last executing test programs: 3.896449247s ago: executing program 2 (id=13): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) pselect6(0x40, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x381, 0x0, 0x0, 0x9e25}, &(0x7f0000000280)={0x0, 0x3938700}, 0x0) 3.862382347s ago: executing program 3 (id=14): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xaece, 0x0) pread64(r2, &(0x7f0000019180)=""/102352, 0x18fd0, 0x35) 3.811704108s ago: executing program 2 (id=15): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000200000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 3.707653659s ago: executing program 3 (id=16): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x2, @in6=@remote, 0x6, 0x4, 0x3, 0x0, 0x0, 0x1000}]}]}, 0xfc}}, 0x0) r1 = socket(0xa, 0x3, 0xfc) sendto$unix(r1, 0x0, 0x0, 0x48850, &(0x7f0000000340)=@abs={0x0, 0x0, 0x9}, 0x6e) 3.677550549s ago: executing program 3 (id=17): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000000)=[@text16={0x10, &(0x7f0000000040)="f30f1ecd65f3ff9dd4a7260f01c9f3360f30670f01ca0f01fa8146051900baf80c66b8fa8ecd8c66efbafc0cb8f64aefdbe03e26660f38825f47", 0x3a}], 0x1, 0x5b, 0x0, 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x80000082, 0x9, 0x1, 0x0, 0x2, 0x0, 0x4002004c2, 0x1044, 0x45c5, 0x6, 0x4, 0x105, 0x3, 0x2000000000000000, 0xfffffffffffffffe, 0xa], 0xeeee0000, 0x12d7}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.56983511s ago: executing program 3 (id=19): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000940)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, &(0x7f00000000c0)={0x1, 0xfffffdfd, 0x7, 0xb4e, 0x1, 0x10}) fstat(0xffffffffffffffff, 0x0) 2.203940536s ago: executing program 2 (id=32): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/keys\x00', 0x0, 0x0) preadv(r0, &(0x7f0000001680)=[{&(0x7f0000000140)=""/102, 0x66}], 0x1, 0x402, 0xffffffff) syz_clone3(&(0x7f0000000140)={0x4000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x2}, 0x7a) 2.154152526s ago: executing program 2 (id=33): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x88840, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000480)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000100), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fd3000/0x18000)=nil, &(0x7f00000002c0)=[@text16={0x10, &(0x7f0000000040)="360f7883b81e2626660fc7350ff4650666b95c0300000f32f4656df30f09e3650f01efeff8000f0d35", 0x29}], 0x1, 0x2, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x5) syz_kvm_setup_cpu$x86(r3, r3, &(0x7f0000fce000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000003c0)={'tunl0\x00', 0x400}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xffff7038}, {0x6}]}, 0x10) prlimit64(0x0, 0x9, &(0x7f0000000d80)={0x3, 0x1c88000000}, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) sendmmsg(r5, &(0x7f0000000e00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4004800) r7 = userfaultfd(0x1) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000140)) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$UFFDIO_CONTINUE(r8, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}}) sendmsg$NFNL_MSG_CTHELPER_NEW(r8, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x9, 0x401, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x16}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4010}, 0x20000000) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.86351428s ago: executing program 2 (id=34): syz_usb_connect$midi(0x5, 0x41, &(0x7f0000000180)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x20, 0xa67, 0x5011, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2f, 0x1, 0x1, 0x18, 0x10, 0x4, "", {{{0x9, 0x4, 0x0, 0x0, 0x1, 0x1, 0x3, 0x0, 0x6, [], [{{0x9, 0x5, 0x8e, 0xb, 0x20, 0xf, 0xd7, 0x2, {0x14, 0x25, 0x1, 0x10, "2777c545066c63910a23007d78e94449"}}}]}}}}}]}}, &(0x7f0000000000)={0x0, 0x0, 0x8, 0x0}) r0 = gettid() wait4(r0, 0x0, 0x8, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000780)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x1800, 0x0, 0x2, 0x1}, 0x20) syz_usb_connect$uac2(0x5, 0xfb, &(0x7f0000000700)=ANY=[@ANYBLOB="1201100300000010820574004000010203010902e91003017f2008080b000101062003090400000001012000092401d10b084900090924070259af010200102402010504030600fdffffff0349000b24060602008006000a0008240a07030903000c240304ff010d06"], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f00000010c0)=[@increfs, @increfs, @increfs], 0x0, 0x0, 0x0}) r4 = dup3(r3, r1, 0x80000) syz_usb_connect$cdc_ncm(0x5, 0xce, &(0x7f0000000200)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbc, 0x2, 0x1, 0x5, 0x30, 0xdc}}]}}, &(0x7f0000000400)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x250, 0x0, 0x9, 0x2, 0x8, 0x8}, 0x26, &(0x7f0000000180)={0x5, 0xf, 0x26, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0xe5dc72ee8d8eee2, 0x81, 0x5, 0x1}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "37d5c87a8d7dcfde62307820d7609678"}, @ptm_cap={0x3}]}, 0x3, [{0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x42d}}, {0x68, &(0x7f0000000340)=@string={0x68, 0x3, "08e46219a0ae3f76fb440f88cd6c8d317941b4ea86c4199f85720fa0dfbe1a9d67467c2123cd4af54850413697f5535457c70c0b6fed47433440fe82b77d0d490167679cc9b598cbc89febffcf24f887cfb9fb1b32c3a794a2c60000231b83d9494c7f29ca9f"}}, {0x4, &(0x7f00000008c0)=@string={0x0, 0x3, "634a1c91b81f97ce168539bc10519f2ce22106653b661bb64c2e85a70ed9269482bc189d1c42d025d30178e5d7a07bebe6fa0352f2256e1d7a593b3686f4cb796c771707f7f1ea32df1e6a5abeb7be6e9e7676cb32aa97bd22dd1eae743e8353ab272f4f9e666e87787f06a3388a7e65470018eb0f62f95a6853291289bf8eef390be492c277c3af0acb0ba38b7690e87263a9d603d744060dc5679cd0707f259f8d45143f"}}]}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000640)={0x14, 0x0, &(0x7f00000002c0)=[@decrefs={0x400c6314, 0x80000}, @free_buffer], 0x0, 0x0, 0x0}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0x80404509, &(0x7f0000000080)=""/4096) r7 = dup(r6) ioctl$UI_DEV_DESTROY(r7, 0x5502) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x20132, 0xffffffffffffffff, 0xb2993000) bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r9 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r9) ptrace$poke(0x4, r9, &(0x7f00000011c0), 0xfffffffffffffffe) openat$kvm(0xffffffffffffff9c, &(0x7f0000001080), 0x105801, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r8, 0x4008ae93, &(0x7f0000000040)=0xa000) 1.84083674s ago: executing program 3 (id=35): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x23, {[@global=@item_4={0x3, 0x1, 0x3, "65d620d1"}, @global=@item_4={0x3, 0x1, 0x5, '\f\x00'}, @local=@item_4={0x3, 0x2, 0x0, "228c0365"}, @global=@item_4={0x3, 0x1, 0x4, "0900be00"}, @main=@item_4={0x3, 0x0, 0xb}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) 965.24414ms ago: executing program 0 (id=40): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x101}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000e00)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f00000007c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000480)={@ptr={0x70742a85, 0x0, &(0x7f0000000340)=""/86, 0x56, 0xfffffffffffffffd, 0x203}, @ptr={0x66642a85, 0x1, 0x0, 0x0, 0x0, 0x41}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x2, 0x12}}, &(0x7f0000000200)={0x0, 0x28, 0x50}}}], 0x0, 0x0, 0x0}) 852.279461ms ago: executing program 0 (id=41): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0) socket$inet6(0xa, 0x2, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) 827.121971ms ago: executing program 0 (id=42): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000d00)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x10, {{@in=@broadcast, @in=@rand_addr=0x64010102, 0x0, 0x0, 0x2, 0x4, 0xa, 0x0, 0x80, 0x6}, {0x0, 0x0, 0x3d04c9a7, 0x0, 0x0, 0x8, 0x0, 0xfffffffffffffffb}, {0x0, 0x2, 0x0, 0x4}, 0x0, 0x6e6bb8, 0x0, 0x1, 0x0, 0x1}, [@mark={0xc, 0x15, {0x35075b, 0x6}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4008011}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000c40)=ANY=[@ANYBLOB="d40000001b001d0328bd7000fcdbdf25ffffffff000000000000000000000000fe8000000000000000000000000000264e2000014e2404000200000087000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="08000000000000000100010000000000f4ffffffffffffff04000000000000000200000000000000ba410000000091ad07000000000000000000008000000000ffffff7f0000000003000000000000000400000000000000080000000000000003000000b86b6e"], 0xd4}}, 0x0) 772.849812ms ago: executing program 0 (id=43): socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0/file1\x00', 0x2441, 0x83) fcntl$setstatus(r0, 0x4, 0x24400) fdatasync(r0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x27) 737.116592ms ago: executing program 0 (id=46): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80102, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd2(0x4001, 0x800) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x8, 0x2}) 672.689033ms ago: executing program 0 (id=48): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps_rollup\x00') r4 = fsopen(&(0x7f0000000000)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) fchdir(r5) r6 = inotify_init1(0x800) inotify_add_watch(r6, &(0x7f0000000240)='.\x00', 0x60000526) r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x0, 0x1aa) getdents64(r7, &(0x7f0000004440)=""/4096, 0x1000) fsconfig$FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0xfffffffffffffffe) read$FUSE(r3, &(0x7f0000002400)={0x2020}, 0x2020) getpid() 564.603444ms ago: executing program 1 (id=49): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x8, 0x5, 0x4000000000000e55, 0x9, 0x5479, 0x1035, 0x200000000004, 0x0, 0x4fda967d, 0xfffffffffffffffe, 0xffffffff, 0xbf4, 0xfff, 0x8000000000005, 0x800000068], 0x2000, 0x81c54}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 552.948144ms ago: executing program 1 (id=50): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x400000000001, 0x0, 0x1, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f000001a400)=""/102384, 0x18ff0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000140)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r2, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@private0, @in=@private=0xa010101, 0x4e20, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x9, 0x0, 0x5, 0x0, 0x3, 0xfffffffffffffffe}, {0x7, 0x0, 0xfffffffffffffffc, 0xff}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x3c}, 0x0, 0x32}, 0x0, @in=@private=0xa010100, 0x0, 0x2, 0x0, 0xb7, 0xfffffffe, 0xffffff7e}}, 0xe8) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x1c) 352.518517ms ago: executing program 1 (id=51): sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz0\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x3f, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x40, 0x4, 0x25cd, 0x1, 0xb4, 0xd49, 0x80a2b9, 0x6, 0xb, 0xe4, 0x6, 0xfc000000, 0x2, 0xbbf, 0x4a732f64, 0x1, 0x3, 0x5, 0xfffffffd, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x1000, 0x81, 0x8a, 0x79, 0x2, 0x10000, 0x0, 0x91, 0x3, 0x4, 0x9, 0x1, 0x1, 0x10401, 0xfffffff5, 0x404, 0xa7, 0x81, 0x9, 0x8001, 0x0, 0xff, 0x2, 0x4, 0x9, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0xb4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x497d, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x6, 0x8, 0x2, 0x4, 0x8, 0xffffff7f, 0x400, 0x8, 0x4c2336d3, 0x4, 0x0, 0xfffffff6, 0x401, 0x46, 0xf1, 0x4, 0xab000e0, 0x5, 0x6, 0x2, 0x1, 0x8003ff, 0x1ff, 0x1, 0x7fff, 0x6, 0x1cb, 0x1, 0x80000004, 0x8, 0x438, 0x2, 0xa, 0x95, 0x80000001, 0x4, 0xfffffff9, 0x1, 0x1000, 0x8, 0x5], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x5, 0x8d3, 0x200003, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xffe, 0x10100a, 0x2, 0x400, 0x3e55, 0x5, 0xd3, 0x5, 0x97f7, 0x3, 0xd, 0x6, 0x603, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xe, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x9, 0x10000, 0xfefffffd, 0x5, 0x72], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0x3, 0x1005, 0x1, 0x9, 0x1e, 0x9, 0x812, 0x3, 0x0, 0xd, 0xfffffff7, 0x6, 0x140f2, 0x5396, 0x0, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0x98ce, 0x7fffffff, 0x100009, 0xc, 0xffffffff, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7ffc, 0x3, 0x6, 0xf, 0xe, 0x1, 0x269, 0x6, 0x1, 0xa82b, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_open_dev$mouse(&(0x7f0000000280), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x109980, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) ioctl$TFD_IOC_SET_TICKS(0xffffffffffffffff, 0x40085400, &(0x7f00000001c0)=0x8) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 338.525937ms ago: executing program 1 (id=52): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x2200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SIGNAL_MASK(r2, 0x4004ae8b, &(0x7f0000000340)={0x8, "74cd5e1fc6533b14"}) 325.337837ms ago: executing program 1 (id=53): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0) socket$inet6(0xa, 0x2, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) chdir(&(0x7f0000000040)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0) preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) 299.995557ms ago: executing program 2 (id=54): prlimit64(0x0, 0x2, 0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001480)='/proc/bus/input/handlers\x00', 0x0, 0x0) read$hiddev(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TYPE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x90024}, 0x880) read$hiddev(r0, &(0x7f0000001100)=""/234, 0xea) 1.48858ms ago: executing program 3 (id=55): r0 = socket$inet6(0xa, 0x3, 0x3a) bind$inet6(r0, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x1c) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) request_key(0x0, 0x0, &(0x7f0000000080)='}\\\x00', 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000700)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000380)={@flat=@handle={0x73682a85, 0xa, 0x1}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @flat=@handle={0x73682a85, 0x100}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x0, 0x0}) socket$nl_route(0x10, 0x3, 0x0) 0s ago: executing program 1 (id=63): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$802154_dgram(r0, 0x0, 0x24044904) fchmod(0xffffffffffffffff, 0x154) ioctl$XFS_IOC_SCRUB_METADATA(0xffffffffffffffff, 0xc040583c, 0x0) r1 = syz_usb_connect(0x5, 0x36, &(0x7f0000000000)=ANY=[], 0x0) syz_usb_control_io$rtl8150(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000a80)={0x34, &(0x7f0000000840)={0x0, 0xf, 0x6, "428a7482a325"}, 0x0, 0x0, 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): syzkaller syzkaller login: [ 16.744241][ T36] kauditd_printk_skb: 31 callbacks suppressed [ 16.744260][ T36] audit: type=1400 audit(1778264137.130:59): avc: denied { transition } for pid=232 comm="sshd-session" path="/bin/sh" dev="sda1" ino=90 scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.748957][ T36] audit: type=1400 audit(1778264137.130:60): avc: denied { noatsecure } for pid=232 comm="sshd-session" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.751837][ T36] audit: type=1400 audit(1778264137.130:61): avc: denied { write } for pid=232 comm="sh" path="pipe:[2595]" dev="pipefs" ino=2595 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 16.755455][ T36] audit: type=1400 audit(1778264137.130:62): avc: denied { rlimitinh } for pid=232 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 16.758166][ T36] audit: type=1400 audit(1778264137.130:63): avc: denied { siginh } for pid=232 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 Warning: Permanently added '10.128.0.88' (ED25519) to the list of known hosts. [ 24.381788][ T36] audit: type=1400 audit(1778264144.760:64): avc: denied { mounton } for pid=286 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 24.382914][ T286] cgroup: Unknown subsys name 'net' [ 24.404642][ T36] audit: type=1400 audit(1778264144.770:65): avc: denied { mount } for pid=286 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.432049][ T36] audit: type=1400 audit(1778264144.800:66): avc: denied { unmount } for pid=286 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.432265][ T286] cgroup: Unknown subsys name 'devices' [ 24.614025][ T286] cgroup: Unknown subsys name 'hugetlb' [ 24.619658][ T286] cgroup: Unknown subsys name 'rlimit' [ 24.713086][ T36] audit: type=1400 audit(1778264145.100:67): avc: denied { setattr } for pid=286 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 24.736308][ T36] audit: type=1400 audit(1778264145.100:68): avc: denied { mounton } for pid=286 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 24.761214][ T36] audit: type=1400 audit(1778264145.100:69): avc: denied { mount } for pid=286 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 24.770829][ T288] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). Setting up swapspace version 1, size = 127995904 bytes [ 24.793698][ T36] audit: type=1400 audit(1778264145.180:70): avc: denied { relabelto } for pid=288 comm="mkswap" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.819211][ T36] audit: type=1400 audit(1778264145.180:71): avc: denied { write } for pid=288 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.857650][ T36] audit: type=1400 audit(1778264145.240:72): avc: denied { read } for pid=286 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.858153][ T286] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.883644][ T36] audit: type=1400 audit(1778264145.240:73): avc: denied { open } for pid=286 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.707263][ T296] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.714572][ T296] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.721730][ T296] bridge_slave_0: entered allmulticast mode [ 25.728319][ T296] bridge_slave_0: entered promiscuous mode [ 25.736670][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.743864][ T296] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.750931][ T296] bridge_slave_1: entered allmulticast mode [ 25.757348][ T296] bridge_slave_1: entered promiscuous mode [ 25.826928][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.834049][ T294] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.841168][ T294] bridge_slave_0: entered allmulticast mode [ 25.847554][ T294] bridge_slave_0: entered promiscuous mode [ 25.855699][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.862995][ T294] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.870127][ T294] bridge_slave_1: entered allmulticast mode [ 25.878077][ T294] bridge_slave_1: entered promiscuous mode [ 25.932031][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.939225][ T295] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.946344][ T295] bridge_slave_0: entered allmulticast mode [ 25.952928][ T295] bridge_slave_0: entered promiscuous mode [ 25.971185][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.978434][ T293] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.985671][ T293] bridge_slave_0: entered allmulticast mode [ 25.992014][ T293] bridge_slave_0: entered promiscuous mode [ 25.998194][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.005589][ T295] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.012745][ T295] bridge_slave_1: entered allmulticast mode [ 26.018936][ T295] bridge_slave_1: entered promiscuous mode [ 26.035104][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.042216][ T293] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.049307][ T293] bridge_slave_1: entered allmulticast mode [ 26.055821][ T293] bridge_slave_1: entered promiscuous mode [ 26.113235][ T296] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.120510][ T296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.186173][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.193277][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.200554][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.207613][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.243868][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.250967][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.258280][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.265330][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.285315][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.292591][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.299830][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.306883][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.315233][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.322637][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.330436][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.337866][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.345857][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.353563][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.360841][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.388957][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.396255][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.414847][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.421983][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.430054][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.437145][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.445456][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.452702][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.479996][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.487192][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.502742][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.509830][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.525232][ T296] veth0_vlan: entered promiscuous mode [ 26.531839][ T294] veth0_vlan: entered promiscuous mode [ 26.548086][ T296] veth1_macvtap: entered promiscuous mode [ 26.574252][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.582123][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.589915][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.596995][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.619702][ T294] veth1_macvtap: entered promiscuous mode [ 26.640801][ T293] veth0_vlan: entered promiscuous mode [ 26.676301][ T296] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 26.692409][ T293] veth1_macvtap: entered promiscuous mode [ 26.702886][ T295] veth0_vlan: entered promiscuous mode [ 26.743169][ T316] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 26.760345][ T295] veth1_macvtap: entered promiscuous mode [ 27.032381][ T31] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 27.046974][ T330] kvm: pic: level sensitive irq not supported [ 27.047444][ T330] kvm: pic: level sensitive irq not supported [ 27.193440][ T31] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.211841][ T31] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.222332][ T31] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 27.235942][ T31] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 27.245533][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 27.255330][ T31] usb 1-1: config 0 descriptor?? [ 27.665241][ T318] capability: warning: `syz.0.1' uses 32-bit capabilities (legacy support in use) [ 27.676070][ T31] usbhid 1-1:0.0: can't add hid device: -71 [ 27.682854][ T31] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 27.691749][ T31] usb 1-1: USB disconnect, device number 2 [ 27.735784][ T342] kvm: pic: level sensitive irq not supported [ 27.736327][ T342] kvm: pic: single mode not supported [ 27.743569][ T342] kvm: pic: non byte read [ 28.261917][ T31] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 28.349995][ T366] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 28.359264][ T366] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 28.413284][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.424371][ T31] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.435353][ T31] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 28.452675][ T31] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 28.463010][ T31] usb 3-1: Manufacturer: syz [ 28.469181][ T31] usb 3-1: config 0 descriptor?? [ 28.486019][ T371] 9p: Unknown access argument 18446744073709551615: -34 [ 28.521917][ T320] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 28.600421][ T371] macsec0: entered promiscuous mode [ 28.609466][ T371] rust_binder: Read failure Err(EAGAIN) in pid:8 [ 28.681936][ T320] usb 4-1: Using ep0 maxpacket: 32 [ 28.695274][ T320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.706638][ T320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.718477][ T320] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 28.727913][ T320] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.738184][ T320] usb 4-1: config 0 descriptor?? [ 29.086327][ T31] uclogic 0003:256C:006D.0001: failed retrieving Huion firmware version: -71 [ 29.096379][ T31] uclogic 0003:256C:006D.0001: failed probing parameters: -71 [ 29.104265][ T31] uclogic 0003:256C:006D.0001: probe with driver uclogic failed with error -71 [ 29.117335][ T31] usb 3-1: USB disconnect, device number 2 [ 29.158198][ T320] savu 0003:1E7D:2D5A.0002: hiddev96,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0 [ 29.407346][ T36] kauditd_printk_skb: 75 callbacks suppressed [ 29.407365][ T36] audit: type=1400 audit(1778264149.790:149): avc: denied { associate } for pid=395 comm="syz.1.30" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 29.440347][ T311] usb 4-1: USB disconnect, device number 2 [ 29.447246][ T36] audit: type=1400 audit(1778264149.830:150): avc: denied { remount } for pid=393 comm="syz.1.30" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 29.486763][ T36] audit: type=1400 audit(1778264149.870:151): avc: denied { unmount } for pid=293 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 29.638040][ T36] audit: type=1400 audit(1778264150.020:152): avc: denied { view } for pid=399 comm="syz.2.32" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 29.751972][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 29.776268][ T36] audit: type=1400 audit(1778264150.160:153): avc: denied { create } for pid=401 comm="syz.2.33" anonclass=[userfaultfd] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 29.797864][ T36] audit: type=1400 audit(1778264150.160:154): avc: denied { ioctl } for pid=401 comm="syz.2.33" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=3905 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 29.913062][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 29.923469][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 29.932461][ T9] usb 1-1: config 1 has no interface number 0 [ 29.938564][ T9] usb 1-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 29.953563][ T9] usb 1-1: New USB device found, idVendor=0525, idProduct=779d, bcdDevice= 0.40 [ 29.970828][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 29.981962][ T9] usb 1-1: Product: syz [ 29.986370][ T9] usb 1-1: Manufacturer: syz [ 29.993021][ T9] usb 1-1: SerialNumber: syz [ 29.999865][ T9] cdc_ncm 1-1:1.1: NCM or ECM functional descriptors missing [ 30.007335][ T9] cdc_ncm 1-1:1.1: bind() failure [ 30.171332][ T412] tipc: Enabling of bearer rejected, failed to enable media [ 30.225694][ T9] usb 1-1: USB disconnect, device number 3 [ 30.244024][ T31] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 30.251808][ T320] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 30.390608][ T416] Zero length message leads to an empty skb [ 30.431964][ T31] usb 3-1: Using ep0 maxpacket: 32 [ 30.438676][ T31] usb 3-1: unable to get BOS descriptor or descriptor too short [ 30.448882][ T31] usb 3-1: New USB device found, idVendor=0a67, idProduct=5011, bcdDevice= 0.40 [ 30.458346][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.466482][ T31] usb 3-1: Product: syz [ 30.470662][ T31] usb 3-1: Manufacturer: syz [ 30.475530][ T31] usb 3-1: SerialNumber: syz [ 30.491986][ T320] usb 4-1: Using ep0 maxpacket: 16 [ 30.498205][ T320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.509316][ T320] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.519132][ T320] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 30.532000][ T320] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 30.541066][ T320] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.550029][ T320] usb 4-1: config 0 descriptor?? [ 30.684168][ T405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 30.692831][ T405] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 30.702743][ T36] audit: type=1400 audit(1778264151.090:155): avc: denied { set_context_mgr } for pid=404 comm="syz.2.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 30.713362][ T405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 30.731215][ T405] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 30.749279][ T405] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 524288 [ 30.757048][ T405] rust_binder: Write failure EINVAL in pid:20 [ 30.871041][ T36] audit: type=1400 audit(1778264151.250:156): avc: denied { map } for pid=423 comm="syz.0.40" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 30.871714][ T424] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 144, limit: 144, size: 86) [ 30.877705][ T36] audit: type=1400 audit(1778264151.250:157): avc: denied { call } for pid=423 comm="syz.0.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 30.902243][ T424] rust_binder: Error while translating object. [ 30.930551][ T424] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 30.936892][ T424] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:22 [ 30.959811][ T320] microsoft 0003:045E:07DA.0003: item fetching failed at offset 30/34 [ 30.982241][ T320] microsoft 0003:045E:07DA.0003: parse failed [ 30.988615][ T36] audit: type=1400 audit(1778264151.370:158): avc: denied { unlink } for pid=425 comm="syz.0.41" name="#1" dev="tmpfs" ino=61 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 31.010537][ T320] microsoft 0003:045E:07DA.0003: probe with driver microsoft failed with error -22 [ 31.036746][ T428] netlink: 20 bytes leftover after parsing attributes in process `syz.0.42'. [ 31.191394][ T320] usb 4-1: USB disconnect, device number 3 [ 31.220538][ T441] process 'syz.1.47' launched '/dev/fd/3' with NULL argv: empty string added [ 31.509039][ T479] overlayfs: failed to clone upperpath [ 31.837703][ T485] rust_binder: Error while translating object. [ 31.837762][ C0] BUG: TASK stack guard page was hit at ffffc9000c79feb8 (stack is ffffc9000c7a0000..ffffc9000c7a8000) [ 31.837789][ C0] Oops: stack guard page: 0000 [#1] PREEMPT SMP KASAN PTI [ 31.837809][ C0] CPU: 0 UID: 0 PID: 485 Comm: syz.3.55 Not tainted syzkaller #0 67a5ca8f7ed814712d3178997cf562972873434d [ 31.837834][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 31.837845][ C0] RIP: 0010:get_page_from_freelist+0x1f/0x4a20 [ 31.837880][ C0] Code: 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 81 ec a0 02 00 00 49 89 cf <89> bc 24 a0 00 00 00 65 48 8b 04 25 28 00 00 00 48 89 84 24 80 02 [ 31.837895][ C0] RSP: 0018:ffffc9000c79fec0 EFLAGS: 00010286 [ 31.837914][ C0] RAX: 0000000000000100 RBX: 0000000000000002 RCX: ffffc9000c7a0230 [ 31.837928][ C0] RDX: 0000000000000101 RSI: 0000000000000002 RDI: 0000000000192000 [ 31.837940][ C0] RBP: ffffc9000c7a0190 R08: ffffffff876acb23 R09: 1ffffffff0ed5964 [ 31.837953][ C0] R10: dffffc0000000000 R11: fffffbfff0ed5965 R12: 0000000000000680 [ 31.837966][ C0] R13: dffffc0000000000 R14: 1ffff920018f4038 R15: ffffc9000c7a0230 [ 31.837979][ C0] FS: 00007fd33ed706c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 31.837991][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.837999][ C0] CR2: ffffc9000c79feb8 CR3: 00000001360f0000 CR4: 00000000003526b0 [ 31.838013][ C0] Call Trace: [ 31.838018][ C0] [ 31.838030][ C0] ? __kasan_check_read+0x15/0x20 [ 31.838050][ C0] ? static_key_count+0x45/0x70 [ 31.838073][ C0] ? gfp_to_alloc_flags_cma+0x96/0x1c0 [ 31.838092][ C0] ? __cfi_gfp_zone+0x10/0x10 [ 31.838113][ C0] ? __alloc_pages_noprof+0x35f/0x7e0 [ 31.838137][ C0] ? unwind_next_frame+0x3c1/0x750 [ 31.838151][ C0] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 31.838166][ C0] ? _RNvMNtCskDQVOo9v79Q_16rust_binder_main11transactionNtB2_11Transaction3new+0x3c7/0x2810 [ 31.838190][ C0] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 31.838212][ C0] ? _RNvMNtCskDQVOo9v79Q_16rust_binder_main11transactionNtB2_11Transaction3new+0x3c7/0x2810 [ 31.838245][ C0] ? stack_depot_save_flags+0x672/0x800 [ 31.838266][ C0] ? stack_depot_save+0x12/0x20 [ 31.838283][ C0] ? save_stack+0x133/0x240 [ 31.838297][ C0] ? free_contig_range+0x260/0x260 [ 31.838307][ C0] ? __reset_page_owner+0x450/0x450 [ 31.838320][ C0] ? zone_page_state_add+0x43/0x90 [ 31.838332][ C0] ? post_alloc_hook+0x37d/0x3b0 [ 31.838358][ C0] ? prep_new_page+0x2d/0x190 [ 31.838380][ C0] ? get_page_from_freelist+0x496e/0x4a20 [ 31.838405][ C0] ? __alloc_pages_noprof+0x35f/0x7e0 [ 31.838429][ C0] ? stack_depot_save_flags+0x672/0x800 [ 31.838448][ C0] ? kasan_save_track+0x4f/0x80 [ 31.838468][ C0] ? kasan_save_free_info+0x4a/0x60 [ 31.838494][ C0] ? __kasan_slab_free+0x5f/0x80 [ 31.838514][ C0] ? kfree+0x158/0x440 [ 31.838530][ C0] ? krealloc_noprof+0xfa/0x130 [ 31.838550][ C0] ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeINtNtNtCs1ewLyjEZ7Le_6kernel5alloc4kbox3BoxINtNtNtB4_3mem12maybe_uninit11MaybeUninitINtNtBN_6rbtree4NodemINtNtNtBN_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EEENtNtBL_9allocator7KmallocEEB2S_+0x114/0x360 [ 31.838597][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process10update_ref+0x16c0/0x2660 [ 31.838615][ C0] ? _RNvXs_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB4_10AllocationNtNtNtCsb7ts3l0a5c3_4core3ops4drop4Drop4drop+0x16ed/0x5c60 [ 31.838636][ C0] ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeNtNtCskDQVOo9v79Q_16rust_binder_main10allocation10AllocationEBK_+0x1a/0xf0 [ 31.838666][ C0] ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread21copy_transaction_data+0x7a55/0x9130 [ 31.838695][ C0] ? _RNvMNtCskDQVOo9v79Q_16rust_binder_main11transactionNtB2_11Transaction3new+0x3c7/0x2810 [ 31.838726][ C0] ? kvm_sched_clock_read+0x15/0x30 [ 31.838739][ C0] ? sched_clock_noinstr+0xd/0x30 [ 31.838752][ C0] ? __set_page_owner+0x8e/0x600 [ 31.838765][ C0] ? __zone_watermark_ok+0x134/0x630 [ 31.838780][ C0] ? __cfi___set_page_owner+0x10/0x10 [ 31.838801][ C0] ? kasan_unpoison+0x4a/0x70 [ 31.838819][ C0] ? post_alloc_hook+0x37d/0x3b0 [ 31.838842][ C0] ? __cfi_post_alloc_hook+0x10/0x10 [ 31.838865][ C0] ? gfp_to_alloc_flags_cma+0x1c0/0x1c0 [ 31.838880][ C0] ? _raw_spin_trylock+0xb5/0x140 [ 31.838895][ C0] ? __cfi__raw_spin_trylock+0x10/0x10 [ 31.838911][ C0] ? prep_new_page+0x2d/0x190 [ 31.838924][ C0] ? get_page_from_freelist+0x496e/0x4a20 [ 31.838950][ C0] ? __alloc_pages_noprof+0x7e0/0x7e0 [ 31.838974][ C0] ? static_key_count+0x45/0x70 [ 31.838997][ C0] ? gfp_to_alloc_flags_cma+0x96/0x1c0 [ 31.839024][ C0] ? gfp_zone+0x1/0x110 [ 31.839036][ C0] ? __alloc_pages_noprof+0x35f/0x7e0 [ 31.839051][ C0] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 31.839065][ C0] ? unwind_get_return_address+0x51/0x90 [ 31.839078][ C0] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 31.839099][ C0] ? arch_stack_walk+0x10a/0x170 [ 31.839119][ C0] ? stack_trace_save+0xaa/0x100 [ 31.839140][ C0] ? stack_depot_save_flags+0x672/0x800 [ 31.839160][ C0] ? kasan_save_track+0x4f/0x80 [ 31.839176][ C0] ? kasan_save_track+0x3e/0x80 [ 31.839188][ C0] ? kasan_save_free_info+0x4a/0x60 [ 31.839203][ C0] ? __kasan_slab_free+0x5f/0x80 [ 31.839215][ C0] ? kfree+0x158/0x440 [ 31.839224][ C0] ? krealloc_noprof+0xfa/0x130 [ 31.839239][ C0] ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeINtNtNtCs1ewLyjEZ7Le_6kernel5alloc4kbox3BoxINtNtNtB4_3mem12maybe_uninit11MaybeUninitINtNtBN_6rbtree4NodemINtNtNtBN_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EEENtNtBL_9allocator7KmallocEEB2S_+0x114/0x360 [ 31.839292][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process10update_ref+0x16c0/0x2660 [ 31.839320][ C0] ? _RNvXs_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB4_10AllocationNtNtNtCsb7ts3l0a5c3_4core3ops4drop4Drop4drop+0x16ed/0x5c60 [ 31.839339][ C0] ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeNtNtCskDQVOo9v79Q_16rust_binder_main10allocation10AllocationEBK_+0x1a/0xf0 [ 31.839366][ C0] ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread21copy_transaction_data+0x7a55/0x9130 [ 31.839385][ C0] ? _RNvMNtCskDQVOo9v79Q_16rust_binder_main11transactionNtB2_11Transaction3new+0x3c7/0x2810 [ 31.839416][ C0] ? _RINvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB6_6Thread11transactionNvB2_17transaction_innerEB8_+0xb22/0x1290 [ 31.839446][ C0] ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread5write+0x12fb/0xad70 [ 31.839470][ C0] ? _RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x1192/0x5c20 [ 31.839501][ C0] ? __se_sys_ioctl+0x132/0x1b0 [ 31.839522][ C0] ? __x64_sys_ioctl+0x7f/0xa0 [ 31.839542][ C0] ? x64_sys_call+0x1878/0x2ee0 [ 31.839560][ C0] ? do_syscall_64+0x57/0xf0 [ 31.839577][ C0] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 31.839601][ C0] ? _RNvMs_NtNtCs1ewLyjEZ7Le_6kernel5alloc9allocatorNtB4_7Kmalloc14aligned_layout+0x9a/0x180 [ 31.839629][ C0] ? kasan_save_free_info+0x4a/0x60 [ 31.839644][ C0] ? __kasan_slab_free+0x5f/0x80 [ 31.839656][ C0] ? kfree+0x158/0x440 [ 31.839666][ C0] ? krealloc_noprof+0xfa/0x130 [ 31.839677][ C0] ? krealloc_noprof+0xfa/0x130 [ 31.839695][ C0] ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeINtNtNtCs1ewLyjEZ7Le_6kernel5alloc4kbox3BoxINtNtNtB4_3mem12maybe_uninit11MaybeUninitINtNtBN_6rbtree4NodemINtNtNtBN_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EEENtNtBL_9allocator7KmallocEEB2S_+0x114/0x360 [ 31.839749][ C0] ? __cfi__RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeINtNtNtCs1ewLyjEZ7Le_6kernel5alloc4kbox3BoxINtNtNtB4_3mem12maybe_uninit11MaybeUninitINtNtBN_6rbtree4NodemINtNtNtBN_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EEENtNtBL_9allocator7KmallocEEB2S_+0x10/0x10 [ 31.839791][ C0] ? _RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreemINtNtNtB7_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EE9raw_entryB1i_+0x413/0x580 [ 31.839817][ C0] ? __cfi__RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreemINtNtNtB7_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EE9raw_entryB1i_+0x10/0x10 [ 31.839860][ C0] ? __kasan_check_write+0x18/0x20 [ 31.839878][ C0] ? _raw_spin_lock+0x92/0x120 [ 31.839903][ C0] ? __cfi__raw_spin_lock+0x10/0x10 [ 31.839926][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process10update_ref+0x16c0/0x2660 [ 31.839944][ C0] ? __cfi__RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process10update_ref+0x10/0x10 [ 31.839965][ C0] ? _RNvMs0_NtCs1ewLyjEZ7Le_6kernel4pageNtB5_4Page8read_raw+0x1ef/0x3d0 [ 31.839982][ C0] ? __asan_memcpy+0x5a/0x80 [ 31.839999][ C0] ? _RNvMs0_NtCs1ewLyjEZ7Le_6kernel4pageNtB5_4Page8read_raw+0x1ef/0x3d0 [ 31.840025][ C0] ? __cfi__RNvMs0_NtCs1ewLyjEZ7Le_6kernel4pageNtB5_4Page8read_raw+0x10/0x10 [ 31.840051][ C0] ? __kasan_check_write+0x18/0x20 [ 31.840068][ C0] ? _raw_spin_lock+0x92/0x120 [ 31.840084][ C0] ? __cfi__raw_spin_lock+0x10/0x10 [ 31.840099][ C0] ? _RINvMs4_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB6_14AllocationView4readNtNtB8_4defs16FlatBinderObjectEB8_+0x6a9/0xc70 [ 31.840119][ C0] ? __asan_memcpy+0x5a/0x80 [ 31.840130][ C0] ? _RINvMs4_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB6_14AllocationView4readNtNtB8_4defs16FlatBinderObjectEB8_+0x5f4/0xc70 [ 31.840163][ C0] ? __cfi__RINvMs4_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB6_14AllocationView4readNtNtB8_4defs16FlatBinderObjectEB8_+0x10/0x10 [ 31.840196][ C0] ? _RNvMs0_NtCs1ewLyjEZ7Le_6kernel4pageNtB5_4Page8read_raw+0x1ef/0x3d0 [ 31.840220][ C0] ? __asan_memcpy+0x5a/0x80 [ 31.840231][ C0] ? _RNvMs0_NtCs1ewLyjEZ7Le_6kernel4pageNtB5_4Page8read_raw+0x1ef/0x3d0 [ 31.840245][ C0] ? __kasan_check_write+0x18/0x20 [ 31.840256][ C0] ? __cfi__RNvMs0_NtCs1ewLyjEZ7Le_6kernel4pageNtB5_4Page8read_raw+0x10/0x10 [ 31.840270][ C0] ? _RNvMs0_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_12ProcessInner17get_existing_node+0x2e7/0x610 [ 31.840295][ C0] ? __cfi__RNvMs0_NtCskDQVOo9v79Q_16rust_binder_main4nodeNtB5_4Node22update_refcount_locked+0x10/0x10 [ 31.840320][ C0] ? __cfi__RNvMs0_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_12ProcessInner17get_existing_node+0x10/0x10 [ 31.840357][ C0] ? __kasan_check_write+0x18/0x20 [ 31.840373][ C0] ? __cfi__raw_spin_lock+0x10/0x10 [ 31.840388][ C0] ? _RNvXs_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB4_10AllocationNtNtNtCsb7ts3l0a5c3_4core3ops4drop4Drop4drop+0x308/0x5c60 [ 31.840407][ C0] ? _RNvXs_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB4_10AllocationNtNtNtCsb7ts3l0a5c3_4core3ops4drop4Drop4drop+0x16ed/0x5c60 [ 31.840430][ C0] ? __cfi__RNvMs5_NtCs1ewLyjEZ7Le_6kernel6bitmapNtB5_6Bitmap7set_bit+0x10/0x10 [ 31.840459][ C0] ? __cfi__RNvXs_NtCskDQVOo9v79Q_16rust_binder_main10allocationNtB4_10AllocationNtNtNtCsb7ts3l0a5c3_4core3ops4drop4Drop4drop+0x10/0x10 [ 31.840500][ C0] ? __cfi__RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreemINtNtNtB7_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EE9raw_entryB1i_+0x10/0x10 [ 31.840541][ C0] ? __kasan_check_write+0x18/0x20 [ 31.840557][ C0] ? mutex_unlock+0x90/0x240 [ 31.840568][ C0] ? __cfi_mutex_unlock+0x10/0x10 [ 31.840584][ C0] ? __asan_set_shadow_00+0x12/0x20 [ 31.840608][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process23insert_or_update_handle+0x1930/0x32e0 [ 31.840642][ C0] ? __cfi__RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process23insert_or_update_handle+0x10/0x10 [ 31.840673][ C0] ? is_bpf_text_address+0x17b/0x1a0 [ 31.840691][ C0] ? _RNvXsc_NtCs1ewLyjEZ7Le_6kernel3strNtB5_12RawFormatterNtNtCsb7ts3l0a5c3_4core3fmt5Write9write_str+0x181/0x2d0 [ 31.840707][ C0] ? __asan_memcpy+0x5a/0x80 [ 31.840717][ C0] ? _RNvXsc_NtCs1ewLyjEZ7Le_6kernel3strNtB5_12RawFormatterNtNtCsb7ts3l0a5c3_4core3fmt5Write9write_str+0x1c8/0x2d0 [ 31.840734][ C0] ? __cfi__RNvXsc_NtCs1ewLyjEZ7Le_6kernel3strNtB5_12RawFormatterNtNtCsb7ts3l0a5c3_4core3fmt5Write9write_str+0x10/0x10 [ 31.840770][ C0] ? _RNvXsc_NtCs1ewLyjEZ7Le_6kernel3strNtB5_12RawFormatterNtNtCsb7ts3l0a5c3_4core3fmt5Write9write_str+0x1c8/0x2d0 [ 31.840797][ C0] ? __cfi__RNvXsc_NtCs1ewLyjEZ7Le_6kernel3strNtB5_12RawFormatterNtNtCsb7ts3l0a5c3_4core3fmt5Write9write_str+0x10/0x10 [ 31.840824][ C0] ? desc_read+0x202/0x3e0 [ 31.840837][ C0] ? __kasan_check_write+0x18/0x20 [ 31.840847][ C0] ? desc_read+0x1ab/0x3e0 [ 31.840859][ C0] ? prb_first_seq+0x109/0x1d0 [ 31.840871][ C0] ? __cfi_prb_first_seq+0x10/0x10 [ 31.840882][ C0] ? __kasan_check_write+0x18/0x20 [ 31.840899][ C0] ? desc_read+0x1ab/0x3e0 [ 31.840918][ C0] ? __kasan_check_read+0x15/0x20 [ 31.840936][ C0] ? this_cpu_in_panic+0x56/0x90 [ 31.840958][ C0] ? _prb_read_valid+0x9f3/0xa80 [ 31.840978][ C0] ? __asan_memcpy+0x5a/0x80 [ 31.840989][ C0] ? prb_read_valid+0x80/0x80 [ 31.841001][ C0] ? data_alloc+0x4d0/0x7e0 [ 31.841013][ C0] ? desc_read+0x202/0x3e0 [ 31.841024][ C0] ? __kasan_check_write+0x18/0x20 [ 31.841034][ C0] ? desc_read+0x1ab/0x3e0 [ 31.841053][ C0] ? prb_first_seq+0x109/0x1d0 [ 31.841073][ C0] ? __cfi_prb_first_seq+0x10/0x10 [ 31.841093][ C0] ? __kasan_check_write+0x18/0x20 [ 31.841110][ C0] ? desc_read+0x1ab/0x3e0 [ 31.841128][ C0] ? __kasan_check_read+0x15/0x20 [ 31.841138][ C0] ? this_cpu_in_panic+0x56/0x90 [ 31.841150][ C0] ? _prb_read_valid+0x9f3/0xa80 [ 31.841162][ C0] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 31.841179][ C0] ? prb_read_valid+0x80/0x80 [ 31.841193][ C0] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 31.841210][ C0] ? up+0x10a/0x1b0 [ 31.841230][ C0] ? __cfi_up+0x10/0x10 [ 31.841250][ C0] ? __kasan_check_write+0x18/0x20 [ 31.841267][ C0] ? _RNvMs_NtNtCs1ewLyjEZ7Le_6kernel5alloc9allocatorNtB4_7Kmalloc14aligned_layout+0x9a/0x180 [ 31.841290][ C0] ? __cfi__RNvMs_NtNtCs1ewLyjEZ7Le_6kernel5alloc9allocatorNtB4_7Kmalloc14aligned_layout+0x10/0x10 [ 31.841308][ C0] ? __cfi_llist_add_batch+0x10/0x10 [ 31.841323][ C0] ? console_unlock+0x247/0x2c0 [ 31.841337][ C0] ? __cfi_console_unlock+0x10/0x10 [ 31.841367][ C0] ? krealloc_noprof+0xfa/0x130 [ 31.841386][ C0] ? _RNvNtCs1ewLyjEZ7Le_6kernel5alloc20dangling_from_layout+0x11/0x20 [ 31.841415][ C0] ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeINtNtB4_6option6OptionNtNtCskDQVOo9v79Q_16rust_binder_main6thread18ScatterGatherStateEEB16_+0x396/0x820 [ 31.841441][ C0] ? irq_work_queue+0xc2/0x160 [ 31.841455][ C0] ? __cfi__RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeINtNtB4_6option6OptionNtNtCskDQVOo9v79Q_16rust_binder_main6thread18ScatterGatherStateEEB16_+0x10/0x10 [ 31.841477][ C0] ? vprintk_emit+0x3e3/0x650 [ 31.841494][ C0] ? __cfi_vprintk_emit+0x10/0x10 [ 31.841516][ C0] ? _RINvMNtCskDQVOo9v79Q_16rust_binder_main10allocationNtB3_10Allocation5writeyEB5_+0x47c/0x760 [ 31.841547][ C0] ? __cfi__RINvMNtCskDQVOo9v79Q_16rust_binder_main10allocationNtB3_10Allocation5writeyEB5_+0x10/0x10 [ 31.841576][ C0] ? vprintk_default+0x2a/0x40 [ 31.841598][ C0] ? vprintk+0x93/0xa0 [ 31.841609][ C0] ? _printk+0xde/0x140 [ 31.841621][ C0] ? __cfi__RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreemINtNtNtB7_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EE9raw_entryB1i_+0x10/0x10 [ 31.841651][ C0] ? __cfi__printk+0x10/0x10 [ 31.841671][ C0] ? mutex_unlock+0x90/0x240 [ 31.841691][ C0] ? _copy_from_user+0x87/0xa0 [ 31.841711][ C0] ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main4nodeNtB5_7NodeRef5clone+0x3a1/0x410 [ 31.841737][ C0] ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeNtNtCskDQVOo9v79Q_16rust_binder_main10allocation10AllocationEBK_+0x1a/0xf0 [ 31.841756][ C0] ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread21copy_transaction_data+0x7a48/0x9130 [ 31.841773][ C0] ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread21copy_transaction_data+0x7a55/0x9130 [ 31.841798][ C0] ? __cfi__RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread21copy_transaction_data+0x10/0x10 [ 31.841831][ C0] ? is_bpf_text_address+0x17b/0x1a0 [ 31.841856][ C0] ? kernel_text_address+0xa9/0xe0 [ 31.841880][ C0] ? __kasan_check_write+0x18/0x20 [ 31.841896][ C0] ? _raw_spin_lock_irqsave+0xc1/0x160 [ 31.841922][ C0] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 31.841949][ C0] ? _raw_spin_unlock_irqrestore+0x4a/0x70 [ 31.841966][ C0] ? stack_depot_save_flags+0x399/0x800 [ 31.841986][ C0] ? kasan_save_track+0x4f/0x80 [ 31.842005][ C0] ? kasan_save_track+0x3e/0x80 [ 31.842024][ C0] ? kasan_save_alloc_info+0x40/0x50 [ 31.842048][ C0] ? __kasan_kmalloc+0x96/0xb0 [ 31.842060][ C0] ? __kmalloc_cache_noprof+0x23c/0x470 [ 31.842071][ C0] ? __set_page_owner+0x2af/0x600 [ 31.842084][ C0] ? post_alloc_hook+0x37d/0x3b0 [ 31.842101][ C0] ? prep_new_page+0x2d/0x190 [ 31.842135][ C0] ? get_page_from_freelist+0x496e/0x4a20 [ 31.842160][ C0] ? __alloc_pages_noprof+0x35f/0x7e0 [ 31.842183][ C0] ? alloc_slab_page+0x6b/0x1e0 [ 31.842198][ C0] ? allocate_slab+0x69/0x420 [ 31.842210][ C0] ? ___slab_alloc+0x5a2/0x8d0 [ 31.842221][ C0] ? __kmalloc_node_track_caller_noprof+0x2e6/0x4f0 [ 31.842233][ C0] ? krealloc_noprof+0x8d/0x130 [ 31.842244][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process23insert_or_update_handle+0x57f/0x32e0 [ 31.842273][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process10update_ref+0x7c0/0x2660 [ 31.842300][ C0] ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread5write+0x1efa/0xad70 [ 31.842324][ C0] ? _RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x1192/0x5c20 [ 31.842353][ C0] ? __se_sys_ioctl+0x132/0x1b0 [ 31.842365][ C0] ? __x64_sys_ioctl+0x7f/0xa0 [ 31.842377][ C0] ? x64_sys_call+0x1878/0x2ee0 [ 31.842387][ C0] ? do_syscall_64+0x57/0xf0 [ 31.842399][ C0] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 31.842422][ C0] ? __kasan_check_write+0x18/0x20 [ 31.842440][ C0] ? _raw_spin_lock_irqsave+0xc1/0x160 [ 31.842466][ C0] ? __cfi__raw_spin_lock_irqsave+0x10/0x10 [ 31.842488][ C0] ? __kmalloc_cache_noprof+0x23c/0x470 [ 31.842499][ C0] ? __set_page_owner+0x2af/0x600 [ 31.842513][ C0] ? __kasan_check_write+0x18/0x20 [ 31.842523][ C0] ? __set_page_owner+0x3fe/0x600 [ 31.842541][ C0] ? __cfi___set_page_owner+0x10/0x10 [ 31.842563][ C0] ? kasan_unpoison+0x4a/0x70 [ 31.842581][ C0] ? post_alloc_hook+0x37d/0x3b0 [ 31.842604][ C0] ? __cfi_post_alloc_hook+0x10/0x10 [ 31.842627][ C0] ? gfp_to_alloc_flags_cma+0x1c0/0x1c0 [ 31.842643][ C0] ? _raw_spin_trylock+0xb5/0x140 [ 31.842658][ C0] ? __cfi__raw_spin_trylock+0x10/0x10 [ 31.842673][ C0] ? __kasan_check_write+0x18/0x20 [ 31.842684][ C0] ? prep_new_page+0x42/0x190 [ 31.842706][ C0] ? get_page_from_freelist+0x496e/0x4a20 [ 31.842735][ C0] ? is_bpf_text_address+0x17b/0x1a0 [ 31.842761][ C0] ? kernel_text_address+0xa9/0xe0 [ 31.842782][ C0] ? __kernel_text_address+0x11/0x40 [ 31.842796][ C0] ? unwind_get_return_address+0x51/0x90 [ 31.842809][ C0] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 31.842822][ C0] ? arch_stack_walk+0x10a/0x170 [ 31.842834][ C0] ? stack_depot_save_flags+0x38/0x800 [ 31.842853][ C0] ? kasan_save_track+0x4f/0x80 [ 31.842872][ C0] ? kasan_save_track+0x3e/0x80 [ 31.842892][ C0] ? kasan_save_alloc_info+0x40/0x50 [ 31.842917][ C0] ? __kasan_kmalloc+0x96/0xb0 [ 31.842932][ C0] ? __kmalloc_node_track_caller_noprof+0x251/0x4f0 [ 31.842944][ C0] ? krealloc_noprof+0x8d/0x130 [ 31.842955][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process23insert_or_update_handle+0x57f/0x32e0 [ 31.842973][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process10update_ref+0x7c0/0x2660 [ 31.842993][ C0] ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread5write+0x1efa/0xad70 [ 31.843017][ C0] ? _RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x1192/0x5c20 [ 31.843046][ C0] ? __se_sys_ioctl+0x132/0x1b0 [ 31.843075][ C0] ? __x64_sys_ioctl+0x7f/0xa0 [ 31.843087][ C0] ? x64_sys_call+0x1878/0x2ee0 [ 31.843097][ C0] ? do_syscall_64+0x57/0xf0 [ 31.843107][ C0] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 31.843120][ C0] ? __kasan_check_write+0x18/0x20 [ 31.843130][ C0] ? _raw_spin_lock+0x92/0x120 [ 31.843152][ C0] ? __cfi__raw_spin_lock+0x10/0x10 [ 31.843178][ C0] ? __kasan_check_write+0x18/0x20 [ 31.843196][ C0] ? _RNvMs5_NtCs1ewLyjEZ7Le_6kernel6bitmapNtB5_6Bitmap7set_bit+0xc1/0x260 [ 31.843223][ C0] ? __cfi__RNvMs5_NtCs1ewLyjEZ7Le_6kernel6bitmapNtB5_6Bitmap7set_bit+0x10/0x10 [ 31.843240][ C0] ? _raw_spin_unlock+0x45/0x60 [ 31.843250][ C0] ? _RNvMs0_NtCskDQVOo9v79Q_16rust_binder_main4nodeNtB5_4Node16insert_node_info+0x3e0/0x500 [ 31.843268][ C0] ? __cfi__RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreemINtNtNtB7_4list3arc7ListArcNtNtCskDQVOo9v79Q_16rust_binder_main7process11NodeRefInfoKyd703a5263dcc8650_EE9raw_entryB1i_+0x10/0x10 [ 31.843299][ C0] ? __kasan_check_write+0x18/0x20 [ 31.843316][ C0] ? mutex_unlock+0x90/0x240 [ 31.843336][ C0] ? __cfi_mutex_unlock+0x10/0x10 [ 31.843364][ C0] ? __asan_set_shadow_00+0x12/0x20 [ 31.843383][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process23insert_or_update_handle+0x1930/0x32e0 [ 31.843403][ C0] ? __cfi__RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process23insert_or_update_handle+0x10/0x10 [ 31.843435][ C0] ? is_bpf_text_address+0x17b/0x1a0 [ 31.843461][ C0] ? kernel_text_address+0xa9/0xe0 [ 31.843669][ C0] ? __kasan_check_write+0x18/0x20 [ 31.843698][ C0] ? _RNvMNtCskDQVOo9v79Q_16rust_binder_main11transactionNtB2_11Transaction3new+0x3c7/0x2810 [ 31.843733][ C0] ? krealloc_noprof+0x8d/0x130 [ 31.843752][ C0] ? _RINvMNtNtCs1ewLyjEZ7Le_6kernel4list3arcINtB3_7ListArcINtCskDQVOo9v79Q_16rust_binder_main7DTRWrapNtBS_11DeliverCodeEE8pin_initNtNtB7_5error5ErrorINtNtNtB7_4init10___internal11InitClosureNCNvMs0_BS_BP_11arc_try_news0_0BP_B1Z_EEBS_+0x124/0x850 [ 31.843793][ C0] ? _RINvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB6_6Thread11transactionNvB2_17transaction_innerEB8_+0xa2f/0x1290 [ 31.843828][ C0] ? __cfi__RNvMNtCskDQVOo9v79Q_16rust_binder_main11transactionNtB2_11Transaction3new+0x10/0x10 [ 31.843862][ C0] ? kasan_save_alloc_info+0x40/0x50 [ 31.843882][ C0] ? __kasan_kmalloc+0x96/0xb0 [ 31.843895][ C0] ? __kmalloc_node_track_caller_noprof+0x251/0x4f0 [ 31.843907][ C0] ? _RINvMNtNtCs1ewLyjEZ7Le_6kernel4list3arcINtB3_7ListArcINtCskDQVOo9v79Q_16rust_binder_main7DTRWrapNtBS_11DeliverCodeEE8pin_initNtNtB7_5error5ErrorINtNtNtB7_4init10___internal11InitClosureNCNvMs0_BS_BP_11arc_try_news0_0BP_B1Z_EEBS_+0x124/0x850 [ 31.843944][ C0] ? __asan_memset+0x39/0x50 [ 31.843962][ C0] ? _RINvMNtNtCs1ewLyjEZ7Le_6kernel4list3arcINtB3_7ListArcINtCskDQVOo9v79Q_16rust_binder_main7DTRWrapNtBS_11DeliverCodeEE8pin_initNtNtB7_5error5ErrorINtNtNtB7_4init10___internal11InitClosureNCNvMs0_BS_BP_11arc_try_news0_0BP_B1Z_EEBS_+0x2ff/0x850 [ 31.844007][ C0] ? __cfi__raw_spin_lock+0x10/0x10 [ 31.844030][ C0] ? __cfi__RINvMNtNtCs1ewLyjEZ7Le_6kernel4list3arcINtB3_7ListArcINtCskDQVOo9v79Q_16rust_binder_main7DTRWrapNtBS_11DeliverCodeEE8pin_initNtNtB7_5error5ErrorINtNtNtB7_4init10___internal11InitClosureNCNvMs0_BS_BP_11arc_try_news0_0BP_B1Z_EEBS_+0x10/0x10 [ 31.844058][ C0] ? __kasan_check_write+0x18/0x20 [ 31.844068][ C0] ? avc_has_perm_noaudit+0x26c/0x360 [ 31.844081][ C0] ? __asan_memcpy+0x5a/0x80 [ 31.844099][ C0] ? avc_has_perm_noaudit+0x28a/0x360 [ 31.844120][ C0] ? avc_has_perm+0x155/0x240 [ 31.844139][ C0] ? _RNvNtCs1ewLyjEZ7Le_6kernel5error9to_result+0x85/0x1e0 [ 31.844168][ C0] ? __cfi__RNvNtCs1ewLyjEZ7Le_6kernel5error9to_result+0x10/0x10 [ 31.844187][ C0] ? __kasan_check_write+0x18/0x20 [ 31.844204][ C0] ? _raw_spin_lock+0x92/0x120 [ 31.844223][ C0] ? selinux_binder_transaction+0x165/0x1d0 [ 31.844241][ C0] ? _RINvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB6_6Thread11transactionNvB2_17transaction_innerEB8_+0xb22/0x1290 [ 31.844273][ C0] ? __cfi__RINvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB6_6Thread11transactionNvB2_17transaction_innerEB8_+0x10/0x10 [ 31.844306][ C0] ? __kasan_check_write+0x18/0x20 [ 31.844324][ C0] ? _raw_spin_lock+0x92/0x120 [ 31.844340][ C0] ? __cfi__raw_spin_lock+0x10/0x10 [ 31.844355][ C0] ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread5write+0x12aa/0xad70 [ 31.844413][ C0] ? __asan_memcpy+0x5a/0x80 [ 31.844431][ C0] ? _RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread5write+0x12fb/0xad70 [ 31.844469][ C0] ? __cfi__RNvMs2_NtCskDQVOo9v79Q_16rust_binder_main6threadNtB5_6Thread5write+0x10/0x10 [ 31.844525][ C0] ? is_bpf_text_address+0x17b/0x1a0 [ 31.844551][ C0] ? kernel_text_address+0xa9/0xe0 [ 31.844574][ C0] ? __kernel_text_address+0x11/0x40 [ 31.844599][ C0] ? unwind_get_return_address+0x51/0x90 [ 31.844622][ C0] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 31.844644][ C0] ? arch_stack_walk+0x10a/0x170 [ 31.844660][ C0] ? stack_depot_save_flags+0x38/0x800 [ 31.844673][ C0] ? kasan_save_track+0x4f/0x80 [ 31.844692][ C0] ? kasan_save_track+0x3e/0x80 [ 31.844711][ C0] ? kasan_save_alloc_info+0x40/0x50 [ 31.844737][ C0] ? __kasan_kmalloc+0x96/0xb0 [ 31.844757][ C0] ? __kmalloc_node_track_caller_noprof+0x251/0x4f0 [ 31.844778][ C0] ? krealloc_noprof+0x8d/0x130 [ 31.844795][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process8get_node+0x914/0x1bb0 [ 31.844814][ C0] ? _RNvMs6_NtCs1ewLyjEZ7Le_6kernel4listINtB5_4ListINtCskDQVOo9v79Q_16rust_binder_main7DTRWrapDNtBL_13DeliverToReadEL_EE12insert_innerBL_+0x43a/0x6c0 [ 31.844837][ C0] ? __se_sys_ioctl+0x132/0x1b0 [ 31.844858][ C0] ? __cfi__RNvMs6_NtCs1ewLyjEZ7Le_6kernel4listINtB5_4ListINtCskDQVOo9v79Q_16rust_binder_main7DTRWrapDNtBL_13DeliverToReadEL_EE12insert_innerBL_+0x10/0x10 [ 31.844892][ C0] ? __kasan_check_write+0x18/0x20 [ 31.844910][ C0] ? _RNvMs0_NtCskDQVOo9v79Q_16rust_binder_main4nodeNtB5_4Node28incr_refcount_allow_zero2one+0x502/0xee0 [ 31.844937][ C0] ? __kasan_check_write+0x18/0x20 [ 31.844947][ C0] ? _raw_spin_lock+0x92/0x120 [ 31.844962][ C0] ? __cfi__raw_spin_lock+0x10/0x10 [ 31.844978][ C0] ? _raw_spin_unlock+0x45/0x60 [ 31.844990][ C0] ? _RNvMs0_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_12ProcessInner24new_node_ref_with_thread+0x5ec/0x950 [ 31.845022][ C0] ? __cfi__RNvMs0_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_12ProcessInner24new_node_ref_with_thread+0x10/0x10 [ 31.845055][ C0] ? _RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreeyINtNtNtB7_4sync3arc3ArcINtCskDQVOo9v79Q_16rust_binder_main7DTRWrapNtNtB1d_4node4NodeEEE9raw_entryB1d_+0x403/0x500 [ 31.845088][ C0] ? __cfi__RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreeyINtNtNtB7_4sync3arc3ArcINtCskDQVOo9v79Q_16rust_binder_main7DTRWrapNtNtB1d_4node4NodeEEE9raw_entryB1d_+0x10/0x10 [ 31.845110][ C0] ? __kasan_check_write+0x18/0x20 [ 31.845121][ C0] ? _raw_spin_lock+0x92/0x120 [ 31.845136][ C0] ? __cfi__raw_spin_lock+0x10/0x10 [ 31.845162][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process8get_node+0x125c/0x1bb0 [ 31.845191][ C0] ? __asan_memcpy+0x5a/0x80 [ 31.845209][ C0] ? __asan_set_shadow_00+0x12/0x20 [ 31.845232][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process8get_node+0x12e9/0x1bb0 [ 31.845260][ C0] ? __cfi__RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process8get_node+0x10/0x10 [ 31.845278][ C0] ? _RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreelINtNtNtB7_4sync3arc3ArcNtNtCskDQVOo9v79Q_16rust_binder_main6thread6ThreadEE9raw_entryB1e_+0x416/0x580 [ 31.845305][ C0] ? __cfi__RNvMs1_NtCs1ewLyjEZ7Le_6kernel6rbtreeINtB5_6RBTreelINtNtNtB7_4sync3arc3ArcNtNtCskDQVOo9v79Q_16rust_binder_main6thread6ThreadEE9raw_entryB1e_+0x10/0x10 [ 31.845338][ C0] ? __kasan_check_write+0x18/0x20 [ 31.845356][ C0] ? _raw_spin_lock+0x92/0x120 [ 31.845386][ C0] ? __cfi__raw_spin_lock+0x10/0x10 [ 31.845402][ C0] ? _raw_spin_unlock+0x45/0x60 [ 31.845412][ C0] ? __asan_set_shadow_00+0x12/0x20 [ 31.845434][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process18get_current_thread+0x102f/0x1d80 [ 31.845461][ C0] ? __cfi__RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process18get_current_thread+0x10/0x10 [ 31.845489][ C0] ? __kasan_check_write+0x18/0x20 [ 31.845507][ C0] ? _RINvNtCsb7ts3l0a5c3_4core3ptr13drop_in_placeINtNtNtCs1ewLyjEZ7Le_6kernel4sync3arc3ArcINtCskDQVOo9v79Q_16rust_binder_main7DTRWrapNtNtB1o_4node4NodeEEEB1o_+0x155/0x4a0 [ 31.845544][ C0] ? avc_has_perm+0x155/0x240 [ 31.845559][ C0] ? _RNvNtCs1ewLyjEZ7Le_6kernel5error9to_result+0x85/0x1e0 [ 31.845576][ C0] ? __cfi__RNvNtCs1ewLyjEZ7Le_6kernel5error9to_result+0x10/0x10 [ 31.845603][ C0] ? __kasan_check_write+0x18/0x20 [ 31.845620][ C0] ? _raw_spin_lock+0x92/0x120 [ 31.845646][ C0] ? __cfi__raw_spin_lock+0x10/0x10 [ 31.845670][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process14set_as_manager+0xb14/0x1030 [ 31.845686][ C0] ? __asan_memcpy+0x5a/0x80 [ 31.845696][ C0] ? _RNvMs4_NtCskDQVOo9v79Q_16rust_binder_main7processNtB5_7Process14set_as_manager+0xd14/0x1030 [ 31.845711][ C0] ? __kernel_text_address+0x11/0x40 [ 31.845728][ C0] ? stack_trace_save+0xaa/0x100 [ 31.845749][ C0] ? __kasan_check_write+0x18/0x20 [ 31.845766][ C0] ? _raw_spin_lock+0x92/0x120 [ 31.845790][ C0] ? _RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x113c/0x5c20 [ 31.845820][ C0] ? __asan_memcpy+0x5a/0x80 [ 31.845837][ C0] ? _RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x1192/0x5c20 [ 31.845860][ C0] ? _raw_spin_trylock+0xb5/0x140 [ 31.845876][ C0] ? _raw_spin_unlock+0x45/0x60 [ 31.845887][ C0] ? call_rcu_nocb+0x6d7/0xc80 [ 31.845911][ C0] ? __cfi__RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x10/0x10 [ 31.845942][ C0] ? swake_up_one_online_ipi+0x30/0x30 [ 31.845969][ C0] ? __cfi_mt_free_rcu+0x10/0x10 [ 31.845990][ C0] ? is_bpf_text_address+0x17b/0x1a0 [ 31.846006][ C0] ? kernel_text_address+0xa9/0xe0 [ 31.846020][ C0] ? __kernel_text_address+0x11/0x40 [ 31.846043][ C0] ? unwind_get_return_address+0x51/0x90 [ 31.846070][ C0] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 31.846092][ C0] ? arch_stack_walk+0x10a/0x170 [ 31.846112][ C0] ? stack_trace_save+0xaa/0x100 [ 31.846132][ C0] ? stack_depot_save_flags+0x38/0x800 [ 31.846145][ C0] ? kasan_save_track+0x4f/0x80 [ 31.846156][ C0] ? kasan_save_track+0x3e/0x80 [ 31.846167][ C0] ? kasan_save_alloc_info+0x40/0x50 [ 31.846183][ C0] ? __kasan_kmalloc+0x96/0xb0 [ 31.846201][ C0] ? __kmalloc_node_track_caller_noprof+0x251/0x4f0 [ 31.846220][ C0] ? krealloc_noprof+0x8d/0x130 [ 31.846240][ C0] ? kvrealloc_noprof+0x59/0x120 [ 31.846258][ C0] ? _RNvCskDQVOo9v79Q_16rust_binder_main16rust_binder_mmap+0x78b/0x11f0 [ 31.846287][ C0] ? mmap_region+0x1579/0x1d60 [ 31.846297][ C0] ? do_mmap+0xb85/0x13c0 [ 31.846307][ C0] ? vm_mmap_pgoff+0x36e/0x4b0 [ 31.846319][ C0] ? cgroup_rstat_updated+0x141/0x810 [ 31.846332][ C0] ? __cfi_cgroup_rstat_updated+0x10/0x10 [ 31.846347][ C0] ? __kernel_text_address+0x11/0x40 [ 31.846378][ C0] ? unwind_get_return_address+0x51/0x90 [ 31.846401][ C0] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 31.846423][ C0] ? __cgroup_account_cputime+0xa5/0xd0 [ 31.846441][ C0] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 31.846456][ C0] ? update_curr+0x50c/0x9e0 [ 31.846468][ C0] ? update_load_avg+0x506/0x1990 [ 31.846482][ C0] ? __calc_delta+0x280/0x280 [ 31.846492][ C0] ? __kasan_record_aux_stack+0xb2/0xd0 [ 31.846519][ C0] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 31.846546][ C0] ? update_load_avg+0x506/0x1990 [ 31.846581][ C0] ? __kasan_check_read+0x15/0x20 [ 31.846593][ C0] ? update_cfs_group+0x127/0x250 [ 31.846605][ C0] ? __cfi___update_load_avg_cfs_rq+0x10/0x10 [ 31.846625][ C0] ? xfd_validate_state+0x68/0x140 [ 31.846640][ C0] ? save_fpregs_to_fpstate+0x196/0x220 [ 31.846660][ C0] ? __kasan_check_write+0x18/0x20 [ 31.846679][ C0] ? __switch_to+0xc4f/0x1300 [ 31.846697][ C0] ? __cfi___switch_to+0x10/0x10 [ 31.846723][ C0] ? psi_task_switch+0x59e/0xa10 [ 31.846742][ C0] ? _raw_spin_unlock+0x45/0x60 [ 31.846751][ C0] ? finish_task_switch+0x139/0x760 [ 31.846765][ C0] ? __switch_to_asm+0x3d/0x70 [ 31.846777][ C0] ? __schedule+0x13a1/0x1fa0 [ 31.846795][ C0] ? avc_has_extended_perms+0x80b/0xe70 [ 31.846814][ C0] ? __asan_memcpy+0x5a/0x80 [ 31.846830][ C0] ? avc_has_extended_perms+0x969/0xe70 [ 31.846851][ C0] ? __asan_set_shadow_00+0x12/0x20 [ 31.846876][ C0] ? do_vfs_ioctl+0x182d/0x2010 [ 31.846898][ C0] ? __ia32_compat_sys_ioctl+0x920/0x920 [ 31.846913][ C0] ? schedule+0xc5/0x240 [ 31.846924][ C0] ? futex_unqueue+0x136/0x160 [ 31.846942][ C0] ? ioctl_has_perm+0x39a/0x500 [ 31.846958][ C0] ? __kasan_check_read+0x15/0x20 [ 31.846975][ C0] ? has_cap_mac_admin+0xd0/0xd0 [ 31.846993][ C0] ? futex_wait+0x2ac/0x7b0 [ 31.847011][ C0] ? __cfi_futex_wait+0x10/0x10 [ 31.847029][ C0] ? selinux_file_ioctl+0x732/0x1480 [ 31.847047][ C0] ? __cfi_userfaultfd_unmap_complete+0x10/0x10 [ 31.847059][ C0] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 31.847075][ C0] ? do_futex+0x32a/0x510 [ 31.847089][ C0] ? __cfi_do_futex+0x10/0x10 [ 31.847112][ C0] ? vm_mmap_pgoff+0x153/0x4b0 [ 31.847131][ C0] ? __fget_files+0x2c5/0x340 [ 31.847152][ C0] ? bpf_lsm_file_ioctl+0xd/0x20 [ 31.847176][ C0] ? security_file_ioctl+0x3e/0x110 [ 31.847194][ C0] ? __cfi__RNvCskDQVOo9v79Q_16rust_binder_main17rust_binder_ioctl+0x10/0x10 [ 31.847212][ C0] ? __se_sys_ioctl+0x132/0x1b0 [ 31.847225][ C0] ? __x64_sys_ioctl+0x7f/0xa0 [ 31.847237][ C0] ? x64_sys_call+0x1878/0x2ee0 [ 31.847253][ C0] ? do_syscall_64+0x57/0xf0 [ 31.847269][ C0] ? clear_bhb_loop+0x50/0xa0 [ 31.847289][ C0] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 31.847309][ C0] [ 31.847316][ C0] Modules linked in: [ 31.847331][ C0] ---[ end trace 0000000000000000 ]--- [ 31.847340][ C0] RIP: 0010:get_page_from_freelist+0x1f/0x4a20 [ 31.847359][ C0] Code: 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 81 ec a0 02 00 00 49 89 cf <89> bc 24 a0 00 00 00 65 48 8b 04 25 28 00 00 00 48 89 84 24 80 02 [ 31.847379][ C0] RSP: 0018:ffffc9000c79fec0 EFLAGS: 00010286 [ 31.847389][ C0] RAX: 0000000000000100 RBX: 0000000000000002 RCX: ffffc9000c7a0230 [ 31.847403][ C0] RDX: 0000000000000101 RSI: 0000000000000002 RDI: 0000000000192000 [ 31.847415][ C0] RBP: ffffc9000c7a0190 R08: ffffffff876acb23 R09: 1ffffffff0ed5964 [ 31.847429][ C0] R10: dffffc0000000000 R11: fffffbfff0ed5965 R12: 0000000000000680 [ 31.847442][ C0] R13: dffffc0000000000 R14: 1ffff920018f4038 R15: ffffc9000c7a0230 [ 31.847464][ C0] FS: 00007fd33ed706c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 31.847482][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 31.847493][ C0] CR2: ffffc9000c79feb8 CR3: 00000001360f0000 CR4: 00000000003526b0 [ 31.847513][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 31.847701][ C0] Kernel Offset: disabled