last executing test programs: 3.993807859s ago: executing program 0 (id=1211): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x102000, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f0000000080), 0xc26, &(0x7f0000000100)=ANY=[@ANYRESOCT=0x0, @ANYRESHEX=r0, @ANYRES16, @ANYRESOCT=0x0, @ANYRES16, @ANYRESDEC, @ANYRESHEX, @ANYRESDEC=r2]) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$IPVS_CMD_ZERO(r3, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x44, r4, 0x200, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x28, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x3c}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x11, 0x10}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1000}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x4040000) 3.854006351s ago: executing program 0 (id=1215): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x280, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/custom0\x00', 0x802, 0x0) (async) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x8000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000240)={0x4, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x50, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70"}) (async) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0x50, 0x0, &(0x7f0000000300)="9a29cd1fb4ccd347afc934b1ef3922299c16637f5766dd4f2e5497f28b98b220ceaa8df22e1f4e2e83f31d76ecb812966cb2cc5590b2dbd9496a895f52df578a2b2897f00914e3bfa2b9ea55c39cd5b7"}) (async) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) ioctl$RTC_RD_TIME(r3, 0x80247009, &(0x7f0000000180)) (async) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_SET_LBT_MODE(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)={0x14, 0x0, 0x4}, 0x14}}, 0x0) (async, rerun: 64) syz_genetlink_get_family_id$nfc(&(0x7f0000000cc0), r4) (rerun: 64) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000380), r4) sendmsg$NLBL_MGMT_C_LISTALL(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r5, 0x819, 0x70bd26, 0x25dfdbff}, 0x14}}, 0x840) (async, rerun: 32) ioctl$ASHMEM_SET_PROT_MASK(r0, 0x40087705, 0x0) (async, rerun: 32) mmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x2, 0x80010, r0, 0xd0eb4000) 3.853653311s ago: executing program 0 (id=1216): mkdir(0x0, 0x48) (async) ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000000)={{}, {}, 0x0, 0x6}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async, rerun: 64) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) (rerun: 64) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000140)="0f01c30fc7390f01cbb9080b00000f320fc72d1454d4980fc7682bc4c2999aaddd8bceb38fe8eca2a80100000037c4e14ddee2660f38810b", 0x38}], 0xaaaaaaaaaaaac02, 0x43, 0x0, 0x0) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) (async) r4 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) accept4(r4, 0x0, 0x0, 0x80000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) (async) r5 = socket$can_bcm(0x1d, 0x2, 0x2) (async, rerun: 64) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 64) r7 = socket$inet6_udp(0xa, 0x2, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x13, r7, 0x0) remap_file_pages(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x8, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000800)={'bridge0\x00', 0x0}) connect$can_bcm(r5, &(0x7f0000000040)={0x1d, r8}, 0x10) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r11, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000008f"]) (async, rerun: 64) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) (async, rerun: 64) r12 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r12, 0x0, 0x0, 0x4040094, 0x0, 0x0) (async) r13 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETS(r13, 0x40045431, &(0x7f0000000200)={0x0, 0x4000003, 0x0, 0x0, 0x0, "7f12ddc1517600000000000000000000000002"}) (async) ioctl$TIOCGPTPEER(r13, 0x5441, 0x786d) read(r13, &(0x7f0000000100)=""/147, 0x93) 3.725821923s ago: executing program 0 (id=1221): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) r1 = syz_usb_connect$hid(0x0, 0x6c, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000040b827ed0100000000000109022400010000000009040000010300000009210000200122050009058103"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) inotify_init() syz_clone3(&(0x7f0000001280)={0x222022180, 0x0, 0x0, 0x0, {0x1d}, 0x0, 0xa, 0x0, 0x0, 0x0, {r2}}, 0x77) 2.942742565s ago: executing program 1 (id=1237): r0 = fsmount(0xffffffffffffffff, 0x1, 0xf) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000800)=[@clear_death], 0x0, 0x0, 0x0}) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x400, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x8000) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) creat(&(0x7f0000000180)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r5 = dup(r4) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}}) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r6, 0x10001, 0x0) 2.922075775s ago: executing program 1 (id=1238): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r0) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) mount$binderfs(0x0, 0x0, 0x0, 0x4044, &(0x7f0000000140)=ANY=[@ANYRES8, @ANYRES16=r0, @ANYRESDEC]) r1 = openat$kvm(0x0, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(r3) ioctl$KVM_SET_DEVICE_ATTR_vcpu(r3, 0xaece, 0x0) r4 = syz_usb_connect$hid(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000040ef17476000000000000109022400010000000009040000010300020009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io(r4, &(0x7f0000000040)={0x2c, &(0x7f0000000080)={0x20, 0x23, 0x1f, {0x1f, 0xa, "a7ea3163fd3bc518194b120c1e73d54cfc4ad2841ef4f6a3fd7c59ccb7"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000000)=@ccm_128={{0x304}, "1ae2977c660233b4", "c528944f13d264d586bf65436479c184", "0baf923c", "076dba2bc92026e4"}, 0x28) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="340000001900150000000000000000000a000000000200"], 0x34}], 0x1, 0x0, 0x0, 0x4010}, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000002c0)={0xf, 0x0, [{0x4b564d02, 0x0, 0x7f}]}) r6 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000300)=[@cpuid={0x2, 0x18, {0x7, 0x5}}, @cpuid={0x2, 0x18, {0x1, 0xfff}}, @cpuid={0x2, 0x18, {0x9, 0x3}}, @code={0x1, 0x68, {"8fea50128d00000000110000002e420f0e66420fc7b585000000c4c211cf4c552a3e660f38045980f30f01aaae7a0000b9800000c00f3235001000000f300f01d10f01c5c744240080000000c744240200200000ff2c24"}}, @cpuid={0x2, 0x18, {0x4, 0xfffffffa}}, @code={0x1, 0x6b, {"440f20816742f4b9800000c00f3235000800000f3066b807000f00d80f20d835200000000f22d8c4c1c573df00c4c3fd0859f485440f20c0350c000000440f22c0c744240029000000c744240203000000ff2c24c42178111498"}}, @uexit={0x0, 0x18, 0x43}, @cpuid={0x2, 0x18, {0xac8, 0x7}}, @code={0x1, 0x56, {"450f082e0f01df26f30f31670fc7a872d7247e66420f06f40f22a648b81f700000000000000f23c80f21f835080040000f23f8b9800000c00f3235002000000f30450f2081"}}, @cpuid={0x2, 0x18, {0x7, 0x9}}], 0x1d1}) ioctl$KVM_GET_REG_LIST(r6, 0xc008aeb0, &(0x7f0000000180)={0x3, [0x904, 0x2, 0xa]}) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[]) 1.558389906s ago: executing program 2 (id=1244): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000300)=&(0x7f0000000240)) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) io_setup(0x7, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[]) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) close_range(r2, r0, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x45809000) r3 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ASHMEM_SET_NAME(r3, 0x41007701, 0x0) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r3, 0x0) read(r1, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0, 0xeeee0000}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) 1.352297679s ago: executing program 2 (id=1246): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000201000/0x1000)=nil, 0x1000, 0x1000002, 0x13, r1, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r3, 0x4008ae48, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) 1.31116111s ago: executing program 2 (id=1247): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_GET_API_VERSION(r0, 0xae03, 0x42) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r1) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) close_range(r2, 0xffffffffffffffff, 0x2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000000b2000040"]) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) fcntl$setstatus(r7, 0x4, 0x4a000) setsockopt$inet6_IPV6_DSTOPTS(r3, 0x29, 0x3b, &(0x7f0000000000)=ANY=[@ANYBLOB="730100b9b76ea75c"], 0x8) r8 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f0000000a40)={'ip6tnl0\x00', 0x0}) sendmsg$IEEE802154_LLSEC_SETPARAMS(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES64=r4, @ANYBLOB="fc8a19f737e374a6000022000000"], 0x14}}, 0x4000000) 1.246341921s ago: executing program 2 (id=1248): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000040)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f00000000c0)={r1, 0x3, r0, 0x0, 0x80000}) mmap(&(0x7f0000fec000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) (async) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000040)) (async) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f00000000c0)={r1, 0x3, r0, 0x0, 0x80000}) (async) mmap(&(0x7f0000fec000/0x4000)=nil, 0x4000, 0x0, 0x13, r0, 0x0) (async) mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r0, 0x0) (async) 1.133590353s ago: executing program 2 (id=1249): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000200)={0x14, r1, 0x40d, 0x70bd2a, 0x0, {0x22}}, 0x14}}, 0x4000000) (fail_nth: 5) 1.123120243s ago: executing program 2 (id=1250): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async, rerun: 64) r2 = socket$inet_udp(0x2, 0x2, 0x0) (rerun: 64) sendto$inet(r2, 0x0, 0x1c, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) (async, rerun: 64) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (rerun: 64) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="3b00000000000000850200000000"]) (async, rerun: 32) r4 = socket$inet(0x2, 0x2, 0x0) (rerun: 32) setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) setsockopt$inet_mreqsrc(r4, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) (async) ioctl$EXT4_IOC_SETFSUUID(r4, 0x4008662c, &(0x7f0000000000)={0x0, 0x0, "974a5d046d334abd0478d8a4c049be77"}) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100}) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) (async) dup3(r7, r6, 0x0) (async) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000480)={0x8, 0x0, &(0x7f0000000200)=[@acquire], 0x0, 0x0, 0x0}) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) (async) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) sendto$inet(r5, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) accept4(r8, &(0x7f00000005c0)=@vsock, &(0x7f0000000240)=0x80, 0x800) sendmmsg$inet(r5, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="acc870bde54caaeacb0000108cef4fa7bf44702b284b2e80cb32d33a86853c8c28797cd14c72c87f849f6ccbf3198d11a0b1ef000000000200000088e0e022b04dbd", 0x42}, {&(0x7f0000000840)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc48755381c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b933aa9169f5f7b51dd5319b8016623d1863", 0x8c}], 0x2}}], 0x2, 0xc0) (async) sendto$inet(r5, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) (async) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r9 = openat$random(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) poll(&(0x7f0000000000)=[{r9, 0x1000}], 0x1, 0x8) (async) r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r10, 0x10001, 0x0) 1.022083514s ago: executing program 1 (id=1251): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffa) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0) write$cgroup_subtree(r1, &(0x7f0000000340)={[{0x2b, 'perf_event'}, {0x2d, 'devices'}, {0x2b, 'net_cls'}, {0x2b, 'hugetlb'}, {0x2b, 'io'}]}, 0x2b) r2 = socket$nl_audit(0x10, 0x3, 0x9) readv(r2, &(0x7f0000000bc0)=[{&(0x7f0000000440)=""/31, 0x1f}, {&(0x7f00000007c0)=""/121, 0x79}], 0x2) sendmsg$AUDIT_SET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x3c, 0x3e9, 0x100, 0x70bd26, 0x25dfdbff, {0x8, 0x1, 0x1, 0x0, 0xfff, 0xfffffff9, 0xaa, 0x1, 0x0, 0x1, 0x6}}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x80) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000007c0)='\x00\x00\x03\x06\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x1) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180)) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc) ioctl$UFFDIO_UNREGISTER(r3, 0xc020aa08, &(0x7f00000001c0)={&(0x7f00000b0000/0x2000)=nil, 0x2000}) ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000034c0)='\x00\x00\x03\x86\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642\x9c\x1a\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x94\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcbzA\x8e\xf6\x89\xc2\'\xdfn\x054Y\xd4\x91s\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\xe0\\\x98\xe1%\x1c\xf4\xd0\xf5\xd5\x80\xc4\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x18\xc8\x1b\x1e\xbe\xd8>\a\x00\x00\x00\xf7\xafd%\xf1\xdbjE\x01\xd1sD5hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xa5a\xfb\xa6\xff\xfbj\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\x05\x00\xeb\xd8\t\x00\x00\x00CvNx461\x04Nl\xedV\xcet\xaa~\x01j\x94\xec\x92\x86uY\xf6\xb5\t?,~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\f\x00\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaahB\t\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg\xc52\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\x99f.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xdeZ%\xa7\x01\x00\x00\x00\x01\x00\x00\x00\xbe\x97\x1fGe\x94\xa6\xa3\xab\xdb\r\x17\xff[\xb1\x00\xff\x7f\x00\x00\x1c\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\"Y\xad\xaf\x83\xaf\x93\xdaHg\xd4\x8c\xee\x0f\x00\x1c/\x9a\xf83\';:q\x92\x010g\\Ym\xd8,\x8d\b\xab\x9dq\xed\xcc\xba\x06\x1ej\xb7s33\xe5\xec\xe90M\xd1\xfd\xbb\xdf\xedc\xd1\xbbI\xa3\xbdqU\x02\x00\x00\x00\x00\x00\x00\x00\xee\xb0\v\x84\xc7\xac\xec\x92t\x00\x00\x00\x92\x1a\f\xbbM\x1cG\xb8\xa4\x05\x16\x06\xb6\x1a\tL\xe3C$K~\xf7\xa1mt\x87E\xc4\xb6h\xf3\x8cG=&\xbd\xa16\xaa\xa2N\xac\xad,Q\x97\xd6\x15\xc46v\x9a\x97\xa6\xb9`\x03\x8ff,V\xe8\xeb\x8bJn\x12o\x8b\xe7K)+\xe0\x06\x8a\\\xfc\nw\xf8\x01\xc4\xd8\x97\xd2\x9cF\xda6F\xfa6I\x03o\xa7\x15&*\xf6Wn\xb9\x00~Y\x17:\x03\xef\xf9\x03\xe7\x8d\x16\\/\xe3\xfcV\x9d\xf2g\xbcFy\xca\x8a\x10*\xbdU#\x7f\xbb\'6\x9e\x1d\n\x19\xff[\x92n\xe1\x81q\xfe\x10\xfd\xa6pL\xc6\x0fN\x06&W\xa2\x9dPWp\x94r\xe2\x92X\x12\x87\xe5\x94\xb3Aa\xb1/\\\xde\x9c\x93\xf5(,u|\f`\x8e\x86\xeb\xcb\x18J+\xdcv\x894\x01\xd0\xc6\x95\xea^j(x\xa5\x9b\xd6f1\x9d\x8fcr\x18\x1fs%\x91~\x19@\x84!u\xc8u\x8aL\x021k\xb4\b\xbb_#A{dw<\xb9\x9dR\xef\xaf]\xe0\xca\xd9x\xdab7@\xfd\x0e\x94\xf8\xab\x8c\xf4\xf1\xb0\xd6\xbe\x8e,\xa2Y\x000F\xe6q\xe3~\xc9\xaa!\xf3\'UF\xf0\xc0\x11\x11\xc2\xc9\x93#K\xea\xc2c\xb9\xe7)\xa4\xd9X\xb9\xaay\xd1\xc7\xab\xe9F\xc6r5\xdf\xa0\'y\r\xbf\xbd\x97\x9d\x8aS\xdb\rF\x9e99\xb4\xf7\x8c\xf9\xca;\xef\xc7]\xa4\xdd<6wc5\xc6\xdeS\xe5*H\xed\xc8^a-\xe8\xb1\xc2\xca\xfa\t\xd0\\\xfc\xe9\x90\x83oj\xa9E\xfb\x8du\x94\x97\x1cF\x0f\xe9d\xf2\xe4\fc\xdf\xde\x1c\xd8u\x9b\xd7\x9c\x11\xbe\b\xb5\x1e\x04\xa0\xdc\xe1Oxu\xd7O#\n%\x89+\xcc\x9f\x8e\xb2:\xa0\xb0\xdc\xd1\xba\xbd@\xf4\x00\x00\xfd\aqn:\x83\x84N\x83K\xbf^\xd8&\xde\x14\x17\x9d\xcd\xed\x19\xd0\xc1$*K\b$\x12\xf3\x88#\xb1#\xb6RX\x11\x86X\x94\x84\x8e\xdd\x82b\x19b\x9fQ\x91\x98\x9e\xf7\xf6`\x03\xb3\x8a\x86\xf9\x00\x00\x00\x00\x00P\x00'/1066) ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000040)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00') ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000007c0)='\x00\x00\x03\x06\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00') 815.360737ms ago: executing program 1 (id=1252): r0 = fsmount(0xffffffffffffffff, 0x1, 0xf) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000800)=[@clear_death], 0x0, 0x0, 0x0}) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x400, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x8000) creat(&(0x7f0000000180)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r4, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r5 = dup(r4) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[], [], 0x6b}}) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r6, 0x10001, 0x0) 800.562538ms ago: executing program 1 (id=1253): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000800), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000000)={0x2c, r1, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x880}, 0x4000004) (fail_nth: 6) 702.173229ms ago: executing program 0 (id=1254): ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/custom1\x00', 0x800, 0x0) prctl$PR_SET_MM_EXE_FILE(0x36, 0xd, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000d00)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x70, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000180)={@flat=@weak_binder={0x77622a85, 0xa}, @fda={0x66646185, 0x5, 0x1, 0x10}, @fda={0x66646185, 0x1, 0x2}}, &(0x7f00000000c0)={0x0, 0x18, 0x38}}, 0x40}], 0x0, 0x0, 0x0}) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/address_bits', 0x0, 0x8) r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0) write$tcp_congestion(r1, &(0x7f00000002c0)='dctcp\x00', 0x6) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000040)='cpuset.mem_hardwall\x00', 0x2, 0x0) read$FUSE(r3, &(0x7f00000020c0)={0x2020}, 0x3a3) r4 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) pwritev(r4, &(0x7f0000000100)=[{&(0x7f00000000c0)='A', 0x1}], 0x1, 0x1, 0xc40) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000100)=""/104) 701.854769ms ago: executing program 0 (id=1255): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f0000000300)=&(0x7f0000000240)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) io_setup(0x7, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[]) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4048004}, 0x800) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) close_range(r2, 0xffffffffffffffff, 0x2) r3 = openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x276a83, 0xc0, 0x1}, 0x18) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000340)=r3) mmap(&(0x7f00008ac000/0x4000)=nil, 0x4000, 0x3000003, 0x40010, r0, 0xbc2cf000) r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) ioctl$PTP_PIN_SETFUNC2(r4, 0x40603d10, &(0x7f00000001c0)={'\x00', 0x0, 0x3, 0x5}) r5 = openat$ashmem(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ASHMEM_SET_NAME(r5, 0x41007701, 0x0) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r5, 0x0) read(r2, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0, 0xffff1000}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)={0x800000000000177}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) 610.319671ms ago: executing program 3 (id=1256): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0) write(r1, 0x0, 0x0) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000200)={0x14, r2, 0x40d, 0x70bd2a, 0x0, {0x22}}, 0x14}}, 0x4000000) 589.952281ms ago: executing program 3 (id=1257): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x22052, r0, 0x2000) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, &(0x7f0000000000)='/dio#\x00') r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f0000000080)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="104faebd7000fedbdf254f00000020007a800800bafed50400000200a485530bba7c1228b44b8fd687591ea6178785e6771778c77aea11ac16f5d27000000000"], 0x34}, 0x1, 0x0, 0x0, 0xc4}, 0x48014) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) ioctl$BLKPG(r5, 0x1269, &(0x7f00000000c0)={0x1, 0x0, 0x98, &(0x7f0000000000)={0x8000, 0x8000, 0x13}}) sendto$inet6(r2, &(0x7f0000000280)="baddfa66b4f3ad4a2525819e2caccb3df4ed43394d26813dc225b23c5866e8561d332049c2307caa04de2801adf09a309ac0ae17168437e01fb67a21787a8e782cd4979c29a5297c9d41b0a4b08535b95ad0bd04ee6e9a7ecf6b40b2ed5227aa54a594d649f482b26af6479b15b83a0d43ceb1f96a89d122005c2f7fefe176117dc2f1d97c1e79967e2c806dcc39a39c057e59a62e7d7ede4e82a913933f2060d1113498840ff5377d9496b94c381568287c37a4753328f970fda4e659d36a39e5ac7b36e8d02e755de62d480083287e043d175908fffe", 0xd7, 0x844, &(0x7f0000000140)={0xa, 0x4e23, 0xb, @mcast2, 0xbfb}, 0x1c) fcntl$setsig(r4, 0x406, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r0, 0x45809000) 416.897263ms ago: executing program 3 (id=1258): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000200)={0x14, r1, 0x40d, 0x70bd2a, 0x0, {0x22}}, 0x14}}, 0x4000000) (fail_nth: 6) 416.565543ms ago: executing program 1 (id=1259): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x8) ioctl$KVM_SET_MSRS(r3, 0x5000aea5, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r4, &(0x7f0000000040), 0x0, 0x0, 0x1) (async, rerun: 64) ioctl$KVM_SET_BOOT_CPU_ID(r2, 0xae78, &(0x7f00000001c0)=0x401) (rerun: 64) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100}) (async, rerun: 64) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) (async, rerun: 64) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f00000003c0)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000001c0)={@flat=@binder={0x73622a85, 0x1, 0x2}, @flat=@handle={0x73682a85, 0xa, 0x3}, @fd={0x66642a85, 0x0, r0}}, &(0x7f0000000280)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, 0x0}) 35.977909ms ago: executing program 3 (id=1260): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000180)={r1, r0, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffa000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) 18.33105ms ago: executing program 3 (id=1261): fsmount(0xffffffffffffffff, 0x1, 0xf) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x10, 0x0, &(0x7f0000000800)=[@clear_death], 0x0, 0x0, 0x0}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) creat(&(0x7f0000000180)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [], 0x6b}}) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r4, 0x10001, 0x0) 0s ago: executing program 3 (id=1262): syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, 0x0, 0x190}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000000000/0xc00000)=nil, 0xc00000}, 0x3}) close(0x3) 0s ago: executing program 1 (id=1263): syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, 0x0, 0x190}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000000000/0xc00000)=nil, 0xc00000}, 0x3}) close(0x3) (fail_nth: 1) kernel console output (not intermixed with test programs): nsaction with bad transaction stack [ 67.000269][ T1976] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:395 [ 67.000417][ T1977] rust_binder: Error while translating object. [ 67.018528][ T10] usb 3-1: USB disconnect, device number 13 [ 67.035190][ T1973] fuse: Bad value for 'fd' [ 67.040173][ T1977] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 67.040204][ T1977] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:361 [ 67.075399][ T1985] rust_binder: Write failure EFAULT in pid:411 [ 67.349864][ T2004] fuse: Unknown parameter 'grou00000000000000000000' [ 67.376775][ T308] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 67.461181][ T2009] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 67.462469][ T2008] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 67.468973][ T2008] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:415 [ 67.536771][ T308] usb 2-1: Using ep0 maxpacket: 32 [ 67.552112][ T308] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 67.560253][ T308] usb 2-1: config 0 has no interface number 0 [ 67.567813][ T308] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 67.576892][ T308] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 67.584896][ T308] usb 2-1: Product: syz [ 67.589076][ T308] usb 2-1: Manufacturer: syz [ 67.593679][ T308] usb 2-1: SerialNumber: syz [ 67.599250][ T308] usb 2-1: config 0 descriptor?? [ 67.605028][ T308] smsc95xx v2.0.0 [ 67.945208][ T2041] raw_sendmsg: syz.0.578 forgot to set AF_INET. Fix it! [ 67.954413][ T36] audit: type=1400 audit(1750468461.354:448): avc: denied { read } for pid=2040 comm="syz.0.578" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 67.983033][ T2043] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 67.990336][ T2043] rust_binder: Error in use_page_slow: ESRCH [ 67.990353][ T2043] rust_binder: use_range failure ESRCH [ 67.996362][ T2043] rust_binder: Failed to allocate buffer. len:4296, is_oneway:false [ 68.001866][ T2043] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 68.009992][ T2043] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:369 [ 68.019380][ T308] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 68.039186][ T308] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 68.064883][ T1996] rust_binder: Read failure Err(EFAULT) in pid:455 [ 68.155366][ T2049] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:372 [ 68.170034][ T2051] random: crng reseeded on system resumption [ 68.309204][ T2057] fuse: Unknown parameter 'grou00000000000000000000' [ 68.650658][ T1991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 68.659341][ T1991] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 68.668173][ T36] audit: type=1400 audit(1750468462.074:449): avc: denied { lock } for pid=1990 comm="syz.1.568" path="/dev/uinput" dev="devtmpfs" ino=194 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 68.686794][ T31] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 68.846775][ T31] usb 1-1: Using ep0 maxpacket: 32 [ 68.853045][ T31] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 68.861118][ T31] usb 1-1: config 0 has no interface number 0 [ 68.867263][ T31] usb 1-1: config 0 interface 2 has no altsetting 0 [ 68.875224][ T31] usb 1-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f [ 68.884313][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.892351][ T31] usb 1-1: Product: syz [ 68.893033][ T1991] rust_binder: Write failure EINVAL in pid:415 [ 68.896543][ T31] usb 1-1: Manufacturer: syz [ 68.907421][ T31] usb 1-1: SerialNumber: syz [ 68.912804][ T31] usb 1-1: config 0 descriptor?? [ 68.928164][ T308] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 68.938982][ T308] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71 [ 68.948870][ T308] usb 2-1: USB disconnect, device number 16 [ 69.122753][ T36] audit: type=1400 audit(1750468462.524:450): avc: denied { mount } for pid=2071 comm="syz.2.588" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 69.145052][ T36] audit: type=1400 audit(1750468462.524:451): avc: denied { mounton } for pid=2071 comm="syz.2.588" path="/166/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 69.178652][ T36] audit: type=1400 audit(1750468462.584:452): avc: denied { unmount } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 69.183644][ T2070] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 69.200861][ T2070] netlink: 204 bytes leftover after parsing attributes in process `syz.0.587'. [ 69.212167][ T2076] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 69.217149][ T2070] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false [ 69.234281][ T2078] FAULT_INJECTION: forcing a failure. [ 69.234281][ T2078] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 69.255387][ T2078] CPU: 0 UID: 0 PID: 2078 Comm: syz.2.590 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 69.255418][ T2078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 69.255430][ T2078] Call Trace: [ 69.255438][ T2078] [ 69.255447][ T2078] __dump_stack+0x21/0x30 [ 69.255474][ T2078] dump_stack_lvl+0x10c/0x190 [ 69.255495][ T2078] ? __cfi_dump_stack_lvl+0x10/0x10 [ 69.255517][ T2078] ? vsnprintf+0x7b4/0x1aa0 [ 69.255539][ T2078] ? __asan_memcpy+0x5a/0x80 [ 69.255560][ T2078] dump_stack+0x19/0x20 [ 69.255582][ T2078] should_fail_ex+0x3d9/0x530 [ 69.255603][ T2078] should_fail+0xf/0x20 [ 69.255621][ T2078] should_fail_usercopy+0x1e/0x30 [ 69.255641][ T2078] _copy_from_user+0x22/0xb0 [ 69.255666][ T2078] kstrtouint_from_user+0xc2/0x150 [ 69.255685][ T2078] ? __cfi_kstrtouint_from_user+0x10/0x10 [ 69.255705][ T2078] ? selinux_file_permission+0x309/0xb30 [ 69.255735][ T2078] ? __cfi_selinux_file_permission+0x10/0x10 [ 69.255761][ T2078] proc_fail_nth_write+0x89/0x210 [ 69.255778][ T2078] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 69.255797][ T2078] ? bpf_lsm_file_permission+0xd/0x20 [ 69.255816][ T2078] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 69.255833][ T2078] vfs_write+0x3c0/0xe80 [ 69.255857][ T2078] ? __cfi_vfs_write+0x10/0x10 [ 69.255877][ T2078] ? __kasan_check_write+0x18/0x20 [ 69.255897][ T2078] ? mutex_lock+0x92/0x1c0 [ 69.255913][ T2078] ? __cfi_mutex_lock+0x10/0x10 [ 69.255930][ T2078] ? __fget_files+0x2c5/0x340 [ 69.255954][ T2078] ksys_write+0x141/0x250 [ 69.255977][ T2078] ? __cfi_ksys_write+0x10/0x10 [ 69.256001][ T2078] ? __kasan_check_read+0x15/0x20 [ 69.256021][ T2078] __x64_sys_write+0x7f/0x90 [ 69.256043][ T2078] x64_sys_call+0x271c/0x2ee0 [ 69.256067][ T2078] do_syscall_64+0x58/0xf0 [ 69.256089][ T2078] ? clear_bhb_loop+0x35/0x90 [ 69.256118][ T2078] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 69.256144][ T2078] RIP: 0033:0x7fbb7618d3df [ 69.256158][ T2078] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 69.256174][ T2078] RSP: 002b:00007fbb76ff0030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 69.256194][ T2078] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbb7618d3df [ 69.256207][ T2078] RDX: 0000000000000001 RSI: 00007fbb76ff00a0 RDI: 0000000000000004 [ 69.256219][ T2078] RBP: 00007fbb76ff0090 R08: 0000000000000000 R09: 0000000000000000 [ 69.256230][ T2078] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 69.256241][ T2078] R13: 0000000000000000 R14: 00007fbb763b5fa0 R15: 00007fff307160c8 [ 69.256259][ T2078] [ 69.559510][ T2082] fuse: Unknown parameter 'group_i00000000000000000000' [ 69.567652][ T31] usb 1-1: invalid MIDI in EP 0 [ 69.582692][ T31] snd-usb-audio 1-1:0.2: probe with driver snd-usb-audio failed with error -22 [ 69.607971][ T31] usb 1-1: USB disconnect, device number 24 [ 69.696048][ T2103] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 69.696525][ T2105] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:480 [ 69.697311][ T2103] rust_binder: Error while translating object. [ 69.703254][ T2105] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:480 [ 69.712614][ T2103] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 69.727811][ T2103] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:432 [ 69.769077][ T2112] overlay: Unknown parameter 'euid<00000000000000000000' [ 69.807178][ T333] udevd[333]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.2/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 69.859567][ T2115] fuse: Unknown parameter 'group_i00000000000000000000' [ 69.905974][ T2122] overlay: Unknown parameter 'smackfstransmute' [ 69.993716][ T2137] random: crng reseeded on system resumption [ 70.033777][ T2139] fuse: Unknown parameter 'group_i00000000000000000000' [ 70.057268][ T2141] overlayfs: workdir and upperdir must be separate subtrees [ 70.083836][ T2145] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:392 [ 70.145771][ T2154] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:394 [ 70.215622][ T2164] fuse: Unknown parameter 'group_id00000000000000000000' [ 70.274981][ T2171] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 70.275011][ T2171] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 70.338116][ T2180] rust_binder: Error while translating object. [ 70.344604][ T2180] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 70.350848][ T2180] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:404 [ 70.423728][ T2184] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:406 [ 70.424155][ T2182] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:406 [ 70.493417][ T2194] fuse: Unknown parameter 'group_id00000000000000000000' [ 70.536792][ T10] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 70.549313][ T2200] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 70.549338][ T2200] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:424 [ 70.572404][ T2202] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 70.593256][ T36] kauditd_printk_skb: 5 callbacks suppressed [ 70.593274][ T36] audit: type=1400 audit(1750468463.994:458): avc: denied { search } for pid=2201 comm="syz.0.634" name="/" dev="configfs" ino=2470 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 70.622678][ T36] audit: type=1400 audit(1750468463.994:459): avc: denied { read } for pid=2201 comm="syz.0.634" name="/" dev="configfs" ino=2470 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 70.646288][ T36] audit: type=1400 audit(1750468463.994:460): avc: denied { open } for pid=2201 comm="syz.0.634" path="/" dev="configfs" ino=2470 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 70.668370][ T36] audit: type=1400 audit(1750468463.994:461): avc: denied { execute } for pid=2201 comm="syz.0.634" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 70.706812][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 70.716557][ T10] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 70.727772][ T10] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 70.742180][ T10] usb 3-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 70.755461][ T10] usb 3-1: config 0 interface 0 has no altsetting 0 [ 70.764562][ T10] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 70.773819][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.800930][ T10] usb 3-1: config 0 descriptor?? [ 70.867686][ T2218] fuse: Unknown parameter 'group_id00000000000000000000' [ 70.956688][ T2227] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 70.957183][ T2227] rust_binder: Error in use_page_slow: ESRCH [ 70.963868][ T2227] rust_binder: use_range failure ESRCH [ 70.970098][ T2227] rust_binder: Failed to allocate buffer. len:4224, is_oneway:false [ 70.975670][ T2227] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 70.984067][ T2227] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:468 [ 71.006657][ T2177] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.029520][ T2177] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.037396][ T9] usb 1-1: new full-speed USB device number 25 using dummy_hcd [ 71.047065][ T2177] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.056224][ T2230] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 71.056711][ T2230] rust_binder: Error while translating object. [ 71.063236][ T2230] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 71.069548][ T2177] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.086683][ T2230] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:471 [ 71.088241][ T2177] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.117977][ T2177] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.135338][ T2177] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.145572][ T2177] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.155116][ T2177] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 71.172682][ T2177] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 71.191351][ T9] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 71.204263][ T9] usb 1-1: config 0 has an invalid descriptor of length 91, skipping remainder of the config [ 71.216951][ T9] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 16 [ 71.236273][ T10] usbhid 3-1:0.0: can't add hid device: -71 [ 71.253301][ T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 71.262725][ T9] usb 1-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 71.272097][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 71.280340][ T10] usb 3-1: USB disconnect, device number 14 [ 71.299688][ T9] usb 1-1: Product: syz [ 71.303985][ T9] usb 1-1: Manufacturer: syz [ 71.338642][ T9] usb 1-1: SerialNumber: syz [ 71.356868][ T9] usb 1-1: config 0 descriptor?? [ 71.524455][ T2236] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22 [ 71.547928][ T2245] fuse: Bad value for 'user_id' [ 71.548168][ T2236] rust_binder: Write failure EFAULT in pid:475 [ 71.552848][ T2245] fuse: Bad value for 'user_id' [ 71.737660][ T9] usb 1-1: USB disconnect, device number 25 [ 72.042605][ T2207] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:421 [ 72.116780][ T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 72.202024][ T2275] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 72.246791][ T31] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 72.264004][ T2277] fuse: Bad value for 'user_id' [ 72.266811][ T9] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 72.268995][ T2277] fuse: Bad value for 'user_id' [ 72.304455][ T2284] rust_binder: Error while translating object. [ 72.304485][ T2284] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 72.311426][ T2284] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:435 [ 72.335376][ T2291] binder: Unknown parameter 'fscontext?}' [ 72.381461][ T2298] binder: Bad value for 'max' [ 72.392086][ T2296] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 72.392208][ T2296] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 72.406768][ T31] usb 3-1: device descriptor read/64, error -71 [ 72.426812][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 72.433595][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 72.442103][ T9] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16 [ 72.454172][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 72.463456][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.471667][ T9] usb 2-1: Product: syz [ 72.475902][ T9] usb 2-1: Manufacturer: syz [ 72.480829][ T9] usb 2-1: SerialNumber: syz [ 72.539270][ T2316] fuse: Bad value for 'user_id' [ 72.544162][ T2316] fuse: Bad value for 'user_id' [ 72.561945][ T2318] rust_binder: Error while translating object. [ 72.561977][ T2318] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 72.568488][ T2318] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:463 [ 72.656823][ T31] usb 3-1: device descriptor read/64, error -71 [ 72.663102][ T2322] usb usb5: usbfs: process 2322 (syz.0.672) did not claim interface 0 before use [ 72.682314][ T36] audit: type=1400 audit(1750468466.094:462): avc: denied { load_policy } for pid=2321 comm="syz.0.672" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 72.682353][ T2322] SELinux: policydb magic number 0xd67cff8c does not match expected magic number 0xf97cff8c [ 72.712840][ T2322] SELinux: failed to load policy [ 72.714144][ T2264] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 72.726504][ T2264] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 72.737252][ T9] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 72.744170][ T9] cdc_ncm 2-1:1.0: bind() failure [ 72.751361][ T9] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 72.758318][ T9] cdc_ncm 2-1:1.1: bind() failure [ 72.765695][ T9] usb 2-1: USB disconnect, device number 17 [ 72.772882][ T2326] binder: Bad value for 'defcontext' [ 72.846926][ T2330] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 72.861093][ T2330] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 72.875262][ T2330] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 72.899543][ T10] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 72.916894][ T31] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 73.046776][ T31] usb 3-1: device descriptor read/64, error -71 [ 73.067824][ T10] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 73.076081][ T10] usb 4-1: config 0 has no interface number 0 [ 73.082357][ T10] usb 4-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 73.093411][ T10] usb 4-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 73.104525][ T10] usb 4-1: config 0 interface 230 has no altsetting 0 [ 73.112705][ T10] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 73.121810][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 73.129844][ T10] usb 4-1: Product: syz [ 73.134012][ T10] usb 4-1: Manufacturer: syz [ 73.138621][ T10] usb 4-1: SerialNumber: syz [ 73.143811][ T10] usb 4-1: config 0 descriptor?? [ 73.149390][ T2303] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 73.156535][ T2303] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 73.164404][ T10] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 73.172308][ T10] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 73.286824][ T31] usb 3-1: device descriptor read/64, error -71 [ 73.309204][ T2336] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 1 [ 73.316375][ T2336] rust_binder: Write failure EINVAL in pid:486 [ 73.328816][ T2338] netlink: 24 bytes leftover after parsing attributes in process `syz.1.677'. [ 73.343973][ T2338] netlink: 3 bytes leftover after parsing attributes in process `syz.1.677'. [ 73.397405][ T31] usb usb3-port1: attempt power cycle [ 73.406878][ T2343] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:493 [ 73.418855][ T2345] fuse: Bad value for 'fd' [ 73.688016][ T2328] overlayfs: statfs failed on './file0' [ 73.736844][ T31] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 73.757864][ T31] usb 3-1: device descriptor read/8, error -71 [ 73.780721][ T2354] SELinux: security_context_str_to_sid (sytem_uÝGй ‰:ÿß) failed with errno=-22 [ 73.887795][ T31] usb 3-1: device descriptor read/8, error -71 [ 73.916828][ T45] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 73.979968][ T2370] fuse: Bad value for 'fd' [ 73.994390][ T2373] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 74.061222][ T2379] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 74.067805][ T45] usb 2-1: Using ep0 maxpacket: 8 [ 74.081877][ T45] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 74.090971][ T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 74.099000][ T45] usb 2-1: Product: syz [ 74.103169][ T45] usb 2-1: Manufacturer: syz [ 74.107814][ T45] usb 2-1: SerialNumber: syz [ 74.113272][ T45] usb 2-1: config 0 descriptor?? [ 74.122173][ T2380] rust_binder: Failed to allocate buffer. len:152, is_oneway:false [ 74.136831][ T31] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 74.167807][ T31] usb 3-1: device descriptor read/8, error -71 [ 74.226632][ T2387] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 74.226662][ T2387] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:513 [ 74.298149][ T31] usb 3-1: device descriptor read/8, error -71 [ 74.416873][ T31] usb usb3-port1: unable to enumerate USB device [ 74.568905][ T2397] fuse: Bad value for 'fd' [ 74.583985][ T36] audit: type=1326 audit(1750468467.984:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2398 comm="syz.0.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902798e929 code=0x7ffc0000 [ 74.602357][ T2399] binder: Unknown parameter 'context' [ 74.607441][ T36] audit: type=1326 audit(1750468467.984:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2398 comm="syz.0.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902798e929 code=0x7ffc0000 [ 74.636301][ T36] audit: type=1326 audit(1750468468.004:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2398 comm="syz.0.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f902798e929 code=0x7ffc0000 [ 74.660007][ T36] audit: type=1326 audit(1750468468.014:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2398 comm="syz.0.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902798e929 code=0x7ffc0000 [ 74.684954][ T2405] binder: Unknown parameter 'processor : 0 [ 74.684954][ T2405] vendor_id : GenuineIntel [ 74.684954][ T2405] cpu family : 6 [ 74.684954][ T2405] model : 79 [ 74.684954][ T2405] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 74.684954][ T2405] stepping : 0 [ 74.684954][ T2405] microcode : 0xffffffff [ 74.684954][ T2405] cpu MHz : 2199.998 [ 74.684954][ T2405] cache size : 56320 KB [ 74.684954][ T2405] physical id : 0 [ 74.684954][ T2405] siblings : 2 [ 74.684954][ T2405] core id : 0 [ 74.684954][ T2405] cpu cores : 1 [ 74.684954][ T2405] apicid : 0 [ 74.684954][ T2405] initial apicid : 0 [ 74.684954][ T2405] fpu : yes [ 74.684954][ T2405] fpu_exception : yes [ 74.684954][ T2405] cpuid level : 13 [ 74.684954][ T2405] wp : yes [ 74.684954][ T2405] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 74.684954][ T2405] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi [ 74.685131][ T36] audit: type=1326 audit(1750468468.014:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2398 comm="syz.0.698" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902798e929 code=0x7ffc0000 [ 75.054052][ T2416] rust_binder: Write failure EINVAL in pid:533 [ 75.429256][ T10] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 75.445229][ T10] usb 4-1: USB disconnect, device number 10 [ 76.193758][ T2442] binder: Unknown parameter 'defcontext01777777777777777777777' [ 76.247666][ T45] usb 1-1: new full-speed USB device number 26 using dummy_hcd [ 76.407817][ T45] usb 1-1: config 0 has an invalid interface number: 230 but max is 0 [ 76.424045][ T45] usb 1-1: config 0 has no interface number 0 [ 76.446835][ T45] usb 1-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 76.466770][ T45] usb 1-1: config 0 interface 230 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 76.481379][ T36] kauditd_printk_skb: 16 callbacks suppressed [ 76.481398][ T36] audit: type=1400 audit(1750468469.874:484): avc: granted { setsecparam } for pid=2447 comm="syz.2.713" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 76.487029][ T45] usb 1-1: config 0 interface 230 has no altsetting 0 [ 76.498323][ T10] usb 2-1: USB disconnect, device number 18 [ 76.518998][ T45] usb 1-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 76.540180][ T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.560954][ T45] usb 1-1: Product: syz [ 76.581145][ T45] usb 1-1: Manufacturer: syz [ 76.585809][ T45] usb 1-1: SerialNumber: syz [ 76.596551][ T45] usb 1-1: config 0 descriptor?? [ 76.602269][ T2440] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 76.612618][ T45] ums-usbat 1-1:0.230: USB Mass Storage device detected [ 76.627949][ T45] ums-usbat 1-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 76.670803][ T2462] rust_binder: Write failure EINVAL in pid:511 [ 76.670914][ T2462] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0 [ 76.685405][ T2462] rust_binder: Write failure EINVAL in pid:511 [ 76.739982][ T2466] __vm_enough_memory: pid: 2466, comm: syz.1.718, bytes: 281474976845824 not enough memory for the allocation [ 77.306831][ T10] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 77.477984][ T10] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 77.491140][ T10] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 77.516012][ T2480] binder: Unknown parameter 'defcontmxtÿÿÿÿÿÿÿÿÿ' [ 77.516360][ T2482] binder: Unknown parameter 'defcontmxtÿÿÿÿÿÿÿÿÿ' [ 77.522630][ T10] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 77.541136][ T10] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 77.559514][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.569472][ T2474] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 77.639021][ T2486] rust_binder: Write failure EINVAL in pid:579 [ 77.950832][ T2503] rust_binder: Failed to allocate buffer. len:64, is_oneway:false [ 78.406442][ T10] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 78.422725][ T10] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input20 [ 78.476803][ T31] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 78.629396][ T31] usb 3-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice= d.5b [ 78.638678][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 78.647111][ T31] usb 3-1: Product: syz [ 78.651424][ T31] usb 3-1: Manufacturer: syz [ 78.656120][ T31] usb 3-1: SerialNumber: syz [ 78.869255][ T36] audit: type=1400 audit(1750468472.274:485): avc: denied { execute } for pid=2511 comm="syz.2.733" name="file1" dev="tmpfs" ino=1163 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 78.869328][ T2512] process 'syz.2.733' launched './file1' with NULL argv: empty string added [ 78.905402][ T2512] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:602 [ 78.906786][ T36] audit: type=1400 audit(1750468472.304:486): avc: denied { execute_no_trans } for pid=2511 comm="syz.2.733" path="/211/file1" dev="tmpfs" ino=1163 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 78.910223][ T31] usb 3-1: Found UVC 0.00 device syz (093a:2476) [ 78.948743][ T31] usb 3-1: No valid video chain found. [ 78.960746][ T31] usb 3-1: USB disconnect, device number 19 [ 79.046995][ T9] usb 2-1: USB disconnect, device number 19 [ 79.047056][ C1] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 79.148109][ T2524] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 79.207358][ T2525] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:534 [ 79.508013][ T2533] rust_binder: Error while translating object. [ 79.517388][ T2533] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 79.529720][ T2533] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:604 [ 79.540818][ T2535] rust_binder: Write failure EFAULT in pid:543 [ 79.575772][ T2543] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 79.688669][ T31] usb 1-1: USB disconnect, device number 26 [ 79.709236][ T36] audit: type=1400 audit(1750468473.114:487): avc: denied { map } for pid=2550 comm="syz.2.743" path="socket:[25418]" dev="sockfs" ino=25418 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 79.790084][ T2553] bridge0: entered promiscuous mode [ 79.818167][ T2553] »»»»»»: renamed from xfrm0 (while UP) [ 79.826769][ T308] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 79.884065][ T2556] tmpfs: Unknown parameter 'usrquota' [ 79.966859][ T2554] bridge0: left promiscuous mode [ 79.994986][ T308] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 80.009045][ T36] audit: type=1400 audit(1750468473.394:488): avc: denied { read } for pid=2559 comm="syz.0.746" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 80.028938][ T308] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 80.038889][ T308] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 80.048355][ T308] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 80.056471][ T308] usb 2-1: SerialNumber: syz [ 80.132379][ T2562] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 1 [ 80.139900][ T2562] rust_binder: Write failure EINVAL in pid:556 [ 80.316782][ T9] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 80.318639][ T2543] rust_binder: Error while translating object. [ 80.331087][ T2543] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 80.337741][ T2543] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:547 [ 80.350784][ T308] usb 2-1: 0:2 : does not exist [ 80.370448][ T308] usb 2-1: USB disconnect, device number 20 [ 80.477418][ T9] usb 3-1: not running at top speed; connect to a high speed hub [ 80.497118][ T9] usb 3-1: config 1 interface 0 has no altsetting 0 [ 80.507769][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=0267, bcdDevice= 0.40 [ 80.526752][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.534851][ T9] usb 3-1: Product: syz [ 80.539498][ T9] usb 3-1: Manufacturer: syz [ 80.544115][ T9] usb 3-1: SerialNumber: syz [ 80.557887][ T364] udevd[364]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 80.762516][ T9] usbhid 3-1:1.0: can't add hid device: -71 [ 80.776820][ T9] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 80.787371][ T9] usb 3-1: USB disconnect, device number 20 [ 80.802900][ T36] audit: type=1400 audit(1750468474.204:489): avc: denied { write } for pid=2572 comm="syz.0.750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 80.906987][ T2579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 80.916200][ T2579] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 80.958053][ T2585] rust_binder: Error while translating object. [ 80.958090][ T2585] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 80.970613][ T2587] fuse: Unknown parameter '' [ 80.979891][ T2585] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:575 [ 81.008098][ T36] audit: type=1400 audit(1750468474.414:490): avc: denied { setattr } for pid=2588 comm="syz.0.755" name="rnullb0" dev="devtmpfs" ino=31 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 81.052538][ T2587] SELinux: failed to load policy [ 81.057808][ T2587] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 81.058132][ T2587] rust_binder: Error while translating object. [ 81.064597][ T2587] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 81.073683][ T2587] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:552 [ 81.083380][ T2587] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 81.100741][ T2587] rust_binder: Read failure Err(EFAULT) in pid:552 [ 81.299112][ T2607] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 81.315524][ T2607] rust_binder: Error in use_page_slow: ESRCH [ 81.318107][ T36] audit: type=1400 audit(1750468474.714:491): avc: denied { setattr } for pid=2606 comm="syz.1.760" name="urandom" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 81.325238][ T2607] rust_binder: use_range failure ESRCH [ 81.333165][ T2609] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:592 [ 81.353957][ T2607] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 81.360428][ T2605] rust_binder: Failed to vm_insert_page(35184372744192): vma_addr:35184372744192 i:0 err:EBUSY [ 81.367117][ T2607] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 81.374398][ T2605] rust_binder: Error in use_page_slow: EBUSY [ 81.384548][ T2607] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:555 [ 81.394159][ T2605] rust_binder: use_range failure EBUSY [ 81.408992][ T2610] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 81.414492][ T2610] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:624 [ 81.424560][ T2605] rust_binder: Failed to allocate buffer. len:8, is_oneway:true [ 81.447321][ T36] audit: type=1400 audit(1750468474.854:492): avc: granted { setsecparam } for pid=2611 comm="syz.1.762" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security [ 81.455301][ T2605] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBUSY } [ 81.486988][ T2605] rust_binder: Failure BR_FAILED_REPLY { source: EBUSY } during reply - delivering BR_FAILED_REPLY to sender. [ 81.508915][ T2605] rust_binder: Transaction failed: BR_TRANSACTION_COMPLETE my_pid:592 [ 81.521445][ T2616] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 81.572996][ T2616] rust_binder: Error in use_page_slow: ESRCH [ 81.588978][ T2616] rust_binder: use_range failure ESRCH [ 81.595029][ T2616] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false [ 81.614911][ T2616] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 81.632383][ T2616] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:559 [ 89.217834][ T2623] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 89.220499][ T2624] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:595 [ 89.227539][ T2625] rust_binder: Write failure EINVAL in pid:629 [ 89.243419][ T2623] rust_binder: Write failure EINVAL in pid:561 [ 89.284533][ T2633] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 89.295662][ T2635] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 3 [ 89.302899][ T2633] rust_binder: Write failure EINVAL in pid:599 [ 89.303202][ T2635] rust_binder: Write failure EINVAL in pid:631 [ 89.315284][ T2635] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 89.317126][ T2629] rust_binder: Write failure EFAULT in pid:452 [ 89.353146][ T2646] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 89.368239][ T2646] rust_binder: Write failure EINVAL in pid:606 [ 89.513690][ T2657] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 89.520354][ T2657] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 89.527082][ T2657] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:637 [ 89.536652][ T2657] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 89.545985][ T2657] rust_binder: Read failure Err(EFAULT) in pid:637 [ 89.581990][ T2659] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 89.651193][ T2660] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 89.666513][ T2660] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:570 [ 89.736769][ T895] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 89.897858][ T895] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1023 [ 89.908014][ T895] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 89.921834][ T895] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 89.930958][ T895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 89.939040][ T895] usb 1-1: SerialNumber: syz [ 89.944705][ T2655] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 90.152567][ T2655] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 90.354931][ T2672] /dev/loop0: Can't lookup blockdev [ 90.385859][ T2676] binder: Unknown parameter 'seclajel' [ 90.404584][ T36] audit: type=1326 audit(1750468483.804:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2677 comm="syz.2.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 90.428776][ T36] audit: type=1326 audit(1750468483.804:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2677 comm="syz.2.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 90.429055][ T2678] binder: Unknown parameter 'context' [ 90.452303][ T36] audit: type=1326 audit(1750468483.834:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2677 comm="syz.2.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 90.480922][ T36] audit: type=1326 audit(1750468483.864:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2677 comm="syz.2.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 90.497323][ T2680] fuse: Unknown parameter 'user_i00000000000000000000' [ 90.504500][ T36] audit: type=1326 audit(1750468483.864:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2677 comm="syz.2.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 90.535258][ T36] audit: type=1326 audit(1750468483.864:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2677 comm="syz.2.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 90.559169][ T36] audit: type=1326 audit(1750468483.864:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2677 comm="syz.2.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 90.582557][ T36] audit: type=1326 audit(1750468483.864:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2677 comm="syz.2.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 90.608920][ T36] audit: type=1326 audit(1750468483.864:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2677 comm="syz.2.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 90.610403][ T2655] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 90.646827][ T36] audit: type=1326 audit(1750468483.864:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2677 comm="syz.2.786" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 90.704014][ T2655] rust_binder: Write failure EINVAL in pid:608 [ 90.798550][ T895] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71 [ 90.819935][ T2700] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 90.820618][ T2700] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:581 [ 90.831138][ T895] usb 1-1: USB disconnect, device number 27 [ 90.936780][ T309] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 91.087881][ T309] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1023 [ 91.097890][ T309] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 91.111657][ T309] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 91.120766][ T309] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 91.128786][ T309] usb 3-1: SerialNumber: syz [ 91.134401][ T2690] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 91.314519][ T2702] rust_binder: Error while translating object. [ 91.314558][ T2702] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 91.320794][ T2702] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:611 [ 91.350093][ T309] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 91.369280][ T309] usb 3-1: USB disconnect, device number 21 [ 91.433168][ T2708] binder: Bad value for 'max' [ 91.462497][ T2714] rust_binder: Failed to allocate buffer. len:144, is_oneway:false [ 91.905299][ T2747] overlayfs: failed to resolve './file0': -2 [ 91.922719][ T2747] overlay: Unknown parameter 'mounts' [ 91.928496][ T2747] overlay: Unknown parameter 'mounts' [ 91.934446][ T2747] overlay: Unknown parameter 'mounts' [ 91.942289][ T2747] overlay: Unknown parameter 'mounts' [ 91.952259][ T2747] overlay: Unknown parameter 'mounts' [ 91.957938][ T2747] overlay: Unknown parameter 'mounts' [ 91.963638][ T2747] overlay: Unknown parameter 'mounts' [ 91.969357][ T2747] overlay: Unknown parameter 'mounts' [ 91.982455][ T2747] overlay: Unknown parameter 'mounts' [ 91.987993][ T2747] overlay: Unknown parameter 'mounts' [ 91.993468][ T2747] overlay: Unknown parameter 'mounts' [ 91.999498][ T2747] overlay: Unknown parameter 'mounts' [ 92.004950][ T2747] overlay: Unknown parameter 'mounts' [ 92.010492][ T2747] overlay: Unknown parameter 'mounts' [ 92.015944][ T2747] overlay: Unknown parameter 'mounts' [ 92.021513][ T2747] overlay: Unknown parameter 'mounts' [ 92.027095][ T2747] overlay: Unknown parameter 'mounts' [ 92.028533][ T2754] rust_binder: 2751 RLIMIT_NICE not set [ 92.032632][ T2747] overlay: Unknown parameter 'mounts' [ 92.048466][ T2747] overlay: Unknown parameter 'mounts' [ 92.051568][ T2757] rust_binder: Failed to allocate buffer. len:144, is_oneway:true [ 92.054011][ T2747] overlay: Unknown parameter 'mounts' [ 92.067575][ T2747] overlay: Unknown parameter 'mounts' [ 92.073763][ T2747] overlay: Unknown parameter 'mounts' [ 92.080635][ T2747] overlay: Unknown parameter 'mounts' [ 92.093412][ T2747] overlay: Unknown parameter 'mounts' [ 92.093434][ T2759] binder: Bad value for 'stats' [ 92.103831][ T2747] overlay: Unknown parameter 'mounts' [ 92.109744][ T2747] overlay: Unknown parameter 'mounts' [ 92.115324][ T2747] overlay: Unknown parameter 'mounts' [ 92.119864][ T2761] binder: Unknown parameter '®LR‚Õ^â' [ 92.126377][ T2747] overlay: Unknown parameter 'mounts' [ 92.132439][ T2747] overlay: Unknown parameter 'mounts' [ 92.138551][ T2747] overlay: Unknown parameter 'mounts' [ 92.144246][ T2747] overlay: Unknown parameter 'mounts' [ 92.155142][ T2747] overlay: Unknown parameter 'mounts' [ 92.160980][ T2747] overlay: Unknown parameter 'mounts' [ 92.169795][ T2747] overlay: Unknown parameter 'mounts' [ 92.175421][ T2747] overlay: Unknown parameter 'mounts' [ 92.181893][ T2747] overlay: Unknown parameter 'mounts' [ 92.188596][ T2747] overlay: Unknown parameter 'mounts' [ 92.196769][ T2747] overlay: Unknown parameter 'mounts' [ 92.209949][ T2747] overlay: Unknown parameter 'mounts' [ 92.226917][ T2747] overlay: Unknown parameter 'mounts' [ 92.235177][ T2747] overlay: Unknown parameter 'mounts' [ 92.240740][ T2747] overlay: Unknown parameter 'mounts' [ 92.246282][ T2747] overlay: Unknown parameter 'mounts' [ 92.252110][ T2747] overlay: Unknown parameter 'mounts' [ 92.266862][ T2747] overlay: Unknown parameter 'mounts' [ 92.272493][ T2747] overlay: Unknown parameter 'mounts' [ 92.278085][ T2747] overlay: Unknown parameter 'mounts' [ 92.296870][ T2747] overlay: Unknown parameter 'mounts' [ 92.302486][ T2747] overlay: Unknown parameter 'mounts' [ 92.319249][ T2747] overlay: Unknown parameter 'mounts' [ 92.329415][ T2747] overlay: Unknown parameter 'mounts' [ 92.335118][ T2747] overlay: Unknown parameter 'mounts' [ 92.340957][ T2747] overlay: Unknown parameter 'mounts' [ 92.346919][ T2747] overlay: Unknown parameter 'mounts' [ 92.356959][ T2747] overlay: Unknown parameter 'mounts' [ 92.371168][ T2747] overlay: Unknown parameter 'mounts' [ 92.376848][ T2747] overlay: Unknown parameter 'mounts' [ 92.382880][ T2747] overlay: Unknown parameter 'mounts' [ 92.388748][ T2747] overlay: Unknown parameter 'mounts' [ 92.395904][ T2747] overlay: Unknown parameter 'mounts' [ 92.401751][ T2747] overlay: Unknown parameter 'mounts' [ 92.417049][ T2747] overlay: Unknown parameter 'mounts' [ 92.434091][ T2785] rust_binder: Got transaction with invalid offset. [ 92.434136][ T2785] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 92.436884][ T2747] overlay: Unknown parameter 'mounts' [ 92.441119][ T2785] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:460 [ 92.464660][ T2787] input: syz1 as /devices/virtual/input/input21 [ 92.480868][ T2747] overlay: Unknown parameter 'mounts' [ 92.502610][ T2787] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 92.552332][ T2794] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:672 [ 92.552414][ T2793] netlink: 20 bytes leftover after parsing attributes in process `syz.1.824'. [ 92.571343][ T2794] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 92.571492][ T2791] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 92.580264][ T2791] rust_binder: Read failure Err(EFAULT) in pid:672 [ 92.741667][ T2811] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 112, limit: 112, size: 104) [ 92.748403][ T2811] rust_binder: Error while translating object. [ 92.759007][ T2811] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 92.765190][ T2811] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:680 [ 92.792686][ T2813] rust_binder: Write failure EINVAL in pid:675 [ 92.849415][ T2825] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 92.856513][ T2826] rust_binder: Write failure EINVAL in pid:684 [ 92.910266][ T2833] rust_binder: Write failure EINVAL in pid:472 [ 93.116827][ T309] usb 2-1: new full-speed USB device number 21 using dummy_hcd [ 93.196832][ T2843] rust_binder: Write failure EINVAL in pid:474 [ 93.255351][ T2856] random: crng reseeded on system resumption [ 93.287839][ T309] usb 2-1: config 0 has an invalid interface number: 230 but max is 0 [ 93.289378][ T2856] binder: Bad value for 'stats' [ 93.296044][ T309] usb 2-1: config 0 has no interface number 0 [ 93.296077][ T309] usb 2-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 93.296104][ T309] usb 2-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 93.296130][ T309] usb 2-1: config 0 interface 230 has no altsetting 0 [ 93.297687][ T309] usb 2-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 93.345267][ T309] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.353581][ T309] usb 2-1: Product: syz [ 93.357826][ T309] usb 2-1: Manufacturer: syz [ 93.362489][ T309] usb 2-1: SerialNumber: syz [ 93.367955][ T309] usb 2-1: config 0 descriptor?? [ 93.373253][ T2823] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 93.382058][ T2823] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 93.389404][ T2858] rust_binder: Write failure EINVAL in pid:478 [ 93.390110][ T309] ums-usbat 2-1:0.230: USB Mass Storage device detected [ 93.390479][ T2858] x_tables: duplicate underflow at hook 1 [ 93.406987][ T308] usb 3-1: new low-speed USB device number 22 using dummy_hcd [ 93.417470][ T309] ums-usbat 2-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 93.427438][ T2858] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:478 [ 93.522334][ T2880] fuse: Unknown parameter 'user_id00000000000000000000' [ 93.576747][ T308] usb 3-1: Invalid ep0 maxpacket: 32 [ 93.639750][ T2892] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 93.639771][ T2892] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 93.646879][ T2891] rust_binder: Failed to allocate buffer. len:4294966472, is_oneway:false [ 93.657702][ T2892] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:706 [ 93.657871][ T2891] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 93.675649][ T2891] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:706 [ 93.726803][ T308] usb 3-1: new low-speed USB device number 23 using dummy_hcd [ 93.755641][ T2900] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 93.801108][ T2901] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:499 [ 93.808500][ T2902] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:710 [ 93.886783][ T308] usb 3-1: Invalid ep0 maxpacket: 32 [ 93.901372][ T308] usb usb3-port1: attempt power cycle [ 93.942279][ T2906] rust_binder: Error while translating object. [ 93.942302][ T2906] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 93.948573][ T2906] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:504 [ 93.971781][ T2909] input: syz1 as /devices/virtual/input/input22 [ 93.991659][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 93.998564][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 94.246780][ T308] usb 3-1: new low-speed USB device number 24 using dummy_hcd [ 94.267109][ T308] usb 3-1: Invalid ep0 maxpacket: 32 [ 94.396781][ T308] usb 3-1: new low-speed USB device number 25 using dummy_hcd [ 94.417123][ T308] usb 3-1: Invalid ep0 maxpacket: 32 [ 94.422527][ T308] usb usb3-port1: unable to enumerate USB device [ 94.598592][ T2915] fuse: Unknown parameter 'user_id00000000000000000000' [ 94.688339][ T2924] rust_binder: Write failure EINVAL in pid:722 [ 94.698728][ T2928] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:726 [ 94.779200][ T2931] random: crng reseeded on system resumption [ 95.076910][ T45] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 95.228200][ T45] usb 1-1: unable to get BOS descriptor or descriptor too short [ 95.236185][ T45] usb 1-1: not running at top speed; connect to a high speed hub [ 95.244793][ T45] usb 1-1: config 1 interface 0 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 95.254569][ T45] usb 1-1: config 1 interface 0 has no altsetting 0 [ 95.262660][ T45] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 95.271748][ T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.279755][ T45] usb 1-1: Product: syz [ 95.283923][ T45] usb 1-1: Manufacturer: syz [ 95.288557][ T45] usb 1-1: SerialNumber: syz [ 95.495366][ T2938] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 95.503959][ T2938] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 95.514174][ T45] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 28 if 0 alt 7 proto 1 vid 0x0525 pid 0xA4A8 [ 95.526287][ T45] usb 1-1: USB disconnect, device number 28 [ 95.533749][ T45] usblp0: removed [ 95.689025][ T309] ums-usbat 2-1:0.230: probe with driver ums-usbat failed with error -5 [ 95.900110][ T2823] rust_binder: Write failure EINVAL in pid:602 [ 96.022808][ T2944] fuse: Bad value for 'fd' [ 96.043817][ T2948] overlay: Unknown parameter 'mounts' [ 96.049269][ T740] Bluetooth: hci0: command 0x1003 tx timeout [ 96.055285][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 96.077634][ T36] kauditd_printk_skb: 20 callbacks suppressed [ 96.077652][ T36] audit: type=1400 audit(1750468489.484:524): avc: denied { getopt } for pid=2949 comm="syz.3.871" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 96.079655][ T2952] random: crng reseeded on system resumption [ 96.083841][ T36] audit: type=1400 audit(1750468489.484:523): avc: denied { getopt } for pid=2949 comm="syz.3.871" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 96.131515][ T36] audit: type=1400 audit(1750468489.484:525): avc: denied { nlmsg_read } for pid=2950 comm="syz.0.872" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 96.192276][ T2961] rust_binder: Write failure EINVAL in pid:751 [ 96.204548][ T36] audit: type=1400 audit(1750468489.604:526): avc: denied { accept } for pid=2955 comm="syz.3.873" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 96.205097][ T2962] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 96.233140][ T2962] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:514 [ 96.257480][ T2964] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 96.267277][ T2964] rust_binder: validate_parent_fixup: new_min_offset=56, sg_entry.length=0 [ 96.273741][ T2964] rust_binder: Error while translating object. [ 96.282461][ T2964] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 96.289660][ T2964] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:697 [ 96.311922][ T2966] fuse: Bad value for 'fd' [ 96.344161][ T2971] 9pnet_fd: Insufficient options for proto=fd [ 96.344161][ T2969] 9pnet_fd: Insufficient options for proto=fd [ 96.706781][ T45] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 96.743140][ T2982] rust_binder: Write failure EINVAL in pid:711 [ 96.807249][ T36] audit: type=1400 audit(1750468490.214:527): avc: denied { read } for pid=2983 comm="syz.2.884" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 96.857806][ T2985] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 96.857806][ T45] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 96.857830][ T45] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 96.884054][ T45] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 96.893113][ T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 96.901211][ T45] usb 1-1: SerialNumber: syz [ 96.915927][ T9] usb 2-1: USB disconnect, device number 21 [ 96.959063][ T2987] rust_binder: Write failure EINVAL in pid:609 [ 96.993559][ T2989] rust_binder: Error while translating object. [ 97.000107][ T2989] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 97.006327][ T2989] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:517 [ 97.016514][ T2989] rust_binder: Write failure EINVAL in pid:517 [ 97.040135][ T36] audit: type=1326 audit(1750468490.444:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2990 comm="syz.3.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ea98e929 code=0x7ffc0000 [ 97.069635][ T36] audit: type=1326 audit(1750468490.444:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2990 comm="syz.3.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ea98e929 code=0x7ffc0000 [ 97.093459][ T36] audit: type=1326 audit(1750468490.444:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2990 comm="syz.3.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f62ea98e929 code=0x7ffc0000 [ 97.116836][ T36] audit: type=1326 audit(1750468490.444:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2990 comm="syz.3.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ea98e929 code=0x7ffc0000 [ 97.140880][ T36] audit: type=1326 audit(1750468490.444:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2990 comm="syz.3.887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f62ea98e929 code=0x7ffc0000 [ 97.165072][ T45] usb 1-1: 0:2 : does not exist [ 97.177915][ T2995] binder: Bad value for 'stats' [ 97.183763][ T45] usb 1-1: USB disconnect, device number 29 [ 97.242330][ T3001] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 97.261436][ T3001] rust_binder: Error in use_page_slow: ESRCH [ 97.261458][ T3001] rust_binder: use_range failure ESRCH [ 97.269044][ T3001] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false [ 97.274601][ T3001] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 97.282620][ T3001] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:523 [ 97.329467][ T3005] rust_binder: Error while translating object. [ 97.338778][ T3005] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 97.345120][ T3005] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:618 [ 97.454515][ T3013] binder: Bad value for 'max' [ 97.650215][ T3022] rust_binder: Write failure EINVAL in pid:716 [ 97.722386][ T3031] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:764 [ 97.831631][ T3051] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 97.844534][ T3051] rust_binder: Error in use_page_slow: ESRCH [ 97.855671][ T3051] rust_binder: use_range failure ESRCH [ 97.861798][ T3051] rust_binder: Failed to allocate buffer. len:4192, is_oneway:false [ 97.867350][ T3051] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 97.875384][ T3051] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:726 [ 97.887245][ T3051] rust_binder: Error while translating object. [ 97.896589][ T3051] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 97.903168][ T3051] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:726 [ 97.903675][ T3053] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 98.051401][ T3067] rust_binder: Write failure EINVAL in pid:728 [ 98.081198][ T3065] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 98.087609][ T3065] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:771 [ 98.234828][ T3071] rust_binder: Error while translating object. [ 98.256835][ T3071] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 98.265888][ T3071] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:774 [ 98.310694][ T3076] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 98.447170][ T3085] SELinux: policydb version -845211227 does not match my version range 15-33 [ 98.486793][ T3085] SELinux: failed to load policy [ 98.726785][ T9] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 98.886745][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 98.898130][ T9] usb 3-1: config 1 interface 0 altsetting 19 endpoint 0x81 has an invalid bInterval 107, changing to 10 [ 98.916831][ T9] usb 3-1: config 1 interface 0 altsetting 19 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 98.929972][ T9] usb 3-1: config 1 interface 0 has no altsetting 0 [ 98.938229][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 98.947440][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.955471][ T9] usb 3-1: Product: syz [ 98.959738][ T9] usb 3-1: Manufacturer: syz [ 98.964372][ T9] usb 3-1: SerialNumber: syz [ 98.977592][ T3085] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 99.031215][ T3088] fuse: Unknown parameter '0x0000000000000003' [ 99.094693][ T3092] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:782 [ 99.097974][ T3095] rust_binder: Write failure EINVAL in pid:641 [ 99.195407][ T3085] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:739 [ 99.202059][ T3085] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 99.226771][ T3085] rust_binder: Read failure Err(EFAULT) in pid:739 [ 99.279415][ T9] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 99.318492][ T3108] SELinux: security_context_str_to_sid (sytem_uÝGй) failed with errno=-22 [ 99.342218][ T9] usb 3-1: USB disconnect, device number 26 [ 99.454808][ T3118] kvm: user requested TSC rate below hardware speed [ 99.488256][ T3123] netlink: 300 bytes leftover after parsing attributes in process `syz.0.934'. [ 99.577664][ T3127] usb usb8: usbfs: process 3127 (syz.0.934) did not claim interface 0 before use [ 100.056768][ T309] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 100.226793][ T309] usb 3-1: Using ep0 maxpacket: 32 [ 100.239367][ T309] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.257011][ T309] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.267233][ T309] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 100.276490][ T309] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.287678][ T309] usb 3-1: config 0 descriptor?? [ 100.294081][ T309] hub 3-1:0.0: USB hub found [ 100.579353][ T3143] rust_binder: Error while translating object. [ 100.579401][ T3143] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 100.585619][ T3143] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:664 [ 100.694429][ T309] hub 3-1:0.0: config failed, can't read hub descriptor (err -22) [ 100.754267][ T3145] rust_binder: Write failure EINVAL in pid:666 [ 100.956644][ T3131] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 101.027472][ T309] usbhid 3-1:0.0: can't add hid device: -71 [ 101.040087][ T309] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 101.067119][ T309] usb 3-1: USB disconnect, device number 27 [ 101.076888][ T45] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 101.136745][ T895] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 101.228071][ T45] usb 1-1: config 0 has no interfaces? [ 101.234391][ T45] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 101.244393][ T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 101.253320][ T45] usb 1-1: SerialNumber: syz [ 101.262262][ T45] usb 1-1: config 0 descriptor?? [ 101.286752][ T895] usb 2-1: Using ep0 maxpacket: 16 [ 101.293032][ T895] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.304321][ T895] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 101.317397][ T895] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 101.326465][ T895] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.337109][ T895] usb 2-1: config 0 descriptor?? [ 101.910453][ T895] microsoft 0003:045E:07DA.0009: collection stack underflow [ 101.918079][ T895] microsoft 0003:045E:07DA.0009: item 0 1 0 12 parsing failed [ 101.927368][ T895] microsoft 0003:045E:07DA.0009: parse failed [ 101.933716][ T895] microsoft 0003:045E:07DA.0009: probe with driver microsoft failed with error -22 [ 102.302345][ T895] usb 2-1: USB disconnect, device number 22 [ 102.797852][ T36] kauditd_printk_skb: 41 callbacks suppressed [ 102.797872][ T36] audit: type=1400 audit(1750468496.204:574): avc: denied { create } for pid=3171 comm="syz.2.951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 102.904718][ T3176] rust_binder: Write failure EINVAL in pid:675 [ 102.933819][ T36] audit: type=1326 audit(1750468496.334:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3180 comm="syz.1.954" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f84ae38e929 code=0x0 [ 102.979197][ T3183] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 102.979297][ T3183] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 103.029936][ T36] audit: type=1326 audit(1750468496.434:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3185 comm="syz.2.956" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb7618e929 code=0x0 [ 103.789738][ T3151] usb 1-1: USB disconnect, device number 30 [ 103.890657][ T3207] rust_binder: Failed to allocate buffer. len:160, is_oneway:false [ 103.936874][ T3209] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 103.955065][ T3213] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 103.956000][ T3213] rust_binder: Error in use_page_slow: ESRCH [ 103.963480][ T3213] rust_binder: use_range failure ESRCH [ 103.970558][ T3211] rust_binder: Write failure EINVAL in pid:818 [ 103.971004][ T3213] rust_binder: Failed to allocate buffer. len:4232, is_oneway:false [ 103.982573][ T3213] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 103.993348][ T3213] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:771 [ 104.098498][ T3226] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:820 [ 104.126914][ T36] audit: type=1400 audit(1750468497.524:577): avc: denied { mount } for pid=3222 comm="syz.0.966" name="/" dev="ramfs" ino=31964 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 104.220380][ T36] audit: type=1326 audit(1750468497.624:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3242 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 104.235168][ T3247] binder: Unknown parameter 'context' [ 104.244123][ T36] audit: type=1326 audit(1750468497.644:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3242 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 104.267028][ T3249] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 104.276987][ T3249] rust_binder: Read failure Err(EFAULT) in pid:707 [ 104.313029][ T36] audit: type=1326 audit(1750468497.654:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3242 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 104.343673][ T36] audit: type=1326 audit(1750468497.654:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3242 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 104.367936][ T36] audit: type=1326 audit(1750468497.654:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3242 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb7618e929 code=0x7ffc0000 [ 104.395424][ T3257] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:829 [ 104.396395][ T3257] rust_binder: Read failure Err(EFAULT) in pid:829 [ 104.453255][ T3264] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 104.462431][ T3264] rust_binder: Read failure Err(EFAULT) in pid:831 [ 104.507284][ T3269] binder: Bad value for 'stats' [ 104.583191][ T3272] block device autoloading is deprecated and will be removed. [ 104.592339][ T3272] syz.0.982: attempt to access beyond end of device [ 104.592339][ T3272] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 105.178539][ T36] audit: type=1400 audit(1750468498.584:583): avc: denied { create } for pid=3292 comm="syz.0.989" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 105.211489][ T3293] can: request_module (can-proto-0) failed. [ 105.650545][ T3301] binder: Unknown parameter 'seclabe_' [ 105.766750][ T45] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 105.929203][ T45] usb 2-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73 [ 105.938643][ T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.947475][ T45] usb 2-1: Product: syz [ 105.981478][ T45] usb 2-1: Manufacturer: syz [ 105.986269][ T45] usb 2-1: SerialNumber: syz [ 105.997739][ T45] usb 2-1: config 0 descriptor?? [ 106.281327][ T45] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 106.303926][ T45] asix 2-1:0.0: probe with driver asix failed with error -71 [ 106.321673][ T45] usb 2-1: USB disconnect, device number 23 [ 106.343187][ T3323] binder: Unknown parameter 'processor : 0 [ 106.343187][ T3323] vendor_id : GenuineIntel [ 106.343187][ T3323] cpu family : 6 [ 106.343187][ T3323] model : 79 [ 106.343187][ T3323] model name : Intel(R) Xeon(R) CPU @ 2.20GHz [ 106.343187][ T3323] stepping : 0 [ 106.343187][ T3323] microcode : 0xffffffff [ 106.343187][ T3323] cpu MHz : 2199.998 [ 106.343187][ T3323] cache size : 56320 KB [ 106.343187][ T3323] physical id : 0 [ 106.343187][ T3323] siblings : 2 [ 106.343187][ T3323] core id : 0 [ 106.343187][ T3323] cpu cores : 1 [ 106.343187][ T3323] apicid : 0 [ 106.343187][ T3323] initial apicid : 0 [ 106.343187][ T3323] fpu : yes [ 106.343187][ T3323] fpu_exception : yes [ 106.343187][ T3323] cpuid level : 13 [ 106.343187][ T3323] wp : yes [ 106.343187][ T3323] flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch pti ssbd ibrs ibpb stibp tpr_shadow flexpriority ept vpid ept_ad fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat vnmi md_clear arch_capabilities [ 106.343187][ T3323] vmx flags : vnmi preemption_timer invvpid ept_x_only ept_ad flexpriority tsc_offset vtpr mtf vapic ept vpid unrestricted_guest vapi [ 106.483776][ T3337] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 106.632719][ T3337] rust_binder: Write failure EINVAL in pid:730 [ 106.677072][ T3342] rust_binder: Error while translating object. [ 106.683322][ T3342] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 106.690098][ T3342] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:733 [ 106.973084][ T3365] rust_binder: Error while translating object. [ 107.007286][ T3365] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 107.044488][ T3365] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:893 [ 107.183603][ T3378] rust_binder: Got transaction with invalid offset. [ 107.199692][ T3378] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 107.206476][ T3378] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:751 [ 107.299154][ T3382] binder: Bad value for 'stats' [ 107.516767][ T3151] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 107.557295][ T3392] binder: Bad value for 'max' [ 107.677833][ T3151] usb 1-1: config 1 interface 0 altsetting 4 bulk endpoint 0x1 has invalid maxpacket 64 [ 107.696766][ T3151] usb 1-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 107.714382][ T3151] usb 1-1: config 1 interface 0 has no altsetting 0 [ 107.736734][ T3151] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 107.754182][ T3151] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.762414][ T3151] usb 1-1: Product: syz [ 107.766649][ T3151] usb 1-1: Manufacturer: á§ç¢ƒî“¯Åœä„¶ç’™æ„¶îµ™ê¢î»­ìª°ê£¬â¯”뉞ኴᜣ₠癑엃떿盽ï‘₎䑩麘伇⻼긑뒿ె鮚正塤傼銊兇ᣋ嵘譳䳭ïœä ä£¶áµ—帆낇蜒ꂓè‡äžœç‘°äŒ¤ï…¸â´£â³–귗ᖼ翗嗻ഭ륨Ꜵä”ä€ç…©í¯â³®é¡ë¶–併ᓄ凘볪嵴㰭 [ 107.799734][ T3151] usb 1-1: SerialNumber: syz [ 107.810587][ T3380] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 107.825016][ T3380] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 108.036246][ T3151] usb 1-1: USB disconnect, device number 31 [ 108.336803][ T45] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 108.506742][ T45] usb 2-1: Using ep0 maxpacket: 32 [ 108.513143][ T45] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 108.524792][ T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 108.536225][ T45] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 108.575005][ T45] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 108.584192][ T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.605453][ T45] usb 2-1: config 0 descriptor?? [ 108.610996][ T3402] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 108.629826][ T45] hub 2-1:0.0: USB hub found [ 108.728276][ T3413] overlay: Unknown parameter 'subj_type' [ 108.827881][ T45] hub 2-1:0.0: 2 ports detected [ 108.986769][ T9] usb 1-1: new full-speed USB device number 32 using dummy_hcd [ 109.157945][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 109.176752][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 109.188445][ T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 109.197708][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.205752][ T9] usb 1-1: Product: syz [ 109.216747][ T9] usb 1-1: Manufacturer: syz [ 109.231592][ T9] usb 1-1: SerialNumber: syz [ 109.442323][ T9] usb 1-1: 0:2 : does not exist [ 109.460206][ T9] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 109.491828][ T9] usb 1-1: USB disconnect, device number 32 [ 109.677678][ T2699] udevd[2699]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 109.849926][ T3417] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 109.849967][ T3417] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:540 [ 110.041167][ T3151] hub 2-1:0.0: hub_ext_port_status failed (err = -32) [ 110.106605][ T45] hid-generic 0003:0000:0000.000A: hidraw0: USB HID v0.00 Device [syz1] on syz1 [ 110.159308][ T3429] fido_id[3429]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 110.256062][ T3433] rust_binder: Write failure EFAULT in pid:915 [ 110.354473][ T3438] rust_binder: Error while translating object. [ 110.365455][ T3438] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 110.366880][ T45] usb 2-1: USB disconnect, device number 24 [ 110.372801][ T3438] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:777 [ 110.429629][ T3446] rust_binder: Write failure EFAULT in pid:919 [ 110.576098][ T3456] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 4200, limit: 4216, size: 89) [ 110.577063][ T3458] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 110.593806][ T36] audit: type=1400 audit(1750468503.994:584): avc: denied { listen } for pid=3453 comm="syz.0.1045" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 110.594915][ T3458] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:782 [ 110.604622][ T3456] rust_binder: Error while translating object. [ 110.641216][ T3456] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 110.647717][ T3456] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:922 [ 110.686392][ T3465] rust_binder: Write failure EINVAL in pid:926 [ 110.700626][ T36] audit: type=1400 audit(1750468504.104:585): avc: denied { setattr } for pid=3459 comm="syz.3.1047" name="" dev="pipefs" ino=34124 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 110.703092][ T3466] rust_binder: Write failure EINVAL in pid:562 [ 110.835467][ T3471] SELinux: security_context_str_to_sid (syste_uÝGй ‰:ÿß) failed with errno=-22 [ 111.418038][ T36] audit: type=1326 audit(1750468504.824:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3459 comm="syz.3.1047" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ea98e929 code=0x7fc00000 [ 111.596746][ T36] audit: type=1326 audit(1750468504.994:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3481 comm="syz.1.1056" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f84ae38e929 code=0x0 [ 111.622403][ T3485] rust_binder: Write failure EFAULT in pid:573 [ 111.681608][ T3493] rust_binder: Write failure EINVAL in pid:932 [ 111.731227][ T3499] fuse: Bad value for 'rootmode' [ 111.770806][ T3505] fuse: Bad value for 'fd' [ 111.890218][ T3518] FAULT_INJECTION: forcing a failure. [ 111.890218][ T3518] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 111.907474][ T3518] CPU: 1 UID: 0 PID: 3518 Comm: syz.1.1065 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 111.907515][ T3518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 111.907532][ T3518] Call Trace: [ 111.907540][ T3518] [ 111.907550][ T3518] __dump_stack+0x21/0x30 [ 111.907585][ T3518] dump_stack_lvl+0x10c/0x190 [ 111.907614][ T3518] ? __cfi_dump_stack_lvl+0x10/0x10 [ 111.907642][ T3518] ? __kasan_check_write+0x18/0x20 [ 111.907670][ T3518] ? _raw_spin_lock+0x8c/0x120 [ 111.907701][ T3518] dump_stack+0x19/0x20 [ 111.907727][ T3518] should_fail_ex+0x3d9/0x530 [ 111.907753][ T3518] should_fail_alloc_page+0xeb/0x110 [ 111.907791][ T3518] __alloc_pages_noprof+0x19d/0x6c0 [ 111.907814][ T3518] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 111.907837][ T3518] ? filemap_get_entry+0x3fb/0x460 [ 111.907860][ T3518] ? downgrade_write+0x440/0x440 [ 111.907885][ T3518] __folio_alloc_noprof+0x14/0x80 [ 111.907905][ T3518] __filemap_get_folio+0x461/0x7c0 [ 111.907928][ T3518] pagecache_get_page+0x31/0xf0 [ 111.907967][ T3518] fuse_dev_do_write+0x1e1a/0x3ba0 [ 111.908004][ T3518] ? kernel_text_address+0xa9/0xe0 [ 111.908027][ T3518] ? folio_mapped+0x120/0x120 [ 111.908058][ T3518] ? unwind_get_return_address+0x51/0x90 [ 111.908079][ T3518] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 111.908108][ T3518] ? arch_stack_walk+0x10b/0x170 [ 111.908141][ T3518] ? _parse_integer_limit+0x195/0x1e0 [ 111.908166][ T3518] ? kstrtoull+0x13b/0x1e0 [ 111.908189][ T3518] ? kstrtouint+0x78/0xf0 [ 111.908213][ T3518] ? kstrtouint_from_user+0xfb/0x150 [ 111.908237][ T3518] ? __x64_sys_openat+0x13a/0x170 [ 111.908258][ T3518] ? x64_sys_call+0xe69/0x2ee0 [ 111.908288][ T3518] ? selinux_file_permission+0x309/0xb30 [ 111.908324][ T3518] fuse_dev_write+0x144/0x1d0 [ 111.908352][ T3518] ? __cfi_fuse_dev_write+0x10/0x10 [ 111.908383][ T3518] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 111.908408][ T3518] vfs_write+0x694/0xe80 [ 111.908435][ T3518] ? __cfi_fuse_dev_write+0x10/0x10 [ 111.908464][ T3518] ? __cfi_vfs_write+0x10/0x10 [ 111.908495][ T3518] ksys_write+0x141/0x250 [ 111.908522][ T3518] ? __cfi_ksys_write+0x10/0x10 [ 111.908551][ T3518] ? __kasan_check_read+0x15/0x20 [ 111.908577][ T3518] __x64_sys_write+0x7f/0x90 [ 111.908604][ T3518] x64_sys_call+0x271c/0x2ee0 [ 111.908634][ T3518] do_syscall_64+0x58/0xf0 [ 111.908664][ T3518] ? clear_bhb_loop+0x35/0x90 [ 111.908699][ T3518] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 111.908734][ T3518] RIP: 0033:0x7f84ae38e929 [ 111.908755][ T3518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.908775][ T3518] RSP: 002b:00007f84af1e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 111.908802][ T3518] RAX: ffffffffffffffda RBX: 00007f84ae5b5fa0 RCX: 00007f84ae38e929 [ 111.908821][ T3518] RDX: 0000000000000031 RSI: 00002000000001c0 RDI: 0000000000000003 [ 111.908836][ T3518] RBP: 00007f84af1e6090 R08: 0000000000000000 R09: 0000000000000000 [ 111.908853][ T3518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 111.908867][ T3518] R13: 0000000000000000 R14: 00007f84ae5b5fa0 R15: 00007ffdea0b2408 [ 111.908887][ T3518] [ 112.286780][ T45] usb 1-1: new low-speed USB device number 33 using dummy_hcd [ 112.427764][ T36] audit: type=1400 audit(1750468505.834:588): avc: denied { read } for pid=3525 comm="syz.1.1068" path="socket:[34313]" dev="sockfs" ino=34313 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 112.456797][ T45] usb 1-1: Invalid ep0 maxpacket: 64 [ 112.565436][ T36] audit: type=1400 audit(1750468505.964:589): avc: denied { getopt } for pid=3528 comm="syz.3.1069" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 112.596761][ T45] usb 1-1: new low-speed USB device number 34 using dummy_hcd [ 112.606356][ T3531] rust_binder: Write failure EINVAL in pid:586 [ 112.732615][ T36] audit: type=1400 audit(1750468506.134:590): avc: denied { accept } for pid=3534 comm="syz.3.1072" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 112.807845][ T45] usb 1-1: Invalid ep0 maxpacket: 64 [ 112.824585][ T45] usb usb1-port1: attempt power cycle [ 112.998525][ T3546] kvm: apic: phys broadcast and lowest prio [ 113.166774][ T45] usb 1-1: new low-speed USB device number 35 using dummy_hcd [ 113.187152][ T45] usb 1-1: Invalid ep0 maxpacket: 64 [ 113.235350][ T3555] rust_binder: Write failure EINVAL in pid:610 [ 113.303344][ T3560] syz.1.1081 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 113.320240][ T45] usb 1-1: new low-speed USB device number 36 using dummy_hcd [ 113.347187][ T45] usb 1-1: Invalid ep0 maxpacket: 64 [ 113.353694][ T45] usb usb1-port1: unable to enumerate USB device [ 113.664925][ T3574] rust_binder: Error while translating object. [ 113.664963][ T3574] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 113.684360][ T3574] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:831 [ 113.749278][ T3582] rust_binder: Write failure EINVAL in pid:621 [ 113.951219][ T3151] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 113.976271][ T36] audit: type=1326 audit(1750468507.374:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3595 comm="syz.3.1094" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f62ea98e929 code=0x0 [ 114.106750][ T3151] usb 2-1: Using ep0 maxpacket: 16 [ 114.113224][ T3151] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.124495][ T3151] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 114.138011][ T3151] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 114.147276][ T3151] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.157722][ T3151] usb 2-1: config 0 descriptor?? [ 114.580857][ T3151] microsoft 0003:045E:07DA.000B: ignoring exceeding usage max [ 114.591563][ T3151] microsoft 0003:045E:07DA.000B: unknown global tag 0xc [ 114.598997][ T3151] microsoft 0003:045E:07DA.000B: item 0 0 1 12 parsing failed [ 114.606881][ T3151] microsoft 0003:045E:07DA.000B: parse failed [ 114.613196][ T3151] microsoft 0003:045E:07DA.000B: probe with driver microsoft failed with error -22 [ 114.806770][ T3601] xfrm0: mtu less than device minimum [ 114.817930][ T36] audit: type=1400 audit(1750468508.224:592): avc: denied { write } for pid=3600 comm="syz.3.1095" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 114.939717][ T3151] usb 2-1: USB disconnect, device number 25 [ 115.035772][ T36] audit: type=1400 audit(1750468508.434:593): avc: denied { create } for pid=3616 comm="syz.0.1103" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 115.318743][ T3620] rust_binder: Write failure EINVAL in pid:837 [ 115.576777][ T3151] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 115.576777][ T362] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 115.726951][ T3151] usb 3-1: Using ep0 maxpacket: 16 [ 115.733298][ T3151] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 115.744301][ T3151] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 115.757173][ T3151] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 115.766205][ T3151] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.766760][ T362] usb 2-1: Using ep0 maxpacket: 16 [ 115.776857][ T3151] usb 3-1: config 0 descriptor?? [ 115.784198][ T362] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 115.793568][ T362] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.802426][ T362] usb 2-1: config 0 descriptor?? [ 115.814045][ T362] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 115.836208][ T3641] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 115.895366][ T36] kauditd_printk_skb: 5 callbacks suppressed [ 115.895385][ T36] audit: type=1400 audit(1750468509.294:599): avc: denied { map } for pid=3646 comm="syz.3.1113" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 116.014409][ T362] usb 2-1: Detected FT232B [ 116.026783][ T362] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 116.037063][ T362] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 116.048659][ T362] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 116.068644][ T362] usb 2-1: USB disconnect, device number 26 [ 116.083205][ T362] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 116.099135][ T3664] __vm_enough_memory: pid: 3664, comm: syz.1.1119, bytes: 281474976845824 not enough memory for the allocation [ 116.112118][ T362] ftdi_sio 2-1:0.0: device disconnected [ 116.165928][ T3675] binder: Bad value for 'stats' [ 116.189884][ T3151] microsoft 0003:045E:07DA.000C: No inputs registered, leaving [ 116.207366][ T3151] microsoft 0003:045E:07DA.000C: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 116.219019][ T3151] microsoft 0003:045E:07DA.000C: no inputs found [ 116.225430][ T3151] microsoft 0003:045E:07DA.000C: could not initialize ff, continuing anyway [ 116.279982][ T36] audit: type=1326 audit(1750468509.684:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3689 comm="syz.3.1128" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f62ea98e929 code=0x0 [ 116.378954][ T36] audit: type=1400 audit(1750468509.784:601): avc: denied { append } for pid=3691 comm="syz.0.1129" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 116.455348][ C0] usb 3-1: input irq status -75 received [ 116.657313][ T362] usb 3-1: USB disconnect, device number 28 [ 116.976858][ T3703] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:970 [ 117.028849][ T3705] binder: Unknown parameter 'rw(' [ 117.060722][ T3707] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 117.060752][ T3707] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:974 [ 117.130415][ T3716] Unsupported ieee802154 address type: 0 [ 117.133117][ T36] audit: type=1400 audit(1750468510.534:602): avc: denied { bind } for pid=3715 comm="syz.3.1137" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 117.166383][ T3721] overlay: Unknown parameter 'dont_appraise' [ 117.202253][ T3725] overlayfs: missing 'lowerdir' [ 117.286942][ T3736] rust_binder: Failed copying remainder into alloc: EFAULT [ 117.286967][ T3736] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 117.304465][ T3736] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 117.326346][ T3736] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:864 [ 117.347143][ T13] Bluetooth: hci0: Frame reassembly failed (-84) [ 117.416629][ T3743] rust_binder: Write failure EINVAL in pid:983 [ 117.426849][ T3742] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 117.495995][ T36] audit: type=1326 audit(1750468510.894:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3748 comm="syz.1.1148" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f84ae38e929 code=0x0 [ 117.577978][ T3759] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 118.199097][ T36] audit: type=1326 audit(1750468511.604:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3737 comm="syz.0.1144" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f902798e929 code=0x7fc00000 [ 118.448373][ T3774] rust_binder: Error while translating object. [ 118.448421][ T3774] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 118.454918][ T3774] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:876 [ 118.484708][ T36] audit: type=1400 audit(1750468511.884:605): avc: denied { sqpoll } for pid=3773 comm="syz.1.1159" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 118.527900][ T3786] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:998 [ 118.528624][ T3786] 9pnet_virtio: no channels available for device syz [ 118.544679][ T36] audit: type=1400 audit(1750468511.934:606): avc: denied { link } for pid=3773 comm="syz.1.1159" name="#23" dev="tmpfs" ino=1615 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 118.572114][ T36] audit: type=1400 audit(1750468511.934:607): avc: denied { rename } for pid=3773 comm="syz.1.1159" name="#24" dev="tmpfs" ino=1615 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 118.577845][ T3791] rust_binder: Error while translating object. [ 118.594595][ T3791] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 118.600836][ T3791] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1000 [ 118.624056][ T3793] FAULT_INJECTION: forcing a failure. [ 118.624056][ T3793] name failslab, interval 1, probability 0, space 0, times 0 [ 118.650404][ T3793] CPU: 0 UID: 0 PID: 3793 Comm: syz.0.1166 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 118.650436][ T3793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 118.650450][ T3793] Call Trace: [ 118.650457][ T3793] [ 118.650465][ T3793] __dump_stack+0x21/0x30 [ 118.650493][ T3793] dump_stack_lvl+0x10c/0x190 [ 118.650517][ T3793] ? __cfi_dump_stack_lvl+0x10/0x10 [ 118.650539][ T3793] ? release_sock+0x171/0x1f0 [ 118.650566][ T3793] dump_stack+0x19/0x20 [ 118.650587][ T3793] should_fail_ex+0x3d9/0x530 [ 118.650611][ T3793] should_failslab+0xac/0x100 [ 118.650638][ T3793] kmem_cache_alloc_node_noprof+0x45/0x3b0 [ 118.650663][ T3793] ? __alloc_skb+0x10c/0x370 [ 118.650688][ T3793] __alloc_skb+0x10c/0x370 [ 118.650714][ T3793] netlink_alloc_large_skb+0xf7/0x1b0 [ 118.650741][ T3793] netlink_sendmsg+0x586/0xaf0 [ 118.650772][ T3793] ? __cfi_netlink_sendmsg+0x10/0x10 [ 118.650803][ T3793] ? bpf_lsm_socket_sendmsg+0xd/0x20 [ 118.650835][ T3793] ? security_socket_sendmsg+0x33/0xd0 [ 118.650859][ T3793] ? __cfi_netlink_sendmsg+0x10/0x10 [ 118.650888][ T3793] ____sys_sendmsg+0xa15/0xa70 [ 118.650920][ T3793] ? __sys_sendmsg_sock+0x50/0x50 [ 118.650952][ T3793] ? import_iovec+0x81/0xb0 [ 118.650979][ T3793] ___sys_sendmsg+0x220/0x2a0 [ 118.651010][ T3793] ? __sys_sendmsg+0x280/0x280 [ 118.651041][ T3793] ? proc_fail_nth_write+0x17e/0x210 [ 118.651061][ T3793] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 118.651087][ T3793] __x64_sys_sendmsg+0x1eb/0x2c0 [ 118.651106][ T3793] ? fput+0x1a5/0x240 [ 118.651136][ T3793] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 118.651154][ T3793] ? ksys_write+0x1ef/0x250 [ 118.651184][ T3793] ? __kasan_check_read+0x15/0x20 [ 118.651209][ T3793] x64_sys_call+0x2a4c/0x2ee0 [ 118.651235][ T3793] do_syscall_64+0x58/0xf0 [ 118.651255][ T3793] ? clear_bhb_loop+0x35/0x90 [ 118.651279][ T3793] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 118.651301][ T3793] RIP: 0033:0x7f902798e929 [ 118.651314][ T3793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.651327][ T3793] RSP: 002b:00007f9028880038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 118.651343][ T3793] RAX: ffffffffffffffda RBX: 00007f9027bb5fa0 RCX: 00007f902798e929 [ 118.651364][ T3793] RDX: 0000000004000004 RSI: 0000200000000a80 RDI: 0000000000000003 [ 118.651374][ T3793] RBP: 00007f9028880090 R08: 0000000000000000 R09: 0000000000000000 [ 118.651384][ T3793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.651393][ T3793] R13: 0000000000000000 R14: 00007f9027bb5fa0 R15: 00007fff392c5fe8 [ 118.651406][ T3793] [ 118.776779][ T45] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 118.988145][ T3802] rust_binder: Error while translating object. [ 118.988174][ T3802] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 118.994380][ T3802] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:882 [ 119.059867][ T36] audit: type=1400 audit(1750468512.464:608): avc: denied { execute } for pid=3805 comm="syz.0.1172" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 119.098934][ T45] usb 3-1: Using ep0 maxpacket: 16 [ 119.105265][ T45] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 119.113929][ T3814] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 119.115696][ T45] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 119.115965][ T3815] rust_binder: Failed to allocate buffer. len:16, is_oneway:false [ 119.123043][ T45] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 119.172894][ T45] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 119.187954][ T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.197153][ T45] usb 3-1: Product: syz [ 119.201342][ T45] usb 3-1: Manufacturer: syz [ 119.211152][ T45] usb 3-1: SerialNumber: syz [ 119.222955][ T45] cdc_ncm 3-1:1.0: skipping garbage [ 119.228861][ T45] cdc_ncm 3-1:1.0: invalid descriptor buffer length [ 119.235507][ T45] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 119.242369][ T45] cdc_ncm 3-1:1.0: bind() failure [ 119.311030][ T3834] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 119.338812][ T3838] SELinux: security_context_str_to_sid (syste_uÝGй ‰:ÿß) failed with errno=-22 [ 119.406824][ T53] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 119.413207][ T740] Bluetooth: hci0: command 0x1003 tx timeout [ 119.596116][ T45] usb 3-1: USB disconnect, device number 29 [ 119.631339][ T3859] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 119.664782][ T3859] rust_binder: Failed copying remainder into alloc: EFAULT [ 119.664811][ T3859] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 119.672311][ T3859] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 119.683240][ T3859] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:904 [ 119.690068][ T3864] SELinux: security_context_str_to_sid (syte) failed with errno=-22 [ 119.736459][ T3870] 9pnet_fd: Insufficient options for proto=fd [ 119.778855][ T3878] SELinux: security_context_str_to_sid (ÿÿÿÿÿ00000000000000000004) failed with errno=-22 [ 119.778855][ T3877] SELinux: security_context_str_to_sid (ÿÿÿÿÿ00000000000000000004) failed with errno=-22 [ 119.798821][ T3880] rust_binder: Failed to allocate buffer. len:65376, is_oneway:true [ 119.798844][ T3880] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 119.808034][ T3880] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:911 [ 119.919929][ T3887] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=3887 comm=syz.0.1202 [ 119.947020][ T3891] rust_binder: Error while translating object. [ 119.947081][ T3891] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 119.953430][ T3891] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:918 [ 119.970561][ T3892] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:699 [ 120.078933][ T3903] binder: Unknown parameter '000000000000000000000000x0000000000000003ÿÿ00000000000000000000000ÿÿ184467440737095516150xffffffffffffffff00000000000000000005' [ 120.265777][ T3926] rust_binder: Write failure EINVAL in pid:838 [ 120.314787][ T3934] netlink: 'syz.2.1222': attribute type 30 has an invalid length. [ 120.536758][ T45] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 120.666774][ T45] usb 1-1: device descriptor read/64, error -71 [ 120.787464][ T3941] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 120.787490][ T3941] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:706 [ 120.797015][ T3941] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 120.806138][ T3941] rust_binder: Read failure Err(EFAULT) in pid:706 [ 120.845926][ T3945] netlink: 'syz.1.1227': attribute type 64 has an invalid length. [ 120.881920][ T3951] rust_binder: Write failure EINVAL in pid:925 [ 120.899788][ T3953] can: request_module (can-proto-3) failed. [ 120.917055][ T45] usb 1-1: device descriptor read/64, error -71 [ 120.976801][ T36] kauditd_printk_skb: 87 callbacks suppressed [ 120.976821][ T36] audit: type=1400 audit(1750468514.374:696): avc: denied { append } for pid=3961 comm="syz.3.1232" name="vsock" dev="devtmpfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 120.977588][ T3962] rust_binder: Failed to allocate buffer. len:65376, is_oneway:true [ 121.005758][ T3962] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 121.013919][ T3962] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:714 [ 121.023878][ T3959] rust_binder: Error while translating object. [ 121.033357][ T3959] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 121.039827][ T3959] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:933 [ 121.078285][ T3968] rust_binder: Write failure EINVAL in pid:938 [ 121.117659][ T3972] rust_binder: Write failure EINVAL in pid:942 [ 121.166973][ T45] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 121.249365][ T3976] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 121.250047][ T3976] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1239'. [ 121.265939][ T3976] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:847 [ 121.266359][ T3977] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 121.306777][ T45] usb 1-1: device descriptor read/64, error -71 [ 121.326785][ T308] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 121.399900][ T3985] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 121.400879][ T3985] rust_binder: Error while translating object. [ 121.407651][ T3985] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 121.413829][ T3985] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:856 [ 121.424026][ T3985] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 121.433786][ T3985] rust_binder: Write failure EINVAL in pid:856 [ 121.436768][ T3151] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 121.477982][ T308] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 121.487685][ T308] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 121.497375][ T308] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 121.499181][ T3986] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:856 [ 121.512341][ T308] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 121.530826][ T308] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.538854][ T308] usb 4-1: Product: syz [ 121.543154][ T308] usb 4-1: Manufacturer: syz [ 121.547772][ T308] usb 4-1: SerialNumber: syz [ 121.586812][ T45] usb 1-1: device descriptor read/64, error -71 [ 121.607815][ T3151] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 121.618804][ T3151] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 121.628592][ T3151] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 121.637708][ T3151] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.646352][ T3151] usb 2-1: config 0 descriptor?? [ 121.696860][ T45] usb usb1-port1: attempt power cycle [ 121.754579][ T308] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 121.955683][ T36] audit: type=1400 audit(1750468515.354:697): avc: denied { read write } for pid=3963 comm="syz.3.1233" name="lp0" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 121.962267][ T3964] block device autoloading is deprecated and will be removed. [ 121.979390][ T36] audit: type=1400 audit(1750468515.354:698): avc: denied { open } for pid=3963 comm="syz.3.1233" path="/dev/usb/lp0" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 121.991039][ T3964] syz.3.1233: attempt to access beyond end of device [ 121.991039][ T3964] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 122.011278][ T36] audit: type=1400 audit(1750468515.354:699): avc: denied { ioctl } for pid=3963 comm="syz.3.1233" path="/dev/usb/lp0" dev="devtmpfs" ino=664 ioctlcmd=0x5820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 122.024451][ T3987] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:716 [ 122.056315][ T3151] lenovo 0003:17EF:6047.000D: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.1-1/input0 [ 122.057236][ T895] usb 4-1: USB disconnect, device number 11 [ 122.076777][ T45] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 122.083637][ T895] usblp0: removed [ 122.107696][ T45] usb 1-1: device descriptor read/8, error -71 [ 122.237838][ T45] usb 1-1: device descriptor read/8, error -71 [ 122.246868][ T3989] FAULT_INJECTION: forcing a failure. [ 122.246868][ T3989] name failslab, interval 1, probability 0, space 0, times 0 [ 122.259828][ T3989] CPU: 0 UID: 0 PID: 3989 Comm: syz.2.1243 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 122.259870][ T3989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.259883][ T3989] Call Trace: [ 122.259890][ T3989] [ 122.259898][ T3989] __dump_stack+0x21/0x30 [ 122.259926][ T3989] dump_stack_lvl+0x10c/0x190 [ 122.259949][ T3989] ? __cfi_dump_stack_lvl+0x10/0x10 [ 122.259969][ T3989] dump_stack+0x19/0x20 [ 122.259989][ T3989] should_fail_ex+0x3d9/0x530 [ 122.260013][ T3989] should_failslab+0xac/0x100 [ 122.260042][ T3989] __kmalloc_noprof+0x69/0x450 [ 122.260065][ T3989] ? genl_family_rcv_msg_attrs_parse+0xc6/0x390 [ 122.260088][ T3989] genl_family_rcv_msg_attrs_parse+0xc6/0x390 [ 122.260106][ T3989] genl_family_rcv_msg_doit+0xcd/0x330 [ 122.260123][ T3989] ? genl_family_rcv_msg_dumpit+0x2d0/0x2d0 [ 122.260140][ T3989] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 122.260163][ T3989] ? asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 122.260195][ T3989] ? genl_rcv_msg+0x5e6/0x7a0 [ 122.260216][ T3989] genl_rcv_msg+0x609/0x7a0 [ 122.260236][ T3989] ? __cfi_genl_rcv_msg+0x10/0x10 [ 122.260251][ T3989] ? __cfi_ethnl_default_doit+0x10/0x10 [ 122.260270][ T3989] netlink_rcv_skb+0x22b/0x4a0 [ 122.260294][ T3989] ? __cfi_genl_rcv_msg+0x10/0x10 [ 122.260317][ T3989] ? __cfi_netlink_rcv_skb+0x10/0x10 [ 122.260359][ T3989] ? rwsem_read_trylock+0x2b1/0x660 [ 122.260381][ T3989] ? down_read+0x79/0xe0 [ 122.260396][ T3989] ? __cfi_down_read+0x10/0x10 [ 122.260411][ T3989] ? is_vmalloc_addr+0x11/0x40 [ 122.260434][ T3989] genl_rcv+0x2c/0x40 [ 122.260454][ T3989] netlink_unicast+0x8c6/0xa60 [ 122.260482][ T3989] netlink_sendmsg+0x7f0/0xaf0 [ 122.260513][ T3989] ? __cfi_netlink_sendmsg+0x10/0x10 [ 122.260538][ T3989] ? bpf_lsm_socket_sendmsg+0xd/0x20 [ 122.260561][ T3989] ? security_socket_sendmsg+0x33/0xd0 [ 122.260580][ T3989] ? __cfi_netlink_sendmsg+0x10/0x10 [ 122.260613][ T3989] ____sys_sendmsg+0xa15/0xa70 [ 122.260645][ T3989] ? __sys_sendmsg_sock+0x50/0x50 [ 122.260674][ T3989] ? import_iovec+0x81/0xb0 [ 122.260696][ T3989] ___sys_sendmsg+0x220/0x2a0 [ 122.260719][ T3989] ? __sys_sendmsg+0x280/0x280 [ 122.260749][ T3989] ? proc_fail_nth_write+0x17e/0x210 [ 122.260769][ T3989] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 122.260795][ T3989] __x64_sys_sendmsg+0x1eb/0x2c0 [ 122.260812][ T3989] ? fput+0x1a5/0x240 [ 122.260834][ T3989] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 122.260847][ T3989] ? ksys_write+0x1ef/0x250 [ 122.260866][ T3989] ? __kasan_check_read+0x15/0x20 [ 122.260891][ T3989] x64_sys_call+0x2a4c/0x2ee0 [ 122.260917][ T3989] do_syscall_64+0x58/0xf0 [ 122.260942][ T3989] ? clear_bhb_loop+0x35/0x90 [ 122.260967][ T3989] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 122.260989][ T3989] RIP: 0033:0x7fbb7618e929 [ 122.261002][ T3989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.261016][ T3989] RSP: 002b:00007fbb76ff0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 122.261040][ T3989] RAX: ffffffffffffffda RBX: 00007fbb763b5fa0 RCX: 00007fbb7618e929 [ 122.261055][ T3989] RDX: 0000000004000004 RSI: 0000200000000a80 RDI: 0000000000000003 [ 122.261084][ T3989] RBP: 00007fbb76ff0090 R08: 0000000000000000 R09: 0000000000000000 [ 122.261095][ T3989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.261107][ T3989] R13: 0000000000000000 R14: 00007fbb763b5fa0 R15: 00007fff307160c8 [ 122.261125][ T3989] [ 122.476792][ T45] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 122.482796][ T3974] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1238'. [ 122.509506][ T45] usb 1-1: device descriptor read/8, error -71 [ 122.630215][ T3151] lenovo 0003:17EF:6047.000D: Failed to switch middle button: -71 [ 122.638346][ T3151] lenovo 0003:17EF:6047.000D: Fn-lock setting failed: -71 [ 122.645708][ T3151] lenovo 0003:17EF:6047.000D: Sensitivity setting failed: -71 [ 122.654853][ T3151] usb 2-1: USB disconnect, device number 27 [ 122.661328][ T3997] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:719 [ 122.679602][ T3999] fido_id[3999]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 122.767813][ T45] usb 1-1: device descriptor read/8, error -71 [ 122.832956][ T4007] FAULT_INJECTION: forcing a failure. [ 122.832956][ T4007] name failslab, interval 1, probability 0, space 0, times 0 [ 122.845822][ T4007] CPU: 0 UID: 0 PID: 4007 Comm: syz.2.1249 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 122.845852][ T4007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 122.845864][ T4007] Call Trace: [ 122.845870][ T4007] [ 122.845878][ T4007] __dump_stack+0x21/0x30 [ 122.845907][ T4007] dump_stack_lvl+0x10c/0x190 [ 122.845932][ T4007] ? __cfi_dump_stack_lvl+0x10/0x10 [ 122.845956][ T4007] dump_stack+0x19/0x20 [ 122.845979][ T4007] should_fail_ex+0x3d9/0x530 [ 122.846002][ T4007] should_failslab+0xac/0x100 [ 122.846032][ T4007] __kmalloc_noprof+0x69/0x450 [ 122.846050][ T4007] ? genl_family_rcv_msg_attrs_parse+0xc6/0x390 [ 122.846069][ T4007] genl_family_rcv_msg_attrs_parse+0xc6/0x390 [ 122.846087][ T4007] genl_family_rcv_msg_doit+0xcd/0x330 [ 122.846105][ T4007] ? genl_family_rcv_msg_dumpit+0x2d0/0x2d0 [ 122.846121][ T4007] ? selinux_capable+0x38/0x50 [ 122.846138][ T4007] ? bpf_lsm_capable+0xd/0x20 [ 122.846158][ T4007] ? ns_capable+0x91/0xf0 [ 122.846176][ T4007] genl_rcv_msg+0x609/0x7a0 [ 122.846192][ T4007] ? __cfi_genl_rcv_msg+0x10/0x10 [ 122.846207][ T4007] ? __cfi_ieee802154_del_iface+0x10/0x10 [ 122.846228][ T4007] netlink_rcv_skb+0x22b/0x4a0 [ 122.846249][ T4007] ? __cfi_genl_rcv_msg+0x10/0x10 [ 122.846265][ T4007] ? __cfi_netlink_rcv_skb+0x10/0x10 [ 122.846285][ T4007] ? rwsem_read_trylock+0x2b1/0x660 [ 122.846303][ T4007] ? down_read+0x79/0xe0 [ 122.846319][ T4007] ? __cfi_down_read+0x10/0x10 [ 122.846334][ T4007] ? is_vmalloc_addr+0x11/0x40 [ 122.846356][ T4007] genl_rcv+0x2c/0x40 [ 122.846378][ T4007] netlink_unicast+0x8c6/0xa60 [ 122.846399][ T4007] netlink_sendmsg+0x7f0/0xaf0 [ 122.846422][ T4007] ? __cfi_netlink_sendmsg+0x10/0x10 [ 122.846445][ T4007] ? bpf_lsm_socket_sendmsg+0xd/0x20 [ 122.846468][ T4007] ? security_socket_sendmsg+0x33/0xd0 [ 122.846486][ T4007] ? __cfi_netlink_sendmsg+0x10/0x10 [ 122.846509][ T4007] ____sys_sendmsg+0xa15/0xa70 [ 122.846533][ T4007] ? __sys_sendmsg_sock+0x50/0x50 [ 122.846570][ T4007] ? import_iovec+0x81/0xb0 [ 122.846591][ T4007] ___sys_sendmsg+0x220/0x2a0 [ 122.846613][ T4007] ? __sys_sendmsg+0x280/0x280 [ 122.846634][ T4007] ? proc_fail_nth_write+0x17e/0x210 [ 122.846648][ T4007] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 122.846667][ T4007] __x64_sys_sendmsg+0x1eb/0x2c0 [ 122.846680][ T4007] ? fput+0x1a5/0x240 [ 122.846701][ T4007] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 122.846718][ T4007] ? ksys_write+0x1ef/0x250 [ 122.846736][ T4007] ? __kasan_check_read+0x15/0x20 [ 122.846753][ T4007] x64_sys_call+0x2a4c/0x2ee0 [ 122.846772][ T4007] do_syscall_64+0x58/0xf0 [ 122.846791][ T4007] ? clear_bhb_loop+0x35/0x90 [ 122.846812][ T4007] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 122.846833][ T4007] RIP: 0033:0x7fbb7618e929 [ 122.846846][ T4007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 122.846858][ T4007] RSP: 002b:00007fbb76ff0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 122.846874][ T4007] RAX: ffffffffffffffda RBX: 00007fbb763b5fa0 RCX: 00007fbb7618e929 [ 122.846885][ T4007] RDX: 0000000004000000 RSI: 0000200000000300 RDI: 0000000000000004 [ 122.846895][ T4007] RBP: 00007fbb76ff0090 R08: 0000000000000000 R09: 0000000000000000 [ 122.846904][ T4007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 122.846912][ T4007] R13: 0000000000000000 R14: 00007fbb763b5fa0 R15: 00007fff307160c8 [ 122.846925][ T4007] [ 122.917432][ T45] usb usb1-port1: unable to enumerate USB device [ 123.339091][ T4024] FAULT_INJECTION: forcing a failure. [ 123.339091][ T4024] name failslab, interval 1, probability 0, space 0, times 0 [ 123.351852][ T4024] CPU: 1 UID: 0 PID: 4024 Comm: syz.1.1253 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 123.351887][ T4024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 123.351899][ T4024] Call Trace: [ 123.351904][ T4024] [ 123.351909][ T4024] __dump_stack+0x21/0x30 [ 123.351931][ T4024] dump_stack_lvl+0x10c/0x190 [ 123.351949][ T4024] ? __cfi_dump_stack_lvl+0x10/0x10 [ 123.351968][ T4024] dump_stack+0x19/0x20 [ 123.351985][ T4024] should_fail_ex+0x3d9/0x530 [ 123.352008][ T4024] should_failslab+0xac/0x100 [ 123.352029][ T4024] __kmalloc_noprof+0x69/0x450 [ 123.352046][ T4024] ? ethnl_default_doit+0x1c3/0xe20 [ 123.352066][ T4024] ethnl_default_doit+0x1c3/0xe20 [ 123.352083][ T4024] ? genl_family_rcv_msg_attrs_parse+0x213/0x390 [ 123.352102][ T4024] genl_family_rcv_msg_doit+0x22f/0x330 [ 123.352119][ T4024] ? genl_family_rcv_msg_dumpit+0x2d0/0x2d0 [ 123.352137][ T4024] ? radix_tree_lookup+0x250/0x2a0 [ 123.352159][ T4024] genl_rcv_msg+0x609/0x7a0 [ 123.352175][ T4024] ? __cfi_genl_rcv_msg+0x10/0x10 [ 123.352190][ T4024] ? __cfi_ethnl_default_doit+0x10/0x10 [ 123.352209][ T4024] netlink_rcv_skb+0x22b/0x4a0 [ 123.352230][ T4024] ? __cfi_genl_rcv_msg+0x10/0x10 [ 123.352245][ T4024] ? __cfi_netlink_rcv_skb+0x10/0x10 [ 123.352268][ T4024] ? rwsem_read_trylock+0x2b1/0x660 [ 123.352287][ T4024] ? down_read+0x79/0xe0 [ 123.352302][ T4024] ? __cfi_down_read+0x10/0x10 [ 123.352317][ T4024] ? is_vmalloc_addr+0x11/0x40 [ 123.352338][ T4024] genl_rcv+0x2c/0x40 [ 123.352352][ T4024] netlink_unicast+0x8c6/0xa60 [ 123.352373][ T4024] netlink_sendmsg+0x7f0/0xaf0 [ 123.352396][ T4024] ? __cfi_netlink_sendmsg+0x10/0x10 [ 123.352419][ T4024] ? bpf_lsm_socket_sendmsg+0xd/0x20 [ 123.352442][ T4024] ? security_socket_sendmsg+0x33/0xd0 [ 123.352459][ T4024] ? __cfi_netlink_sendmsg+0x10/0x10 [ 123.352482][ T4024] ____sys_sendmsg+0xa15/0xa70 [ 123.352506][ T4024] ? __sys_sendmsg_sock+0x50/0x50 [ 123.352530][ T4024] ? import_iovec+0x81/0xb0 [ 123.352551][ T4024] ___sys_sendmsg+0x220/0x2a0 [ 123.352574][ T4024] ? __sys_sendmsg+0x280/0x280 [ 123.352597][ T4024] ? proc_fail_nth_write+0x17e/0x210 [ 123.352611][ T4024] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 123.352631][ T4024] __x64_sys_sendmsg+0x1eb/0x2c0 [ 123.352644][ T4024] ? fput+0x1a5/0x240 [ 123.352666][ T4024] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 123.352679][ T4024] ? ksys_write+0x1ef/0x250 [ 123.352697][ T4024] ? __kasan_check_read+0x15/0x20 [ 123.352715][ T4024] x64_sys_call+0x2a4c/0x2ee0 [ 123.352734][ T4024] do_syscall_64+0x58/0xf0 [ 123.352753][ T4024] ? clear_bhb_loop+0x35/0x90 [ 123.352776][ T4024] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 123.352798][ T4024] RIP: 0033:0x7f84ae38e929 [ 123.352810][ T4024] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.352829][ T4024] RSP: 002b:00007f84af1e6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 123.352846][ T4024] RAX: ffffffffffffffda RBX: 00007f84ae5b5fa0 RCX: 00007f84ae38e929 [ 123.352857][ T4024] RDX: 0000000004000004 RSI: 0000200000000a80 RDI: 0000000000000003 [ 123.352868][ T4024] RBP: 00007f84af1e6090 R08: 0000000000000000 R09: 0000000000000000 [ 123.352877][ T4024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 123.352886][ T4024] R13: 0000000000000000 R14: 00007f84ae5b5fa0 R15: 00007ffdea0b2408 [ 123.352899][ T4024] [ 123.605175][ T4031] FAULT_INJECTION: forcing a failure. [ 123.605175][ T4031] name failslab, interval 1, probability 0, space 0, times 0 [ 123.702658][ T4031] CPU: 1 UID: 0 PID: 4031 Comm: syz.3.1258 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 123.702691][ T4031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 123.702703][ T4031] Call Trace: [ 123.702710][ T4031] [ 123.702718][ T4031] __dump_stack+0x21/0x30 [ 123.702747][ T4031] dump_stack_lvl+0x10c/0x190 [ 123.702772][ T4031] ? __cfi_dump_stack_lvl+0x10/0x10 [ 123.702797][ T4031] ? genl_family_rcv_msg_doit+0x294/0x330 [ 123.702819][ T4031] dump_stack+0x19/0x20 [ 123.702838][ T4031] should_fail_ex+0x3d9/0x530 [ 123.702857][ T4031] should_failslab+0xac/0x100 [ 123.702879][ T4031] kmem_cache_alloc_node_noprof+0x45/0x3b0 [ 123.702899][ T4031] ? __alloc_skb+0x10c/0x370 [ 123.702921][ T4031] __alloc_skb+0x10c/0x370 [ 123.702940][ T4031] ? __kasan_check_read+0x15/0x20 [ 123.702959][ T4031] netlink_ack+0x155/0xa50 [ 123.702994][ T4031] netlink_rcv_skb+0x2b2/0x4a0 [ 123.703017][ T4031] ? __cfi_genl_rcv_msg+0x10/0x10 [ 123.703034][ T4031] ? __cfi_netlink_rcv_skb+0x10/0x10 [ 123.703057][ T4031] ? rwsem_read_trylock+0x2b1/0x660 [ 123.703076][ T4031] ? down_read+0x79/0xe0 [ 123.703093][ T4031] ? __cfi_down_read+0x10/0x10 [ 123.703110][ T4031] ? is_vmalloc_addr+0x11/0x40 [ 123.703134][ T4031] genl_rcv+0x2c/0x40 [ 123.703149][ T4031] netlink_unicast+0x8c6/0xa60 [ 123.703172][ T4031] netlink_sendmsg+0x7f0/0xaf0 [ 123.703198][ T4031] ? __cfi_netlink_sendmsg+0x10/0x10 [ 123.703223][ T4031] ? bpf_lsm_socket_sendmsg+0xd/0x20 [ 123.703250][ T4031] ? security_socket_sendmsg+0x33/0xd0 [ 123.703270][ T4031] ? __cfi_netlink_sendmsg+0x10/0x10 [ 123.703294][ T4031] ____sys_sendmsg+0xa15/0xa70 [ 123.703321][ T4031] ? __sys_sendmsg_sock+0x50/0x50 [ 123.703347][ T4031] ? import_iovec+0x81/0xb0 [ 123.703371][ T4031] ___sys_sendmsg+0x220/0x2a0 [ 123.703396][ T4031] ? __sys_sendmsg+0x280/0x280 [ 123.703421][ T4031] ? proc_fail_nth_write+0x17e/0x210 [ 123.703437][ T4031] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 123.703459][ T4031] __x64_sys_sendmsg+0x1eb/0x2c0 [ 123.703474][ T4031] ? fput+0x1a5/0x240 [ 123.703499][ T4031] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 123.703514][ T4031] ? ksys_write+0x1ef/0x250 [ 123.703535][ T4031] ? __kasan_check_read+0x15/0x20 [ 123.703554][ T4031] x64_sys_call+0x2a4c/0x2ee0 [ 123.703576][ T4031] do_syscall_64+0x58/0xf0 [ 123.703597][ T4031] ? clear_bhb_loop+0x35/0x90 [ 123.703622][ T4031] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 123.703646][ T4031] RIP: 0033:0x7f62ea98e929 [ 123.703660][ T4031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 123.703674][ T4031] RSP: 002b:00007f62eb7e2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 123.703692][ T4031] RAX: ffffffffffffffda RBX: 00007f62eabb5fa0 RCX: 00007f62ea98e929 [ 123.703705][ T4031] RDX: 0000000004000000 RSI: 0000200000000300 RDI: 0000000000000004 [ 123.703717][ T4031] RBP: 00007f62eb7e2090 R08: 0000000000000000 R09: 0000000000000000 [ 123.703728][ T4031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 123.703738][ T4031] R13: 0000000000000000 R14: 00007f62eabb5fa0 R15: 00007fffb5afd558 [ 123.703753][ T4031] [ 124.043972][ T4040] rust_binder: Write failure EINVAL in pid:732 [ 124.080017][ T4042] FAULT_INJECTION: forcing a failure. [ 124.080017][ T4042] name failslab, interval 1, probability 0, space 0, times 0 [ 124.098931][ T4042] CPU: 0 UID: 0 PID: 4042 Comm: syz.1.1263 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 124.098971][ T4042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 124.098985][ T4042] Call Trace: [ 124.098991][ T4042] [ 124.098999][ T4042] __dump_stack+0x21/0x30 [ 124.099026][ T4042] dump_stack_lvl+0x10c/0x190 [ 124.099049][ T4042] ? __cfi_dump_stack_lvl+0x10/0x10 [ 124.099074][ T4042] dump_stack+0x19/0x20 [ 124.099094][ T4042] should_fail_ex+0x3d9/0x530 [ 124.099116][ T4042] should_failslab+0xac/0x100 [ 124.099144][ T4042] kmem_cache_alloc_noprof+0x42/0x3a0 [ 124.099166][ T4042] ? mas_alloc_nodes+0x254/0x9e0 [ 124.099188][ T4042] mas_alloc_nodes+0x254/0x9e0 [ 124.099210][ T4042] mas_preallocate+0x764/0xc60 [ 124.099229][ T4042] ? avc_has_perm+0x144/0x220 [ 124.099250][ T4042] ? __cfi_avc_has_perm+0x10/0x10 [ 124.099269][ T4042] ? __cfi_mas_preallocate+0x10/0x10 [ 124.099292][ T4042] commit_merge+0x489/0xe60 [ 124.099317][ T4042] ? vma_expand+0x550/0x550 [ 124.099341][ T4042] ? __kasan_check_write+0x18/0x20 [ 124.099364][ T4042] vma_modify+0xfa5/0x1430 [ 124.099390][ T4042] vma_modify_flags_uffd+0x15a/0x190 [ 124.099418][ T4042] userfaultfd_clear_vma+0x1e8/0x260 [ 124.099441][ T4042] ? __cfi_userfaultfd_clear_vma+0x10/0x10 [ 124.099468][ T4042] userfaultfd_release_all+0x280/0x490 [ 124.099492][ T4042] ? __cfi_userfaultfd_release_all+0x10/0x10 [ 124.099515][ T4042] ? vfs_write+0x8ba/0xe80 [ 124.099538][ T4042] ? __asan_memset+0x39/0x50 [ 124.099559][ T4042] ? locks_remove_posix+0x38b/0x580 [ 124.099587][ T4042] userfaultfd_release+0xe2/0x1a0 [ 124.099605][ T4042] ? __cfi_userfaultfd_release+0x10/0x10 [ 124.099624][ T4042] ? __cfi_userfaultfd_release+0x10/0x10 [ 124.099641][ T4042] __fput+0x1fb/0xa00 [ 124.099655][ T4042] __fput_sync+0x4a/0x70 [ 124.099667][ T4042] __se_sys_close+0x17b/0x240 [ 124.099682][ T4042] __x64_sys_close+0x3c/0x60 [ 124.099695][ T4042] x64_sys_call+0x2560/0x2ee0 [ 124.099715][ T4042] do_syscall_64+0x58/0xf0 [ 124.099734][ T4042] ? clear_bhb_loop+0x35/0x90 [ 124.099756][ T4042] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 124.099778][ T4042] RIP: 0033:0x7f84ae38e929 [ 124.099790][ T4042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.099802][ T4042] RSP: 002b:00007f84af1e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 124.099818][ T4042] RAX: ffffffffffffffda RBX: 00007f84ae5b5fa0 RCX: 00007f84ae38e929 [ 124.099830][ T4042] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 124.099838][ T4042] RBP: 00007f84af1e6090 R08: 0000000000000000 R09: 0000000000000000 [ 124.099848][ T4042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.099857][ T4042] R13: 0000000000000000 R14: 00007f84ae5b5fa0 R15: 00007ffdea0b2408 [ 124.099869][ T4042] [ 124.100014][ T4042] BUG: unable to handle page fault for address: fffffffffffffffc [ 124.388470][ T4042] #PF: supervisor read access in kernel mode [ 124.394444][ T4042] #PF: error_code(0x0000) - not-present page [ 124.400417][ T4042] PGD 72ae067 P4D 72ae067 PUD 72b0067 PMD 0 [ 124.406415][ T4042] Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI [ 124.412479][ T4042] CPU: 0 UID: 0 PID: 4042 Comm: syz.1.1263 Not tainted 6.12.23-syzkaller-g6c1c18fcb8b7 #0 ba78288b1e32eb9f88d3f8d8da6b79a037cd8362 [ 124.425929][ T4042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 124.435980][ T4042] RIP: 0010:can_vma_merge_left+0x6c/0x4c0 [ 124.441711][ T4042] Code: ff 0f 84 2b 01 00 00 4d 8d 67 08 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 e7 e8 d4 28 08 00 <4d> 8b 24 24 4c 89 6d d0 49 83 c5 30 4c 89 e8 48 c1 e8 03 48 b9 00 [ 124.461319][ T4042] RSP: 0018:ffffc9000f5478f8 EFLAGS: 00010246 [ 124.467393][ T4042] RAX: 1fffffffffffffff RBX: ffffc9000f547a38 RCX: dffffc0000000000 [ 124.475449][ T4042] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000f547a20 [ 124.483420][ T4042] RBP: ffffc9000f547938 R08: ffff88810bf2d49f R09: 1ffff110217e5a93 [ 124.491399][ T4042] R10: dffffc0000000000 R11: ffffed10217e5a94 R12: fffffffffffffffc [ 124.499369][ T4042] R13: ffffc9000f547a20 R14: 1ffff92001ea8f47 R15: fffffffffffffff4 [ 124.507337][ T4042] FS: 00007f84af1e66c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 124.516261][ T4042] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.522853][ T4042] CR2: fffffffffffffffc CR3: 000000013b0ec000 CR4: 00000000003526b0 [ 124.530832][ T4042] DR0: 00000000000004d8 DR1: 0000000000000000 DR2: 0000000000000000 [ 124.538798][ T4042] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 124.546768][ T4042] Call Trace: [ 124.550047][ T4042] [ 124.552989][ T4042] vma_modify+0x250/0x1430 [ 124.557429][ T4042] vma_modify_flags_uffd+0x15a/0x190 [ 124.562721][ T4042] userfaultfd_clear_vma+0x1e8/0x260 [ 124.568020][ T4042] ? __cfi_userfaultfd_clear_vma+0x10/0x10 [ 124.573857][ T4042] userfaultfd_release_all+0x280/0x490 [ 124.579352][ T4042] ? __cfi_userfaultfd_release_all+0x10/0x10 [ 124.585334][ T4042] ? vfs_write+0x8ba/0xe80 [ 124.589753][ T4042] ? __asan_memset+0x39/0x50 [ 124.594346][ T4042] ? locks_remove_posix+0x38b/0x580 [ 124.599551][ T4042] userfaultfd_release+0xe2/0x1a0 [ 124.604579][ T4042] ? __cfi_userfaultfd_release+0x10/0x10 [ 124.610235][ T4042] ? __cfi_userfaultfd_release+0x10/0x10 [ 124.615887][ T4042] __fput+0x1fb/0xa00 [ 124.619977][ T4042] __fput_sync+0x4a/0x70 [ 124.624240][ T4042] __se_sys_close+0x17b/0x240 [ 124.628922][ T4042] __x64_sys_close+0x3c/0x60 [ 124.633532][ T4042] x64_sys_call+0x2560/0x2ee0 [ 124.638225][ T4042] do_syscall_64+0x58/0xf0 [ 124.642648][ T4042] ? clear_bhb_loop+0x35/0x90 [ 124.647330][ T4042] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 124.653228][ T4042] RIP: 0033:0x7f84ae38e929 [ 124.657642][ T4042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.677280][ T4042] RSP: 002b:00007f84af1e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 124.685696][ T4042] RAX: ffffffffffffffda RBX: 00007f84ae5b5fa0 RCX: 00007f84ae38e929 [ 124.693667][ T4042] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 124.701636][ T4042] RBP: 00007f84af1e6090 R08: 0000000000000000 R09: 0000000000000000 [ 124.709604][ T4042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.717662][ T4042] R13: 0000000000000000 R14: 00007f84ae5b5fa0 R15: 00007ffdea0b2408 [ 124.725639][ T4042] [ 124.728657][ T4042] Modules linked in: [ 124.732563][ T4042] CR2: fffffffffffffffc [ 124.736714][ T4042] ---[ end trace 0000000000000000 ]--- [ 124.742161][ T4042] RIP: 0010:can_vma_merge_left+0x6c/0x4c0 [ 124.747889][ T4042] Code: ff 0f 84 2b 01 00 00 4d 8d 67 08 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 e7 e8 d4 28 08 00 <4d> 8b 24 24 4c 89 6d d0 49 83 c5 30 4c 89 e8 48 c1 e8 03 48 b9 00 [ 124.767517][ T4042] RSP: 0018:ffffc9000f5478f8 EFLAGS: 00010246 [ 124.773600][ T4042] RAX: 1fffffffffffffff RBX: ffffc9000f547a38 RCX: dffffc0000000000 [ 124.781569][ T4042] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000f547a20 [ 124.789538][ T4042] RBP: ffffc9000f547938 R08: ffff88810bf2d49f R09: 1ffff110217e5a93 [ 124.797517][ T4042] R10: dffffc0000000000 R11: ffffed10217e5a94 R12: fffffffffffffffc [ 124.805490][ T4042] R13: ffffc9000f547a20 R14: 1ffff92001ea8f47 R15: fffffffffffffff4 [ 124.813461][ T4042] FS: 00007f84af1e66c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 124.822415][ T4042] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 124.828996][ T4042] CR2: fffffffffffffffc CR3: 000000013b0ec000 CR4: 00000000003526b0 [ 124.836968][ T4042] DR0: 00000000000004d8 DR1: 0000000000000000 DR2: 0000000000000000 [ 124.844963][ T4042] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 124.852936][ T4042] Kernel panic - not syncing: Fatal exception [ 124.859372][ T4042] Kernel Offset: disabled [ 124.863700][ T4042] Rebooting in 86400 seconds..