last executing test programs: 1m37.907970983s ago: executing program 1 (id=725): mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', &(0x7f0000000140), 0x4800, &(0x7f0000000180)=ANY=[@ANYBLOB='defcontext=\"']) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0xc8040) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) r2 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_pidfd_open(r2, 0x0) setns(r3, 0x24020000) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) mount_setattr(r4, &(0x7f00000003c0)='./file0\x00', 0x8000, &(0x7f0000000380)={0x8d, 0x80}, 0x20) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$binderfs(&(0x7f0000000000), &(0x7f0000000040)='./binderfs2\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000240)={[{@stats}, {@max={'max', 0x3d, 0xfffffffffffffffc}}, {@stats}, {@max={'max', 0x3d, 0x5}}, {@max={'max', 0x3d, 0x91d}}, {@stats}, {@max={'max', 0x3d, 0xc}}], [{@subj_role={'subj_role', 0x3d, './binderfs\x00'}}, {@audit}, {@smackfsroot={'smackfsroot', 0x3d, 'binder\x00'}}, {@seclabel}, {@uid_lt={'uid<', r5}}, {@subj_user={'subj_user', 0x3d, './binderfs\x00'}}]}) 1m37.902387283s ago: executing program 1 (id=726): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) unshare(0x22020600) r2 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x4) r4 = openat$cgroup_ro(r3, &(0x7f0000001100)='pids.events\x00', 0x5000000, 0x0) readv(r4, &(0x7f00000012c0)=[{&(0x7f0000000100)=""/4096, 0x1000}], 0x1) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) timer_create(0x3, 0x0, &(0x7f00000001c0)=0x0) pipe2(&(0x7f0000000280), 0x6a0e1ac3bcf5b3d4) timer_settime(r5, 0x1, &(0x7f0000000340)={{}, {0x0, 0x9}}, 0x0) prlimit64(0x0, 0x6, &(0x7f0000000140), 0x0) setreuid(0xee01, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setresuid(0xee01, 0x0, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cc, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range(r0, r0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000006040), r6) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000006080)={'wlan1\x00', 0x0}) r9 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000340), 0x802, 0x0) write$uinput_user_dev(r9, &(0x7f0000000d80)={'syz0\x00', {0x6, 0x0, 0x6, 0x7}, 0x28, [0xfffeffff, 0xe, 0xfffffffb, 0xc, 0xae2, 0x3, 0x8f, 0x81, 0x0, 0x7, 0x0, 0xfffffff9, 0x5, 0x32, 0xd7da, 0xe, 0x9, 0x8, 0x4, 0x1, 0x6, 0x4, 0x200, 0xfbd, 0x5, 0x26, 0x2004e6f, 0xf, 0x77ed, 0x506c, 0x1ff, 0x0, 0x3fb, 0x0, 0x2, 0x9, 0x2, 0x4, 0x5, 0x7fffffff, 0x4, 0x182, 0x7, 0x65, 0x1, 0x3, 0x3, 0xe, 0x1, 0xff, 0x1, 0x46c10233, 0x4, 0x11, 0x5, 0xfffffef7, 0x6, 0x6, 0x3, 0xfffffffa, 0x0, 0x3, 0x3f, 0xffff], [0x401, 0x6, 0x6400000, 0xa, 0x1, 0xc70, 0x5, 0x1, 0x5, 0x1, 0x8001, 0x1000, 0x1, 0x10, 0x4, 0x4, 0x0, 0x1, 0x2, 0x5, 0x1, 0x1, 0xf2c, 0xfffffffc, 0x4d, 0x7, 0x3, 0x8001, 0x80000001, 0x5, 0x0, 0x0, 0x9, 0x5, 0x0, 0x9, 0x1, 0x6, 0x6, 0x3, 0x9, 0xcc, 0xfffffff1, 0x4, 0xa, 0x1, 0x9, 0x8, 0x7, 0xffffffff, 0x0, 0x400, 0x401, 0x8, 0x5, 0xffff25d2, 0x6, 0x2, 0x8, 0xc34, 0x10000, 0xf, 0x400, 0x8], [0x1, 0x9e, 0x5, 0x4, 0xd7b, 0x0, 0x1, 0x12d00, 0x3, 0x0, 0x2, 0x2, 0x4, 0x7fffffff, 0x2, 0x2, 0x7fff, 0x1, 0x649, 0x8, 0xc8, 0x7, 0x1, 0x6, 0x10001, 0xfffffff5, 0x1, 0x7, 0x4000000, 0xa3a5, 0x401, 0x7, 0x20, 0xa835, 0x0, 0xfffffffa, 0x7a, 0x0, 0x101, 0xe95, 0x3, 0x75f, 0x7fb, 0xffffffff, 0xfff, 0x323fe7cb, 0x2, 0x8a3, 0x6, 0x0, 0x6, 0xff, 0x9b, 0x9288, 0x9893, 0x81, 0x0, 0x3, 0xff7ffff7, 0x6, 0x80000004, 0x9, 0x1000, 0x2], [0x8, 0x200, 0x27a, 0x400, 0x3, 0x30677018, 0x1, 0x2, 0x40044, 0xfffffffd, 0xfff, 0x1cf, 0x6, 0xc, 0x4, 0x400, 0x80000000, 0x0, 0x401, 0x1, 0x219, 0x8, 0xa, 0x6, 0xff, 0x80, 0x7, 0x200, 0x8, 0x7, 0x0, 0x8, 0xfffffffd, 0x6, 0x7, 0x8, 0x1, 0x9, 0x0, 0xedc, 0x8f1, 0x4, 0xeed, 0xd370, 0x1, 0x6b3, 0xb358, 0xe, 0x0, 0x5ef, 0x8000, 0x10000, 0x5fc00000, 0xb, 0x7fffffff, 0x1b, 0x7, 0x6, 0x5, 0x0, 0x4, 0x7, 0x262, 0x635d]}, 0x45c) ioctl$UI_SET_EVBIT(r9, 0x40045564, 0x3) ioctl$UI_DEV_SETUP(r9, 0x5501, 0x0) write$uinput_user_dev(r9, &(0x7f0000000900)={'syz1\x00', {0x9, 0x0, 0x6}, 0x37b4, [0xfeff, 0x4, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x3, 0x100, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0xbffffffe, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x1, 0x9, 0x1, 0x20000003, 0xffffffff, 0x0, 0xffff, 0x0, 0x20, 0x6, 0x5, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6, 0x0, 0x7, 0x0, 0x6, 0x0, 0x0, 0x20004, 0x0, 0x0, 0x105], [0x10, 0xffffffff, 0x7, 0x0, 0xffffffff, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x7, 0x0, 0x0, 0x0, 0xbb, 0x1, 0xfffffffc, 0x5, 0x800, 0x0, 0xfffffffc, 0x0, 0x100, 0x20000, 0x3, 0xec6a, 0x5, 0x40000000, 0xffffffff, 0xfffffffc, 0x7fffffff, 0xfffefffd, 0x7fffffff, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffc, 0x0, 0x18c, 0x0, 0x0, 0x2, 0x5, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x4, 0x4000000, 0x80, 0x4, 0x4, 0x0, 0x7, 0x800000, 0x7], [0x10000, 0x4, 0x0, 0x0, 0xffffffff, 0x1, 0xa000000, 0x1ff, 0x9, 0xffff7fff, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, 0x4000, 0x10000, 0x0, 0x0, 0x520, 0xc, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0xfffffffd, 0x0, 0xfffffffc, 0x2af, 0x0, 0x9, 0x0, 0x10000, 0x3, 0x0, 0x0, 0x0, 0x6, 0x400, 0x0, 0x0, 0x0, 0x82ce, 0x0, 0x3, 0x0, 0x0, 0xff, 0x4000005, 0x0, 0x4, 0x2, 0x400000, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x6, 0x0, 0x401, 0x0, 0x211, 0x4, 0x0, 0x100, 0x3, 0x0, 0x0, 0x80, 0x0, 0x3, 0x0, 0x2, 0x5, 0x7fff, 0x0, 0xd, 0x800000, 0x0, 0xfffffffe, 0x0, 0x0, 0x4, 0x8000000, 0x0, 0x9, 0x3, 0x0, 0x0, 0x6, 0xbfb6, 0x4, 0x4, 0x3, 0x0, 0x0, 0x1, 0xffffffff, 0x100, 0x0, 0x6, 0x3, 0xfffffffd, 0x53591b27, 0x3fffffd, 0x0, 0x0, 0x5, 0x400, 0x7, 0x9, 0x0, 0x0, 0x80000000, 0x1000000, 0x0, 0x5]}, 0x45c) sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000006180)={0x0, 0x0, &(0x7f0000006140)={&(0x7f0000000200)=ANY=[@ANYBLOB='T\x00\x00dq\r\x00', @ANYRES16=r7, @ANYBLOB="11002bbd7000fddbdf250700000008000300", @ANYRES32=r8, @ANYBLOB="0c009900fbfffffffcffffff08000500070000001400040070696d726567000000000000000000000a00180003030303030300000400cc00"], 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x10) 1m37.058474029s ago: executing program 1 (id=729): r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000), 0x381001, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_LINK_TOL(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r2, 0x1, 0x70bd26, 0x25dfdbfd, {{}, {}, {0x4c, 0x18, {0xdd, @link='broadcast-link\x00'}}}}, 0x68}, 0x1, 0x0, 0x0, 0x4004000}, 0x800) (async) syz_genetlink_get_family_id$nl80211(&(0x7f0000001340), r1) (async) syz_genetlink_get_family_id$tipc2(&(0x7f00000013c0), r1) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001640), r1) sendmsg$MPTCP_PM_CMD_REMOVE(r1, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000016c0)={0x2c, r3, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x18, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast1}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc001}, 0xded4a1e4217ab166) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', 0x0}) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x70, r3, 0x800, 0x70bd27, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}]}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4c, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x3}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x39}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x8000}, 0x4040) mount$binderfs(0x0, &(0x7f0000000280)='./binderfs\x00', 0x0, 0x2000063, &(0x7f0000000040)={[{@stats}]}) 1m37.03192789s ago: executing program 1 (id=730): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000600)='./binderfs/binder1\x00', 0x800, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x228b}) r1 = socket$tipc(0x1e, 0x5, 0x0) r2 = socket(0x1e, 0xa, 0xfd) sendto(r2, &(0x7f0000000740)="120000001200e7ef1dc55d1e24007500913f26653fba0000", 0x18, 0x0, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='proc\x00', 0x20, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00', &(0x7f00000001c0), 0x100) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f00000002c0)=0x20) r4 = openat(0xffffffffffffff9c, 0x0, 0x20842, 0x22) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) rename(&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='./file1\x00') recvmmsg(r2, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000780)=""/227, 0xe3}, {&(0x7f0000001e40)=""/219, 0xdb}, {&(0x7f0000003500)=""/4096, 0x1000}, {&(0x7f0000001d80)=""/161, 0xa1}, {&(0x7f0000000680)=""/134, 0x86}, {&(0x7f0000002c40)=""/146, 0x92}, {&(0x7f0000002d00)=""/128, 0x80}, {&(0x7f0000000000)=""/260, 0x104}, {&(0x7f0000000140)=""/88, 0x58}], 0x9}, 0xe}, {{0x0, 0x0, 0x0}, 0xa}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0xffffffff}, {{0x0, 0x0, 0x0}, 0xfffffffe}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}}], 0x7, 0x400020c1, 0x0) bind$tipc(r1, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x200, 0xfffffffd}}, 0x10) r5 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r5, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x3, {0x0, 0x0, 0xfffffffd}}, 0x10) socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r4, &(0x7f0000000180)=@id={0x1e, 0x3, 0x0, {0x4e24, 0x1}}, 0x10) r6 = syz_open_dev$evdev(&(0x7f0000000280), 0x100, 0xcf7c2ecd2e7688c5) ioctl$EVIOCGBITSND(r6, 0x80404532, &(0x7f0000000980)=""/4096) r7 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000340)=0x6, 0x4) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="540051bc96f30372bb437d3a0000", @ANYRES16=r8, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002004e22ac14140f00000000000000001400020002000000ffffffff0000800000000000000001007564703a73797a3200000000d72fee3a91eab84bb3ebe04a8563085063755cd6a7df6f32db93a28f3ddf11a7e4fc081b3d0af022246e31dcf16bf6f879c84ed1e6285ce34758cb4dd2e422722d12a5d81c0d5cb54e5cbaef1baeb58c06e101e58ae992f1cb15a6b097ecdcaf9b0ed9c1b69f817cc86063471588ad48ec4d04b3863f38c38b5c3b20f6"], 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(r3, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40081}, 0x4044044) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x58, 0x0, &(0x7f0000000400)=[@dead_binder_done, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000100)={0x30, 0x30, 0x30}}, 0x400}], 0x54, 0x0, &(0x7f0000000480)="f433f37e209b678f1b09a098aa77d9ba5718a19491b7ee8db65998f822616f652515d96f86c8d6f86100a1e006ca600cf8d0590b6aea74aadd60ae2f3b8fe3f66c5305f2e2d6d7e102ce60e1e849537011171512"}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_handle={0x77682a85, 0x1100}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x0, 0x28}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0}) 1m36.976121231s ago: executing program 1 (id=731): sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x10000001, 0x0, 0x4, 0x7, 0x0, 0x0, 0x0, 0x77}, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x8, &(0x7f0000001b80), &(0x7f00000004c0)=0x80) open(&(0x7f0000000000)='.\x00', 0x0, 0x0) (async) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) fsetxattr$security_selinux(r1, &(0x7f00000000c0), &(0x7f00000001c0)='system_u:object_r:inetd_exec_t:s0\x00', 0x22, 0x0) (async) fsetxattr$security_selinux(r1, &(0x7f00000000c0), &(0x7f00000001c0)='system_u:object_r:inetd_exec_t:s0\x00', 0x22, 0x0) readv(r1, &(0x7f0000000140)=[{&(0x7f00000002c0)=""/177, 0xb1}], 0x1) (async) readv(r1, &(0x7f0000000140)=[{&(0x7f00000002c0)=""/177, 0xb1}], 0x1) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) 1m36.975869271s ago: executing program 1 (id=732): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x100, 0x0) ioctl$BLKOPENZONE(r0, 0x40101286, &(0x7f0000000000)={0x1000, 0x1000}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x8fe69000) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r1, 0x0, 0x7, &(0x7f0000000040)=0x10, 0x4) mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x10}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r2, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffc000/0x2000)=nil, 0x2000}, 0x4}) mlock(&(0x7f000028c000/0x1000)=nil, 0x1000) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000137000/0x400000)=nil) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x17) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000080)=0x0) sched_setattr(r3, &(0x7f0000000100)={0x38, 0x0, 0x51, 0x0, 0x9, 0x2, 0x39c4000000000000, 0xdc1f, 0x5, 0x3}, 0x0) r4 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000140)) ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000240)={0x60, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x4, 0x0, 0x0, 0x8, 0x40, 0x15, 0x4d}) r5 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000180)={{&(0x7f0000470000/0x1000)=nil, 0x1000}}) r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x165c00, 0x0) close_range(r6, r5, 0x2) ioctl$VT_RELDISP(r5, 0x5605) 1m36.965950871s ago: executing program 32 (id=732): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x100, 0x0) ioctl$BLKOPENZONE(r0, 0x40101286, &(0x7f0000000000)={0x1000, 0x1000}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x12, r0, 0x8fe69000) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_int(r1, 0x0, 0x7, &(0x7f0000000040)=0x10, 0x4) mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x10}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r2, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffc000/0x2000)=nil, 0x2000}, 0x4}) mlock(&(0x7f000028c000/0x1000)=nil, 0x1000) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000137000/0x400000)=nil) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x17) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000080)=0x0) sched_setattr(r3, &(0x7f0000000100)={0x38, 0x0, 0x51, 0x0, 0x9, 0x2, 0x39c4000000000000, 0xdc1f, 0x5, 0x3}, 0x0) r4 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000140)) ioctl$PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f0000000240)={0x60, 0x0, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x4, 0x0, 0x0, 0x8, 0x40, 0x15, 0x4d}) r5 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece) ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000180)={{&(0x7f0000470000/0x1000)=nil, 0x1000}}) r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x165c00, 0x0) close_range(r6, r5, 0x2) ioctl$VT_RELDISP(r5, 0x5605) 3.703726858s ago: executing program 2 (id=1665): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x1002, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00', 0x5}) ioctl$TUNSETPERSIST(r1, 0x400454cc, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range(r0, 0xffffffffffffffff, 0x0) 3.60397106s ago: executing program 2 (id=1666): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x5, 0x8031, 0xffffffffffffffff, 0x6b80e000) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2401, 0x0) setitimer(0x1, 0x0, 0x0) clock_adjtime(0xffffffd3, &(0x7f0000000000)={0x10000, 0x6, 0x2, 0x0, 0x7, 0xb, 0x651, 0xfffffffffffffff9, 0x8000009657, 0x1, 0x7fffffff, 0x10, 0x10, 0xb, 0x80000000000000, 0xcc2, 0x1, 0x100000000001, 0x94d6, 0x0, 0x0, 0x809, 0x0, 0xfffffffffffffffa, 0x3, 0x9}) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x165342, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) mprotect(&(0x7f000000b000/0x2000)=nil, 0x2000, 0x4) r1 = socket$inet_icmp(0x2, 0x2, 0x1) getsockopt$inet_buf(r1, 0x0, 0x30, &(0x7f0000000040)=""/200, &(0x7f0000000140)=0xc8) write(r0, &(0x7f0000000400)="547bbee68789313efe846d6698abfeac0d12b144933fa6f684f1ba13b34680bf4b9ea70f71faa2a82a45ab47458c1f827355ad34033fbb8b9699eb0b279252dfcf29e377e14dcfbde42857cbf2aa88d3dad8ec2deea7afe4e747fa392fe01d425970fb2dd7a000ea3889f0d9021f347818106963e18c256e3df26b41c61d30284a8ad61c6269756119d62e3a7a24c1dcd09d3eb35dfee6ec945ac190c4797988e0d7f6f38bf9b124431dd8208a9208195a70c8e558c216e78d5f5b3f6df6f155e16bf7dd8f4e9eaf61d5142a82da7a87aeca19c25b631cd8a14ce9f2fc8dbcd05f51dc9260abc82d780c9358bd6411ebf48520694d413024432d0bfc3759a620289c9c8705009fd829da6eb5b72b454436b0af8e9dc4941ca2cff92561cad984e15849dcd73f04c7f70a30304da2fbc17f421767ad5ce47ed79d6698428eada9a39faa02f978699bc8c482224a2d5f85cc1135ea92ac1c610e32f1e7c82da6d91e0c8634da679760c32c3e891db352b76b61a65bbdd023e093a8e0d37fd8cd00679cb1bceaac84b05861740c221b2cb4afa1ce8b091c815fc4bd83995b5bf5dcdf2912572cf6180ec27445404917ff9e8e6604e2afc19a1bb3745914f0a101e03e44ea5f64d40402f12a81310c97086fb01d04e82799c40f29348eb283ad58a40d608a47fbf9a25dbb308aa03b2425ffa896e1a70a37cf49e6dbdeda39ee88aadb26811eba78a0dfe5400a51428c31582edcc5f75b5dd963707a54b9b1e35f9966995d6474acbf7094124cecf38369aba3f6a5e3ad071f5e3df902843a3947623fe01571d97625c3e27721b08a6f85fd7b879acd400de5beabdd2603d566fdb4018bf8bd74c3ea1ae67c988992c7dab4ebcf501a73815e1b527d3ff1cf9e729d55127118565f794d253fef25609e5a415615d1b5fca5381b49446d9b9e75fbfcdd9218b0d8d8d965871b897544e32fd0b4cb5600ffdcdb0056bcad75216759590f8a94db82b0acd2a5a34e5c34241a19f1a7a7cceb894341f55c6b474f3cc052f9863a67519dfadee6576f08d7448929424c13e845e2e636b87dc14e1ab4ad05d69f896ca1bc5c1267befb686c4207e21aa30bdae1d1602d3e4080784834e213c426ba5446f90d3b3885a5d6942c6b0e637f5bb9c7908460bd7d04497ab054c8fc7f89068f7535976ad051bfe94c243ce7604a63b2099b69f1ed73590a318fad9a170fa0cddfe60e981a92de2e1aab3465b11a968108e08deadfa1fa546c4cbc0c34ac28597848562583ae8d93cb60f2e06c7a1f743add51eb8cd732b40d48fde00117cb2d654100dfcc66b7c9fefac80e137caa5cf43ae897780251a3ebbc4ddd3b003168963c9e2c9446cb29731fc4bbb5e551aca6913f7b8576ce34012581b5a363917970399ca369688e637cf06ff3c8114383d2fcbf9c69f1ca63cd21695254a440df5ef0a8abfdbd0a651a533b6cdb82382e3bd70f87c1d3eb0a6e22452605026fafe6d35158c0728c1050a39330c80ee2ee0b09366fc6382883ecd0796feec657b36aee4091471e406e9faffd5ede27943e5fbf1b7249ab8bad71f60063697f04db52e980a9fb3eb5e53b89be8a5f0e6afea7435789ecd444c28eb411cdc2158e434178749f36cc957dbd17efb2b218592f78d6864f2708e8c6db2da0d3f6de53959afec0c90d3d62a13a0bc3857bce58d81223eddd05cf3c1ec6b3fc5307d0f16d470f2065300295197e9fa81d2e5574b2c7b18f1c6c85156a9b1174d62dcd3cb026f4b67e6babd66c8f427b9687585f37b18c82e0100507035e78ce010b78ea1b5d3884db25df36ae929dd535a854a31cba5e47655873df72be7463c600b704e9da0e7cb2d61d0710248814ecced2eef8f227c8aec308c2c9d0a39d1a6b306080e8eaef8edece0f6d0d1612c582d70c3999a1a6bd529538f51ba4869ce74bc8509a7126d96db118cdb55411a36f4361d53c8027c12a7486e9c84e4de445b454630be27bdc2ec268702d9c1890297bdd1fc7a235f1a47f4645d286146f3cb9a7ce650f4157a1e7f134eb1815001d59905d3103efad3c66479330e8a5da941c9c38bf21bc0770e3fd56cafa19ad6e9d51f94ed4f900062b5602653aacdcc956aeecfb1dd613caf918e1ca8ef2e1504c42768e77df43569d5fe4b48c237cad5285c578b26b4e47c8ce06fd2686e17eb6d5df5645d0fdde7782216be07a1135dabc3a59598bdbab249c5391832f18ac5163aa7a1a890128a4520835a53eb750604c5e328ecb3216516b3eba3f97652caeb4327da8865880a932dc8e7668666ac3b76a2a424ca37b5dfb52495710611e20790427a9f9e7ac59bb86f0fb7a17a5def347a98dd8e733b784d78d5c7f16f327a2606d4252411457465540a60b0757802f470d08337c0fe4eee5f5cfe4f296d0f7068e80828a022c95632beb7b7f802135e246b1adebebf24c821dee7205e9fe1a437b16aaa8dcb4a58b0bdbc8dbc2fce09271c27430cc9ca8141955ec5ff4228627c3816cfe1bb2c0f40f6a61e8bfa4e2dd744e41ed80b83e9aef77119f4b062b98e86690711e83e795bafa7a8db16f241cee76aa01ff749100c113fda966aa8c83ebe975f760c18e3864065a5de6e8028a9e3199f4acff11e14bb13bc50faf97fdeab46edc371e55cab78841a2de17ca116b0183ac38b658c57a64ab11bb0de071c971a7a5175ad0bac6ac1d1118230a5412a35bd005b369df0e04e749ea93d7e56f713b9ceff580547a2a76ea4753a78b4a5cd0311024c5536b536c8ede63bac8e8b4c5851248d9098a7c6bcc3d5f209178b45aef3c1afa4ab73d8feac3e1f771626d73d85f72dc15d16bd3b7b93e622626f6f3d96b4425d328236cf1579f1ca834a7b318b012e27b9a2dc528189cf1eb3705d90de50ce7ac0c256b7e41500113e164fb7d53c74c6f829552a5bce73eeab9a46d01551bdab18fd3a7e82b036872f1e876b12c5676f63a6ef0c6ff159788a0c2fc40f179a259c656e8aba9295e90027e74ef910ce3c56d6e2de917947410b05603b6a5052453f13e6ac058b3f621573bfe6224bad8c3a5f575e1eb774839cb554c53c9b3ad623df6c5c9627cce856f9ba5847557bc9f854cbb37a936f20a733ba352ee5b343b941290a399fb862434d1b551da420053cad3bad65195cde40b345740e30e9a22619add8aedb763473b729c0649f7a1ea45325534c9b629a1fe3a54a78fe44969715182c6df5c9ecf6878380831b2996579332ac37286e72ab16824c3fc9ef8d74a7f1f5cf80fa37f6bb990db3a7a70139887a4eba0763247c58f4fe770a0496a5ef49a3ba4d62bb900644d49b5fba7e58d58af6ae50c96da346618434ed46b8f4c27cde5e8863d5b090dc117f3b16db2c4273fa84f8b06d3df436bf4a8cfa6d33d7f0e78ef422d5d7640c821398c9adf4d6ccb1b2f7cd0e497023cfdd6b5bb9ad6a29edb8b78fb3322414cad1458eb12699853acb165076db7088f518386380850c111cbe74034ddbfe217db714325ebc4d6b46eba640cf125b87eed0832077ab775e475e431079756b3da6f9bb3c861ce7eabf6adf70b76eb9642a1bab3d7afef2d7b40c8a19b98123ad7449c1039c494e73bc91a86e8e92c39a9482cf60605b9e5c209262c4fcfde76ee370bd6a78253b64c5cbb19a11b34c5a9ccf634c52751277268cd97e795b43867af5a4db51bd631ac547906fd52aff43eb98edacecf08f94a060902b5cb82e87ec856305005bd1150e581d9717460e31ba724da5e7ad72fa580f8509fe838dbc1bfbbf53e29688f25ca602d2de702e4411d3d133e2ab2f454f71f98efc2cd0eb468544cacf608c6689ef122009cf61e813e26b7b2b1695143fcd510f509ec2bf7205e674ba6767eaa29605c51e434c298bde0969617292e960d22b085632d241aa2a8e0f6ac6f2d56d0ed2c6bd3eca306a3224915065894480e737c7d7a11901bb7f977525cfcab652476baab0fd3b68dc59fd14ccdd6248bd5c5a0ab1dbae28a848b2d4ad0d973bb149ff4115b0436b7d145a6f8081d314039131f60dc8ed0ccf2c4971f0a59a65b3b1ef638e6d009dff793a4b7266c58f88bb117d665cae8fc6f6c2840470333bdbc8df12c6633a6ac7b664e089a85dc6d49f52459dd2df1be552194eef6027c1b45f62b97647788c3325f05609c1e02cbc9a18be72e4b502df719e4f9cb82615e3a03b5732328e552023dbfdcf91ed5ab51242e7d09a9b73674f0946976d8a8fa9288dce4d54d5820a0f0053b892685f79a6c8dbac724fce4d24a7b75e383f54ac58af3951d666a22f158637acc4f0e09e248e85f8e1439501afc0d5b7e9eab40fa737ae93482a1e29f3e327fa31d0d764c65ab976af1eb91fe08c5bc10a48b93453ad192d1d538cf93b792a70246bde99f46a78b670edea552840e08c787c928ee311f954b73d07287a59b470e38d4e624ddba8e4b21a74d7c07cc684b0ea82212129901029e74312866722dfa2dc53de3e8ddc00adc21deb7510ed15c50d139296297408da3d6beb589e7bb3f1d74e4e8dddec14b9cdf371d7f142136cdca5644d09edd97228a0abcd2e7b402c5cc68683cb980f50ca7aea8338dc5990a6ebb2d2b95a3deecc45f5a4f4e0e40a57e29f3e227c41db00e17dc962e2ea3184b5057c89974bcab651a22e588a527d7d8ec695e7ab5622c1ad3763d045a8393b7acfa04488556ac957777d1aebfc5d0e2a8150a6984d5607ac2400789d8f622c837d6a9b78fcc2d8aa872949edde53e3a99b5f5bf35bff5f0db7874ad3f172f9d8dd6cbb17a770b1482c79b9a15605cd0d89c6bae9aa6db8e886cfff8f843b99df95dde88c96202ae6ced4d539a3f70997ee7b2bdb7bbe529f9bc55b143066de8d9dcd7fa38c54094f2235e4a17ef8e910b4d48c373ce5e6fc9824ca8f115e579b002df16c591557cd6cac1363b8d8fc656075ca703a87f1efa76e4122eb7358389f659681fb49cb82215f73b284a7678b8b1528472d0cfab1980ee3d4410bdc1c31f1f798c3ca5744077e2f6cb4ca6e415f1e3afc8c00dd95d3307de5428883513f01ed19dde487e1c103619fd78583f09d02982512e0ee20a670b3b24986dcb7431f1ef3fd12e801bb2454213ff7b1962a464647eb4c8125cf2ed098160da880024a98add9b2917e133dcee7a8e25387fd5bf2b3f8fb05b2f7ed5f719b30b9cca4b1754e31d48bd2ec79e7e9c155130ea5f0876f3bb4d94ac74b209633ecb03deb8b9448e8cf4b4bcb04ffdb38ac457881f84636246a4e5e7773166129fb8b7803c6dde0ee69fd1f76f1d93b729eacc9d8dbd6e61e638a3f8de972a824936b1d869a15daaa21db04760e9110c5b7c736671d31a72fcd57a6f7424c898791cafa21a48921215a78d60a367aa7c6284a1aaa1fee0c5291bdc91bf8c032c9917fd28e68fc046ea4b17952f1abbe01af5f19e4fa99fc6a985f6264f9efbb208e6146d3465cc603ef36d3d59b5197bca1696bf5658b60cf0e0455cb1e174e52c4acb712a3ed9202a1ae334427b93305939c7f15e9e5eed09b5fc8d1e3836720d46d133841d4482ec2427d3002d95bce996b4b2d5b59b2a43970afe35517674bfdd8807931697422045f60641138fefa27865b9d477ef04847dd02d305e8f15e228522e54d1ffda6d5b26ad831146c66e6f9153ebeb0785ea75283df66816d771c7e4297c1686d06494a59046313169f2e2b4988a2758198fcb166d9d112d187a4456503e6c0bdfb390c89dcebf3cb8260a27fdebddbc6071857010ad4c59c062db35a4", 0x1f000) 3.551288741s ago: executing program 2 (id=1667): r0 = socket$tipc(0x1e, 0x2, 0x0) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x10f, 0x84, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) close_range(r1, r1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00') read$FUSE(r2, &(0x7f00000043c0)={0x2020}, 0x2020) socket$xdp(0x2c, 0x3, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x44, 0x0, &(0x7f0000000440)=[@reply={0x40406301, {0x4, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x58, 0x18, &(0x7f00000002c0)={@ptr={0x70742a85, 0x0, &(0x7f0000000200)=""/183, 0xb7, 0x2, 0x16}, @flat=@handle={0x73682a85, 0x100a, 0x1}, @flat=@weak_handle={0x77682a85, 0xa, 0x10000000}}, &(0x7f0000000080)={0x0, 0x28, 0x40}}}], 0x50, 0x0, &(0x7f00000000c0)="70d07134252032b13c6f6f6f7aaa12b1c0578b26dfe3b2b741205dad1d02a2a4524d5b0d2b225871a4b865d995f95d6aa99c4901dbf986b562794f45f28d37773ab5417f6282e980021d25789ea8edc9"}) 3.520031222s ago: executing program 2 (id=1668): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x401870cb, &(0x7f0000000000)={0x7fffffff, 0x6, 0xf99, 0x5}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x31, &(0x7f0000000b40)=0x100c, 0x4) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = userfaultfd(0x800) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x604}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0xffffc000) 3.020242001s ago: executing program 0 (id=1679): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) (async) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)={0xc000, 0x8000000, 0x0, 0x1, 0x0, 0x1}) (async) bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) (async) connect$inet6(r0, &(0x7f0000000480)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000100), 0x4) r2 = memfd_create(&(0x7f00000004c0)='\x103q}2\x9a\xce\xaf\x03\x86\xe7\xc0\x14\x8f^\xd5\xfd\xa1\rJ7A\x94\xeb\xcd\t\x00\x90k\xd6\x05\r\x84\x87\x1c\b\x8c`\xea\x13A\x90m\xb6&\xd0\x9daA\xc5\xb8_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2_\xdb\xc0\x8b\x19\x17\xb7Rvd\xcb:\b\xeeC0\xa3\xa6\xcf\x00\x00\xac\xc5h&+\t\x98\'\xfd|\x11\x99\xa2*6{\xd2C>2\x0e\"\xbc\xda\xee\xb0\xd8\xbf\xaf)\xf58c\x189K\x82\xd1(\xceY*\xcb\x9b\xbdn\x8e\x88m\x10L\xec\xfdWF\x7fj\x19\xb8<\xd2\x9d\xf0\xe9Qy\xe32\xed\x16f\xfe&\x1a\xdb\xeb\xad\xaaE\b\xa9\xf8\xa9s\xc4d\xd4\x03\xf1\xb7xO\x99\x804m[Ai\x13\x02\xf0\x84c2s\xd5P\t`\x9b\x12&\x8cx\x8eg\x9d\xe6g\x11\xed\xa3\x8d\x85\x1e\x97\xc6\xf2i\xe7\x8d\x89\xa8I\x0e\x11\xcdZ\xdbf\xba\x1a\xf2\'pZ\x1a\x8b\xbf:D\xbc\xf8\xd9\xb5}\x90x&^$xf\\N\xdf\x05\x9d\xfc5j\x9e\xd69\x0f\x04\xd5\x84\x9a\xb3\xe3t\xc7\"7\xd2A\xeb?\xf3M\xe9\x15\xf2]\xa5\xd2\xb7m)r\xfcz\xf5\xd95\xf5\xa9a\xad\xcaJ\x05\xe2\xa0\x9d\x17\x1eP\xc7\x11\xbd\x93~\xde\x1f\xa32\t\xa2d0\xda\xbbc\xb2\xc2$\x03$\xeb\xd1\xb41\x8e\xfb\xbd\xb2\xef\x014:\x94%\x0e\xf7\x06\xbc\xbe;NW\x83(\xf0\x03R\xba*\xb1>A\xa1\xd8\xf9y\xdcz\xdf\xe0\x80\xdcLC\x82\x90\x01\x0f\x88\xc1\xb7\x16B\x875\xfb\x87+\xb7\xfa\x8eM4D0\xdc\xfe\xab\xe0-\x90\xba\x10\xcf\xe6U\xcfH\xb6\x952\xb6\x1e\xd5\xf7\xceC\x8d\n\x04v\x9b:NN=\xd2\x87', 0x3) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x5, 0x2012, r2, 0x5401000) (async) r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup\x00', 0xc802, 0x11) mkdirat(r3, &(0x7f0000000200)='./file0\x00', 0x20) (async) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x7fff, 0x0, 0xf4, 0x7ffefffc}]}) (async) r4 = accept$packet(0xffffffffffffffff, 0x0, &(0x7f0000000080)) getpeername$packet(r4, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000180)=0x14) (async) openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0) (async) r5 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) (async) r6 = fsmount(r5, 0x0, 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r5, 0x4, &(0x7f0000000080)='dirsync\x00', &(0x7f00000000c0)='./file0\x00', r6) (async) r7 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r7, &(0x7f0000000440), 0x10) (async) listen(r7, 0x0) r8 = socket$vsock_stream(0x28, 0x1, 0x0) (async) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000400)={0x28, 0x0, 0x2710}, 0x10) writev(r8, &(0x7f00000003c0)=[{&(0x7f00000006c0)="98d6", 0x2}], 0x1) (async) sendmmsg$inet(r8, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f00000001c0)="b9c0d8108cca6be0e94e9e7a7876874eed5b0fb4ffdfd2f6d46c7e5f978548b1f9a049e77f2e79eae90145b1eb8ec287ba289a7d4f31fbf697922a3585a12b991503ca92915435fa2e4034c2107b8cfb48d6f694c76d9f1059a858d033879a12727ac8b85db0d4f684de72f11fa67751a98a129ec8133e7d3cdb3b9b0c58", 0x7e}, {0x0}], 0x2}}], 0x1, 0x20000080) (async) r9 = accept4$unix(r7, 0x0, 0x0, 0x0) recvmsg(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)=""/86, 0x56}], 0x1}, 0x4c2103a0) (async) ioctl$SNDRV_TIMER_IOCTL_TREAD64(r6, 0x400454a4, &(0x7f0000000280)=0x1) 3.006711102s ago: executing program 0 (id=1680): r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/6, 0x6}, {0x0, 0x56}], 0x2, 0x0, 0x5245) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x8c702, 0x0) ioctl$PPPIOCGFLAGS1(r1, 0x8004745a, &(0x7f0000000100)) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='ext3\x00', 0x200000, 0x0) 2.915864014s ago: executing program 0 (id=1681): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r3, 0x4004ae8b, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f0000000200)=[@enter_looper], 0x50, 0x0, &(0x7f0000000380)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"}) r4 = mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x2}) r6 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$inet(r6, &(0x7f0000002780), 0x4000041, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0xc, 0x0, &(0x7f0000000040)=[@free_buffer={0x40086303, r4}], 0x0, 0x0, 0x0}) creat(&(0x7f0000001380)='./file0\x00', 0x4) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r9 = dup(r8) r10 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0xc) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r9}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r11}}], [], 0x6b}}) r12 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/custom1\x00', 0x802, 0x0) ioctl$BINDER_FREEZE(r12, 0x400c620e, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r13 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x42, 0x0) r14 = memfd_secret(0x80000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r14, 0x0) r15 = inotify_add_watch(0xffffffffffffffff, &(0x7f00000000c0)='./file0/file0\x00', 0x50000208) inotify_rm_watch(r14, r15) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r13, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 2.830076205s ago: executing program 0 (id=1682): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="300000001d00210000000000000000000700000005000000000000000a00020077a9c6f76f000000080005"], 0x30}}, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000080)={@ipv4={'\x00', '\xff\xff', @loopback}, 0x80, r3}) r4 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_JOIN_FILTERS(r4, 0x65, 0x6, &(0x7f0000000200), 0x4) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000007540), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r6, &(0x7f0000007640)={0x0, 0x0, &(0x7f0000007600)={&(0x7f0000000080)={0x34, r5, 0x1, 0x70bd2a, 0x25dfdbfa, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}]}, @ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x5}]}, 0x34}}, 0x4) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000140)={@loopback, 0x80, r3}) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='ext3\x00', 0x200000, 0x0) 2.804009255s ago: executing program 0 (id=1683): mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', 0x0, 0xcc5e57d5a992f470, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) symlink(&(0x7f0000000080)='./file0/../file0/file0\x00', &(0x7f00000000c0)='./file0\x00') mount$incfs(&(0x7f0000000580)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, &(0x7f00000003c0)=0x2, 0x4) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='virtiofs\x00', 0x200000, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setfsgid(0x0) setresgid(0xffffffffffffffff, 0x0, 0x0) rename(&(0x7f0000000000)='./file0/../file0/file0\x00', &(0x7f0000000100)='./file0\x00') sendmsg$FOU_CMD_GET(0xffffffffffffffff, 0x0, 0x4000080) r1 = socket(0x2, 0x3, 0xff) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000140)=0x82, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) sendmsg$key(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001c40)=ANY=[], 0x18}}, 0x4020) unlinkat$binderfs_device(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00') 2.725474827s ago: executing program 0 (id=1684): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x2) ioctl$TCFLSH(r0, 0x40087101, 0x20001100) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000e80)={'filter\x00', 0x7, 0x4, 0x438, 0x0, 0x240, 0x0, 0x350, 0x350, 0x350, 0x4, 0x0, {[{{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010100, 0x0, 0xffffff00, 0x3, 0x0, {@empty, {[0x0, 0xff, 0x0, 0x0, 0x0, 0xff]}}, {@mac=@multicast, {[0x0, 0x0, 0xff, 0x0, 0x0, 0xff]}}, 0x4002, 0x0, 0x0, 0x0, 0x0, 0xfffd, 'veth0_to_bridge\x00', 'veth1_macvtap\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="1758a179fe8f", @rand_addr=0x64010100, @multicast1, 0x2, 0xffffffff}}}, {{@arp={@rand_addr=0x64010101, @rand_addr, 0x0, 0x0, 0xc, 0x3, {@empty, {[0xff, 0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0x8a8cfb792f7af7f0]}}, 0x0, 0xfffc, 0x0, 0xa51, 0x0, 0x1000, 'team_slave_0\x00', 'veth0\x00', {0xff}}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x8, 0x5, 0x0, 0x0, "f245442f682c06144f1fb782d77bc38316214ca84d2f69b44810c3a40a495fa278a1728df4f6eaac07ddb7086bd6e732ed48ea39c4670df6527298897d41f42e"}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @private=0xa010100, 0x4, 0xffffffff}}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x488) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3}) (async) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') getdents64(r3, &(0x7f0000000000)=""/78, 0x4e) syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x38, 0x3d, 0x13, 0x40, 0x411, 0x12, 0x552b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0xc0, 0x0, [{{0x9, 0x4, 0x33, 0x0, 0x0, 0x8d, 0x8a, 0x32, 0x40}}]}}]}}, 0x0) (async) fsmount(r3, 0x1, 0x8) (async) getdents(r3, &(0x7f0000000200)=""/251, 0xfb) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000280)={0x24, 0x0, &(0x7f00000000c0)=[@acquire_done={0x40106309, 0x3}, @request_death={0x400c630e, 0x1}], 0x0, 0x0, &(0x7f0000000180)}) (async, rerun: 64) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x6}, @flat=@weak_handle={0x77682a85, 0x1000}, @fda={0x66646185, 0x1, 0x0, 0x15}}, &(0x7f00000001c0)={0x0, 0xffffffffffffffaa, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) (rerun: 64) 2.674823488s ago: executing program 2 (id=1685): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_group_source_req(r2, 0x0, 0x2e, &(0x7f0000000080)={0xd, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @multicast2}}}, 0x108) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000380)="355b409b35c1dc9d9a1ee0bd4bf6a273cf2bfb3fcf9403f8957033750767992dac0d658a2cdddb8d44bd14ec6950d4fd569ac43cdac30ca5381d877d7a03ef68583026a07a8a546ff591fa628c8a3370ef2f1345af0b6a41bb8efca050578c2b662fa8f10d773f72dfc14de822c4401fcb90b4c379e2c0c529e397da583744f0153c78fbce3882e01f") ptrace$cont(0x20, r3, 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000800)=ANY=[@ANYBLOB="090000000000000002000000e000000200"/88], 0x290) write(r1, &(0x7f0000000000)="2400000011005f0414f9f40700090400810000000d0000000000000008000f0001000000", 0x24) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r4, 0x400455c8, 0x0) syz_usb_connect(0x0, 0x4a, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) close_range(r0, 0xffffffffffffffff, 0x0) 1.240047886s ago: executing program 3 (id=1695): umount2(0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) (async) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) close(r0) 1.239694756s ago: executing program 3 (id=1696): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='personality\x00') readv(r1, &(0x7f0000000340)=[{&(0x7f0000000140)=""/95, 0x5f}], 0x1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_NOACK_MAP(r1, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x38, r2, 0x200, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0xfffffffc, 0x48}}}}, [@NL80211_ATTR_NOACK_MAP={0x6}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x400}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0xf}]}, 0x38}}, 0x8884) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={0x28, 0x1d, 0x1, 0x0, 0x25dfdbff, {0x7}, [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x4}, @typed={0xa, 0x2, 0x0, 0x0, @str='w\xa9\xe2\x00\x00\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0) io_setup(0x1d9, &(0x7f00000011c0)=0x0) io_getevents(r4, 0x4, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000280)={@flat=@handle={0x73682a85, 0x100b}, @flat=@weak_binder={0x77622a85, 0x1, 0x10000000002}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x2, 0x26}}, &(0x7f0000000180)={0x0, 0x18, 0x30}}, 0x400}], 0x0, 0x0, 0x0}) 1.180792827s ago: executing program 3 (id=1697): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) syz_usb_connect(0x0, 0x4a, 0x0, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x4) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, 0x0, 0x0) syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x44000) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x40800, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) syz_open_dev$usbfs(0x0, 0x77, 0x101301) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101842, 0x0) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000140)=0x4) ioctl$PPPIOCSMAXCID(r3, 0x40047451, &(0x7f0000000000)=0xffff0001) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x89f1, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x0, 0x100008, 0x0, 0x0, 0x0, 0x3, 0x3, 0xfc, 0x0, 0x1, 0x0, 0x0, 0x0, 0xff, 0x0, 0xfffffeff}}) close_range(r0, 0xffffffffffffffff, 0x0) 1.038070329s ago: executing program 4 (id=1701): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) r0 = socket(0x10, 0x2, 0x0) write(r0, &(0x7f0000000000)="240000001e005f80004000000000000002000000000000000000080008000100000000ff", 0x24) mount$binderfs(0x0, &(0x7f0000000100)='./binderfs\x00', 0x0, 0x120020, &(0x7f0000000000)=ANY=[@ANYBLOB='defcontext', @ANYRESOCT]) statx(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x400, 0x40, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) mount$binder(0x0, 0xfffffffffffffffd, &(0x7f0000000040), 0x80000, &(0x7f0000000240)={[{}, {@stats}, {@stats}, {@stats}], [{@measure}, {@obj_role={'obj_role', 0x3d, './binderfs\x00'}}, {@fowner_eq}, {@dont_appraise}, {@euid_gt={'euid>', r1}}, {@smackfshat={'smackfshat', 0x3d, '\')-}(\'+.\'!/::\x00'}}, {@subj_role}]}) 1.03792016s ago: executing program 4 (id=1702): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e0000001ac1414aa0000000003"], 0x1c) setsockopt$inet_mreqn(r0, 0x0, 0x25, &(0x7f00000000c0)={@multicast1, @private=0xa010101}, 0xc) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20a00, 0x0) preadv2(r1, &(0x7f0000000580)=[{&(0x7f0000000000)=""/118, 0x76}, {0x0}, {0x0, 0xfe91}], 0x3, 0x9, 0xd, 0x9) socket$inet(0x2, 0x1, 0x0) (async) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) (async) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000040)=ANY=[@ANYBLOB="e0000001ac1414aa0000000003"], 0x1c) (async) setsockopt$inet_mreqn(r0, 0x0, 0x25, &(0x7f00000000c0)={@multicast1, @private=0xa010101}, 0xc) (async) openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20a00, 0x0) (async) preadv2(r1, &(0x7f0000000580)=[{&(0x7f0000000000)=""/118, 0x76}, {0x0}, {0x0, 0xfe91}], 0x3, 0x9, 0xd, 0x9) (async) 983.949831ms ago: executing program 4 (id=1703): r0 = getpgrp(0x0) syz_pidfd_open(r0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x802, 0x0) r2 = socket$inet6(0xa, 0x4, 0x0) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00', 0x0}) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000002480)={@remote, r4}, 0x14) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000000c0)={0x24, 0x0, &(0x7f0000000380)=[@increfs_done={0x40106308, 0x3}, @clear_death], 0x0, 0x0, 0x0}) getpgrp(0x0) (async) syz_pidfd_open(r0, 0x0) (async) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x802, 0x0) (async) socket$inet6(0xa, 0x4, 0x0) (async) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000580)={'batadv_slave_0\x00'}) (async) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000002480)={@remote, r4}, 0x14) (async) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000000c0)={0x24, 0x0, &(0x7f0000000380)=[@increfs_done={0x40106308, 0x3}, @clear_death], 0x0, 0x0, 0x0}) (async) 983.566031ms ago: executing program 4 (id=1704): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x55) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x8, 0x32, 0xffffffffffffffff, 0x2ec37000) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r1, 0x107, 0xe, &(0x7f0000000a40)=0x2, 0x4) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_fuse_handle_req(r2, &(0x7f0000007300)="982cc862c8200d8c1ff554106814d4f5a2059cd2c0d20e25e286f1377b3b202b269fdeaee1f469f3b5619e523a7d6418127b0c2f6f111846ba908d72152d095573222ade10c439c61be416918aaf249cae34f3b13df9692e01aefdd4335a4c3b0e69b98837bf5f1b581351c12e13ce1c502d84b576b214af9ae0f7a8d50e105beede20c54e42ce9999dbc5d57bed3d714f07931c169b5c76d7ee8741367aff49b62f3bfb12077dbc51d860d78760804316e904201e1d096aa5495918452336a4e679c206786432ceb64dcbc4ef68e4d98a5480e2507dfcad7ed627b7583842357a4172950d1a3c3c4d279d5cb291d1b0769f7bf00b1ffc3e778db57fb1c9f8f722e36372fae945c4dd3fdc74352c882a0db3478fbe72ddaa84d1357a2a16dbc02360385add24b03a30f0999e1b59df7b3c6f1a09d70276fa08505105411b382107dc619deded726f0c3ad06bedfc95237b63e4bc91878cd2c18c34fd5c52cc1e398f7a1e29378796f5c812a043a477937ba19cd4fc0f788483024bb1a574d6ead92a0ce8c070742cef6cc3fb907f2165b09efd7085698a75269f3b302aca742165288a9b8a576607b61bd82004a552b79337fa47a43940a97f28b61823c680229840e87feb05c34dd1d31263599fe6066bcd0a3f060e3f626d38cf320b74ab2ff34aedf94157f2a3b06e512163599ef306dbc184797b06088fb8062f68fe3eb6cc5dd53b666051998224aad36b7b8f6773283bedcddb620758b8d9e7bf35316981b560b680136a38de9c0e287265799d14e618f881b108695b34e08fe21c0088fe40f639614ab378d2391a556d4e61827a7c24a04dd641ab563136d5fdc4e42e4f43c6addd9f13acc8159d9d1130476e23d6613bf1385c691de7008ddc64d09d335a507ec966022ee52155852e098ce866e5597cfad9b62fbd7cdfd92999d59487db7c0e35be30a6593d30c5df4f67225658d9c894f38667b5b3ef0b7b50e060214cc03106035498bdd0e9e52bf1e2d14f1cf55f31ffb55d2ec97ce8716afad4e58b925882d5a7d83e330d4a2048e5fb36876703959ecec99237b0879c62a2542341d7d38bf63757e1ef908e90e841549fd07df3596fcbf6e2dc3deff6a11f75e0352eb35100a91955237cc950a40fbbbe0198b0337cc0e80e06546660b59bf3df867c2612beed5591f8919320b4cc7627793001595d892b0587b9cc1f66458366ddef1e8a929b1eeb32a66b0286eff2e197d38420ba49977efe90c8b3ecf16acf5c313f60a1728d5ab7861ce7bbdf0c0c4d6327803f600b7e362797a1662a94c5c88347696c49c3698ee8cdd5bfbd50f86c980d95c191f2328e3a8c17ac6da1b2d17703ff1c8a7c30c75433b0f2e45c02be21bd407f87d79b09828f5901dcbcfb5c05b6cfa62ba4caf2c50c6892cfab72e2fc17c20c4ace7879643815946a4a23c123f15bfba584e56a58b42cee1a368c1e887c0ccca0b7809708b355100ada94884f69f91cbd9ccaf53f968edca88a43eb7434c2906217512556883dfbd30206acfbd908262071566027b8c0ffa8a1cfa10bf5a118c67d0d9828f9915f6a98d3fcb59661abf60c50af5b2447aecdb9aba1cabcfaec9af3d7c41a65a033f070a8414d53988af328348c26032d2c8a0551e754b3f0680bcec13a466838e843de4c0287c47234b83344988c95e502e9a410ea69d01eab179ff59f63e591baed0c94be1a75ada96e5907cf2b4cbd5f1b9178140d693b5c85a76331553097808f17b7523dea2343ad6df9f08eb099e6ea43a255d8ff9086d5e921aacbefa63d265787eff031d6f3b3a40ba83e44877db7c1a3fd89b8e5e1635a38d476d3040d4e3c834d4f8f7f61645e876a7c33a538e25af78ae88168ae7aeb6546ddb10189b08d16d544f60a6969a14a5f7076d122f60a8a6eb09078d6f0b2a806e7c41b6254cce3a77596ecd970a76d9d26b8e1d3b30a6851f00f052ca2d9e88d9e51c66623aeeed9551cbca305ef17538d6a09afeeae7141f280d05872022e88f387b8c920698ccd0e6771debd9cc753cd671d045e6a577c04e121fb5fbebbfe64acfb2b854f82ff09f363bac903d29b0a666c80adcea367433b30f640ec589797df39aecaeaeda9536d0aaee9df5ee94d3dec778d9c651a7abe2a844e2ba321883016c47aaf0b269c426bda493f770977a1ae638d1ec41ffd86f367e5e532463556f0f41f69921a0088d46f5d94228c0826c6e96a50fba40b900e0739006709f9d63582f4ddb6fc41b727945345dd2b534544d035237012ed07035438e11aae97850a3b6d1acbae600b8c1d5ad51d01bb14b23598e1ea6b2381628d90f03f75517cc9ecae4893b7bae92bc2c96ccf28242d2e6ef1679a630e17ad1fbb57156ddbca65ddb2f55b6d1afaa7f0cac9625640b386616bef0b97c3b080375bcb34f04c5fc6879d32670d13668c1808af6d1622ac5bc9e431f14dbc03e0fdaea1c7ec01ab995cf15610f0bbdbc5241e74797f9bc50bc3b41bd2425d44d5167dab1aa45285253055d99fecdeecf2e2b793c430b66d3200698b9974f7bbed83793fdfdbef095b9c6f22ddde95aa2f61c1ecb55e92f2b60b85977ea0833ce45916c1c578bd9fa7560121a3388f2ed3bc7432f1f6ba93bd1fc597338ffbd23efd7d74efa81afa836a28bc126144c3fab6f8448a59f21f03c2fd1017546645edef7892aa94d5bf2101721b2f3afba3e3c7eb185abca9f6b4ab46a5d37b392398a6ad2fb3acda25b6dffb073cdf5a188116c105b685e4aced5ce73d630bfe92d097a373d04a1a5b16db2d4e96802eb089f0dfc8695ba82d3379920584571c19932ef2f13d0c68e9137f78d30b466979a6e5edc5f455560b5b880b639702718b3438264dfd6d06538f2c2d40e9e0a9ce2293b244fee80b708a849aac56a3ce00e852a0729129ddb199b84feb8ba2685a75b7864cdae9415b89096b138a201ac6a0704e19844d3dcba180f57341d10d8eeacd3975ab12b5a91734f2663b1df7bab222e718537926d15737cfd1bdd0d267ac883df47e6749c95d1189ecdc0fe7372bdf9c2b8ac0b0e314222b902a18dc3ab44a849b1fb2ba9ba98b526dc03aca0aaa1cc852225492de79a889fda2143361b7eceb8b5a07f21ef6eb026c192ae65d6db9f8dbb44d0beee85a77b2ebc3178ab02a6dc1748b5ecc91afbc18baba02913d1ae11f3ebad77219e1c225bd3f4148dc5c9ac119613a965704e61236195e1799613c0233d01fbce80d7d66d0b2fc197cfe0289a43d208db4fa1c38d8ac9029067e5ee6344a48d2f827b702ba6a0a5a19f1010e88b3d5387b7eea403948a5485723594e39db95dab77a5f7b0445fbdfeabfe5c7991f13498e559bc7b59e16e2a46779541afe98dbd96c0d92531a0ae99c6ab5ac490ae758d1c0c36945b48bc0ea26c71ccf6d70a565cd3366cb72ba1799eccc51891cb266ee9abaaa30ae54c194cb0c4913dc5161f1aaacf5a650699ec61f4fb948dce750fd3e40bc8c9de7715e3461db33740175881ea815cd5deee01466fe8334a76d0eb1e56b8f065109047a29bd17554a4b7fce03caeb52b65de55928323cdbe7b18b1d608695a1f662d9ee8a8c4e6ef386f076530b23f19132df2e5a67f287177d0d19cf4be172ce45cdb12071d3d3bf983668e249b3b8065c1a1ae647c742dd787b4b8a2d3b59d6839d880be23e1bf09ce8b7f351f586a3c24c2d45e94ea390e6f062c3def67e76d12f18110de2349f73a275bc9685a85f6d397556ac773c256e225f74196436211bf33b3ddc46d526bc801120ac4f0cae0f01787172a20611c8faaed0e0bd86e5385a88e706509fc6e754e6e40dfb7c3d3c3e8fce40b85cc9866896e411e8139d0a1bc0ae37a3326eae3f88cd0ffd8d5f0593f99b29df427d3d5e87120b8425b59519bfb0918843e48a8131dd7695a7e38cbd4ffec4dcc910e6f50b20718b251dc00802217b55916ec52a34a75d28aad4571ac6da15e65560117cdc79bf254dd7efa09926361c4093066668908236a58959f5f71ee1e65e318c29e624fa046dbb979a34fc0585821950925c0db0ea7b9b1e5ffa23cdfca05587f4ed9d06880fe4ba5bae6a471c1ec34ccffee029aea87b8f4e2e1a9ab11f552d289d91f46e31398873b7d43de1c285f8664a1676d3ce407b35e53d4c65faab5f37fefb61e597b2f66624d1bfac7d9beb80750e4be50382c5231a6daf9f70b20f76aa82acc39a921fe0a608225ab6f4a460d5a37664031e87a786765a81ad19c77fff4b3655b2181fefbac1b8f94cb222a32bba79d6f7dfcd2e068b021ba4f64b791cec87a644fba520895b48d8b91b72d79fb81518dc8ebb862752dac43279bec3687464eac69146b64f27b5485b56d69a9b848e8d833bb8030697aa6bc3aea1b74cd31f8988ae8dd41eb4363730aab15a2cb1104dbacaa0f0c36738e16d33a46df2e3a351e1de750de986713bef2746fd47f8c0f81941c4e8b6165dcf339cd1669e49c19b7ded48416e9fed6e70b88c960ae744ad758e53a35afe9c7fbf3a0043f17752d0aa51dd0441c77c68559794162b50f0e7895afe24ac0e1f633c648b4e435304ca5cd4b2dd342850e43fe45585324007542207cb953753805f80251704d4ee08ac851f12c3e562bc30a8699ad8a0ac9b4203c11997612d63be0a14acd1730c7800bc2f3a55160ddca1e18c4b315d2ae703e3803a35efc914a4a23f8408bcb0a029b6e7aa7c355ff50c33e0b846907872f149cb2540527806f7c699b55dada609b343195577b49820ee504d30d394c269c76d146cdcd3e391ff47169fbd7a9e3c356a7ad3a3113fbdc950335dd815500c4d2639f83be7fe6dc79c01a32376071e0ed008e25e0fed329e623a0339f7217f6724d7e33f5f50864ca0fce172bb04ebb2690c29889f5f841e990fcc5d51a161cd6bc9b1d7270ec31cbddc8b81b331d800cc43b6ad8ef32a3e268933892e6c01ad45eb23e0f8ced96f3a6d0cf21727af398eab7a836a753442e5788c611b4bc2d6ed0154f70031c7b7db07a199d4019232f4fa283e6821d9e159f69521dfbff27b82825255c2c6ad4d54f103f5b40aed82950361e13d1223ca99479f59ac3315a4483d8e30f38fe0a326fa5fb892c7ce240a68bbe0010a7252aae83ce118267d009310485c03b6b3c5e49bc74cbf1b69adc21235f5381bbb4a1bbaee3f7590b619c42601faf5ec03ef420ff7c64d793ad2df6cef47629d47c81d739c3fa70494a249880ce9f5b958f54c04f1500c16aa0816b2ab02f49688b6f651560e23cb52a67d09fdecf0d841f2523d7dbf40f5f243abe0d69a5e9949b34404dad37a7429f142912c6cc3ecc35edaf7efd2d3f0087f9b8d2d9180e53c4a28c60316d95cd524c8e14fd48206f5f47ce5bc7dd86e1c6c28ca0595bf7d991d4e6f1dcce9c5e91b8df31ed44d87841545e544d875e4894e50345f877d12aaed31a9773636bb5f108961999934bd72a4f0b04b7448b4e09bc35a017393b0c0890cc0d3ff642d09d2e624001c0d64c87d6757bab0ed90273a30cd655e69e058955130cd2576a71f4c2dfd4724bf4cbf5e899fc2abf016b96c006fa3365aeaf836cffb56883fbf6a849e05ac42c069950d62d2d049e5b1b8d8bb9f00c08115a7a8437cd8861275de171c828f7ee58695d0cd960fd1ad6001bc2150ad0f2bada19225b016920f4c42187ca41cbe99cb60e6b5e72750da9882f9fa24ef3b5af58b2598de31e6f452572d567ecd8de20631dc470a39be1bc50e3e31f16aee3406258e0349420e1e3a3c8835d9a22da3829a57fadaf1d1fec1c5b65f43a0acc877c5ab9f796f73457692cf3a731457555782e55a3d9b8e5de6f5edbb04e4030e69ff571c7c1267bf0a8acd9c175201a55a679b90ad59a801f760fecc0e63683de6452273fc799a6fe00caabc83222825172dac875525812f6429b4508fde8537e31758a529f86ede05ba02aa8ea096c63b8d1f302fb3e94f0ee474ed59e5ad4d32bb3ff69eb3e97062b24ce803fc037735da8c430ac997a17c22a12a5278c89aa1d0b18abcd584616379c6e3224aa2fb2f9de4a21c77640c4a1f22856ceb7e5ce1947e595126cf556f3acc82060de5f5b2ebd72a8a2e3dfd9e5a6ddf0281c2236abd282e9e185c896d6b8b482ede5ac676f977cc80088303117de7690c7401c7ed36de5cd4ad6b4528b307478bb064998bd6a0a38e4c42634df62e5d6705953d92a1abab5d5375ea330abdcf0ad8660a035d7c3cd9f9ead5dc76b398a2ad127e3e78b60bad7a426dea13edf1eae3b0f0c2fc8b07b8d5ee7ff92e5cde1c0aa03bd0045e55fe8b5c3d8f74b216ea281243a9870709f09d4022bfa07e5dab02334686c49adf042f181659e0ca99ed76f21215af2397b14ea17a989ce2194e6266e3d0cb2cbc102f403fc0c9509e7277381459ff5a504c67c59a1bd079358659a58df4656cdff8a4b62377cebd2731aeace7f1eef6512a9b0c810e47f66c82c78ffa9d5a2e54021041b3dbb677f06f816648b93a8abf3d6fc5bd8b2a8cdbf53e0a0868091e27e31317d04629fa8c85cb0ecc27d3ebc583258704c822ae2b37c60a5a24b16e7ed4754095bb7b4dac2af4e89b6f6fe9b5e51c6f3bf8723bae39f90d6d2f9260c57fe717251164ac8d3bd0519519967290fd7f780432a072319297ab28b56d9b04762b1a6512c869d0f37460f7beb55e9bf18de842327c30b6faee377b4300a4831b585d4bad8c3d96afada78eae22544839ac300f7757add8fc56b4d858382320104bbe82864258653c76877d107c5281e2925fa4687519e07cf8ae1b2cb2a48349ba46cb551d7a08d51d20e01a13969c93e1f4c507ebbb170cdffbdea331e59404130c6e335a30f968863ec5d5299e391e9ab2bdd67ce1c969371b08186ac44795c2d02936510daf26983939a54dab3b9e471f61ef68af66780427ef60a62c3cec537bf73f94a4b4391cbcbc45fcdbf9ad1173dff0295b4f2eed185358989e88cd42a6dca784ba6a8d94c08466a75ee1ce03eb28a2f9ceb8023c973ecbf7f2473d68c4a0b83ae8fee1f63137fe55102950b88f685b4025d0d688b1f3996961bcef67771c4def4b3b8f61f83bd8bf3d7d7d062d39c16025df43c12ce606642e02c27c191b23654898bbac4676d4e340dbf5fecbb7b1e3217570dcb157816fd2510c3fcfee191b8b04098f3b57a234bb95208add056bd47a250a0863a6a4b5f39acbabf84da6d184a98dfff2118ec7c897e3a68da40b15747e5bce690e9002e6af695ed97286271b5340a14c750872ba11af5b5decf9b0869309cb252e9e122da4e0556b9630ad90e11424ec18de57f756d8f9d4893f3500267cc81759177451de09eec54f95671acad09436d18de357dcf793ff3107345fb0a9979c298d85cf41f5e5d331529c8553831009bf12b6bd766cc56d8dc366651fc5eb5055e96dd4e49f914d4ae3a8ed50c5be242162821e46d95ea2708e899e85359dce28cd3985bd65942b3e9e6ded60af9457457c79f42b813b804cbc9696db3067d4fbe36fe8b6070f63dd7f1ab415e9d0d4700de00bc3def581016b49d286f2400b7f5747b8d7ed7dd58a92a96a2ad2b29712c9f9fd2c47fbbb70a453aa81ff41d74a49b1e7d8e3a12814e6647bb1f5e24b7a8be384c941c80342e8a007984ceebc7827adf604ccf526b30974b85cb029ab3f4134aec086d41a7282ebc59cc11002904ac4ebfb6ae46807e46f2f69acbb8eed83b6ad6f78bbac9bcc77318301ec9d4e3b522aed9ec8bd368314e48548e2d0417738c16d881447c39a0103fd58aa006a653ef3aac9e8bcad22671b9f3c81a89652c46681f613703d733ff81b3ddd117cb9010aec887f3b4af449f32b19f52135cf2c1b53c050bdce376c26f09c47d3223c6fc0329446dc3886a49477d1619fd251f399386f9678bf1da5eb8a9e9ac36dd96e9dfa2b5611cef1b78562e7eb7ce43f95c435dd1ab797ebb788adecfe989d77f7fbc0a96117dfd5edeb662d45b8ac2e898ddcd7ae58d9f708d9ec8ea73acde95d35910810b61c5e74a4102787465fade342168ea9fb92878399c36514d050f535cf796c7e22c0440795539bb3229157125bcfa2f888731d59ed8a3716c91eef696516ce512e32c2e7ca72254e61a5c1f664d948fcb4b7e609a8ed506d116f53a4dca2c3f3ab77702ae2182144c3dec15c95cba39d72fbe2238d976853dabf0aa3a26f70bb6206a58e09c8b073af9f6011de027f88b1437e54fa9cc3b51faebb9e6d103994820f6bbdbfaa00a506e5d9f9e52df701d39f9eecc4596322b7884025d839cabde15c680af5b148c2bc26f0f7b47659cdc7a058903cbaffb6134a1ec4522aca09595505d8183842434315176c227cfb29add3756bc81cce01419b1c164094ec3b8cd8f4ab1dc3bc621747adf52114868a12216630fb975133069ea665bb309464338d3bf1ad6c76fc279949f262167528efc614ef88949573fe6c423eeb3e70ca0c6fd8990ae36d829155027433a7dfd19316d3ca801760e2c78953b8fa30cf6fafbe2b9f655916fcad53a402646276dd662e6335c7a32824d40ea3ac5800af0ba5566a118c3a52f6405e76b8131a2b1c572f7dd6120bb44dc2eaf28bfe7ccb3dbe345762da427f93f796e77c0cf62581571c116ebb1754000f6b24cca3ae15b4aef506ba8b00db0bb8094ca6a7ce4d3afb549b6026338e5a3f7627fbe33df69517bce94bbc56af21ebe3763918127b87d891c12bc9b47f15657f84d79eb6c2d862337809e29a7d6dd4928fb64eb02a64faaa7edf36bb5e80d0f0b64aef4c6a985804d8eb93e282ce1745336b9b994b4bfb1e45c49f9a6b0f9a9e9044b30b778c07c4b40056b5d94d202cf5cf1bc2edc9a40477b285988aa84f7bb337053bb795eef18b78daa79ea742746d95ce89d9ca013641c463cb6de64ca288737bd1e1989eab35f88863574ab52b21fe7bfaf8387fc3af589cc3501c1530c8dbcfe26c594f1a174848375916f384e15665477880f4a53eff4f2ab091024b3ac41ed0ead1f9c847f486dc5c18dfd0c8ba98464c87b091199451f354b6cbc3adef16178aaf40a0e3a428d6a73dfa9f8706fe63c5a8d89610e3e87f0ccfcfa682e44a52a6fd97434e81d5c95a85fa3e79690496b8957701203c6345bc34f514b867f0196d0cc062b574907f7d1aa6c0e86bc1491a3238b19415a593989618360a859665a2a5a100f75dfde1ddae24b10ab3c0ae34255f7c307c1c24b71ae83c42366307fe79a298b0947542fba1f0fd70d54b8bc5cab7542286102cdba545e8da28c663ed0d583d28ef31d9c795809595ea8af0f9d15fb29bbe8d1dd655b6f86a0c3decc505a7585dba3c0a46e27117a4fb82aeb3ff7022e4975fa91a209f463cdb8734b6283e1f44a45866275de4a64d9f2695ad51ff5cfd0e98af013026827d20ba4752f2de1ba3a5cfa3e99514417bc10a4233e2dfbd77f5afdd236a28ec2b8682c9a084dd30f8ea2668120365b7238fda6fd3fe1aa8b209992aca6af11f0b1c18194a668b7ebbab3d3e51743e42bb5f353d5369605cc2dba71fd9bc90cebccba8b8df32ee22fc506b55b4847a8f6f239811ed7a36622cc0127cf6432ea988a96a82879759d786121699918bad77f391e68e6cf8232078e64fd3c2cb92a6485f22b6241ece9040b56992faf3eb785475c111aee92c9e01c7899ce8613310d948f5027d009514b2f174666af682acc785cf2ab56a0a1f0ae253c6b2965d254ea9363a44a2f1fc9bbf3ffd505c940ddc0b6561ffb85e80e4a86fc64d73006c1ac970082e4cfd35558671effab75c4781f91bb280d2b58e733f6920bffec5dc1d4aa3769b83fcf605c02c09f417ee094390cefb4995291b304815d7f9154fa07b425fc541ccc6619d38e6f543aa3bb9d9a36364a1faf8a4130c9e91f51c37ec32d177c0ed930a4400ebb14f5dd45c18d4ba2f6e60b8c8fe06e5cf7724842bfc73ba753f0e84be85e4028a6d02f181a8138d3f2217fe987914e958d2ce86a065dee3aa549a2d5bd8940866cded688c7a110aa93ce85ccf63a6e54802291329f6feeadb64b64fea24fcfea8674b0d133ec499f72a27dc7dc590ce152c815333c4e32b8ccda35702bab37f254e68a293cdfa9a35fc05fbf71482abeb1aa396456e35a26e526e58f6866f1581375bcd099657a4ba6ad98eff98f4e2a44845b1afc754bee5e1b7272a1248b049af0231166ad89ff957760ca6e08d646a4729945d2be5cbc5852487b46ec089ae3c35ddbc9d3fa2d80d164029c46f35e8e8266a2db9da93ebb6567f159b4ae2b088260a5eb3ad3c13aba2cc518139b0c9d5b985c1879e5783d0f23de8c1e82d4de27b893b4f8b4d29493d292d708f7d2d55d8f4108dc52ba78a89a37d53245128aa470dc95bc51421fdbdfb891eb33c283f897e374846bac2886ed67fccb4113afd87a3a2991996fbc8dfedb216e50f7b9faa7ab69be72e1c7ec181b403d8a768a7b72fca2756cabaf9c6c7787aa10353e71afb48dc2d1c50591ad38c37c9ec3ee60d8f0e99e4f7b41d3c9bf7f74ef9b26a998fdee3de4da7376b6fa2b28a68490f3fc75d764c24e89b4bc24734f59b76fc455f5664140fda3df96808419fcd62bba3bea13a364a2cc53d820799162f4ffcb0354ad666b0aa075913757e4ae125e29f83b1aeb3f5456b880c0d89dbb3027087ece67bfd50b3af2e9ec3564265babdeca88f04186d53cd651c591809fe0447f8cb2ab692eb126a16048acaa9757370ff13adea312890488581479060c3e31dc67ff9fb2d3cd40e91c73f8a0a658b8513e6960b037628224037d486b183895f81b29f15538fd60a4c9d7296196f7c7e912c22c9292651337d5afac8ed317a372e5794a90b001f5526229f0c8307d0404fa67559e6d65839b6ea37321c12ee67f937850d84bf5c6b6c26bff3f6f761fd77accda27dd677cf14e8353380a094cb62738c41a2d9f28cf34e7cfab41aeadf9ed92c50ff490bdf39f07c8bed8be80551e82dd6dda59d9a1e330977ae9867abc9bacba17b211a849558ac6961ef296b934e4a066d98d6fd93b21f5639256205a19d56bf1bf6a72abcd47f51bbacace3524ad374d0ddf277551a8b19a1b83a3924b46869586af829ab3fc8fa00915d9ada2dcd877d1cdee7c89a1d9172114b0a272532a63740e776dbe249783bd33a450bd46d346286461b6029f8bdb3ff6604e8bc022b637cd814337a0e011446c55472a2b9e7f5d0b1dbd7faae1e1a16dbc244f7b359bd2cfedc50af405349ab475abe87efbc14a85fc70f36b6eb445710750a9bd09fa480873b581f3da40272960b782d47b4d199543950c8ec0ddbe9474cfa2d9ae20c5cd2b8536bc81efe070204dae7b5596d50a326b3c52846782b71f594608211ce91c2d935152b58716102003ba79daaef225885f4380a36d2abfe6833f1c5972a563421bfdae715f1b021a864f8026acef533a192c5161e1e1d6750a1f3840abffca330fa5db3a149f1b4eb6f6f8acf190371523c21be12db2574fc1e8cdc807dc38867f3d524f8447581d3f70ea02ff6ebf016149e398cdef591", 0x2000, &(0x7f0000001880)={&(0x7f0000000280)={0x50, 0xffffffffffffffda, 0x8000001, {0x7, 0x2b, 0x2, 0x241000, 0x96ec, 0x40, 0xff, 0x446, 0x0, 0x0, 0x4, 0xfffffff7}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x2004000, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) mmap(&(0x7f00004cd000/0x1000)=nil, 0x1000, 0x558af6cc015a28aa, 0x12, r0, 0x5bc7000) 969.865101ms ago: executing program 4 (id=1705): openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x141342, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ioprio_set$uid(0x3, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast1, 0x0, 0x2b}, 0xa, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x3, 0x3, 0x0, 0x0, 0xfffffffd}}, 0xe8) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f0000000140)=[{&(0x7f0000000340)="5800000014001923fc834b80040d8c560a067f020000000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd001a0010000100080c10000000000000000000", 0x58}], 0x1) setsockopt$inet6_int(r1, 0x29, 0x5, 0x0, 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000002d00), 0x2000) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f0000002d40)={0x5, 0x8e5, 0x2, 0x9, 0x5}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'veth0_to_batadv\x00', 0x4000}) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r6, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) creat(&(0x7f0000000180)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r8, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r9 = dup(r8) write$FUSE_BMAP(r9, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r9, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r9}, 0x2c, {[{@cache_mmap}], [], 0x6b}}) close(r5) 938.612071ms ago: executing program 4 (id=1706): r0 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0) setuid(0xee00) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) fgetxattr(0xffffffffffffffff, &(0x7f0000002000)=@random={'btrfs.', '@\x00'}, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002f40), 0x0, 0x0) r2 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0x5, 0x0, &(0x7f0000000080)=[@release={0x40046306, 0x2}], 0x0, 0x0, 0x0}) ioctl$HIDIOCGUSAGE(r2, 0xd01c4813, &(0x7f0000000100)={0x2, 0xffffffff, 0x0, 0x2, 0x0, 0x42}) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4, 0x12, r0, 0xa03c0000) epoll_create(0x4) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) 623.996068ms ago: executing program 3 (id=1707): socket$nl_generic(0x10, 0x3, 0x10) io_setup(0x2, &(0x7f0000000000)=0x0) r1 = eventfd(0x0) io_submit(r0, 0x1, &(0x7f0000000040)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xc2, r1, 0x0, 0x0, 0xffffffffffffff30}]) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) write$FUSE_INIT(r3, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x2b, 0xfffffffd, 0xffffffff80408040}}, 0x50) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3) r4 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) socket$netlink(0x10, 0x3, 0x3a) ioctl$BTRFS_IOC_TREE_SEARCH_V2(0xffffffffffffffff, 0xc0709411, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="20000000110001000000000000000000100000e60b"], 0x20}], 0x1}, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = userfaultfd(0x801) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000180)={{&(0x7f000072b000/0x2000)=nil, 0x2000}, 0x1}) close_range(r2, 0xffffffffffffffff, 0x0) 490.85273ms ago: executing program 3 (id=1708): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0x170, r0, 0x20, 0x70bd29, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x8c, 0x11d, 0x0, 0x1, [{0x88, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x54}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x60, 0xd, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x2c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x3, 0x0, 0x47, 0x2, 0x2, 0xffff, 0x8]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0x0, 0xfffa, 0x8, 0x8, 0x4, 0x8, 0x20]}}]}, @NL80211_BAND_6GHZ={0x30, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x101, 0x8001, 0x0, 0x0, 0x5, 0x4, 0x3, 0x4]}}]}]}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}]}]}, @NL80211_ATTR_TID_CONFIG={0xd0, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}]}, {0x94, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x88, 0xd, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x68, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xfc00, 0x10, 0x1, 0xf790, 0x5, 0x74e4, 0x1ff, 0xe]}}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x12, 0x2, 0x16, 0x9, 0x6, 0x9, 0x3f, 0x48, 0x1b, 0x5, 0x5, 0xc, 0x12, 0x12, 0x60, 0x48, 0x12, 0x18, 0x48, 0x6, 0xc]}, @NL80211_TXRATE_LEGACY={0x10, 0x1, [0x3, 0x7, 0x5, 0x16, 0x12, 0x18, 0x12, 0x16, 0x9, 0x6c, 0x30, 0x4]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x2, 0x283, 0x0, 0x9, 0x9, 0x400, 0x2]}}]}, @NL80211_BAND_2GHZ={0x1c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x10, 0x1, [0x0, 0x2, 0x6, 0x3, 0x1, 0x6, 0x6c, 0x16, 0x24, 0x2, 0x4, 0x12]}]}]}, @NL80211_TID_CONFIG_ATTR_NOACK={0x5, 0x6, 0x1}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xc4}]}, {0x8, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x18, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x1}]}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x5}, 0x4000044) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000280), r1) getsockopt$IP_SET_OP_VERSION(r1, 0x1, 0x53, &(0x7f00000002c0), &(0x7f0000000300)=0x8) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r1, 0xc0096616, &(0x7f0000000340)={0x2, [0x0, 0x0]}) syz_genetlink_get_family_id$SEG6(&(0x7f0000000380), r1) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f00000003c0)="bcde6bf83e228fcf90e5813288e285dd", 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000440)={'vxcan1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', 0x0}) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r1, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x58, 0x0, 0x300, 0x70bd26, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x34, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r2}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r3}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x2}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x8041) r4 = add_key$fscrypt_provisioning(&(0x7f00000005c0), &(0x7f0000000600)={'syz', 0x0}, &(0x7f0000000640)={0x2, 0x0, @c}, 0x29, 0xfffffffffffffff8) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffff9c, 0xc0506617, &(0x7f0000000680)={@desc={0x1, 0x0, @desc4}, 0x21, r4, '\x00', @c}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000740), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000780)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000d00)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000cc0)={&(0x7f00000007c0)={0x4d0, r5, 0x100, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x6, 0x23}}}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0xb2}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x1b}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x53}, @NL80211_ATTR_CSA_IES={0x480, 0xb9, 0x0, 0x1, [@beacon_params=[@NL80211_ATTR_IE={0x6c, 0x2a, [@preq={0x82, 0x57, {{0x0, 0x1, 0x0, 0x0, 0x1}, 0x7, 0x3, 0x6, @broadcast, 0x3, @value=@broadcast, 0x8, 0x6, 0x5, [{{0x1, 0x0, 0x1}, @device_a, 0xf}, {{0x1}, @broadcast, 0x200}, {{0x0, 0x0, 0x1}, @broadcast, 0x60000000}, {{0x1, 0x0, 0x1}, @device_b, 0x4}, {{0x0, 0x0, 0x1}, @device_b, 0x10001}]}}, @channel_switch={0x25, 0x3, {0x0, 0x40, 0x3d}}, @chsw_timing={0x68, 0x4, {0x8000, 0x673}}, @perr={0x84, 0x2, {0x9}}]}, @NL80211_ATTR_PROBE_RESP={0x347, 0x91, "091d614acddf612ef7880f410608667a942a7969519967a38a366833603583f886fc3f0282223c01518938ca0688c60d11ee2790a85a19f50b66e5e961194637687e9501c614977b96dfa70bf0964756c835b752ec44bbb5a162ba989ac425573c28c06a40a8c06cce4882ec5ac051284c681cd78e54ac37592e51afb2438852653680a46686d665b9bbe88e52f008be8130f389d0ceaefe948240d67471cfee6bdbc56ea107bc291c7183a864dbca4911d8e1bb8b25ac064c9cd29946c7bbc7638e386fd21264c84ef6d24c9013ae90baf9c8b14ed09a97d21b239642c1720e471164e1461b8db677fe6d0bd4a1df1fdad614f76ac05e81063a23f7828f6c99d96d02d085db4d41d5f5d58d46ea9ebba51cc333a646104f9e43c8292dea7c56ccf10efdc9503a709d3546bd2364078e624ed6bc4d5c074a79fa79af8f3a6ecb2ae97e91007672508aab049eefac9bdee81b612ba519543e64144ea42b82482bd0a36d26fc1b361df45b60193dfbef48b8dab51c3cbfa0926b53fcc5e90179b9e6045498868a21ef8d73ff8574b72224628922983a054bb9dc6c7a972fe4090a027bfb9f9697929b76c9c741b4eb7e8ca7b3fc20916570cd163be4ad986d0e292352ade0cc1cc0ee9aa3b879fc2e6614938f06249c1db996ee85ebd93d392c1db12875210f0c115fa43bead10a65263f1d7a703450de04420a84c98dee22b7a35d0460aa6591ea7732cbdce228c6560e54a1092b2a67c454ef0c858673906e84a5280631b6167b050a78f8aba3db63981261989af6548293a2e897231df304fe36069e484f27f06ff9e1d17ddb290401922f32b5e359da5f206ee120f53678a5fb4a652e0b06484bc7745554ad91fcdd55490cbec063bfc0545d8ec14ec1f37545f7dc383e79c0f21ca41d024eaf0f8aa80d94fdf2a07f2d55735c619ebbef8ba3f78ae9acd280e29884786b2e773bd13fbacde7e3524c34fd31616206da43bab5671e3cc952d23f1598283e6ee9955a92402a3b3578531a1dec536bbc8580cc4a14346dab72837351d7133dca46f7ad4ea4b246efbe0aa5e1e4115e43d954921be2e8123c0d0720b48e2d2d68b96cc87c3ec0eccf11983713046423aae48eba9c8c10dc3d8f30124bc158159a2221297d6eda550151ad4e212e0f3b6c15eaaaa97743"}, @NL80211_ATTR_IE_PROBE_RESP={0x21, 0x7f, [@mic={0x8c, 0x10, {0xe52, "aea8f6aa1cd8", @short="de6e95ffb890309b"}}, @peer_mgmt={0x75, 0x6, {0x0, 0x9, @val=0xfffb, @void, @void}}, @challenge={0x10, 0x1, 0xbc}]}, @NL80211_ATTR_BEACON_TAIL={0xa3, 0xf, [@prep={0x83, 0x1f, {{}, 0x1, 0x0, @broadcast, 0x9, @void, 0x5, 0x1, @broadcast, 0x80000000}}, @ext_channel_switch={0x3c, 0x4, {0x0, 0x2, 0x2, 0x8}}, @cf={0x4, 0x6, {0x6, 0x0, 0x1, 0x40}}, @challenge={0x10, 0x1, 0x97}, @link_id={0x65, 0x12, {@initial, @broadcast, @broadcast}}, @mesh_id={0x72, 0x6}, @ext_channel_switch={0x3c, 0x4, {0x0, 0x0, 0x3c, 0x9}}, @tim={0x5, 0x49, {0x3, 0x72, 0x10, "78acda1d5c983bc59a77e2901a291f8c08900033dbcb7e615111f8224aa3b1adfaf7251f98369a964ec63fd251f38fe96112b052890c0019a0935407241aac94bdbbc6167e5a"}}]}]]}, @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x3d}]}, 0x4d0}, 0x1, 0x0, 0x0, 0x4000000}, 0x891) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r1, &(0x7f0000000e00)={&(0x7f0000000d40)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000dc0)={&(0x7f0000000d80)={0x3c, 0x0, 0x300, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "a2c2d4bc5c01e1b014adc14f724c89f3"}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240048c0}, 0x40010) sendmsg$NL80211_CMD_STOP_AP(r1, &(0x7f0000000f00)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000e80)={0x28, r0, 0x8, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x2, 0x76}}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x804}, 0x844) r7 = dup3(r1, r1, 0x0) openat$incfs(r7, &(0x7f0000000f40)='.log\x00', 0x420000, 0x0) r8 = getuid() mount$overlay(0x0, &(0x7f0000000f80)='./file0\x00', &(0x7f0000000fc0), 0x21, &(0x7f0000001000)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file0'}}, {@metacopy_on}, {@verity_require}, {@metacopy_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}}], [{@euid_eq={'euid', 0x3d, r8}}, {@audit}]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000010c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setlease(r9, 0x400, 0x2) r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001140), r1) sendmsg$TIPC_NL_NET_GET(r1, &(0x7f0000001300)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000012c0)={&(0x7f0000001180)={0x11c, r11, 0x20, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x108, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xab}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5d3}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x11c}, 0x1, 0x0, 0x0, 0x4000}, 0x80) r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001380), r7) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000001440)={'ip_vti0\x00', &(0x7f00000013c0)={'gre0\x00', r3, 0x80, 0x700, 0x3, 0x3, {{0xa, 0x4, 0x0, 0xa, 0x28, 0x64, 0x0, 0x9, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, {[@timestamp_addr={0x44, 0x14, 0x77, 0x1, 0xb, [{@private=0xa010101, 0x7}, {@local, 0x8001}]}]}}}}}) ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000001480)={'team0\x00', 0x0}) sendmsg$ETHTOOL_MSG_WOL_GET(r1, &(0x7f0000001680)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001640)={&(0x7f00000014c0)={0x178, r12, 0x4, 0x70bd2d, 0x25dfdbff, {}, [@HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x4}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xfb74b2d8be2dc97a}]}, @HEADER={0x7c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_DEV_NAME={0x14}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}]}]}, 0x178}, 0x1, 0x0, 0x0, 0x84}, 0x8000) 475.7638ms ago: executing program 3 (id=1709): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x8031, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x19}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x5}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) close(r1) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r2, 0x400455c8, 0x0) syz_usb_connect(0x0, 0x4a, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 2 (id=1710): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) (async, rerun: 64) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) (rerun: 64) write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) (async) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x5, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) (async) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000b80)=@migrate={0xec, 0x21, 0x1, 0x0, 0xfffffffe, {{@in6=@private2, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0xfffc, 0x0, 0x0, 0x0, 0xa, 0xe0, 0x80}, 0x2}, [@migrate={0x9c, 0x11, [{@in=@local, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private2, @in6=@local, 0x32, 0x3, 0x0, 0x2, 0x2, 0x2}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@ipv4={'\x00', '\xff\xff', @private=0xa010102}, @in6=@empty, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x2, 0x8}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x800}, 0x42000) (async) r4 = dup(r1) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_INIT(r4, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x17d, 0x1005, 0x0, 0x3}}, 0x50) (async, rerun: 64) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f00000006c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@nodevmap}], [], 0x6b}}) (async, rerun: 64) r5 = syz_open_procfs(0x0, &(0x7f00000003c0)='mountinfo\x00') r6 = open(&(0x7f0000000000)='./file0\x00', 0x141a42, 0x0) sendfile(r6, r5, 0x0, 0xffffffff) kernel console output (not intermixed with test programs): 72] rust_binder: 459: no such ref 0 [ 111.130203][ T2872] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 111.137973][ T2872] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 111.281147][ T67] ftdi_sio 4-1:6.194: FTDI USB Serial Device converter detected [ 111.289583][ T67] usb 4-1: Detected FT233HP [ 111.294448][ T67] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 111.301928][ T67] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 111.309778][ T67] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 111.320315][ T67] usb 4-1: USB disconnect, device number 34 [ 111.328347][ T67] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 111.338343][ T67] ftdi_sio 4-1:6.194: device disconnected [ 111.795500][ T2885] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 111.795809][ T2886] rust_binder: Error in use_page_slow: ESRCH [ 111.802440][ T2886] rust_binder: use_range failure ESRCH [ 111.808708][ T2886] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false [ 111.814346][ T2886] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 111.822517][ T2886] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:550 [ 111.899498][ T2888] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 111.919818][ T2893] __vm_enough_memory: pid: 2893, comm: syz.3.816, bytes: 18014402804453376 not enough memory for the allocation [ 111.948068][ T54] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 111.951320][ T1097] Bluetooth: hci0: command 0x1003 tx timeout [ 111.966546][ T36] audit: type=1400 audit(1759347992.430:434): avc: denied { execute } for pid=2894 comm="syz.3.817" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=17094 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 112.532078][ T2939] rust_binder: Error while translating object. [ 112.532123][ T2939] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 112.538683][ T2939] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:476 [ 112.612464][ T2957] netlink: 4 bytes leftover after parsing attributes in process `syz.2.834'. [ 112.715712][ T2970] netlink: 12 bytes leftover after parsing attributes in process `syz.2.837'. [ 112.725997][ T36] audit: type=1400 audit(1759347993.190:435): avc: denied { name_bind } for pid=2969 comm="syz.2.837" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 113.058634][ T36] audit: type=1400 audit(1759347993.530:436): avc: denied { write } for pid=2985 comm="syz.4.843" name="/" dev="9p" ino=17889801302421081418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 113.081934][ T36] audit: type=1400 audit(1759347993.530:437): avc: denied { add_name } for pid=2985 comm="syz.4.843" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 113.103132][ T36] audit: type=1400 audit(1759347993.530:438): avc: denied { create } for pid=2985 comm="syz.4.843" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 113.123962][ T36] audit: type=1400 audit(1759347993.530:439): avc: denied { associate } for pid=2985 comm="syz.4.843" name="file1" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 113.187503][ T2991] tmpfs: Unknown parameter '' [ 113.194471][ T2991] binfmt_misc: register: failed to install interpreter file ./cgroup [ 113.218497][ T2991] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 67108864 [ 113.385828][ T36] audit: type=1400 audit(1759347993.850:440): avc: denied { read write } for pid=2996 comm="syz.4.847" name="loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 113.411246][ T36] audit: type=1400 audit(1759347993.850:441): avc: denied { open } for pid=2996 comm="syz.4.847" path="/dev/loop-control" dev="devtmpfs" ino=48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 113.436072][ T36] audit: type=1400 audit(1759347993.860:442): avc: denied { ioctl } for pid=2996 comm="syz.4.847" path="/dev/loop-control" dev="devtmpfs" ino=48 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 113.572111][ T3000] option changes via remount are deprecated (pid=2999 comm=syz.2.848) [ 113.580486][ T3000] cgroup: option or name mismatch, new: 0x4 "", old: 0x0 "" [ 113.608309][ T3000] kvm: user requested TSC rate below hardware speed [ 113.616046][ T3000] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 113.640676][ T3000] rust_binder: Failed to allocate buffer. len:1160, is_oneway:false [ 113.654794][ T3003] fuseblk: Bad value for 'group_id' [ 113.668181][ T3003] fuseblk: Bad value for 'group_id' [ 113.969091][ T3009] 9pnet_fd: Insufficient options for proto=fd [ 114.182870][ T3019] input: syz1 as /devices/virtual/input/input17 [ 114.260842][ T3026] fuse: Bad value for 'user_id' [ 114.265883][ T3026] fuse: Bad value for 'user_id' [ 114.587938][ T10] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 114.749213][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.760351][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.770221][ T10] usb 5-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00 [ 114.779330][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.788255][ T10] usb 5-1: config 0 descriptor?? [ 115.049560][ T10] usb 5-1: string descriptor 0 read error: -71 [ 115.057907][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 115.064063][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 115.073340][ T10] usb 5-1: USB disconnect, device number 7 [ 115.096854][ T3030] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.105990][ T3031] rust_binder: inc_ref_done called when no active inc_refs [ 115.130802][ T3035] Invalid logical block size (4) [ 115.164916][ T3042] loop6: detected capacity change from 0 to 9 [ 115.178155][ T3042] binder: Unknown parameter 'defcontextlÖ¸¥ó·›ïÌŒ¿º‘!ÇIö' [ 115.213678][ T36] audit: type=1400 audit(1759347995.680:443): avc: denied { write } for pid=3051 comm="syz.2.866" name="/" dev="configfs" ino=1606 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 115.222208][ T3053] rust_binder: Write failure EFAULT in pid:549 [ 115.604879][ T3068] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 115.611228][ T3068] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:90 [ 115.622361][ T3068] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 115.640224][ T3068] rust_binder: Write failure EINVAL in pid:90 [ 115.705648][ T3070] rust_binder: 92: no such ref 3 [ 115.717120][ T3070] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1 [ 115.724416][ T3070] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1 [ 115.731571][ T3070] rust_binder: Write failure EFAULT in pid:92 [ 115.813487][ T3077] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 115.820623][ T3077] rust_binder: Error in use_page_slow: ESRCH [ 115.833331][ T3077] rust_binder: use_range failure ESRCH [ 115.839661][ T3077] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 115.845406][ T3077] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 115.854044][ T3077] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:488 [ 115.943896][ T3087] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 116.010387][ T3089] fuse: Unknown parameter 'erok>^ÝE00000000000000000000' [ 116.063377][ T3081] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 136, limit: 160, size: 223) [ 116.063404][ T3081] rust_binder: Error while translating object. [ 116.074029][ T3081] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 116.080351][ T3081] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:490 [ 116.215296][ T3100] rust_binder: 3098 RLIMIT_NICE not set [ 116.224891][ T3098] rust_binder: Write failure EINVAL in pid:102 [ 116.236523][ T46] rust_binder: 3097: removing orphan mapping 0:1168 [ 116.268203][ T3102] syzkaller0: entered promiscuous mode [ 116.273770][ T3102] syzkaller0: entered allmulticast mode [ 116.373604][ T3106] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 116.373770][ T3106] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 116.385609][ T3106] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:561 [ 116.418914][ T3114] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 116.451876][ T3116] SELinux: failed to load policy [ 116.464405][ T3116] rust_binder: validate_parent_fixup: fixup_min_offset=57, parent_offset=37 [ 116.464424][ T3116] rust_binder: Error while translating object. [ 116.473208][ T3116] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 116.479897][ T3116] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:113 [ 116.737680][ T3121] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 116.749326][ T3121] netlink: 'syz.0.893': attribute type 2 has an invalid length. [ 116.782073][ T3123] netlink: 'syz.3.894': attribute type 4 has an invalid length. [ 116.790148][ T3123] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.894'. [ 117.897912][ T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 118.047908][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 118.055161][ T10] usb 5-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 118.068071][ T10] usb 5-1: config 1 interface 0 has no altsetting 0 [ 118.076800][ T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 118.086376][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.094433][ T10] usb 5-1: Product: syz [ 118.098776][ T10] usb 5-1: Manufacturer: syz [ 118.103404][ T10] usb 5-1: SerialNumber: syz [ 118.314730][ T10] usb 5-1: USB disconnect, device number 8 [ 118.766272][ T36] kauditd_printk_skb: 3 callbacks suppressed [ 118.766292][ T36] audit: type=1400 audit(1759347999.230:447): avc: denied { create } for pid=3141 comm="syz.3.901" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 118.833764][ T3150] binder: Unknown parameter 'ma00200000000000000' [ 118.850775][ T3152] fuseblk: Unknown parameter 'tÍWžcid' [ 119.430862][ T3171] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 119.467520][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 119.774703][ T3204] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 119.804559][ T3208] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 119.855947][ T3210] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:141 [ 119.856250][ T3210] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 119.867406][ T3210] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:141 [ 119.913500][ T12] Bluetooth: hci1: Frame reassembly failed (-84) [ 120.032787][ T36] audit: type=1400 audit(1759348000.500:448): avc: denied { read } for pid=3220 comm="syz.4.928" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 120.229359][ T36] audit: type=1326 audit(1759348000.700:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3225 comm="syz.3.930" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff9b6b8eec9 code=0x0 [ 120.267901][ T67] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 120.417836][ T67] usb 5-1: Using ep0 maxpacket: 32 [ 120.424212][ T67] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 120.432669][ T67] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 120.441529][ T67] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 120.450573][ T67] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 120.460363][ T67] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 120.470151][ T67] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 120.483372][ T67] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 120.492660][ T67] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.501936][ T67] usb 5-1: config 0 descriptor?? [ 120.709820][ T67] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 120.723126][ T67] usb 5-1: USB disconnect, device number 9 [ 120.730058][ T67] usblp0: removed [ 121.074792][ T36] audit: type=1400 audit(1759348001.540:450): avc: denied { mount } for pid=3228 comm="syz.3.931" name="/" dev="ramfs" ino=19755 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 121.097614][ T36] audit: type=1400 audit(1759348001.550:451): avc: denied { execute } for pid=3228 comm="syz.3.931" name="file0" dev="ramfs" ino=19756 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 121.119582][ T36] audit: type=1400 audit(1759348001.550:452): avc: denied { execute_no_trans } for pid=3228 comm="syz.3.931" path="/file0" dev="ramfs" ino=19756 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 121.147839][ T31] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 121.277902][ T31] usb 5-1: device descriptor read/64, error -71 [ 121.467895][ T54] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 121.468064][ T1096] Bluetooth: hci0: command 0x1003 tx timeout [ 121.517835][ T31] usb 5-1: device descriptor read/64, error -71 [ 121.757850][ T31] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 121.763833][ T3245] overlayfs: missing 'lowerdir' [ 121.771171][ T3245] 9pnet_fd: Insufficient options for proto=fd [ 121.887848][ T31] usb 5-1: device descriptor read/64, error -71 [ 121.947853][ T54] Bluetooth: hci1: command 0x1003 tx timeout [ 121.947863][ T1097] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 122.127870][ T31] usb 5-1: device descriptor read/64, error -71 [ 122.237997][ T31] usb usb5-port1: attempt power cycle [ 122.460565][ T3257] 9pnet_fd: Insufficient options for proto=fd [ 122.480053][ T3259] rust_binder: 508: no such ref 3 [ 122.485222][ T3259] rust_binder: Write failure EINVAL in pid:508 [ 122.877845][ T31] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 122.909040][ T31] usb 5-1: device descriptor read/8, error -71 [ 123.029410][ T36] audit: type=1400 audit(1759348003.500:453): avc: denied { setattr } for pid=3266 comm="syz.0.946" name="" dev="pipefs" ino=18970 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 123.052187][ T31] usb 5-1: device descriptor read/8, error -71 [ 123.529616][ T36] audit: type=1326 audit(1759348004.000:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3284 comm="syz.3.952" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9b6b8eec9 code=0x0 [ 123.631872][ T3294] netlink: 'syz.3.954': attribute type 46 has an invalid length. [ 123.730972][ T3298] netlink: 'syz.3.956': attribute type 1 has an invalid length. [ 123.739043][ T3298] netlink: 160 bytes leftover after parsing attributes in process `syz.3.956'. [ 123.749176][ T3298] ext3: Unknown parameter 'memory.numa_stat' [ 123.755982][ T36] audit: type=1400 audit(1759348004.220:455): avc: denied { write } for pid=3297 comm="syz.3.956" name="file0" dev="tmpfs" ino=1288 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 123.779829][ T36] audit: type=1400 audit(1759348004.220:456): avc: denied { open } for pid=3297 comm="syz.3.956" path="/235/file0" dev="tmpfs" ino=1288 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 123.824902][ T36] audit: type=1400 audit(1759348004.290:457): avc: denied { bpf } for pid=3299 comm="syz.3.958" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 123.956201][ T3319] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.016248][ T3327] SELinux: security_context_str_to_sid () failed with errno=-22 [ 124.046346][ T3329] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.046721][ T3329] rust_binder: 530: no such ref 0 [ 124.075403][ T3331] netlink: 20 bytes leftover after parsing attributes in process `syz.0.968'. [ 124.110237][ T36] audit: type=1400 audit(1759348004.580:458): avc: denied { ioctl } for pid=3333 comm="syz.4.970" path="socket:[20164]" dev="sockfs" ino=20164 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 124.112524][ T3337] /dev/rnullb0: Can't open blockdev [ 124.154595][ T3334] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.154711][ T3334] rust_binder: Error in use_page_slow: ESRCH [ 124.157386][ T3342] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 124.169938][ T3334] rust_binder: use_range failure ESRCH [ 124.176632][ T3342] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 124.179106][ T3334] rust_binder: Failed to allocate buffer. len:1192, is_oneway:false [ 124.189976][ T3334] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 124.198101][ T3334] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:534 [ 124.221782][ T36] audit: type=1400 audit(1759348004.690:459): avc: denied { map } for pid=3343 comm="syz.0.972" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 124.254474][ T36] audit: type=1400 audit(1759348004.690:460): avc: denied { execute } for pid=3343 comm="syz.0.972" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 124.384857][ T3342] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 124.393537][ T3342] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 124.457874][ T31] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 124.513089][ T3347] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.513175][ T3348] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.519992][ T3347] rust_binder: inc_ref_done called when no active inc_refs [ 124.526641][ T3347] rust_binder: Write failure EINVAL in pid:579 [ 124.547464][ T3350] overlayfs: conflicting options: nfs_export=on,index=off [ 124.688103][ T3352] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.980995][ T3359] netlink: 20 bytes leftover after parsing attributes in process `syz.4.977'. [ 125.019737][ T36] audit: type=1400 audit(1759348005.490:461): avc: denied { view } for pid=3360 comm="syz.4.978" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 125.036372][ T3361] kvm: kvm [3360]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0xc1) = 0x5 [ 125.047216][ T3361] kvm: kvm [3360]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0xc2) = 0x5 [ 125.058148][ T3361] kvm: kvm [3360]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0x11e) = 0x5 [ 125.069263][ T3361] kvm: kvm [3360]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0x186) = 0x5 [ 125.078088][ T3361] kvm: kvm [3360]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0x187) = 0x5 [ 125.089064][ T3361] kvm_intel: kvm [3360]: vcpu2, guest rIP: 0x9136 Unhandled WRMSR(0x1d9) = 0x5 [ 125.100571][ T3363] rust_binder: Error while translating object. [ 125.100613][ T3363] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 125.106947][ T3363] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:167 [ 125.147889][ T3365] netlink: 4 bytes leftover after parsing attributes in process `syz.4.979'. [ 125.166353][ T3365] bridge_slave_1: left allmulticast mode [ 125.172220][ T3365] bridge_slave_1: left promiscuous mode [ 125.178009][ T3365] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.186123][ T3365] bridge_slave_0: left allmulticast mode [ 125.192118][ T3365] bridge_slave_0: left promiscuous mode [ 125.197924][ T3365] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.210212][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 127.227814][ T1097] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 127.227814][ T54] Bluetooth: hci0: command 0x1003 tx timeout [ 127.288812][ T36] audit: type=1326 audit(1759348007.760:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3367 comm="syz.0.980" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8b5018eec9 code=0x0 [ 127.656404][ T3371] netlink: 'syz.2.981': attribute type 27 has an invalid length. [ 127.664419][ T3371] lo: entered promiscuous mode [ 127.669520][ T3371] lo: entered allmulticast mode [ 127.675066][ T3371] tunl0: entered promiscuous mode [ 127.680285][ T3371] tunl0: entered allmulticast mode [ 127.685775][ T3371] gre0: entered promiscuous mode [ 127.690860][ T3371] gre0: entered allmulticast mode [ 127.696378][ T3371] gretap0: entered promiscuous mode [ 127.701667][ T3371] gretap0: entered allmulticast mode [ 127.707626][ T3371] erspan0: entered promiscuous mode [ 127.713530][ T3371] erspan0: entered allmulticast mode [ 127.719478][ T3371] ip_vti0: entered promiscuous mode [ 127.724715][ T3371] ip_vti0: entered allmulticast mode [ 127.730658][ T3371] ip6_vti0: entered promiscuous mode [ 127.735976][ T3371] ip6_vti0: entered allmulticast mode [ 127.741842][ T3371] sit0: entered promiscuous mode [ 127.746832][ T3371] sit0: entered allmulticast mode [ 127.752578][ T3371] ip6tnl0: entered promiscuous mode [ 127.757901][ T3371] ip6tnl0: entered allmulticast mode [ 127.768211][ T3371] ip6gre0: entered promiscuous mode [ 127.773469][ T3371] ip6gre0: entered allmulticast mode [ 127.782425][ T3371] vcan0: entered promiscuous mode [ 127.787643][ T3371] vcan0: entered allmulticast mode [ 127.794038][ T3371] dummy0: entered promiscuous mode [ 127.800355][ T3371] dummy0: entered allmulticast mode [ 127.808333][ T3382] rust_binder: 178: no such ref 2 [ 127.813121][ T3371] veth0: entered promiscuous mode [ 127.813573][ T3382] rust_binder: Write failure EINVAL in pid:178 [ 127.818775][ T3371] veth0: entered allmulticast mode [ 127.836268][ T3371] veth1: entered promiscuous mode [ 127.841591][ T3371] veth1: entered allmulticast mode [ 127.847646][ T3371] wg0: entered promiscuous mode [ 127.852872][ T3371] wg0: entered allmulticast mode [ 127.858555][ T3371] wg1: entered promiscuous mode [ 127.863582][ T3371] wg1: entered allmulticast mode [ 127.869194][ T3371] wg2: entered promiscuous mode [ 127.874088][ T3371] wg2: entered allmulticast mode [ 127.879696][ T3371] veth0_to_bridge: entered promiscuous mode [ 127.885619][ T3371] veth0_to_bridge: entered allmulticast mode [ 127.892331][ T3371] bridge_slave_0: entered promiscuous mode [ 127.898327][ T3371] bridge_slave_0: entered allmulticast mode [ 127.904771][ T3371] veth1_to_bridge: entered promiscuous mode [ 127.910837][ T3371] veth1_to_bridge: entered allmulticast mode [ 127.917361][ T3371] bridge_slave_1: entered promiscuous mode [ 127.923515][ T3371] bridge_slave_1: entered allmulticast mode [ 127.930459][ T3371] veth0_to_bond: entered promiscuous mode [ 127.936260][ T3371] veth0_to_bond: entered allmulticast mode [ 127.942944][ T3371] bond_slave_0: entered promiscuous mode [ 127.948895][ T3371] bond_slave_0: entered allmulticast mode [ 127.955107][ T3371] veth1_to_bond: entered promiscuous mode [ 127.961171][ T3371] veth1_to_bond: entered allmulticast mode [ 127.967532][ T3371] bond_slave_1: entered promiscuous mode [ 127.973467][ T3371] bond_slave_1: entered allmulticast mode [ 127.979976][ T3371] veth0_to_team: entered promiscuous mode [ 127.985912][ T3371] veth0_to_team: entered allmulticast mode [ 127.992482][ T3371] team_slave_0: entered promiscuous mode [ 127.998339][ T3371] team_slave_0: entered allmulticast mode [ 128.004586][ T3371] veth1_to_team: entered promiscuous mode [ 128.010511][ T3371] veth1_to_team: entered allmulticast mode [ 128.016982][ T3371] team_slave_1: entered promiscuous mode [ 128.022885][ T3371] team_slave_1: entered allmulticast mode [ 128.029153][ T3371] veth0_to_batadv: entered promiscuous mode [ 128.035164][ T3371] veth0_to_batadv: entered allmulticast mode [ 128.041768][ T3371] batadv_slave_0: entered promiscuous mode [ 128.047744][ T3371] batadv_slave_0: entered allmulticast mode [ 128.054205][ T3371] veth1_to_batadv: entered promiscuous mode [ 128.060178][ T3371] veth1_to_batadv: entered allmulticast mode [ 128.066638][ T3371] batadv_slave_1: entered promiscuous mode [ 128.072911][ T3371] batadv_slave_1: entered allmulticast mode [ 128.079576][ T3371] xfrm0: entered promiscuous mode [ 128.084785][ T3371] xfrm0: entered allmulticast mode [ 128.090667][ T3371] veth0_to_hsr: entered promiscuous mode [ 128.096531][ T3371] veth0_to_hsr: entered allmulticast mode [ 128.102968][ T3371] hsr_slave_0: entered promiscuous mode [ 128.108803][ T3371] hsr_slave_0: entered allmulticast mode [ 128.115375][ T3371] veth1_to_hsr: entered promiscuous mode [ 128.121284][ T3371] veth1_to_hsr: entered allmulticast mode [ 128.127722][ T3371] hsr_slave_1: entered promiscuous mode [ 128.133901][ T3371] hsr_slave_1: entered allmulticast mode [ 128.140616][ T3371] veth1_virt_wifi: entered promiscuous mode [ 128.146917][ T3371] veth1_virt_wifi: entered allmulticast mode [ 128.153734][ T3371] veth0_virt_wifi: entered promiscuous mode [ 128.159949][ T3371] veth0_virt_wifi: entered allmulticast mode [ 128.166586][ T3371] veth1_vlan: entered promiscuous mode [ 128.172185][ T3371] veth1_vlan: entered allmulticast mode [ 128.178510][ T3371] veth0_vlan: entered allmulticast mode [ 128.184978][ T3371] vlan0: entered promiscuous mode [ 128.190292][ T3371] vlan0: entered allmulticast mode [ 128.195938][ T3371] vlan1: entered promiscuous mode [ 128.201412][ T3371] vlan1: entered allmulticast mode [ 128.207055][ T3371] veth1_macvtap: entered allmulticast mode [ 128.213615][ T3371] veth0_macvtap: entered promiscuous mode [ 128.219608][ T3371] veth0_macvtap: entered allmulticast mode [ 128.226044][ T3371] macsec0: entered promiscuous mode [ 128.231718][ T3371] macsec0: entered allmulticast mode [ 128.237722][ T3371] tap0: entered promiscuous mode [ 128.242809][ T3371] tap0: entered allmulticast mode [ 128.252382][ T3388] netlink: 20 bytes leftover after parsing attributes in process `syz.0.986'. [ 128.491952][ T3397] overlayfs: statfs failed on './file0' [ 128.495176][ T3391] rust_binder: Error while translating object. [ 128.497613][ T3391] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 128.508222][ T3391] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:183 [ 128.544278][ T3403] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 128.556562][ T3403] rust_binder: Failed to allocate buffer. len:1192, is_oneway:true [ 128.564670][ T3407] overlay: Unknown parameter 'smackfsfloor' [ 128.565860][ T3406] fuse: Bad value for 'group_id' [ 128.583740][ T3406] fuse: Bad value for 'group_id' [ 128.598314][ T3406] overlay: ./file0 is not a directory [ 128.603869][ T3410] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 128.604799][ T36] audit: type=1400 audit(1759348009.070:463): avc: denied { accept } for pid=3408 comm="syz.2.995" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 128.605709][ T3410] rust_binder: Failed to allocate buffer. len:1160, is_oneway:false [ 128.692580][ T330] Bluetooth: hci0: Frame reassembly failed (-84) [ 128.828567][ T3426] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1003'. [ 128.839449][ T330] Bluetooth: hci1: Frame reassembly failed (-84) [ 128.846550][ T3427] netlink: 'syz.4.1003': attribute type 58 has an invalid length. [ 128.856443][ T3426] netlink: 'syz.4.1003': attribute type 58 has an invalid length. [ 129.281215][ T3435] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 129.281329][ T3435] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 129.288707][ T3435] rust_binder: Failed to allocate buffer. len:1184, is_oneway:false [ 129.309752][ T3437] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 129.523283][ T3441] syz.3.1008(3441): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 130.154567][ T3469] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 130.155062][ T3469] rust_binder: Failed to allocate buffer. len:1048, is_oneway:false [ 130.216080][ T36] audit: type=1400 audit(1759348010.680:464): avc: denied { map } for pid=3474 comm="syz.3.1021" path="socket:[20521]" dev="sockfs" ino=20521 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 130.347304][ T36] audit: type=1400 audit(1759348010.810:465): avc: denied { append } for pid=3478 comm="syz.2.1023" name="usbmon0" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 130.473918][ T3492] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 130.747886][ T1096] Bluetooth: hci0: command 0x1003 tx timeout [ 130.747932][ T54] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 130.907871][ T1097] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 130.907878][ T54] Bluetooth: hci1: command 0x1003 tx timeout [ 130.972179][ T3504] devpts: called with bogus options [ 131.315568][ T36] audit: type=1400 audit(1759348011.780:466): avc: denied { map } for pid=3520 comm="syz.0.1037" path=2F3138362F636F6E74726F6C202864656C6574656429 dev="tmpfs" ino=1010 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 131.426853][ T36] audit: type=1400 audit(1759348011.890:467): avc: denied { create } for pid=3524 comm="syz.0.1039" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 131.472712][ T3531] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 [ 131.524088][ T3538] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 131.524121][ T3538] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:197 [ 131.535510][ T3538] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 2 [ 131.552070][ T3538] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 131.673062][ T3546] fuse: Bad value for 'user_id' [ 131.678246][ T3546] fuse: Bad value for 'user_id' [ 131.696650][ T3548] binder: Bad value for 'stats' [ 131.732293][ T36] audit: type=1400 audit(1759348012.200:468): avc: denied { connect } for pid=3547 comm="syz.2.1047" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 132.332765][ T3566] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 132.332948][ T3563] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:556 [ 132.333275][ T3567] rust_binder: Read failure Err(EAGAIN) in pid:556 [ 132.398936][ T3572] __vm_enough_memory: pid: 3572, comm: syz.0.1055, bytes: 18014402804453376 not enough memory for the allocation [ 132.399913][ T36] audit: type=1400 audit(1759348012.870:469): avc: denied { create } for pid=3571 comm="syz.0.1055" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 132.585387][ T3584] binder: Unknown parameter 'contex [ 132.585387][ T3584] ' [ 133.377885][ T31] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 133.507922][ T31] usb 5-1: device descriptor read/64, error -71 [ 133.535907][ T36] audit: type=1400 audit(1759348014.000:470): avc: denied { create } for pid=3600 comm="syz.3.1064" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 133.747861][ T31] usb 5-1: device descriptor read/64, error -71 [ 133.987834][ T31] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 134.117917][ T31] usb 5-1: device descriptor read/64, error -71 [ 134.357972][ T31] usb 5-1: device descriptor read/64, error -71 [ 134.468231][ T31] usb usb5-port1: attempt power cycle [ 134.777940][ T3626] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.778880][ T3626] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 134.807974][ T31] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 134.839226][ T31] usb 5-1: device descriptor read/8, error -71 [ 134.855178][ T3633] ./cgroup: Can't lookup blockdev [ 134.860667][ T3633] ./cgroup: Can't lookup blockdev [ 134.969005][ T31] usb 5-1: device descriptor read/8, error -71 [ 135.207954][ T31] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 135.228943][ T31] usb 5-1: device descriptor read/8, error -71 [ 135.359302][ T31] usb 5-1: device descriptor read/8, error -71 [ 135.468004][ T31] usb usb5-port1: unable to enumerate USB device [ 135.572723][ T3645] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1082'. [ 135.581908][ T3645] bridge_slave_1: left allmulticast mode [ 135.587590][ T3645] bridge_slave_1: left promiscuous mode [ 135.593531][ T3645] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.607450][ T3645] bridge_slave_0: left allmulticast mode [ 135.613565][ T3645] bridge_slave_0: left promiscuous mode [ 135.620856][ T3645] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.629544][ T3649] overlayfs: failed to clone upperpath [ 135.644619][ T3647] __vm_enough_memory: pid: 3647, comm: syz.0.1083, bytes: 18014402804453376 not enough memory for the allocation [ 135.749705][ T3658] rust_binder: Write failure EFAULT in pid:573 [ 135.775102][ T3665] 9pnet_fd: Insufficient options for proto=fd [ 135.817370][ T3671] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 135.832738][ T36] audit: type=1326 audit(1759348016.300:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3675 comm="syz.3.1094" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9b6b8eec9 code=0x0 [ 135.911671][ T3683] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 135.956096][ T3698] netlink: 'syz.3.1099': attribute type 11 has an invalid length. [ 136.209967][ T3706] fuse: Bad value for 'fd' [ 136.239941][ T36] audit: type=1400 audit(1759348016.710:472): avc: denied { write } for pid=3707 comm="syz.4.1103" name="usbmon1" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 136.292424][ T3710] kernel profiling enabled (shift: 63) [ 136.298218][ T3710] profiling shift: 63 too large [ 136.331756][ T3712] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1105'. [ 136.342950][ T1721] Bluetooth: hci0: Frame reassembly failed (-84) [ 136.443706][ T3714] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 136.546348][ T3716] rust_binder: inc_ref_done called when no active inc_refs [ 137.292375][ T3733] batadv_slave_1: entered promiscuous mode [ 137.306650][ T3733] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 137.306995][ T3733] rust_binder: Error in use_page_slow: ESRCH [ 137.307400][ T3735] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1114'. [ 137.313823][ T3733] rust_binder: use_range failure ESRCH [ 137.328845][ T3733] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false [ 137.334462][ T3733] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 137.342646][ T3733] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:595 [ 137.352935][ T3732] batadv_slave_1: left promiscuous mode [ 137.401054][ T3737] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 137.401087][ T3737] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 137.472545][ T3743] binder: Bad value for 'stats' [ 138.061850][ T3759] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 138.278343][ T3767] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 138.286366][ T3769] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:605 [ 138.294102][ T3767] rust_binder: Failed to allocate buffer. len:18446744043644782048, is_oneway:true [ 138.303567][ T3767] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 138.313317][ T3767] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:605 [ 138.347853][ T1097] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 138.347895][ T54] Bluetooth: hci0: command 0x1003 tx timeout [ 138.574455][ T36] audit: type=1400 audit(1759348019.040:473): avc: denied { getopt } for pid=3778 comm="syz.3.1129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 138.609669][ T36] audit: type=1400 audit(1759348019.080:474): avc: denied { ioctl } for pid=3778 comm="syz.3.1129" path="socket:[21193]" dev="sockfs" ino=21193 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 138.967583][ T3794] rust_binder: 3790 RLIMIT_NICE not set [ 138.967879][ T3790] rust_binder: Read failure Err(EFAULT) in pid:227 [ 139.017279][ T3800] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65 sclass=netlink_route_socket pid=3800 comm=syz.3.1135 [ 139.122950][ T3814] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 139.123207][ T3815] rust_binder: Failed to allocate buffer. len:1184, is_oneway:true [ 139.130016][ T3815] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 139.138346][ T3815] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:609 [ 139.158940][ T3818] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 139.168231][ T3819] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 139.181796][ T3818] rust_binder: Error in use_page_slow: ESRCH [ 139.188689][ T3818] rust_binder: use_range failure ESRCH [ 139.194712][ T3818] rust_binder: Failed to allocate buffer. len:1048, is_oneway:false [ 139.200349][ T3818] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 139.208837][ T3818] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:613 [ 139.242901][ T3824] rust_binder: 619: no such ref 3 [ 139.257307][ T3824] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1 [ 139.264512][ T3824] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1 [ 139.271923][ T3824] rust_binder: Write failure EFAULT in pid:619 [ 139.691515][ T36] audit: type=1400 audit(1759348020.160:475): avc: denied { create } for pid=3827 comm="syz.4.1145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 139.754874][ T3834] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 139.754908][ T3834] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:242 [ 139.868363][ T3847] /dev/rnullb0: Can't open blockdev [ 140.328307][ T3882] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 140.329119][ T3882] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 140.348145][ T3884] __vm_enough_memory: pid: 3884, comm: syz.2.1165, bytes: 18014402804453376 not enough memory for the allocation [ 140.368416][ T10] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 140.383600][ T3889] IPv6: NLM_F_CREATE should be specified when creating new route [ 140.519213][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.530198][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.540035][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 140.553376][ T10] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 140.562470][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.571522][ T10] usb 5-1: config 0 descriptor?? [ 140.777988][ T36] audit: type=1326 audit(1759348021.250:476): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3858 comm="syz.4.1158" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd8b198eec9 code=0x0 [ 140.784590][ T3899] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1170'. [ 140.967115][ T3902] netlink: 'syz.2.1171': attribute type 4 has an invalid length. [ 140.975038][ T3902] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1171'. [ 140.984898][ T3902] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 140.985440][ T3902] rust_binder: Failed to allocate buffer. len:5192, is_oneway:false [ 141.054285][ T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0xd [ 141.070429][ T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 141.078349][ T10] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 141.086486][ T10] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 141.096608][ T10] plantronics 0003:047F:FFFF.0007: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 141.109955][ T3908] rust_binder: Failed to allocate buffer. len:120, is_oneway:false [ 141.125619][ T3911] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 141.308285][ T3900] rust_binder: Write failure EFAULT in pid:260 [ 141.666988][ T3929] ./cgroup: Can't lookup blockdev [ 141.691528][ T3931] rust_binder: 707: no such ref 1 [ 141.696818][ T3931] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:707 [ 141.898226][ T3939] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 141.907608][ T3938] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 141.943487][ T3944] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1188'. [ 142.082405][ T3958] netlink: 'syz.2.1192': attribute type 13 has an invalid length. [ 142.181504][ T36] audit: type=1400 audit(1759348022.650:477): avc: denied { map } for pid=3960 comm="syz.2.1193" path="/proc/733/task/734/smaps" dev="proc" ino=22741 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 142.307500][ T3969] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 142.307644][ T3968] rust_binder: Failed to allocate buffer. len:1152, is_oneway:true [ 142.314502][ T3968] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 142.316026][ T3972] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 142.323154][ T3968] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:623 [ 142.333956][ T3972] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 142.376066][ T3975] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 142.397984][ T3977] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 142.405113][ T3977] rust_binder: Error in use_page_slow: ESRCH [ 142.411712][ T3977] rust_binder: use_range failure ESRCH [ 142.417867][ T3977] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 142.423495][ T3977] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 142.431782][ T3977] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:630 [ 142.487893][ T67] usb 5-1: reset high-speed USB device number 20 using dummy_hcd [ 142.583177][ T36] audit: type=1400 audit(1759348023.050:478): avc: denied { read } for pid=3984 comm="syz.3.1203" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 142.754972][ T36] audit: type=1400 audit(1759348023.220:479): avc: denied { setattr } for pid=3980 comm="syz.0.1201" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 143.198165][ T4014] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1213'. [ 143.291549][ T36] audit: type=1326 audit(1759348023.760:480): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4023 comm="syz.3.1217" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9b6b8eec9 code=0x0 [ 143.333939][ T4026] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 143.334308][ T4026] rust_binder: Error in use_page_slow: ESRCH [ 143.341427][ T4026] rust_binder: use_range failure ESRCH [ 143.347471][ T4026] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 143.353204][ T4026] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 143.361392][ T4026] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:637 [ 143.488219][ T9] usb 5-1: USB disconnect, device number 20 [ 143.627864][ T9] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 143.758596][ T9] usb 5-1: device descriptor read/64, error -71 [ 143.997837][ T9] usb 5-1: device descriptor read/64, error -71 [ 144.177333][ T4029] fuse: Unknown parameter 'ftS0x0000000000000004' [ 144.237830][ T9] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 144.367843][ T9] usb 5-1: device descriptor read/64, error -71 [ 144.607863][ T9] usb 5-1: device descriptor read/64, error -71 [ 144.718024][ T9] usb usb5-port1: attempt power cycle [ 145.057890][ T9] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 145.079126][ T9] usb 5-1: device descriptor read/8, error -71 [ 145.209245][ T9] usb 5-1: device descriptor read/8, error -71 [ 145.447847][ T9] usb 5-1: new full-speed USB device number 24 using dummy_hcd [ 145.468906][ T9] usb 5-1: device descriptor read/8, error -71 [ 145.598950][ T9] usb 5-1: device descriptor read/8, error -71 [ 145.708003][ T9] usb usb5-port1: unable to enumerate USB device [ 146.358596][ T36] audit: type=1400 audit(1759348026.830:481): avc: denied { watch watch_reads } for pid=4057 comm="syz.3.1228" path="/359" dev="tmpfs" ino=1942 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 146.413699][ T4061] rust_binder: 274: no such ref 1 [ 146.454170][ T36] audit: type=1326 audit(1759348026.920:482): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4068 comm="syz.3.1233" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9b6b8eec9 code=0x0 [ 146.677849][ T575] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 146.827831][ T575] usb 5-1: Using ep0 maxpacket: 32 [ 146.834919][ T575] usb 5-1: unable to get BOS descriptor or descriptor too short [ 146.843779][ T575] usb 5-1: config 14 has an invalid interface number: 120 but max is 0 [ 146.852233][ T575] usb 5-1: config 14 has no interface number 0 [ 146.859115][ T575] usb 5-1: config 14 interface 120 has no altsetting 0 [ 146.867679][ T575] usb 5-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice=22.cd [ 146.876825][ T575] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.884910][ T575] usb 5-1: Product: syz [ 146.889337][ T575] usb 5-1: Manufacturer: syz [ 146.894143][ T575] usb 5-1: SerialNumber: syz [ 147.103762][ T575] ftdi_sio 5-1:14.120: FTDI USB Serial Device converter detected [ 147.112242][ T575] ftdi_sio ttyUSB0: unknown device type: 0x22cd [ 147.119824][ T575] usb 5-1: USB disconnect, device number 25 [ 147.126651][ T575] ftdi_sio 5-1:14.120: device disconnected [ 147.251486][ T4072] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 147.673996][ T4078] binder: Unknown parameter 'rw wƲӤي~ZʽW¿§mú' [ 147.723356][ T4081] GUP no longer grows the stack in syz.4.1238 (4081): 200000005000-200000008000 (200000004000) [ 147.733849][ T4081] CPU: 0 UID: 0 PID: 4081 Comm: syz.4.1238 Not tainted syzkaller #0 67868b434517ba700884c753facc80d4f03a3ea5 [ 147.733891][ T4081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 147.733922][ T4081] Call Trace: [ 147.733928][ T4081] [ 147.733936][ T4081] __dump_stack+0x21/0x30 [ 147.733975][ T4081] dump_stack_lvl+0x10c/0x190 [ 147.733999][ T4081] ? __cfi_dump_stack_lvl+0x10/0x10 [ 147.734022][ T4081] ? futex_lock_pi_atomic+0xdd/0xc70 [ 147.734045][ T4081] dump_stack+0x19/0x20 [ 147.734071][ T4081] fixup_user_fault+0x63d/0x6d0 [ 147.734102][ T4081] fault_in_user_writeable+0x76/0xe0 [ 147.734126][ T4081] futex_lock_pi+0x258/0xa10 [ 147.734149][ T4081] ? futex_unqueue+0x136/0x160 [ 147.734167][ T4081] ? __cfi_futex_lock_pi+0x10/0x10 [ 147.734187][ T4081] ? __cfi_futex_wake_mark+0x10/0x10 [ 147.734208][ T4081] ? futex_setup_timer+0xb4/0xd0 [ 147.734224][ T4081] ? __cfi_futex_wake_mark+0x10/0x10 [ 147.734246][ T4081] ? mas_find+0x358/0x5f0 [ 147.734261][ T4081] ? __kasan_check_write+0x18/0x20 [ 147.734287][ T4081] do_futex+0x25c/0x500 [ 147.734304][ T4081] ? __cfi_do_futex+0x10/0x10 [ 147.734320][ T4081] ? __vm_munmap+0x2c7/0x370 [ 147.734337][ T4081] __se_sys_futex+0x28f/0x300 [ 147.734355][ T4081] ? __x64_sys_futex+0x110/0x110 [ 147.734374][ T4081] ? __kasan_check_write+0x18/0x20 [ 147.734400][ T4081] __x64_sys_futex+0xe9/0x110 [ 147.734417][ T4081] x64_sys_call+0x227f/0x2ee0 [ 147.734442][ T4081] do_syscall_64+0x58/0xf0 [ 147.734462][ T4081] ? clear_bhb_loop+0x50/0xa0 [ 147.734478][ T4081] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 147.734505][ T4081] RIP: 0033:0x7fd8b198eec9 [ 147.734525][ T4081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.734539][ T4081] RSP: 002b:00007fd8b2868038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 147.734561][ T4081] RAX: ffffffffffffffda RBX: 00007fd8b1be5fa0 RCX: 00007fd8b198eec9 [ 147.734574][ T4081] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000 [ 147.734586][ T4081] RBP: 00007fd8b1a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 147.734627][ T4081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.734638][ T4081] R13: 00007fd8b1be6038 R14: 00007fd8b1be5fa0 R15: 00007ffe0a93a0b8 [ 147.734655][ T4081] [ 148.857826][ T9] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 149.007813][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 149.014086][ T9] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 149.024168][ T9] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16 [ 149.035384][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 149.044529][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.052721][ T9] usb 5-1: Manufacturer: à°‡ [ 149.057325][ T9] usb 5-1: SerialNumber: Ћ [ 149.260923][ T330] Bluetooth: hci0: Frame reassembly failed (-84) [ 149.271530][ T36] audit: type=1400 audit(1759348029.740:483): avc: denied { listen } for pid=4088 comm="syz.4.1241" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 149.275657][ T9] cdc_ncm 5-1:1.0: bind() failure [ 149.297728][ T9] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 149.304594][ T9] cdc_ncm 5-1:1.1: bind() failure [ 149.312533][ T9] usb 5-1: USB disconnect, device number 26 [ 150.020009][ T4101] /dev/rnullb0: Can't open blockdev [ 150.847888][ T9] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 150.974455][ T4124] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1257'. [ 151.001044][ T4126] SELinux: security_context_str_to_sid () failed with errno=-22 [ 151.009987][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.020953][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 151.030936][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 151.033336][ T4128] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1259'. [ 151.044185][ T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 151.062695][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.071654][ T9] usb 5-1: config 0 descriptor?? [ 151.277904][ T36] audit: type=1326 audit(1759348031.740:484): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4113 comm="syz.4.1252" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd8b198eec9 code=0x0 [ 151.307819][ T1097] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 151.309003][ T54] Bluetooth: hci0: command 0x1003 tx timeout [ 151.420293][ T4133] /dev/rnullb0: Can't open blockdev [ 151.444246][ T36] audit: type=1326 audit(1759348031.910:485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4135 comm="syz.2.1261" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f20a9d8eec9 code=0x0 [ 151.530189][ T9] plantronics 0003:047F:FFFF.0008: unknown main item tag 0xd [ 151.537678][ T9] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 151.545414][ T9] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 151.556938][ T9] plantronics 0003:047F:FFFF.0008: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 151.573782][ T4139] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 151.788186][ T4131] rust_binder: Write failure EFAULT in pid:295 [ 152.324599][ T4149] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:766 [ 152.957890][ T31] usb 5-1: reset high-speed USB device number 27 using dummy_hcd [ 153.303573][ T4176] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 153.303778][ T4176] rust_binder: Failed to allocate buffer. len:1048, is_oneway:true [ 153.310463][ T4176] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 153.318841][ T4176] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:678 [ 153.343771][ T4178] rust_binder: 680: no such ref 0 [ 153.358558][ T4178] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 153.365839][ T4178] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 153.632762][ T4187] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1278'. [ 153.643536][ T4187] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 153.643572][ T4187] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:298 [ 154.447897][ T31] usb 5-1: device descriptor read/64, error -71 [ 154.919698][ T36] audit: type=1326 audit(1759348035.390:486): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4209 comm="syz.4.1286" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd8b198eec9 code=0x0 [ 154.924392][ T4214] overlayfs: failed to clone upperpath [ 155.042281][ T4225] netlink: 'syz.3.1291': attribute type 4 has an invalid length. [ 155.171832][ T4220] rust_binder: Write failure EFAULT in pid:316 [ 156.326556][ T4237] /dev/rnullb0: Can't open blockdev [ 156.446480][ T4248] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 1 [ 156.453988][ T4248] rust_binder: 790: no such ref 3 [ 156.459250][ T4248] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 156.466742][ T4248] rust_binder: 790: no such ref 0 [ 156.472282][ T4248] rust_binder: 790: no such ref 2 [ 156.477568][ T4248] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 156.528098][ T4256] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 157.041771][ T9] usb 5-1: USB disconnect, device number 27 [ 157.253894][ T36] audit: type=1400 audit(1759348037.720:487): avc: denied { append } for pid=4274 comm="syz.2.1310" name="ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 157.366804][ T36] audit: type=1326 audit(1759348037.830:488): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4287 comm="syz.3.1316" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9b6b8eec9 code=0x0 [ 157.487860][ T9] usb 5-1: new low-speed USB device number 28 using dummy_hcd [ 157.639403][ T9] usb 5-1: unable to get BOS descriptor or descriptor too short [ 157.648074][ T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 is Bulk; changing to Interrupt [ 157.658096][ T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 157.670153][ T9] usb 5-1: string descriptor 0 read error: -22 [ 157.676486][ T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 157.685710][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.694937][ T4270] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 157.702846][ T4270] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 157.915342][ T4270] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 158.038795][ T9] usb 5-1: USB disconnect, device number 28 [ 158.104885][ T4295] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=37892 sclass=netlink_xfrm_socket pid=4295 comm=syz.4.1317 [ 158.247416][ T4305] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 158.248985][ T4305] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 158.256015][ T4305] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:802 [ 158.280850][ T4310] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 158.290926][ T4310] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 158.310084][ T4312] /dev/rnullb0: Can't open blockdev [ 158.336550][ T4314] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 158.343542][ T4314] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 2 [ 158.397448][ T4316] input: syz1 as /devices/virtual/input/input20 [ 158.512542][ T4320] rust_binder: Write failure EFAULT in pid:814 [ 158.961277][ T4331] binder: Binderfs stats mode cannot be changed during a remount [ 159.457834][ T439] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 159.601918][ T4356] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 159.602406][ T4356] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 159.609079][ T4356] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:708 [ 159.609094][ T439] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 159.609125][ T439] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 159.651315][ T439] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 159.660761][ T439] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.669884][ T439] usb 5-1: config 0 descriptor?? [ 159.672583][ T4358] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 159.730001][ T4359] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:710 [ 159.762930][ T4366] netlink: 'syz.2.1343': attribute type 16 has an invalid length. [ 159.785132][ T4366] netlink: 'syz.2.1343': attribute type 16 has an invalid length. [ 159.793564][ T4367] netlink: 'syz.2.1343': attribute type 16 has an invalid length. [ 160.078588][ T439] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0 [ 160.086066][ T439] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0 [ 160.093572][ T439] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0 [ 160.100944][ T439] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0 [ 160.108497][ T439] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0 [ 160.116455][ T439] kovaplus 0003:1E7D:2D50.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.4-1/input0 [ 160.156448][ T4382] rust_binder: Write failure EFAULT in pid:853 [ 160.171188][ T4382] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 160.177916][ T4382] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false [ 160.185818][ T4382] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1346'. [ 160.219807][ T4384] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 2 [ 160.227522][ T4384] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 0 [ 160.446195][ T36] audit: type=1400 audit(1759348040.910:489): avc: denied { module_load } for pid=4399 comm="syz.3.1353" path="/392/file0" dev="tmpfs" ino=2128 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1 [ 160.446246][ T4400] Invalid ELF header len 1 [ 160.614393][ T4411] input: syz0 as /devices/virtual/input/input21 [ 160.650443][ T36] audit: type=1326 audit(1759348041.120:490): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4412 comm="syz.3.1357" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9b6b8eec9 code=0x0 [ 160.816812][ T4419] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 160.816978][ T4419] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 160.823628][ T4419] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:724 [ 160.994824][ T4424] overlayfs: failed to resolve './file1': -2 [ 161.024409][ T4426] netlink: 'syz.0.1362': attribute type 4 has an invalid length. [ 161.032353][ T4426] netlink: 'syz.0.1362': attribute type 5 has an invalid length. [ 161.040258][ T4426] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.1362'. [ 161.050520][ T4426] __vm_enough_memory: pid: 4426, comm: syz.0.1362, bytes: 18014402804453376 not enough memory for the allocation [ 161.129491][ T4429] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:732 [ 162.231536][ T439] kovaplus 0003:1E7D:2D50.0009: couldn't init struct kovaplus_device [ 162.251939][ T439] kovaplus 0003:1E7D:2D50.0009: couldn't install mouse [ 162.261276][ T439] kovaplus 0003:1E7D:2D50.0009: probe with driver kovaplus failed with error -71 [ 162.272290][ T439] usb 5-1: USB disconnect, device number 29 [ 162.726267][ T4439] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 162.726381][ T4439] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 162.745188][ T4441] binder: Bad value for 'max' [ 162.780518][ T4446] input: syz0 as /devices/virtual/input/input23 [ 162.843474][ T4446] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 3 [ 162.867447][ T4453] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:750 [ 163.344184][ T4457] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 163.401818][ T4459] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 163.408514][ T4459] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:864 [ 164.145182][ T4489] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:370 [ 164.237888][ T36] audit: type=1326 audit(1759348044.700:491): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4492 comm="syz.3.1387" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9b6b8eec9 code=0x0 [ 164.572369][ T4505] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1391'. [ 164.583648][ T1721] Bluetooth: hci0: Frame reassembly failed (-84) [ 164.893130][ T4510] rust_binder: Write failure EINVAL in pid:374 [ 165.148250][ T46] usb 5-1: new full-speed USB device number 30 using dummy_hcd [ 165.309532][ T46] usb 5-1: unable to get BOS descriptor or descriptor too short [ 165.317984][ T46] usb 5-1: not running at top speed; connect to a high speed hub [ 165.326583][ T46] usb 5-1: config 4 has an invalid interface number: 56 but max is 0 [ 165.334831][ T46] usb 5-1: config 4 has no interface number 0 [ 165.340985][ T46] usb 5-1: config 4 interface 56 has no altsetting 0 [ 165.349300][ T46] usb 5-1: New USB device found, idVendor=17cc, idProduct=1000, bcdDevice=61.74 [ 165.358425][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.366530][ T46] usb 5-1: Product: syz [ 165.370995][ T46] usb 5-1: Manufacturer: syz [ 165.375644][ T46] usb 5-1: SerialNumber: syz [ 165.582618][ T4512] rust_binder: Error while translating object. [ 165.582680][ T4512] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 165.588980][ T4512] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:376 [ 165.600957][ T46] snd-usb-audio 5-1:4.56: probe with driver snd-usb-audio failed with error -71 [ 165.620717][ T46] usb 5-1: USB disconnect, device number 30 [ 166.587843][ T1097] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 166.587866][ T54] Bluetooth: hci0: command 0x1003 tx timeout [ 166.793230][ T36] audit: type=1400 audit(1759348047.260:492): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 166.803878][ T4523] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1398'. [ 166.824558][ T4523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1398'. [ 166.833993][ T4523] bridge_slave_1: left allmulticast mode [ 166.839823][ T4523] bridge_slave_1: left promiscuous mode [ 166.845615][ T4523] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.853360][ T4523] bridge_slave_0: left allmulticast mode [ 166.859299][ T4523] bridge_slave_0: left promiscuous mode [ 166.864981][ T4523] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.876857][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 166.883433][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 167.013688][ T4526] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 167.207087][ T4537] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:384 [ 167.791721][ T36] audit: type=1326 audit(1759348048.260:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4540 comm="syz.3.1405" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff9b6b8eec9 code=0x0 [ 168.063708][ T4548] fuse: Unknown parameter '0x00000000000000040x0000000000000004' [ 168.907869][ T1097] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 168.907946][ T54] Bluetooth: hci0: command 0x1003 tx timeout [ 168.917034][ T4559] rust_binder: Write failure EFAULT in pid:395 [ 169.436920][ T36] audit: type=1400 audit(1759348049.900:494): avc: denied { create } for pid=4560 comm="syz.0.1411" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 169.491341][ T36] audit: type=1326 audit(1759348049.960:495): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4563 comm="syz.3.1412" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9b6b8eec9 code=0x0 [ 169.528292][ T4566] rust_binder: 768: no such ref 0 [ 169.533934][ T4566] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 169.540265][ T4566] rust_binder: 768: no such ref 2 [ 169.552049][ T4566] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:768 [ 169.674340][ T4572] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:771 [ 170.214492][ T4574] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 170.223981][ T4575] rust_binder: Failed to allocate buffer. len:4248, is_oneway:false [ 170.244290][ T36] audit: type=1400 audit(1759348050.710:496): avc: denied { write } for pid=4576 comm="syz.2.1416" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 170.275969][ T36] audit: type=1400 audit(1759348050.710:497): avc: denied { open } for pid=4576 comm="syz.2.1416" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 170.308430][ T4581] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:900 [ 170.319353][ T36] audit: type=1400 audit(1759348050.790:498): avc: denied { read } for pid=4582 comm="syz.2.1419" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 170.414480][ T4588] binder: Bad value for 'stats' [ 171.073404][ T4596] 9pnet_fd: Insufficient options for proto=fd [ 171.080396][ T36] audit: type=1400 audit(1759348051.550:499): avc: denied { ioctl } for pid=4595 comm="syz.0.1423" path="socket:[26421]" dev="sockfs" ino=26421 ioctlcmd=0x9416 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 171.116607][ T4598] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1424'. [ 171.969407][ T4612] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:794 [ 172.157818][ T575] usb 5-1: new low-speed USB device number 31 using dummy_hcd [ 172.297940][ T575] usb 5-1: device descriptor read/64, error -71 [ 172.537831][ T575] usb 5-1: device descriptor read/64, error -71 [ 172.770631][ T4619] rust_binder: Write failure EFAULT in pid:799 [ 172.782600][ T36] audit: type=1400 audit(1759348053.250:500): avc: denied { map } for pid=4620 comm="syz.0.1434" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 172.787950][ T575] usb 5-1: new low-speed USB device number 32 using dummy_hcd [ 172.947887][ T575] usb 5-1: device descriptor read/64, error -71 [ 173.187905][ T575] usb 5-1: device descriptor read/64, error -71 [ 173.297948][ T575] usb usb5-port1: attempt power cycle [ 173.453443][ T4628] SELinux: security_context_str_to_sid (sytem_uÝGй ‰:ÿß) failed with errno=-22 [ 173.637855][ T575] usb 5-1: new low-speed USB device number 33 using dummy_hcd [ 173.659025][ T575] usb 5-1: device descriptor read/8, error -71 [ 173.788956][ T575] usb 5-1: device descriptor read/8, error -71 [ 174.028592][ T575] usb 5-1: new low-speed USB device number 34 using dummy_hcd [ 174.049129][ T575] usb 5-1: device descriptor read/8, error -71 [ 174.178863][ T575] usb 5-1: device descriptor read/8, error -71 [ 174.287957][ T575] usb usb5-port1: unable to enumerate USB device [ 175.030438][ T4637] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:402 [ 175.603222][ T4646] netlink: 5308 bytes leftover after parsing attributes in process `syz.3.1444'. [ 175.699715][ T4652] netlink: 'syz.3.1447': attribute type 46 has an invalid length. [ 175.871821][ T4662] netlink: 182 bytes leftover after parsing attributes in process `syz.4.1450'. [ 175.876950][ T4664] binder: Bad value for 'stats' [ 175.881804][ T4662] rust_binder: Error while translating object. [ 175.885877][ T4662] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 175.892495][ T4662] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:412 [ 175.909363][ T36] audit: type=1326 audit(1759348056.359:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4665 comm="syz.0.1452" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8b5018eec9 code=0x0 [ 175.942334][ T36] audit: type=1400 audit(1759348056.378:502): avc: denied { sys_module } for pid=4667 comm="syz.4.1453" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 176.006999][ T4677] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1457'. [ 176.022824][ T4679] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:807 [ 176.023109][ T4679] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 176.032402][ T4679] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:807 [ 176.071213][ T4684] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:420 [ 176.459285][ T4709] usb usb8: usbfs: process 4709 (syz.0.1466) did not claim interface 0 before use [ 176.479271][ T4709] rust_binder: Read failure Err(EFAULT) in pid:837 [ 176.491319][ T4712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.506447][ T4712] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.685022][ T4728] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 176.737711][ T4728] rust_binder: Failed to allocate buffer. len:1168, is_oneway:false [ 177.209780][ T575] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 177.379473][ T575] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.387133][ T4763] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1485'. [ 177.390682][ T575] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 177.409904][ T575] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 177.415867][ T4765] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1486'. [ 177.423213][ T575] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 177.441157][ T575] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.451757][ T575] usb 5-1: config 0 descriptor?? [ 177.628933][ T4778] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 177.629174][ T4778] rust_binder: Failed to allocate buffer. len:4240, is_oneway:false [ 177.664354][ T36] audit: type=1326 audit(1759348058.066:503): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4750 comm="syz.4.1479" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd8b198eec9 code=0x0 [ 177.924057][ T575] plantronics 0003:047F:FFFF.000A: unknown main item tag 0xd [ 177.933810][ T575] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 177.943063][ T575] plantronics 0003:047F:FFFF.000A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 178.026015][ T4788] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1494'. [ 178.035322][ T4788] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1494'. [ 178.187120][ T4785] rust_binder: Write failure EFAULT in pid:435 [ 179.388374][ T440] usb 5-1: reset high-speed USB device number 35 using dummy_hcd [ 179.691425][ T4813] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1503'. [ 179.700802][ T4813] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1503'. [ 179.777280][ T4816] overlayfs: conflicting options: metacopy=off,verity=require [ 179.965289][ T36] audit: type=1400 audit(1759348060.306:504): avc: denied { map } for pid=4818 comm="syz.0.1505" path="socket:[28161]" dev="sockfs" ino=28161 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 180.042446][ T4820] rust_binder: 4819 RLIMIT_NICE not set [ 180.042650][ T4819] rust_binder: 854: no such ref 1 [ 180.057730][ T4819] rust_binder: Error while translating object. [ 180.057787][ T4819] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 180.081350][ T4819] rust_binder: Failure BR_FAILED_REPLY { source: EPERM } during reply - delivering BR_FAILED_REPLY to sender. [ 180.092243][ T4819] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:854 [ 180.142198][ T4827] tipc: Trying to set illegal importance in message [ 180.147313][ T4830] rust_binder: Error while translating object. [ 180.157089][ T4830] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 180.166365][ T4829] rust_binder: Error while translating object. [ 180.167572][ T4830] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:443 [ 180.176089][ T4829] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 180.191310][ T4829] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:443 [ 180.246234][ T9] rust_binder: 4826: removing orphan mapping 0:24 [ 180.268877][ T4840] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1512'. [ 180.272654][ T4839] netlink: 'syz.0.1511': attribute type 13 has an invalid length. [ 180.289316][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 180.693686][ T36] audit: type=1400 audit(1759348061.018:505): avc: denied { watch } for pid=4841 comm="syz.3.1513" path="/437/file0" dev="tmpfs" ino=2365 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 180.727650][ T36] audit: type=1326 audit(1759348061.047:506): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4846 comm="syz.3.1514" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9b6b8eec9 code=0x0 [ 180.783740][ T4850] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 180.790705][ T4850] rust_binder: Failed to allocate buffer. len:4248, is_oneway:false [ 180.804136][ T36] audit: type=1400 audit(1759348061.126:507): avc: denied { execute } for pid=4852 comm="syz.2.1516" path="/dev/rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 180.864556][ T46] usb 5-1: USB disconnect, device number 35 [ 181.676117][ T4857] fuseblk: Bad value for 'fd' [ 181.807387][ T4874] rust_binder: Write failure EFAULT in pid:959 [ 181.830961][ T4876] syzkaller0: entered promiscuous mode [ 181.843004][ T4876] syzkaller0: entered allmulticast mode [ 181.924863][ T4878] rust_binder: Read failure Err(EFAULT) in pid:963 [ 181.937003][ T4880] rust_binder: Write failure EFAULT in pid:965 [ 182.070090][ T4893] rust_binder: Write failure EFAULT in pid:978 [ 182.102964][ T36] audit: type=1400 audit(1759348062.397:508): avc: denied { map } for pid=4897 comm="syz.2.1533" path="mnt:[4026532384]" dev="nsfs" ino=4026532384 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 182.133479][ T36] audit: type=1400 audit(1759348062.397:509): avc: denied { execute } for pid=4897 comm="syz.2.1533" path="mnt:[4026532384]" dev="nsfs" ino=4026532384 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 182.367216][ T54] Bluetooth: hci0: command 0x1003 tx timeout [ 182.367256][ T1097] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 182.632854][ T9] usb 5-1: new low-speed USB device number 36 using dummy_hcd [ 182.788146][ T9] usb 5-1: config 9 has an invalid interface number: 51 but max is 0 [ 182.796369][ T9] usb 5-1: config 9 has no interface number 0 [ 182.804563][ T9] usb 5-1: string descriptor 0 read error: -22 [ 182.810884][ T9] usb 5-1: New USB device found, idVendor=07a6, idProduct=07c2, bcdDevice=37.12 [ 182.820051][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.038416][ T9] usb 5-1: USB disconnect, device number 36 [ 183.573367][ T4923] /dev/rnullb0: Can't open blockdev [ 184.079676][ T4935] rust_binder: Error while translating object. [ 184.079712][ T4935] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 184.086195][ T4935] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:881 [ 185.273594][ T4952] /dev/rnullb0: Can't open blockdev [ 185.540436][ T36] audit: type=1400 audit(1759348065.771:510): avc: denied { accept } for pid=4966 comm="syz.4.1556" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 185.589955][ T4969] 9pnet_fd: Insufficient options for proto=fd [ 186.290179][ T36] audit: type=1400 audit(1759348066.498:511): avc: denied { create } for pid=5002 comm="syz.3.1564" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 187.516532][ T5076] fuse: Bad value for 'fd' [ 187.553715][ T5076] __nla_validate_parse: 1 callbacks suppressed [ 187.553745][ T5076] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1582'. [ 187.724894][ T5078] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5078 comm=syz.0.1582 [ 187.927867][ T4986] syz.4.1560 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 187.945096][ T4986] CPU: 1 UID: 0 PID: 4986 Comm: syz.4.1560 Not tainted syzkaller #0 67868b434517ba700884c753facc80d4f03a3ea5 [ 187.945139][ T4986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 187.945155][ T4986] Call Trace: [ 187.945163][ T4986] [ 187.945172][ T4986] __dump_stack+0x21/0x30 [ 187.945209][ T4986] dump_stack_lvl+0x10c/0x190 [ 187.945239][ T4986] ? __cfi_dump_stack_lvl+0x10/0x10 [ 187.945268][ T4986] ? ___ratelimit+0x3f7/0x5a0 [ 187.945297][ T4986] dump_stack+0x19/0x20 [ 187.945325][ T4986] dump_header+0xd7/0x490 [ 187.945348][ T4986] ? __cfi_mem_cgroup_get_max+0x10/0x10 [ 187.945378][ T4986] oom_kill_process+0x35d/0x640 [ 187.945407][ T4986] ? sched_clock_cpu+0x75/0x400 [ 187.945441][ T4986] out_of_memory+0x659/0xa80 [ 187.945468][ T4986] ? __cfi_out_of_memory+0x10/0x10 [ 187.945496][ T4986] ? mutex_lock_killable+0x92/0x1c0 [ 187.945528][ T4986] ? __cfi_mutex_lock_killable+0x10/0x10 [ 187.945572][ T4986] mem_cgroup_out_of_memory+0x279/0x350 [ 187.945594][ T4986] ? drain_obj_stock+0xed0/0xed0 [ 187.945618][ T4986] ? memcg1_oom_prepare+0x2c6/0x3a0 [ 187.945640][ T4986] try_charge_memcg+0x8f7/0xde0 [ 187.945676][ T4986] ? __cfi_try_charge_memcg+0x10/0x10 [ 187.945706][ T4986] ? __alloc_pages_noprof+0x31f/0x7b0 [ 187.945739][ T4986] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 187.945769][ T4986] ? __folio_batch_add_and_move+0x2ab/0x370 [ 187.945796][ T4986] __mem_cgroup_charge+0xf6/0x410 [ 187.945825][ T4986] ? _raw_spin_lock+0x8c/0x120 [ 187.945865][ T4986] ? __cfi___mem_cgroup_charge+0x10/0x10 [ 187.945914][ T4986] shmem_alloc_and_add_folio+0x86d/0x1050 [ 187.945945][ T4986] ? put_swap_device+0x130/0x130 [ 187.945970][ T4986] ? shmem_huge_global_enabled+0x2da/0x360 [ 187.945995][ T4986] ? shmem_allowable_huge_orders+0x1f7/0x430 [ 187.946019][ T4986] ? __kasan_check_write+0x18/0x20 [ 187.946052][ T4986] ? _raw_spin_lock+0x8c/0x120 [ 187.946078][ T4986] shmem_get_folio_gfp+0x5f0/0x1380 [ 187.946105][ T4986] ? shmem_get_folio+0xc0/0xc0 [ 187.946134][ T4986] ? follow_page_pte+0xa5c/0xb90 [ 187.946164][ T4986] ? inode_to_bdi+0x6d/0x100 [ 187.946196][ T4986] shmem_write_begin+0xf4/0x270 [ 187.946223][ T4986] generic_perform_write+0x32d/0x960 [ 187.946256][ T4986] ? __cfi_generic_perform_write+0x10/0x10 [ 187.946286][ T4986] ? down_write+0xe9/0x2a0 [ 187.946306][ T4986] ? file_update_time+0xa3/0x220 [ 187.946337][ T4986] shmem_file_write_iter+0x105/0x130 [ 187.946367][ T4986] ? __cfi_shmem_file_write_iter+0x10/0x10 [ 187.946398][ T4986] __kernel_write_iter+0x41d/0x8e0 [ 187.946418][ T4986] ? __cfi_shmem_file_write_iter+0x10/0x10 [ 187.946460][ T4986] ? __cfi___kernel_write_iter+0x10/0x10 [ 187.946481][ T4986] ? get_dump_page+0x160/0x220 [ 187.946509][ T4986] ? __asan_memset+0x39/0x50 [ 187.946549][ T4986] ? iov_iter_bvec+0xc0/0x180 [ 187.946579][ T4986] dump_user_range+0xb06/0xdf0 [ 187.946602][ T4986] ? __cfi_dump_emit+0x10/0x10 [ 187.946636][ T4986] ? __cfi_dump_user_range+0x10/0x10 [ 187.946659][ T4986] ? elf_coredump_extra_notes_write+0x42f/0x4c0 [ 187.946696][ T4986] ? __cfi_elf_coredump_extra_notes_write+0x10/0x10 [ 187.946733][ T4986] elf_core_dump+0x2ccc/0x3800 [ 187.946764][ T4986] ? __cfi_elf_core_dump+0x10/0x10 [ 187.946797][ T4986] ? dump_interrupted+0xf0/0xf0 [ 187.946830][ T4986] ? filp_open+0x182/0x1d0 [ 187.946876][ T4986] ? 0xffffffffff600000 [ 187.946894][ T4986] ? freezing_slow_path+0x12b/0x170 [ 187.946925][ T4986] do_coredump+0x1bf7/0x2bd0 [ 187.946961][ T4986] ? __cfi_do_coredump+0x10/0x10 [ 187.946993][ T4986] ? asm_exc_general_protection+0x2b/0x30 [ 187.947037][ T4986] ? __kasan_slab_free+0x6a/0x80 [ 187.947065][ T4986] ? kmem_cache_free+0x1c1/0x510 [ 187.947087][ T4986] ? get_signal+0xa75/0x14f0 [ 187.947117][ T4986] get_signal+0x11fd/0x14f0 [ 187.947149][ T4986] arch_do_signal_or_restart+0x96/0x720 [ 187.947183][ T4986] ? __cfi_arch_do_signal_or_restart+0x10/0x10 [ 187.947219][ T4986] ? fixup_iopl_exception+0xdd/0x2e0 [ 187.947258][ T4986] irqentry_exit_to_user_mode+0x4e/0xb0 [ 187.947281][ T4986] irqentry_exit+0x16/0x60 [ 187.947302][ T4986] exc_general_protection+0x15a/0x1f0 [ 187.947334][ T4986] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 187.947364][ T4986] asm_exc_general_protection+0x2b/0x30 [ 187.947398][ T4986] RIP: 0033:0x7fd8b198eed1 [ 187.947419][ T4986] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 187.947439][ T4986] RSP: 002b:0000200000000580 EFLAGS: 00010217 [ 187.947459][ T4986] RAX: 0000000000000000 RBX: 00007fd8b1be6090 RCX: 00007fd8b198eec9 [ 187.947475][ T4986] RDX: 00002000000005c0 RSI: 0000200000000580 RDI: 0000000000020000 [ 187.947489][ T4986] RBP: 00007fd8b1a11f91 R08: 0000200000000640 R09: 0000200000000640 [ 187.947505][ T4986] R10: 0000200000000600 R11: 0000000000000206 R12: 0000000000000000 [ 187.947520][ T4986] R13: 00007fd8b1be6128 R14: 00007fd8b1be6090 R15: 00007ffe0a93a0b8 [ 187.947551][ T4986] [ 187.963225][ T5093] fuseblk: Unknown parameter '' [ 187.969941][ T4986] memory: usage 307200kB, limit 307200kB, failcnt 17775 [ 188.342169][ T36] audit: type=1326 audit(1759348068.517:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5075 comm="syz.0.1582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b5018eec9 code=0x7fc00000 [ 188.345837][ T4986] memory+swap: usage 432116kB, limit 9007199254740988kB, failcnt 0 [ 188.351556][ T36] audit: type=1326 audit(1759348068.517:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5075 comm="syz.0.1582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f8b5018eec9 code=0x7fc00000 [ 188.357198][ T4986] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 188.370573][ T36] audit: type=1326 audit(1759348068.517:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5075 comm="syz.0.1582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b5018eec9 code=0x7fc00000 [ 188.387049][ T4986] Memory cgroup stats for [ 188.394808][ T36] audit: type=1326 audit(1759348068.517:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5075 comm="syz.0.1582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b5018eec9 code=0x7fc00000 [ 188.404877][ T4986] /syz4 [ 188.416024][ T36] audit: type=1326 audit(1759348068.517:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5075 comm="syz.0.1582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b5018eec9 code=0x7fc00000 [ 188.423368][ T4986] : [ 188.426508][ T36] audit: type=1326 audit(1759348068.517:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5075 comm="syz.0.1582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b5018eec9 code=0x7fc00000 [ 188.435273][ T4986] cache 314396672 [ 188.444272][ T36] audit: type=1326 audit(1759348068.517:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5075 comm="syz.0.1582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b5018eec9 code=0x7fc00000 [ 188.451142][ T4986] rss 126976 [ 188.476468][ T36] audit: type=1326 audit(1759348068.517:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5075 comm="syz.0.1582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b5018eec9 code=0x7fc00000 [ 188.487373][ T4986] rss_huge 0 [ 188.527273][ T5132] SELinux: security_context_str_to_sid () failed with errno=-22 [ 188.534843][ T4986] shmem 314396672 [ 188.561861][ T5136] rust_binder: Write failure EINVAL in pid:1000 [ 188.562692][ T4986] mapped_file 0 [ 188.652148][ T5138] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 188.669453][ T4986] dirty 0 [ 188.705015][ T4986] writeback 0 [ 188.708711][ T4986] workingset_refault_anon 16 [ 188.713440][ T4986] workingset_refault_file 0 [ 188.718807][ T4986] swap 127913984 [ 188.722401][ T4986] swapcached 77824 [ 188.726132][ T4986] pgpgin 167341 [ 188.729734][ T4986] pgpgout 90541 [ 188.733424][ T4986] pgfault 48205 [ 188.737582][ T4986] pgmajfault 5 [ 188.741071][ T4986] inactive_anon 128151552 [ 188.745423][ T4986] active_anon 186421248 [ 188.749728][ T4986] inactive_file 0 [ 188.753405][ T4986] active_file 0 [ 188.756915][ T4986] unevictable 0 [ 188.760482][ T4986] hierarchical_memory_limit 314572800 [ 188.765918][ T4986] hierarchical_memsw_limit 9223372036854771712 [ 188.772743][ T4986] total_cache 314396672 [ 188.777018][ T4986] total_rss 126976 [ 188.780946][ T4986] total_rss_huge 0 [ 188.784808][ T4986] total_shmem 314396672 [ 188.789583][ T4986] total_mapped_file 0 [ 188.793887][ T4986] total_dirty 0 [ 188.798401][ T4986] total_writeback 0 [ 188.802267][ T4986] total_workingset_refault_anon 16 [ 188.809122][ T4986] total_workingset_refault_file 0 [ 188.815337][ T4986] total_swap 127913984 [ 188.819692][ T4986] total_swapcached 77824 [ 188.826034][ T4986] total_pgpgin 167341 [ 188.831084][ T4986] total_pgpgout 90541 [ 188.835425][ T4986] total_pgfault 48205 [ 188.839714][ T4986] total_pgmajfault 5 [ 188.845428][ T4986] total_inactive_anon 128151552 [ 188.851444][ T4986] total_active_anon 186421248 [ 188.856407][ T4986] total_inactive_file 0 [ 188.860833][ T4986] total_active_file 0 [ 188.864968][ T4986] total_unevictable 0 [ 188.869166][ T4986] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.1543,pid=4928,uid=0 [ 188.884230][ T4986] Memory cgroup out of memory: Killed process 4928 (syz.4.1543) total-vm:93996kB, anon-rss:1160kB, file-rss:20736kB, shmem-rss:0kB, UID:0 pgtables:100kB oom_score_adj:1000 [ 188.886540][ T5150] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 136, limit: 224, size: 226) [ 188.908724][ T4979] syz.4.1560 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 188.931595][ T5150] rust_binder: Error while translating object. [ 188.931649][ T5150] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 188.933295][ T4979] CPU: 1 UID: 0 PID: 4979 Comm: syz.4.1560 Not tainted syzkaller #0 67868b434517ba700884c753facc80d4f03a3ea5 [ 188.933345][ T4979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 188.933365][ T4979] Call Trace: [ 188.933374][ T4979] [ 188.933385][ T4979] __dump_stack+0x21/0x30 [ 188.933430][ T4979] dump_stack_lvl+0x10c/0x190 [ 188.933464][ T4979] ? __cfi_dump_stack_lvl+0x10/0x10 [ 188.933498][ T4979] ? ___ratelimit+0x3f7/0x5a0 [ 188.933535][ T4979] dump_stack+0x19/0x20 [ 188.933566][ T4979] dump_header+0xd7/0x490 [ 188.933593][ T4979] ? __cfi_mem_cgroup_get_max+0x10/0x10 [ 188.933627][ T4979] oom_kill_process+0x35d/0x640 [ 188.933660][ T4979] ? sched_clock_cpu+0x75/0x400 [ 188.933694][ T4979] out_of_memory+0x659/0xa80 [ 188.933725][ T4979] ? __cfi_out_of_memory+0x10/0x10 [ 188.933756][ T4979] mem_cgroup_out_of_memory+0x279/0x350 [ 188.933782][ T4979] ? drain_obj_stock+0xed0/0xed0 [ 188.933808][ T4979] ? memcg1_oom_prepare+0x2c6/0x3a0 [ 188.933831][ T4979] try_charge_memcg+0x8f7/0xde0 [ 188.933865][ T4979] ? __cfi_try_charge_memcg+0x10/0x10 [ 188.933899][ T4979] ? __alloc_pages_noprof+0x31f/0x7b0 [ 188.933936][ T4979] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 188.933968][ T4979] ? __folio_batch_add_and_move+0x2ab/0x370 [ 188.934000][ T4979] __mem_cgroup_charge+0xf6/0x410 [ 188.934045][ T4979] ? _raw_spin_lock+0x8c/0x120 [ 188.934076][ T4979] ? __cfi___mem_cgroup_charge+0x10/0x10 [ 188.934114][ T4979] shmem_alloc_and_add_folio+0x86d/0x1050 [ 188.934148][ T4979] ? put_swap_device+0x130/0x130 [ 188.934176][ T4979] ? shmem_huge_global_enabled+0x2da/0x360 [ 188.934207][ T4979] ? shmem_allowable_huge_orders+0x1f7/0x430 [ 188.934235][ T4979] ? __kasan_check_write+0x18/0x20 [ 188.934271][ T4979] ? _raw_spin_lock+0x8c/0x120 [ 188.934300][ T4979] shmem_get_folio_gfp+0x5f0/0x1380 [ 188.934329][ T4979] ? shmem_get_folio+0xc0/0xc0 [ 188.934355][ T4979] ? follow_page_pte+0xa5c/0xb90 [ 188.934389][ T4979] ? inode_to_bdi+0x6d/0x100 [ 188.934424][ T4979] shmem_write_begin+0xf4/0x270 [ 188.934455][ T4979] generic_perform_write+0x32d/0x960 [ 188.934494][ T4979] ? __cfi_generic_perform_write+0x10/0x10 [ 188.934529][ T4979] ? down_write+0xe9/0x2a0 [ 188.934554][ T4979] ? file_update_time+0xa3/0x220 [ 188.934589][ T4979] shmem_file_write_iter+0x105/0x130 [ 188.934621][ T4979] ? __cfi_shmem_file_write_iter+0x10/0x10 [ 188.934655][ T4979] __kernel_write_iter+0x41d/0x8e0 [ 188.934681][ T4979] ? __cfi_shmem_file_write_iter+0x10/0x10 [ 188.934718][ T4979] ? __cfi___kernel_write_iter+0x10/0x10 [ 188.934742][ T4979] ? get_dump_page+0x160/0x220 [ 188.934774][ T4979] ? __asan_memset+0x39/0x50 [ 188.934810][ T4979] ? iov_iter_bvec+0xc0/0x180 [ 188.934841][ T4979] dump_user_range+0xb06/0xdf0 [ 188.934880][ T4979] ? __cfi_dump_emit+0x10/0x10 [ 188.934919][ T4979] ? __cfi_dump_user_range+0x10/0x10 [ 188.934942][ T4979] ? elf_coredump_extra_notes_write+0x42f/0x4c0 [ 188.934999][ T4979] ? __cfi_elf_coredump_extra_notes_write+0x10/0x10 [ 188.935045][ T4979] elf_core_dump+0x2ccc/0x3800 [ 188.935079][ T4979] ? __cfi_elf_core_dump+0x10/0x10 [ 188.935117][ T4979] ? dump_interrupted+0xf0/0xf0 [ 188.935153][ T4979] ? filp_open+0x182/0x1d0 [ 188.935184][ T4979] ? 0xffffffffff600000 [ 188.935203][ T4979] ? freezing_slow_path+0x12b/0x170 [ 188.935241][ T4979] do_coredump+0x1bf7/0x2bd0 [ 188.935281][ T4979] ? __cfi_do_coredump+0x10/0x10 [ 188.935317][ T4979] ? asm_exc_general_protection+0x2b/0x30 [ 188.935364][ T4979] ? __kasan_slab_free+0x6a/0x80 [ 188.935391][ T4979] ? kmem_cache_free+0x1c1/0x510 [ 188.935416][ T4979] ? get_signal+0xa75/0x14f0 [ 188.935449][ T4979] get_signal+0x11fd/0x14f0 [ 188.935484][ T4979] arch_do_signal_or_restart+0x96/0x720 [ 188.935524][ T4979] ? __cfi_arch_do_signal_or_restart+0x10/0x10 [ 188.935562][ T4979] ? fixup_iopl_exception+0xdd/0x2e0 [ 188.935601][ T4979] irqentry_exit_to_user_mode+0x4e/0xb0 [ 188.935627][ T4979] irqentry_exit+0x16/0x60 [ 188.935649][ T4979] exc_general_protection+0x15a/0x1f0 [ 188.935683][ T4979] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 188.935716][ T4979] asm_exc_general_protection+0x2b/0x30 [ 188.935752][ T4979] RIP: 0033:0x7fd8b198eed1 [ 188.935776][ T4979] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 188.935797][ T4979] RSP: 002b:0000200000000580 EFLAGS: 00010217 [ 188.935823][ T4979] RAX: 0000000000000000 RBX: 00007fd8b1be6090 RCX: 00007fd8b198eec9 [ 188.935841][ T4979] RDX: 00002000000005c0 RSI: 0000200000000580 RDI: 0000000000020000 [ 188.935860][ T4979] RBP: 00007fd8b1a11f91 R08: 0000200000000640 R09: 0000200000000640 [ 188.935879][ T4979] R10: 0000200000000600 R11: 0000000000000206 R12: 0000000000000000 [ 188.935894][ T4979] R13: 00007fd8b1be6128 R14: 00007fd8b1be6090 R15: 00007ffe0a93a0b8 [ 188.935917][ T4979] [ 188.935928][ T4979] memory: usage 307200kB, limit 307200kB, failcnt 17913 [ 188.938524][ T5150] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1009 [ 188.953234][ T4979] memory+swap: usage 431944kB, limit 9007199254740988kB, failcnt 0 [ 189.445212][ T4979] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 189.452469][ T4979] Memory cgroup stats for /syz4: [ 189.452608][ T4979] cache 314396672 [ 189.461329][ T4979] rss 126976 [ 189.464629][ T4979] rss_huge 0 [ 189.467984][ T4979] shmem 314396672 [ 189.471650][ T4979] mapped_file 0 [ 189.475139][ T4979] dirty 0 [ 189.478383][ T4979] writeback 0 [ 189.478803][ T5158] EXT4-fs: dax option not supported [ 189.481685][ T4979] workingset_refault_anon 16 [ 189.481696][ T4979] workingset_refault_file 0 [ 189.481705][ T4979] swap 127737856 [ 189.481713][ T4979] swapcached 77824 [ 189.481722][ T4979] pgpgin 167341 [ 189.488521][ T5158] __vm_enough_memory: pid: 5158, comm: syz.2.1609, bytes: 18014402804453376 not enough memory for the allocation [ 189.492066][ T4979] pgpgout 90541 [ 189.518794][ T5160] rust_binder: 1018: no such ref 1 [ 189.519287][ T4979] pgfault 48212 [ 189.522825][ T5160] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1018 [ 189.527833][ T4979] pgmajfault 5 [ 189.527846][ T4979] inactive_anon 128151552 [ 189.527855][ T4979] active_anon 186421248 [ 189.527864][ T4979] inactive_file 0 [ 189.556828][ T4979] active_file 0 [ 189.560624][ T4979] unevictable 0 [ 189.564111][ T4979] hierarchical_memory_limit 314572800 [ 189.569745][ T4979] hierarchical_memsw_limit 9223372036854771712 [ 189.575932][ T4979] total_cache 314396672 [ 189.580292][ T4979] total_rss 126976 [ 189.584183][ T4979] total_rss_huge 0 [ 189.588322][ T4979] total_shmem 314396672 [ 189.592569][ T4979] total_mapped_file 0 [ 189.596570][ T4979] total_dirty 0 [ 189.600088][ T4979] total_writeback 0 [ 189.603929][ T4979] total_workingset_refault_anon 16 [ 189.609286][ T4979] total_workingset_refault_file 0 [ 189.614329][ T4979] total_swap 127737856 [ 189.618544][ T4979] total_swapcached 77824 [ 189.622849][ T4979] total_pgpgin 167341 [ 189.626974][ T4979] total_pgpgout 90541 [ 189.631052][ T4979] total_pgfault 48212 [ 189.635229][ T4979] total_pgmajfault 5 [ 189.639161][ T4979] total_inactive_anon 128151552 [ 189.644089][ T4979] total_active_anon 186421248 [ 189.648823][ T4979] total_inactive_file 0 [ 189.653026][ T4979] total_active_file 0 [ 189.657024][ T4979] total_unevictable 0 [ 189.661046][ T4979] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.1281,pid=4199,uid=0 [ 189.676157][ T4979] Memory cgroup out of memory: Killed process 4199 (syz.4.1281) total-vm:90164kB, anon-rss:1140kB, file-rss:20736kB, shmem-rss:0kB, UID:0 pgtables:100kB oom_score_adj:1000 [ 189.709250][ T4986] syz.4.1560 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 189.719633][ T4986] CPU: 0 UID: 0 PID: 4986 Comm: syz.4.1560 Not tainted syzkaller #0 67868b434517ba700884c753facc80d4f03a3ea5 [ 189.719670][ T4986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 189.719682][ T4986] Call Trace: [ 189.719687][ T4986] [ 189.719694][ T4986] __dump_stack+0x21/0x30 [ 189.719725][ T4986] dump_stack_lvl+0x10c/0x190 [ 189.719746][ T4986] ? __cfi_dump_stack_lvl+0x10/0x10 [ 189.719768][ T4986] ? ___ratelimit+0x3f7/0x5a0 [ 189.719791][ T4986] dump_stack+0x19/0x20 [ 189.719812][ T4986] dump_header+0xd7/0x490 [ 189.719828][ T4986] ? __cfi_mem_cgroup_get_max+0x10/0x10 [ 189.719851][ T4986] oom_kill_process+0x35d/0x640 [ 189.719872][ T4986] ? sched_clock_cpu+0x75/0x400 [ 189.719902][ T4986] out_of_memory+0x659/0xa80 [ 189.719922][ T4986] ? __cfi_out_of_memory+0x10/0x10 [ 189.719941][ T4986] ? mutex_lock_killable+0x104/0x1c0 [ 189.719966][ T4986] ? __cfi_mutex_lock_killable+0x10/0x10 [ 189.719992][ T4986] mem_cgroup_out_of_memory+0x279/0x350 [ 189.720008][ T4986] ? drain_obj_stock+0xed0/0xed0 [ 189.720024][ T4986] ? memcg1_oom_prepare+0x2c6/0x3a0 [ 189.720040][ T4986] try_charge_memcg+0x8f7/0xde0 [ 189.720062][ T4986] ? __cfi_try_charge_memcg+0x10/0x10 [ 189.720084][ T4986] ? __alloc_pages_noprof+0x31f/0x7b0 [ 189.720108][ T4986] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 189.720129][ T4986] ? __folio_batch_add_and_move+0x2ab/0x370 [ 189.720158][ T4986] __mem_cgroup_charge+0xf6/0x410 [ 189.720181][ T4986] ? _raw_spin_lock+0x8c/0x120 [ 189.720200][ T4986] ? __cfi___mem_cgroup_charge+0x10/0x10 [ 189.720225][ T4986] shmem_alloc_and_add_folio+0x86d/0x1050 [ 189.720248][ T4986] ? put_swap_device+0x130/0x130 [ 189.720266][ T4986] ? shmem_huge_global_enabled+0x2da/0x360 [ 189.720284][ T4986] ? shmem_allowable_huge_orders+0x1f7/0x430 [ 189.720302][ T4986] ? __kasan_check_write+0x18/0x20 [ 189.720328][ T4986] ? _raw_spin_lock+0x8c/0x120 [ 189.720347][ T4986] shmem_get_folio_gfp+0x5f0/0x1380 [ 189.720367][ T4986] ? shmem_get_folio+0xc0/0xc0 [ 189.720383][ T4986] ? follow_page_pte+0xa5c/0xb90 [ 189.720405][ T4986] ? inode_to_bdi+0x6d/0x100 [ 189.720428][ T4986] shmem_write_begin+0xf4/0x270 [ 189.720447][ T4986] generic_perform_write+0x32d/0x960 [ 189.720474][ T4986] ? __cfi_generic_perform_write+0x10/0x10 [ 189.720497][ T4986] ? down_write+0xe9/0x2a0 [ 189.720512][ T4986] ? file_update_time+0xa3/0x220 [ 189.720534][ T4986] shmem_file_write_iter+0x105/0x130 [ 189.720555][ T4986] ? __cfi_shmem_file_write_iter+0x10/0x10 [ 189.720577][ T4986] __kernel_write_iter+0x41d/0x8e0 [ 189.720592][ T4986] ? __cfi_shmem_file_write_iter+0x10/0x10 [ 189.720615][ T4986] ? __cfi___kernel_write_iter+0x10/0x10 [ 189.720629][ T4986] ? get_dump_page+0x160/0x220 [ 189.720649][ T4986] ? __asan_memset+0x39/0x50 [ 189.720673][ T4986] ? iov_iter_bvec+0xc0/0x180 [ 189.720695][ T4986] dump_user_range+0xb06/0xdf0 [ 189.720719][ T4986] ? __cfi_dump_emit+0x10/0x10 [ 189.720750][ T4986] ? __cfi_dump_user_range+0x10/0x10 [ 189.720772][ T4986] ? elf_coredump_extra_notes_write+0x42f/0x4c0 [ 189.720797][ T4986] ? __cfi_elf_coredump_extra_notes_write+0x10/0x10 [ 189.720822][ T4986] elf_core_dump+0x2ccc/0x3800 [ 189.720844][ T4986] ? __cfi_elf_core_dump+0x10/0x10 [ 189.720869][ T4986] ? dump_interrupted+0xf0/0xf0 [ 189.720892][ T4986] ? filp_open+0x182/0x1d0 [ 189.720915][ T4986] ? 0xffffffffff600000 [ 189.720927][ T4986] ? freezing_slow_path+0x12b/0x170 [ 189.720951][ T4986] do_coredump+0x1bf7/0x2bd0 [ 189.720978][ T4986] ? __cfi_do_coredump+0x10/0x10 [ 189.721001][ T4986] ? asm_exc_general_protection+0x2b/0x30 [ 189.721034][ T4986] ? __kasan_slab_free+0x6a/0x80 [ 189.721052][ T4986] ? kmem_cache_free+0x1c1/0x510 [ 189.721068][ T4986] ? get_signal+0xa75/0x14f0 [ 189.721090][ T4986] get_signal+0x11fd/0x14f0 [ 189.721112][ T4986] arch_do_signal_or_restart+0x96/0x720 [ 189.721139][ T4986] ? __cfi_arch_do_signal_or_restart+0x10/0x10 [ 189.721170][ T4986] ? fixup_iopl_exception+0xdd/0x2e0 [ 189.721196][ T4986] irqentry_exit_to_user_mode+0x4e/0xb0 [ 189.721212][ T4986] irqentry_exit+0x16/0x60 [ 189.721226][ T4986] exc_general_protection+0x15a/0x1f0 [ 189.721248][ T4986] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 189.721270][ T4986] asm_exc_general_protection+0x2b/0x30 [ 189.721295][ T4986] RIP: 0033:0x7fd8b198eed1 [ 189.721309][ T4986] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 189.721324][ T4986] RSP: 002b:0000200000000580 EFLAGS: 00010217 [ 189.721340][ T4986] RAX: 0000000000000000 RBX: 00007fd8b1be6090 RCX: 00007fd8b198eec9 [ 189.721352][ T4986] RDX: 00002000000005c0 RSI: 0000200000000580 RDI: 0000000000020000 [ 189.721364][ T4986] RBP: 00007fd8b1a11f91 R08: 0000200000000640 R09: 0000200000000640 [ 189.721376][ T4986] R10: 0000200000000600 R11: 0000000000000206 R12: 0000000000000000 [ 189.721387][ T4986] R13: 00007fd8b1be6128 R14: 00007fd8b1be6090 R15: 00007ffe0a93a0b8 [ 189.721401][ T4986] [ 190.200636][ T4986] memory: usage 307200kB, limit 307200kB, failcnt 18202 [ 190.207671][ T4986] memory+swap: usage 431832kB, limit 9007199254740988kB, failcnt 0 [ 190.216039][ T4986] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 190.223051][ T4986] Memory cgroup stats for /syz4: [ 190.223241][ T4986] cache 314351616 [ 190.231988][ T4986] rss 126976 [ 190.235198][ T4986] rss_huge 0 [ 190.238445][ T4986] shmem 314351616 [ 190.242128][ T4986] mapped_file 0 [ 190.245615][ T4986] dirty 0 [ 190.248651][ T4986] writeback 0 [ 190.251986][ T4986] workingset_refault_anon 16 [ 190.256631][ T4986] workingset_refault_file 0 [ 190.261268][ T4986] swap 127623168 [ 190.264873][ T4986] swapcached 122880 [ 190.268758][ T4986] pgpgin 167341 [ 190.274367][ T4986] pgpgout 90541 [ 190.279452][ T4986] pgfault 48212 [ 190.282987][ T4986] pgmajfault 5 [ 190.286510][ T4986] inactive_anon 186466304 [ 190.291212][ T4986] active_anon 128106496 [ 190.295449][ T4986] inactive_file 0 [ 190.299342][ T4986] active_file 0 [ 190.302859][ T4986] unevictable 0 [ 190.306346][ T4986] hierarchical_memory_limit 314572800 [ 190.312040][ T4986] hierarchical_memsw_limit 9223372036854771712 [ 190.318352][ T4986] total_cache 314351616 [ 190.322617][ T4986] total_rss 126976 [ 190.326365][ T4986] total_rss_huge 0 [ 190.330200][ T4986] total_shmem 314351616 [ 190.334470][ T4986] total_mapped_file 0 [ 190.338478][ T4986] total_dirty 0 [ 190.342029][ T4986] total_writeback 0 [ 190.345852][ T4986] total_workingset_refault_anon 16 [ 190.351005][ T4986] total_workingset_refault_file 0 [ 190.356052][ T4986] total_swap 127623168 [ 190.360174][ T4986] total_swapcached 122880 [ 190.364704][ T4986] total_pgpgin 167341 [ 190.368775][ T4986] total_pgpgout 90541 [ 190.372872][ T4986] total_pgfault 48212 [ 190.377020][ T4986] total_pgmajfault 5 [ 190.380986][ T4986] total_inactive_anon 186466304 [ 190.386031][ T4986] total_active_anon 128106496 [ 190.390834][ T4986] total_inactive_file 0 [ 190.395132][ T4986] total_active_file 0 [ 190.399398][ T4986] total_unevictable 0 [ 190.403467][ T4986] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.1132,pid=3791,uid=0 [ 190.418396][ T4986] Memory cgroup out of memory: Killed process 3791 (syz.4.1132) total-vm:93872kB, anon-rss:1140kB, file-rss:20736kB, shmem-rss:0kB, UID:0 pgtables:100kB oom_score_adj:1000 [ 190.440950][ T4983] syz.4.1560 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 190.452282][ T4983] CPU: 1 UID: 0 PID: 4983 Comm: syz.4.1560 Not tainted syzkaller #0 67868b434517ba700884c753facc80d4f03a3ea5 [ 190.452320][ T4983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 190.452334][ T4983] Call Trace: [ 190.452342][ T4983] [ 190.452352][ T4983] __dump_stack+0x21/0x30 [ 190.452389][ T4983] dump_stack_lvl+0x10c/0x190 [ 190.452419][ T4983] ? __cfi_dump_stack_lvl+0x10/0x10 [ 190.452450][ T4983] ? ___ratelimit+0x3f7/0x5a0 [ 190.452482][ T4983] dump_stack+0x19/0x20 [ 190.452510][ T4983] dump_header+0xd7/0x490 [ 190.452533][ T4983] ? __cfi_mem_cgroup_get_max+0x10/0x10 [ 190.452563][ T4983] oom_kill_process+0x35d/0x640 [ 190.452591][ T4983] ? sched_clock_cpu+0x75/0x400 [ 190.452624][ T4983] out_of_memory+0x659/0xa80 [ 190.452650][ T4983] ? __cfi_out_of_memory+0x10/0x10 [ 190.452677][ T4983] ? mutex_lock_killable+0x104/0x1c0 [ 190.452723][ T4983] ? __cfi_mutex_lock_killable+0x10/0x10 [ 190.452759][ T4983] mem_cgroup_out_of_memory+0x279/0x350 [ 190.452783][ T4983] ? drain_obj_stock+0xed0/0xed0 [ 190.452806][ T4983] ? memcg1_oom_prepare+0x2c6/0x3a0 [ 190.452827][ T4983] try_charge_memcg+0x8f7/0xde0 [ 190.452855][ T4983] ? __cfi_try_charge_memcg+0x10/0x10 [ 190.452888][ T4983] ? __alloc_pages_noprof+0x31f/0x7b0 [ 190.452918][ T4983] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 190.452945][ T4983] ? __folio_batch_add_and_move+0x2ab/0x370 [ 190.452972][ T4983] __mem_cgroup_charge+0xf6/0x410 [ 190.453000][ T4983] ? _raw_spin_lock+0x8c/0x120 [ 190.453024][ T4983] ? __cfi___mem_cgroup_charge+0x10/0x10 [ 190.453055][ T4983] shmem_alloc_and_add_folio+0x86d/0x1050 [ 190.453084][ T4983] ? put_swap_device+0x130/0x130 [ 190.453109][ T4983] ? shmem_huge_global_enabled+0x2da/0x360 [ 190.453133][ T4983] ? shmem_allowable_huge_orders+0x1f7/0x430 [ 190.453158][ T4983] ? __kasan_check_write+0x18/0x20 [ 190.453192][ T4983] ? _raw_spin_lock+0x8c/0x120 [ 190.453218][ T4983] shmem_get_folio_gfp+0x5f0/0x1380 [ 190.453242][ T4983] ? shmem_get_folio+0xc0/0xc0 [ 190.453261][ T4983] ? inode_maybe_inc_iversion+0x17d/0x1e0 [ 190.453293][ T4983] ? __cfi_inode_maybe_inc_iversion+0x10/0x10 [ 190.453316][ T4983] ? inode_to_bdi+0x6d/0x100 [ 190.453339][ T4983] shmem_write_begin+0xf4/0x270 [ 190.453359][ T4983] generic_perform_write+0x32d/0x960 [ 190.453386][ T4983] ? __cfi_generic_perform_write+0x10/0x10 [ 190.453409][ T4983] ? down_write+0xe9/0x2a0 [ 190.453424][ T4983] ? mnt_get_write_access_file+0x1af/0x3b0 [ 190.453446][ T4983] ? mnt_put_write_access_file+0xc2/0x100 [ 190.453467][ T4983] ? file_update_time+0x1ef/0x220 [ 190.453489][ T4983] shmem_file_write_iter+0x105/0x130 [ 190.453510][ T4983] ? __cfi_shmem_file_write_iter+0x10/0x10 [ 190.453532][ T4983] __kernel_write_iter+0x41d/0x8e0 [ 190.453547][ T4983] ? __cfi_shmem_file_write_iter+0x10/0x10 [ 190.453569][ T4983] ? __cfi___kernel_write_iter+0x10/0x10 [ 190.453583][ T4983] ? get_dump_page+0x160/0x220 [ 190.453604][ T4983] ? __asan_memset+0x39/0x50 [ 190.453627][ T4983] ? iov_iter_bvec+0xc0/0x180 [ 190.453648][ T4983] dump_user_range+0xb06/0xdf0 [ 190.453664][ T4983] ? __cfi_dump_emit+0x10/0x10 [ 190.453689][ T4983] ? __cfi_dump_user_range+0x10/0x10 [ 190.453704][ T4983] ? elf_coredump_extra_notes_write+0x42f/0x4c0 [ 190.453730][ T4983] ? __cfi_elf_coredump_extra_notes_write+0x10/0x10 [ 190.453755][ T4983] elf_core_dump+0x2ccc/0x3800 [ 190.453776][ T4983] ? __cfi_elf_core_dump+0x10/0x10 [ 190.453800][ T4983] ? dump_interrupted+0xf0/0xf0 [ 190.453823][ T4983] ? filp_open+0x182/0x1d0 [ 190.453844][ T4983] ? 0xffffffffff600000 [ 190.453856][ T4983] ? freezing_slow_path+0x12b/0x170 [ 190.453887][ T4983] do_coredump+0x1bf7/0x2bd0 [ 190.453914][ T4983] ? __cfi_do_coredump+0x10/0x10 [ 190.453937][ T4983] ? asm_exc_general_protection+0x2b/0x30 [ 190.453972][ T4983] ? __kasan_slab_free+0x6a/0x80 [ 190.453989][ T4983] ? kmem_cache_free+0x1c1/0x510 [ 190.454005][ T4983] ? get_signal+0xa75/0x14f0 [ 190.454027][ T4983] get_signal+0x11fd/0x14f0 [ 190.454050][ T4983] arch_do_signal_or_restart+0x96/0x720 [ 190.454077][ T4983] ? __cfi_arch_do_signal_or_restart+0x10/0x10 [ 190.454103][ T4983] ? fixup_iopl_exception+0xdd/0x2e0 [ 190.454137][ T4983] irqentry_exit_to_user_mode+0x4e/0xb0 [ 190.454160][ T4983] irqentry_exit+0x16/0x60 [ 190.454180][ T4983] exc_general_protection+0x15a/0x1f0 [ 190.454209][ T4983] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 190.454231][ T4983] asm_exc_general_protection+0x2b/0x30 [ 190.454256][ T4983] RIP: 0033:0x7fd8b198eed1 [ 190.454270][ T4983] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 190.454285][ T4983] RSP: 002b:0000200000000580 EFLAGS: 00010217 [ 190.454301][ T4983] RAX: 0000000000000000 RBX: 00007fd8b1be6090 RCX: 00007fd8b198eec9 [ 190.454313][ T4983] RDX: 00002000000005c0 RSI: 0000200000000580 RDI: 0000000000020000 [ 190.454325][ T4983] RBP: 00007fd8b1a11f91 R08: 0000200000000640 R09: 0000200000000640 [ 190.454337][ T4983] R10: 0000200000000600 R11: 0000000000000206 R12: 0000000000000000 [ 190.454348][ T4983] R13: 00007fd8b1be6128 R14: 00007fd8b1be6090 R15: 00007ffe0a93a0b8 [ 190.454363][ T4983] [ 190.454370][ T4983] memory: usage 307200kB, limit 307200kB, failcnt 18300 [ 190.964237][ T4983] memory+swap: usage 431888kB, limit 9007199254740988kB, failcnt 0 [ 190.972626][ T4983] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 190.979545][ T4983] Memory cgroup stats for /syz4: [ 190.979698][ T4983] cache 314347520 [ 190.988322][ T4983] rss 118784 [ 190.991540][ T4983] rss_huge 0 [ 190.994821][ T4983] shmem 314347520 [ 190.998508][ T4983] mapped_file 0 [ 191.001980][ T4983] dirty 0 [ 191.004918][ T4983] writeback 0 [ 191.008261][ T4983] workingset_refault_anon 16 [ 191.012871][ T4983] workingset_refault_file 0 [ 191.017421][ T4983] swap 127680512 [ 191.020978][ T4983] swapcached 135168 [ 191.024821][ T4983] pgpgin 167386 [ 191.028396][ T4983] pgpgout 90586 [ 191.031863][ T4983] pgfault 48212 [ 191.035317][ T4983] pgmajfault 5 [ 191.038727][ T4983] inactive_anon 185827328 [ 191.043084][ T4983] active_anon 128745472 [ 191.047250][ T4983] inactive_file 0 [ 191.050931][ T4983] active_file 0 [ 191.054406][ T4983] unevictable 0 [ 191.057957][ T4983] hierarchical_memory_limit 314572800 [ 191.063434][ T4983] hierarchical_memsw_limit 9223372036854771712 [ 191.070297][ T4983] total_cache 314347520 [ 191.074477][ T4983] total_rss 118784 [ 191.078262][ T4983] total_rss_huge 0 [ 191.082126][ T4983] total_shmem 314347520 [ 191.086292][ T4983] total_mapped_file 0 [ 191.090385][ T4983] total_dirty 0 [ 191.094054][ T4983] total_writeback 0 [ 191.097891][ T4983] total_workingset_refault_anon 16 [ 191.103117][ T4983] total_workingset_refault_file 0 [ 191.108261][ T4983] total_swap 127680512 [ 191.112423][ T4983] total_swapcached 135168 [ 191.116874][ T4983] total_pgpgin 167386 [ 191.120989][ T4983] total_pgpgout 90586 [ 191.124986][ T4983] total_pgfault 48212 [ 191.129043][ T4983] total_pgmajfault 5 [ 191.132964][ T4983] total_inactive_anon 185827328 [ 191.137815][ T4983] total_active_anon 128745472 [ 191.142645][ T4983] total_inactive_file 0 [ 191.146914][ T4983] total_active_file 0 [ 191.150942][ T4983] total_unevictable 0 [ 191.155125][ T4983] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.1560,pid=4979,uid=0 [ 191.170041][ T4983] Memory cgroup out of memory: Killed process 4979 (syz.4.1560) total-vm:90164kB, anon-rss:1148kB, file-rss:59184kB, shmem-rss:0kB, UID:0 pgtables:196kB oom_score_adj:0 [ 191.216506][ T4985] syz.4.1560 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 191.239888][ T4985] CPU: 1 UID: 0 PID: 4985 Comm: syz.4.1560 Not tainted syzkaller #0 67868b434517ba700884c753facc80d4f03a3ea5 [ 191.239934][ T4985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 191.239949][ T4985] Call Trace: [ 191.239958][ T4985] [ 191.239968][ T4985] __dump_stack+0x21/0x30 [ 191.240010][ T4985] dump_stack_lvl+0x10c/0x190 [ 191.240048][ T4985] ? __cfi_dump_stack_lvl+0x10/0x10 [ 191.240075][ T4985] ? ___ratelimit+0x3f7/0x5a0 [ 191.240106][ T4985] dump_stack+0x19/0x20 [ 191.240134][ T4985] dump_header+0xd7/0x490 [ 191.240159][ T4985] ? __cfi_mem_cgroup_get_max+0x10/0x10 [ 191.240191][ T4985] oom_kill_process+0x35d/0x640 [ 191.240220][ T4985] ? sched_clock_cpu+0x75/0x400 [ 191.240254][ T4985] out_of_memory+0x659/0xa80 [ 191.240283][ T4985] ? __cfi_out_of_memory+0x10/0x10 [ 191.240311][ T4985] ? mutex_lock_killable+0x104/0x1c0 [ 191.240347][ T4985] ? __cfi_mutex_lock_killable+0x10/0x10 [ 191.240384][ T4985] mem_cgroup_out_of_memory+0x279/0x350 [ 191.240409][ T4985] ? drain_obj_stock+0xed0/0xed0 [ 191.240433][ T4985] ? memcg1_oom_prepare+0x2c6/0x3a0 [ 191.240455][ T4985] try_charge_memcg+0x8f7/0xde0 [ 191.240487][ T4985] ? __cfi_try_charge_memcg+0x10/0x10 [ 191.240518][ T4985] ? __alloc_pages_noprof+0x31f/0x7b0 [ 191.240551][ T4985] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 191.240582][ T4985] ? __folio_batch_add_and_move+0x2ab/0x370 [ 191.240613][ T4985] __mem_cgroup_charge+0xf6/0x410 [ 191.240647][ T4985] ? _raw_spin_lock+0x8c/0x120 [ 191.240674][ T4985] ? __cfi___mem_cgroup_charge+0x10/0x10 [ 191.240710][ T4985] shmem_alloc_and_add_folio+0x86d/0x1050 [ 191.240743][ T4985] ? put_swap_device+0x130/0x130 [ 191.240770][ T4985] ? shmem_huge_global_enabled+0x2da/0x360 [ 191.240798][ T4985] ? shmem_allowable_huge_orders+0x1f7/0x430 [ 191.240825][ T4985] ? __kasan_check_write+0x18/0x20 [ 191.240859][ T4985] ? _raw_spin_lock+0x8c/0x120 [ 191.240886][ T4985] shmem_get_folio_gfp+0x5f0/0x1380 [ 191.240915][ T4985] ? shmem_get_folio+0xc0/0xc0 [ 191.240938][ T4985] ? inode_maybe_inc_iversion+0x17d/0x1e0 [ 191.240972][ T4985] ? __cfi_inode_maybe_inc_iversion+0x10/0x10 [ 191.241005][ T4985] ? inode_to_bdi+0x6d/0x100 [ 191.241043][ T4985] shmem_write_begin+0xf4/0x270 [ 191.241072][ T4985] generic_perform_write+0x32d/0x960 [ 191.241108][ T4985] ? __cfi_generic_perform_write+0x10/0x10 [ 191.241141][ T4985] ? down_write+0xe9/0x2a0 [ 191.241162][ T4985] ? mnt_get_write_access_file+0x1af/0x3b0 [ 191.241193][ T4985] ? mnt_put_write_access_file+0xc2/0x100 [ 191.241224][ T4985] ? file_update_time+0x1ef/0x220 [ 191.241256][ T4985] shmem_file_write_iter+0x105/0x130 [ 191.241287][ T4985] ? __cfi_shmem_file_write_iter+0x10/0x10 [ 191.241319][ T4985] __kernel_write_iter+0x41d/0x8e0 [ 191.241342][ T4985] ? __cfi_shmem_file_write_iter+0x10/0x10 [ 191.241375][ T4985] ? __cfi___kernel_write_iter+0x10/0x10 [ 191.241395][ T4985] ? get_dump_page+0x160/0x220 [ 191.241426][ T4985] ? __asan_memset+0x39/0x50 [ 191.241459][ T4985] ? iov_iter_bvec+0xc0/0x180 [ 191.241495][ T4985] dump_user_range+0xb06/0xdf0 [ 191.241519][ T4985] ? __cfi_dump_emit+0x10/0x10 [ 191.241555][ T4985] ? __cfi_dump_user_range+0x10/0x10 [ 191.241578][ T4985] ? elf_coredump_extra_notes_write+0x42f/0x4c0 [ 191.241615][ T4985] ? __cfi_elf_coredump_extra_notes_write+0x10/0x10 [ 191.241651][ T4985] elf_core_dump+0x2ccc/0x3800 [ 191.241682][ T4985] ? __cfi_elf_core_dump+0x10/0x10 [ 191.241716][ T4985] ? dump_interrupted+0xf0/0xf0 [ 191.241749][ T4985] ? filp_open+0x182/0x1d0 [ 191.241779][ T4985] ? 0xffffffffff600000 [ 191.241796][ T4985] ? freezing_slow_path+0x12b/0x170 [ 191.241831][ T4985] do_coredump+0x1bf7/0x2bd0 [ 191.241869][ T4985] ? __cfi_do_coredump+0x10/0x10 [ 191.241902][ T4985] ? asm_exc_general_protection+0x2b/0x30 [ 191.241948][ T4985] ? __kasan_slab_free+0x6a/0x80 [ 191.241975][ T4985] ? kmem_cache_free+0x1c1/0x510 [ 191.241998][ T4985] ? get_signal+0xa75/0x14f0 [ 191.242029][ T4985] get_signal+0x11fd/0x14f0 [ 191.242072][ T4985] arch_do_signal_or_restart+0x96/0x720 [ 191.242108][ T4985] ? __cfi_arch_do_signal_or_restart+0x10/0x10 [ 191.242146][ T4985] ? fixup_iopl_exception+0xdd/0x2e0 [ 191.242183][ T4985] irqentry_exit_to_user_mode+0x4e/0xb0 [ 191.242207][ T4985] irqentry_exit+0x16/0x60 [ 191.242227][ T4985] exc_general_protection+0x15a/0x1f0 [ 191.242259][ T4985] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 191.242291][ T4985] asm_exc_general_protection+0x2b/0x30 [ 191.242327][ T4985] RIP: 0033:0x7fd8b198eed1 [ 191.242361][ T4985] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 191.242381][ T4985] RSP: 002b:0000200000000580 EFLAGS: 00010217 [ 191.242405][ T4985] RAX: 0000000000000000 RBX: 00007fd8b1be6090 RCX: 00007fd8b198eec9 [ 191.242422][ T4985] RDX: 00002000000005c0 RSI: 0000200000000580 RDI: 0000000000020000 [ 191.242440][ T4985] RBP: 00007fd8b1a11f91 R08: 0000200000000640 R09: 0000200000000640 [ 191.242458][ T4985] R10: 0000200000000600 R11: 0000000000000206 R12: 0000000000000000 [ 191.242474][ T4985] R13: 00007fd8b1be6128 R14: 00007fd8b1be6090 R15: 00007ffe0a93a0b8 [ 191.242495][ T4985] [ 191.242505][ T4985] memory: usage 307100kB, limit 307200kB, failcnt 19020 [ 191.754200][ T4985] memory+swap: usage 392324kB, limit 9007199254740988kB, failcnt 0 [ 191.762438][ T5170] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 191.762470][ T5170] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 191.765458][ T4985] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 191.782861][ T4985] Memory cgroup stats for /syz4: [ 191.783040][ T4985] cache 274804736 [ 191.787129][ T5170] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 191.791802][ T4985] rss 172032 [ 191.802515][ T5170] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 191.802558][ T5170] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 191.806424][ T4985] rss_huge 0 [ 191.838150][ T4985] shmem 274804736 [ 191.857107][ T4985] mapped_file 0 [ 191.865131][ T4985] dirty 0 [ 191.871686][ T4985] writeback 0 [ 191.878379][ T4985] workingset_refault_anon 33 [ 191.897389][ T4985] workingset_refault_file 0 [ 191.908757][ T4985] swap 127881216 [ 191.913744][ T5175] virtiofs: Unknown parameter 'always' [ 191.921845][ T4985] swapcached 110592 [ 191.925789][ T4985] pgpgin 172613 [ 191.945398][ T4985] pgpgout 105473 [ 191.958269][ T4985] pgfault 48269 [ 191.961810][ T4985] pgmajfault 16 [ 191.965297][ T4985] inactive_anon 93786112 [ 191.979190][ T4985] active_anon 180887552 [ 191.983421][ T4985] inactive_file 0 [ 191.987075][ T4985] active_file 0 [ 191.992668][ T5181] rust_binder: 5177 RLIMIT_NICE not set [ 191.992730][ T5181] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 [ 192.018247][ T4985] unevictable 0 [ 192.022293][ T4985] hierarchical_memory_limit 314572800 [ 192.026745][ T5181] rust_binder: 902: no such ref 0 [ 192.027776][ T4985] hierarchical_memsw_limit 9223372036854771712 [ 192.027789][ T4985] total_cache 274804736 [ 192.083539][ T4985] total_rss 172032 [ 192.087417][ T4985] total_rss_huge 0 [ 192.092833][ T5181] rust_binder: got new transaction with bad transaction stack [ 192.092862][ T5181] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:902 [ 192.100688][ T4985] total_shmem 274804736 [ 192.126530][ T4985] total_mapped_file 0 [ 192.140928][ T4985] total_dirty 0 [ 192.148850][ T4985] total_writeback 0 [ 192.163228][ T4985] total_workingset_refault_anon 33 [ 192.174945][ T4985] total_workingset_refault_file 0 [ 192.191232][ T4985] total_swap 127881216 [ 192.199743][ T4985] total_swapcached 110592 [ 192.208559][ T4985] total_pgpgin 172613 [ 192.222201][ T4985] total_pgpgout 105473 [ 192.231453][ T4985] total_pgfault 48269 [ 192.240099][ T4985] total_pgmajfault 16 [ 192.248525][ T4985] total_inactive_anon 93786112 [ 192.260110][ T4985] total_active_anon 180887552 [ 192.267865][ T4985] total_inactive_file 0 [ 192.272717][ T4985] total_active_file 0 [ 192.276890][ T4985] total_unevictable 0 [ 192.280997][ T4985] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.1560,pid=4988,uid=0 [ 192.297627][ T4985] Memory cgroup out of memory: OOM victim 4988 (syz.4.1560) is already exiting. Skip killing the task [ 192.309422][ T36] kauditd_printk_skb: 60 callbacks suppressed [ 192.309440][ T36] audit: type=1400 audit(1759348072.436:580): avc: denied { lock } for pid=5191 comm="syz.3.1622" path="socket:[30172]" dev="sockfs" ino=30172 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 192.434585][ T36] audit: type=1400 audit(1759348072.486:581): avc: denied { create } for pid=5191 comm="syz.3.1622" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=decnet_socket permissive=1 [ 192.534705][ T36] audit: type=1326 audit(1759348072.575:582): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5197 comm="syz.4.1623" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd8b198eec9 code=0x0 [ 192.761159][ T67] rust_binder: 5176: removing orphan mapping 0:24 [ 192.885408][ T5206] tun0: tun_chr_ioctl cmd 1074025677 [ 192.901234][ T5206] tun0: linktype set to 1 [ 193.375007][ T5213] rust_binder: Error while translating object. [ 193.375044][ T5213] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 193.381471][ T5213] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:1028 [ 193.537087][ T5219] overlayfs: failed to clone lowerpath [ 195.362832][ T5279] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=37892 sclass=netlink_xfrm_socket pid=5279 comm=syz.3.1654 [ 196.193297][ T36] audit: type=1326 audit(1759348332.313:583): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5301 comm="syz.4.1663" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd8b198eec9 code=0x0 [ 196.784336][ T36] audit: type=1400 audit(1759348332.903:584): avc: denied { ioctl } for pid=5316 comm="syz.2.1668" path="/dev/rnullb0" dev="devtmpfs" ino=31 ioctlcmd=0x70cb scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 196.945315][ T5330] devpts: called with bogus options [ 197.119207][ T5348] rust_binder: 924: no such ref 3 [ 197.124446][ T5348] rust_binder: 924: no such ref 2 [ 197.297664][ T36] audit: type=1400 audit(1759348333.413:585): avc: denied { append } for pid=5354 comm="syz.0.1680" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 197.312499][ T5355] /dev/rnullb0: Can't open blockdev [ 197.320739][ T36] audit: type=1400 audit(1759348333.433:586): avc: denied { mounton } for pid=5354 comm="syz.0.1680" path="/syzcgroup/unified/syz0" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1 [ 197.405329][ T5358] rust_binder: 5357 RLIMIT_NICE not set [ 197.476544][ T5360] /dev/rnullb0: Can't open blockdev [ 197.500993][ T5362] virtio-fs: tag not found [ 197.508598][ T36] audit: type=1400 audit(1759348333.623:587): avc: denied { remove_name } for pid=5361 comm="syz.0.1683" name="binder0" dev="binder" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 197.531716][ T36] audit: type=1400 audit(1759348333.623:588): avc: denied { unlink } for pid=5361 comm="syz.0.1683" name="binder0" dev="binder" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 197.549124][ T5365] rust_binder: inc_ref_done called when no active inc_refs [ 197.555210][ T5366] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 197.555939][ T5365] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 1 [ 197.562751][ T5366] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:940 [ 197.634527][ T5368] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1685'. [ 197.655748][ T12] Bluetooth: hci0: Frame reassembly failed (-84) [ 197.849858][ T5373] 9pnet_fd: Insufficient options for proto=fd [ 198.391638][ T5384] 9pnet_fd: Insufficient options for proto=fd [ 198.421842][ T5388] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1692'. [ 199.365738][ T36] audit: type=1326 audit(1759348335.483:589): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5428 comm="syz.4.1706" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd8b198eec9 code=0x0 [ 199.731362][ T1097] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 199.731372][ T54] Bluetooth: hci0: command 0x1003 tx timeout [ 200.271945][ T36] audit: type=1400 audit(1759348336.383:590): avc: denied { mounton } for pid=5439 comm="syz.2.1710" path="/362/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 200.305423][ T5441] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI [ 200.318342][ T5441] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 200.326881][ T5441] CPU: 0 UID: 0 PID: 5441 Comm: syz.2.1710 Not tainted syzkaller #0 67868b434517ba700884c753facc80d4f03a3ea5 [ 200.338563][ T5441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 200.348757][ T5441] RIP: 0010:iter_file_splice_write+0xace/0x11b0 [ 200.355055][ T5441] Code: 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 97 d3 e6 ff 49 8b 1e 49 c7 06 00 00 00 00 48 83 c3 08 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 73 d3 e6 ff 4c 8b 1b 48 8b 3c 24 [ 200.375062][ T5441] RSP: 0018:ffffc900099f7820 EFLAGS: 00010202 [ 200.381529][ T5441] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff8881108f8000 [ 200.389729][ T5441] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 7ffffffffffff8a8 [ 200.397746][ T5441] RBP: ffffc900099f7a40 R08: ffff8881f6e72240 R09: 1ffff1103edce448 [ 200.405872][ T5441] R10: 1ffff1103edce44b R11: 0000000000000fd8 R12: dffffc0000000000 [ 200.414507][ T5441] R13: 7ffffffffffff8a8 R14: ffff88811c1c5838 R15: ffff88811c1c5828 [ 200.422714][ T5441] FS: 00007f20aab776c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 200.431702][ T5441] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 200.438415][ T5441] CR2: 0000200000004381 CR3: 0000000114fbe000 CR4: 00000000003526b0 [ 200.446433][ T5441] Call Trace: [ 200.449754][ T5441] [ 200.452724][ T5441] ? __cfi_iter_file_splice_write+0x10/0x10 [ 200.458671][ T5441] ? __cfi_iter_file_splice_write+0x10/0x10 [ 200.464615][ T5441] direct_splice_actor+0x276/0x4b0 [ 200.469781][ T5441] splice_direct_to_actor+0x4fe/0xbc0 [ 200.475296][ T5441] ? __cfi_direct_splice_actor+0x10/0x10 [ 200.480997][ T5441] ? __cfi_splice_direct_to_actor+0x10/0x10 [ 200.486940][ T5441] do_splice_direct+0x182/0x270 [ 200.491985][ T5441] ? __cfi_do_splice_direct+0x10/0x10 [ 200.497400][ T5441] ? __cfi_direct_file_splice_eof+0x10/0x10 [ 200.503366][ T5441] ? security_file_permission+0x2e/0xc0 [ 200.508991][ T5441] ? rw_verify_area+0xac/0x230 [ 200.513891][ T5441] do_sendfile+0x5c8/0xfb0 [ 200.518364][ T5441] ? vfs_writev+0xcf0/0xcf0 [ 200.522173][ T36] audit: type=1400 audit(1759348336.643:591): avc: denied { read } for pid=93 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 200.522902][ T5441] ? __se_sys_futex+0x28f/0x300 [ 200.549492][ T5441] __x64_sys_sendfile64+0x193/0x1f0 [ 200.550601][ T36] audit: type=1400 audit(1759348336.643:592): avc: denied { search } for pid=93 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 200.554768][ T5441] ? __cfi___x64_sys_sendfile64+0x10/0x10 [ 200.554806][ T5441] ? switch_fpu_return+0x12/0x20 [ 200.554834][ T5441] x64_sys_call+0xa26/0x2ee0 [ 200.591634][ T5441] do_syscall_64+0x58/0xf0 [ 200.596195][ T5441] ? clear_bhb_loop+0x50/0xa0 [ 200.601098][ T5441] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 200.601218][ T36] audit: type=1400 audit(1759348336.643:593): avc: denied { write } for pid=93 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 200.607070][ T5441] RIP: 0033:0x7f20a9d8eec9 [ 200.607094][ T5441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.607113][ T5441] RSP: 002b:00007f20aab77038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 200.607138][ T5441] RAX: ffffffffffffffda RBX: 00007f20a9fe6090 RCX: 00007f20a9d8eec9 [ 200.607157][ T5441] RDX: 0000000000000000 RSI: 0000000000000088 RDI: 0000000000000089 [ 200.656930][ T36] audit: type=1400 audit(1759348336.643:594): avc: denied { add_name } for pid=93 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 200.661419][ T5441] RBP: 00007f20a9e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 200.661447][ T5441] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000000 [ 200.661463][ T5441] R13: 00007f20a9fe6128 R14: 00007f20a9fe6090 R15: 00007fff29820eb8 [ 200.661490][ T5441] [ 200.661576][ T5441] Modules linked in: [ 200.675323][ T36] audit: type=1400 audit(1759348336.673:595): avc: denied { create } for pid=93 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 200.677542][ T5441] [ 200.677685][ T5441] ---[ end trace 0000000000000000 ]--- [ 200.722696][ T36] audit: type=1400 audit(1759348336.673:596): avc: denied { append open } for pid=93 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 200.727754][ T5443] overlayfs: failed to clone upperpath [ 200.787803][ T5441] RIP: 0010:iter_file_splice_write+0xace/0x11b0 [ 200.794305][ T5441] Code: 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 97 d3 e6 ff 49 8b 1e 49 c7 06 00 00 00 00 48 83 c3 08 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 73 d3 e6 ff 4c 8b 1b 48 8b 3c 24 [ 200.814473][ T5441] RSP: 0018:ffffc900099f7820 EFLAGS: 00010202 [ 200.822628][ T5441] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff8881108f8000 [ 200.831098][ T5441] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 7ffffffffffff8a8 [ 200.839443][ T5441] RBP: ffffc900099f7a40 R08: ffff8881f6e72240 R09: 1ffff1103edce448 [ 200.847483][ T5441] R10: 1ffff1103edce44b R11: 0000000000000fd8 R12: dffffc0000000000 [ 200.855918][ T5441] R13: 7ffffffffffff8a8 R14: ffff88811c1c5838 R15: ffff88811c1c5828 [ 200.864192][ T5441] FS: 00007f20aab776c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 200.873529][ T5441] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 200.880360][ T5441] CR2: 0000200000003bc0 CR3: 0000000114fbe000 CR4: 00000000003526b0 [ 200.889661][ T5441] Kernel panic - not syncing: Fatal exception [ 200.896120][ T5441] Kernel Offset: disabled [ 200.900577][ T5441] Rebooting in 86400 seconds..