445740][ T960] usb usb5-port1: unable to enumerate USB device [ 122.680967][ T640] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 122.820446][ T5362] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2007'. [ 122.839929][ T5364] binder: Bad value for 'stats' [ 122.853065][ T640] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 122.863306][ T640] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 122.874295][ T5367] rust_binder: Error while translating object. [ 122.876320][ T5367] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 122.878105][ T640] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 122.886238][ T5367] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:126 [ 122.895122][ T640] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 122.918092][ T640] usb 3-1: SerialNumber: syz [ 122.924751][ T640] usb 3-1: bad CDC descriptors [ 123.140117][ T5344] rust_binder: Error while translating object. [ 123.140146][ T5344] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 123.146552][ T5344] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1336 [ 123.159641][ T960] usb 3-1: USB disconnect, device number 24 [ 123.174362][ T5377] netlink: 'syz.1.2014': attribute type 4 has an invalid length. [ 123.603585][ T36] kauditd_printk_skb: 6 callbacks suppressed [ 123.603603][ T36] audit: type=1326 audit(1750495782.900:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5390 comm="syz.1.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c8f78e929 code=0x7fc00000 [ 123.735932][ T5397] rust_binder: Write failure EINVAL in pid:1338 [ 123.811905][ T5405] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 123.818913][ T5405] rust_binder: Error while translating object. [ 123.836698][ T5405] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 123.836739][ T5405] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:134 [ 123.836946][ T5406] rust_binder: Error in use_page_slow: ESRCH [ 123.856256][ T5406] rust_binder: use_range failure ESRCH [ 123.862524][ T5406] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 123.874534][ T5406] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 123.886627][ T5406] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1340 [ 123.899943][ T36] audit: type=1400 audit(1750495783.181:719): avc: denied { map } for pid=5410 comm="syz.3.2028" path="socket:[37637]" dev="sockfs" ino=37637 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 123.953920][ T36] audit: type=1400 audit(1750495783.181:720): avc: denied { read } for pid=5410 comm="syz.3.2028" path="socket:[37637]" dev="sockfs" ino=37637 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 123.984220][ T5425] binder: Bad value for 'defcontext' [ 124.007687][ T5432] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 124.010286][ T5432] exfat: Unknown parameter 'workdir' [ 124.231412][ T36] audit: type=1326 audit(1750495783.490:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5460 comm="syz.2.2049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f511938e929 code=0x7ffc0000 [ 124.254791][ T36] audit: type=1326 audit(1750495783.490:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5460 comm="syz.2.2049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f511938e929 code=0x7ffc0000 [ 124.278551][ T36] audit: type=1326 audit(1750495783.490:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5460 comm="syz.2.2049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f511938e929 code=0x7ffc0000 [ 124.302383][ T36] audit: type=1326 audit(1750495783.499:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5460 comm="syz.2.2049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f511938e929 code=0x7ffc0000 [ 124.316519][ T960] usb 5-1: new low-speed USB device number 7 using dummy_hcd [ 124.333568][ T36] audit: type=1326 audit(1750495783.583:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5390 comm="syz.1.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f3c8f72ab19 code=0x7fc00000 [ 124.404182][ T5479] binder: Unknown parameter '#' [ 124.424986][ T62] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 124.447011][ T36] audit: type=1400 audit(1750495783.696:726): avc: denied { mounton } for pid=5478 comm="syz.2.2058" path="/560/file0" dev="tmpfs" ino=3001 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 124.447027][ T5479] fuse: Bad value for 'rootmode' [ 124.491345][ T960] usb 5-1: unable to get BOS descriptor or descriptor too short [ 124.500038][ T960] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x1 is Bulk; changing to Interrupt [ 124.510241][ T960] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x82 is Bulk; changing to Interrupt [ 124.513288][ T5482] netlink: 'syz.1.2059': attribute type 4 has an invalid length. [ 124.520237][ T960] usb 5-1: config 1 interface 0 has no altsetting 0 [ 124.545303][ T960] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 124.561667][ T960] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.578487][ T960] usb 5-1: SerialNumber: Њ [ 124.588201][ T5440] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 124.595628][ T62] usb 4-1: config 1 interface 0 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 16 [ 124.602096][ T5440] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 124.606098][ T62] usb 4-1: config 1 interface 0 altsetting 8 bulk endpoint 0x82 has invalid maxpacket 40 [ 124.633810][ T5494] rust_binder: Error while translating object. [ 124.633858][ T5494] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 124.640259][ T62] usb 4-1: config 1 interface 0 has no altsetting 0 [ 124.656455][ T5494] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1384 [ 124.670909][ T62] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 124.689466][ T62] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.691284][ T36] audit: type=1400 audit(1750495783.911:727): avc: denied { ioctl } for pid=5500 comm="syz.1.2069" path="socket:[38172]" dev="sockfs" ino=38172 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 124.699464][ T62] usb 4-1: Product: syz [ 124.727520][ T62] usb 4-1: Manufacturer: syz [ 124.732983][ T62] usb 4-1: SerialNumber: syz [ 124.739598][ T5457] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 124.748815][ T5457] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 124.841492][ T5440] binder: Unknown parameter 'dfcoPtextcRz3 [ 124.841492][ T5440] 9ë u&M [ 124.841492][ T5440] +3V{_?"vb -0a6!75~W<6Ϋ [ 124.841492][ T5440] ?cӡRReUj͸]7Z3&gܔ' [ 124.866825][ T960] usb 5-1: USB disconnect, device number 7 [ 125.187436][ T62] usblp 4-1:1.0: usblp0: USB Bidirectional printer dev 26 if 0 alt 8 proto 2 vid 0x0525 pid 0xA4A8 [ 125.201129][ T62] usb 4-1: USB disconnect, device number 26 [ 125.208308][ T62] usblp0: removed [ 125.332732][ T5530] __nla_validate_parse: 17 callbacks suppressed [ 125.332749][ T5530] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2078'. [ 125.439380][ T5537] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2081'. [ 125.674227][ T62] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 125.749313][ T10] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 125.767612][ T5546] fuse: Unknown parameter '$\{{' [ 125.834562][ T62] usb 5-1: Using ep0 maxpacket: 32 [ 125.841331][ T62] usb 5-1: config 0 has an invalid interface number: 49 but max is 0 [ 125.849920][ T62] usb 5-1: config 0 has no interface number 0 [ 125.857262][ T62] usb 5-1: config 0 interface 49 has no altsetting 0 [ 125.865522][ T62] usb 5-1: New USB device found, idVendor=0499, idProduct=500b, bcdDevice= 5.19 [ 125.874637][ T62] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.882722][ T62] usb 5-1: Product: syz [ 125.886908][ T62] usb 5-1: Manufacturer: syz [ 125.891652][ T62] usb 5-1: SerialNumber: syz [ 125.898804][ T62] usb 5-1: config 0 descriptor?? [ 125.912643][ T10] usb 3-1: Using ep0 maxpacket: 32 [ 125.912847][ T5561] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2092'. [ 125.919703][ T62] snd-usb-audio 5-1:0.49: probe with driver snd-usb-audio failed with error -2 [ 125.939953][ T10] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 125.948372][ T10] usb 3-1: config 0 has no interface number 0 [ 125.960210][ T10] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 125.971576][ T10] usb 3-1: config 0 interface 85 has no altsetting 0 [ 125.979944][ T10] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 125.980611][ T316] udevd[316]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.49/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 125.989109][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.021304][ T10] usb 3-1: Product: syz [ 126.025502][ T10] usb 3-1: Manufacturer: syz [ 126.030148][ T10] usb 3-1: SerialNumber: syz [ 126.035394][ T10] usb 3-1: config 0 descriptor?? [ 126.123559][ T62] usb 5-1: USB disconnect, device number 8 [ 126.472804][ T10] usb 3-1: USB disconnect, device number 25 [ 126.847454][ T5585] FAULT_INJECTION: forcing a failure. [ 126.847454][ T5585] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 126.860846][ T5585] CPU: 1 UID: 0 PID: 5585 Comm: syz.4.2097 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 126.860881][ T5585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 126.860895][ T5585] Call Trace: [ 126.860903][ T5585] [ 126.860910][ T5585] __dump_stack+0x21/0x30 [ 126.860941][ T5585] dump_stack_lvl+0x10c/0x190 [ 126.860959][ T5585] ? __cfi_dump_stack_lvl+0x10/0x10 [ 126.860978][ T5585] dump_stack+0x19/0x20 [ 126.860995][ T5585] should_fail_ex+0x3d9/0x530 [ 126.861012][ T5585] should_fail+0xf/0x20 [ 126.861027][ T5585] should_fail_usercopy+0x1e/0x30 [ 126.861044][ T5585] _copy_to_user+0x24/0xa0 [ 126.861064][ T5585] simple_read_from_buffer+0xed/0x160 [ 126.861089][ T5585] proc_fail_nth_read+0x19e/0x210 [ 126.861103][ T5585] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 126.861117][ T5585] ? up_read+0x26/0x1d0 [ 126.861131][ T5585] ? bpf_lsm_file_permission+0xd/0x20 [ 126.861148][ T5585] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 126.861162][ T5585] vfs_read+0x278/0xb60 [ 126.861181][ T5585] ? __cfi_vfs_read+0x10/0x10 [ 126.861197][ T5585] ? __kasan_check_write+0x18/0x20 [ 126.861214][ T5585] ? mutex_lock+0x92/0x1c0 [ 126.861228][ T5585] ? __cfi_mutex_lock+0x10/0x10 [ 126.861242][ T5585] ? __fget_files+0x2c5/0x340 [ 126.861263][ T5585] ksys_read+0x141/0x250 [ 126.861281][ T5585] ? __cfi_ksys_read+0x10/0x10 [ 126.861299][ T5585] ? __kasan_check_read+0x15/0x20 [ 126.861315][ T5585] __x64_sys_read+0x7f/0x90 [ 126.861333][ T5585] x64_sys_call+0x2638/0x2ee0 [ 126.861352][ T5585] do_syscall_64+0x58/0xf0 [ 126.861372][ T5585] ? clear_bhb_loop+0x35/0x90 [ 126.861395][ T5585] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 126.861417][ T5585] RIP: 0033:0x7f2b4af8d33c [ 126.861430][ T5585] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 126.861444][ T5585] RSP: 002b:00007f2b495b5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 126.861461][ T5585] RAX: ffffffffffffffda RBX: 00007f2b4b1b6160 RCX: 00007f2b4af8d33c [ 126.861473][ T5585] RDX: 000000000000000f RSI: 00007f2b495b50a0 RDI: 0000000000000007 [ 126.861483][ T5585] RBP: 00007f2b495b5090 R08: 0000000000000000 R09: 0000000000000000 [ 126.861493][ T5585] R10: 0000000000000014 R11: 0000000000000246 R12: 0000000000000001 [ 126.861502][ T5585] R13: 0000000000000001 R14: 00007f2b4b1b6160 R15: 00007ffec0340808 [ 126.861515][ T5585] [ 126.874108][ T5586] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1158 [ 126.895554][ T5588] netlink: 324 bytes leftover after parsing attributes in process `syz.4.2099'. [ 127.063552][ T5601] rust_binder: Write failure EINVAL in pid:1423 [ 127.112177][ T5603] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 127.130493][ T5601] input: syz1 as /devices/virtual/input/input33 [ 127.136172][ T5603] rust_binder: Read failure Err(EFAULT) in pid:158 [ 127.152094][ T5601] rust_binder: Read failure Err(EAGAIN) in pid:1423 [ 127.245720][ T10] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 127.265948][ T5619] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 127.265971][ T5619] rust_binder: Read failure Err(EFAULT) in pid:1255 [ 127.275145][ T5619] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=5619 comm=syz.3.2113 [ 127.301142][ T5619] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 127.301170][ T5619] rust_binder: Read failure Err(EFAULT) in pid:1255 [ 127.310536][ T5624] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 127.330913][ T5628] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2115'. [ 127.379700][ T5634] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2118'. [ 127.402041][ T5636] netlink: 4276 bytes leftover after parsing attributes in process `syz.4.2119'. [ 127.411270][ T10] usb 2-1: device descriptor read/64, error -71 [ 127.452251][ T5641] netlink: 260 bytes leftover after parsing attributes in process `syz.4.2121'. [ 127.475096][ T5643] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2122'. [ 127.496639][ T5645] netlink: 220 bytes leftover after parsing attributes in process `syz.4.2123'. [ 127.534357][ T398] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 127.568520][ T5656] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 127.619938][ T640] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 127.673497][ T10] usb 2-1: device descriptor read/64, error -71 [ 127.717193][ T398] usb 3-1: config 0 has an invalid interface number: 230 but max is 0 [ 127.725535][ T398] usb 3-1: config 0 has no interface number 0 [ 127.731769][ T398] usb 3-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 127.742752][ T398] usb 3-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 127.753810][ T398] usb 3-1: config 0 interface 230 has no altsetting 0 [ 127.762123][ T398] usb 3-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 127.771267][ T398] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.779281][ T398] usb 3-1: Product: syz [ 127.783516][ T640] usb 4-1: Using ep0 maxpacket: 32 [ 127.788692][ T398] usb 3-1: Manufacturer: syz [ 127.793352][ T398] usb 3-1: SerialNumber: syz [ 127.798830][ T640] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 127.807378][ T398] usb 3-1: config 0 descriptor?? [ 127.812386][ T640] usb 4-1: config 0 has no interface number 0 [ 127.818788][ T5623] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 127.826717][ T5623] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 127.835435][ T398] ums-usbat 3-1:0.230: USB Mass Storage device detected [ 127.842917][ T640] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 127.852509][ T398] ums-usbat 3-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 127.860001][ T640] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.868329][ T640] usb 4-1: Product: syz [ 127.872558][ T640] usb 4-1: Manufacturer: syz [ 127.877394][ T640] usb 4-1: SerialNumber: syz [ 127.882857][ T640] usb 4-1: config 0 descriptor?? [ 127.888956][ T640] smsc95xx v2.0.0 [ 127.929972][ T10] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 128.068909][ T10] usb 2-1: device descriptor read/64, error -71 [ 128.317665][ T640] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 128.325565][ T10] usb 2-1: device descriptor read/64, error -71 [ 128.330204][ T640] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 128.443157][ T10] usb usb2-port1: attempt power cycle [ 128.573820][ T5667] rust_binder: Write failure EINVAL in pid:199 [ 128.817254][ T10] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 128.850468][ T10] usb 2-1: device descriptor read/8, error -71 [ 128.998997][ T10] usb 2-1: device descriptor read/8, error -71 [ 129.235623][ T640] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 129.247003][ T640] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 129.255579][ T10] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 129.256795][ T640] usb 4-1: USB disconnect, device number 27 [ 129.288711][ T10] usb 2-1: device descriptor read/8, error -71 [ 129.392056][ T5678] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 129.401900][ T5678] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 129.414323][ T36] kauditd_printk_skb: 15 callbacks suppressed [ 129.414344][ T36] audit: type=1400 audit(1750495788.335:743): avc: denied { attach_queue } for pid=5622 comm="syz.2.2114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 129.443378][ T10] usb 2-1: device descriptor read/8, error -71 [ 129.566952][ T10] usb usb2-port1: unable to enumerate USB device [ 130.057365][ T10] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 130.219568][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.230856][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.241179][ T398] ums-usbat 3-1:0.230: probe with driver ums-usbat failed with error -5 [ 130.241852][ T10] usb 5-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 130.251963][ T5707] rust_binder: Failed to allocate buffer. len:4120, is_oneway:true [ 130.258683][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.279726][ T10] usb 5-1: config 0 descriptor?? [ 130.715237][ T10] lenovo 0003:17EF:6047.0014: unknown main item tag 0x0 [ 130.722355][ T10] lenovo 0003:17EF:6047.0014: unknown main item tag 0x0 [ 130.730098][ T10] lenovo 0003:17EF:6047.0014: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.4-1/input0 [ 130.999987][ T10] lenovo 0003:17EF:6047.0014: Failed to switch F7/9/11 mode: -71 [ 131.008498][ T10] lenovo 0003:17EF:6047.0014: Failed to switch middle button: -71 [ 131.016713][ T10] lenovo 0003:17EF:6047.0014: Fn-lock setting failed: -71 [ 131.024119][ T10] lenovo 0003:17EF:6047.0014: Sensitivity setting failed: -71 [ 131.039390][ T10] usb 5-1: USB disconnect, device number 9 [ 131.062760][ T5708] fido_id[5708]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 131.095185][ T5715] input: syz0 as /devices/virtual/input/input34 [ 131.343255][ T5722] __nla_validate_parse: 8 callbacks suppressed [ 131.343341][ T5722] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2151'. [ 131.374007][ T5724] netlink: 304 bytes leftover after parsing attributes in process `syz.1.2152'. [ 131.405136][ T5726] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2153'. [ 131.446764][ T5732] SELinux: security_context_str_to_sid (sytem_uGйYzԇ;R_ˎQ=vf`8?ɥj9o0Hi\=>բMYIJS) failed with errno=-22 [ 131.496237][ T5743] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2160'. [ 131.507929][ T5742] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 131.535922][ T5746] netlink: 304 bytes leftover after parsing attributes in process `syz.3.2162'. [ 131.562927][ T36] audit: type=1326 audit(1750495790.346:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5747 comm="syz.3.2163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a178e929 code=0x7ffc0000 [ 131.586771][ T36] audit: type=1326 audit(1750495790.346:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5747 comm="syz.3.2163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a178e929 code=0x7ffc0000 [ 131.610365][ T36] audit: type=1326 audit(1750495790.346:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5747 comm="syz.3.2163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f60a178e929 code=0x7ffc0000 [ 131.634106][ T36] audit: type=1326 audit(1750495790.346:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5747 comm="syz.3.2163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a178e929 code=0x7ffc0000 [ 131.657825][ T36] audit: type=1326 audit(1750495790.346:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5747 comm="syz.3.2163" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a178e929 code=0x7ffc0000 [ 131.683892][ T36] audit: type=1400 audit(1750495790.393:749): avc: granted { setsecparam } for pid=5752 comm="syz.3.2165" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 131.714026][ T5759] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2167'. [ 131.726376][ T10] usb 3-1: USB disconnect, device number 26 [ 131.742789][ T5761] tipc: Enabling of bearer rejected, failed to enable media [ 131.743246][ T5763] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2169'. [ 131.752075][ T5761] rust_binder: Error while translating object. [ 131.761188][ T5761] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 131.768425][ T36] audit: type=1326 audit(1750495790.543:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5749 comm="syz.4.2164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b4af8e929 code=0x7fc00000 [ 131.777469][ T5761] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1432 [ 131.808821][ T5770] netlink: 304 bytes leftover after parsing attributes in process `syz.1.2171'. [ 131.835047][ T5773] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2173'. [ 131.885640][ T5778] rust_binder: Error in use_page_slow: ESRCH [ 131.885662][ T5778] rust_binder: use_range failure ESRCH [ 131.893928][ T5778] rust_binder: Failed to allocate buffer. len:40, is_oneway:false [ 131.899777][ T5778] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 131.907953][ T5778] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1437 [ 131.947339][ T5785] netlink: 324 bytes leftover after parsing attributes in process `syz.1.2176'. [ 132.176153][ T36] audit: type=1326 audit(1750495790.926:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5788 comm="syz.1.2179" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c8f78e929 code=0x7fc00000 [ 132.475106][ T36] audit: type=1326 audit(1750495791.207:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5749 comm="syz.4.2164" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b4af8e929 code=0x7fc00000 [ 132.928033][ T5803] binder: Unknown parameter '>`]JËV <' [ 133.031238][ T5815] __vm_enough_memory: pid: 5815, comm: syz.1.2189, bytes: 36028801313935360 not enough memory for the allocation [ 133.403543][ T398] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 133.424947][ T640] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 133.574585][ T398] usb 3-1: Using ep0 maxpacket: 8 [ 133.581508][ T398] usb 3-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.593151][ T398] usb 3-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0 [ 133.604552][ T640] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.617515][ T640] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 133.627428][ T398] usb 3-1: config 0 interface 0 has no altsetting 0 [ 133.634220][ T640] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 133.647555][ T398] usb 3-1: New USB device found, idVendor=04b4, idProduct=bca1, bcdDevice= 0.00 [ 133.656838][ T398] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.665191][ T640] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 133.675375][ T398] usb 3-1: config 0 descriptor?? [ 133.681359][ T640] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.690158][ T640] usb 2-1: config 0 descriptor?? [ 134.074711][ T5842] rust_binder: Error while translating object. [ 134.074748][ T5842] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 134.081757][ T5842] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:259 [ 134.129705][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.147030][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.155544][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.163299][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.171471][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.180879][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.188631][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.196737][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.204202][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.212169][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.220063][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.228207][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.235797][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.243742][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.251544][ T640] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 134.260549][ T640] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving [ 134.270777][ T640] plantronics 0003:047F:FFFF.0015: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 134.364533][ T398] usbhid 3-1:0.0: can't add hid device: -71 [ 134.375527][ T398] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 134.389080][ T398] usb 3-1: USB disconnect, device number 27 [ 134.537743][ T640] usb 2-1: USB disconnect, device number 29 [ 134.748418][ T5876] overlay: filesystem on ./bus not supported as upperdir [ 134.898814][ T36] kauditd_printk_skb: 10 callbacks suppressed [ 134.898834][ T36] audit: type=1400 audit(1750495793.461:763): avc: denied { ioctl } for pid=5883 comm="syz.1.2217" path="/dev/cpu/0/msr" dev="devtmpfs" ino=16 ioctlcmd=0x940d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 136.711475][ T5913] __nla_validate_parse: 11 callbacks suppressed [ 136.711517][ T5913] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2230'. [ 136.805815][ T46] bridge_slave_1: left allmulticast mode [ 136.814129][ T46] bridge_slave_1: left promiscuous mode [ 136.819848][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.829269][ T46] bridge_slave_0: left allmulticast mode [ 136.835389][ T46] bridge_slave_0: left promiscuous mode [ 136.841482][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.004470][ T46] veth1_macvtap: left promiscuous mode [ 137.010225][ T46] veth0_vlan: left promiscuous mode [ 137.215513][ T5912] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.223962][ T5912] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.232129][ T5912] bridge_slave_0: entered allmulticast mode [ 137.239946][ T5912] bridge_slave_0: entered promiscuous mode [ 137.250893][ T5912] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.259165][ T5912] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.266888][ T5912] bridge_slave_1: entered allmulticast mode [ 137.278293][ T5912] bridge_slave_1: entered promiscuous mode [ 137.361399][ T5912] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.368684][ T5912] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.376112][ T5912] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.383200][ T5912] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.416734][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.424990][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.447073][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.454243][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.468797][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.475952][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.515220][ T5912] veth0_vlan: entered promiscuous mode [ 137.532288][ T5912] veth1_macvtap: entered promiscuous mode [ 137.692160][ T5925] netlink: 304 bytes leftover after parsing attributes in process `syz.2.2233'. [ 137.787325][ T5929] netlink: 324 bytes leftover after parsing attributes in process `syz.2.2235'. [ 137.869940][ T5935] netlink: 4276 bytes leftover after parsing attributes in process `syz.4.2238'. [ 137.887519][ T5938] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 137.887562][ T5938] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:8 [ 138.204044][ T640] usb 5-1: new low-speed USB device number 10 using dummy_hcd [ 138.396033][ T640] usb 5-1: Invalid ep0 maxpacket: 16 [ 138.535017][ T640] usb 5-1: new low-speed USB device number 11 using dummy_hcd [ 138.706031][ T640] usb 5-1: Invalid ep0 maxpacket: 16 [ 138.711645][ T640] usb usb5-port1: attempt power cycle [ 139.090965][ T640] usb 5-1: new low-speed USB device number 12 using dummy_hcd [ 139.107100][ T5944] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2241'. [ 139.117345][ T640] usb 5-1: Invalid ep0 maxpacket: 16 [ 139.125295][ T5944] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:12 [ 139.232443][ T5948] netlink: 304 bytes leftover after parsing attributes in process `syz.2.2243'. [ 139.261962][ T640] usb 5-1: new low-speed USB device number 13 using dummy_hcd [ 139.294436][ T640] usb 5-1: Invalid ep0 maxpacket: 16 [ 139.300176][ T640] usb usb5-port1: unable to enumerate USB device [ 139.313609][ T5950] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2244'. [ 139.704429][ T5958] rust_binder: Write failure EFAULT in pid:27 [ 139.731169][ T5960] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2249'. [ 139.801590][ T36] audit: type=1326 audit(1750495798.054:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5961 comm="syz.2.2250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6e5b8e929 code=0x7ffc0000 [ 139.825091][ T36] audit: type=1326 audit(1750495798.054:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5961 comm="syz.2.2250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6e5b8e929 code=0x7ffc0000 [ 139.848767][ T36] audit: type=1326 audit(1750495798.054:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5961 comm="syz.2.2250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7fe6e5b8e929 code=0x7ffc0000 [ 139.873025][ T36] audit: type=1326 audit(1750495798.054:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5961 comm="syz.2.2250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6e5b8e929 code=0x7ffc0000 [ 139.897099][ T36] audit: type=1326 audit(1750495798.054:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5961 comm="syz.2.2250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6e5b8e929 code=0x7ffc0000 [ 139.915277][ T5965] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:33 [ 140.094310][ T5970] netlink: 304 bytes leftover after parsing attributes in process `syz.2.2253'. [ 140.150788][ T5972] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2254'. [ 140.566207][ T398] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 140.737258][ T398] usb 3-1: Using ep0 maxpacket: 16 [ 140.744269][ T398] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.757039][ T398] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 140.771113][ T398] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 140.780577][ T398] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=9 [ 140.788758][ T398] usb 3-1: SerialNumber: syz [ 140.803695][ T398] usb 3-1: config 0 descriptor?? [ 141.613919][ T640] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 141.784961][ T640] usb 5-1: Using ep0 maxpacket: 32 [ 141.791790][ T640] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 4096, setting to 1024 [ 141.803524][ T640] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 141.813884][ T640] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x7D, changing to 0xD [ 141.825761][ T640] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 141.835746][ T640] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xD has invalid maxpacket 0 [ 141.846153][ T640] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 141.859636][ T640] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 141.869119][ T640] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.878959][ T640] usb 5-1: config 0 descriptor?? [ 142.107571][ T640] usb 5-1: USB disconnect, device number 14 [ 142.920574][ T5988] rust_binder: Write failure EINVAL in pid:313 [ 142.962186][ T5992] __nla_validate_parse: 1 callbacks suppressed [ 142.962246][ T5992] netlink: 304 bytes leftover after parsing attributes in process `syz.4.2262'. [ 143.535754][ T398] usbhid 3-1:0.0: can't add hid device: -71 [ 143.548655][ T6000] netlink: 260 bytes leftover after parsing attributes in process `syz.4.2265'. [ 143.561410][ T398] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 143.576488][ T398] usb 3-1: USB disconnect, device number 28 [ 143.686354][ T6008] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 143.686392][ T6008] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:329 [ 143.695999][ T6010] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2270'. [ 143.783488][ T6014] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27 [ 143.783517][ T6014] rust_binder: Error while translating object. [ 143.792592][ T6014] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 143.798958][ T6014] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:59 [ 143.833857][ T6019] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2273'. [ 143.942221][ T6022] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 144.063922][ T6028] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:342 [ 144.105591][ T6030] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2277'. [ 144.128731][ T6031] rust_binder: Error while translating object. [ 144.128878][ T6031] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 144.150776][ T6031] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:342 [ 144.204200][ T6033] netlink: 'syz.2.2278': attribute type 4 has an invalid length. [ 144.561683][ T6039] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2280'. [ 144.625273][ T6045] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2283'. [ 144.755621][ T6054] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2287'. [ 144.850979][ T6064] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2293'. [ 144.868762][ T6066] rust_binder: Write failure EFAULT in pid:1310 [ 144.973146][ T6070] netlink: 4276 bytes leftover after parsing attributes in process `syz.2.2295'. [ 145.113250][ T6068] rust_binder: Write failure EFAULT in pid:1312 [ 145.358832][ T6099] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 145.387691][ T10] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 145.387784][ T6099] rust_binder: Write failure EINVAL in pid:108 [ 145.537329][ T552] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 145.551222][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 145.557499][ T10] usb 5-1: config 1 interface 0 altsetting 129 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 145.574252][ T10] usb 5-1: config 1 interface 0 has no altsetting 0 [ 145.589346][ T10] usb 5-1: New USB device found, idVendor=1b96, idProduct=0001, bcdDevice= 0.40 [ 145.598601][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.613707][ T10] usb 5-1: Product: 濫쾟ꏢ捰㣬竉䚷ῗજ띈桀밧⣂젔ᯫ茈須ꛡ㥲⻏侵ᷖ溜幬薄욘鄒❬ⴶ횳醃ﲃ쌉ࢁ헺畹濭﯌逳廛쁛呧ﮨී帻 [ 145.648403][ T10] usb 5-1: Manufacturer: ш [ 145.657614][ T10] usb 5-1: SerialNumber: ӿ [ 145.729752][ T552] usb 4-1: Using ep0 maxpacket: 16 [ 145.738399][ T552] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 145.750604][ T552] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 145.773295][ T552] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 145.782476][ T552] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=10 [ 145.794065][ T552] usb 4-1: SerialNumber: syz [ 145.802239][ T552] usb 4-1: config 0 descriptor?? [ 146.102700][ T10] usbhid 5-1:1.0: can't add hid device: -71 [ 146.110455][ T10] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 146.120747][ T10] usb 5-1: USB disconnect, device number 15 [ 146.739872][ T36] audit: type=1400 audit(1750495804.546:769): avc: denied { add_name } for pid=6108 comm="syz.4.2312" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 146.761984][ T6109] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 146.762100][ T6109] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:353 [ 146.773119][ T36] audit: type=1400 audit(1750495804.564:770): avc: denied { create } for pid=6108 comm="syz.4.2312" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 146.803164][ T36] audit: type=1400 audit(1750495804.564:771): avc: denied { associate } for pid=6108 comm="syz.4.2312" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 146.953576][ T36] audit: type=1326 audit(1750495804.742:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6116 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b4af8e929 code=0x7ffc0000 [ 146.977240][ T36] audit: type=1326 audit(1750495804.742:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6116 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b4af8e929 code=0x7ffc0000 [ 147.001044][ T36] audit: type=1326 audit(1750495804.742:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6116 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f2b4af8e929 code=0x7ffc0000 [ 147.024582][ T36] audit: type=1326 audit(1750495804.751:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6116 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b4af8e929 code=0x7ffc0000 [ 147.048192][ T36] audit: type=1326 audit(1750495804.751:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6116 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b4af8e929 code=0x7ffc0000 [ 147.107723][ T6121] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 147.107753][ T6121] rust_binder: Error while translating object. [ 147.118788][ T6121] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 147.125320][ T6121] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:365 [ 147.161199][ T6123] netlink: 'syz.4.2319': attribute type 4 has an invalid length. [ 147.301522][ T6134] SELinux: security_context_str_to_sid () failed with errno=-22 [ 147.321751][ T6138] rust_binder: Error while translating object. [ 147.321823][ T6138] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 147.325460][ T36] audit: type=1400 audit(1750495805.097:777): avc: denied { accept } for pid=6133 comm="syz.4.2323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 147.329080][ T6138] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:119 [ 147.338713][ T6134] loop0: detected capacity change from 0 to 8388608 [ 147.407102][ T6134] : renamed from xfrm0 (while UP) [ 147.441016][ T6146] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:377 [ 147.499847][ T6150] tipc: Started in network mode [ 147.514575][ T6150] tipc: Node identity 9adf646a0875, cluster identity 4711 [ 147.522270][ T6150] tipc: Enabled bearer , priority 0 [ 147.532227][ T6150] tipc: Disabling bearer [ 147.560377][ T6150] rust_binder: Got transaction with invalid offset. [ 147.560433][ T6150] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 147.572870][ T6150] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:381 [ 147.676413][ T6163] rust_binder: Write failure EFAULT in pid:387 [ 147.721181][ T6167] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6167 comm=syz.2.2337 [ 147.814528][ T6171] rust_binder: Error while translating object. [ 147.814580][ T6171] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 147.820940][ T6171] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:391 [ 147.955200][ T6186] random: crng reseeded on system resumption [ 148.022934][ T36] audit: type=1400 audit(1750495805.743:778): avc: denied { map } for pid=6193 comm="syz.2.2348" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 148.500107][ T552] usbhid 4-1:0.0: can't add hid device: -71 [ 148.506123][ T552] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 148.509591][ T6218] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION already set [ 148.525432][ T6222] __nla_validate_parse: 17 callbacks suppressed [ 148.525456][ T6222] netlink: 284 bytes leftover after parsing attributes in process `syz.3.2358'. [ 148.531987][ T552] usb 4-1: USB disconnect, device number 28 [ 148.541285][ T6218] rust_binder: Write failure EINVAL in pid:409 [ 148.573951][ T6224] netlink: 148 bytes leftover after parsing attributes in process `syz.3.2359'. [ 148.606395][ T6226] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2360'. [ 148.644652][ T6228] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2361'. [ 149.360389][ T6246] netlink: 284 bytes leftover after parsing attributes in process `syz.1.2368'. [ 149.393641][ T6250] netlink: 168 bytes leftover after parsing attributes in process `syz.2.2370'. [ 149.592807][ T6260] rust_binder: Write failure EINVAL in pid:171 [ 149.668718][ T6269] netlink: 304 bytes leftover after parsing attributes in process `syz.2.2377'. [ 149.721128][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.721166][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.737218][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.744041][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.755229][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.771285][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.778097][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.784667][ T6276] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2380'. [ 149.801015][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.801045][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.807747][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.814591][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.824270][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.834400][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.846433][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.853221][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.859975][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.867141][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.873626][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.884087][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.890834][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.897344][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.904336][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.910955][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.917419][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.924146][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.930834][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.937511][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.944093][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.950614][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.957227][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.963847][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.970304][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.976987][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.983451][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.990381][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 149.996995][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.003673][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.010299][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.016918][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.023373][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.030018][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.036475][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.043116][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.049709][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.056228][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.063232][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.069746][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.076369][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.082995][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.089462][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.096203][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.102784][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.109291][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.115913][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.122422][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.128931][ T640] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 150.143948][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.143977][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.150798][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.158025][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.164507][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.171156][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.177766][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.184263][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.190912][ T6272] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 150.219511][ T6280] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2382'. [ 150.281223][ T6286] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2384'. [ 150.316029][ T640] usb 4-1: Using ep0 maxpacket: 16 [ 150.323959][ T640] usb 4-1: unable to get BOS descriptor or descriptor too short [ 150.332915][ T640] usb 4-1: config 1 has an invalid descriptor of length 128, skipping remainder of the config [ 150.346988][ T640] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 150.372575][ T640] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 150.392303][ T640] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 150.410144][ T640] usb 4-1: New USB device strings: Mfr=1, Product=66, SerialNumber=3 [ 150.436744][ T640] usb 4-1: Product: syz [ 150.441155][ T640] usb 4-1: Manufacturer: syz [ 150.447021][ T640] usb 4-1: SerialNumber: syz [ 150.587355][ T6312] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:439 [ 150.673211][ T640] usb 4-1: 0:2 : does not exist [ 150.694352][ T640] usb 4-1: USB disconnect, device number 29 [ 150.733923][ T552] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 150.872793][ T316] udevd[316]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 150.904068][ T552] usb 3-1: Using ep0 maxpacket: 16 [ 150.915442][ T552] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 150.936079][ T552] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 150.957835][ T552] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 150.966953][ T552] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=11 [ 150.975119][ T552] usb 3-1: SerialNumber: syz [ 150.989888][ T552] usb 3-1: config 0 descriptor?? [ 151.021637][ T398] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 151.181972][ T398] usb 5-1: Using ep0 maxpacket: 32 [ 151.188387][ T398] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.199709][ T398] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 151.211082][ T398] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 151.220782][ T398] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.230001][ T398] usb 5-1: config 0 descriptor?? [ 151.237068][ T398] hub 5-1:0.0: USB hub found [ 151.286126][ T6320] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 151.433644][ T6331] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 151.450974][ T398] hub 5-1:0.0: 1 port detected [ 151.534452][ T6334] rust_binder: Write failure EINVAL in pid:1355 [ 151.638141][ T6339] overlayfs: conflicting options: verity=require,redirect_dir=nofollow [ 151.668058][ T398] hub 5-1:0.0: hub_hub_status failed (err = -71) [ 151.677258][ T398] hub 5-1:0.0: config failed, can't get hub status (err -71) [ 151.686727][ T398] usbhid 5-1:0.0: can't add hid device: -71 [ 151.692974][ T398] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 151.716985][ T398] usb 5-1: USB disconnect, device number 16 [ 152.526264][ T36] kauditd_printk_skb: 15 callbacks suppressed [ 152.526282][ T36] audit: type=1326 audit(1750495809.952:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6338 comm="syz.3.2410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a178e929 code=0x7fc00000 [ 152.555822][ T398] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 152.628000][ T6357] rust_binder: Write failure EFAULT in pid:1371 [ 152.717944][ T36] audit: type=1326 audit(1750495810.130:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6363 comm="syz.3.2418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a178e929 code=0x7ffc0000 [ 152.748036][ T6364] binder: Unknown parameter 'context' [ 152.758487][ T398] usb 5-1: Using ep0 maxpacket: 32 [ 152.773332][ T36] audit: type=1326 audit(1750495810.130:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6363 comm="syz.3.2418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a178e929 code=0x7ffc0000 [ 152.799285][ T398] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 152.810576][ T398] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 152.822788][ T36] audit: type=1326 audit(1750495810.167:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6363 comm="syz.3.2418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f60a178e929 code=0x7ffc0000 [ 152.846327][ T398] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 152.866129][ T36] audit: type=1326 audit(1750495810.177:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6363 comm="syz.3.2418" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a178e929 code=0x7ffc0000 [ 152.871086][ T398] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.929074][ T398] usb 5-1: config 0 descriptor?? [ 152.940208][ T398] hub 5-1:0.0: USB hub found [ 153.042793][ T6371] rust_binder: Write failure EINVAL in pid:1385 [ 153.149726][ T398] hub 5-1:0.0: 1 port detected [ 153.298720][ T62] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 153.459118][ T62] usb 4-1: device descriptor read/64, error -71 [ 153.698322][ T552] usbhid 3-1:0.0: can't add hid device: -71 [ 153.715703][ T552] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 153.724312][ T62] usb 4-1: device descriptor read/64, error -71 [ 153.730774][ T552] usb 3-1: USB disconnect, device number 29 [ 153.773723][ T6375] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 153.800441][ T398] hub 5-1:0.0: activate --> -90 [ 153.975258][ T6378] __nla_validate_parse: 9 callbacks suppressed [ 153.975284][ T6378] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2423'. [ 153.982961][ T62] usb 4-1: new full-speed USB device number 31 using dummy_hcd [ 154.153992][ T62] usb 4-1: device descriptor read/64, error -71 [ 154.410561][ T62] usb 4-1: device descriptor read/64, error -71 [ 154.538834][ T62] usb usb4-port1: attempt power cycle [ 154.672947][ T6348] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:451 [ 154.673021][ T6348] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 154.682671][ T6348] rust_binder: Read failure Err(EFAULT) in pid:451 [ 154.691850][ T6348] rust_binder: Write failure EFAULT in pid:451 [ 154.700203][ T516] usb 5-1: USB disconnect, device number 17 [ 154.712455][ T398] usb 5-1-port1: cannot reset (err = -71) [ 154.718395][ T398] usb 5-1-port1: attempt power cycle [ 154.902318][ T62] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 154.935375][ T62] usb 4-1: device descriptor read/8, error -71 [ 154.978158][ T6388] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2427'. [ 155.003011][ T6390] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2428'. [ 155.053109][ T6397] netlink: 228 bytes leftover after parsing attributes in process `syz.2.2430'. [ 155.078309][ T62] usb 4-1: device descriptor read/8, error -71 [ 155.123865][ T6400] netlink: 260 bytes leftover after parsing attributes in process `syz.2.2431'. [ 155.176292][ T6404] rust_binder: Write failure EINVAL in pid:232 [ 155.284207][ T6409] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 155.304214][ T6409] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:453 [ 155.340692][ T62] usb 4-1: new full-speed USB device number 33 using dummy_hcd [ 155.373740][ T62] usb 4-1: device descriptor read/8, error -71 [ 155.444472][ T6415] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2437'. [ 155.505463][ T6419] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2439'. [ 155.515833][ T62] usb 4-1: device descriptor read/8, error -71 [ 155.555093][ T6422] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 155.629426][ T62] usb usb4-port1: unable to enumerate USB device [ 155.632459][ T6421] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:243 [ 155.642628][ T6422] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 155.651856][ T6422] rust_binder: Failure in copy_transaction_data: BR_DEAD_REPLY [ 155.660035][ T6422] rust_binder: Failure BR_DEAD_REPLY during reply - delivering BR_FAILED_REPLY to sender. [ 155.684738][ T6425] netlink: 80 bytes leftover after parsing attributes in process `syz.2.2441'. [ 155.720242][ T6427] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2442'. [ 155.744813][ T6429] rust_binder: Write failure EFAULT in pid:251 [ 155.760868][ T6431] SELinux: security_context_str_to_sid (syste_uGй :) failed with errno=-22 [ 155.792431][ T6433] netlink: 4276 bytes leftover after parsing attributes in process `syz.2.2445'. [ 156.249331][ T516] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 156.315496][ T6456] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 156.315530][ T6456] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:1390 [ 156.416118][ T516] usb 3-1: config 1 has an invalid descriptor of length 208, skipping remainder of the config [ 156.444723][ T516] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 156.460130][ T516] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 156.469846][ T516] usb 3-1: New USB device strings: Mfr=16, Product=0, SerialNumber=1 [ 156.480430][ T516] usb 3-1: Manufacturer: syz [ 156.486311][ T516] usb 3-1: SerialNumber: syz [ 156.495006][ T516] cdc_ether 3-1:1.0: skipping garbage [ 156.500712][ T516] usb 3-1: bad CDC descriptors [ 156.644746][ T6475] rust_binder: validate_parent_fixup: fixup_min_offset=29, parent_offset=27 [ 156.644767][ T6475] rust_binder: Error while translating object. [ 156.655626][ T6475] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 156.662170][ T6475] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1411 [ 156.690607][ T6477] netlink: 'syz.3.2462': attribute type 4 has an invalid length. [ 156.748047][ T6443] rust_binder: Write failure EINVAL in pid:262 [ 156.755840][ T6443] rust_binder: Read failure Err(EAGAIN) in pid:262 [ 156.829854][ T6486] fuse: Unknown parameter '|oot' [ 156.845762][ T36] audit: type=1400 audit(1750495813.993:799): avc: denied { read append } for pid=6485 comm="syz.3.2466" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 156.868162][ T6486] binder: Unknown parameter ' ' [ 156.869408][ T36] audit: type=1400 audit(1750495814.021:800): avc: denied { setattr } for pid=6485 comm="syz.3.2466" path="/dev/ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 156.987523][ T398] usb 3-1: USB disconnect, device number 30 [ 157.077490][ T6494] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 157.276979][ T6507] rust_binder: Error while translating object. [ 157.277026][ T6507] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 157.283359][ T6507] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1436 [ 157.392826][ T6519] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 157.402275][ T6519] rust_binder: Read failure Err(EFAULT) in pid:1450 [ 157.403941][ T552] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 157.430933][ T6521] rust_binder: Write failure EFAULT in pid:1452 [ 157.529262][ T6529] rust_binder: Write failure EINVAL in pid:1244 [ 157.598127][ T552] usb 5-1: config 0 has an invalid interface number: 49 but max is 0 [ 157.612744][ T552] usb 5-1: config 0 has no interface number 0 [ 157.618954][ T552] usb 5-1: too many endpoints for config 0 interface 49 altsetting 56: 52, using maximum allowed: 30 [ 157.629980][ T552] usb 5-1: config 0 interface 49 altsetting 56 has 0 endpoint descriptors, different from the interface descriptor's value: 52 [ 157.643203][ T552] usb 5-1: config 0 interface 49 has no altsetting 0 [ 157.650245][ T552] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 157.659314][ T552] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.682058][ T552] usb 5-1: config 0 descriptor?? [ 157.706951][ T63] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 157.874297][ T63] usb 4-1: Using ep0 maxpacket: 16 [ 157.880781][ T36] audit: type=1400 audit(1750495814.966:801): avc: denied { map } for pid=6550 comm="syz.1.2496" path="/proc/1264/net/pfkey" dev="proc" ino=4026532531 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 157.905549][ T63] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 157.919897][ T63] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 157.930192][ T63] usb 4-1: config 0 has no interface number 0 [ 157.947609][ T63] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 157.958691][ T63] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.967100][ T63] usb 4-1: Product: syz [ 157.971853][ T63] usb 4-1: Manufacturer: syz [ 157.976798][ T63] usb 4-1: SerialNumber: syz [ 157.988306][ T63] usb 4-1: config 0 descriptor?? [ 157.997569][ T552] usb 5-1: string descriptor 0 read error: -71 [ 158.004699][ T63] usb 4-1: Found UVC 0.00 device syz (046d:08f3) [ 158.012499][ T63] usb 4-1: No valid video chain found. [ 158.013542][ T552] usb 5-1: Cannot read MAC address [ 158.027504][ T552] MOSCHIP usb-ethernet driver 5-1:0.49: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 158.058703][ T552] usb 5-1: USB disconnect, device number 22 [ 158.217108][ T516] usb 4-1: USB disconnect, device number 34 [ 158.891253][ T6574] rust_binder: Write failure EFAULT in pid:482 [ 158.912617][ T6574] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:482 [ 158.921874][ T6575] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:482 [ 158.963334][ T6577] rust_binder: Write failure EINVAL in pid:1460 [ 159.047165][ T6586] rust_binder: Error while translating object. [ 159.054499][ T6586] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 159.080942][ T6586] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1276 [ 159.239218][ T6604] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 159.287981][ T36] audit: type=1326 audit(1750495816.285:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6609 comm="syz.3.2521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a178e929 code=0x7ffc0000 [ 159.350718][ T36] audit: type=1326 audit(1750495816.285:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6609 comm="syz.3.2521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a178e929 code=0x7ffc0000 [ 159.375388][ T36] audit: type=1326 audit(1750495816.313:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6609 comm="syz.3.2521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f60a178e929 code=0x7ffc0000 [ 159.402092][ T36] audit: type=1326 audit(1750495816.313:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6609 comm="syz.3.2521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a178e929 code=0x7ffc0000 [ 159.426635][ T36] audit: type=1326 audit(1750495816.313:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6609 comm="syz.3.2521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a178e929 code=0x7ffc0000 [ 159.655356][ T6618] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION already set [ 159.680344][ T6618] rust_binder: Write failure EINVAL in pid:501 [ 159.763034][ T6623] rust_binder: Write failure EINVAL in pid:503 [ 159.799128][ T6627] rust_binder: Error while translating object. [ 159.805406][ T6627] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 159.812307][ T6627] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:505 [ 159.842820][ T6632] usb usb8: usbfs: process 6632 (syz.4.2531) did not claim interface 0 before use [ 159.890254][ T6634] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 159.909728][ T6638] __nla_validate_parse: 18 callbacks suppressed [ 159.909746][ T6638] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2533'. [ 160.056601][ T6645] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2536'. [ 160.245845][ T6647] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 160.245880][ T6647] rust_binder: Read failure Err(EFAULT) in pid:1296 [ 160.304119][ T6650] netlink: 4276 bytes leftover after parsing attributes in process `syz.1.2538'. [ 160.476440][ T6657] netlink: 112 bytes leftover after parsing attributes in process `syz.3.2541'. [ 160.712857][ T6661] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.720360][ T6661] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.727567][ T6661] bridge_slave_0: entered allmulticast mode [ 160.734380][ T6661] bridge_slave_0: entered promiscuous mode [ 160.741223][ T6661] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.748457][ T6661] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.755975][ T6661] bridge_slave_1: entered allmulticast mode [ 160.762639][ T6661] bridge_slave_1: entered promiscuous mode [ 160.805211][ T6666] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2544'. [ 160.914217][ T36] audit: type=1400 audit(1750495817.800:807): avc: denied { read } for pid=6672 comm="syz.4.2547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 161.031034][ T12] bridge_slave_1: left allmulticast mode [ 161.037256][ T12] bridge_slave_1: left promiscuous mode [ 161.043139][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.051261][ T12] bridge_slave_0: left allmulticast mode [ 161.056992][ T12] bridge_slave_0: left promiscuous mode [ 161.062968][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.121586][ T6676] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2548'. [ 161.190480][ T6661] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.197579][ T6661] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.205013][ T6661] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.212113][ T6661] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.237838][ T12] veth1_macvtap: left promiscuous mode [ 161.243521][ T12] veth0_vlan: left promiscuous mode [ 161.362600][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.375748][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.388636][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.395802][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.402208][ T10] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 161.403878][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.417677][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.453923][ T6661] veth0_vlan: entered promiscuous mode [ 161.470105][ T6661] veth1_macvtap: entered promiscuous mode [ 161.563655][ T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 161.583942][ T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 161.605501][ T10] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 235, setting to 64 [ 161.624477][ T36] audit: type=1400 audit(1750495818.464:808): avc: denied { bind } for pid=6695 comm="syz.3.2555" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 161.626912][ T10] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 161.647603][ T6696] rust_binder: Error while translating object. [ 161.658395][ T6696] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 161.664838][ T6696] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:11 [ 161.692333][ T10] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 161.718615][ T6703] netlink: 'syz.3.2557': attribute type 4 has an invalid length. [ 161.722974][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.744289][ T10] usb 2-1: Product: syz [ 161.748525][ T10] usb 2-1: Manufacturer: syz [ 161.753159][ T10] usb 2-1: SerialNumber: syz [ 162.189435][ T6719] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2563'. [ 162.289159][ T6725] exfat: Unknown parameter 'workdir' [ 162.374400][ T6727] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2566'. [ 162.415197][ T6729] binder: Unknown parameter 'fscontext?}' [ 162.446918][ T6733] netlink: 4276 bytes leftover after parsing attributes in process `syz.4.2568'. [ 162.478022][ T6735] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2570'. [ 162.523688][ T6739] FAULT_INJECTION: forcing a failure. [ 162.523688][ T6739] name failslab, interval 1, probability 0, space 0, times 0 [ 162.538050][ T6739] CPU: 1 UID: 0 PID: 6739 Comm: syz.4.2572 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 162.538094][ T6739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 162.538110][ T6739] Call Trace: [ 162.538119][ T6739] [ 162.538130][ T6739] __dump_stack+0x21/0x30 [ 162.538165][ T6739] dump_stack_lvl+0x10c/0x190 [ 162.538193][ T6739] ? __cfi_dump_stack_lvl+0x10/0x10 [ 162.538222][ T6739] ? __nla_validate_parse+0x2406/0x2d50 [ 162.538258][ T6739] dump_stack+0x19/0x20 [ 162.538284][ T6739] should_fail_ex+0x3d9/0x530 [ 162.538308][ T6739] should_failslab+0xac/0x100 [ 162.538484][ T6739] kmem_cache_alloc_noprof+0x42/0x3a0 [ 162.538520][ T6739] ? xfrm_state_alloc+0x3f/0x380 [ 162.538553][ T6739] xfrm_state_alloc+0x3f/0x380 [ 162.538598][ T6739] ? xfrm_add_sa+0x14d8/0x3ea0 [ 162.538629][ T6739] xfrm_add_sa+0x1591/0x3ea0 [ 162.538661][ T6739] ? selinux_capable+0x38/0x50 [ 162.538689][ T6739] ? __cfi_xfrm_add_sa+0x10/0x10 [ 162.538727][ T6739] xfrm_user_rcv_msg+0x577/0x860 [ 162.538760][ T6739] ? __cfi_xfrm_user_rcv_msg+0x10/0x10 [ 162.538797][ T6739] ? stack_trace_save+0x9d/0xe0 [ 162.538826][ T6739] ? __asan_memcpy+0x5a/0x80 [ 162.538849][ T6739] ? avc_has_perm_noaudit+0x286/0x360 [ 162.538875][ T6739] ? avc_has_perm+0x144/0x220 [ 162.538898][ T6739] netlink_rcv_skb+0x22b/0x4a0 [ 162.538935][ T6739] ? __cfi_xfrm_user_rcv_msg+0x10/0x10 [ 162.538975][ T6739] ? __cfi_netlink_rcv_skb+0x10/0x10 [ 162.539010][ T6739] ? __kasan_check_write+0x18/0x20 [ 162.539035][ T6739] ? mutex_lock+0x92/0x1c0 [ 162.539058][ T6739] ? __cfi_mutex_lock+0x10/0x10 [ 162.539081][ T6739] ? netlink_autobind+0x1c0/0x1c0 [ 162.539118][ T6739] xfrm_netlink_rcv+0x76/0x90 [ 162.539157][ T6739] netlink_unicast+0x8c6/0xa60 [ 162.539191][ T6739] netlink_sendmsg+0x7f0/0xaf0 [ 162.539229][ T6739] ? __cfi_netlink_sendmsg+0x10/0x10 [ 162.539266][ T6739] ? bpf_lsm_socket_sendmsg+0xd/0x20 [ 162.539302][ T6739] ? security_socket_sendmsg+0x33/0xd0 [ 162.539330][ T6739] ? __cfi_netlink_sendmsg+0x10/0x10 [ 162.539366][ T6739] ____sys_sendmsg+0xa15/0xa70 [ 162.539408][ T6739] ? __sys_sendmsg_sock+0x50/0x50 [ 162.539447][ T6739] ? import_iovec+0x81/0xb0 [ 162.539482][ T6739] ___sys_sendmsg+0x220/0x2a0 [ 162.539520][ T6739] ? __sys_sendmsg+0x280/0x280 [ 162.539557][ T6739] ? proc_fail_nth_write+0x17e/0x210 [ 162.539592][ T6739] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 162.539625][ T6739] __x64_sys_sendmsg+0x1eb/0x2c0 [ 162.539649][ T6739] ? fput+0x1a5/0x240 [ 162.539686][ T6739] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 162.539708][ T6739] ? ksys_write+0x1ef/0x250 [ 162.539738][ T6739] ? __kasan_check_read+0x15/0x20 [ 162.539767][ T6739] x64_sys_call+0x2a4c/0x2ee0 [ 162.539799][ T6739] do_syscall_64+0x58/0xf0 [ 162.539830][ T6739] ? clear_bhb_loop+0x35/0x90 [ 162.539867][ T6739] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 162.539901][ T6739] RIP: 0033:0x7f2b4af8e929 [ 162.539923][ T6739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.539945][ T6739] RSP: 002b:00007f2b495f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 162.539971][ T6739] RAX: ffffffffffffffda RBX: 00007f2b4b1b5fa0 RCX: 00007f2b4af8e929 [ 162.539988][ T6739] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 162.540005][ T6739] RBP: 00007f2b495f7090 R08: 0000000000000000 R09: 0000000000000000 [ 162.540021][ T6739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.540036][ T6739] R13: 0000000000000000 R14: 00007f2b4b1b5fa0 R15: 00007ffec0340808 [ 162.540058][ T6739] [ 162.857931][ T10] cdc_ncm 2-1:1.0: bind() failure [ 162.933852][ T10] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 162.942770][ T10] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 162.986647][ T10] usb 2-1: USB disconnect, device number 30 [ 163.031787][ T6749] FAULT_INJECTION: forcing a failure. [ 163.031787][ T6749] name failslab, interval 1, probability 0, space 0, times 0 [ 163.044692][ T6749] CPU: 1 UID: 0 PID: 6749 Comm: syz.4.2577 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 163.044729][ T6749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.044745][ T6749] Call Trace: [ 163.044754][ T6749] [ 163.044765][ T6749] __dump_stack+0x21/0x30 [ 163.044800][ T6749] dump_stack_lvl+0x10c/0x190 [ 163.044828][ T6749] ? __cfi_dump_stack_lvl+0x10/0x10 [ 163.044857][ T6749] ? xfrm_user_rcv_msg+0x69a/0x860 [ 163.044891][ T6749] dump_stack+0x19/0x20 [ 163.044917][ T6749] should_fail_ex+0x3d9/0x530 [ 163.044944][ T6749] should_failslab+0xac/0x100 [ 163.044979][ T6749] kmem_cache_alloc_node_noprof+0x45/0x3b0 [ 163.045009][ T6749] ? __alloc_skb+0x10c/0x370 [ 163.045041][ T6749] __alloc_skb+0x10c/0x370 [ 163.045071][ T6749] ? __kasan_check_read+0x15/0x20 [ 163.045098][ T6749] netlink_ack+0x155/0xa50 [ 163.045129][ T6749] ? avc_has_perm_noaudit+0x286/0x360 [ 163.045155][ T6749] ? avc_has_perm+0x144/0x220 [ 163.045180][ T6749] netlink_rcv_skb+0x2b2/0x4a0 [ 163.045214][ T6749] ? __cfi_xfrm_user_rcv_msg+0x10/0x10 [ 163.045247][ T6749] ? __cfi_netlink_rcv_skb+0x10/0x10 [ 163.045281][ T6749] ? __kasan_check_write+0x18/0x20 [ 163.045308][ T6749] ? mutex_lock+0x92/0x1c0 [ 163.045330][ T6749] ? __cfi_mutex_lock+0x10/0x10 [ 163.045353][ T6749] ? netlink_autobind+0x1c0/0x1c0 [ 163.045390][ T6749] xfrm_netlink_rcv+0x76/0x90 [ 163.045421][ T6749] netlink_unicast+0x8c6/0xa60 [ 163.045455][ T6749] netlink_sendmsg+0x7f0/0xaf0 [ 163.045492][ T6749] ? __cfi_netlink_sendmsg+0x10/0x10 [ 163.045530][ T6749] ? bpf_lsm_socket_sendmsg+0xd/0x20 [ 163.045579][ T6749] ? security_socket_sendmsg+0x33/0xd0 [ 163.045609][ T6749] ? __cfi_netlink_sendmsg+0x10/0x10 [ 163.045643][ T6749] ____sys_sendmsg+0xa15/0xa70 [ 163.045682][ T6749] ? __sys_sendmsg_sock+0x50/0x50 [ 163.045721][ T6749] ? import_iovec+0x81/0xb0 [ 163.045756][ T6749] ___sys_sendmsg+0x220/0x2a0 [ 163.045791][ T6749] ? __sys_sendmsg+0x280/0x280 [ 163.045827][ T6749] ? proc_fail_nth_write+0x17e/0x210 [ 163.045851][ T6749] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 163.045883][ T6749] __x64_sys_sendmsg+0x1eb/0x2c0 [ 163.045906][ T6749] ? fput+0x1a5/0x240 [ 163.045942][ T6749] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 163.045964][ T6749] ? ksys_write+0x1ef/0x250 [ 163.045994][ T6749] ? __kasan_check_read+0x15/0x20 [ 163.046022][ T6749] x64_sys_call+0x2a4c/0x2ee0 [ 163.046053][ T6749] do_syscall_64+0x58/0xf0 [ 163.046083][ T6749] ? clear_bhb_loop+0x35/0x90 [ 163.046121][ T6749] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 163.046155][ T6749] RIP: 0033:0x7f2b4af8e929 [ 163.046175][ T6749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.046196][ T6749] RSP: 002b:00007f2b495f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 163.046224][ T6749] RAX: ffffffffffffffda RBX: 00007f2b4b1b5fa0 RCX: 00007f2b4af8e929 [ 163.046243][ T6749] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003 [ 163.046259][ T6749] RBP: 00007f2b495f7090 R08: 0000000000000000 R09: 0000000000000000 [ 163.046276][ T6749] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 163.046291][ T6749] R13: 0000000000000000 R14: 00007f2b4b1b5fa0 R15: 00007ffec0340808 [ 163.046312][ T6749] [ 163.395844][ T6752] SELinux: policydb table sizes (0,0) do not match mine (6,7) [ 163.403595][ T6752] SELinux: failed to load policy [ 163.551732][ T36] audit: type=1326 audit(1750495820.270:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6762 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b4af8e929 code=0x7ffc0000 [ 163.575404][ T36] audit: type=1326 audit(1750495820.270:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6762 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b4af8e929 code=0x7ffc0000 [ 163.599653][ T36] audit: type=1326 audit(1750495820.270:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6762 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f2b4af8e929 code=0x7ffc0000 [ 163.623293][ T36] audit: type=1326 audit(1750495820.279:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6762 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b4af8e929 code=0x7ffc0000 [ 163.646806][ T36] audit: type=1326 audit(1750495820.279:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6762 comm="syz.4.2582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b4af8e929 code=0x7ffc0000 [ 163.710922][ T6769] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 163.710952][ T6769] rust_binder: Error while translating object. [ 163.732837][ T6769] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 163.743439][ T6769] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:573 [ 163.774752][ T6772] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 163.786065][ T6773] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 163.792799][ T6773] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:1308 [ 163.842899][ T6782] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:46 [ 164.171969][ T6809] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 164.197583][ T6809] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:1322 [ 164.350728][ T6817] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1324 [ 164.374893][ T6817] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 164.396357][ T6817] rust_binder: Read failure Err(EFAULT) in pid:1324 [ 164.771798][ T6827] SELinux: security_context_str_to_sid (syste_uGй :) failed with errno=-22 [ 164.793840][ T36] audit: type=1400 audit(1750495821.430:814): avc: denied { watch watch_reads } for pid=6826 comm="syz.4.2606" path="/249" dev="tmpfs" ino=1333 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 164.827968][ T6827] kvm: kvm [6826]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x40000004) [ 164.845935][ T6827] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 164.854893][ T6829] FAULT_INJECTION: forcing a failure. [ 164.854893][ T6829] name failslab, interval 1, probability 0, space 0, times 0 [ 164.868799][ T6829] CPU: 1 UID: 0 PID: 6829 Comm: syz.3.2607 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 164.868837][ T6829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 164.868854][ T6829] Call Trace: [ 164.868863][ T6829] [ 164.868873][ T6829] __dump_stack+0x21/0x30 [ 164.868908][ T6829] dump_stack_lvl+0x10c/0x190 [ 164.868936][ T6829] ? __cfi_dump_stack_lvl+0x10/0x10 [ 164.868966][ T6829] dump_stack+0x19/0x20 [ 164.868991][ T6829] should_fail_ex+0x3d9/0x530 [ 164.869018][ T6829] should_failslab+0xac/0x100 [ 164.869051][ T6829] __kmalloc_node_track_caller_noprof+0x68/0x440 [ 164.869083][ T6829] ? xfrm_add_sa+0x1f68/0x3ea0 [ 164.869116][ T6829] kmemdup_noprof+0x31/0x80 [ 164.869143][ T6829] xfrm_add_sa+0x1f68/0x3ea0 [ 164.869175][ T6829] ? selinux_capable+0x38/0x50 [ 164.869210][ T6829] ? __cfi_xfrm_add_sa+0x10/0x10 [ 164.869245][ T6829] xfrm_user_rcv_msg+0x577/0x860 [ 164.869277][ T6829] ? __cfi_xfrm_user_rcv_msg+0x10/0x10 [ 164.869308][ T6829] ? stack_trace_save+0x9d/0xe0 [ 164.869343][ T6829] ? __asan_memcpy+0x5a/0x80 [ 164.869369][ T6829] ? avc_has_perm_noaudit+0x286/0x360 [ 164.869396][ T6829] ? avc_has_perm+0x144/0x220 [ 164.869421][ T6829] netlink_rcv_skb+0x22b/0x4a0 [ 164.869455][ T6829] ? __cfi_xfrm_user_rcv_msg+0x10/0x10 [ 164.869487][ T6829] ? __cfi_netlink_rcv_skb+0x10/0x10 [ 164.869524][ T6829] ? __kasan_check_write+0x18/0x20 [ 164.869549][ T6829] ? mutex_lock+0x92/0x1c0 [ 164.869572][ T6829] ? __cfi_mutex_lock+0x10/0x10 [ 164.869593][ T6829] ? netlink_autobind+0x1c0/0x1c0 [ 164.869630][ T6829] xfrm_netlink_rcv+0x76/0x90 [ 164.869661][ T6829] netlink_unicast+0x8c6/0xa60 [ 164.869695][ T6829] netlink_sendmsg+0x7f0/0xaf0 [ 164.869732][ T6829] ? __cfi_netlink_sendmsg+0x10/0x10 [ 164.869770][ T6829] ? bpf_lsm_socket_sendmsg+0xd/0x20 [ 164.869807][ T6829] ? security_socket_sendmsg+0x33/0xd0 [ 164.869840][ T6829] ? __cfi_netlink_sendmsg+0x10/0x10 [ 164.869876][ T6829] ____sys_sendmsg+0xa15/0xa70 [ 164.869913][ T6829] ? __sys_sendmsg_sock+0x50/0x50 [ 164.869950][ T6829] ? import_iovec+0x81/0xb0 [ 164.869985][ T6829] ___sys_sendmsg+0x220/0x2a0 [ 164.870020][ T6829] ? __sys_sendmsg+0x280/0x280 [ 164.870057][ T6829] ? proc_fail_nth_write+0x17e/0x210 [ 164.870081][ T6829] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 164.870113][ T6829] __x64_sys_sendmsg+0x1eb/0x2c0 [ 164.870135][ T6829] ? fput+0x1a5/0x240 [ 164.870170][ T6829] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 164.870200][ T6829] ? ksys_write+0x1ef/0x250 [ 164.870230][ T6829] ? __kasan_check_read+0x15/0x20 [ 164.870259][ T6829] x64_sys_call+0x2a4c/0x2ee0 [ 164.870289][ T6829] do_syscall_64+0x58/0xf0 [ 164.870320][ T6829] ? clear_bhb_loop+0x35/0x90 [ 164.870356][ T6829] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 164.870391][ T6829] RIP: 0033:0x7f419c38e929 [ 164.870409][ T6829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.870429][ T6829] RSP: 002b:00007f419d2ab038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 164.870455][ T6829] RAX: ffffffffffffffda RBX: 00007f419c5b5fa0 RCX: 00007f419c38e929 [ 164.870474][ T6829] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003 [ 164.870490][ T6829] RBP: 00007f419d2ab090 R08: 0000000000000000 R09: 0000000000000000 [ 164.870506][ T6829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 164.870520][ T6829] R13: 0000000000000000 R14: 00007f419c5b5fa0 R15: 00007ffc10ee4068 [ 164.870540][ T6829] [ 165.278419][ T6831] __nla_validate_parse: 9 callbacks suppressed [ 165.278442][ T6831] netlink: 324 bytes leftover after parsing attributes in process `syz.3.2608'. [ 165.377744][ T6836] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2610'. [ 165.409117][ T6841] netlink: 168 bytes leftover after parsing attributes in process `syz.1.2613'. [ 165.515852][ T6855] netlink: 88 bytes leftover after parsing attributes in process `syz.1.2617'. [ 165.560135][ T6861] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2619'. [ 165.578001][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.578032][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.592568][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.599144][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.605808][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.612334][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.619000][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.626584][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.653098][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.653135][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.659943][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.666172][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.672900][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.702472][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.702497][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.709095][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.718948][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.725874][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.735574][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.742279][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.750703][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.757519][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.764443][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.772550][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.781608][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.788527][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.795643][ T6872] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2623'. [ 165.811327][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.811354][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.817884][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.828190][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.839683][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.848260][ T6863] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 165.857176][ T36] audit: type=1326 audit(1750495822.421:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6881 comm="syz.4.2626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b4af8e929 code=0x7ffc0000 [ 165.902949][ T36] audit: type=1326 audit(1750495822.459:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6881 comm="syz.4.2626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b4af8e929 code=0x7ffc0000 [ 165.942730][ T36] audit: type=1326 audit(1750495822.459:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6881 comm="syz.4.2626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f2b4af8e929 code=0x7ffc0000 [ 165.981120][ T6884] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1347 [ 165.984183][ T36] audit: type=1326 audit(1750495822.468:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6881 comm="syz.4.2626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b4af8e929 code=0x7ffc0000 [ 165.986420][ T6884] rust_binder: Error while translating object. [ 166.017093][ T6884] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 166.023679][ T6884] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1347 [ 166.146518][ T6894] kvm: pic: non byte write [ 166.398687][ T6908] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 166.398719][ T6908] rust_binder: Error while translating object. [ 166.410242][ T6908] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 166.416612][ T6908] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:627 [ 166.428906][ T6910] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2636'. [ 166.509058][ T6921] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2641'. [ 166.625856][ T6930] binder: Unknown parameter 'obj_type' [ 166.648137][ T6928] kvm: pic: non byte write [ 166.696997][ T6935] netlink: 4276 bytes leftover after parsing attributes in process `syz.1.2646'. [ 166.727257][ T6937] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1368 [ 166.728305][ T6937] rust_binder: Read failure Err(EFAULT) in pid:1368 [ 166.758846][ T6939] netlink: 80 bytes leftover after parsing attributes in process `syz.1.2648'. [ 167.046871][ T63] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 167.068256][ T552] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 167.185849][ T63] usb 4-1: device descriptor read/64, error -71 [ 167.239473][ T552] usb 2-1: Using ep0 maxpacket: 16 [ 167.250679][ T552] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.261668][ T552] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 167.282426][ T552] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 167.291509][ T552] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=17 [ 167.314105][ T552] usb 2-1: SerialNumber: syz [ 167.325363][ T552] usb 2-1: config 0 descriptor?? [ 167.442447][ T63] usb 4-1: device descriptor read/64, error -71 [ 167.589920][ T6953] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 167.600880][ T6953] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:642 [ 167.698978][ T63] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 167.860518][ T63] usb 4-1: device descriptor read/64, error -71 [ 167.888507][ T6969] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 168, size: 110) [ 167.888541][ T6969] rust_binder: Error while translating object. [ 167.899476][ T6969] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 167.905789][ T6969] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:658 [ 168.137330][ T63] usb 4-1: device descriptor read/64, error -71 [ 168.265726][ T63] usb usb4-port1: attempt power cycle [ 168.308564][ T6976] FAULT_INJECTION: forcing a failure. [ 168.308564][ T6976] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 168.321823][ T6976] CPU: 1 UID: 0 PID: 6976 Comm: syz.2.2666 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 168.321924][ T6976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 168.321939][ T6976] Call Trace: [ 168.321948][ T6976] [ 168.321958][ T6976] __dump_stack+0x21/0x30 [ 168.321986][ T6976] dump_stack_lvl+0x10c/0x190 [ 168.322005][ T6976] ? __cfi_dump_stack_lvl+0x10/0x10 [ 168.322025][ T6976] dump_stack+0x19/0x20 [ 168.322051][ T6976] should_fail_ex+0x3d9/0x530 [ 168.322076][ T6976] should_fail+0xf/0x20 [ 168.322094][ T6976] should_fail_usercopy+0x1e/0x30 [ 168.322119][ T6976] _copy_to_user+0x24/0xa0 [ 168.322141][ T6976] simple_read_from_buffer+0xed/0x160 [ 168.322176][ T6976] proc_fail_nth_read+0x19e/0x210 [ 168.322200][ T6976] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 168.322221][ T6976] ? bpf_lsm_file_permission+0xd/0x20 [ 168.322244][ T6976] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 168.322266][ T6976] vfs_read+0x278/0xb60 [ 168.322287][ T6976] ? __cfi_vfs_read+0x10/0x10 [ 168.322308][ T6976] ? __kasan_check_write+0x18/0x20 [ 168.322333][ T6976] ? mutex_lock+0x92/0x1c0 [ 168.322353][ T6976] ? __cfi_mutex_lock+0x10/0x10 [ 168.322373][ T6976] ? __fget_files+0x2c5/0x340 [ 168.322403][ T6976] ksys_read+0x141/0x250 [ 168.322429][ T6976] ? __cfi_ksys_read+0x10/0x10 [ 168.322448][ T6976] ? __kasan_check_read+0x15/0x20 [ 168.322465][ T6976] __x64_sys_read+0x7f/0x90 [ 168.322490][ T6976] x64_sys_call+0x2638/0x2ee0 [ 168.322518][ T6976] do_syscall_64+0x58/0xf0 [ 168.322544][ T6976] ? clear_bhb_loop+0x35/0x90 [ 168.322574][ T6976] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 168.322597][ T6976] RIP: 0033:0x7fe6e5b8d33c [ 168.322611][ T6976] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 168.322628][ T6976] RSP: 002b:00007fe6e6a55030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 168.322653][ T6976] RAX: ffffffffffffffda RBX: 00007fe6e5db5fa0 RCX: 00007fe6e5b8d33c [ 168.322670][ T6976] RDX: 000000000000000f RSI: 00007fe6e6a550a0 RDI: 0000000000000004 [ 168.322684][ T6976] RBP: 00007fe6e6a55090 R08: 0000000000000000 R09: 0000000000000000 [ 168.322697][ T6976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.322712][ T6976] R13: 0000000000000000 R14: 00007fe6e5db5fa0 R15: 00007ffd3d0e0248 [ 168.322726][ T6976] [ 168.650454][ T960] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 168.703928][ T640] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 168.812278][ T960] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 168.823503][ T960] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 168.833313][ T960] usb 3-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 168.842446][ T960] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.851362][ T960] usb 3-1: config 0 descriptor?? [ 168.853647][ T63] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 168.887010][ T63] usb 4-1: device descriptor read/8, error -71 [ 168.889062][ T6973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.902190][ T6973] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 169.036317][ T63] usb 4-1: device descriptor read/8, error -71 [ 169.100376][ T6978] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 169.109460][ T6978] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 169.292994][ T63] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 169.314540][ T63] usb 4-1: device descriptor read/8, error -71 [ 169.333681][ T960] elo 0003:04E7:0030.0016: unknown main item tag 0x0 [ 169.340702][ T960] elo 0003:04E7:0030.0016: unknown main item tag 0x4 [ 169.347485][ T960] elo 0003:04E7:0030.0016: item fetching failed at offset 3/7 [ 169.355187][ T960] elo 0003:04E7:0030.0016: parse failed [ 169.360876][ T960] elo 0003:04E7:0030.0016: probe with driver elo failed with error -22 [ 169.453517][ T63] usb 4-1: device descriptor read/8, error -71 [ 169.560864][ T640] usb 5-1: unable to get BOS descriptor or descriptor too short [ 169.580652][ T63] usb usb4-port1: unable to enumerate USB device [ 169.588108][ T640] usb 5-1: no configurations [ 169.593079][ T640] usb 5-1: can't read configurations, error -22 [ 169.954717][ T640] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 170.027228][ T552] usbhid 2-1:0.0: can't add hid device: -71 [ 170.035717][ T552] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 170.048388][ T552] usb 2-1: USB disconnect, device number 31 [ 170.084431][ T36] kauditd_printk_skb: 2 callbacks suppressed [ 170.084450][ T36] audit: type=1326 audit(1750495826.387:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6989 comm="syz.3.2672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f419c38e929 code=0x7ffc0000 [ 170.115449][ T36] audit: type=1326 audit(1750495826.387:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6988 comm="syz.1.2671" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3c8f78e929 code=0x0 [ 170.140465][ T640] usb 5-1: Using ep0 maxpacket: 16 [ 170.149842][ T36] audit: type=1326 audit(1750495826.387:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6989 comm="syz.3.2672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f419c38e929 code=0x7ffc0000 [ 170.174993][ T640] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.186711][ T640] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 170.199914][ T36] audit: type=1326 audit(1750495826.387:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6989 comm="syz.3.2672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f419c38e929 code=0x7ffc0000 [ 170.222086][ T6995] kvm: pic: non byte write [ 170.223521][ T640] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 170.229474][ T36] audit: type=1326 audit(1750495826.387:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6989 comm="syz.3.2672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f419c38e929 code=0x7ffc0000 [ 170.237447][ T640] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.260627][ T36] audit: type=1326 audit(1750495826.387:826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6989 comm="syz.3.2672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f419c38e929 code=0x7ffc0000 [ 170.273442][ T640] usb 5-1: config 0 descriptor?? [ 170.423726][ T7001] serio: Serial port ttynull [ 170.478596][ T7003] rust_binder: Write failure EFAULT in pid:276 [ 170.504305][ T7007] rust_binder: Write failure EINVAL in pid:100 [ 170.511773][ T7008] tipc: Started in network mode [ 170.523522][ T7008] tipc: Node identity 40120000000000000000000000000001, cluster identity 4711 [ 170.532689][ T7008] tipc: Enabling of bearer rejected, failed to enable media [ 170.738290][ T6985] process 'syz.4.2669' launched './file0' with NULL argv: empty string added [ 170.740881][ T640] HID 045e:07da: Invalid code 65791 type 1 [ 170.747731][ T36] audit: type=1400 audit(1750495827.005:827): avc: denied { execute_no_trans } for pid=6982 comm="syz.4.2669" path="/276/file0" dev="tmpfs" ino=1475 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 170.753549][ T640] HID 045e:07da: Invalid code 768 type 1 [ 170.782163][ T640] HID 045e:07da: Invalid code 769 type 1 [ 170.788531][ T640] HID 045e:07da: Invalid code 770 type 1 [ 170.797147][ T640] HID 045e:07da: Invalid code 771 type 1 [ 170.797195][ T7016] __nla_validate_parse: 7 callbacks suppressed [ 170.797212][ T7016] netlink: 260 bytes leftover after parsing attributes in process `syz.4.2679'. [ 170.802858][ T640] HID 045e:07da: Invalid code 772 type 1 [ 170.802876][ T640] HID 045e:07da: Invalid code 773 type 1 [ 170.802890][ T640] HID 045e:07da: Invalid code 774 type 1 [ 170.802902][ T640] HID 045e:07da: Invalid code 775 type 1 [ 170.840757][ T640] HID 045e:07da: Invalid code 776 type 1 [ 170.853912][ T640] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0017/input/input38 [ 170.870117][ T640] microsoft 0003:045E:07DA.0017: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 170.899296][ T640] usb 5-1: USB disconnect, device number 24 [ 170.917864][ T7021] fido_id[7021]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 170.954251][ T7023] netlink: 4276 bytes leftover after parsing attributes in process `syz.4.2682'. [ 170.981894][ T7025] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2683'. [ 171.009517][ T7030] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2686'. [ 171.031667][ T7033] netlink: 'syz.4.2687': attribute type 4 has an invalid length. [ 171.139003][ T7044] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1388 [ 171.234692][ T36] audit: type=1326 audit(1750495827.454:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7036 comm="syz.4.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b4af8e929 code=0x7fc00000 [ 171.322237][ T7058] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2696'. [ 171.363512][ T7065] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2700'. [ 171.392919][ T7067] __vm_enough_memory: pid: 7067, comm: syz.2.2701, bytes: 281474976845824 not enough memory for the allocation [ 171.429234][ T7072] netlink: 324 bytes leftover after parsing attributes in process `syz.2.2703'. [ 171.449814][ T7076] 9pnet_fd: Insufficient options for proto=fd [ 171.590393][ T960] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 171.602215][ T7084] rust_binder: Write failure EFAULT in pid:109 [ 171.697481][ T7086] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2708'. [ 171.730930][ T960] usb 2-1: device descriptor read/64, error -71 [ 171.956167][ T36] audit: type=1326 audit(1750495828.136:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7036 comm="syz.4.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2b4af2ab19 code=0x7fc00000 [ 171.984307][ T36] audit: type=1326 audit(1750495828.136:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7036 comm="syz.4.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f2b4af2abdf code=0x7fc00000 [ 172.007896][ T960] usb 2-1: device descriptor read/64, error -71 [ 172.042183][ T7095] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:692 [ 172.054089][ T7097] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2713'. [ 172.084668][ T7099] netlink: 88 bytes leftover after parsing attributes in process `syz.4.2714'. [ 172.176974][ T7104] binder: Bad value for 'max' [ 172.263902][ T960] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 172.402845][ T960] usb 2-1: device descriptor read/64, error -71 [ 172.549432][ T7111] kvm: pic: non byte write [ 172.620180][ T7114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 172.628950][ T7114] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 172.637645][ T7114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 172.646200][ T7114] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 172.658483][ T7114] rust_binder: Failed to allocate buffer. len:128, is_oneway:false [ 172.659519][ T960] usb 2-1: device descriptor read/64, error -71 [ 172.787819][ T960] usb usb2-port1: attempt power cycle [ 173.034362][ T7121] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 255) [ 173.034384][ T7121] rust_binder: Error while translating object. [ 173.044987][ T7121] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 173.051176][ T7121] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:705 [ 173.151217][ T960] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 173.184398][ T960] usb 2-1: device descriptor read/8, error -71 [ 173.224647][ T7129] rust_binder: Failed to allocate buffer. len:1064, is_oneway:false [ 173.323479][ T960] usb 2-1: device descriptor read/8, error -71 [ 173.386367][ T552] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 173.550318][ T552] usb 5-1: config 0 has no interfaces? [ 173.558845][ T552] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 173.567942][ T552] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 173.576093][ T552] usb 5-1: Product: syz [ 173.580356][ T552] usb 5-1: Manufacturer: syz [ 173.585009][ T552] usb 5-1: SerialNumber: syz [ 173.590004][ T960] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 173.597844][ T552] usb 5-1: config 0 descriptor?? [ 173.622766][ T960] usb 2-1: device descriptor read/8, error -71 [ 173.741453][ T7147] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 128, limit: 144, size: 41) [ 173.741482][ T7147] rust_binder: Error while translating object. [ 173.752193][ T7147] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 173.758684][ T7147] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:329 [ 173.772296][ T960] usb 2-1: device descriptor read/8, error -71 [ 173.787824][ T7151] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 173.818690][ T552] usb 5-1: USB disconnect, device number 25 [ 173.825096][ T7160] netlink: 'syz.3.2738': attribute type 4 has an invalid length. [ 173.888953][ T960] usb usb2-port1: unable to enumerate USB device [ 174.508446][ T7201] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:721 [ 174.733942][ T7234] binder: Bad value for 'stats' [ 174.787355][ T7237] FAULT_INJECTION: forcing a failure. [ 174.787355][ T7237] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 174.813071][ T7237] CPU: 1 UID: 0 PID: 7237 Comm: syz.4.2767 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 174.813110][ T7237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 174.813125][ T7237] Call Trace: [ 174.813132][ T7237] [ 174.813141][ T7237] __dump_stack+0x21/0x30 [ 174.813172][ T7237] dump_stack_lvl+0x10c/0x190 [ 174.813206][ T7237] ? __cfi_dump_stack_lvl+0x10/0x10 [ 174.813234][ T7237] dump_stack+0x19/0x20 [ 174.813258][ T7237] should_fail_ex+0x3d9/0x530 [ 174.813283][ T7237] should_fail+0xf/0x20 [ 174.813305][ T7237] should_fail_usercopy+0x1e/0x30 [ 174.813330][ T7237] _copy_to_user+0x24/0xa0 [ 174.813359][ T7237] simple_read_from_buffer+0xed/0x160 [ 174.813394][ T7237] proc_fail_nth_read+0x19e/0x210 [ 174.813415][ T7237] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 174.813437][ T7237] ? bpf_lsm_file_permission+0xd/0x20 [ 174.813456][ T7237] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 174.813472][ T7237] vfs_read+0x278/0xb60 [ 174.813499][ T7237] ? __cfi_vfs_read+0x10/0x10 [ 174.813522][ T7237] ? __kasan_check_write+0x18/0x20 [ 174.813546][ T7237] ? mutex_lock+0x92/0x1c0 [ 174.813565][ T7237] ? __cfi_mutex_lock+0x10/0x10 [ 174.813585][ T7237] ? __fget_files+0x2c5/0x340 [ 174.813615][ T7237] ksys_read+0x141/0x250 [ 174.813656][ T7237] ? __cfi_ksys_read+0x10/0x10 [ 174.813681][ T7237] ? __kasan_check_write+0x18/0x20 [ 174.813705][ T7237] ? fpregs_restore_userregs+0x11d/0x260 [ 174.813739][ T7237] __x64_sys_read+0x7f/0x90 [ 174.813764][ T7237] x64_sys_call+0x2638/0x2ee0 [ 174.813793][ T7237] do_syscall_64+0x58/0xf0 [ 174.813820][ T7237] ? clear_bhb_loop+0x35/0x90 [ 174.813853][ T7237] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 174.813883][ T7237] RIP: 0033:0x7f2b4af8d33c [ 174.813901][ T7237] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 174.813920][ T7237] RSP: 002b:00007f2b495f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 174.813944][ T7237] RAX: ffffffffffffffda RBX: 00007f2b4b1b5fa0 RCX: 00007f2b4af8d33c [ 174.813961][ T7237] RDX: 000000000000000f RSI: 00007f2b495f70a0 RDI: 0000000000000004 [ 174.813976][ T7237] RBP: 00007f2b495f7090 R08: 0000000000000000 R09: 0000000000000000 [ 174.813989][ T7237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.814002][ T7237] R13: 0000000000000000 R14: 00007f2b4b1b5fa0 R15: 00007ffec0340808 [ 174.814020][ T7237] [ 175.124239][ T7242] rust_kernel: panicked at /syzkaller/managers/ci2-android-6-12-rust/kernel/rust/kernel/page_size_compat.rs:60:5: [ 175.124239][ T7242] attempt to add with overflow [ 175.165133][ T7242] ------------[ cut here ]------------ [ 175.170658][ T7242] kernel BUG at rust/helpers/bug.c:7! [ 175.189198][ T7242] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 175.196298][ T7242] CPU: 0 UID: 0 PID: 7242 Comm: syz.4.2769 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 175.209789][ T7242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 175.219874][ T7242] RIP: 0010:rust_helper_BUG+0x8/0x10 [ 175.225212][ T7242] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 dd d9 d7 cd 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 97 1d 9e 41 90 90 90 90 90 90 90 90 90 [ 175.244848][ T7242] RSP: 0018:ffffc9000b6df3f0 EFLAGS: 00010246 [ 175.250953][ T7242] RAX: 000000000000008c RBX: 1ffff920016dbe80 RCX: e01f0cbfa3c79900 [ 175.259045][ T7242] RDX: ffffc900061d4000 RSI: 00000000000037de RDI: 00000000000037df [ 175.267047][ T7242] RBP: ffffc9000b6df3f0 R08: ffffc9000b6df0e7 R09: 1ffff920016dbe1c [ 175.275044][ T7242] R10: dffffc0000000000 R11: fffff520016dbe1d R12: 0000000000000000 [ 175.283128][ T7242] R13: dffffc0000000000 R14: ffffc9000b6df420 R15: ffffc9000b6df450 [ 175.291151][ T7242] FS: 00007f2b495f76c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 175.300126][ T7242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 175.306751][ T7242] CR2: 00007ffc25cd6f88 CR3: 00000001153d4000 CR4: 00000000003526b0 [ 175.314757][ T7242] DR0: 0000000000000007 DR1: 000000000000009b DR2: 00040000ffffffff [ 175.322758][ T7242] DR3: 0000000000000009 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 175.330756][ T7242] Call Trace: [ 175.334057][ T7242] [ 175.337013][ T7242] _RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x15b/0x160 [ 175.344491][ T7242] ? __cfi__RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x10/0x10 [ 175.352516][ T7242] ? kernel_text_address+0xa9/0xe0 [ 175.357655][ T7242] ? __cfi__RNvXs1b_NtCs9jEwPDbx20M_4core3fmtRNtNtNtB8_5panic10panic_info9PanicInfoNtB6_7Display3fmtCs43vyB533jt3_6kernel+0x10/0x10 [ 175.371235][ T7242] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 175.377402][ T7242] ? arch_stack_walk+0x10b/0x170 [ 175.382356][ T7242] _RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x84/0x90 [ 175.389565][ T7242] ? __cfi__RNvNtCs9jEwPDbx20M_4core9panicking9panic_fmt+0x10/0x10 [ 175.397475][ T7242] _RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_add_overflow+0xb2/0xc0 [ 175.407466][ T7242] ? __cfi__RNvNtNtCs9jEwPDbx20M_4core9panicking11panic_const24panic_const_add_overflow+0x10/0x10 [ 175.418062][ T7242] _RNvXs1_CscPPBqWtAqum_11ashmem_rustNtB5_6AshmemNtNtCs43vyB533jt3_6kernel10miscdevice10MiscDevice4mmap+0xe44/0xfb0 [ 175.430321][ T7242] ? mas_wr_store_type+0xfd5/0x1ad0 [ 175.435530][ T7242] ? __cfi__RNvXs1_CscPPBqWtAqum_11ashmem_rustNtB5_6AshmemNtNtCs43vyB533jt3_6kernel10miscdevice10MiscDevice4mmap+0x10/0x10 [ 175.448498][ T7242] ? mas_preallocate+0x525/0xc60 [ 175.453467][ T7242] ? __cfi_mas_preallocate+0x10/0x10 [ 175.458876][ T7242] ? kasan_save_alloc_info+0x40/0x50 [ 175.464196][ T7242] ? __asan_memset+0x39/0x50 [ 175.468791][ T7242] mmap_region+0x1371/0x1bd0 [ 175.473407][ T7242] ? __cfi_mmap_region+0x10/0x10 [ 175.478361][ T7242] ? __kasan_check_read+0x15/0x20 [ 175.483432][ T7242] ? arch_get_unmapped_area_topdown+0x232/0x8d0 [ 175.489695][ T7242] ? file_mmap_ok+0x147/0x1a0 [ 175.494378][ T7242] do_mmap+0xb6d/0x13c0 [ 175.498540][ T7242] ? __cfi_do_mmap+0x10/0x10 [ 175.503147][ T7242] ? down_write_killable+0xe9/0x2d0 [ 175.508375][ T7242] ? __cfi_down_write_killable+0x10/0x10 [ 175.514026][ T7242] vm_mmap_pgoff+0x38f/0x4e0 [ 175.518640][ T7242] ? __cfi_vm_mmap_pgoff+0x10/0x10 [ 175.523756][ T7242] ? __fget_files+0x2c5/0x340 [ 175.528454][ T7242] ksys_mmap_pgoff+0x166/0x1e0 [ 175.533243][ T7242] __x64_sys_mmap+0x121/0x140 [ 175.537928][ T7242] x64_sys_call+0x13bf/0x2ee0 [ 175.542612][ T7242] do_syscall_64+0x58/0xf0 [ 175.547038][ T7242] ? clear_bhb_loop+0x35/0x90 [ 175.551731][ T7242] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 175.557643][ T7242] RIP: 0033:0x7f2b4af8e929 [ 175.562060][ T7242] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.581724][ T7242] RSP: 002b:00007f2b495f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 175.590147][ T7242] RAX: ffffffffffffffda RBX: 00007f2b4b1b5fa0 RCX: 00007f2b4af8e929 [ 175.598136][ T7242] RDX: 0000000001000007 RSI: 0000000000002000 RDI: 0000200000ffc000 [ 175.606132][ T7242] RBP: 00007f2b4b010b39 R08: 0000000000000003 R09: 0000000000000000 [ 175.614114][ T7242] R10: 0000000000000013 R11: 0000000000000246 R12: 0000000000000000 [ 175.618876][ T36] kauditd_printk_skb: 19 callbacks suppressed [ 175.618896][ T36] audit: type=1326 audit(1750495831.551:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7231 comm="syz.3.2765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f419c32ab19 code=0x7fc00000 [ 175.622190][ T7242] R13: 0000000000000000 R14: 00007f2b4b1b5fa0 R15: 00007ffec0340808 [ 175.622215][ T7242] [ 175.622225][ T7242] Modules linked in: [ 175.622820][ T7242] ---[ end trace 0000000000000000 ]--- [ 175.672126][ T7242] RIP: 0010:rust_helper_BUG+0x8/0x10 [ 175.677521][ T7242] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 dd d9 d7 cd 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 97 1d 9e 41 90 90 90 90 90 90 90 90 90 [ 175.697753][ T7242] RSP: 0018:ffffc9000b6df3f0 EFLAGS: 00010246 [ 175.703936][ T7242] RAX: 000000000000008c RBX: 1ffff920016dbe80 RCX: e01f0cbfa3c79900 [ 175.712033][ T7242] RDX: ffffc900061d4000 RSI: 00000000000037de RDI: 00000000000037df [ 175.720138][ T7242] RBP: ffffc9000b6df3f0 R08: ffffc9000b6df0e7 R09: 1ffff920016dbe1c [ 175.728172][ T7242] R10: dffffc0000000000 R11: fffff520016dbe1d R12: 0000000000000000 [ 175.736171][ T7242] R13: dffffc0000000000 R14: ffffc9000b6df420 R15: ffffc9000b6df450 [ 175.744219][ T7242] FS: 00007f2b495f76c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 175.753203][ T7242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 175.759828][ T7242] CR2: 00007f419c581178 CR3: 00000001153d4000 CR4: 00000000003526b0 [ 175.767827][ T7242] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 175.775875][ T7242] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 175.783899][ T7242] Kernel panic - not syncing: Fatal exception [ 175.790250][ T7242] Kernel Offset: disabled [ 175.794578][ T7242] Rebooting in 86400 seconds..