last executing test programs: 1.765012993s ago: executing program 0 (id=591): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x4c, 0x0, &(0x7f0000000600)=[@reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x51, 0x0, &(0x7f0000000700)="93ca2efc9445b68c079d41dcfff066e61c4d8f1021949c8c75c29113ed78c691e4a88534e71804ab594c9c0cea97e979adb05f81276775d60f54e903eb87a57f7cbe1f97039cb9d611ffa16ca4582a68cd"}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e}, @fda={0x66646185, 0x7, 0x2, 0x3a}, @fda={0x66646185, 0x5, 0x0, 0xf}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x10}], 0x0, 0x0, 0x0}) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x4c, 0x0, &(0x7f0000000600)=[@reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x51, 0x0, &(0x7f0000000700)="93ca2efc9445b68c079d41dcfff066e61c4d8f1021949c8c75c29113ed78c691e4a88534e71804ab594c9c0cea97e979adb05f81276775d60f54e903eb87a57f7cbe1f97039cb9d611ffa16ca4582a68cd"}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000000)={@flat=@weak_binder={0x77622a85, 0x90e}, @fda={0x66646185, 0x7, 0x2, 0x3a}, @fda={0x66646185, 0x5, 0x0, 0xf}}, &(0x7f0000000280)={0x0, 0x18, 0x38}}, 0x10}], 0x0, 0x0, 0x0}) (async) 1.701609585s ago: executing program 0 (id=593): stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x800) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0xc) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f00000002c0)={{}, {0x1, 0x7}, [{0x2, 0x2, r0}], {0x4, 0x7}, [{0x8, 0x4, r2}, {0x8, 0x6, r3}, {0x8, 0x5, r6}, {0x8, 0x7, 0xee01}], {0x10, 0x2}, {0x20, 0xd}}, 0x4c, 0x2) r7 = socket$nl_generic(0x10, 0x3, 0x10) fchown(r7, r5, r2) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000340), &(0x7f0000000380)=0xc) ioctl$sock_netdev_private(r7, 0x89fb, &(0x7f00000003c0)="1be3e99518d74e26f28def1ea0e1b48ba0cb4db1c14625f2ba6ae2a8020372e2fea1e7a045061c7a7f57548bb2ff21140dad56e5525f8a2d6a77e3f6f23ec9242bb1e7cbad542248cbc362e7d2a61db352002d3e3aefd16f901f9d2ec998f7dde2c326ca19f99255a832776323c336705cd3c127c8deefdfcdb5394754441bf60c7c77ef6ffe19284bb0ba71562b08982ccc") r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) read$FUSE(r8, &(0x7f00000004c0)={0x2020}, 0x2020) r9 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002500), 0x2, 0x0) ioctl$VHOST_VDPA_GET_STATUS(r9, 0x8001af71, &(0x7f0000002540)) r10 = openat(r9, &(0x7f0000002580)='./file0\x00', 0x80, 0x48) sendto$inet(r10, &(0x7f00000025c0)="ef7e670ec2fd54b27104d0e4ea81857736cf342215410e52ce9db2a24a167e30f10ec651d5eb4d8f2d3f9d87076abffa33d78232fb3b7fd6643e486becfacc8fd31aacb62e1ef3a8e6afb04dfb15fece8d0883b39d4ee5b2a5a2e2c5e8bd38e84b1e8e712767aab72eda9ba918", 0x6d, 0x4040, 0x0, 0x0) write$cgroup_pid(r10, &(0x7f0000002640)=r1, 0x12) r11 = open(&(0x7f0000002680)='./file0\x00', 0x4000, 0x200) r12 = syz_genetlink_get_family_id$fou(&(0x7f0000002700), r9) sendmsg$FOU_CMD_GET(r11, &(0x7f00000027c0)={&(0x7f00000026c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000002780)={&(0x7f0000002740)={0x2c, r12, 0x300, 0x70bd2c, 0x25dfdbfd, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x2b}, @FOU_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x44) setsockopt$sock_timeval(r7, 0x1, 0x42, &(0x7f0000002800)={0x0, 0x2710}, 0x10) lsetxattr$security_capability(&(0x7f0000002840)='./file0\x00', &(0x7f0000002880), &(0x7f00000028c0)=@v1={0x1000000, [{0x100, 0x5}]}, 0xc, 0x1) r13 = dup2(r11, r8) capset(&(0x7f0000002900)={0x20071026, r4}, &(0x7f0000002940)={0x3, 0x92e56b3, 0x5, 0x9, 0x5f7, 0x1}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000002980), 0x180040, 0x0) setfsgid(r3) mknodat(r13, &(0x7f00000029c0)='./file0\x00', 0xc000, 0x3) r14 = syz_genetlink_get_family_id$ethtool(&(0x7f0000002a40), r13) getsockname$packet(0xffffffffffffffff, &(0x7f0000002a80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000002ac0)=0x14) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r11, 0x89f3, &(0x7f0000002b80)={'syztnl0\x00', &(0x7f0000002b00)={'ip6_vti0\x00', 0x0, 0x4, 0xe, 0x1, 0xffff, 0x70, @private2={0xfc, 0x2, '\x00', 0x1}, @loopback, 0x7800, 0x10, 0x1beb, 0xcd}}) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r10, &(0x7f0000003200)={&(0x7f0000002a00)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000031c0)={&(0x7f0000002fc0)={0x1f4, r14, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x60, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gretap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x1f4}, 0x1, 0x0, 0x0, 0x14000044}, 0x0) 1.475833298s ago: executing program 0 (id=599): clock_adjtime(0x0, &(0x7f0000000500)={0x7de, 0x6b, 0x0, 0x1000, 0x1, 0x9, 0x7, 0x6, 0x9, 0xffc99a3b3f420f00, 0x0, 0x7fff, 0x81, 0xfffffffffffffff9, 0x3, 0x6, 0x8000000000000001, 0x4, 0x58fd, 0x3, 0x9, 0x2, 0x6, 0x6, 0xab, 0x5}) 1.475566138s ago: executing program 0 (id=601): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000d0000001c00010000000000000001"], 0x38}}, 0x2040) 1.420630719s ago: executing program 0 (id=602): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@weak_binder={0x77622a85, 0xa, 0x3}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x0, 0x34}, @flat=@binder={0x73622a85, 0x3000, 0x2000002}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x10}], 0x0, 0x0, 0x0}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x560, 0x0, 0xffff}]}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000180)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0}) 1.413335979s ago: executing program 0 (id=603): mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000fc0)={0x2c, &(0x7f0000000cc0)=ANY=[@ANYBLOB="0016040000007d"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, 0x0, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000440)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000000540)={0x20, 0x0, 0x4, {0x4, 0x1}}, &(0x7f0000000580)={0x40, 0x7, 0x2, 0x3}, &(0x7f00000005c0)={0x40, 0x9, 0x1, 0x81}, &(0x7f0000000600)={0x40, 0xb, 0x2, "f3e2"}, &(0x7f0000000640)={0x40, 0xf, 0x2, 0x9}, &(0x7f0000000680)={0x40, 0x13, 0x6}, &(0x7f00000006c0)={0x40, 0x17, 0x6}, &(0x7f0000000700)={0x40, 0x19, 0x2, "927d"}, &(0x7f0000000740)={0x40, 0x1a, 0x2, 0x7}, &(0x7f0000000780)={0x40, 0x1c, 0x1, 0x4}, &(0x7f00000007c0)={0x40, 0x1e, 0x1}, &(0x7f0000000800)={0x40, 0x21, 0x1, 0xb}}) 988.008746ms ago: executing program 3 (id=614): r0 = fsmount(0xffffffffffffffff, 0x0, 0x84) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000040)={0x16c, 0x0, 0x1, 0x301, 0x0, 0x0, {0xb, 0x0, 0xa}, [@CTA_TUPLE_ORIG={0x4c, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_SYNPROXY={0x2c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_TSOFF={0x8}, @CTA_SYNPROXY_ITS={0x8}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x80}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0xc}]}, @CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x1849}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xc5}]}, @CTA_SYNPROXY={0x4c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0xfffffffa}, @CTA_SYNPROXY_TSOFF={0x8}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0xa1}, @CTA_SYNPROXY_TSOFF={0x8}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x3}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x81}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0xfe}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0xff}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0xfffffffa}]}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x4}, @CTA_PROTOINFO={0x20, 0x4, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x1c, 0x1, 0x0, 0x1, [@CTA_PROTOINFO_TCP_WSCALE_REPLY={0x5, 0x3, 0xea}, @CTA_PROTOINFO_TCP_WSCALE_REPLY={0x5, 0x3, 0x9}, @CTA_PROTOINFO_TCP_STATE={0x5, 0x1, 0x8}]}}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_PROTOINFO={0x48, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0x44, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_STATE={0x5, 0x1, 0x2}, @CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0x31}, @CTA_PROTOINFO_DCCP_ROLE={0x5, 0x2, 0x1a}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x6}, @CTA_PROTOINFO_DCCP_STATE={0x5, 0x1, 0x1}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x4}, @CTA_PROTOINFO_DCCP_STATE={0x5, 0x1, 0x20}]}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) getdents(r0, &(0x7f0000000240)=""/55, 0x37) copy_file_range(r0, 0x0, r0, &(0x7f0000000280)=0x4, 0x7, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x2c, 0x0, 0x1, 0x801, 0x0, 0x0, {0x0, 0x0, 0x2}, [@CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @mcast2}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8010}, 0x20000014) fchdir(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, 0x1, 0x1, 0xb00, 0x0, 0x0, {}, [@CTA_TUPLE_MASTER={0x4}, @CTA_TUPLE_ORIG={0x34, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010100}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010100}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x11}, 0x40) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x14, 0x0, 0x1, 0x201, 0x0, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4000080}, 0x8000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x2c, 0x2, 0x3, 0x201, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x29}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0xc}, @NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x21}}]}, 0x2c}}, 0x24000001) close(r1) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000007c0)={'gretap0\x00', &(0x7f0000000740)={'tunl0\x00', 0x0, 0x40, 0x8000, 0x212, 0xfffffff7, {{0xd, 0x4, 0x2, 0x34, 0x34, 0x67, 0x0, 0x6, 0x4, 0x0, @empty, @loopback, {[@ra={0x94, 0x4, 0x1}, @rr={0x7, 0x7, 0x72, [@multicast1]}, @timestamp={0x44, 0x14, 0x3d, 0x0, 0xd, [0x36, 0x20000, 0x8, 0x0]}]}}}}}) sendmsg$DCCPDIAG_GETSOCK(r3, &(0x7f0000000bc0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000800)={0x378, 0x13, 0x100, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0xa3, 0x5, {0x4e22, 0x4e24, [0xd0a0, 0x4, 0x0, 0x7ff], [0xdd4c7f00, 0x38aee370, 0x75, 0x100], r4, [0x8, 0x6]}, 0xfffffff8, 0x3}, [@INET_DIAG_REQ_BYTECODE={0x27, 0x1, "6be40675f8bb9ef08cd30412a7e56ba26e704d04d49d2baf290dec2a757187b62a675e"}, @INET_DIAG_REQ_BYTECODE={0x3b, 0x1, "e578c16ebfa16fe8807b492956e7c45ca065f07b0566e38f894e17e742113ff9e1f8e164d1d9ffb62b1e5e5e2caab4045580512d4ff4cf"}, @INET_DIAG_REQ_BYTECODE={0xcf, 0x1, "8cad91872ebb8f450f5caa547c22c919ad92105d6f950d337d06445bff32f76983ecf4a09a4f79685d13d7a4ef4a0e816cf121a820427f53074dbc808456f9f094fce596fd8d7079171cd6b342acaabd195bde47ebab7ba49e2f1d54e31011bf050cfe8902f95cf78d0278eff5c4694639027514c817b979523be90c6a83f2a7ce72169876e072d42f28811f5d1158e7f8031b0e8a3834de1f51d60f0e3c3cc370dea46628d712a8ff36f6e6a6e861155f2d9151575255659895356ce8e5f75723dec8904c5a4830d08264"}, @INET_DIAG_REQ_BYTECODE={0x4}, @INET_DIAG_REQ_BYTECODE={0xbc, 0x1, "45b959d1a06fff8205187fcf8e1d9c24073b5a1d558c03d969cb06d0fbea31d27000f7a616d3ee40c4659071b971003b493ceaa6acff1d76c3e0508891db8469677d2974b0960c21ca2c2e55ad0bedf3274e28773dcf78522e031b6617dd635f67b33daf7a4c701a60eb7a5b9c9c9da85d8eef47f2032460c70a17836c0f46cdf2afccd9e7e70a0b3f721350579e4b8521984d1a10fd456a89ef8c2af0a90006238a0a4dc3000abb8194ec1907f8e9a612bdb230c9afbeba"}, @INET_DIAG_REQ_BYTECODE={0x66, 0x1, "5ff70a41c63e5f5c46ee1debf8ba4f0279f2cd382ad9405ca5050eea7934baf76a536de6d2affdef160d0eedd8c1a101eab4bd39ac2eec7ccc1d0ca74d5522809b1262da9f63e78c8178033b7468fc31873f92106b476f69952868530695d0bdadc0"}, @INET_DIAG_REQ_BYTECODE={0xcf, 0x1, "85be785a58dad50d91173d126e67f41ba88b6c738e9d5de3e672c2ff665105f98f4d45611735005249430ad666a9eff9c063088f89cfba9d87f35a0bddb1c655b6bb646efdfd5ef9413438676968cdd9ab9cc415f0cfdbedcaed9d2d8f570bce87efec749c9fb2289f8cdd4e5a205609b024b8d18270c0edac7e0328dda81942f4afed76e42dc53f2269643761af3c0d0e8b2772b6953a4a783dae607932b51fa9af4f2d22206bb8d3d90e271879800b06030878ca3fa5fb7e1e90fc567fbd516e640a1be80336b45461e0"}]}, 0x378}, 0x1, 0x0, 0x0, 0x24044001}, 0xc084) r5 = accept4(r2, &(0x7f0000000c00)=@tipc, &(0x7f0000000c80)=0x80, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r6, &(0x7f0000000d80)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000d40)={&(0x7f0000000d00)={0x14, 0x0, 0x10, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4) r7 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000e00), r6) sendmsg$NET_DM_CMD_STOP(r6, &(0x7f0000000ec0)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000e80)={&(0x7f0000000e40)={0x14, r7, 0x400, 0x70bd26, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x2004008d}, 0x4c004) socket$vsock_stream(0x28, 0x1, 0x0) r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000f40), r0) getsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f0000000f80)={@private2, 0x0}, &(0x7f0000000fc0)=0x14) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000001000)={'veth0_to_team\x00', 0x0}) getsockname$packet(r1, &(0x7f0000001040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000001080)=0x14) sendmsg$ETHTOOL_MSG_PAUSE_SET(r5, &(0x7f0000001200)={&(0x7f0000000f00), 0xc, &(0x7f00000011c0)={&(0x7f00000010c0)={0xfc, r8, 0x10, 0x70bd29, 0x25dfdbfe, {}, [@ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_RX={0x5}, @ETHTOOL_A_PAUSE_RX={0x5}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'virt_wifi0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @ETHTOOL_A_PAUSE_HEADER={0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller0\x00'}]}, @ETHTOOL_A_PAUSE_AUTONEG={0x5}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x24040090}, 0x20000000) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000001300)={&(0x7f0000001240), 0xc, &(0x7f00000012c0)={&(0x7f0000001280)={0x2c, 0x1, 0x1, 0xa06, 0x0, 0x0, {0x0, 0x0, 0x5}, [@CTA_TUPLE_REPLY={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @multicast2}}}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4001051}, 0x20000052) socket$inet6(0xa, 0x1, 0x5424) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001340)) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f0000001380)={0x1f, @any, 0x8}, 0xa) 987.507056ms ago: executing program 3 (id=615): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@broadcast, @in6=@loopback, 0x0, 0x2, 0x0, 0x0, 0xa}, {0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {}, 0x0, 0x0, 0x1}, {{@in=@broadcast, 0x4d2, 0x32}, 0xa, @in6=@mcast1, 0x0, 0x4}}, 0xe8) sendmmsg$inet6(r0, &(0x7f0000000a80)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x1, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c, 0x0, 0x0, 0x0, 0x0, 0xffffff88}}, {{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @loopback}, 0x1c, 0x0, 0x0, 0x0, 0x0, 0xe00}}], 0x2, 0x0) 979.222426ms ago: executing program 3 (id=616): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0xffffffffffffa000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}]}}) 941.971366ms ago: executing program 3 (id=617): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000100)=0xfffff725, 0x4) mount$bpf(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x400408, &(0x7f0000000140)=ANY=[@ANYRESHEX=r0, @ANYRESHEX=0xee00]) futex(&(0x7f0000000040), 0xd, 0x0, &(0x7f0000000080), 0x0, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xf) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r3, 0x10001, 0x0) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1, 0x10010, r1, 0xbd358000) 872.669927ms ago: executing program 3 (id=618): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r1, &(0x7f0000000080)='\x00\x00\x00\x00\b\x00\x00\x00\x00\x00', 0xa, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) recvfrom(r0, &(0x7f0000000100)=""/10, 0xa, 0x0, 0x0, 0x0) 872.359177ms ago: executing program 3 (id=619): capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) r0 = socket$inet6_udp(0xa, 0x2, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x8) r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000400)='asymmetric\x00', &(0x7f0000000440)=@keyring={'key_or_keyring:', r1}) r2 = socket$inet6_udp(0xa, 0x2, 0x0) recvfrom$inet6(r2, 0x0, 0x0, 0x2, 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8982, &(0x7f00000000c0)={0x7, 'wlan1\x00', {0x79}, 0x9}) r3 = socket$inet6(0xa, 0x2, 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000200)=0x4) setsockopt$inet6_MCAST_LEAVE_GROUP(r3, 0x29, 0x2d, 0x0, 0x88) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000080)={0x3, 'vlan1\x00', {0x9}}) r4 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x1, 0x9}, 0x18) r5 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r5, 0x0, 0x0, 0x8044, &(0x7f00000003c0)={0x11, 0xd, 0x0, 0x1, 0x7, 0x6, @random="eb68e3f58965"}, 0xfd) getdents(r4, &(0x7f0000000180)=""/110, 0x6e) 731.202819ms ago: executing program 1 (id=621): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000a40)=ANY=[@ANYBLOB="44010000100001000000000000000000ffffffff00000000ffffff8000000000ac1414bb00000000000000000000000000003b00"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="64010102000000000000000000000000000000006c000000ac1414bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000fdffffffffffffff04000000000000000000000000000000020000000000000004000000000000000000004000000000000000000000000000000002000000000000000025bd7000000000000a000301000000000000000048000300"], 0x144}, 0x1, 0x0, 0x0, 0x44}, 0x4810) 660.606371ms ago: executing program 1 (id=622): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ppoll(&(0x7f0000000100)=[{r0, 0xc008}, {r1, 0x6}, {r2, 0x2000}], 0x3, 0x0, 0x0, 0x0) clock_adjtime(0x0, &(0x7f0000000500)={0x7de, 0x6b, 0x0, 0x1000, 0x1, 0x9, 0x7, 0x6, 0x9, 0xffc99a3b00000000, 0x0, 0x7fff, 0x81, 0xfffffffffffffff9, 0x3, 0x6, 0x8000000000000001, 0x4, 0x58fd, 0x3, 0x9, 0x2, 0x6, 0x6, 0xab, 0x5}) 660.39506ms ago: executing program 1 (id=623): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0500000000000002000006"], 0x24}}, 0x0) 653.9886ms ago: executing program 1 (id=624): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x4, 0x0, &(0x7f0000000100)=[@register_looper], 0x50, 0x0, &(0x7f0000000340)="a89aff67520a7335b849b4f88a6db06e45e3f5e648a65b8003975be8a982d5135e161a783d3d01fddcbd838bac308358a7e349f333e620505e4cf1982c991b516a9e26b6bb537c85f5ad467697f0d78b"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x0, &(0x7f00000001c0)={@fd={0x66642a85, 0x0, r0}, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, 0x0}}, 0x0}, 0x10}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f0000000400)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x48, 0x18, &(0x7f00000002c0)={@flat=@weak_binder={0x77622a85, 0x1001, 0x2}, @fd={0x66642a85, 0x0, r0}, @flat=@binder={0x73622a85, 0x110a, 0x3}}, &(0x7f0000000000)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x0, 0x0}) 583.284492ms ago: executing program 1 (id=625): syz_usb_connect(0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x240a}}]}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000100)=0x2, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x4000) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000140)=@gcm_256={{}, "a0075cbf0652d78d", "b8af484b8f8bb04b802bda31683efe00769d939494901c00fc467db36b6d5ab0", "c091b752", "e31db1e2b94be4e7"}, 0x38) 88.405819ms ago: executing program 2 (id=627): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x31, 0x0, &(0x7f0000000300)="8bc474a3fd91df6339159fbd69eefe1eb44d71e0aa0f46941673946fa48d8a81b663eb7d873b8ffe203b9b55b2a60f0794"}) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000280)=ANY=[@ANYBLOB="c0000000190001000000000000000000fe8800000000000000000080ff000101ac1414aa000000000000000000000000000000004e2300000a"], 0xc0}, 0x1, 0x0, 0x0, 0x80}, 0x0) 88.084019ms ago: executing program 2 (id=628): socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000500)=@xdp={0x2c, 0xdd86, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x5b0}], 0x1, 0x0, 0x3200, 0x2f00}}], 0x1, 0x20000084) 80.948869ms ago: executing program 2 (id=629): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="400000001e000101"], 0x40}, 0x1, 0x0, 0x0, 0x20}, 0x90) 56.45437ms ago: executing program 2 (id=630): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0xfffffffe, 0x100, {{@in=@loopback, @in=@local, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x80, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x502a, 0x9ba3, 0xffff, 0x8251c, 0x5, 0x40}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3528, 0x2, 0x1, 0x2, 0x20}, [@algo_comp={0x48, 0x3, {{'lzs\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 588.271µs ago: executing program 2 (id=631): syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0x1000, 0x2000, 0x0, 0x0, 0x0}, &(0x7f0000000100), &(0x7f0000000140)) 128.211µs ago: executing program 1 (id=632): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000980)={0x4, 0x0, [{0x10000, 0xa, &(0x7f0000000580)=""/10}, {0x2000, 0x16, &(0x7f00000005c0)=""/22}, {0x2, 0xc0, &(0x7f0000000640)=""/192}, {0x0, 0x0, 0x0}]}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000500)) r2 = socket(0x10, 0x803, 0x0) sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000009800)=[{{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000002180)=""/4096, 0x1000}, {&(0x7f0000003180)=""/177, 0xb1}, {&(0x7f0000003240)=""/106, 0x6a}, {&(0x7f0000000780)=""/18, 0x12}, {&(0x7f00000032c0)=""/246, 0xf6}, {&(0x7f00000033c0)=""/231, 0xe7}], 0x6}, 0x81}], 0x2, 0x2100, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) r4 = dup(r3) r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5]) r6 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x1) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r7, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) r8 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(r8, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmmsg(r8, &(0x7f0000000180), 0x400008a, 0x0) r9 = socket(0xa, 0x1, 0x0) ioctl(r9, 0x8916, &(0x7f0000000000)) sendmmsg$inet(r2, &(0x7f0000000bc0)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000380)="4df812f839346e4caa48b58b36623dbc7a1aa4c95ad130825039c4c057bf2ff3394c2be57eab879bd49cc08b316961871cd660636f8490def503a3331956b311a92a6be0d2ac33264715c75394a4235b9d39362ec2ee4e4a0176a3d753dda867994216e20b1204dda6ca467ddd0402590fb5be2bee92844491c9c771689fb146ee8be82f7507ae07c9a8d78a60123c056e38b2bf2a9a04daabcd3ecdb8ca10dbe7e24a01fc2e53f6a745a268573b07", 0xaf}], 0x1, &(0x7f0000000600)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @local}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x8}}], 0x38}}, {{&(0x7f0000000700)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000a40)=[{&(0x7f00000007c0)="e95adda70d02c262ccbf6d1af9f6a5c29a8ac2f05a710ad03fdcce7058f74eb7aa3d441d854fc7fd5732fd2b1656033510a9bb832eb36fad4f8b93a99f18366d95a8957998162ffe2ef17a573e906c7a657fbb6600e9391357900dad689871a0dadeae4e9e5e3585dc7f10d6234260e77fc82d6d569ef9de3488a58b227bea8f9d8756f6a57a8da05655324f18f690bda54c2e62a83652b04b90a9", 0x9b}, {&(0x7f0000000880)="66f5fe78c298194f953438ac0df5ea42a6f4e014a49ea12d8e9cf92df44f1a936e2cb2bb3985b0df8402eb47844a023430f940bbc63d9e3a3cdf84e58d9b95cb34b290f8459f35ae804a7f9e1c83af805c9b7c6e4b54ae0a2fb72ba713928ab6b0cba174c807896e1ba95930e672b081eb543df40ef4cd3293add59531ff41adadabfdc83102f2c32a214359e1bd988ee535e08a739cf111f12ad7f591a514e883db58a7743df5bbd58b7fb99240d5e815613570a9dcb1f382bae5c154d16992bb4451256ac5afdc7637f2b6071a08593c14d12c1f6dd24eab2d97d5b9444470eca99c0aff8fab13191382fee376bba4cc23535dde152698b3da", 0xfa}], 0x2, &(0x7f0000000ac0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010100}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x2}}, @ip_retopts={{0x3c, 0x0, 0x7, {[@lsrr={0x83, 0x23, 0x54, [@remote, @rand_addr=0x64010101, @multicast2, @remote, @rand_addr=0x64010100, @multicast1, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}]}, @end, @generic={0x0, 0x6, "06ce5e90"}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x2}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @rand_addr=0x64010102}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private=0xa010101, @initdev={0xac, 0x1e, 0x1, 0x0}}}}], 0xe8}}], 0x2, 0x4040000) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r9) sendmsg$NL80211_CMD_REQ_SET_REG(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x1c, r10, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x40840) sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000280)={&(0x7f0000000140), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, r10, 0x4, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x70}, @void, @val={0xc, 0x99, {0x9, 0x65}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x811}, 0x4800) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000300)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000200)={@ptr={0x70742a85, 0x1, &(0x7f0000000000)=""/70, 0x46, 0x0, 0x4}, @ptr={0x70742a85, 0x21, 0x0, 0x0, 0x0, 0x15}, @flat=@handle={0x73682a85, 0xb, 0x2}}, &(0x7f00000004c0)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0}) 0s ago: executing program 2 (id=633): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000058c0)=ANY=[@ANYBLOB="fc01000013000100000000040000000000000000000000000000000000000001fc0200000000000000000000000000014e24000d040000090a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000010000000000000000000000000000000000000000ffffffffffffffff00000000000000000300000000000000090000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000feffffff00000000000000000000000044010500e0000002000000000000000000000000000004d6320000000a000000ac1414aa000000000000000000000000053500000303030009000000b4000000070000007f000001000000000000000000000000000004d36c00000000000000fc0100000000000006000000000000000000000000000900010000000080000008000000ac1414aa000000000000000000000000000004d2330000000a000000ac1414bb0000000000000000ddffffff023500000002fa00070000000a00000002000000fe80000000000000000000000000000f000004d43c"], 0x1fc}, 0x1, 0x0, 0x0, 0x11}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.61' (ED25519) to the list of known hosts. [ 26.903634][ T36] audit: type=1400 audit(1750461894.200:64): avc: denied { mounton } for pid=281 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 26.905233][ T281] cgroup: Unknown subsys name 'net' [ 26.927585][ T36] audit: type=1400 audit(1750461894.200:65): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.956839][ T36] audit: type=1400 audit(1750461894.230:66): avc: denied { unmount } for pid=281 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 26.957283][ T281] cgroup: Unknown subsys name 'devices' [ 27.119919][ T281] cgroup: Unknown subsys name 'hugetlb' [ 27.125570][ T281] cgroup: Unknown subsys name 'rlimit' [ 27.241089][ T36] audit: type=1400 audit(1750461894.540:67): avc: denied { setattr } for pid=281 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 27.264816][ T36] audit: type=1400 audit(1750461894.540:68): avc: denied { mounton } for pid=281 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 27.291524][ T36] audit: type=1400 audit(1750461894.540:69): avc: denied { mount } for pid=281 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 27.302752][ T283] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 27.324049][ T36] audit: type=1400 audit(1750461894.620:70): avc: denied { relabelto } for pid=283 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.350195][ T36] audit: type=1400 audit(1750461894.620:71): avc: denied { write } for pid=283 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.388192][ T36] audit: type=1400 audit(1750461894.690:72): avc: denied { read } for pid=281 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.414002][ T36] audit: type=1400 audit(1750461894.690:73): avc: denied { open } for pid=281 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 27.414066][ T281] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 28.314349][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.321738][ T288] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.328944][ T288] bridge_slave_0: entered allmulticast mode [ 28.335221][ T288] bridge_slave_0: entered promiscuous mode [ 28.341563][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.348641][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.355730][ T290] bridge_slave_0: entered allmulticast mode [ 28.362152][ T290] bridge_slave_0: entered promiscuous mode [ 28.368651][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.375727][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.383178][ T290] bridge_slave_1: entered allmulticast mode [ 28.389528][ T290] bridge_slave_1: entered promiscuous mode [ 28.397436][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.404494][ T288] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.411733][ T288] bridge_slave_1: entered allmulticast mode [ 28.418201][ T288] bridge_slave_1: entered promiscuous mode [ 28.464618][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.471810][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.478996][ T291] bridge_slave_0: entered allmulticast mode [ 28.485269][ T291] bridge_slave_0: entered promiscuous mode [ 28.495527][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.502724][ T289] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.509841][ T289] bridge_slave_0: entered allmulticast mode [ 28.516085][ T289] bridge_slave_0: entered promiscuous mode [ 28.525897][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.533064][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.540182][ T291] bridge_slave_1: entered allmulticast mode [ 28.546459][ T291] bridge_slave_1: entered promiscuous mode [ 28.556704][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.563792][ T289] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.571158][ T289] bridge_slave_1: entered allmulticast mode [ 28.578075][ T289] bridge_slave_1: entered promiscuous mode [ 28.725042][ T288] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.732196][ T288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.739767][ T288] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.746828][ T288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.794758][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.801973][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.809433][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.816828][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.836284][ T291] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.843608][ T291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.851224][ T291] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.858824][ T291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.875398][ T289] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.882730][ T289] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.890198][ T289] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.897344][ T289] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.924540][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.933118][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.942416][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.950516][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.958043][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.965565][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.973191][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.980726][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.998263][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.005390][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.013316][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.020397][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.050470][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.057582][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.076783][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.084173][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.092540][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.099740][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.114222][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.121322][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.152939][ T288] veth0_vlan: entered promiscuous mode [ 29.161797][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.168898][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.178225][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.185404][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.209992][ T290] veth0_vlan: entered promiscuous mode [ 29.216773][ T289] veth0_vlan: entered promiscuous mode [ 29.223372][ T288] veth1_macvtap: entered promiscuous mode [ 29.252344][ T290] veth1_macvtap: entered promiscuous mode [ 29.263374][ T289] veth1_macvtap: entered promiscuous mode [ 29.313208][ T288] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 29.329754][ T291] veth0_vlan: entered promiscuous mode [ 29.355010][ T291] veth1_macvtap: entered promiscuous mode [ 29.426793][ T314] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 29.502664][ T323] capability: warning: `syz.2.7' uses deprecated v2 capabilities in a way that may be insecure [ 29.514731][ T324] __vm_enough_memory: pid: 324, comm: syz.2.7, bytes: 281474976845824 not enough memory for the allocation [ 29.527581][ T323] __vm_enough_memory: pid: 323, comm: syz.2.7, bytes: 281474976845824 not enough memory for the allocation [ 29.665893][ T336] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11'. [ 29.688293][ T340] netlink: 96 bytes leftover after parsing attributes in process `syz.0.13'. [ 29.700521][ T31] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 29.856434][ T345] rust_binder: Error while translating object. [ 29.856526][ T345] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 29.863423][ T345] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:10 [ 29.878484][ T31] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 29.898545][ T31] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 29.917981][ T31] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 29.927465][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 29.935698][ T31] usb 2-1: SerialNumber: syz [ 29.987139][ T305] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 30.089845][ T358] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 30.148758][ T31] usb 2-1: MIDIStreaming interface descriptor not found [ 30.158547][ T305] usb 4-1: Using ep0 maxpacket: 32 [ 30.167669][ T305] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.181272][ T31] usb 2-1: USB disconnect, device number 2 [ 30.187969][ T305] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.202987][ T305] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 30.217891][ T305] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.228521][ T305] usb 4-1: config 0 descriptor?? [ 30.235497][ T305] hub 4-1:0.0: USB hub found [ 30.279307][ T364] tipc: Enabling of bearer rejected, failed to enable media [ 30.304719][ T366] fuse: Bad value for 'fd' [ 30.357873][ T312] udevd[312]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 30.365933][ T372] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23'. [ 30.388015][ T374] fuse: Invalid rootmode [ 30.427520][ T378] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:22 [ 30.435472][ T305] hub 4-1:0.0: 1 port detected [ 30.699072][ T412] netlink: 16 bytes leftover after parsing attributes in process `syz.1.38'. [ 30.748613][ T416] netlink: 8 bytes leftover after parsing attributes in process `syz.1.40'. [ 30.776245][ T418] netlink: 268 bytes leftover after parsing attributes in process `syz.1.41'. [ 30.847250][ T344] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 31.030614][ T344] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 31.037176][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 31.048074][ T344] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 31.064195][ T305] hub 4-1:0.0: activate --> -90 [ 31.069227][ T344] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 31.086858][ T344] usb 3-1: SerialNumber: syz [ 31.197203][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 31.204780][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 31.215735][ T9] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 31.232649][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 31.242969][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 31.252586][ T9] usb 2-1: Product: syz [ 31.257023][ T9] usb 2-1: Manufacturer: syz [ 31.262512][ T9] usb 2-1: SerialNumber: syz [ 31.322648][ T344] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 31.334321][ T344] usb 3-1: USB disconnect, device number 2 [ 31.460600][ T423] FAULT_INJECTION: forcing a failure. [ 31.460600][ T423] name failslab, interval 1, probability 0, space 0, times 0 [ 31.473523][ T423] CPU: 1 UID: 0 PID: 423 Comm: syz.0.43 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 31.473561][ T423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 31.473582][ T423] Call Trace: [ 31.473588][ T423] [ 31.473595][ T423] __dump_stack+0x21/0x30 [ 31.473632][ T423] dump_stack_lvl+0x10c/0x190 [ 31.473658][ T423] ? __cfi_dump_stack_lvl+0x10/0x10 [ 31.473683][ T423] ? __kasan_check_write+0x18/0x20 [ 31.473706][ T423] dump_stack+0x19/0x20 [ 31.473727][ T423] should_fail_ex+0x3d9/0x530 [ 31.473749][ T423] should_failslab+0xac/0x100 [ 31.473776][ T423] __kmalloc_node_noprof+0x6c/0x450 [ 31.473800][ T423] ? crypto_create_tfm_node+0xa5/0x4d0 [ 31.473823][ T423] crypto_create_tfm_node+0xa5/0x4d0 [ 31.473843][ T423] ? up_read+0x26/0x1d0 [ 31.473864][ T423] crypto_spawn_tfm2+0x60/0x90 [ 31.473891][ T423] crypto_ccm_init_tfm+0x4e/0x250 [ 31.473915][ T423] ? crypto_aead_init_tfm+0x107/0x1a0 [ 31.473945][ T423] ? __cfi_crypto_ccm_init_tfm+0x10/0x10 [ 31.473968][ T423] crypto_aead_init_tfm+0x11e/0x1a0 [ 31.473999][ T423] crypto_create_tfm_node+0x198/0x4d0 [ 31.474020][ T423] ? crypto_alg_mod_lookup+0x3a2/0x5b0 [ 31.474042][ T423] crypto_alloc_tfm_node+0x169/0x370 [ 31.474066][ T423] crypto_alloc_aead+0x34/0x40 [ 31.474095][ T423] tls_set_sw_offload+0xb9e/0x1810 [ 31.474124][ T423] tls_setsockopt+0x9b1/0xd60 [ 31.474146][ T423] ? __cfi_tls_setsockopt+0x10/0x10 [ 31.474167][ T423] ? __cfi_vfs_write+0x10/0x10 [ 31.474192][ T423] sock_common_setsockopt+0xb5/0xd0 [ 31.474216][ T423] ? __cfi_sock_common_setsockopt+0x10/0x10 [ 31.474239][ T423] do_sock_setsockopt+0x26a/0x400 [ 31.474269][ T423] ? __cfi_do_sock_setsockopt+0x10/0x10 [ 31.474302][ T423] __x64_sys_setsockopt+0x1b8/0x250 [ 31.474342][ T423] x64_sys_call+0x2adc/0x2ee0 [ 31.474368][ T423] do_syscall_64+0x58/0xf0 [ 31.474395][ T423] ? clear_bhb_loop+0x35/0x90 [ 31.474426][ T423] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 31.474455][ T423] RIP: 0033:0x7fb917f8e929 [ 31.474477][ T423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 31.474494][ T423] RSP: 002b:00007fb918df9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 31.474521][ T423] RAX: ffffffffffffffda RBX: 00007fb9181b5fa0 RCX: 00007fb917f8e929 [ 31.474536][ T423] RDX: 0000000000000002 RSI: 000000000000011a RDI: 0000000000000004 [ 31.474548][ T423] RBP: 00007fb918df9090 R08: 0000000000000028 R09: 0000000000000000 [ 31.474562][ T423] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001 [ 31.474576][ T423] R13: 0000000000000000 R14: 00007fb9181b5fa0 R15: 00007fff86d05358 [ 31.474594][ T423] [ 31.474931][ T305] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 31.492608][ T61] usb 4-1: USB disconnect, device number 2 [ 31.985107][ T428] fuse: Bad value for 'fd' [ 32.030964][ T36] kauditd_printk_skb: 87 callbacks suppressed [ 32.030985][ T36] audit: type=1400 audit(1750461899.325:160): avc: denied { nlmsg_tty_audit } for pid=429 comm="syz.2.47" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 32.076752][ T36] audit: type=1400 audit(1750461899.365:161): avc: denied { create } for pid=429 comm="syz.2.47" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 32.099783][ T36] audit: type=1400 audit(1750461899.365:162): avc: denied { link } for pid=429 comm="syz.2.47" name="file1" dev="tmpfs" ino=125 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 32.128577][ T36] audit: type=1400 audit(1750461899.365:163): avc: denied { ioctl } for pid=429 comm="syz.2.47" path="net:[4026532308]" dev="nsfs" ino=4026532308 ioctlcmd=0x9413 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 32.155066][ T36] audit: type=1400 audit(1750461899.375:164): avc: denied { read write } for pid=439 comm="syz.0.50" name="uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 32.182289][ T36] audit: type=1400 audit(1750461899.375:165): avc: denied { open } for pid=439 comm="syz.0.50" path="/dev/uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 32.219905][ T36] audit: type=1400 audit(1750461899.375:166): avc: denied { ioctl } for pid=439 comm="syz.0.50" path="/dev/uinput" dev="devtmpfs" ino=194 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 32.258854][ T36] audit: type=1400 audit(1750461899.375:167): avc: denied { read open } for pid=439 comm="syz.0.50" path="net:[4026532327]" dev="nsfs" ino=4026532327 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 32.284560][ T454] netlink: 24 bytes leftover after parsing attributes in process `syz.0.54'. [ 32.297988][ T36] audit: type=1400 audit(1750461899.425:168): avc: denied { unlink } for pid=288 comm="syz-executor" name="file0" dev="tmpfs" ino=125 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 32.337784][ T36] audit: type=1400 audit(1750461899.605:169): avc: denied { mount } for pid=451 comm="syz.2.53" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 32.357202][ T461] fuse: Invalid rootmode [ 32.387152][ T61] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 32.390492][ T463] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 32.397277][ T464] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:14 [ 32.402975][ T463] rust_binder: Write failure EINVAL in pid:60 [ 32.464822][ T472] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:64 [ 32.471596][ T472] rust_binder: Failed to allocate buffer. len:120, is_oneway:false [ 32.513231][ T475] tipc: Started in network mode [ 32.527520][ T475] tipc: Node identity , cluster identity 4711 [ 32.534167][ T475] tipc: Failed to obtain node identity [ 32.540552][ T475] tipc: Enabling of bearer rejected, failed to enable media [ 32.550251][ T61] usb 4-1: Using ep0 maxpacket: 32 [ 32.558994][ T61] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 32.571402][ T61] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 32.584347][ T61] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 32.593634][ T61] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.604602][ T61] usb 4-1: config 0 descriptor?? [ 32.619150][ T61] hub 4-1:0.0: USB hub found [ 32.682216][ T484] fuse: Invalid rootmode [ 32.703328][ T486] netlink: 324 bytes leftover after parsing attributes in process `syz.0.67'. [ 32.783922][ T495] netlink: 4276 bytes leftover after parsing attributes in process `syz.0.71'. [ 32.833508][ T61] hub 4-1:0.0: 1 port detected [ 32.907075][ T469] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 32.937690][ T500] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:86 [ 32.938015][ T499] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 32.948396][ T499] rust_binder: Error in use_page_slow: EBUSY [ 32.958889][ T499] rust_binder: use_range failure EBUSY [ 32.965104][ T499] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 32.970612][ T499] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 32.978751][ T499] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 32.988510][ T499] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:86 [ 33.057615][ T506] fuse: Invalid rootmode [ 33.079876][ T469] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 33.095813][ T469] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 33.106371][ T469] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 33.114981][ T469] usb 3-1: SerialNumber: syz [ 33.252096][ T515] netlink: 220 bytes leftover after parsing attributes in process `syz.0.79'. [ 33.295517][ T517] binder: Binderfs stats mode cannot be changed during a remount [ 33.498611][ T530] fuse: Bad value for 'rootmode' [ 33.502680][ T470] hub 4-1:0.0: activate --> -90 [ 33.564842][ T532] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=532 comm=syz.0.85 [ 33.581779][ T532] capability: warning: `syz.0.85' uses 32-bit capabilities (legacy support in use) [ 33.769039][ T469] cdc_ether 3-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.2-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 33.917214][ T9] cdc_ncm 2-1:1.0: bind() failure [ 33.932215][ T9] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 33.937958][ T305] usb 4-1: USB disconnect, device number 3 [ 33.954666][ T9] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 33.979887][ T9] usb 2-1: USB disconnect, device number 3 [ 34.059573][ T567] fuse: Bad value for 'rootmode' [ 34.195361][ T305] usb 3-1: USB disconnect, device number 3 [ 34.201941][ T305] cdc_ether 3-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.2-1, CDC Ethernet Device [ 34.514222][ T616] fuse: Bad value for 'rootmode' [ 34.638865][ T637] ======================================================= [ 34.638865][ T637] WARNING: The mand mount option has been deprecated and [ 34.638865][ T637] and is ignored by this kernel. Remove the mand [ 34.638865][ T637] option from the mount to silence this warning. [ 34.638865][ T637] ======================================================= [ 34.753300][ T647] fuse: Bad value for 'rootmode' [ 34.802404][ T654] input: syz0 as /devices/virtual/input/input7 [ 34.826834][ T656] fuse: Unknown parameter 'use00000000000000000000' [ 34.841983][ T657] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:68 [ 34.844697][ T657] input: syz0 as /devices/virtual/input/input8 [ 34.862116][ T657] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 34.862137][ T657] rust_binder: Read failure Err(EFAULT) in pid:68 [ 34.879430][ T657] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:68 [ 35.065702][ T676] __nla_validate_parse: 1 callbacks suppressed [ 35.065725][ T676] netlink: 16 bytes leftover after parsing attributes in process `syz.0.128'. [ 35.091160][ T674] fuse: Bad value for 'rootmode' [ 35.134771][ T678] fuse: Unknown parameter 'use00000000000000000000' [ 35.271319][ T690] input: syz0 as /devices/virtual/input/input9 [ 35.476431][ T703] fuse: Unknown parameter 'user_i00000000000000000000' [ 35.536869][ T305] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 35.697547][ T305] usb 4-1: Using ep0 maxpacket: 8 [ 35.704485][ T305] usb 4-1: unable to get BOS descriptor or descriptor too short [ 35.713479][ T305] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 35.723722][ T305] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 35.732697][ T305] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 35.756182][ T305] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 35.758265][ T707] netlink: 220 bytes leftover after parsing attributes in process `syz.1.141'. [ 35.767790][ T305] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 35.789230][ T305] usb 4-1: Product: syz [ 35.793692][ T305] usb 4-1: Manufacturer: syz [ 35.805418][ T305] usb 4-1: SerialNumber: syz [ 35.911529][ T723] fuse: Unknown parameter 'user_i00000000000000000000' [ 36.036492][ T305] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 36.054670][ T305] cdc_ncm 4-1:1.0: bind() failure [ 36.063168][ T305] usb 4-1: USB disconnect, device number 4 [ 36.121816][ T743] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=743 comm=syz.1.156 [ 36.146228][ T470] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 36.338708][ T470] usb 3-1: Using ep0 maxpacket: 16 [ 36.346735][ T470] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 36.356134][ T470] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.365343][ T470] usb 3-1: config 0 descriptor?? [ 36.371876][ T470] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 36.510077][ T344] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 36.596149][ T470] usb 3-1: Detected FT232A [ 36.605541][ T747] fuse: Unknown parameter 'user_i00000000000000000000' [ 36.609327][ T470] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 36.660491][ T751] Zero length message leads to an empty skb [ 36.671356][ T344] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 36.682246][ T344] usb 1-1: config 1 interface 0 altsetting 29 has an invalid descriptor for endpoint zero, skipping [ 36.695145][ T344] usb 1-1: config 1 interface 0 altsetting 29 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 36.715635][ T344] usb 1-1: config 1 interface 0 has no altsetting 0 [ 36.733048][ T344] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 36.743624][ T344] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 36.752533][ T344] usb 1-1: SerialNumber: syz [ 36.761577][ T344] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 36.817413][ T763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.166'. [ 36.836267][ T470] usb 3-1: USB disconnect, device number 4 [ 36.843118][ T470] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 36.868709][ T470] ftdi_sio 3-1:0.0: device disconnected [ 36.876268][ T770] fuse: Unknown parameter 'user_id00000000000000000000' [ 36.929877][ T776] SELinux: security_context_str_to_sid () failed with errno=-22 [ 36.979983][ T305] usb 1-1: USB disconnect, device number 2 [ 37.026651][ T789] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:98 [ 37.129059][ T799] netlink: 'syz.3.177': attribute type 8 has an invalid length. [ 37.147674][ T799] netlink: 8 bytes leftover after parsing attributes in process `syz.3.177'. [ 37.190641][ T801] fuse: Unknown parameter 'user_id00000000000000000000' [ 37.248133][ T807] tipc: Started in network mode [ 37.254154][ T807] tipc: Node identity ac14141d, cluster identity 4711 [ 37.269763][ T807] tipc: New replicast peer: 255.255.255.255 [ 37.277196][ T807] tipc: Enabled bearer , priority 10 [ 37.332525][ T812] process 'syz.3.183' launched './file1' with NULL argv: empty string added [ 37.399345][ T36] kauditd_printk_skb: 76 callbacks suppressed [ 37.399367][ T36] audit: type=1400 audit(1750461904.385:246): avc: denied { ioctl } for pid=816 comm="syz.3.185" path="/dev/ptp0" dev="devtmpfs" ino=196 ioctlcmd=0x3d02 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 37.556693][ T822] fuse: Unknown parameter 'user_id00000000000000000000' [ 37.595549][ T36] audit: type=1400 audit(1750461904.563:247): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 37.628534][ T826] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:167 [ 37.632635][ T826] rust_binder: Read failure Err(EFAULT) in pid:167 [ 37.643451][ T826] rust_binder: Write failure EFAULT in pid:167 [ 37.771739][ T421] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 37.883969][ T843] fuse: Bad value for 'fd' [ 37.941087][ T36] audit: type=1400 audit(1750461904.881:248): avc: denied { read } for pid=850 comm="syz.0.199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 37.961637][ T421] usb 4-1: Using ep0 maxpacket: 32 [ 37.973237][ T421] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 37.985298][ T421] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 38.015131][ T421] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 38.025190][ T421] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.034971][ T421] usb 4-1: config 0 descriptor?? [ 38.042962][ T421] hub 4-1:0.0: USB hub found [ 38.250273][ T877] fuse: Bad value for 'fd' [ 38.263249][ T421] hub 4-1:0.0: 1 port detected [ 38.284309][ T36] audit: type=1400 audit(1750461905.199:249): avc: denied { create } for pid=878 comm="syz.1.207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 38.314686][ T36] audit: type=1400 audit(1750461905.199:250): avc: denied { ioctl } for pid=878 comm="syz.1.207" path="socket:[7241]" dev="sockfs" ino=7241 ioctlcmd=0x54a5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 38.339778][ T344] tipc: Node number set to 2886997021 [ 38.367965][ T888] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:114 [ 38.461336][ T898] SELinux: security_context_str_to_sid (syste_uÝGй ‰:ÿß) failed with errno=-22 [ 38.491210][ T898] binder: Bad value for 'max' [ 38.556529][ T901] x_tables: duplicate underflow at hook 1 [ 38.580253][ T903] fuse: Bad value for 'fd' [ 38.686279][ T36] audit: type=1400 audit(1750461905.583:251): avc: denied { read } for pid=912 comm="syz.2.221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 38.763367][ T917] netlink: 'syz.2.223': attribute type 4 has an invalid length. [ 38.786852][ T919] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 38.801379][ T919] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 38.837621][ T923] fuse: Unknown parameter '0x0000000000000004' [ 38.898540][ T929] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:148 [ 38.906078][ T36] audit: type=1400 audit(1750461905.788:252): avc: denied { ioctl } for pid=931 comm="syz.0.229" path="socket:[7075]" dev="sockfs" ino=7075 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 38.943412][ T930] netlink: 'syz.2.228': attribute type 1 has an invalid length. [ 38.952180][ T929] netlink: 'syz.2.228': attribute type 1 has an invalid length. [ 38.953891][ T421] hub 4-1:0.0: activate --> -90 [ 39.088434][ T936] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 39.104070][ T36] audit: type=1400 audit(1750461905.975:253): avc: denied { relabelfrom } for pid=934 comm="syz.0.230" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 39.124285][ T936] fuse: Bad value for 'rootmode' [ 39.129216][ T36] audit: type=1400 audit(1750461905.975:254): avc: denied { relabelto } for pid=934 comm="syz.0.230" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 39.199217][ T944] netlink: 16 bytes leftover after parsing attributes in process `syz.2.233'. [ 39.228106][ T36] audit: type=1400 audit(1750461906.088:255): avc: denied { create } for pid=945 comm="syz.2.234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 39.364348][ T949] fuse: Unknown parameter '0x0000000000000004' [ 39.811033][ T344] usb 4-1: USB disconnect, device number 5 [ 39.817252][ T421] usb 4-1-port1: cannot reset (err = -71) [ 39.823669][ T421] usb 4-1-port1: attempt power cycle [ 39.941289][ T970] binder: Unknown parameter 'coyBLV§"i5ŽÝ”ÃùÒntext' [ 40.239737][ T979] fuse: Unknown parameter '0x0000000000000004' [ 40.358172][ T1001] FAULT_INJECTION: forcing a failure. [ 40.358172][ T1001] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 40.374148][ T1001] CPU: 1 UID: 0 PID: 1001 Comm: syz.0.253 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 40.374181][ T1001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 40.374194][ T1001] Call Trace: [ 40.374201][ T1001] [ 40.374209][ T1001] __dump_stack+0x21/0x30 [ 40.374238][ T1001] dump_stack_lvl+0x10c/0x190 [ 40.374261][ T1001] ? __cfi_dump_stack_lvl+0x10/0x10 [ 40.374288][ T1001] dump_stack+0x19/0x20 [ 40.374310][ T1001] should_fail_ex+0x3d9/0x530 [ 40.374333][ T1001] should_fail+0xf/0x20 [ 40.374354][ T1001] should_fail_usercopy+0x1e/0x30 [ 40.374378][ T1001] _copy_from_user+0x22/0xb0 [ 40.374407][ T1001] ___sys_sendmsg+0x159/0x2a0 [ 40.374439][ T1001] ? __sys_sendmsg+0x280/0x280 [ 40.374470][ T1001] ? kstrtouint+0x78/0xf0 [ 40.374498][ T1001] __sys_sendmmsg+0x271/0x470 [ 40.374518][ T1001] ? __cfi___sys_sendmmsg+0x10/0x10 [ 40.374542][ T1001] ? __cfi_ksys_write+0x10/0x10 [ 40.374568][ T1001] __x64_sys_sendmmsg+0xa4/0xc0 [ 40.374588][ T1001] x64_sys_call+0xfec/0x2ee0 [ 40.374615][ T1001] do_syscall_64+0x58/0xf0 [ 40.374642][ T1001] ? clear_bhb_loop+0x35/0x90 [ 40.374685][ T1001] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 40.374714][ T1001] RIP: 0033:0x7fb917f8e929 [ 40.374732][ T1001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 40.374748][ T1001] RSP: 002b:00007fb918df9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 40.374771][ T1001] RAX: ffffffffffffffda RBX: 00007fb9181b5fa0 RCX: 00007fb917f8e929 [ 40.374787][ T1001] RDX: 000000000000003f RSI: 00002000000000c0 RDI: 0000000000000003 [ 40.374801][ T1001] RBP: 00007fb918df9090 R08: 0000000000000000 R09: 0000000000000000 [ 40.374814][ T1001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 40.374826][ T1001] R13: 0000000000000000 R14: 00007fb9181b5fa0 R15: 00007fff86d05358 [ 40.374844][ T1001] [ 40.406098][ T1004] fuse: Unknown parameter '0x0000000000000004' [ 40.410991][ T1005] rust_binder: Write failure EINVAL in pid:98 [ 40.439664][ T1007] netlink: 260 bytes leftover after parsing attributes in process `syz.0.256'. [ 40.754370][ T1030] fuse: Unknown parameter '0x0000000000000004' [ 40.791857][ T1032] input: syz1 as /devices/virtual/input/input10 [ 40.944372][ T1050] netlink: 12 bytes leftover after parsing attributes in process `syz.3.272'. [ 40.967837][ T470] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 40.994880][ T1055] netlink: 96 bytes leftover after parsing attributes in process `syz.1.274'. [ 40.996013][ T1052] raw_sendmsg: syz.3.273 forgot to set AF_INET. Fix it! [ 41.090605][ T1064] netlink: 'syz.3.277': attribute type 3 has an invalid length. [ 41.120082][ T1066] fuse: Unknown parameter 'fd0x0000000000000004' [ 41.128077][ T470] usb 3-1: Using ep0 maxpacket: 32 [ 41.139081][ T470] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 41.152461][ T1067] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:148 [ 41.160296][ T470] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 41.183245][ T470] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 41.202850][ T470] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.211076][ T1070] netlink: 8 bytes leftover after parsing attributes in process `syz.0.280'. [ 41.235335][ T470] usb 3-1: config 0 descriptor?? [ 41.245726][ T470] hub 3-1:0.0: USB hub found [ 41.270325][ T1080] netlink: 80 bytes leftover after parsing attributes in process `syz.0.283'. [ 41.423510][ T1092] fuse: Unknown parameter 'fd0x0000000000000004' [ 41.455362][ T470] hub 3-1:0.0: 1 port detected [ 41.465249][ T1094] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 41.465277][ T1094] rust_binder: Error while translating object. [ 41.474198][ T1094] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 41.480440][ T1094] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:255 [ 41.577058][ T9] usb 2-1: new low-speed USB device number 4 using dummy_hcd [ 41.600079][ T1094] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1152 (2304 ns) > initial count (1920 ns). Using initial count to start timer. [ 41.759219][ T9] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 41.768621][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 41.780425][ T9] usb 2-1: config 0 descriptor?? [ 41.813908][ T1104] rust_binder: Write failure EINVAL in pid:258 [ 41.993976][ T344] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 42.013929][ T1111] netlink: 16 bytes leftover after parsing attributes in process `syz.0.295'. [ 42.041714][ T1113] netlink: 28 bytes leftover after parsing attributes in process `syz.0.296'. [ 42.115760][ T470] hub 3-1:0.0: activate --> -90 [ 42.158189][ T1116] fuse: Unknown parameter 'fd0x0000000000000004' [ 42.167855][ T344] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 42.184247][ T344] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 42.186931][ T1118] netlink: 268 bytes leftover after parsing attributes in process `syz.0.298'. [ 42.195705][ T344] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 42.213491][ T344] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 42.228404][ T344] usb 4-1: SerialNumber: syz [ 42.460943][ T344] usb 4-1: MIDIStreaming interface descriptor not found [ 42.475895][ T344] usb 4-1: USB disconnect, device number 10 [ 42.528595][ T45] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 42.668379][ T407] udevd[407]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 42.690966][ T45] usb 1-1: config 0 has an invalid interface number: 230 but max is 0 [ 42.700146][ T45] usb 1-1: config 0 has no interface number 0 [ 42.706827][ T45] usb 1-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 42.718600][ T45] usb 1-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 42.729763][ T45] usb 1-1: config 0 interface 230 has no altsetting 0 [ 42.738473][ T45] usb 1-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 42.747704][ T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 42.756113][ T45] usb 1-1: Product: syz [ 42.760527][ T45] usb 1-1: Manufacturer: syz [ 42.765500][ T45] usb 1-1: SerialNumber: syz [ 42.771779][ T45] usb 1-1: config 0 descriptor?? [ 42.777483][ T1124] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 42.786268][ T1124] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22 [ 42.794576][ T45] ums-usbat 1-1:0.230: USB Mass Storage device detected [ 42.803123][ T45] ums-usbat 1-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 42.870771][ T470] usb 3-1: USB disconnect, device number 5 [ 43.287572][ T421] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 43.307997][ T36] kauditd_printk_skb: 17 callbacks suppressed [ 43.308016][ T36] audit: type=1400 audit(1750461909.899:273): avc: denied { lock } for pid=1130 comm="syz.2.303" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 43.370089][ T1135] netlink: 300 bytes leftover after parsing attributes in process `syz.2.305'. [ 43.449727][ T421] usb 4-1: unable to get BOS descriptor or descriptor too short [ 43.458248][ T421] usb 4-1: not running at top speed; connect to a high speed hub [ 43.467161][ T421] usb 4-1: config 129 has an invalid interface number: 28 but max is 0 [ 43.475833][ T421] usb 4-1: config 129 has no interface number 0 [ 43.482977][ T421] usb 4-1: config 129 interface 28 altsetting 250 has an endpoint descriptor with address 0xFD, changing to 0x8D [ 43.497528][ T421] usb 4-1: config 129 interface 28 altsetting 250 endpoint 0x8D has invalid maxpacket 18502, setting to 64 [ 43.509647][ T421] usb 4-1: config 129 interface 28 altsetting 250 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 43.524808][ T421] usb 4-1: config 129 interface 28 has no altsetting 0 [ 43.534040][ T421] usb 4-1: New USB device found, idVendor=108c, idProduct=0159, bcdDevice=db.57 [ 43.547145][ T421] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.555569][ T421] usb 4-1: Product: syz [ 43.562262][ T421] usb 4-1: Manufacturer: syz [ 43.568445][ T421] usb 4-1: SerialNumber: syz [ 43.574625][ T1128] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 43.848449][ T1086] fuse: root generation should be zero [ 43.854485][ T1086] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 43.854508][ T1086] rust_binder: Error while translating object. [ 43.865227][ T1086] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 43.871754][ T1086] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:162 [ 43.883370][ T9] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 43.903363][ T9] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9 [ 43.917775][ T9] asix 2-1:0.0: probe with driver asix failed with error -71 [ 43.928861][ T9] usb 2-1: USB disconnect, device number 4 [ 44.366937][ T421] usb 4-1: USB disconnect, device number 11 [ 44.459507][ T1157] binder: Unknown parameter 'ÀË•] þ' [ 44.634642][ T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 44.794925][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 44.802076][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 44.813603][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 44.823603][ T9] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 44.832715][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.841374][ T9] usb 3-1: config 0 descriptor?? [ 44.847518][ T9] hub 3-1:0.0: USB hub found [ 45.066571][ T9] hub 3-1:0.0: 1 port detected [ 45.591672][ T36] audit: type=1400 audit(1750461912.041:274): avc: denied { setcheckreqprot } for pid=1170 comm="syz.3.318" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 45.717705][ T9] hub 3-1:0.0: activate --> -90 [ 45.864028][ T469] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 46.025739][ T469] usb 4-1: config 16 has an invalid interface number: 168 but max is 0 [ 46.034495][ T469] usb 4-1: config 16 has no interface number 0 [ 46.043129][ T469] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea7a, bcdDevice=34.bc [ 46.052571][ T469] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 46.060712][ T469] usb 4-1: Product: syz [ 46.065069][ T469] usb 4-1: Manufacturer: syz [ 46.069825][ T469] usb 4-1: SerialNumber: syz [ 46.296450][ T1174] netlink: 220 bytes leftover after parsing attributes in process `syz.0.319'. [ 46.329400][ T45] ums-usbat 1-1:0.230: probe with driver ums-usbat failed with error -5 [ 46.340117][ T45] usb 1-1: USB disconnect, device number 3 [ 46.354127][ T36] audit: type=1400 audit(1750461912.752:275): avc: denied { read } for pid=1170 comm="syz.3.318" name="usbmon6" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 46.367670][ T469] usb 4-1: USB disconnect, device number 12 [ 46.384335][ T36] audit: type=1400 audit(1750461912.752:276): avc: denied { open } for pid=1170 comm="syz.3.318" path="/dev/usbmon6" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 46.506326][ T10] usb 3-1: USB disconnect, device number 6 [ 46.544908][ T36] audit: type=1400 audit(1750461912.929:277): avc: denied { create } for pid=1182 comm="syz.0.322" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 46.729974][ T1162] Bluetooth: hci0: command 0x1003 tx timeout [ 46.729997][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 46.861759][ T36] audit: type=1400 audit(1750461913.229:278): avc: denied { mount } for pid=1190 comm="syz.1.326" name="/" dev="ramfs" ino=9025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 46.949012][ T36] audit: type=1400 audit(1750461913.313:279): avc: denied { ioctl } for pid=1194 comm="syz.2.328" path="socket:[9794]" dev="sockfs" ino=9794 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 47.088267][ T36] audit: type=1326 audit(1750461913.444:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1200 comm="syz.1.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9d918e929 code=0x7ffc0000 [ 47.113908][ T36] audit: type=1326 audit(1750461913.444:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1200 comm="syz.1.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9d918e929 code=0x7ffc0000 [ 47.139862][ T36] audit: type=1326 audit(1750461913.444:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1200 comm="syz.1.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7fa9d918e929 code=0x7ffc0000 [ 47.190444][ T1210] netlink: 168 bytes leftover after parsing attributes in process `syz.1.334'. [ 47.236618][ T1215] netlink: 32 bytes leftover after parsing attributes in process `syz.3.337'. [ 47.243127][ T469] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 47.424804][ T469] usb 3-1: Using ep0 maxpacket: 32 [ 47.433577][ T469] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.444889][ T469] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 47.455706][ T469] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 47.465632][ T469] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.474881][ T469] usb 3-1: config 0 descriptor?? [ 47.481229][ T469] hub 3-1:0.0: USB hub found [ 47.579180][ T1232] netlink: 8 bytes leftover after parsing attributes in process `syz.1.336'. [ 47.692188][ T344] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 47.696079][ T469] hub 3-1:0.0: 1 port detected [ 47.777706][ T45] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 47.854123][ T344] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 47.866562][ T344] usb 4-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 47.876306][ T344] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 47.886560][ T344] usb 4-1: Product: syz [ 47.892964][ T344] usb 4-1: Manufacturer: syz [ 47.900607][ T344] usb 4-1: SerialNumber: syz [ 47.906289][ T344] usb 4-1: config 0 descriptor?? [ 47.914723][ T344] usb 4-1: bad CDC descriptors [ 47.940252][ T45] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 47.956966][ T45] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 47.967136][ T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 47.975663][ T45] usb 1-1: SerialNumber: syz [ 48.132729][ T1226] rust_binder: Write failure EINVAL in pid:158 [ 48.133330][ T421] usb 4-1: USB disconnect, device number 13 [ 48.267797][ T1239] fuse: Bad value for 'rootmode' [ 48.334347][ T1243] rust_binder: Error in use_page_slow: ESRCH [ 48.334373][ T1243] rust_binder: use_range failure ESRCH [ 48.341685][ T1243] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false [ 48.348102][ T1243] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 48.366036][ T1243] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:199 [ 48.367734][ T469] hub 3-1:0.0: activate --> -90 [ 48.643319][ T45] cdc_ether 1-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.0-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 48.825610][ T45] usb 3-1: USB disconnect, device number 7 [ 48.827773][ T469] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 49.071448][ T45] usb 1-1: USB disconnect, device number 4 [ 49.077734][ T45] cdc_ether 1-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.0-1, CDC Ethernet Device [ 49.336325][ T1295] input: syz0 as /devices/virtual/input/input11 [ 49.480295][ T36] kauditd_printk_skb: 4 callbacks suppressed [ 49.480315][ T36] audit: type=1400 audit(1750461915.680:287): avc: denied { read } for pid=1309 comm="syz.2.357" path="socket:[10078]" dev="sockfs" ino=10078 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 49.606730][ T1318] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 49.606751][ T1318] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 49.615331][ T1318] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:163 [ 49.679203][ T36] audit: type=1400 audit(1750461915.857:288): avc: denied { shutdown } for pid=1329 comm="syz.3.364" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 49.734131][ T36] audit: type=1326 audit(1750461915.923:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1336 comm="syz.3.366" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5a7018e929 code=0x0 [ 50.441529][ T1345] rust_binder: Write failure EINVAL in pid:218 [ 50.506231][ T1353] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 50.512639][ T1353] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:222 [ 50.525109][ T1353] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 50.534683][ T1353] rust_binder: Read failure Err(EFAULT) in pid:222 [ 50.684339][ T36] audit: type=1400 audit(1750461916.802:290): avc: denied { ioctl } for pid=1367 comm="syz.0.380" path="socket:[11331]" dev="sockfs" ino=11331 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 50.719804][ T36] audit: type=1400 audit(1750461916.839:291): avc: denied { connect } for pid=1367 comm="syz.0.380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 50.741777][ T36] audit: type=1400 audit(1750461916.858:292): avc: denied { write } for pid=1367 comm="syz.0.380" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 50.764574][ T1375] netlink: 76 bytes leftover after parsing attributes in process `syz.2.381'. [ 50.878669][ T36] audit: type=1400 audit(1750461916.989:293): avc: denied { getopt } for pid=1389 comm="syz.1.388" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 51.041683][ T1396] netlink: 8 bytes leftover after parsing attributes in process `syz.1.390'. [ 51.052762][ T45] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 51.109785][ T36] audit: type=1400 audit(1750461917.204:294): avc: denied { append } for pid=1401 comm="syz.0.393" name="usbmon0" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 51.113103][ T1402] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:328 [ 51.134627][ T36] audit: type=1400 audit(1750461917.204:295): avc: denied { ioctl } for pid=1401 comm="syz.0.393" path="/dev/usbmon0" dev="devtmpfs" ino=90 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 51.175977][ T36] audit: type=1400 audit(1750461917.260:296): avc: denied { getopt } for pid=1407 comm="syz.1.395" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 51.221883][ T45] usb 3-1: unable to get BOS descriptor or descriptor too short [ 51.230443][ T45] usb 3-1: not running at top speed; connect to a high speed hub [ 51.239311][ T45] usb 3-1: config 0 has an invalid interface number: 88 but max is 0 [ 51.250367][ T45] usb 3-1: config 0 has no interface number 0 [ 51.252308][ T1409] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 51.256808][ T1409] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:244 [ 51.256830][ T45] usb 3-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 10 [ 51.287711][ T45] usb 3-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0 [ 51.298018][ T45] usb 3-1: config 0 interface 88 has no altsetting 0 [ 51.307864][ T45] usb 3-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 51.317306][ T45] usb 3-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 51.325422][ T45] usb 3-1: Product: syz [ 51.329660][ T45] usb 3-1: Manufacturer: syz [ 51.334341][ T45] usb 3-1: SerialNumber: syz [ 51.340061][ T45] usb 3-1: config 0 descriptor?? [ 51.551858][ T1417] netlink: 'syz.3.399': attribute type 8 has an invalid length. [ 51.559696][ T1417] netlink: 8 bytes leftover after parsing attributes in process `syz.3.399'. [ 51.571840][ T1379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 51.589369][ T1379] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 51.603531][ T45] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.88/input/input12 [ 51.614123][ T421] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 51.628512][ T45] usb 3-1: USB disconnect, device number 8 [ 51.658516][ T12] tipc: Subscription rejected, illegal request [ 51.786577][ T421] usb 1-1: Using ep0 maxpacket: 32 [ 51.792942][ T421] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 51.807754][ T421] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 51.828091][ T421] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 51.843139][ T421] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.853973][ T421] usb 1-1: config 0 descriptor?? [ 51.860572][ T421] hub 1-1:0.0: USB hub found [ 52.074873][ T421] hub 1-1:0.0: 1 port detected [ 52.283816][ T1452] binder: Unknown parameter '01777777777777777777777' [ 52.285954][ T1453] binder: Unknown parameter '01777777777777777777777' [ 52.344718][ T61] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 52.364133][ T61] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 52.626729][ T1480] rust_binder: Write failure EINVAL in pid:268 [ 52.711148][ T1487] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:262 [ 52.723624][ T45] hub 1-1:0.0: activate --> -90 [ 52.784207][ T1495] x_tables: duplicate underflow at hook 1 [ 52.879944][ T1513] netlink: 'syz.1.436': attribute type 4 has an invalid length. [ 52.914163][ T1518] rust_binder: Failed to allocate buffer. len:11555468598238875304, is_oneway:true [ 53.012394][ T1529] netlink: 16 bytes leftover after parsing attributes in process `syz.2.445'. [ 53.615974][ T421] usb 1-1: USB disconnect, device number 5 [ 53.621897][ T45] usb 1-1-port1: cannot reset (err = -71) [ 53.627816][ T45] usb 1-1-port1: attempt power cycle [ 53.732897][ T1557] netlink: 4 bytes leftover after parsing attributes in process `syz.3.455'. [ 53.849702][ T1567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 53.905214][ T1568] rust_binder: Failed to allocate buffer. len:16, is_oneway:true [ 54.078208][ T1577] serio: Serial port ttynull [ 54.165327][ T1586] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 54.427195][ T421] usb 1-1: new low-speed USB device number 10 using dummy_hcd [ 54.599517][ T421] usb 1-1: config 0 interface 0 altsetting 252 endpoint 0x81 has invalid maxpacket 64, setting to 8 [ 54.611044][ T421] usb 1-1: config 0 interface 0 has no altsetting 0 [ 54.617877][ T421] usb 1-1: New USB device found, idVendor=17ef, idProduct=60b5, bcdDevice= 0.00 [ 54.627141][ T421] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.636143][ T421] usb 1-1: config 0 descriptor?? [ 54.641562][ T1586] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 54.928778][ T1611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 54.942233][ T1611] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 54.982730][ T1611] rust_binder: Error in use_page_slow: ESRCH [ 54.982773][ T1611] rust_binder: use_range failure ESRCH [ 54.988942][ T1611] rust_binder: Failed to allocate buffer. len:112, is_oneway:false [ 54.994562][ T1611] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 55.003052][ T1611] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:316 [ 55.079877][ T421] lenovo 0003:17EF:60B5.0002: hidraw0: USB HID vff.ff Device [HID 17ef:60b5] on usb-dummy_hcd.0-1/input0 [ 55.175519][ T31] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 55.183356][ T45] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 55.221975][ T1618] netlink: 12 bytes leftover after parsing attributes in process `syz.2.478'. [ 55.300020][ T1586] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 55.300053][ T1586] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:338 [ 55.302831][ T1624] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 55.311382][ T469] usb 1-1: USB disconnect, device number 10 [ 55.335899][ T31] usb 2-1: device descriptor read/64, error -71 [ 55.357250][ T45] usb 4-1: Using ep0 maxpacket: 32 [ 55.363723][ T45] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 55.376670][ T45] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 55.388752][ T45] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 55.398409][ T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.407494][ T45] usb 4-1: config 0 descriptor?? [ 55.422065][ T45] hub 4-1:0.0: USB hub found [ 55.447322][ T36] kauditd_printk_skb: 8 callbacks suppressed [ 55.447339][ T36] audit: type=1400 audit(1750461921.259:305): avc: denied { sqpoll } for pid=1628 comm="syz.2.483" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 55.603135][ T31] usb 2-1: device descriptor read/64, error -71 [ 55.631039][ T45] hub 4-1:0.0: 1 port detected [ 55.675380][ T36] audit: type=1400 audit(1750461921.474:306): avc: denied { block_suspend } for pid=1628 comm="syz.2.483" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 55.755642][ T1632] rust_binder: Write failure EFAULT in pid:330 [ 55.845956][ T1635] netlink: 8 bytes leftover after parsing attributes in process `syz.2.485'. [ 55.871601][ T31] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 56.030782][ T31] usb 2-1: device descriptor read/64, error -71 [ 56.169781][ T469] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 56.274857][ T45] hub 4-1:0.0: activate --> -90 [ 56.287373][ T31] usb 2-1: device descriptor read/64, error -71 [ 56.340795][ T469] usb 1-1: Using ep0 maxpacket: 16 [ 56.352109][ T469] usb 1-1: unable to get BOS descriptor or descriptor too short [ 56.361700][ T469] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 56.369910][ T469] usb 1-1: can't read configurations, error -71 [ 56.405080][ T31] usb usb2-port1: attempt power cycle [ 56.768488][ T31] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 56.806248][ T31] usb 2-1: device descriptor read/8, error -71 [ 56.848625][ T1654] netlink: 300 bytes leftover after parsing attributes in process `syz.2.492'. [ 56.917811][ T1555] usb 4-1: USB disconnect, device number 14 [ 56.924390][ T45] usb 4-1-port1: attempt power cycle [ 56.951923][ T31] usb 2-1: device descriptor read/8, error -71 [ 56.991747][ T1661] netlink: 24 bytes leftover after parsing attributes in process `syz.2.495'. [ 57.206731][ T31] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 57.229520][ T31] usb 2-1: device descriptor read/8, error -71 [ 57.368391][ T31] usb 2-1: device descriptor read/8, error -71 [ 57.486033][ T31] usb usb2-port1: unable to enumerate USB device [ 57.741268][ T469] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 57.825166][ T1677] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 57.825383][ T1677] rust_binder: Error while translating object. [ 57.825663][ T1678] rust_binder: Error while translating object. [ 57.832292][ T1677] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 57.838234][ T1678] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 57.845242][ T1677] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:351 [ 57.854136][ T1678] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:351 [ 57.909526][ T469] usb 4-1: unable to get BOS descriptor or descriptor too short [ 57.914243][ T1684] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 57.919088][ T469] usb 4-1: not running at top speed; connect to a high speed hub [ 57.939039][ T1686] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 57.941426][ T1686] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:358 [ 57.946028][ T469] usb 4-1: config 0 has an invalid interface number: 88 but max is 0 [ 57.975091][ T469] usb 4-1: config 0 has no interface number 0 [ 57.981492][ T469] usb 4-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 10 [ 57.999226][ T469] usb 4-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0 [ 58.010368][ T469] usb 4-1: config 0 interface 88 has no altsetting 0 [ 58.018841][ T469] usb 4-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 58.028011][ T469] usb 4-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 58.036406][ T469] usb 4-1: Product: syz [ 58.041030][ T469] usb 4-1: Manufacturer: syz [ 58.045677][ T469] usb 4-1: SerialNumber: syz [ 58.050927][ T469] usb 4-1: config 0 descriptor?? [ 58.170581][ T36] audit: type=1400 audit(1750461923.813:307): avc: denied { bind } for pid=1693 comm="syz.1.509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 58.206020][ T1696] rust_binder: Write failure EINVAL in pid:324 [ 58.265206][ T31] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 58.274973][ T469] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.88/input/input13 [ 58.296210][ T469] usb 4-1: USB disconnect, device number 19 [ 58.314767][ T307] udevd[307]: Error opening device "/dev/input/event3": No such file or directory [ 58.325640][ T307] udevd[307]: Unable to EVIOCGABS device "/dev/input/event3" [ 58.333147][ T307] udevd[307]: Unable to EVIOCGABS device "/dev/input/event3" [ 58.436123][ T31] usb 3-1: Using ep0 maxpacket: 32 [ 58.442663][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 58.453707][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 58.463683][ T31] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 58.472918][ T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.481578][ T31] usb 3-1: config 0 descriptor?? [ 58.487621][ T31] hub 3-1:0.0: USB hub found [ 58.702099][ T31] hub 3-1:0.0: 1 port detected [ 58.724794][ T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 58.837298][ T1708] netlink: 220 bytes leftover after parsing attributes in process `syz.0.515'. [ 58.880984][ T36] audit: type=1400 audit(1750461924.467:308): avc: denied { getopt } for pid=1713 comm="syz.0.517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 58.909630][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 58.918053][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 58.934117][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 58.947189][ T9] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 58.956351][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.976083][ T9] usb 2-1: config 0 descriptor?? [ 58.978004][ T1719] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 58.981227][ T1720] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 58.992217][ T1719] rust_binder: Error in use_page_slow: ESRCH [ 58.999929][ T1719] rust_binder: use_range failure ESRCH [ 59.003956][ T36] audit: type=1326 audit(1750461924.580:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1721 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a7018e929 code=0x7ffc0000 [ 59.006955][ T1719] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false [ 59.012085][ T36] audit: type=1326 audit(1750461924.598:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1721 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a7018e929 code=0x7ffc0000 [ 59.036924][ T1719] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 59.043694][ T36] audit: type=1326 audit(1750461924.617:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1721 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f5a7018e929 code=0x7ffc0000 [ 59.075251][ T1719] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:371 [ 59.085604][ T36] audit: type=1326 audit(1750461924.626:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1721 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a7018e929 code=0x7ffc0000 [ 59.132827][ T1726] SELinux: security_context_str_to_sid () failed with errno=-22 [ 59.135675][ T36] audit: type=1326 audit(1750461924.626:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1721 comm="syz.3.520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a7018e929 code=0x7ffc0000 [ 59.143922][ T1726] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=28965 sclass=netlink_xfrm_socket pid=1726 comm=syz.0.521 [ 59.202755][ T1728] fuse: Bad value for 'rootmode' [ 59.233858][ T1732] overlayfs: missing 'workdir' [ 59.300906][ T1743] input: syz0 as /devices/virtual/input/input14 [ 59.355933][ T36] audit: type=1400 audit(1750461924.926:314): avc: denied { load_policy } for pid=1744 comm="syz.3.531" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 59.365955][ T1745] SELinux: failed to load policy [ 59.388957][ T1745] rust_binder: Error while translating object. [ 59.389000][ T1745] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 59.395677][ T1745] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:241 [ 59.405130][ T31] hub 3-1:0.0: activate --> -90 [ 59.423466][ T9] microsoft 0003:045E:07DA.0003: No inputs registered, leaving [ 59.432210][ T9] microsoft 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 59.443700][ T9] microsoft 0003:045E:07DA.0003: no inputs found [ 59.450143][ T9] microsoft 0003:045E:07DA.0003: could not initialize ff, continuing anyway [ 59.548852][ T1752] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 59.548880][ T1752] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:244 [ 59.601404][ T1555] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 59.692066][ C1] usb 2-1: input irq status -75 received [ 59.772444][ T1555] usb 1-1: Using ep0 maxpacket: 32 [ 59.778929][ T1555] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 59.790133][ T1555] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 59.800332][ T1555] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 59.810219][ T1555] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.819717][ T1555] usb 1-1: config 0 descriptor?? [ 59.825917][ T1555] hub 1-1:0.0: USB hub found [ 59.908336][ T9] usb 2-1: USB disconnect, device number 9 [ 60.040344][ T1555] hub 1-1:0.0: 1 port detected [ 60.062087][ T61] usb 3-1: USB disconnect, device number 9 [ 60.062145][ T31] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 60.075456][ T31] usb 3-1-port1: attempt power cycle [ 60.651340][ T1772] netlink: 16 bytes leftover after parsing attributes in process `syz.2.541'. [ 60.769228][ T1786] netlink: 8 bytes leftover after parsing attributes in process `syz.2.548'. [ 60.778832][ T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 60.904169][ T1555] usb 1-1: USB disconnect, device number 13 [ 60.949519][ T9] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 60.963274][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 60.972459][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 60.980539][ T9] usb 2-1: SerialNumber: syz [ 61.066082][ T61] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 61.237148][ T61] usb 3-1: Using ep0 maxpacket: 32 [ 61.244566][ T61] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.256487][ T61] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 61.266964][ T61] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 61.277299][ T61] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.286864][ T61] usb 3-1: config 0 descriptor?? [ 61.293478][ T61] hub 3-1:0.0: USB hub found [ 61.459904][ T1790] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 61.507333][ T61] hub 3-1:0.0: 1 port detected [ 61.515153][ T1791] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:392 [ 61.519300][ T1791] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:392 [ 61.632637][ T9] cdc_ether 2-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.1-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 62.061300][ T31] usb 2-1: USB disconnect, device number 10 [ 62.067919][ T31] cdc_ether 2-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.1-1, CDC Ethernet Device [ 62.154321][ T61] hub 3-1:0.0: activate --> -90 [ 62.416882][ T1838] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.700965][ T1853] rust_binder: inc_ref_done called when no active inc_refs [ 62.754666][ T1861] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.780705][ T36] kauditd_printk_skb: 1 callbacks suppressed [ 62.780726][ T36] audit: type=1400 audit(1750461928.125:316): avc: granted { setsecparam } for pid=1860 comm="syz.0.564" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 62.818580][ T9] usb 3-1: USB disconnect, device number 14 [ 62.832020][ T61] usb 3-1-port1: attempt power cycle [ 62.838830][ T1867] rust_binder: Write failure EINVAL in pid:251 [ 62.839631][ T1867] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 62.841692][ T36] audit: type=1400 audit(1750461928.172:317): avc: denied { append } for pid=1866 comm="syz.3.567" name="loop9" dev="devtmpfs" ino=58 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 62.900997][ T36] audit: type=1400 audit(1750461928.228:318): avc: denied { read } for pid=1870 comm="syz.1.569" name="msr" dev="devtmpfs" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 62.932906][ T36] audit: type=1400 audit(1750461928.228:319): avc: denied { open } for pid=1870 comm="syz.1.569" path="/dev/cpu/0/msr" dev="devtmpfs" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 62.975235][ T36] audit: type=1400 audit(1750461928.228:320): avc: denied { remount } for pid=1872 comm="syz.3.570" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 63.007700][ T1885] overlayfs: failed to resolve './file1/file0': -2 [ 63.069917][ T1898] rust_binder: Write failure EINVAL in pid:368 [ 63.069988][ T36] audit: type=1400 audit(1750461928.396:321): avc: denied { ioctl } for pid=1895 comm="syz.1.580" path="socket:[13542]" dev="sockfs" ino=13542 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 63.071304][ T1897] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 63.162937][ T1913] tmpfs: Bad value for 'nr_inodes' [ 63.189436][ T1915] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 63.189470][ T1915] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:372 [ 63.262267][ T1923] rust_binder: Error while translating object. [ 63.272994][ T1923] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 63.279532][ T1923] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:429 [ 63.301779][ T1925] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 63.311360][ T1925] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:431 [ 63.318223][ T1925] rust_binder: Error while translating object. [ 63.328030][ T1925] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 63.336042][ T1925] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:431 [ 63.347597][ T1926] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 63.373949][ T1926] rust_binder: Error while translating object. [ 63.374012][ T1926] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 63.380647][ T1926] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:431 [ 63.457117][ T1934] rust_binder: Error while translating object. [ 63.466678][ T1934] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 63.471926][ T36] audit: type=1400 audit(1750461928.761:322): avc: denied { setattr } for pid=1929 comm="syz.0.593" name="NETLINK" dev="sockfs" ino=13641 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 63.473603][ T1934] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:389 [ 63.509164][ T36] audit: type=1400 audit(1750461928.808:323): avc: denied { setopt } for pid=1929 comm="syz.0.593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 63.540084][ T36] audit: type=1400 audit(1750461928.808:324): avc: denied { read } for pid=1929 comm="syz.0.593" name="snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 63.563332][ T36] audit: type=1400 audit(1750461928.808:325): avc: denied { open } for pid=1929 comm="syz.0.593" path="/dev/snapshot" dev="devtmpfs" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 63.653782][ T1952] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 63.659049][ T1952] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:441 [ 63.731102][ T1959] tipc: Enabling of bearer rejected, failed to enable media [ 63.786755][ T1965] netlink: 260 bytes leftover after parsing attributes in process `syz.2.608'. [ 63.838994][ T1967] input: syz1 as /devices/virtual/input/input15 [ 63.965391][ T1972] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 63.973914][ T61] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 64.088334][ T1976] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:421 [ 64.090433][ T1978] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=257 sclass=netlink_tcpdiag_socket pid=1978 comm=syz.3.614 [ 64.140053][ T1982] fuse: Bad value for 'rootmode' [ 64.144950][ T61] usb 1-1: Using ep0 maxpacket: 32 [ 64.150415][ T1983] rust_binder: Write failure EINVAL in pid:421 [ 64.151935][ T61] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.174972][ T61] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 64.185060][ T61] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 64.194278][ T61] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.203331][ T61] usb 1-1: config 0 descriptor?? [ 64.211114][ T61] hub 1-1:0.0: USB hub found [ 64.390551][ T1995] netlink: 12 bytes leftover after parsing attributes in process `syz.1.621'. [ 64.425281][ T61] hub 1-1:0.0: 1 port detected [ 64.439173][ T1999] netlink: 16 bytes leftover after parsing attributes in process `syz.1.623'. [ 65.001772][ T2008] netlink: 8 bytes leftover after parsing attributes in process `syz.2.627'. [ 65.038693][ T2012] netlink: 36 bytes leftover after parsing attributes in process `syz.2.629'. [ 65.073409][ T61] hub 1-1:0.0: activate --> -90 [ 65.087432][ T2017] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 65.090424][ T2017] rust_kernel: panicked at rust/kernel/sync/poll.rs:54:18: [ 65.090424][ T2017] null pointer dereference occurred [ 65.110128][ T2017] ------------[ cut here ]------------ [ 65.115832][ T2017] kernel BUG at rust/helpers/bug.c:7! [ 65.122180][ T2017] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 65.129191][ T2017] CPU: 1 UID: 0 PID: 2017 Comm: syz.1.632 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 65.142699][ T2017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 65.152880][ T2017] RIP: 0010:rust_helper_BUG+0x8/0x10 [ 65.158209][ T2017] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 f4 db e6 30 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 be 1f af bc 90 90 90 90 90 90 90 90 90 [ 65.178206][ T2017] RSP: 0018:ffffc90010bb71d0 EFLAGS: 00010246 [ 65.184324][ T2017] RAX: 000000000000005a RBX: 1ffff92002176e3c RCX: 5a42b7d46cee2f00 [ 65.192436][ T2017] RDX: ffffc90001a32000 RSI: 0000000000003b6c RDI: 0000000000003b6d [ 65.200723][ T2017] RBP: ffffc90010bb71d0 R08: ffffc90010bb6ec7 R09: 1ffff92002176dd8 [ 65.209574][ T2017] R10: dffffc0000000000 R11: fffff52002176dd9 R12: 0000000000000000 [ 65.218456][ T2017] R13: dffffc0000000000 R14: ffffc90010bb7200 R15: ffffc90010bb7230 [ 65.229188][ T2017] FS: 00007fa9d9fb86c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 65.238462][ T2017] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 65.245637][ T2017] CR2: 0000200000001000 CR3: 000000011abf8000 CR4: 00000000003526b0 [ 65.254274][ T2017] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 65.263922][ T2017] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 65.272474][ T2017] Call Trace: [ 65.276404][ T2017] [ 65.280122][ T2017] _RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x15b/0x160 [ 65.288329][ T2017] ? __cfi__RNvCscSpY9Juk0HT_7___rustc17rust_begin_unwind+0x10/0x10 [ 65.296456][ T2017] ? __cfi__RNvXs1b_NtCs9jEwPDbx20M_4core3fmtRNtNtNtB8_5panic10panic_info9PanicInfoNtB6_7Display3fmtCs43vyB533jt3_6kernel+0x10/0x10 [ 65.310373][ T2017] ? p9pdu_vwritef+0x2720/0x2720 [ 65.315494][ T2017] ? radix_tree_node_alloc+0x1af/0x400 [ 65.321103][ T2017] ? __cfi_p9pdu_vwritef+0x10/0x10 [ 65.326481][ T2017] ? p9pdu_vwritef+0x1c5e/0x2720 [ 65.331571][ T2017] _RNvNtCs9jEwPDbx20M_4core9panicking18panic_nounwind_fmt+0xec/0xf0 [ 65.339701][ T2017] ? __cfi__RNvNtCs9jEwPDbx20M_4core9panicking18panic_nounwind_fmt+0x10/0x10 [ 65.348622][ T2017] ? p9pdu_writef+0xdb/0x130 [ 65.353277][ T2017] ? p9pdu_vwritef+0x2720/0x2720 [ 65.358362][ T2017] _RNvNtCs9jEwPDbx20M_4core9panicking30panic_null_pointer_dereference+0x49/0x4c [ 65.368125][ T2017] _RNvMNtNtCs43vyB533jt3_6kernel4sync4pollNtB2_9PollTable8from_ptr+0x40/0x40 [ 65.377367][ T2017] ? _RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0xce/0x570 [ 65.385954][ T2017] _RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0xe2/0x570 [ 65.393914][ T2017] ? p9_client_prepare_req+0x732/0xa10 [ 65.400027][ T2017] ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10 [ 65.408564][ T2017] ? __kasan_check_write+0x18/0x20 [ 65.414187][ T2017] ? _raw_spin_lock+0x8c/0x120 [ 65.419001][ T2017] ? tun_chr_poll+0x127/0x770 [ 65.424175][ T2017] ? _raw_spin_lock+0x8c/0x120 [ 65.429423][ T2017] ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10 [ 65.437713][ T2017] p9_fd_request+0x446/0x520 [ 65.442351][ T2017] p9_client_rpc+0x2f9/0xb40 [ 65.447255][ T2017] ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10 [ 65.455824][ T2017] ? p9_fid_create+0x3d0/0x3d0 [ 65.460719][ T2017] ? __cfi__RNvCshgDM7dBCdno_11rust_binder16rust_binder_poll+0x10/0x10 [ 65.469360][ T2017] ? p9_conn_create+0x4c9/0x570 [ 65.474559][ T2017] ? p9_fd_create+0x2f3/0x4c0 [ 65.479430][ T2017] p9_client_create+0x96a/0x1190 [ 65.484703][ T2017] ? __cfi_p9_client_create+0x10/0x10 [ 65.490209][ T2017] ? kasan_save_alloc_info+0x40/0x50 [ 65.495553][ T2017] ? kasan_save_alloc_info+0x40/0x50 [ 65.500903][ T2017] ? __kasan_kmalloc+0x96/0xb0 [ 65.505713][ T2017] ? kstrdup+0x7b/0x140 [ 65.509983][ T2017] ? __kasan_check_write+0x18/0x20 [ 65.515266][ T2017] v9fs_session_init+0x1e1/0x1820 [ 65.520522][ T2017] ? __cfi_v9fs_session_init+0x10/0x10 [ 65.526210][ T2017] ? kasan_save_alloc_info+0x40/0x50 [ 65.531631][ T2017] ? __kasan_kmalloc+0x96/0xb0 [ 65.536597][ T2017] ? v9fs_mount+0xbd/0xa00 [ 65.541190][ T2017] v9fs_mount+0xd7/0xa00 [ 65.545550][ T2017] ? selinux_sb_eat_lsm_opts+0xa69/0xb40 [ 65.551420][ T2017] ? __cfi_v9fs_mount+0x10/0x10 [ 65.556335][ T2017] ? selinux_capable+0x38/0x50 [ 65.561304][ T2017] legacy_get_tree+0x103/0x1b0 [ 65.566845][ T2017] ? __cfi_v9fs_mount+0x10/0x10 [ 65.571913][ T2017] vfs_get_tree+0x9e/0x290 [ 65.576542][ T2017] do_new_mount+0x251/0xb40 [ 65.581715][ T2017] path_mount+0x688/0x1050 [ 65.587079][ T2017] ? putname+0x113/0x150 [ 65.592182][ T2017] __se_sys_mount+0x2bd/0x480 [ 65.597147][ T2017] ? __x64_sys_mount+0xf0/0xf0 [ 65.602325][ T2017] ? __kasan_check_write+0x18/0x20 [ 65.608341][ T2017] ? fpregs_restore_userregs+0x11d/0x260 [ 65.614584][ T2017] __x64_sys_mount+0xc3/0xf0 [ 65.619750][ T2017] x64_sys_call+0x2021/0x2ee0 [ 65.625020][ T2017] do_syscall_64+0x58/0xf0 [ 65.629676][ T2017] ? clear_bhb_loop+0x35/0x90 [ 65.634441][ T2017] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 65.640415][ T2017] RIP: 0033:0x7fa9d918e929 [ 65.644956][ T2017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.664952][ T2017] RSP: 002b:00007fa9d9fb8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 65.673750][ T2017] RAX: ffffffffffffffda RBX: 00007fa9d93b5fa0 RCX: 00007fa9d918e929 [ 65.681850][ T2017] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 0000000000000000 [ 65.690445][ T2017] RBP: 00007fa9d9210b39 R08: 0000200000000240 R09: 0000000000000000 [ 65.699580][ T2017] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 65.707665][ T2017] R13: 0000000000000000 R14: 00007fa9d93b5fa0 R15: 00007ffc625e2958 [ 65.715685][ T2017] [ 65.718726][ T2017] Modules linked in: [ 65.723008][ T2017] ---[ end trace 0000000000000000 ]--- [ 65.729554][ T2017] RIP: 0010:rust_helper_BUG+0x8/0x10 [ 65.735012][ T2017] Code: cc cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 f4 db e6 30 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 <0f> 0b 66 0f 1f 44 00 00 b8 be 1f af bc 90 90 90 90 90 90 90 90 90 [ 65.756691][ T2017] RSP: 0018:ffffc90010bb71d0 EFLAGS: 00010246 [ 65.763069][ T2017] RAX: 000000000000005a RBX: 1ffff92002176e3c RCX: 5a42b7d46cee2f00 [ 65.771488][ T2017] RDX: ffffc90001a32000 RSI: 0000000000003b6c RDI: 0000000000003b6d [ 65.772698][ T2023] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=2023 comm=syz.1.632 [ 65.779592][ T2017] RBP: ffffc90010bb71d0 R08: ffffc90010bb6ec7 R09: 1ffff92002176dd8 [ 65.779621][ T2017] R10: dffffc0000000000 R11: fffff52002176dd9 R12: 0000000000000000 [ 65.779636][ T2017] R13: dffffc0000000000 R14: ffffc90010bb7200 R15: ffffc90010bb7230 [ 65.779654][ T2017] FS: 00007fa9d9fb86c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 65.797453][ T2023] rust_binder: Failed to allocate buffer. len:4224, is_oneway:true [ 65.800656][ T2017] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 65.800681][ T2017] CR2: 00007fa9d9f97d58 CR3: 000000011abf8000 CR4: 00000000003526b0 [ 65.809402][ T2023] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 65.817036][ T2017] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 65.826212][ T2023] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:394 [ 65.834551][ T2017] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 65.885411][ T2017] Kernel panic - not syncing: Fatal exception [ 65.891888][ T2017] Kernel Offset: disabled [ 65.896251][ T2017] Rebooting in 86400 seconds..