last executing test programs: 6.865436387s ago: executing program 1 (id=2362): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r2, &(0x7f0000000080), 0x0, 0x0, 0x0) keyctl$revoke(0x3, 0x0) keyctl$read(0xb, 0x0, 0x0, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r3, &(0x7f0000000440), 0x10) listen(r3, 0x0) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r1, 0x8982, &(0x7f0000000000)={0x3, 'geneve0\x00', {}, 0xf}) r5 = accept4$unix(r3, 0x0, 0x0, 0x0) sendmmsg(r5, &(0x7f0000001300)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000000) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x2482, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r6, 0x400455c8, 0x0) syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f0000000440)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x80, 0x10, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xab2a}, {0xd, 0x24, 0xf, 0x1, 0x5, 0xfff, 0x7, 0xa9}, {0x6, 0x24, 0x1a, 0x4, 0x2}}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x79, 0x81, 0x1}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x7, 0x0, 0x23}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x6, 0x9, 0x9}}}}}}}]}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 6.211149312s ago: executing program 3 (id=2371): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x40, 0x0) (async) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000280), 0x40, 0x0) ioctl$BLKFRAGET(r0, 0x1265, &(0x7f00000002c0)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080), 0x922e8aec47051e5, &(0x7f0000000440)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_off}], [{@smackfsdef={'smackfsdef', 0x3d, '.+\xb4+,'}}]}) (async) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080), 0x922e8aec47051e5, &(0x7f0000000440)={[{@redirect_dir_off}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_off}], [{@smackfsdef={'smackfsdef', 0x3d, '.+\xb4+,'}}]}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1380, 0x3}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfee, 0x0, 0x0, 0x68, 0xffffffffffffffc0, &(0x7f0000000200)={@ptr={0x70742a85, 0x0, 0x0, 0x0, 0x40000000000000, 0xe}, @flat=@binder={0x73622a85, 0x200, 0x2}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x1d}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}, 0x400}], 0x52, 0x0, &(0x7f0000000300)="6cc2517326f0182dfaea8b9b0efefe72ca2b3f10c526bb82d4a3786efb2df4fda2a1e2888f71a664cc5a261719fe4cead4d24dcc14edceace088490d882b563ef630b62d95fb3e1b01b472ec8da1d1df52fc"}) 6.135723799s ago: executing program 3 (id=2372): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r4, 0x4008af60, &(0x7f00000000c0)={@host}) write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) r5 = dup(r1) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_INIT(r5, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x7d, 0x1005, 0x0, 0x3}}, 0x50) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000000), 0x1814800, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access', 0x3d, 0xee00}}], [{@pcr={'pcr', 0x3d, 0x5}}], 0x6b}}) r6 = syz_open_procfs(0x0, &(0x7f00000003c0)='mountinfo\x00') r7 = open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0) sendfile(r7, r6, 0x0, 0xffffffff) syz_usb_connect(0x5, 0xa0a, &(0x7f0000000400)={{0x12, 0x1, 0x250, 0xdc, 0x91, 0xa3, 0x40, 0x1b3d, 0x1ac, 0x26c9, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9f8, 0x4, 0x8, 0x2, 0x10, 0x7, [{{0x9, 0x4, 0x21, 0x4, 0x0, 0xd9, 0x9b, 0x85, 0x42, [@generic={0xd2, 0x21, "900e6cf0bd2482d1eb0098b38141d387ef0c8aa1bcc839c32f868222e5e3c6b3972d4e1059fb6916d4cab998f400cb90ab988ffba44c6c52071db59ae7c9d16e9f577c2245e12e99369560bec7b2d85248b30690f942636f9b17d988801cf83786254ee40dd2bfa29f2f7fe66a96e26e3e53411ebb2698c35b7d7dde4e50e0912480655dfeef2dc8da08d2877791f482f22233c6d2a15d5150facbfc9b77bbd2d33d2d7e71396d98f2f8a76502bad45da4194a23359b04ff846fab6030d67e78d44f8eb64bf81f4fc34bd126b3dbbaa4"}]}}, {{0x9, 0x4, 0x9c, 0x2, 0x2, 0x2, 0x46, 0xa3, 0xff, [@generic={0xa1, 0x21, "5c2efaafc9d18a8ad57dbfc01f2fefc31a09d0ace69e6157db96f833159364cd220b765a19c2561bf6511967fffa0c3e3a67efa8c8278a5255a83a41aca8503cb51aa649b1bdc600e476d0c7cb9a5d0246be959a87bf26193b61578421545d5d3a801f6e6bee18146a0868607963a17296f565404c24e59b0ab4567c8e67f749cb07603e4ccf4737b5211f38a11727fe90aaf678d290d62a5793d5f974dbb6"}], [{{0x9, 0x5, 0xd, 0x1, 0x10, 0x0, 0x19, 0x1, [@generic={0x7e, 0x22, "bac236cf9185b60610b1f64aa4d01d7620ea8ee70959f0501cfc4abaa4f47afe555af52ea24dcb1dbc78e6e34c0a384c6c640d3b475f6fb469209c72340629a7935c14011f51723a39684f7090f5dfdaafb0250c203e2b406b8124765873d1ea6e333ea1c5cc0c4ccc7c31d4a93d05709910ea033592127b6635e792"}, @generic={0xda, 0xc, "24a3b6306300a4cf898957115790d1650eb17e4fa126a8f09697e568579767628fda0bba71d7f2211501fbfc8404282dea3264633926183738c83b316f3dc67d9040bdee7a6cb0eb27f1e4fd96480f1c884f76e2e19785abc1097d286626fbdf414c7bf96c56086351e9b43a0cdefb3ba5e06669dfbd293e6e183766d4b1fbd40da13be5185e35d0a6603a9eec9fd0088e3424e685f71c8c2d120e70b83ea5b580cdb56ecefb4b9a9a3618fa63b259e55c6a28d4f043f078d7cefc5b7f3236ae9999af697f65bb142d06da67d512cd4e6eb7446be19f6a09"}]}}, {{0x9, 0x5, 0x3, 0x0, 0x20, 0x2, 0x83, 0x5}}]}}, {{0x9, 0x4, 0xcf, 0x8, 0x7, 0xe7, 0xa4, 0xfa, 0xb, [@cdc_ncm={{0x7, 0x24, 0x6, 0x0, 0x1, "4cdd"}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x15e5a2c1, 0x5, 0x2, 0xff}, {0x6, 0x24, 0x1a, 0x6, 0x34}}], [{{0x9, 0x5, 0x9, 0x0, 0x40, 0x9, 0x6, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x80, 0x4}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x3, 0x5}]}}, {{0x9, 0x5, 0x2, 0x3, 0x400, 0x9, 0x8, 0x3, [@generic={0xea, 0xc, "af7dc6d4b1bd2aa11530e927367bd9b5688b9d1d5c12dc684e67d8861e3314e5c8a7a495290be15fd324bd551dd7ea0eda6264b9e3b3baef190170df97368556ef6fce9e7c6f5321848c324cd004d77c17c79ae019e7946d2402eaa3660b1aed5979fb5461b24dfc029e35ef4cdb028a487835c3920ce170cfb17f0cc38e214ec9a91f676f828f5566846f0b560f51f78a4049f227dcd953213f60a5d88532e0b9065e753ff93a9babdf69f3fa48649c83f4f60e75b271278866724e9ed190c3b718ea862dcb290c5b0c501bb0260d8c78ca3b86cdcd42308e196dbbff180c5b32c6c36d11370698"}]}}, {{0x9, 0x5, 0x5, 0xc, 0x400, 0x1, 0x2, 0x8, [@generic={0x94, 0x6, "a655efc798cbcdae63b7d3b2acf8d0827b9ac9e560ba47cda0f271ce58e6e909894cf1e55404ba4503469034fa137093f80b434c3a631721e8d21cf889693abcce6f3fdbe2d1208c08693251d554af8bac602390c07daf4b14221a134f952d07d36c6909222048f433e0d0662f00bbb4460a168fb6e54777e2715a9778ccf290924c6bd87489151f11ca998defb9506af6db"}]}}, {{0x9, 0x5, 0xa, 0x3, 0x200, 0x5e, 0x5, 0x9d, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xc, 0x753}, @generic={0x6, 0x23, "7014cdbd"}]}}, {{0x9, 0x5, 0x4, 0x10, 0x40, 0xe, 0x9c, 0xa6, [@generic={0xf0, 0xf, "dd432ceb957f89dc3e0f9a0db02c5ce8f909add904549a9e08ca44dacb7463fbd7d0495ea30ffd11a4c82130ed759a9ef402bd17ef1b817339cec2d40a219a670b2893963f3fffa757a8809e53dc1bef7b7769df75d4979f6a75e53ae8317f2cf0b8e494e05a8b9d1d07e8ef98c80adb488ed4e0729c27ed79c5bfa9dc9b550e5268e6f30172e3a15dcb7985edaf4608e0103ddd9d42ab92d70234a8e0df0f0bdfbbc56f7300ecdb678032fb2fce6caf0f19ac04cb510fd1877ee5762c5b69ebc43514a8e6376b6a1ae3f0111819c5b00412cc259fa63c3eeaf5fe89adc2080b363e7eb0757295918ef6931419fa"}, @generic={0xe7, 0x21, "144f0da0df9cc12c5b07bcfbc379de5237836ea9d3261b53a11540ea9e393cb130afeaca88644936fa292b2997c747bf54b3ab64fd0b9e39859b016f8869c1b6005e1c8b2e22a42c2ffec93c5adea02dd57d4ee96c9eba5a815d9261133aeb2f0797732557e455268fc8e74cf9e5793ebaf859b143862c5a00d713dac16ee1d140e0a1d74ceb3529fd04efb922ccebb5e8625191e6a87bf894de788d24b463404dc6737e5881ef20001c5c8f9cea3ec0d36b0f864d48cafaf25fa10cc299dcdc090efbaf7466dcff349cb0cbcdf30ee2e1c6b7cff6c7e887f2e2b7b7c6a6f4510fe0f33003"}]}}, {{0x9, 0x5, 0x0, 0xc, 0x20, 0x2, 0xf8, 0x62, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xfe, 0xe000}]}}, {{0x9, 0x5, 0xf, 0x1, 0x400, 0x4, 0x2, 0xfb, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xa, 0x12}]}}]}}, {{0x9, 0x4, 0xac, 0x9, 0x9, 0xff, 0xff, 0xff, 0x9, [@uac_as={[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x6, 0x1, 0x4, 0x6, "e2e5"}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0xa, 0x4, 0x8, 0x5, "a56e"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x8, 0x1, 0x4, '6zJ\''}]}], [{{0x9, 0x5, 0xb, 0x0, 0x10, 0x8, 0xb, 0x10, [@generic={0x69, 0xf, "d8f36dac6db5f0b222b986c4a8321a06adbf7cc490731bdb8eddec1172133bda221f27a79d0c5adc8cc6cbc99a2a869fe2024a87d181c5d1db8ad456605c47248d2466b09be8b99e40facc704807b9df5ba9342320bcdc1b4e83c924044bb3d61ae4a96120cc39"}]}}, {{0x9, 0x5, 0x2, 0x10, 0x40, 0x4, 0x1, 0x2, [@generic={0x9d, 0xc, "b1483ff8895aea24f60f2f727c3d0bdb3ab2685c6dbd8ec78826c0a92a487f2b574730c6fa1b7e3dff70d7e6ac6690cf912e608b713fbdeb770b9cb31f4b4b73f3011a460f94fbfb5ccbc5d872d2eed2f7c98dabe95078ceb8ef257bed917b213abdd9f4827334481bff61cfd5372debca354d5197f5779821ec721ff4cbf71c0ed16e530e09679e66eb04eea411b33e1616609270dad919cf0212"}, @generic={0x42, 0x0, "f9d40cef18e4301ad61c04e85a10287797968d396980a8b9197e996a4cc3bd428b1c065099346e1897b39ec36b44f46421ed0c09e6841e05005f1d3bae29a530"}]}}, {{0x9, 0x5, 0xe, 0x10, 0x400, 0x0, 0x40, 0xd}}, {{0x9, 0x5, 0x2, 0xc, 0x8, 0x0, 0x6, 0xbc}}, {{0x9, 0x5, 0xb, 0x4, 0x400, 0x4, 0x3, 0xfb}}, {{0x9, 0x5, 0xf, 0x10, 0x8, 0x1, 0x9, 0x7}}, {{0x9, 0x5, 0xf, 0x0, 0x40, 0x1, 0xd, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x2, 0x400}]}}, {{0x9, 0x5, 0xa, 0x10, 0x3ff, 0x1, 0x8, 0x4, [@generic={0xa1, 0xc, "463a16fac5c34953893db104059a770057920b45fe762934cf368d53fc43d61d7039dc342f9151fda8e30808e036e420288ca11a854da450e625cbb80c530812b6a601e395747af9c98c15b7a38027baa317bdeaedc7e80a7917056eb4cf74b4f3ad1a2ad5f802e1af415ddaac43a70f0465642c1c37c1903e782282de9b1c57739ed93c67e51ba307799a156621a4a4fba5825a760d7fbffe3f84bfcec703"}, @generic={0x4a, 0x21, "9c53a6109206c25d70b19ac3def2565a62783e6ff253aad71deaa99750d1dc7b0af5001c290ce95e4873c5b6625200a57cf5a93e99f95ef059ef9f558ac8c5b402c175904d530277"}]}}, {{0x9, 0x5, 0xc, 0x0, 0x3ff, 0x88, 0x4, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x88, 0x3}, @generic={0x5f, 0x5, "5ac8a74f861cf5c4f1d9773345ed87c7f38d1e74f1b503243ce2199fc4e2ebcf7604f56eb390c8b70b0f8baf6f3f9fd3329406f2af421ba28f9c054209dd359c6734a86e634fa56d83e8f7b3944144727dfbe0bbfb2cd432dd4470eaa4"}]}}]}}]}}]}}, &(0x7f00000001c0)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x110, 0x20, 0x4, 0x70, 0x8, 0x8}, 0xf, &(0x7f0000000180)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x2, 0x66, 0x6, 0x4}]}, 0x1, [{0xd0, &(0x7f0000000e40)=@string={0xd0, 0x3, "1a50edb45adf557efe2412053bea707769cb3bae966dde91d0e7006189078410b7d7a01d9e64b324a4eaea6e6eef06a64a8153b72fc121730f651c6b7f414e908d1244fef16080ac78c90188e0e92fd1901a0b3891488ce70cce4a7bb7df94d54d95cec2a0d633f619688bf10a1d02ca3cc83fc13cce79bc11aa03b0c6d2aa19310a30267f79a9f58bdfdc5f791611d197c5fa6c0b32ad76631fdcd3bdcde68c0348840be251a0ebea9878fc5aa9dd74384d167fea55e2634d87290046b3f827e304cfaf73e7fe110ef92097cd5d"}}]}) ioctl$IOC_PR_PREEMPT_ABORT(r7, 0x401870cc, &(0x7f0000000080)={0x7, 0x800000, 0x8, 0x7ff}) 4.728164987s ago: executing program 3 (id=2377): prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) recvmmsg(0xffffffffffffffff, &(0x7f00000028c0)=[{{&(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000200)=""/235, 0xeb}, {&(0x7f0000000100)=""/136, 0x88}], 0x2, &(0x7f00000004c0)=""/197, 0xc5}, 0x7}, {{&(0x7f0000000400)=@caif=@dbg, 0x80, &(0x7f0000001680)=[{&(0x7f0000000480)=""/5, 0x5}, {&(0x7f0000002980)=""/4096, 0x1000}, {&(0x7f00000014c0)=""/252, 0xfc}, {&(0x7f00000015c0)=""/162, 0xa2}], 0x4, &(0x7f00000016c0)=""/148, 0x94}, 0xd}, {{&(0x7f0000001780)=@in={0x2, 0x0, @empty}, 0x80, &(0x7f0000001880)=[{&(0x7f0000001800)=""/99, 0x63}], 0x1, &(0x7f00000018c0)=""/4096, 0x1000}, 0xd2}], 0x3, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$selinux_avc_hash_stats(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_pidfd_open(0x0, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0xff09) keyctl$read(0xb, 0x0, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x2482, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) fsopen(&(0x7f0000000300)='incremental-fs\x00', 0x1) 4.309518318s ago: executing program 1 (id=2378): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff038}, {0x20, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0xa02000000000000, 0x60, &(0x7f0000000a80)={'filter\x00', 0xb001, 0x4, 0x408, 0x0, 0x110, 0x0, 0x320, 0x320, 0x320, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@multicast, @rand_addr=0x64010102, @broadcast, 0x4}}}, {{@arp={@private=0xa010101, @loopback, 0x0, 0x0, 0x16, 0x70, {@mac=@random="c1328a2329f2", {[0xff, 0xff, 0xff, 0x0, 0xff]}}, {@mac=@random="d82d6bab2c9c", {[0x0, 0x0, 0x0, 0xff]}}, 0x2, 0x7, 0xfffd, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ip6tnl0\x00', {0xff}}, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x10000, 'syz1\x00', {0x7b}}}}, {{@uncond, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz0\x00', {0x9}}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x458) r2 = socket$xdp(0x2c, 0x3, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f0000000140)=0x4000, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r5, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r5, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000180)=0x8000, 0x4) bind$xdp(r5, &(0x7f0000000100)={0x2c, 0x0, r7}, 0x10) bind$xdp(r2, &(0x7f0000000240)={0x2c, 0x1, r4, 0x0, r5}, 0x60) unshare(0x22020600) openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0x20000, 0x0) r8 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r8, 0xc0105500, &(0x7f0000000000)=ANY=[@ANYBLOB="a1"]) socket$inet6_tcp(0xa, 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r9 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000001040)=@newsa={0x194, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in6=@remote}, {@in6=@remote, 0x0, 0x32}, @in6=@mcast1, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @algo_auth_trunc={0x5c, 0x14, {{'cmac(aes)\x00'}, 0x80, 0x0, "0a55b0ca9cce75f5c91c906cf8542b42"}}]}, 0x194}}, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x28801, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x181d82, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2) 4.172002051s ago: executing program 1 (id=2379): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000080)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f0000001440)={@ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/233, 0xe9, 0x2, 0x4}, @fda={0x66646185, 0x0, 0x0, 0x24}, @fd}, &(0x7f00000001c0)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0xa0401, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000140)={0x4}) close_range(r0, 0xffffffffffffffff, 0x0) 4.153965713s ago: executing program 1 (id=2380): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', 0x0) chroot(&(0x7f00000002c0)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0\x00') openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee5, 0x1010, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) r2 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_opts(r2, 0x29, 0x3b, 0x0, &(0x7f00000000c0)) mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1) mlock2(&(0x7f0000247000/0x1000)=nil, 0x1000, 0x0) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x1fe, 0x0, &(0x7f0000143000/0x4000)=nil}) prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x8) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') read$FUSE(r3, &(0x7f0000003240)={0x2020}, 0x2020) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000380)={0x501000, 0x0, 0x10}, 0x18) r4 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) munlockall() munlockall() r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xb8) r6 = syz_open_dev$usbfs(&(0x7f0000000080), 0x8, 0x40000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00'}) mmap$usbfs(&(0x7f00007ea000/0x3000)=nil, 0x3000, 0x2000000, 0x4000010, r6, 0x6) socket$netlink(0x10, 0x3, 0xf) 4.137298995s ago: executing program 1 (id=2381): mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', &(0x7f0000000280), 0x22ad000, &(0x7f0000000380)=ANY=[@ANYRES16]) 3.943987073s ago: executing program 1 (id=2382): r0 = open(0x0, 0x80140, 0x0) ptrace$setregs(0xd, 0x0, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_expedited', 0x369a02, 0x109) fsconfig$FSCONFIG_SET_PATH(r1, 0x3, &(0x7f00000023c0)='fscrypt:', &(0x7f0000002400)='./file0\x00', r1) ptrace$cont(0x20, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c) listen(r2, 0x7ff) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) ftruncate(r4, 0xc17a) mount$fuse(0x0, 0x0, 0x0, 0x281409c, &(0x7f0000000140)=ANY=[@ANYRES32=r2, @ANYRESHEX, @ANYRESHEX=0x0, @ANYRESDEC=r0, @ANYRES16=r1, @ANYRESHEX=r1, @ANYRESHEX=r4]) lseek(r4, 0x3ff, 0x4) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x9, &(0x7f0000000240), 0x4) sendto$inet6(r3, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) close(0xffffffffffffffff) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) listen(0xffffffffffffffff, 0x204) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000240)="f081550000a000000f0048180045000fbe252e8a094d36420f705626002e660f3a176a4b00b9800000c00f3267420f01c30f5966ba2c0cb8c087678eef66ba470f080ced45c194710a000000058a3bc4827dbcae009008f2", 0x58}], 0x1, 0x2, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x61, 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x498201, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000ce"]) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0) 3.934020784s ago: executing program 32 (id=2382): r0 = open(0x0, 0x80140, 0x0) ptrace$setregs(0xd, 0x0, 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_expedited', 0x369a02, 0x109) fsconfig$FSCONFIG_SET_PATH(r1, 0x3, &(0x7f00000023c0)='fscrypt:', &(0x7f0000002400)='./file0\x00', r1) ptrace$cont(0x20, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c) listen(r2, 0x7ff) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) ftruncate(r4, 0xc17a) mount$fuse(0x0, 0x0, 0x0, 0x281409c, &(0x7f0000000140)=ANY=[@ANYRES32=r2, @ANYRESHEX, @ANYRESHEX=0x0, @ANYRESDEC=r0, @ANYRES16=r1, @ANYRESHEX=r1, @ANYRESHEX=r4]) lseek(r4, 0x3ff, 0x4) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x9, &(0x7f0000000240), 0x4) sendto$inet6(r3, 0x0, 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) close(0xffffffffffffffff) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = fsopen(0x0, 0x1) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) listen(0xffffffffffffffff, 0x204) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fda000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000240)="f081550000a000000f0048180045000fbe252e8a094d36420f705626002e660f3a176a4b00b9800000c00f3267420f01c30f5966ba2c0cb8c087678eef66ba470f080ced45c194710a000000058a3bc4827dbcae009008f2", 0x58}], 0x1, 0x2, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x61, 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x498201, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="0100000000000000ce"]) mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='exfat\x00', 0x200000, 0x0) 2.623950493s ago: executing program 3 (id=2396): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='binder\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)) 2.547933371s ago: executing program 3 (id=2397): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020) mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000140)='tracefs\x00', 0x22008dc, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) getsockopt(0xffffffffffffffff, 0x0, 0x5, 0x0, &(0x7f0000000100)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) ioctl$KVM_X86_SET_MSR_FILTER(0xffffffffffffffff, 0x4188aec6, &(0x7f0000002cc0)={0x1, [{0x0, 0x4d88, 0x6, &(0x7f0000000640)="7a650e526bd0998268bb5847d9beacc47a22df873eab4b8b91133675482eaa56ace8db59bed9aa07d4e390c7c9f98c462b55612196911e3c4e510ede3efde35eec990f22a76cf752e507c1e2de2920a9fc0790cc176bd2b901e4127b09835ae6d0d196048bb19a64d26f20a05b95c69f371882ef2e20c5606ed1b2ebcf09a4a333f6e1c3c4fb64d8182df4ab09d0a381d966977fc041cea9bdf0aa31fe51efe9211b9b8e6e4551b6438f8efcc41265574ff6504435eb22a678a99768f0327ded8fdcb41f27c2024d2b923f7dc5df5bf62af447b121dd9f94d766d6cebdeb02f611ab10e57af4b3268fb3f9777373bd5fd6b82f730e67c4eab113d8e65d7405be3e5d92dc5e7e85d34bb8b7c894cbed629ecc25c288b3d4556a85a1e2150cac5b686a8de29ab7c35040b77875bfa0e451dc0869cfe105bd115e7cf48f44dfdf26be65f3b727fd88d6395d051e49c060998e84b19377fcb20fe2eb392335e5a9d84555ef037aab37169ce761aa8a8ec08ea87e3a3b896f3d1b2380bc8256e0f7ea7dc488382e6112b53a7bb269d6261f87e0e0e0cef9152f8a67f412148f34880c970101fbd7b0e8fc49d6a5c87e487b7b175b15be26b6b8e1ed8527614dcefcfd80f8392560c8b706418b7de8fbb7a666a7e7f322dc70373606bf39efa04616cb99d662dfc591061bde5ed27a66aa7edbfec1eb0b1e843c372b84c3ed514a0aadf523b8669e526765d429824aeaa0a6f4c185754d437d977a1f586431dc256ce5aa7c25be259de3a0ae6e5bcdf56b4c7e8199fe6b461e78467cfac19de6956056ef57e93d3a7df8f646f4a9002b100edb0a6caa72b3f6eb29dc54de58120d27daff9cd61c64107e1bcb3b3212e1e2aa24fb24dc2dafc636c82ad25da9d934e46c7783d8f915337612feb348857ce2262240dfe51ec94d9d61074959f167b9840b20f003883bf167149228d7f03eafde851427cd1966a96aeae05b51ae4cd82f4b4dad60a070c01a8b500e2683f7136e331602e76845262825d7f3764cf1a05ad95d88aab71d41484f63fa6a43c044c7f03130552321933bc40b888fd0cc55939ff79a5059516f3b80c7ba8188ffb6a259a34567ee52c1f9df0f6c91737d688e36d076a49d1045cac30d5ed52a10381c96d9f22e469cc531bb06853d18b8f8625d2a917e795ffa4407fa75713510a3f5370e1ecbf7a5ff68a90a1eda077531cf4d399d4908f138c936e1931c72240070c6a6255f5fd03966e9a06c1d481e8e3d128e880776e572177780a3481c49bd86c174e152bafed245d58ef3428c645b08e48833960d1b5223d7be0c67a2b2c7531390d1837a84ed004a00cb4b0cd6e78824da032b48c49ec006d14206dc3d0c67d7ca87e9ea0faddc3e0b0c917c64eefeebf79e3a16c958db63a08a5d4d7210273aba3e56a4cd4cccb044750ff97749505ff1332b2dd30990849ab1500e1947d0abfb0c59760f0a502806ee1bce56fbb42251dd6ac8b709c73a6b8c548c2b23cf351dc498810e477bd082464e76702703b56d3cd2f3d8a2e00f19d8ffa3c236d3601f169c9dfe9c316f8cbe63c3801a51ea5ac785694a0c653cd28d68c5a81c2590d2aeea8c8688b2e88f46c4f99890e51b42cce485fcb4d91557fb3912b36b0dbeac8df44e945eb9937141402fb2aa1476185e1f8c37f6c98bc937f36d9c7237135132a54a03067b002b9c657ab0daa253af66eee78b0309cb8532dd2dee800c8349b731da0efa66ead82eebe0102279df5aa281fe1d86c0dbf154910d5e8a113ecbddbd046367b9e2acfa7cc406f61b472bbec6919534615ed81b664da956ce6586bf4c92d63ef371dfec5f9ce748931d585cadc9372a95a1372c7213e2c52fca253945afeee02e9f2de2d9452c85fd2dbdc87cb6c25697dfcbed8a0eba381835e6c360f3861367ec98a9a9ccf956d6cbfb706fee0d391cf82a0d4662792274f52fc2b5d72a43ec74a86400e62d3652f607774cfad1504bc0476570d532b527bf0d7012804b2e6fdf9a9414f10b16c9374f2b065348d865b309e37750d3a7e12394e356c48c9fa0d4a9a43f689f6cbf70b09a3b9782cc3d5d93480f8a7a21a049780fc6bf21f1eca938a37afcbb2b929a0c502e164d2571e78d214b359d97e3edc0ad5c7fd1625b4ece33e1f569676e9a7262ead857873f77ef149d2f8c5a09ab19ae384a7f957f612a24283c35327aa969b20711309644c5b3e6c89da94e1f5da54246bd771468a1adc8a8d601e0b12769604f0f07ca43ce2a8a2f4b5654c0b76b146c49038e07db54dae702580b97096911f034fc1797029de8b7c213c902d1d754e77ff85e6222e745db9d5d2d45c5d29a8b6de0f27e5701fdf12b09fd6c70baa0f85a424c21ce0796dbe1fd366b94fcdf64ea232b3e88b89a38d728de77e84decc804f07a48f2716ca6f76b24923cea1a4da0d1f1dc73611269e784c4fd921f9b26c11f35b5cda45842a81b603ce2155d95c273fa0743a571b52e68c9ea3f28009fc37406b9e329ce50fedfb20dfb4cdf3a94769aee2586c2a17e68a07abfcd18aceddfd3876b14558e4d092eadb9120796c44e89610494085117bc41b5c4619a8c160b97811df49fc7d9bf222d7a002640644337ef5af53ed50661131f7c042665b276c0adf0c9a74f3542729beb7632a6027e65eddff7bb27915826701ec9b6a4c672f08877eefd859e0aa6e75a2e841e1ea98dff994e5a58be628df86bff17497a4d0f92ab39db421eb1062a2a393656bbb1d92becbb91a59619156b51585cd2eafd8a18d6326166312efeaa7258bddad63e0c7372ffb7ce1f1adf1ac2ffa0f278e4be6684d762f8971ed7bb04096b96f8126bf5fd32142e745d421f495327dde0f1e2d9a1d8ba63c1453101396a2e54e89cdabac2c6a01f23a5c1d5a2dfa2a3c634176e97c9c62b41ea28102b5a08af2fba1d311bb323df086ea97726c9d8c7b7b53a3399a80f040d434fdcc2148fb1da3b7d7f0f3e3fd56471a310ee275da611c79f86be8ed6343f6ed0ad91dfeffebc3ab6389d0566d6db904c1db499ae7d2698fdc7170320f85cc3d3d0d9d0d0c7d45db7b53c5eb79a2fed2a048d9d74419532122fac62f6315a9e13b461cb4e26514491debd366927987271be963ea5805a49b8b480c6a393fda1b11fd5634890cf02948cb5bfea237afb30d081c7403cd334a02e5bb8db542c4d5fa5ec5c8a0dd36b62156881c98e01948b4775a502c5d8453439fd930df52caac9d71c28b712000b306b913c10918ca0bc194f2533334462e5cd2b2e6c978a4838febfbc2d4375b8108bd0aa32aeaf05e7ba30c781cace6470ead574f5cbfa68aa8c8d835e9b3ab2bd7dd90b5e3e6cd62d8e04c3b45326e1f560a8dd8f3db4177e9e5ccd61f21dacb5c40c8030559cdfe88f7aa98bdcde90c1214cf293b3df093d0630bc3073cbaffa025b1f5537b49d799731745de7d36cded4a9db25915a511ba505b4ddd885cd226c24ea37fd926dbd90b887"}, {0x0, 0x0, 0x41ff7484, 0x0}, {0x2, 0x0, 0x100d5ba, 0x0}, {0x2, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x9, 0x0}, {0x2, 0x0, 0x3, 0x0}, {0x2, 0x0, 0xa2d, 0x0}, {0x1, 0x0, 0x1, 0x0}, {0x1, 0x0, 0xf3f, 0x0}, {0x4, 0x0, 0x1000, 0x0}, {0x3, 0x0, 0x6, 0x0}, {0x3, 0x0, 0x1000, 0x0}, {0x0, 0x0, 0x9, 0x0}, {0x2, 0x0, 0x10d2, 0x0}, {0x2, 0x0, 0x3, 0x0}, {0x1, 0x0, 0x40005, 0x0}]}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f000000ee40)={0x2020}, 0x2020) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000002240)=ANY=[@ANYRES8=r1, @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1, 0x0, 0x0, 0x6}, 0x1c) write$binfmt_script(r5, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) socket(0x26, 0x80000, 0x2) preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x18, 0x8, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socket$netlink(0x10, 0x3, 0x8000000004) r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0xfffff000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) 2.251715159s ago: executing program 0 (id=2402): r0 = syz_clone(0x4000000, &(0x7f0000000580)="277b1da4e936329b612b14a9bc7d8cbb0bb2666de0cdc39acab7a9e6b8460460452296fdc57bcd7870ec451f8631376bf82efd65ccb982de01e7703e552b30923b", 0x41, 0x0, 0x0, 0x0) process_vm_writev(r0, &(0x7f0000000f00)=[{&(0x7f0000000d40)=""/74, 0x4a}], 0x1, &(0x7f0000001140)=[{&(0x7f0000000f40)=""/45, 0x2d}], 0x1, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f00000008c0)=0x20, 0x4) getsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000000940), &(0x7f0000000980)=0x4) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2082, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5}, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x8, 0x32, 0xffffffffffffffff, 0x6931b000) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000000)=0x2dac, 0x4) readv(r2, &(0x7f0000000140)=[{&(0x7f0000000080)=""/102}, {&(0x7f0000000180)=""/30}], 0x1) 2.194212055s ago: executing program 0 (id=2403): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15) r2 = dup(r1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={0xffffffffffffffff}) syz_usb_connect$uac1(0x5, 0xcf, &(0x7f0000000480)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbd, 0x3, 0x1, 0x9, 0x20, 0x4, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0xfff9, 0xc}, [@feature_unit={0xf, 0x24, 0x6, 0x3, 0x5, 0x4, [0xa, 0x2, 0x5, 0x9], 0x2}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x4, 0x15c4, 0xe, "5fff26"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x81, 0x3, 0x6, 0x2, "", "6b1ff0"}, @format_type_ii_discrete={0xe, 0x24, 0x2, 0x2, 0x81, 0x10, 0x2, "73022b8ce4"}, @as_header={0x7, 0x24, 0x1, 0x10, 0x4, 0x3}]}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x2, 0x3, 0x0, {0x7, 0x25, 0x1, 0x2, 0x5, 0x8}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0xd, 0x4, 0x8, 0x4, "67a6", "4746ad"}, @as_header={0x7, 0x24, 0x1, 0x1, 0x8, 0x1006}, @as_header={0x7, 0x24, 0x1, 0x2c, 0x5, 0x3}, @format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x0, 0x4, 0xc2, 0x8}]}, {{0x9, 0x5, 0x82, 0x9, 0x400, 0x2, 0xf3, 0xa, {0x7, 0x25, 0x1, 0x182, 0x0, 0x69}}}}}}}]}}, &(0x7f0000000740)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x310, 0x2, 0x18, 0x5, 0x10, 0x2}, 0x51, &(0x7f0000000280)={0x5, 0xf, 0x51, 0x3, [@ssp_cap={0xc, 0x10, 0xa, 0x9, 0x0, 0xffff, 0xf000, 0x5}, @ssp_cap={0x24, 0x10, 0xa, 0x49, 0x6, 0x9, 0x7, 0xd, [0x30, 0x0, 0x30, 0xff00f0, 0xf, 0x0]}, @ssp_cap={0x1c, 0x10, 0xa, 0x10, 0x4, 0x3, 0x1100, 0x2, [0xff0000, 0xff0000, 0xc0, 0xc0]}]}, 0x5, [{0x48, &(0x7f0000000340)=@string={0x48, 0x3, "fef52bc987b3c6f6c3b790fddec3c8834d9c93ab55b8234fa4eae0ee96beb2eab6a3da97e89964e444222f19721038b8328915b4db00e4d2068e4a7e738ad0013bb4bc517228"}}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x445}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x816}}, {0xdc, &(0x7f0000000580)=@string={0xdc, 0x3, "71f0ed8f3f2d830507f461a2cca282cb8bcf705d7d0da30784804b52056fe9b1b22990052a8d4f63141e72400c6266852b978acea73336c0bb6a1361354f770cbd71c25a3f51e86b41d8fd5c8ffd2fe121be9744697c9014a9a80396bd62eb548f2e2d17adc5c2dec7f91619b870e9fabe2578d1ea340c17db45bd6ca37fe65ebb4ca2dabe26627cb7c8c8c304012cb2ee16d2d521dadd49cbdda776ee12671b50f496e3780fb77aa5844457915d8caa6e4f7691aa8799bfad2646e78fe5be030b70b06eb85b4b040d4d26b6840ffe4de3e3654861662a5bc322"}}, {0x96, &(0x7f0000000680)=@string={0x96, 0x3, "0ba0dfed874db79010423c04751f73dd0714bf48a2fe2037aa0818d3db6f7f07fd9ec29b907573f8ed56324bab1b8fbee35a260166d72702c6182a3974da159c0d13fa578c720de33a777da70a1f80ec6c03f049b0eb2bb8e43e6fe1f6a13773a894d9b14819c2a8521c5b6b6ca844f2291e4352f0b61662341e447c975d1c8534753a3b1996e0ecb5bfedc6e638267063ab1c1d"}}]}) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'dummy0\x00', &(0x7f0000000180)=@ethtool_sset_info={0x37, 0x9, 0xfffffffffffffffa}}) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_INIT(r2, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x14210000, 0x7d, 0x1005, 0x0, 0x3}}, 0x50) mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000400)=ANY=[@ANYBLOB="7472616e735566642c725f620520dc", @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',noxattr,debug=0x000000007fffffff,cache=fscache,k']) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000010c0)={0x24, 0x12, 0x1, 0x70bd23, 0x0, "", [@nested={0x10, 0x0, 0x0, 0x0, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}, @nested={0x4, 0x1e}]}, 0x24}], 0x1}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000003c0)='mountinfo\x00') r6 = open(&(0x7f0000000200)='./bus\x00', 0x141a42, 0x0) sendfile(r6, r5, 0x0, 0xffffffff) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x82000, 0x0) 1.902291733s ago: executing program 2 (id=2408): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) write$tun(r0, &(0x7f0000000240)=ANY=[], 0xfdef) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x0, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_normal', 0x68800, 0x20) read$FUSE(r2, &(0x7f0000002040)={0x2020}, 0x2020) socket$inet(0x2, 0x80001, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) close_range(r1, 0xffffffffffffffff, 0x0) 1.792017174s ago: executing program 2 (id=2410): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) (async) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000100)={0x4c, 0x4c, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) fstat(r1, &(0x7f00000017c0)) (async) fstat(r1, &(0x7f00000017c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r3) (async) setuid(r3) setgroups(0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)={0x1c, 0x23, 0x9, 0x70bd25, 0x25dfd3ff, {0x1}, [@typed={0x8, 0x1, 0x0, 0x0, @ipv4=@remote}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000811}, 0x4000) mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000180)={0x73622a85, 0x380, 0x2}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfaf, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000940)={0x4c, 0x0, &(0x7f0000000000)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x7624f2802272dfaf, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0}) mlock(&(0x7f000023f000/0x4000)=nil, 0x4000) 1.770853317s ago: executing program 2 (id=2413): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x4, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) 1.678277266s ago: executing program 2 (id=2415): r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8c0, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={[0xfffffffffffffff9]}, 0x0, 0x8) timer_create(0x3, 0x0, &(0x7f0000044000)=0x0) timer_settime(r1, 0x1, &(0x7f0000040fe0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000280)=[0xfffffd0b, 0x8026, 0x4, 0x8, 0x6, 0xa, 0x10000a4, 0x2]) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000880)='./binderfs/binder1\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000940)={0x98, 0x0, &(0x7f00000003c0)=[@increfs={0x40046304, 0x3}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@fda={0x66646185, 0x6, 0x0, 0x33}, @flat=@binder={0x73622a85, 0x100}, @ptr={0x70742a85, 0x1, &(0x7f00000002c0)=""/226, 0xe2, 0x2, 0xa}}, &(0x7f0000000180)={0x0, 0x20, 0x38}}, 0x400}, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000080)={@flat=@weak_binder={0x77622a85, 0xa}, @fda={0x66646185, 0x7, 0x1, 0x17}, @fda={0x66646185, 0x7, 0x1, 0x1b}}, &(0x7f0000000000)={0x0, 0x18, 0x38}}}], 0x0, 0x0, 0x0}) 1.552277048s ago: executing program 2 (id=2417): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x6082, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5}, 0x0) ioprio_set$pid(0x2, 0x0, 0x0) sendfile(r0, r0, 0x0, 0x1000007fd) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=0x0) syz_open_procfs(r1, &(0x7f0000000080)='net/xfrm_stat\x00') 1.401640492s ago: executing program 3 (id=2418): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x24, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f00000004c0)="67d3290f1c1c0f2384b83c098ee0bad104b080ee66b90b03000066b80000000066ba000000800f30a566b9800000c00ff0aa8caa8c001000000f30260f07640f01ca", 0x42}], 0x1, 0x3, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/custom0\x00', 0x802, 0x0) r4 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000030681710950b2a17f4f70102030109029424000100000001963562b6f78153d51e090e0000026c5d6500977e730e270d15ded5bafcb67defbbc290c07b348227ea88969b273fe65f8cb76ba9a9ce9e3588498395fe37dd4882f5ee6fb022fb6a904529625c9cc79d305a9b71664d5f0aae803b8aac4370295fffd189943c7a8986452b18a9e9f24f6171e63dbc9e1347fb54d0ee5a9bd0421a2776f3fe130f2c5a6fac5b2452c8d9ee0a2b4c16efc4cbf800246baacd5759de2d44afa81a461736d35cceff0fcd4aa2b02b161f86e532a55a163945557b8742786a7a5ee9791f6d297419943c30ab26d30c28ead6f947cb629203ae4d0335eed2d8cf83f4dad4ac4cd27165c880465918b9c742e02c553d8c4b5c367caea8fcd4bcce4bfd64a349c517eb4a110a88d0268a7b6bf76c9824434e1049e7225344b054c73f434ca9c5f35c6f79db5afaf84e6fc03aa2d8e29ce54041af4b51f96cb668412e52fda5ef95c74cdcb93d1317231f01f51cb5ae68fb834b21ff628ab58fba5680bb68369e3669ae569e326b0d6039d9102934fefad89e4a0ff69435244a5bb7de3c97534637851d672389464a3e00ff69982a32a97f9d4364221c40853a39c956740877ca653546ee54652975abe0c53026df449796e76fdf959750ab5ae2b3ac7fbffe83af0f2fd1679225d0ff3560fac8d73ad946a38897ee72"], 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_group_source_req(r5, 0x0, 0x2e, &(0x7f0000000080)={0xa, {{0x2, 0x4e20, @multicast2}}, {{0x2, 0x4e23, @empty}}}, 0x108) close(0x3) r6 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_group_source_req(r6, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @rand_addr=0x64010102}}}, 0x108) setsockopt$inet_MCAST_MSFILTER(r6, 0x0, 0x30, &(0x7f0000000800)=ANY=[@ANYBLOB="090000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002000000ac1e000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006e000000000000000000000000000000000000000000000000000000000000000000020000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x290) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x2, 0x0, 0x0, 0x4, &(0x7f00000004c0)) setsockopt$inet_MCAST_MSFILTER(r6, 0x0, 0x30, &(0x7f0000000340)=ANY=[@ANYBLOB="090000000000000002000000e0000002"], 0x110) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_connect(0x0, 0x36, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000100)={0xa, 0x0, &(0x7f00000001c0)=[@free_buffer], 0x0, 0x0, 0x0}) 808.61352ms ago: executing program 0 (id=2423): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) (async) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x200b, 0x1}) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) ioctl$F2FS_IOC_ABORT_ATOMIC_WRITE(r2, 0xf505, 0x0) fgetxattr(r2, &(0x7f0000000180)=@known='security.selinux\x00', 0x0, 0x0) (async) fgetxattr(r2, &(0x7f0000000180)=@known='security.selinux\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0), 0x4) (async) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000000c0), 0x4) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0) ioctl$TUNSETCARRIER(r3, 0x400454e2, &(0x7f0000000080)=0x1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000500)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000440)={@fda={0x66646185, 0x4, 0x2, 0x32}, @flat=@weak_binder={0x77622a85, 0xa, 0x3}, @fda={0x66646185, 0x6, 0x0, 0x200000000000024}}, &(0x7f00000001c0)={0x0, 0x20, 0x38}}, 0x1000}], 0x0, 0x0, 0x0}) 774.585364ms ago: executing program 0 (id=2424): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) (async) r1 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) (async, rerun: 64) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x190) (async, rerun: 64) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) (async) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00') pwritev(r2, 0x0, 0x0, 0x0, 0x0) (async) bind$bt_l2cap(r0, &(0x7f0000000240)={0x1f, 0x9, @none, 0x6, 0x2}, 0xe) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) (async) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c00000002960500000822ff1ee2b069386900000800010001000000"], 0x1c}}, 0x0) (async, rerun: 32) r5 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)={0xbc, r6, 0x2, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r7}, @void}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x9}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x5}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xf5}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x391}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x330}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x9}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x3}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xfffffff8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x260}], @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x1}], @NL80211_ATTR_DURATION={0x8, 0x57, 0xd4f1}]}, 0xbc}, 0x1, 0x0, 0x0, 0x20000090}, 0x44000) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async) r8 = socket$packet(0x11, 0x2, 0x300) r9 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000c00), 0xffffffffffffffff) (rerun: 32) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x14, r10, 0xf0106b2f9946af23, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x800) (async) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r5, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000540)={0x240, r10, 0x800, 0x70bd29, 0x25dfdbfb, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0x6}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0xae3}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0x6}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x5}, {0x5, 0x12, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x1}, {0x6, 0x16, 0x1000}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x75}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x4}, {0x6, 0x16, 0xfc4c}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0x6}, {0x6, 0x16, 0x7ff}, {0x5, 0x12, 0x1}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x2}, {0x6, 0x16, 0x10}, {0x5, 0x12, 0x1}}]}, 0x240}, 0x1, 0x0, 0x0, 0x80}, 0x1) (async) setsockopt$packet_int(r8, 0x107, 0x13, &(0x7f0000000140)=0x277, 0x4) (async, rerun: 64) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) (async, rerun: 64) r12 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x2100, 0x0) getdents(r12, 0x0, 0x58) (async) sendmsg$NFQNL_MSG_VERDICT_BATCH(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)={0x14, 0x3, 0x3, 0x101}, 0x14}}, 0x0) (async) close_range(r3, 0xffffffffffffffff, 0x0) (async, rerun: 64) setsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f00000002c0)={0x1, 0x800}, 0x8) (async, rerun: 64) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000440)) (async) socket$nl_generic(0x10, 0x3, 0x10) 692.057872ms ago: executing program 0 (id=2425): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom1\x00', 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) setsockopt$inet6_int(r1, 0x29, 0x10, &(0x7f0000000000)=0x3, 0x4) (async) setsockopt$inet6_int(r1, 0x29, 0x10, &(0x7f0000000000)=0x3, 0x4) sendto$inet6(r1, &(0x7f0000000380)="e8", 0xfffffffffffffe98, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xfffffffd, @empty}, 0x1c) fcntl$getown(r0, 0x9) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4, 0x0, &(0x7f0000000440)=[@reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={@ptr={0x70742a85, 0x0, &(0x7f0000000200)=""/183, 0x0, 0x2, 0x16}, @flat=@weak_handle={0x77682a85, 0x100}, @flat=@weak_handle={0x77682a85, 0xa}}, &(0x7f0000000080)}}], 0xac, 0x0, &(0x7f00000000c0)="70d07134252032b13c6f6f6f7aaa12b1c0578b26dfe3b2b741205dad1d02a2a4524d5b0d2b225871a4b865d995f95d6aa99c4901dbf986b562794f45f28d37773ab5417f6282e980021d25789ea8edc9"}) 691.419772ms ago: executing program 0 (id=2426): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0) r1 = socket(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc) write(r1, &(0x7f0000000000)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26) connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000b4bffc)=0x1, 0x4) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="09030000000000fdff072000adce04000280"], 0x18}, 0x1, 0xf000000}, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0) preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffffff000}], 0x5, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000240), 0x3af4701e) sendfile(r5, r3, 0x0, 0x10000a007) write(r1, &(0x7f0000000980)="a9", 0x1) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r1) syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f0000000440)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x80, 0x10, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xab2a}, {0xd, 0x24, 0xf, 0x1, 0x5, 0xfff, 0x8, 0xa9}, {0x6, 0x24, 0x1a, 0x4, 0x2}}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x79, 0x81, 0x1}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x7, 0x0, 0x23}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x6, 0x9, 0x9}}}}}}}]}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) syz_usb_connect$cdc_ecm(0x5, 0x6d, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5b, 0x1, 0x1, 0x9e, 0xd0, 0x3, [{{0x9, 0x4, 0x0, 0x8, 0x3, 0x2, 0x6, 0x0, 0x5, {{0x6, 0x24, 0x6, 0x0, 0x0, 'q'}, {0x5, 0x24, 0x0, 0x38b}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x1, 0xff00, 0xcc}, [@dmm={0x7, 0x24, 0x14, 0x8, 0x8000}, @country_functional={0x12, 0x24, 0x7, 0x7, 0x6, [0x1ff, 0x5, 0x9, 0x3ba, 0xfff1, 0x4]}, @ncm={0x6, 0x24, 0x1a, 0xfad}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x400, 0x7, 0x9, 0xff}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x4, 0x8, 0x4}}}}}]}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x300, 0x8, 0x4, 0x7, 0x40, 0x3}, 0x5a, &(0x7f0000000100)={0x5, 0xf, 0x5a, 0x4, [@ssp_cap={0x1c, 0x10, 0xa, 0xf7, 0x4, 0x5, 0xff00, 0x2, [0x30, 0x3ff0, 0xff3f07, 0xf0]}, @ssp_cap={0xc, 0x10, 0xa, 0x3, 0x0, 0x9, 0x1100, 0x97e}, @ssp_cap={0x24, 0x10, 0xa, 0x79, 0x6, 0x4, 0xf000, 0x0, [0xf, 0xf, 0xf0, 0x30, 0x3f00, 0xf]}, @generic={0x9, 0x10, 0x4, "7efc1f1a8d01"}]}, 0x5, [{0xeb, &(0x7f0000000180)=@string={0xeb, 0x3, "fc24f6ebb92d6ec922e339acf1603d6fcb1c4d716ee7af1452ad75ae3fa3eb5c0445f2c932465db5613f4e82589bddcd077dfe01a19833aabe4b4cf87f4243e6d02dccb2ae6e6d4faff0d9317c0f3fa5415dfd58bdbe50a74611dc1b88122668597c60c06cc034744616814ddf86638c76ae04ad3cf2bb342a9eed773aced7fa30bb5efda06a9b230207a2f854af074b3edd053c8fd26ecfd991290204d829501e38713f30f4232b252fb94dc317135e2193134e6bdc76ebe5891e5bf4c52243b0d03143e5729b397e687d57a4ec8afecfd4eb43d328fc1ee90387fcbd80ad7aaaff1151a48a85fcf0"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x100c}}, {0x96, &(0x7f00000002c0)=@string={0x96, 0x3, "43461d1588382257894afc4dfee719cbf5f1bc5b2734fde0c7350a9ab2f53805d3482a37635e9db8b44ac6d1d44074208fa85bc5dc324ed51e6090ff41eeb45a49ffa3636bc408cf03b9e0b878cb26b85b5b4aa2d88a964c25b53389281545448a8a47e17e199c8665f3c65cfd9ce612722a3d94c7be4100551533f7a8405bc9e08a34efbfb53eaf693a8fb85d0a0b0dc3036663"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x80c}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x41d}}]}) 690.379272ms ago: executing program 2 (id=2427): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1002, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000080)=0x6ac7, 0x4) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000000)=0x2c4, 0x4) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000000c0)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000080)={@private0, 0x800, 0x2, 0x1, 0x5, 0x10, 0x3}, 0x20) syz_usb_connect(0x2, 0xb6, &(0x7f0000000080)=ANY=[@ANYBLOB="12010003cf7e8f4040201f7200f2010203010902a400018104004f0904870605a97a37020a24010a0b06020102092403050703020496062404029cfe09050b004000800000072501af82a7ce1932dc70000464040507250103"], &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0}) close_range(r0, 0xffffffffffffffff, 0x0) 402.85554ms ago: executing program 4 (id=2428): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2082, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) nanosleep(&(0x7f0000000080)={0x77359400}, &(0x7f00000000c0)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000018c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f0000001c00)={0x0, 0x0, &(0x7f0000001bc0)={&(0x7f0000001900)={0x18, r3, 0x2d1904d3112073a9, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40000004}, 0x8040) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) setsockopt$inet6_mreq(r4, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14) setsockopt$inet6_mreq(r5, 0x29, 0x1c, &(0x7f00000001c0)={@remote}, 0x14) ioprio_set$pid(0x2, 0x0, 0x0) r6 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) preadv(r6, &(0x7f0000000000)=[{&(0x7f0000000100)=""/24, 0x18}, {0x0, 0x63}], 0x2, 0x0, 0x20) r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x100080, 0x0) ioctl$TIOCSSOFTCAR(r7, 0x5453, 0x0) ioctl$TIOCMGET(r7, 0x5415, &(0x7f0000000080)) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1) 220.032158ms ago: executing program 4 (id=2429): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_int(r0, 0x1, 0x2e, 0x0, &(0x7f0000000040)) mount$binderfs(0x0, &(0x7f0000000040)='./binderfs\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000240)=ANY=[]) 137.618796ms ago: executing program 4 (id=2430): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3}) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) (async) bind$bt_hci(r1, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6) io_setup(0x8f0, &(0x7f0000002400)) (async) io_setup(0x8f0, &(0x7f0000002400)=0x0) io_submit(r2, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, r1, &(0x7f0000000040)="0200ff7f0000", 0x6, 0x0, 0x0, 0x2}]) (async) io_submit(r2, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2002000000, 0x4, 0x0, 0x1, 0x0, r1, &(0x7f0000000040)="0200ff7f0000", 0x6, 0x0, 0x0, 0x2}]) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x1381, 0x3}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) (async) r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) bind$bt_rfcomm(r3, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}, 0xa) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x98, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, @reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 84.223961ms ago: executing program 4 (id=2431): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1006, 0x0) writev(r0, &(0x7f0000000000), 0x0) r1 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0) (async) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0xb0, 0x0, &(0x7f0000000540)=[@exit_looper, @acquire={0x40046305, 0x1}, @request_death, @release={0x40046306, 0x1}, @enter_looper, @transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000280)={@ptr={0x70742a85, 0x1, &(0x7f0000000100)=""/253, 0xfd, 0x2, 0x2d}, @flat=@handle={0x73682a85, 0x1}, @ptr={0x70742a85, 0x1, &(0x7f0000000200)=""/113, 0x71, 0x0, 0x1f}}, &(0x7f0000000300)={0x0, 0x28, 0x40}}}, @reply={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000480)={@fda={0x66646185, 0x5, 0x2, 0x1e}, @ptr={0x70742a85, 0x0, &(0x7f0000000340)=""/243, 0xf3, 0x2, 0x26}, @ptr={0x70742a85, 0x0, &(0x7f0000000440)=""/29, 0x1d, 0x0, 0x6}}, &(0x7f0000000500)={0x0, 0x20, 0x48}}}], 0x14, 0x0, &(0x7f0000000600)="865afd7c4336ae14e1269a8392ee34f3f69c2e3a"}) (async, rerun: 64) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/custom1\x00', 0x0, 0x0) (rerun: 64) ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f0000000080)={0x1, 0x5d, 0x8, 0x0, 0x4, 0xa}) (async, rerun: 64) lseek(r1, 0xfffffffffffffffe, 0x4) (async, rerun: 64) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) 69.863193ms ago: executing program 4 (id=2432): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000840)=ANY=[@ANYBLOB="2c0000002d0001002dbd7000ffdba64c08000d00", @ANYRES32, @ANYBLOB="14001a801000db800c00ac8008000100627066"], 0x2c}], 0x1, 0x0, 0x0, 0x20004880}, 0xc000) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000100)={0x54, 0x0, &(0x7f0000000140)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000040)={@fd={0x66642a85, 0x0, r1}, @flat=@weak_handle={0x77682a85, 0x100}, @fda={0x66646185, 0xa, 0x2, 0x21}}, &(0x7f00000000c0)={0x0, 0x18, 0x30}}, 0x40}, @decrefs={0x40046307, 0xfffffffd}], 0x0, 0x0, 0x0}) 0s ago: executing program 4 (id=2433): ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'ip6_vti0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x4, 0x48, 0x6b, 0x8, 0x14, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x700, 0x80, 0x2, 0x3}}) openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',cache=readahead']) truncate(&(0x7f0000000240)='./file0\x00', 0x648) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x143042, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r4, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) sendfile(r3, r3, 0x0, 0x7a680000) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000400)='./binderfs/binder1\x00', 0x0, 0x0) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000100)={0x8, 0x0, &(0x7f0000000040)=[@request_death], 0x4d, 0x0, 0x0}) kernel console output (not intermixed with test programs): packet: 8 [ 77.557169][ T330] usb 4-1: config 2 has an invalid interface number: 14 but max is 1 [ 77.565449][ T330] usb 4-1: config 2 has an invalid interface number: 229 but max is 1 [ 77.574628][ T330] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 77.585315][ T36] audit: type=1400 audit(1778218294.655:1136): avc: denied { sqpoll } for pid=3543 comm="syz.0.1104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 77.605051][ T330] usb 4-1: config 2 has no interface number 0 [ 77.613838][ T330] usb 4-1: config 2 has no interface number 1 [ 77.620139][ T330] usb 4-1: config 2 interface 14 altsetting 132 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 77.627511][ T3548] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1105'. [ 77.631873][ T330] usb 4-1: config 2 interface 14 altsetting 132 has an invalid descriptor for endpoint zero, skipping [ 77.654425][ T330] usb 4-1: config 2 interface 14 altsetting 132 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 77.665757][ T330] usb 4-1: config 2 interface 229 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 77.677239][ T330] usb 4-1: config 2 interface 229 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 77.695757][ T330] usb 4-1: config 2 interface 14 has no altsetting 0 [ 77.705756][ T330] usb 4-1: New USB device found, idVendor=0499, idProduct=1056, bcdDevice=85.30 [ 77.714937][ T330] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.723243][ T330] usb 4-1: Product: syz [ 77.727750][ T330] usb 4-1: Manufacturer: syz [ 77.732384][ T330] usb 4-1: SerialNumber: syz [ 77.943703][ T3525] rust_binder: Write failure EFAULT in pid:507 [ 77.947172][ T330] snd-usb-audio 4-1:2.14: probe with driver snd-usb-audio failed with error -2 [ 77.966127][ T330] snd-usb-audio 4-1:2.229: probe with driver snd-usb-audio failed with error -2 [ 77.976653][ T330] usb 4-1: USB disconnect, device number 26 [ 77.984761][ T372] udevd[372]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:2.229/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 78.363951][ T36] audit: type=1326 audit(1778218295.445:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3594 comm="syz.1.1123" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa24578efc9 code=0x0 [ 78.415290][ T36] audit: type=1326 audit(1778218295.495:1138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3594 comm="syz.1.1123" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa24578efc9 code=0x0 [ 78.516406][ T3606] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1123'. [ 78.540935][ T3608] netlink: 'syz.3.1125': attribute type 4 has an invalid length. [ 78.815178][ T3619] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1128'. [ 79.163896][ T3640] 8021q: VLANs not supported on lo [ 79.726045][ T921] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 79.883016][ T921] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 79.892396][ T921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 79.900714][ T921] usb 4-1: Product: syz [ 79.905094][ T921] usb 4-1: Manufacturer: syz [ 79.910118][ T921] usb 4-1: SerialNumber: syz [ 80.540213][ T3690] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 80.548567][ T36] kauditd_printk_skb: 1 callbacks suppressed [ 80.548585][ T36] audit: type=1400 audit(1778218297.635:1140): avc: denied { mounton } for pid=3663 comm="syz.3.1144" path="/175/file0" dev="overlay" ino=4611686018427387905 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 80.548831][ T3690] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 80.897310][ T3692] SELinux: security_context_str_to_sid (E) failed with errno=-22 [ 81.589892][ T3725] 9pnet_fd: Insufficient options for proto=fd [ 81.633709][ T3736] ip6gretap0: mtu less than device minimum [ 81.634408][ T3729] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1168'. [ 81.652306][ T36] audit: type=1400 audit(1778218298.735:1141): avc: denied { read } for pid=3728 comm="syz.2.1168" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 81.674928][ T3738] 9pnet_fd: Insufficient options for proto=fd [ 81.731755][ T3752] EXT4-fs: dax option not supported [ 81.752900][ T3754] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1177'. [ 81.763770][ T3754] gretap0: entered promiscuous mode [ 81.770149][ T3755] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1177'. [ 81.780673][ T3755] 0{X: renamed from gretap0 [ 81.786793][ T3755] 0{X: left promiscuous mode [ 81.791953][ T3755] 0{X: entered allmulticast mode [ 81.799208][ T3755] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 81.815635][ T3755] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1177'. [ 81.825516][ T3755] 1{X: renamed from 30{X (while UP) [ 81.832903][ T3755] A link change request failed with some changes committed already. Interface 31{X may have been left with an inconsistent configuration, please check. [ 81.849417][ T3755] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1177'. [ 81.858797][ T3755] 0{X: renamed from 31{X (while UP) [ 81.869872][ T3755] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 81.890960][ T3755] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1177'. [ 81.903197][ T3755] 1{X: renamed from 30{X (while UP) [ 81.911665][ T3755] A link change request failed with some changes committed already. Interface 31{X may have been left with an inconsistent configuration, please check. [ 81.927987][ T3755] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1177'. [ 81.937365][ T3755] 0{X: renamed from 31{X (while UP) [ 81.944454][ T3755] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 81.961089][ T3755] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1177'. [ 81.970605][ T3755] 1{X: renamed from 30{X (while UP) [ 81.978140][ T3755] A link change request failed with some changes committed already. Interface 31{X may have been left with an inconsistent configuration, please check. [ 82.003145][ T3755] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1177'. [ 82.021418][ T3755] 0{X: renamed from 31{X (while UP) [ 82.040223][ T3755] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 82.056516][ T3755] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1177'. [ 82.066125][ T3755] 1{X: renamed from 30{X (while UP) [ 82.074172][ T3755] A link change request failed with some changes committed already. Interface 31{X may have been left with an inconsistent configuration, please check. [ 82.094516][ T3755] 0{X: renamed from 31{X (while UP) [ 82.103140][ T3755] A link change request failed with some changes committed already. Interface 30{X may have been left with an inconsistent configuration, please check. [ 82.119815][ T3755] 1{X: renamed from 30{X (while UP) [ 82.139364][ T3755] 0{X: renamed from 31{X (while UP) [ 82.148177][ T3755] 1{X: renamed from 30{X (while UP) [ 82.168480][ T3755] 0{X: renamed from 31{X (while UP) [ 82.176353][ T3755] 1{X: renamed from 30{X (while UP) [ 82.184239][ T3755] 0{X: renamed from 31{X (while UP) [ 82.192670][ T3755] 1{X: renamed from 30{X (while UP) [ 82.200072][ T3755] 0{X: renamed from 31{X (while UP) [ 82.213685][ T3755] 1{X: renamed from 30{X (while UP) [ 82.221295][ T3755] 0{X: renamed from 31{X (while UP) [ 82.229529][ T3755] 1{X: renamed from 30{X (while UP) [ 82.237773][ T3755] 0{X: renamed from 31{X (while UP) [ 82.247103][ T3755] 1{X: renamed from 30{X (while UP) [ 82.255026][ T3755] 0{X: renamed from 31{X (while UP) [ 82.262552][ T3755] 1{X: renamed from 30{X (while UP) [ 82.269891][ T3755] 0{X: renamed from 31{X (while UP) [ 82.277164][ T3755] 1{X: renamed from 30{X (while UP) [ 82.284756][ T3755] 0{X: renamed from 31{X (while UP) [ 82.292092][ T3755] 1{X: renamed from 30{X (while UP) [ 82.300629][ T3755] 0{X: renamed from 31{X (while UP) [ 82.307913][ T3755] 1{X: renamed from 30{X (while UP) [ 82.315116][ T3755] 0{X: renamed from 31{X (while UP) [ 82.322791][ T3755] 1{X: renamed from 30{X (while UP) [ 82.330148][ T3755] 0{X: renamed from 31{X (while UP) [ 82.382389][ T36] audit: type=1400 audit(1778218299.465:1142): avc: denied { create } for pid=3783 comm="syz.2.1186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ipx_socket permissive=1 [ 82.518264][ T31] usb 4-1: USB disconnect, device number 27 [ 82.564945][ T3793] netlink: 'syz.3.1189': attribute type 4 has an invalid length. [ 82.573384][ T3793] rust_binder: Write failure EFAULT in pid:534 [ 82.588617][ T36] audit: type=1400 audit(1778218299.675:1143): avc: denied { write } for pid=3794 comm="syz.3.1190" name="rtc0" dev="devtmpfs" ino=195 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 82.913242][ T31] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 82.950256][ T3830] cgroup: release_agent respecified [ 83.019652][ T3840] fuseblk: Bad value for 'fd' [ 83.076992][ T31] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 83.089187][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 83.100688][ T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 83.110544][ T31] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 83.123829][ T31] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 83.133168][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.146016][ T31] usb 4-1: config 0 descriptor?? [ 83.497229][ T3857] IPv6: NLM_F_CREATE should be specified when creating new route [ 83.529136][ T3860] futex_wake_op: syz.2.1215 tries to shift op by -1; fix this program [ 83.553413][ T3797] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 83.562057][ T3797] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 83.572641][ T31] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 83.581794][ T31] plantronics 0003:047F:FFFF.0006: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 83.793445][ T3863] x_tables: unsorted entry at hook 2 [ 83.863701][ T36] audit: type=1400 audit(1778218300.945:1144): avc: denied { shutdown } for pid=3864 comm="syz.1.1217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 83.914329][ T3888] /dev/loop0: Can't lookup blockdev [ 84.087515][ T3910] fuse: Unknown parameter '' [ 84.118062][ T3917] SELinux: security_context_str_to_sid (E) failed with errno=-22 [ 84.187176][ T921] usb 4-1: USB disconnect, device number 28 [ 84.511410][ T3984] overlayfs: failed to clone upperpath [ 84.900237][ T4012] sit0: entered promiscuous mode [ 84.905616][ T4012] netlink: 'syz.2.1268': attribute type 1 has an invalid length. [ 84.954111][ T4014] netlink: 'syz.3.1270': attribute type 6 has an invalid length. [ 84.994420][ T4022] overlayfs: failed to clone upperpath [ 85.000444][ T4020] bpf: Bad value for 'uid' [ 85.005195][ T4020] overlayfs: failed to clone upperpath [ 85.197235][ T4038] kvm_intel: kvm [4037]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x1d9) = 0xbfe1 [ 85.209266][ T4038] kvm: kvm [4037]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x187) = 0x894f [ 85.218713][ T4038] kvm: kvm [4037]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x186) = 0x3fbd [ 85.230175][ T4038] kvm: kvm [4037]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0x11e) = 0x9be4 [ 85.241193][ T4038] kvm: kvm [4037]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x6953 [ 85.249982][ T4038] kvm: kvm [4037]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x24c2 [ 85.691488][ T4072] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 85.775135][ T36] audit: type=1400 audit(1778218302.855:1145): avc: denied { listen } for pid=4091 comm="syz.3.1294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 85.820333][ T4097] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1841182687 (58917845984 ns) > initial count (45424741664 ns). Using initial count to start timer. [ 85.840329][ T4097] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1852575491 (118564831424 ns) > initial count (78018577472 ns). Using initial count to start timer. [ 85.924303][ T36] audit: type=1400 audit(1778218303.005:1146): avc: denied { bind } for pid=4098 comm="syz.3.1296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 85.929770][ T4099] binder: Unknown parameter 'smackfsfloor' [ 86.206030][ T31] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 86.476776][ T31] usb 4-1: config index 0 descriptor too short (expected 3133, got 61) [ 86.485181][ T31] usb 4-1: config 0 has an invalid interface number: 156 but max is 1 [ 86.512063][ T31] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 86.535886][ T31] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 86.545362][ T31] usb 4-1: config 0 has no interface number 0 [ 86.558119][ T31] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 86.572782][ T31] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 86.584480][ T31] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 86.595107][ T31] usb 4-1: config 0 interface 156 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 86.611318][ T31] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 86.621404][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.632495][ T31] usb 4-1: config 0 descriptor?? [ 86.639047][ T31] usb 4-1: MIDIStreaming interface descriptor not found [ 86.841764][ T921] usb 4-1: USB disconnect, device number 29 [ 86.865411][ T36] audit: type=1400 audit(2000000000.060:1147): avc: denied { audit_read } for pid=4150 comm="syz.1.1314" capability=37 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 87.065102][ T4157] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 87.065616][ T4156] overlayfs: missing 'lowerdir' [ 87.383790][ T4181] rust_binder: Error while translating object. [ 87.383832][ T4181] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 87.392534][ T4181] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:596 [ 87.457419][ T4188] x_tables: unsorted underflow at hook 2 [ 87.516993][ T4190] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:605 [ 87.838463][ T4240] overlayfs: failed to resolve './file0': -2 [ 87.894933][ T4244] rust_binder: Failed copying remainder into alloc: EFAULT [ 87.894961][ T4244] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 87.903480][ T4244] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 87.912083][ T4244] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:621 [ 87.941075][ T36] audit: type=1400 audit(2000000001.138:1148): avc: denied { create } for pid=4248 comm="syz.1.1348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 88.190085][ T4286] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 [ 88.197548][ T4286] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:632 [ 88.229231][ T36] audit: type=1400 audit(2000000001.416:1149): avc: denied { map } for pid=4288 comm="syz.2.1363" path="socket:[16897]" dev="sockfs" ino=16897 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 88.265847][ T4293] rust_binder: Error while translating object. [ 88.265895][ T4293] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 88.266274][ T36] audit: type=1400 audit(2000000001.416:1150): avc: denied { validate_trans } for pid=4292 comm="syz.3.1364" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 88.290679][ T4293] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:637 [ 88.306085][ T36] audit: type=1400 audit(2000000001.416:1151): avc: denied { read accept } for pid=4288 comm="syz.2.1363" path="socket:[16897]" dev="sockfs" ino=16897 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 88.391807][ T4308] __vm_enough_memory: pid: 4308, comm: syz.3.1369, bytes: 18014402804453376 not enough memory for the allocation [ 88.536082][ T4325] netlink: 'syz.0.1376': attribute type 4 has an invalid length. [ 88.544063][ T4325] __nla_validate_parse: 33 callbacks suppressed [ 88.544088][ T4325] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1376'. [ 88.688989][ T4340] netlink: 'syz.1.1382': attribute type 15 has an invalid length. [ 88.698797][ T4339] netlink: 'syz.1.1382': attribute type 15 has an invalid length. [ 88.761550][ T36] audit: type=1326 audit(2000000001.942:1152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4351 comm="syz.1.1386" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa24578efc9 code=0x0 [ 88.996535][ T4381] incfs: Error accessing: . [ 89.001312][ T4381] incfs: mount failed -2 [ 89.024634][ T4386] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1395'. [ 89.098022][ T4397] SELinux: security_context_str_to_sid (sytem_uGй :) failed with errno=-22 [ 89.650233][ T9] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 89.696130][ T36] audit: type=1400 audit(2000000002.875:1153): avc: denied { map } for pid=4481 comm="syz.2.1424" path="socket:[17217]" dev="sockfs" ino=17217 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 89.781156][ T9] usb 4-1: device descriptor read/64, error -71 [ 89.889643][ T36] audit: type=1400 audit(2000000003.063:1154): avc: denied { setattr } for pid=4486 comm="syz.2.1426" path="/" dev="configfs" ino=1249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 90.043165][ T9] usb 4-1: device descriptor read/64, error -71 [ 90.108313][ T4503] overlayfs: failed to clone upperpath [ 90.216864][ T4523] overlayfs: failed to clone upperpath [ 90.285455][ T9] usb 4-1: new full-speed USB device number 31 using dummy_hcd [ 90.415980][ T9] usb 4-1: device descriptor read/64, error -71 [ 90.556804][ T4543] 9pnet: Could not find request transport: fd( '~f0 [ 90.556804][ T4543] v\01j [ 90.572016][ T4543] GUP no longer grows the stack in syz.0.1445 (4543): 200000005000-200000008000 (200000004000) [ 90.582604][ T4543] CPU: 1 UID: 0 PID: 4543 Comm: syz.0.1445 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 90.582637][ T4543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 90.582658][ T4543] Call Trace: [ 90.582666][ T4543] [ 90.582675][ T4543] __dump_stack+0x21/0x30 [ 90.582717][ T4543] dump_stack_lvl+0x10c/0x190 [ 90.582747][ T4543] ? __cfi_dump_stack_lvl+0x10/0x10 [ 90.582777][ T4543] ? futex_lock_pi_atomic+0xdd/0xc70 [ 90.582807][ T4543] dump_stack+0x19/0x20 [ 90.582836][ T4543] fixup_user_fault+0x63d/0x6d0 [ 90.582864][ T4543] fault_in_user_writeable+0x76/0xe0 [ 90.582887][ T4543] futex_lock_pi+0x258/0xa10 [ 90.582912][ T4543] ? futex_unqueue+0x136/0x160 [ 90.582935][ T4543] ? should_fail+0xf/0x20 [ 90.582956][ T4543] ? __cfi_futex_lock_pi+0x10/0x10 [ 90.582983][ T4543] ? __cfi_futex_wake_mark+0x10/0x10 [ 90.583019][ T4543] ? futex_setup_timer+0xb4/0xd0 [ 90.583041][ T4543] ? __cfi_futex_wake_mark+0x10/0x10 [ 90.583071][ T4543] ? mas_find+0x358/0x5f0 [ 90.583094][ T4543] ? __kasan_check_write+0x18/0x20 [ 90.583130][ T4543] do_futex+0x25c/0x500 [ 90.583153][ T4543] ? __cfi_do_futex+0x10/0x10 [ 90.583176][ T4543] ? __vm_munmap+0x2c7/0x370 [ 90.583200][ T4543] __se_sys_futex+0x28f/0x300 [ 90.583224][ T4543] ? __x64_sys_futex+0x110/0x110 [ 90.583249][ T4543] ? __kasan_check_write+0x18/0x20 [ 90.583284][ T4543] __x64_sys_futex+0xe9/0x110 [ 90.583308][ T4543] x64_sys_call+0x227f/0x2ee0 [ 90.583342][ T4543] do_syscall_64+0x58/0xf0 [ 90.583371][ T4543] ? clear_bhb_loop+0x50/0xa0 [ 90.583396][ T4543] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 90.583420][ T4543] RIP: 0033:0x7f6ee2b8efc9 [ 90.583445][ T4543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.583466][ T4543] RSP: 002b:00007f6ee3ae9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 90.583499][ T4543] RAX: ffffffffffffffda RBX: 00007f6ee2de5fa0 RCX: 00007f6ee2b8efc9 [ 90.583517][ T4543] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000 [ 90.583533][ T4543] RBP: 00007f6ee2c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 90.583549][ T4543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 90.583563][ T4543] R13: 00007f6ee2de6038 R14: 00007f6ee2de5fa0 R15: 00007ffdfa7599d8 [ 90.583584][ T4543] [ 90.725454][ T4547] fuse: Unknown parameter 'grobd^?cup_id' [ 90.829027][ T9] usb 4-1: device descriptor read/64, error -71 [ 90.947056][ T9] usb usb4-port1: attempt power cycle [ 91.292585][ T9] usb 4-1: new full-speed USB device number 32 using dummy_hcd [ 91.333862][ T9] usb 4-1: device descriptor read/8, error -71 [ 91.464853][ T9] usb 4-1: device descriptor read/8, error -71 [ 91.715712][ T9] usb 4-1: new full-speed USB device number 33 using dummy_hcd [ 91.757004][ T9] usb 4-1: device descriptor read/8, error -71 [ 91.843629][ T4590] netlink: 'syz.2.1460': attribute type 27 has an invalid length. [ 91.888026][ T9] usb 4-1: device descriptor read/8, error -71 [ 91.997907][ T9] usb usb4-port1: unable to enumerate USB device [ 92.464740][ T4617] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 92.464771][ T4617] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:691 [ 92.500414][ T4621] rust_binder: validate_parent_fixup: fixup_min_offset=46, parent_offset=35 [ 92.509812][ T4621] rust_binder: Error while translating object. [ 92.518679][ T4621] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 92.524969][ T4621] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:694 [ 92.525932][ T36] kauditd_printk_skb: 1 callbacks suppressed [ 92.525952][ T36] audit: type=1400 audit(2000000005.694:1156): avc: denied { relabelto } for pid=4625 comm="syz.0.1473" name="file0" dev="tmpfs" ino=2496 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 92.587079][ T36] audit: type=1400 audit(2000000005.743:1157): avc: denied { unlink } for pid=290 comm="syz-executor" name="file0" dev="tmpfs" ino=2496 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0" [ 92.662637][ T36] audit: type=1400 audit(2000000005.813:1158): avc: denied { create } for pid=4642 comm="syz.1.1479" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 92.690128][ T4651] overlayfs: missing 'lowerdir' [ 92.697310][ T36] audit: type=1400 audit(2000000005.852:1159): avc: denied { setattr } for pid=4652 comm="syz.1.1482" path="socket:[17383]" dev="sockfs" ino=17383 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 92.797856][ T4677] netlink: 'syz.0.1489': attribute type 4 has an invalid length. [ 92.807360][ T4677] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1489'. [ 92.887196][ T4688] incfs: Options parsing error. -22 [ 92.892569][ T4688] incfs: mount failed -22 [ 93.048298][ T36] audit: type=1400 audit(2000000006.210:1160): avc: denied { create } for pid=4709 comm="syz.3.1498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 93.082289][ T4712] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 93.082336][ T4712] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:722 [ 93.155866][ T4724] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 93.165194][ T4724] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:733 [ 93.398430][ T4733] random: crng reseeded on system resumption [ 93.445288][ T4737] rust_binder: Failed to allocate buffer. len:4096, is_oneway:true [ 93.445314][ T4737] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 93.453422][ T4737] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:746 [ 93.482720][ T4739] netlink: 'syz.3.1509': attribute type 20 has an invalid length. [ 93.501482][ T4739] netlink: 'syz.3.1509': attribute type 1 has an invalid length. [ 94.090764][ T4772] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=31 sclass=netlink_tcpdiag_socket pid=4772 comm=syz.0.1523 [ 94.444905][ T4796] rust_binder: Write failure EFAULT in pid:765 [ 94.620871][ T4806] rust_binder: Write failure EFAULT in pid:775 [ 94.663706][ T36] audit: type=1400 audit(2000000007.808:1161): avc: denied { watch watch_reads } for pid=4809 comm="syz.3.1538" path="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 94.780231][ T4826] 9pnet_fd: Insufficient options for proto=fd [ 94.835782][ T4837] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 94.867377][ T4844] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 94.867539][ T4844] rust_binder: Failed to allocate buffer. len:1144, is_oneway:false [ 94.887640][ T4848] rust_binder: 802: no such ref 3 [ 94.901012][ T4848] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 94.901046][ T4848] rust_binder: Read failure Err(EFAULT) in pid:802 [ 94.958044][ T36] audit: type=1400 audit(2000000008.096:1162): avc: denied { append } for pid=4854 comm="syz.3.1556" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 95.049479][ T4861] overlayfs: missing 'lowerdir' [ 95.142808][ T4872] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1561'. [ 95.148504][ T4874] rust_binder: Write failure EFAULT in pid:820 [ 95.185348][ T4878] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 95.198857][ T4878] rust_binder: 824: no such ref 3 [ 95.204300][ T4878] rust_binder: Failed to allocate buffer. len:4200, is_oneway:false [ 95.204318][ T4879] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 95.219838][ T4879] rust_binder: 824: no such ref 3 [ 95.224995][ T4879] rust_binder: Failed to allocate buffer. len:4200, is_oneway:false [ 95.254145][ T4884] rust_binder: Error while translating object. [ 95.262554][ T4884] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 95.268865][ T4884] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:830 [ 95.310324][ T4889] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 95.319872][ T4889] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:835 [ 95.583498][ T9] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 95.744636][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 95.751051][ T9] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 95.759645][ T9] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 95.768401][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 95.777679][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 95.787411][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 95.797119][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 95.810300][ T9] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 95.819469][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.828213][ T9] usb 4-1: config 0 descriptor?? [ 96.039033][ T9] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 34 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 96.045775][ T4905] overlayfs: failed to clone upperpath [ 96.237752][ T36] audit: type=1400 audit(2000000009.367:1163): avc: denied { read write } for pid=4890 comm="syz.3.1570" name="lp0" dev="devtmpfs" ino=549 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 96.266458][ T31] usb 4-1: USB disconnect, device number 34 [ 96.273708][ T36] audit: type=1400 audit(2000000009.367:1164): avc: denied { open } for pid=4890 comm="syz.3.1570" path="/dev/usb/lp0" dev="devtmpfs" ino=549 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1 [ 96.297896][ T31] usblp0: removed [ 96.479202][ T36] audit: type=1400 audit(2000000009.606:1165): avc: denied { ioctl } for pid=4919 comm="syz.1.1580" path="socket:[20557]" dev="sockfs" ino=20557 ioctlcmd=0x1500 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1 [ 96.514773][ T4924] overlayfs: failed to clone upperpath [ 96.538801][ T4916] No source specified [ 96.544205][ T4917] rust_binder: Error while translating object. [ 96.544246][ T4917] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 96.557370][ T4917] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:842 [ 96.633239][ T4930] tipc: Enabling of bearer rejected, media not registered [ 96.984354][ T4942] netlink: 'syz.1.1589': attribute type 8 has an invalid length. [ 97.044150][ T46] tipc: Subscription rejected, illegal request [ 97.070131][ T4951] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1591'. [ 97.322994][ T4968] overlayfs: failed to clone lowerpath [ 97.355269][ T4968] overlayfs: failed to clone lowerpath [ 97.387521][ T5000] netlink: 'syz.3.1608': attribute type 3 has an invalid length. [ 97.409175][ T5000] netlink: 944 bytes leftover after parsing attributes in process `syz.3.1608'. [ 97.545912][ T5014] rust_binder: Failed to allocate buffer. len:1184, is_oneway:false [ 97.548411][ T5013] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 97.592437][ T5018] rust_binder: Read failure Err(EAGAIN) in pid:865 [ 97.612919][ T5022] incfs: Options parsing error. -22 [ 97.653849][ T5022] incfs: mount failed -22 [ 97.720283][ T5027] netlink: 8540 bytes leftover after parsing attributes in process `syz.2.1615'. [ 97.744964][ T5027] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1615'. [ 97.783560][ T5032] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 98.319300][ T5079] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1630'. [ 98.530893][ T5085] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1633'. [ 98.540234][ T5086] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1633'. [ 98.571074][ T5094] netlink: 'syz.0.1635': attribute type 12 has an invalid length. [ 98.594635][ T45] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 98.717867][ T5106] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1639'. [ 98.761928][ T45] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.774911][ T45] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.785950][ T45] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 98.795189][ T45] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 98.803838][ T45] usb 4-1: Manufacturer: syz [ 98.809443][ T45] usb 4-1: config 0 descriptor?? [ 99.016432][ T36] kauditd_printk_skb: 62 callbacks suppressed [ 99.016452][ T36] audit: type=1400 audit(2000000012.147:1228): avc: denied { ioctl } for pid=5080 comm="syz.3.1631" path="mnt:[4026532389]" dev="nsfs" ino=4026532389 ioctlcmd=0x940a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 99.387565][ T45] usbhid 4-1:0.0: can't add hid device: -71 [ 99.395606][ T45] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 99.406832][ T45] usb 4-1: USB disconnect, device number 35 [ 99.562296][ T36] audit: type=1326 audit(2000000012.687:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5147 comm="syz.1.1653" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa24578efc9 code=0x0 [ 100.035280][ T5167] input: syz1 as /devices/virtual/input/input14 [ 100.129577][ T5172] 9p: Unknown access argument : -22 [ 100.217626][ T5187] rust_binder: validate_parent_fixup: fixup_min_offset=46, parent_offset=35 [ 100.217652][ T5187] rust_binder: Error while translating object. [ 100.227482][ T5187] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 100.233867][ T5187] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:919 [ 100.784169][ T5242] rust_binder: Error while translating object. [ 100.796605][ T5242] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 100.805460][ T5242] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:932 [ 100.887972][ T5255] overlayfs: failed to clone lowerpath [ 101.293529][ T5326] syz.1.1708 uses obsolete (PF_INET,SOCK_PACKET) [ 101.300628][ T5326] netlink: 'syz.1.1708': attribute type 4 has an invalid length. [ 101.312932][ T5326] netlink: 'syz.1.1708': attribute type 4 has an invalid length. [ 101.920650][ T5353] fuse: Unknown parameter 'gou p_id' [ 101.921662][ T36] audit: type=1400 audit(2000000015.047:1230): avc: denied { read } for pid=5352 comm="syz.1.1716" name="file0" dev="tmpfs" ino=2718 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 101.948689][ T36] audit: type=1400 audit(2000000015.047:1231): avc: denied { open } for pid=5352 comm="syz.1.1716" path="/496/file0" dev="tmpfs" ino=2718 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 102.335802][ T5399] overlayfs: failed to clone upperpath [ 102.775974][ T5409] net_ratelimit: 24 callbacks suppressed [ 102.776000][ T5409] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 102.815851][ T5415] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1739'. [ 102.831064][ T5417] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1740'. [ 102.840336][ T5417] netlink: 35 bytes leftover after parsing attributes in process `syz.2.1740'. [ 102.852510][ T5417] netlink: 'syz.2.1740': attribute type 6 has an invalid length. [ 102.860326][ T5417] netlink: 'syz.2.1740': attribute type 5 has an invalid length. [ 102.868275][ T5417] netlink: 35 bytes leftover after parsing attributes in process `syz.2.1740'. [ 103.204173][ T36] audit: type=1400 audit(2000000016.327:1232): avc: denied { accept } for pid=5482 comm="syz.3.1761" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 103.228973][ T5485] SELinux: security_context_str_to_sid (sytem_uGй) failed with errno=-22 [ 103.381507][ T5500] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 103.381548][ T5500] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:955 [ 103.535657][ T5511] rust_binder: 960: no such ref 1 [ 103.565925][ T5511] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:960 [ 104.028005][ T5534] overlayfs: failed to clone upperpath [ 104.092816][ T5536] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1781'. [ 104.190121][ T5541] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1783'. [ 104.220694][ T36] audit: type=1400 audit(2000000017.347:1233): avc: denied { execute } for pid=5543 comm="syz.2.1785" path="/cpuacct.usage_percpu" dev="rootfs" ino=21870 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1 [ 104.363541][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.363573][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.385332][ T5565] rust_binder: Error while translating object. [ 104.404992][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.419256][ T5565] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 104.427985][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.437641][ T5565] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:966 [ 104.447946][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.457465][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.464410][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.472005][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.479482][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.486652][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.498262][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.505270][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.512257][ T36] audit: type=1326 audit(2000000017.637:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5573 comm="syz.1.1795" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa24578efc9 code=0x0 [ 104.542893][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.542920][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.549554][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.556210][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.562743][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.569478][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.576084][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.582645][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.589237][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.595788][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.602262][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.608837][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.615463][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.622017][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.628713][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.635523][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.642009][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.648579][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.655084][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.661577][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.668164][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.675024][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.681480][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.687989][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.694724][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.701514][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.708303][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.714800][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.721266][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.728010][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.734487][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.741458][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.747994][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.754591][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.763074][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.770237][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.784582][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.791172][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.798222][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.804836][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.812725][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.821885][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.829725][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.836420][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.842878][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.849359][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.855914][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.862359][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.868968][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.875535][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.882061][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.888719][ T5567] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 104.947597][ T5609] rust_binder: 975: no such ref 1 [ 104.952720][ T5609] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:975 [ 104.992731][ T5617] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false [ 105.002197][ T5617] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 105.010476][ T5621] rust_binder: Failed to allocate buffer. len:4096, is_oneway:false [ 105.212591][ T36] audit: type=1400 audit(2000000018.337:1235): avc: denied { mount } for pid=5646 comm="syz.2.1820" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 105.274607][ T9] usb 4-1: new full-speed USB device number 36 using dummy_hcd [ 105.384467][ T36] audit: type=1400 audit(2000000018.507:1236): avc: denied { create } for pid=5680 comm="syz.2.1829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 105.404574][ T9] usb 4-1: device descriptor read/64, error -71 [ 105.436981][ T36] audit: type=1400 audit(2000000018.557:1237): avc: denied { create } for pid=5685 comm="syz.2.1830" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 105.471350][ T5696] veth1: entered allmulticast mode [ 105.529491][ T5696] veth1: left allmulticast mode [ 105.543588][ T5713] netlink: 'syz.0.1839': attribute type 11 has an invalid length. [ 105.551616][ T5713] netlink: 'syz.0.1839': attribute type 2 has an invalid length. [ 105.639163][ T36] audit: type=1326 audit(2000000018.767:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5733 comm="syz.2.1847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a13d8efc9 code=0x7ffc0000 [ 105.664583][ T9] usb 4-1: device descriptor read/64, error -71 [ 105.664668][ T36] audit: type=1326 audit(2000000018.767:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5733 comm="syz.2.1847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a13d8efc9 code=0x7ffc0000 [ 105.694858][ T36] audit: type=1326 audit(2000000018.767:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5733 comm="syz.2.1847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a13d8efc9 code=0x7ffc0000 [ 105.726119][ T36] audit: type=1326 audit(2000000018.767:1241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5733 comm="syz.2.1847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f4a13d8efc9 code=0x7ffc0000 [ 105.754588][ T36] audit: type=1326 audit(2000000018.767:1242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5733 comm="syz.2.1847" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4a13d8efc9 code=0x7ffc0000 [ 105.804879][ T5762] netlink: 'syz.2.1854': attribute type 4 has an invalid length. [ 105.812769][ T5762] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.1854'. [ 105.889631][ T5768] 9pnet_fd: Insufficient options for proto=fd [ 105.897693][ T5768] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1855'. [ 105.914691][ T9] usb 4-1: new full-speed USB device number 37 using dummy_hcd [ 106.044585][ T9] usb 4-1: device descriptor read/64, error -71 [ 106.284615][ T9] usb 4-1: device descriptor read/64, error -71 [ 106.398268][ T9] usb usb4-port1: attempt power cycle [ 106.407553][ T5778] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1861'. [ 106.444150][ T5786] overlayfs: failed to clone upperpath [ 106.596029][ T5807] 9pnet_fd: Insufficient options for proto=fd [ 106.699149][ T5824] overlayfs: failed to clone upperpath [ 106.744688][ T9] usb 4-1: new full-speed USB device number 38 using dummy_hcd [ 106.765744][ T9] usb 4-1: device descriptor read/8, error -71 [ 106.895766][ T9] usb 4-1: device descriptor read/8, error -71 [ 107.079053][ T5842] can: request_module (can-proto-3) failed. [ 107.134633][ T9] usb 4-1: new full-speed USB device number 39 using dummy_hcd [ 107.155910][ T9] usb 4-1: device descriptor read/8, error -71 [ 107.285802][ T9] usb 4-1: device descriptor read/8, error -71 [ 107.302957][ T5847] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 107.311857][ T5847] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 107.394893][ T9] usb usb4-port1: unable to enumerate USB device [ 107.633911][ T5872] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1896'. [ 107.643116][ T5872] tipc: Enabling of bearer rejected, already enabled [ 107.651600][ T5872] 9pnet: p9_errstr2errno: server reported unknown error 1844674 [ 107.838238][ T5898] 9pnet_fd: Insufficient options for proto=fd [ 107.984007][ T5929] fuse: Unknown parameter '0x0000000000000003' [ 108.154626][ T5936] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1920'. [ 108.276093][ T5947] SELinux: security_context_str_to_sid (E) failed with errno=-22 [ 108.285263][ T5947] random: crng reseeded on system resumption [ 108.335886][ T5953] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 108.344512][ T5953] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 108.357209][ T5953] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 108.584607][ T45] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 108.724629][ T45] usb 4-1: device descriptor read/64, error -71 [ 108.964869][ T45] usb 4-1: device descriptor read/64, error -71 [ 109.205465][ T45] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 109.358784][ T45] usb 4-1: device descriptor read/64, error -71 [ 109.370595][ T6005] tipc: Trying to set illegal importance in message [ 109.537035][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.545185][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.552850][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.564793][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.578014][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.586040][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.593780][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.601708][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.611795][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.619644][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.624632][ T45] usb 4-1: device descriptor read/64, error -71 [ 109.634237][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.643675][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.651516][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.665308][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.674235][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.683438][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.692074][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.700329][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.708640][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.716804][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.725102][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.732811][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.741724][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.749756][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.758032][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.764752][ T45] usb usb4-port1: attempt power cycle [ 109.771081][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.778933][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.786597][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.794206][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.803411][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.812406][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.820594][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 109.830291][ T6019] overlayfs: failed to resolve 'subj_user= `U0/O': -2 [ 110.104662][ T45] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 110.125808][ T45] usb 4-1: device descriptor read/8, error -71 [ 110.255734][ T45] usb 4-1: device descriptor read/8, error -71 [ 110.504599][ T45] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 110.525716][ T45] usb 4-1: device descriptor read/8, error -71 [ 110.540927][ T6074] fuse: Bad value for 'fd' [ 110.546202][ T6074] futex_wake_op: syz.0.1964 tries to shift op by 144; fix this program [ 110.659468][ T45] usb 4-1: device descriptor read/8, error -71 [ 110.674667][ T6096] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1973'. [ 110.679294][ T36] kauditd_printk_skb: 77 callbacks suppressed [ 110.679315][ T36] audit: type=1400 audit(2000000023.807:1320): avc: denied { map } for pid=6097 comm="syz.2.1974" path="socket:[24705]" dev="sockfs" ino=24705 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 110.718032][ T36] audit: type=1400 audit(2000000023.807:1321): avc: denied { accept } for pid=6097 comm="syz.2.1974" path="socket:[24705]" dev="sockfs" ino=24705 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 110.745388][ T36] audit: type=1400 audit(2000000023.827:1322): avc: denied { create } for pid=6097 comm="syz.2.1974" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 110.784684][ T45] usb usb4-port1: unable to enumerate USB device [ 110.808042][ T6104] overlayfs: missing 'lowerdir' [ 111.196482][ T6131] bridge0: entered allmulticast mode [ 111.424129][ T6159] overlayfs: failed to clone upperpath [ 111.430466][ T6160] overlayfs: failed to clone upperpath [ 111.744622][ T809] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 111.759793][ T6179] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2003'. [ 111.769364][ T6180] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2003'. [ 111.885359][ T809] usb 4-1: device descriptor read/64, error -71 [ 112.124640][ T809] usb 4-1: device descriptor read/64, error -71 [ 112.364586][ T809] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 112.471997][ T6186] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.480005][ T6186] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.487440][ T6186] bridge_slave_0: entered allmulticast mode [ 112.494822][ T6186] bridge_slave_0: entered promiscuous mode [ 112.502057][ T13] bridge_slave_1: left allmulticast mode [ 112.508096][ T13] bridge_slave_1: left promiscuous mode [ 112.509914][ T6196] sock: sock_set_timeout: `syz.1.2009' (pid 6196) tries to set negative timeout [ 112.513976][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.530408][ T809] usb 4-1: device descriptor read/64, error -71 [ 112.537459][ T13] bridge_slave_0: left allmulticast mode [ 112.543284][ T13] bridge_slave_0: left promiscuous mode [ 112.549021][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.573920][ T13] bridge0 (unregistering): left allmulticast mode [ 112.695577][ T6186] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.702902][ T6186] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.710210][ T6186] bridge_slave_1: entered allmulticast mode [ 112.716871][ T6186] bridge_slave_1: entered promiscuous mode [ 112.728104][ T13] veth1_macvtap: left promiscuous mode [ 112.733914][ T13] veth0_vlan: left promiscuous mode [ 112.774621][ T809] usb 4-1: device descriptor read/64, error -71 [ 112.827554][ T6186] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.834769][ T6186] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.842266][ T6186] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.849478][ T6186] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.870450][ T5214] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.878965][ T5214] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.886685][ T809] usb usb4-port1: attempt power cycle [ 112.895762][ T5215] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.902882][ T5215] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.912050][ T5214] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.919265][ T5214] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.946769][ T6186] veth0_vlan: entered promiscuous mode [ 112.959459][ T6186] veth1_macvtap: entered promiscuous mode [ 112.980860][ T36] audit: type=1400 audit(2000000026.107:1323): avc: denied { mounton } for pid=6186 comm="syz-executor" path="/root/syzkaller.ySXQYj/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 113.090460][ T36] audit: type=1400 audit(2000000026.217:1324): avc: denied { create } for pid=6221 comm="syz.1.2013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 113.122863][ T6224] fuse: Bad value for 'group_id' [ 113.128550][ T6224] fuse: Bad value for 'group_id' [ 113.193703][ T6235] netlink: 'syz.1.2019': attribute type 4 has an invalid length. [ 113.201541][ T6235] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2019'. [ 113.224631][ T809] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 113.245673][ T809] usb 4-1: device descriptor read/8, error -71 [ 113.375999][ T809] usb 4-1: device descriptor read/8, error -71 [ 113.614605][ T809] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 113.635957][ T809] usb 4-1: device descriptor read/8, error -71 [ 113.765641][ T809] usb 4-1: device descriptor read/8, error -71 [ 113.874749][ T809] usb usb4-port1: unable to enumerate USB device [ 114.029474][ T6244] rust_binder: Error while translating object. [ 114.029508][ T6244] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 114.036272][ T6244] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:14 [ 114.404754][ T921] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 114.453381][ T6265] binder: Bad value for 'max' [ 114.470158][ T6267] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2030'. [ 114.479220][ T6267] bridge_slave_1: left allmulticast mode [ 114.485131][ T6267] bridge_slave_1: left promiscuous mode [ 114.490804][ T6267] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.498847][ T6267] bridge_slave_0: left allmulticast mode [ 114.505283][ T6267] bridge_slave_0: left promiscuous mode [ 114.511180][ T6267] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.521178][ T6271] rust_binder: 1021: no such ref 1 [ 114.526878][ T6271] rust_binder: Read failure Err(EAGAIN) in pid:1021 [ 114.527220][ T6267] bridge0 (unregistering): left allmulticast mode [ 114.574653][ T921] usb 1-1: Using ep0 maxpacket: 16 [ 114.581825][ T921] usb 1-1: config 1 interface 0 altsetting 11 endpoint 0x81 has an invalid bInterval 221, changing to 11 [ 114.581871][ T6279] overlay: Unknown parameter 'audit' [ 114.593405][ T921] usb 1-1: config 1 interface 0 altsetting 11 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 114.612180][ T921] usb 1-1: config 1 interface 0 has no altsetting 0 [ 114.615506][ T6279] overlay: Unknown parameter 'audit' [ 114.620649][ T921] usb 1-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.40 [ 114.633329][ T921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.641535][ T921] usb 1-1: Product: syz [ 114.645966][ T921] usb 1-1: Manufacturer: 掅翘7톜馰䏆铒㜲披ハಧƏ帋榘⒅懙벵鞃漉呺髓㞫⯛ﱃ㍅ﭳⵗ⒦䯴욎䝊㼤鑮입㣴흼ھꩮ썥සݺ됿ఋ驤矤ဧ㯓䉲嗸줥喪営咄潲欆늛쫹蚤㈻ᰭㇽ恂ꗔꆮ떤쀽荏颋罹㩣ꩧꅣ㩔ℬ炘褲 [ 114.693775][ T921] usb 1-1: SerialNumber: syz [ 114.697117][ T36] audit: type=1400 audit(2000000027.817:1325): avc: denied { create } for pid=6284 comm="syz.3.2035" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 114.726667][ T6293] SELinux: security_context_str_to_sid (E) failed with errno=-22 [ 114.735598][ T6294] rust_binder: 1028: no such ref 3 [ 114.754247][ T6294] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1 [ 114.763877][ T6294] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1 [ 114.771145][ T6294] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 114.778713][ T6294] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1028 [ 114.808868][ T6307] rust_binder: Error while translating object. [ 114.818738][ T6307] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOENT } [ 114.825288][ T6307] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1031 [ 114.835373][ T6307] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 114.862307][ T6313] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 2 [ 114.876478][ T6313] rust_binder: Write failure EINVAL in pid:1036 [ 114.892129][ T6317] rust_binder: Read failure Err(EAGAIN) in pid:1038 [ 115.082566][ T6332] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 136, limit: 224, size: 226) [ 115.089258][ T6332] rust_binder: Error while translating object. [ 115.100171][ T6332] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 115.106427][ T6332] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1048 [ 115.135604][ T36] audit: type=1400 audit(2000000028.267:1326): avc: denied { write } for pid=6333 comm="syz.3.2052" name="usbmon9" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 115.214061][ T6343] batadv_slave_0: entered promiscuous mode [ 115.222262][ T6342] batadv_slave_0: left promiscuous mode [ 115.241646][ T6345] __vm_enough_memory: pid: 6345, comm: syz.3.2055, bytes: 18014402804453376 not enough memory for the allocation [ 115.450565][ T36] audit: type=1400 audit(2000000028.577:1327): avc: denied { lock } for pid=6362 comm="syz.1.2062" path="socket:[25278]" dev="sockfs" ino=25278 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 115.487586][ T36] audit: type=1400 audit(2000000028.617:1328): avc: denied { create } for pid=6366 comm="syz.1.2064" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1 [ 115.684585][ T9] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 115.834634][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 115.841046][ T9] usb 4-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 115.852037][ T9] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 115.861190][ T9] usb 4-1: New USB device found, idVendor=056a, idProduct=00b2, bcdDevice= 0.00 [ 115.870385][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.879762][ T9] usb 4-1: config 0 descriptor?? [ 116.366657][ T6435] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.373820][ T6435] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.381275][ T6435] bridge_slave_0: entered allmulticast mode [ 116.388796][ T6435] bridge_slave_0: entered promiscuous mode [ 116.395822][ T6435] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.402870][ T6435] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.410231][ T6435] bridge_slave_1: entered allmulticast mode [ 116.416991][ T6435] bridge_slave_1: entered promiscuous mode [ 116.423238][ T5213] bridge_slave_1: left allmulticast mode [ 116.429316][ T5213] bridge_slave_1: left promiscuous mode [ 116.435204][ T5213] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.442992][ T5213] bridge_slave_0: left allmulticast mode [ 116.448894][ T5213] bridge_slave_0: left promiscuous mode [ 116.454884][ T5213] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.559598][ T5213] tipc: Left network mode [ 116.565927][ T5213] veth1_macvtap: left promiscuous mode [ 116.572645][ T5213] veth0_vlan: left promiscuous mode [ 116.632606][ T36] audit: type=1400 audit(2000000029.757:1329): avc: denied { execute } for pid=6440 comm="syz.2.2076" path="/509/cpuacct.usage_percpu" dev="tmpfs" ino=2771 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 116.650835][ T6435] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.665617][ T6435] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.673452][ T6435] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.680536][ T6435] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.717813][ T5214] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.726465][ T5214] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.746276][ T5214] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.753377][ T5214] bridge0: port 1(bridge_slave_0) entered forwarding state [ 116.761787][ T5214] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.768911][ T5214] bridge0: port 2(bridge_slave_1) entered forwarding state [ 116.797652][ T6435] veth0_vlan: entered promiscuous mode [ 116.813638][ T6435] veth1_macvtap: entered promiscuous mode [ 116.877296][ T6458] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 116.877346][ T6458] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:2 [ 116.925234][ T6456] rust_binder: 1066: no such ref 3 [ 116.926648][ T6462] rust_binder: Write failure EFAULT in pid:4 [ 116.934570][ T6456] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1 [ 116.953913][ T6456] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 1 [ 116.961398][ T6456] rust_binder: Write failure EFAULT in pid:1066 [ 116.980937][ T36] audit: type=1326 audit(2000000030.107:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6463 comm="syz.1.2079" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0fc998efc9 code=0x0 [ 117.126058][ T921] usbhid 1-1:1.0: can't add hid device: -71 [ 117.137966][ T921] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 117.149530][ T921] usb 1-1: USB disconnect, device number 7 [ 117.160749][ T36] audit: type=1400 audit(2000000030.287:1331): avc: denied { setopt } for pid=6466 comm="syz.0.2080" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 117.209461][ T6469] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 117.209499][ T6469] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:28 [ 117.224997][ T6469] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 117.234339][ T6471] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 117.241401][ T6471] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:28 [ 117.898203][ T6486] binder: Bad value for 'max' [ 118.184656][ T31] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 118.314615][ T31] usb 2-1: device descriptor read/64, error -71 [ 118.517273][ T809] usb 4-1: USB disconnect, device number 48 [ 118.554168][ T6501] netlink: 'syz.2.2093': attribute type 27 has an invalid length. [ 118.555506][ T31] usb 2-1: device descriptor read/64, error -71 [ 118.577586][ T6506] loop2: detected capacity change from 0 to 7 [ 118.583954][ T6504] fuse: Unknown parameter 'F' [ 118.589748][ T6501] fuse: Unknown parameter 'F' [ 118.597250][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 118.606657][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 118.615708][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 118.625005][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 118.639705][ T6506] loop2: unable to read partition table [ 118.649173][ T6506] loop_reread_partitions: partition scan of loop2 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 118.676849][ T6508] loop2: detected capacity change from 7 to 4 [ 118.694566][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 118.706214][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 118.715806][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 118.724199][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 118.734896][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 118.751245][ T6512] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 118.751288][ T6512] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:40 [ 118.758123][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 118.780980][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 118.791742][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 118.802641][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 118.812636][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 118.822423][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 118.841946][ T6522] input: syz1 as /devices/virtual/input/input15 [ 118.891175][ T6527] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION freeze notification not active [ 118.904576][ T31] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 118.910212][ T6527] rust_binder: Write failure EINVAL in pid:1082 [ 118.942570][ T36] audit: type=1400 audit(2000000032.067:1332): avc: denied { lock } for pid=6530 comm="syz.2.2105" path="socket:[25887]" dev="sockfs" ino=25887 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 118.974837][ T6531] fuse: Unknown parameter 'f+' [ 118.985801][ T36] audit: type=1400 audit(2000000032.107:1333): avc: denied { mounton } for pid=6530 comm="syz.2.2105" path="/522/file0" dev="tmpfs" ino=2842 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 119.044603][ T31] usb 2-1: device descriptor read/64, error -71 [ 119.114023][ T6540] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 119.126140][ T6540] rust_binder: Error while translating object. [ 119.126192][ T6540] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 119.132596][ T6540] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:46 [ 119.144572][ T36] audit: type=1400 audit(2000000032.277:1334): avc: denied { rename } for pid=6532 comm="syz.3.2106" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 119.146208][ T6533] FAT-fs (rnullb0): bogus number of reserved sectors [ 119.184736][ T6533] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 119.272789][ T6405] Bluetooth: hci0: Frame reassembly failed (-84) [ 119.314645][ T31] usb 2-1: device descriptor read/64, error -71 [ 119.424727][ T31] usb usb2-port1: attempt power cycle [ 119.459379][ T6551] rust_binder: Write failure EINVAL in pid:53 [ 119.478679][ T36] audit: type=1400 audit(2000000032.607:1335): avc: denied { write } for pid=6552 comm="syz.0.2113" path="socket:[26057]" dev="sockfs" ino=26057 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 119.485166][ T6553] rust_binder: 55: no such ref 3 [ 119.514835][ T6553] rust_binder: 55: no such ref 1 [ 119.519894][ T6553] rust_binder: Write failure EFAULT in pid:55 [ 119.590259][ T6555] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 119.660091][ T6557] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2115'. [ 119.714812][ T6559] SELinux: security_context_str_to_sid (E) failed with errno=-22 [ 119.750072][ T6405] Bluetooth: hci1: Frame reassembly failed (-84) [ 119.774642][ T31] usb 2-1: new full-speed USB device number 6 using dummy_hcd [ 119.796277][ T31] usb 2-1: device descriptor read/8, error -71 [ 119.925712][ T31] usb 2-1: device descriptor read/8, error -71 [ 120.164618][ T31] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 120.185770][ T31] usb 2-1: device descriptor read/8, error -71 [ 120.316035][ T31] usb 2-1: device descriptor read/8, error -71 [ 120.424707][ T31] usb usb2-port1: unable to enumerate USB device [ 120.977421][ T36] audit: type=1400 audit(2000000034.107:1336): avc: denied { append } for pid=6594 comm="syz.1.2128" name="ppp" dev="devtmpfs" ino=86 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 121.063973][ T6599] loop2: detected capacity change from 0 to 7 [ 121.108476][ T6602] rust_binder: Failed copying remainder into alloc: EFAULT [ 121.108504][ T6602] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EFAULT } [ 121.116324][ T6602] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EFAULT } [ 121.124714][ T6602] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EFAULT } my_pid:27 [ 121.314732][ T54] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 121.330089][ T597] Bluetooth: hci0: command 0x1003 tx timeout [ 121.365025][ T6611] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96 [ 121.466809][ T36] audit: type=1400 audit(2000000034.597:1337): avc: denied { remount } for pid=6622 comm="syz.2.2139" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1 [ 121.515990][ T36] audit: type=1400 audit(2000000034.647:1338): avc: denied { execute_no_trans } for pid=6634 comm="syz.2.2142" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=1162 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 121.634623][ T921] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 121.764585][ T921] usb 2-1: device descriptor read/64, error -71 [ 121.794699][ T1055] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 122.014653][ T921] usb 2-1: device descriptor read/64, error -71 [ 122.094631][ T45] usb 4-1: new full-speed USB device number 49 using dummy_hcd [ 122.127976][ T6650] overlayfs: failed to clone upperpath [ 122.134714][ T6651] overlayfs: failed to resolve './file0': -2 [ 122.152448][ T36] kauditd_printk_skb: 1 callbacks suppressed [ 122.152468][ T36] audit: type=1400 audit(2000000035.277:1340): avc: denied { write } for pid=6653 comm="syz.2.2147" name="/" dev="configfs" ino=1249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 122.153969][ T6654] netlink: 'syz.2.2147': attribute type 27 has an invalid length. [ 122.254638][ T921] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 122.256243][ T45] usb 4-1: not running at top speed; connect to a high speed hub [ 122.271800][ T45] usb 4-1: config 8 has an invalid interface number: 169 but max is 1 [ 122.281142][ T45] usb 4-1: config 8 has an invalid interface number: 174 but max is 1 [ 122.287374][ T6661] netlink: 'syz.2.2149': attribute type 12 has an invalid length. [ 122.290247][ T45] usb 4-1: config 8 has no interface number 0 [ 122.303616][ T45] usb 4-1: config 8 has no interface number 1 [ 122.309805][ T45] usb 4-1: config 8 interface 169 altsetting 255 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 122.320971][ T45] usb 4-1: config 8 interface 169 altsetting 255 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 122.332091][ T45] usb 4-1: config 8 interface 169 altsetting 255 endpoint 0x5 has invalid wMaxPacketSize 0 [ 122.342339][ T45] usb 4-1: config 8 interface 169 altsetting 255 has an endpoint descriptor with address 0x32, changing to 0x2 [ 122.364791][ T45] usb 4-1: config 8 interface 169 altsetting 255 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 122.376323][ T45] usb 4-1: config 8 interface 169 altsetting 255 endpoint 0xC has invalid maxpacket 1023, setting to 64 [ 122.384626][ T921] usb 2-1: device descriptor read/64, error -71 [ 122.387783][ T45] usb 4-1: config 8 interface 169 altsetting 255 has an invalid descriptor for endpoint zero, skipping [ 122.398478][ T6668] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2152'. [ 122.405172][ T45] usb 4-1: config 8 interface 169 altsetting 255 endpoint 0x3 has invalid maxpacket 1040, setting to 64 [ 122.425926][ T45] usb 4-1: config 8 interface 169 altsetting 255 has an invalid descriptor for endpoint zero, skipping [ 122.454159][ T36] audit: type=1400 audit(2000000035.567:1341): avc: denied { create } for pid=6671 comm="syz.2.2154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 122.477016][ T45] usb 4-1: config 8 interface 169 altsetting 255 has an invalid descriptor for endpoint zero, skipping [ 122.489900][ T45] usb 4-1: config 8 interface 169 altsetting 255 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 122.493006][ T36] audit: type=1400 audit(2000000035.567:1342): avc: denied { write } for pid=6671 comm="syz.2.2154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 122.501667][ T45] usb 4-1: config 8 interface 174 altsetting 64 endpoint 0xB has invalid maxpacket 1023, setting to 64 [ 122.533216][ T45] usb 4-1: config 8 interface 174 altsetting 64 has an invalid descriptor for endpoint zero, skipping [ 122.544250][ T45] usb 4-1: config 8 interface 174 altsetting 64 has an invalid descriptor for endpoint zero, skipping [ 122.555357][ T45] usb 4-1: config 8 interface 174 altsetting 64 has a duplicate endpoint with address 0x3, skipping [ 122.574223][ T45] usb 4-1: config 8 interface 174 altsetting 64 has an invalid descriptor for endpoint zero, skipping [ 122.587696][ T45] usb 4-1: config 8 interface 174 altsetting 64 has a duplicate endpoint with address 0x5, skipping [ 122.593347][ T6677] loop2: detected capacity change from 0 to 7 [ 122.598806][ T45] usb 4-1: config 8 interface 174 altsetting 64 has a duplicate endpoint with address 0xF, skipping [ 122.617100][ T45] usb 4-1: config 8 interface 174 altsetting 64 has a duplicate endpoint with address 0xF, skipping [ 122.633350][ T45] usb 4-1: config 8 interface 174 altsetting 64 has a duplicate endpoint with address 0x4, skipping [ 122.644344][ T45] usb 4-1: config 8 interface 174 altsetting 64 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 122.655536][ T45] usb 4-1: config 8 interface 174 altsetting 64 has a duplicate endpoint with address 0x3, skipping [ 122.666586][ T45] usb 4-1: config 8 interface 169 has no altsetting 0 [ 122.673540][ T45] usb 4-1: config 8 interface 174 has no altsetting 0 [ 122.674606][ T921] usb 2-1: device descriptor read/64, error -71 [ 122.682485][ T45] usb 4-1: New USB device found, idVendor=19d2, idProduct=0056, bcdDevice=b1.ea [ 122.696345][ T45] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.704444][ T45] usb 4-1: Product: syz [ 122.708876][ T45] usb 4-1: Manufacturer: syz [ 122.713593][ T45] usb 4-1: SerialNumber: syz [ 122.719982][ T6647] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 122.794710][ T921] usb usb2-port1: attempt power cycle [ 122.962432][ T45] usb 4-1: USB disconnect, device number 49 [ 123.144665][ T921] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 123.165799][ T921] usb 2-1: device descriptor read/8, error -71 [ 123.195857][ T6699] overlayfs: failed to clone lowerpath [ 123.295762][ T921] usb 2-1: device descriptor read/8, error -71 [ 123.426118][ T36] audit: type=1326 audit(2000000036.557:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6676 comm="syz.0.2156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f619a98efc9 code=0x7fc00000 [ 123.450045][ T36] audit: type=1326 audit(2000000036.557:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6676 comm="syz.0.2156" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f619a98efc9 code=0x7fc00000 [ 123.490919][ T36] audit: type=1400 audit(2000000036.617:1345): avc: denied { remount } for pid=6709 comm="syz.3.2166" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 123.520684][ T36] audit: type=1400 audit(2000000036.647:1346): avc: denied { unmount } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 123.536623][ T6712] rust_binder: Write failure EFAULT in pid:74 [ 123.544709][ T921] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 123.576301][ T921] usb 2-1: device descriptor read/8, error -71 [ 123.694955][ T6728] /dev/nbd3: Can't lookup blockdev [ 123.705653][ T921] usb 2-1: device descriptor read/8, error -71 [ 123.774583][ T45] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 123.814692][ T921] usb usb2-port1: unable to enumerate USB device [ 123.907990][ T6732] netlink: 'syz.2.2175': attribute type 13 has an invalid length. [ 123.933561][ T6734] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2176'. [ 123.934609][ T45] usb 1-1: Using ep0 maxpacket: 16 [ 123.951749][ T45] usb 1-1: config 1 interface 0 altsetting 6 bulk endpoint 0x82 has invalid maxpacket 8 [ 123.969651][ T6736] 9pnet_fd: Insufficient options for proto=fd [ 123.974607][ T45] usb 1-1: config 1 interface 0 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 1024 [ 123.985773][ T45] usb 1-1: config 1 interface 0 has no altsetting 0 [ 123.993972][ T45] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 124.004546][ T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.012900][ T45] usb 1-1: Product: syz [ 124.019409][ T45] usb 1-1: Manufacturer: Т [ 124.024362][ T45] usb 1-1: SerialNumber: syz [ 124.037498][ T6712] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 124.047535][ T6712] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 124.296384][ T6763] tipc: Enabling of bearer rejected, failed to enable media [ 124.323822][ T6765] overlayfs: failed to clone lowerpath [ 124.330327][ T6765] overlayfs: failed to clone lowerpath [ 124.371321][ T6769] overlayfs: failed to clone lowerpath [ 124.378960][ T6769] overlayfs: failed to clone lowerpath [ 124.401417][ T6771] fuse: blksize only supported for fuseblk [ 124.468893][ T45] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71 [ 124.484153][ T45] usb 1-1: USB disconnect, device number 8 [ 124.646122][ T6775] rust_binder: Write failure EINVAL in pid:36 [ 124.857667][ T6784] rust_binder: Write failure EFAULT in pid:1118 [ 124.905541][ T6788] rust_binder: 1122: no such ref 1 [ 124.917390][ T6788] rust_binder: 1122: no such ref 1 [ 124.922992][ T6788] rust_binder: 1122: no such ref 2 [ 124.928763][ T6788] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:1122 [ 124.930157][ T6788] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 124.958449][ T6790] __vm_enough_memory: pid: 6790, comm: syz.3.2198, bytes: 18014402804453376 not enough memory for the allocation [ 125.065797][ T6798] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 125.066429][ T6798] rust_binder: Error in use_page_slow: ESRCH [ 125.073730][ T6798] rust_binder: use_range failure ESRCH [ 125.080583][ T6798] rust_binder: Failed to allocate buffer. len:4248, is_oneway:false [ 125.086683][ T6798] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 125.094823][ T6798] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:1130 [ 125.265136][ T45] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 125.292765][ T6802] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2204'. [ 125.344640][ T921] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 125.444568][ T45] usb 1-1: Using ep0 maxpacket: 32 [ 125.453051][ T45] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.470611][ T45] usb 1-1: config 0 interface 0 has no altsetting 0 [ 125.477858][ T45] usb 1-1: New USB device found, idVendor=056a, idProduct=009f, bcdDevice= 0.00 [ 125.494200][ T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.519044][ T45] usb 1-1: config 0 descriptor?? [ 125.534566][ T921] usb 4-1: Using ep0 maxpacket: 16 [ 125.545897][ T921] usb 4-1: config 0 has an invalid interface number: 16 but max is 0 [ 125.564251][ T921] usb 4-1: config 0 has no interface number 0 [ 125.576193][ T921] usb 4-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=fe.d1 [ 125.585352][ T921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.593408][ T921] usb 4-1: Product: syz [ 125.597687][ T921] usb 4-1: Manufacturer: syz [ 125.602323][ T921] usb 4-1: SerialNumber: syz [ 125.621893][ T921] usb 4-1: config 0 descriptor?? [ 125.629974][ T921] usb_ehset_test 4-1:0.16: probe with driver usb_ehset_test failed with error -32 [ 125.723259][ T6844] exFAT-fs (rnullb0): invalid boot record signature [ 125.730281][ T6844] exFAT-fs (rnullb0): failed to read boot sector [ 125.736832][ T6844] exFAT-fs (rnullb0): failed to recognize exfat type [ 125.763707][ T6846] rust_binder: Error while translating object. [ 125.763767][ T6846] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 125.770098][ T6846] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:53 [ 125.797182][ T6848] binder: Bad value for 'stats' [ 125.832484][ T6798] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0 [ 125.837377][ T6851] binfmt_misc: register: failed to install interpreter file ./file0 [ 125.841752][ T6798] rust_binder: Write failure EINVAL in pid:1130 [ 125.856726][ T420] usb 4-1: USB disconnect, device number 50 [ 125.948137][ T45] wacom 0003:056A:009F.0007: item fetching failed at offset 5/6 [ 125.964714][ T45] wacom 0003:056A:009F.0007: parse failed [ 125.970846][ T45] wacom 0003:056A:009F.0007: probe with driver wacom failed with error -22 [ 126.124595][ T330] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 126.294581][ T330] usb 2-1: Using ep0 maxpacket: 16 [ 126.324135][ T330] usb 2-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 126.329665][ T6857] overlayfs: failed to clone upperpath [ 126.333287][ T330] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.347986][ T330] usb 2-1: Product: syz [ 126.352747][ T330] usb 2-1: Manufacturer: syz [ 126.357443][ T330] usb 2-1: SerialNumber: syz [ 126.364660][ T330] usb 2-1: config 0 descriptor?? [ 126.370864][ T330] ums-onetouch 2-1:0.0: USB Mass Storage device detected [ 126.494685][ T6865] incfs: Error accessing: ./file0. [ 126.501002][ T6865] incfs: mount failed -2 [ 126.588351][ T6853] rust_binder: Write failure EFAULT in pid:59 [ 126.642976][ T6871] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 126.649419][ T6871] rust_binder: Write failure EINVAL in pid:1137 [ 126.656322][ T6871] rust_binder: 1137: no such ref 6 [ 126.667768][ T6871] rust_binder: BC_REQUEST_DEATH_NOTIFICATION invalid ref 2 [ 126.688538][ T6875] rust_binder: Error while translating object. [ 126.688580][ T6875] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 126.695535][ T6875] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:1139 [ 126.754879][ T36] audit: type=1326 audit(2000000039.877:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6880 comm="syz.3.2235" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f07e318efc9 code=0x0 [ 126.787135][ T36] audit: type=1326 audit(2000000039.887:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6880 comm="syz.3.2235" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f07e318efc9 code=0x0 [ 126.821221][ T6886] rust_binder: Failed to allocate buffer. len:4248, is_oneway:false [ 126.971688][ T36] audit: type=1400 audit(2000000040.097:1349): avc: denied { map } for pid=6900 comm="syz.2.2242" path="socket:[27855]" dev="sockfs" ino=27855 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 127.104576][ T921] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 127.133045][ T6904] binder: Unknown parameter 'context[7' [ 127.214928][ T6913] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.221985][ T6913] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.229241][ T6913] bridge_slave_0: entered allmulticast mode [ 127.236187][ T6913] bridge_slave_0: entered promiscuous mode [ 127.243671][ T6913] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.250894][ T6913] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.253703][ T6918] loop5: detected capacity change from 0 to 7 [ 127.258038][ T6913] bridge_slave_1: entered allmulticast mode [ 127.270640][ T6913] bridge_slave_1: entered promiscuous mode [ 127.285667][ T921] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 127.301147][ T921] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=8e.0b [ 127.315009][ T921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.332280][ T921] usb 4-1: Product: syz [ 127.338767][ T921] usb 4-1: Manufacturer: syz [ 127.347966][ T921] usb 4-1: SerialNumber: syz [ 127.363347][ T921] usb 4-1: config 0 descriptor?? [ 127.379420][ T6920] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 127.382895][ T6920] rust_binder: Error in use_page_slow: ESRCH [ 127.389544][ T6920] rust_binder: use_range failure ESRCH [ 127.395679][ T6920] rust_binder: Failed to allocate buffer. len:200, is_oneway:true [ 127.401179][ T6920] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ESRCH } [ 127.409330][ T6920] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ESRCH } my_pid:72 [ 127.427978][ T6913] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.444042][ T6913] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.451706][ T6913] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.458880][ T6913] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.482726][ T5214] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.490252][ T5214] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.500819][ T6405] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.507932][ T6405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.515813][ T6919] Invalid logical block size (1) [ 127.521437][ T6405] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.528663][ T6405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.566828][ T6913] veth0_vlan: entered promiscuous mode [ 127.581467][ T6913] veth1_macvtap: entered promiscuous mode [ 127.650913][ T36] audit: type=1400 audit(2000000040.777:1350): avc: denied { accept } for pid=6932 comm="syz.1.2249" path="socket:[27555]" dev="sockfs" ino=27555 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1 [ 127.696341][ T6940] SELinux: security_context_str_to_sid (E) failed with errno=-22 [ 127.743323][ T6945] __vm_enough_memory: pid: 6945, comm: syz.1.2253, bytes: 18014402804453376 not enough memory for the allocation [ 127.776553][ T6893] rust_binder: Fixups oob 178 180 369 186 [ 127.776576][ T6893] rust_binder: Failure in apply_sg: BR_FAILED_REPLY { source: EINVAL } [ 127.782356][ T6893] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 127.790666][ T6893] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1159 [ 127.800775][ T9] usb 4-1: USB disconnect, device number 51 [ 127.849065][ T6950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 127.857880][ T6950] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 127.866995][ T6950] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 127.867162][ T6950] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 127.873615][ T6950] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:96 [ 127.884678][ T921] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 128.048113][ T921] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 128.056009][ T921] usb 3-1: can't read configurations, error -71 [ 128.194665][ T54] Bluetooth: hci0: command 0x1003 tx timeout [ 128.195045][ T1055] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 128.208192][ T330] usb 1-1: USB disconnect, device number 9 [ 128.227873][ T6952] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 128.264404][ T6956] rust_binder: Write failure EFAULT in pid:82 [ 128.535179][ T6980] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2266'. [ 128.553017][ T6980] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2266'. [ 128.562309][ T6980] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 128.663355][ T6405] Bluetooth: hci0: Frame reassembly failed (-84) [ 128.669849][ T6405] Bluetooth: hci0: Frame reassembly failed (-84) [ 128.694629][ T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 128.844591][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 128.852078][ T9] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 128.861212][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=20 [ 128.869419][ T9] usb 1-1: SerialNumber: syz [ 128.874829][ T9] usb 1-1: config 0 descriptor?? [ 128.881056][ T9] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 128.889046][ T9] usb 1-1: Detected FT232A [ 128.894070][ T9] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 129.081742][ T6973] input: syz0 as /devices/virtual/input/input16 [ 129.107341][ T6990] rust_binder: Write failure EFAULT in pid:6 [ 129.253539][ T330] usb 1-1: USB disconnect, device number 10 [ 129.266879][ T330] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 129.276516][ T330] ftdi_sio 1-1:0.0: device disconnected [ 129.431381][ T7003] Invalid ELF header len 1 [ 130.021924][ T7030] loop2: detected capacity change from 0 to 7 [ 130.028692][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.037978][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 130.046081][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.055295][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 130.063166][ T7030] loop2: unable to read partition table [ 130.068975][ T7030] loop_reread_partitions: partition scan of loop2 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 130.079182][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.091738][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 130.115575][ T7032] loop2: detected capacity change from 7 to 4 [ 130.122103][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.131307][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 130.145897][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.147470][ T7034] netlink: 'syz.0.2282': attribute type 6 has an invalid length. [ 130.155110][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 130.171038][ C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.180254][ C1] Buffer I/O error on dev loop2, logical block 0, async page read [ 130.188867][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.198152][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 130.214550][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.223738][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 130.231949][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.241366][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 130.250210][ C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 130.259394][ C0] Buffer I/O error on dev loop2, logical block 0, async page read [ 130.275489][ T110] loop2: unable to read partition table [ 130.461162][ T7054] x_tables: duplicate entry at hook 1 [ 130.674624][ T1055] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 130.674643][ T54] Bluetooth: hci0: command 0x1003 tx timeout [ 130.687719][ T921] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 130.797603][ T7055] rust_binder: Write failure EFAULT in pid:31 [ 130.865776][ T921] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.882022][ T921] usb 1-1: New USB device found, idVendor=5543, idProduct=0047, bcdDevice= 0.00 [ 130.891301][ T921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.900201][ T921] usb 1-1: config 0 descriptor?? [ 130.997520][ T7058] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7058 comm=syz.2.2288 [ 131.213493][ T7065] rust_binder: Write failure EFAULT in pid:41 [ 131.216041][ T7066] rust_binder: Write failure EFAULT in pid:1174 [ 131.240358][ T7073] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2294'. [ 131.256674][ T7072] rust_binder: Failed to allocate buffer. len:4256, is_oneway:false [ 131.256706][ T7072] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 131.264892][ T7072] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:1176 [ 131.302946][ T7079] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 131.321181][ T7079] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 131.366551][ T7085] loop2: detected capacity change from 0 to 7 [ 131.521062][ T7052] __vm_enough_memory: pid: 7052, comm: syz.0.2286, bytes: 18014402804453376 not enough memory for the allocation [ 131.534402][ T921] usb 1-1: string descriptor 0 read error: -71 [ 131.541880][ T921] uclogic 0003:5543:0047.0008: failed retrieving string descriptor #200: -71 [ 131.550983][ T921] uclogic 0003:5543:0047.0008: failed retrieving pen parameters: -71 [ 131.559903][ T921] uclogic 0003:5543:0047.0008: failed probing pen v2 parameters: -71 [ 131.575176][ T921] uclogic 0003:5543:0047.0008: failed probing parameters: -71 [ 131.590065][ T921] uclogic 0003:5543:0047.0008: probe with driver uclogic failed with error -71 [ 131.604197][ T7098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 131.615826][ T921] usb 1-1: USB disconnect, device number 11 [ 131.632723][ T7098] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 131.644134][ T7100] overlayfs: missing 'lowerdir' [ 131.652002][ T7098] binder: Unknown parameter 'AE'1LޯzM' [ 131.709245][ T7103] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0 [ 131.716870][ T7103] rust_binder: Write failure EINVAL in pid:1194 [ 131.728350][ T7106] rust_binder: Write failure EINVAL in pid:1196 [ 132.050842][ T7110] rust_binder: Error while translating object. [ 132.057265][ T7110] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EBADF } [ 132.063498][ T7110] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EBADF } my_pid:136 [ 132.086701][ T7112] rust_binder: Error while translating object. [ 132.095906][ T7112] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 132.102202][ T7112] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:139 [ 132.125472][ T7116] rust_binder: inc_ref_done called when no active inc_refs [ 132.160311][ T7119] rust_binder: BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 [ 132.294021][ T7133] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:155 [ 132.310685][ T7133] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 132.320643][ T7133] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 132.327721][ T7133] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:155 [ 132.339851][ T7129] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2312'. [ 132.444232][ T7146] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:112 [ 132.499622][ T7158] netlink: 'syz.1.2323': attribute type 64 has an invalid length. [ 132.534428][ T7162] rust_binder: Write failure EFAULT in pid:125 [ 132.534567][ T7163] rust_binder: Write failure EFAULT in pid:125 [ 132.560109][ T7165] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2325'. [ 132.576775][ T7166] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2325'. [ 132.585733][ T7153] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2322'. [ 132.614334][ T7170] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2326'. [ 132.632896][ T7172] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2327'. [ 132.878371][ T7193] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 132.880449][ T7193] rust_binder: Failed to allocate buffer. len:4216, is_oneway:false [ 132.887096][ T7193] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 132.895206][ T7193] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:135 [ 133.081043][ T7207] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:141 [ 133.108494][ T7209] rust_binder: Write failure EINVAL in pid:1202 [ 133.594599][ T9] usb 4-1: new full-speed USB device number 52 using dummy_hcd [ 133.697654][ T7223] 9pnet_fd: Insufficient options for proto=fd [ 133.755403][ T9] usb 4-1: not running at top speed; connect to a high speed hub [ 133.764011][ T9] usb 4-1: config 1 interface 0 has no altsetting 0 [ 133.772174][ T9] usb 4-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.40 [ 133.781501][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.789950][ T9] usb 4-1: Product: syz [ 133.794135][ T9] usb 4-1: Manufacturer: syz [ 133.800013][ T9] usb 4-1: SerialNumber: syz [ 133.940984][ T36] audit: type=1400 audit(2000000047.067:1351): avc: denied { getopt } for pid=7236 comm="syz.1.2348" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 133.974576][ T921] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 133.988102][ T7242] netlink: 182 bytes leftover after parsing attributes in process `syz.1.2350'. [ 134.016942][ T9] usbhid 4-1:1.0: can't add hid device: -71 [ 134.023364][ T9] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 134.037035][ T9] usb 4-1: USB disconnect, device number 52 [ 134.128856][ T7249] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2353'. [ 134.144628][ T921] usb 1-1: Using ep0 maxpacket: 16 [ 134.152209][ T921] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64 [ 134.162104][ T921] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 88 [ 134.173707][ T921] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 134.182823][ T921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.190538][ T7249] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=983953270 (1967906540 ns) > initial count (914717820 ns). Using initial count to start timer. [ 134.190861][ T921] usb 1-1: Product: Л [ 134.212770][ T921] usb 1-1: Manufacturer: И [ 134.217682][ T921] usb 1-1: SerialNumber: 慢ᔆ뷊땳덻᢬⏣赒煳⿫윖똮☸ᬙಝ곘씧䀼Ḉ湆籱躣꽉璗Ꟛ뗑쬸푏⬡䙯潶㈓Ⴒ㬟꿷숯볶剫珯슥䮧퐏笷킽몢鯱ᤄ桪濖螾떓Წ늖眣虎怖᫱닾須澬㢏馢뵛ᐱ헏㖗淬╪⓼㒁漇嗂Ԯ暋䣱頽할椞⠨扥隚⡘騽ᅱ㤻杖鰆꒣⠔ጕ븙凝鼔쥙襚檗侩ꮫꌏⶈ崗툒 [ 134.457125][ T921] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found [ 134.464289][ T921] cdc_ncm 1-1:1.0: bind() failure [ 134.470701][ T921] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 134.477695][ T921] cdc_ncm 1-1:1.1: bind() failure [ 134.488500][ T7259] rust_binder: Write failure EFAULT in pid:172 [ 134.566827][ T7265] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 134.573248][ T7265] rust_binder: Read failure Err(EFAULT) in pid:178 [ 134.581049][ T7268] overlay: Bad value for 'xino' [ 134.664133][ T330] usb 1-1: USB disconnect, device number 12 [ 134.734098][ T36] audit: type=1400 audit(2000000047.857:1352): avc: denied { read write } for pid=7274 comm="syz.1.2362" name="raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 134.735821][ T5214] Bluetooth: hci0: Frame reassembly failed (-84) [ 134.764109][ T36] audit: type=1400 audit(2000000047.857:1353): avc: denied { open } for pid=7274 comm="syz.1.2362" path="/dev/raw-gadget" dev="devtmpfs" ino=190 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 134.788550][ T36] audit: type=1400 audit(2000000047.857:1354): avc: denied { ioctl } for pid=7274 comm="syz.1.2362" path="/dev/raw-gadget" dev="devtmpfs" ino=190 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 134.873693][ T7279] rust_binder: Write failure EFAULT in pid:1223 [ 135.250401][ T36] audit: type=1400 audit(2000000048.377:1355): avc: denied { setattr } for pid=7284 comm="syz.3.2364" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 135.287027][ T5214] Bluetooth: hci1: Frame reassembly failed (-84) [ 135.295713][ T7286] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 135.327177][ T7299] FAT-fs (rnullb0): bogus number of reserved sectors [ 135.333956][ T7299] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 135.353797][ T7301] rust_binder: Error while translating object. [ 135.353826][ T7301] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 135.360124][ T7301] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1241 [ 135.381934][ T7303] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 135.391374][ T7303] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:1243 [ 135.654610][ T921] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 135.816603][ T921] usb 4-1: config 8 has an invalid interface number: 33 but max is 3 [ 135.824802][ T921] usb 4-1: config 8 has an invalid interface number: 156 but max is 3 [ 135.833056][ T921] usb 4-1: config 8 has an invalid interface number: 207 but max is 3 [ 135.841269][ T921] usb 4-1: config 8 has an invalid interface number: 172 but max is 3 [ 135.849593][ T921] usb 4-1: config 8 has no interface number 0 [ 135.855752][ T921] usb 4-1: config 8 has no interface number 1 [ 135.862046][ T921] usb 4-1: config 8 has no interface number 2 [ 135.868227][ T921] usb 4-1: config 8 has no interface number 3 [ 135.874336][ T921] usb 4-1: config 8 interface 156 altsetting 2 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 135.886559][ T921] usb 4-1: config 8 interface 207 altsetting 8 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 135.897564][ T921] usb 4-1: config 8 interface 207 altsetting 8 endpoint 0xA has an invalid bInterval 94, changing to 10 [ 135.908753][ T921] usb 4-1: config 8 interface 207 altsetting 8 has an invalid descriptor for endpoint zero, skipping [ 135.919914][ T921] usb 4-1: config 8 interface 172 altsetting 9 has a duplicate endpoint with address 0x2, skipping [ 135.931321][ T921] usb 4-1: config 8 interface 172 altsetting 9 endpoint 0xE has invalid maxpacket 1024, setting to 64 [ 135.943139][ T921] usb 4-1: config 8 interface 172 altsetting 9 has a duplicate endpoint with address 0x2, skipping [ 135.953920][ T921] usb 4-1: config 8 interface 172 altsetting 9 has a duplicate endpoint with address 0xB, skipping [ 135.965545][ T921] usb 4-1: config 8 interface 172 altsetting 9 has a duplicate endpoint with address 0xF, skipping [ 135.976659][ T921] usb 4-1: config 8 interface 172 altsetting 9 has a duplicate endpoint with address 0xF, skipping [ 135.987696][ T921] usb 4-1: config 8 interface 172 altsetting 9 has a duplicate endpoint with address 0xA, skipping [ 135.998613][ T921] usb 4-1: config 8 interface 172 altsetting 9 endpoint 0xC has invalid maxpacket 1023, setting to 64 [ 135.999921][ T7313] binder: Unknown parameter 'stkL_al' [ 136.010712][ T921] usb 4-1: config 8 interface 172 altsetting 9 has an endpoint descriptor with address 0x5A, changing to 0xA [ 136.032775][ T921] usb 4-1: config 8 interface 172 altsetting 9 has a duplicate endpoint with address 0xA, skipping [ 136.043764][ T921] usb 4-1: config 8 interface 172 altsetting 9 has 10 endpoint descriptors, different from the interface descriptor's value: 9 [ 136.061983][ T921] usb 4-1: config 8 interface 33 has no altsetting 0 [ 136.081286][ T921] usb 4-1: config 8 interface 156 has no altsetting 0 [ 136.088200][ T921] usb 4-1: config 8 interface 207 has no altsetting 0 [ 136.099542][ T921] usb 4-1: config 8 interface 172 has no altsetting 0 [ 136.108071][ T921] usb 4-1: New USB device found, idVendor=1b3d, idProduct=01ac, bcdDevice=26.c9 [ 136.117331][ T921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.126458][ T921] usb 4-1: Product: syz [ 136.130780][ T921] usb 4-1: Manufacturer: syz [ 136.135578][ T921] usb 4-1: SerialNumber: syz [ 136.314637][ T330] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 136.343663][ T921] ftdi_sio 4-1:8.33: FTDI USB Serial Device converter detected [ 136.351669][ T921] ftdi_sio ttyUSB0: unknown device type: 0x26c9 [ 136.359473][ T921] ftdi_sio 4-1:8.156: FTDI USB Serial Device converter detected [ 136.367474][ T921] ftdi_sio ttyUSB1: unknown device type: 0x26c9 [ 136.375551][ T921] ftdi_sio 4-1:8.207: FTDI USB Serial Device converter detected [ 136.383505][ T921] ftdi_sio ttyUSB2: unknown device type: 0x26c9 [ 136.391900][ T921] ftdi_sio 4-1:8.172: FTDI USB Serial Device converter detected [ 136.400204][ T921] ftdi_sio ttyUSB3: unknown device type: 0x26c9 [ 136.408873][ T921] usb 4-1: USB disconnect, device number 53 [ 136.415633][ T921] ftdi_sio 4-1:8.33: device disconnected [ 136.423019][ T921] ftdi_sio 4-1:8.156: device disconnected [ 136.430433][ T921] ftdi_sio 4-1:8.207: device disconnected [ 136.437429][ T921] ftdi_sio 4-1:8.172: device disconnected [ 136.475717][ T330] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 136.486878][ T330] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.496778][ T330] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 136.505877][ T330] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.514502][ T330] usb 3-1: config 0 descriptor?? [ 136.520463][ T330] hub 3-1:0.0: USB hub found [ 136.720515][ T330] hub 3-1:0.0: 7 ports detected [ 136.725721][ T330] hub 3-1:0.0: insufficient power available to use all downstream ports [ 136.754592][ T1055] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 136.754604][ T597] Bluetooth: hci0: command 0x1003 tx timeout [ 136.913371][ T5214] Bluetooth: hci0: Frame reassembly failed (-84) [ 137.178828][ T330] usb 3-1: USB disconnect, device number 17 [ 137.298645][ T7324] usb usb9: usbfs: process 7324 (syz.1.2378) did not claim interface 0 before use [ 137.314580][ T54] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 137.314990][ T597] Bluetooth: hci1: command 0x1003 tx timeout [ 137.376118][ T7328] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 137.376587][ T7328] rust_binder: Failed to allocate buffer. len:4216, is_oneway:false [ 137.383120][ T7328] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 137.391603][ T7328] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:185 [ 137.462454][ T45] usb 2-1: USB disconnect, device number 12 [ 137.597871][ T5214] bridge_slave_1: left allmulticast mode [ 137.603637][ T5214] bridge_slave_1: left promiscuous mode [ 137.609666][ T5214] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.618138][ T5214] bridge_slave_0: left allmulticast mode [ 137.623930][ T5214] bridge_slave_0: left promiscuous mode [ 137.629974][ T5214] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.704598][ T7333] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 137.737861][ T5214] veth1_macvtap: left promiscuous mode [ 137.745093][ T5214] veth0_vlan: left promiscuous mode [ 137.863741][ T7334] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.870934][ T7334] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.878201][ T7334] bridge_slave_0: entered allmulticast mode [ 137.884906][ T7334] bridge_slave_0: entered promiscuous mode [ 137.891464][ T7334] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.898706][ T7334] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.906063][ T7334] bridge_slave_1: entered allmulticast mode [ 137.912785][ T7334] bridge_slave_1: entered promiscuous mode [ 138.033092][ T7334] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.040230][ T7334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.047594][ T7334] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.054842][ T7334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.086296][ T6405] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.093773][ T6405] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.103360][ T329] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.110570][ T329] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.120134][ T6405] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.127240][ T6405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.154155][ T7334] veth0_vlan: entered promiscuous mode [ 138.166634][ T7334] veth1_macvtap: entered promiscuous mode [ 138.199836][ T36] audit: type=1400 audit(2000000051.327:1356): avc: denied { bind } for pid=7347 comm="syz.4.2383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 138.221091][ T7348] rust_binder: Failed to allocate buffer. len:4120, is_oneway:false [ 138.221122][ T7348] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOSPC } [ 138.229930][ T7348] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOSPC } my_pid:2 [ 138.314933][ T809] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 138.317388][ T7354] rust_binder: 194: no such ref 0 [ 138.338436][ T7353] rust_binder: Failed to claim space for a BINDER_TYPE_PTR. (offset: 136, limit: 224, size: 226) [ 138.338461][ T7353] rust_binder: Error while translating object. [ 138.358436][ T7353] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 138.375186][ T7353] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:4 [ 138.505156][ T809] usb 3-1: Using ep0 maxpacket: 16 [ 138.535769][ T809] usb 3-1: config 245 has an invalid interface number: 159 but max is 3 [ 138.551629][ T809] usb 3-1: config 245 has an invalid interface number: 180 but max is 3 [ 138.569041][ T809] usb 3-1: config 245 has an invalid interface number: 176 but max is 3 [ 138.579271][ T809] usb 3-1: config 245 has an invalid interface number: 159 but max is 3 [ 138.588083][ T809] usb 3-1: config 245 has 3 interfaces, different from the descriptor's value: 4 [ 138.598019][ T809] usb 3-1: config 245 has no interface number 0 [ 138.604430][ T809] usb 3-1: config 245 has no interface number 1 [ 138.611186][ T809] usb 3-1: config 245 has no interface number 2 [ 138.618289][ T809] usb 3-1: config 245 interface 176 altsetting 9 bulk endpoint 0xD has invalid maxpacket 16 [ 138.637377][ T809] usb 3-1: config 245 interface 176 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 138.656172][ T809] usb 3-1: config 245 interface 176 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 138.667731][ T809] usb 3-1: config 245 interface 176 altsetting 9 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 138.679249][ T809] usb 3-1: config 245 interface 176 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 138.690788][ T809] usb 3-1: config 245 interface 176 altsetting 9 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 138.710587][ T809] usb 3-1: config 245 interface 176 altsetting 9 has a duplicate endpoint with address 0x3, skipping [ 138.722839][ T809] usb 3-1: config 245 interface 159 has no altsetting 0 [ 138.730974][ T809] usb 3-1: config 245 interface 159 has no altsetting 1 [ 138.738509][ T809] usb 3-1: config 245 interface 180 has no altsetting 0 [ 138.746406][ T809] usb 3-1: config 245 interface 176 has no altsetting 0 [ 138.759091][ T809] usb 3-1: New USB device found, idVendor=0af0, idProduct=7706, bcdDevice= 0.00 [ 138.768453][ T809] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.776130][ T7365] rust_binder: 205: no such ref 1 [ 138.776823][ T809] usb 3-1: Product: syz [ 138.781509][ T7365] rust_binder: 205: no such ref 3 [ 138.781528][ T7365] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:205 [ 138.786017][ T809] usb 3-1: Manufacturer: syz [ 138.804961][ T809] usb 3-1: SerialNumber: syz [ 138.835776][ T7367] binder: Unknown parameter 'defcont xt;}qڱkB6$%b&;֫;׸㕪' [ 138.870902][ T7371] rust_binder: Error while translating object. [ 138.870941][ T7371] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 138.878196][ T7371] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:211 [ 138.915508][ T1055] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 138.931081][ T7326] Bluetooth: hci0: command 0x1003 tx timeout [ 139.042718][ T7346] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOENT } my_pid:88 [ 139.048674][ T809] usb-storage 3-1:245.159: USB Mass Storage device detected [ 139.139111][ T809] usb-storage 3-1:245.180: USB Mass Storage device detected [ 139.203670][ T809] usb-storage 3-1:245.176: USB Mass Storage device detected [ 139.235025][ T36] audit: type=1400 audit(2000000052.357:1357): avc: denied { map } for pid=7383 comm="syz.0.2399" path="/dev/ashmem" dev="devtmpfs" ino=201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 139.316352][ T809] usb 3-1: USB disconnect, device number 18 [ 139.323495][ T7397] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 139.429342][ T7406] pim6reg1: entered promiscuous mode [ 139.441189][ T7406] pim6reg1: entered allmulticast mode [ 139.595030][ T7415] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 139.610253][ T7415] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 1th superblock [ 139.627365][ T7415] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 139.629900][ T7417] rust_binder: Error while translating object. [ 139.635677][ T7417] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 139.638996][ T7415] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 2th superblock [ 139.642116][ T7417] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:90 [ 139.651483][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 139.718604][ T7421] rust_binder: 21: no such ref 0 [ 139.724222][ T7421] rust_binder: BC_REQUEST_FREEZE_NOTIFICATION invalid ref 0 [ 139.731803][ T7421] rust_binder: Write failure EINVAL in pid:21 [ 139.731997][ T7421] rust_binder: BC_CLEAR_FREEZE_NOTIFICATION invalid ref 0 [ 139.745511][ T7421] rust_binder: Write failure EINVAL in pid:21 [ 139.771218][ T7426] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: ENOMEM } [ 139.777438][ T7426] rust_binder: Transaction failed: BR_FAILED_REPLY { source: ENOMEM } my_pid:23 [ 139.819596][ T7430] rust_binder: Write failure EFAULT in pid:25 [ 139.828731][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 139.843249][ T9] usb 1-1: config 1 has an invalid descriptor of length 240, skipping remainder of the config [ 139.854407][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 139.864912][ T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 139.877480][ T36] audit: type=1400 audit(2000000053.007:1358): avc: denied { read } for pid=7433 comm="syz.2.2415" name="msr" dev="devtmpfs" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 139.884576][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.901557][ T36] audit: type=1400 audit(2000000053.037:1359): avc: denied { open } for pid=7433 comm="syz.2.2415" path="/dev/cpu/0/msr" dev="devtmpfs" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 139.912620][ T9] usb 1-1: Product: ࠖ [ 139.937933][ T7436] overlayfs: conflicting lowerdir path [ 139.943490][ T36] audit: type=1400 audit(2000000053.067:1360): avc: denied { ioctl } for pid=7433 comm="syz.2.2415" path="/dev/cpu/0/msr" dev="devtmpfs" ino=16 ioctlcmd=0x63a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 139.943785][ T9] usb 1-1: Manufacturer: х [ 139.970000][ T7434] rust_binder: 99: no such ref 3 [ 139.974503][ T9] usb 1-1: SerialNumber: 迭ⴿփꉡꋌ쮂쾋嵰ൽޣ肄剋漅뇩⦲֐贪捏Ḕ䁲戌蕦霫캊㎧쀶檻愓伵౷熽嫂儿毨峽ﶏ븡䒗籩ᒐꢩ阃抽哫⺏ᜭ얭劉ᤖ炸﫩▾텸㓪ᜌ䗛沽羣廦䲻⚾籢좷쏈Ą눬ᛮ헒䧝皧ዮ᭧ླྀ窷蒥坄嶑ꪌ佮酶螪뾙⚭ξ瀋溰宸ы䴍똦྄䷾䡥晡嬪⋃ [ 139.978426][ T7434] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:99 [ 140.148864][ T7438] netlink: 'syz.4.2416': attribute type 1 has an invalid length. [ 140.166306][ T7438] rust_binder: Error while translating object. [ 140.166338][ T7438] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 140.175401][ T7438] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:31 [ 140.212789][ T7447] rust_binder: Write failure EFAULT in pid:35 [ 140.231953][ T7404] netlink: 'syz.0.2403': attribute type 30 has an invalid length. [ 140.258604][ T9] usb 1-1: 0:2 : does not exist [ 140.267637][ T9] usb 1-1: USB disconnect, device number 13 [ 140.279742][ T7449] rust_binder: BINDER_SET_CONTEXT_MGR already set [ 140.283789][ T372] udevd[372]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 140.321551][ T7453] 9pnet_fd: Insufficient options for proto=fd [ 140.515442][ T490] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 140.664563][ T490] usb 4-1: Using ep0 maxpacket: 16 [ 140.671018][ T490] usb 4-1: config index 0 descriptor too short (expected 9364, got 36) [ 140.679630][ T490] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 140.689985][ T490] usb 4-1: config 1 has no interfaces? [ 140.697605][ T490] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 140.706888][ T490] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.714974][ T490] usb 4-1: Product: syz [ 140.719213][ T490] usb 4-1: Manufacturer: syz [ 140.723835][ T490] usb 4-1: SerialNumber: syz [ 140.788854][ T7459] rust_binder: Error while translating object. [ 140.788879][ T7459] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EPERM } [ 140.795190][ T7459] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EPERM } my_pid:232 [ 141.144637][ T45] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 141.294600][ T490] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 141.306290][ T45] usb 3-1: unable to get BOS descriptor or descriptor too short [ 141.314384][ T45] usb 3-1: not running at top speed; connect to a high speed hub [ 141.323192][ T45] usb 3-1: config 129 has an invalid interface number: 135 but max is 0 [ 141.331628][ T45] usb 3-1: config 129 has an invalid interface number: 5 but max is 0 [ 141.339967][ T45] usb 3-1: config 129 has 2 interfaces, different from the descriptor's value: 1 [ 141.340708][ T7445] rust_binder: Write failure EFAULT in pid:1256 [ 141.353934][ T45] usb 3-1: config 129 has no interface number 0 [ 141.366792][ T45] usb 3-1: config 129 has no interface number 1 [ 141.378452][ T45] usb 3-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 141.391799][ T45] usb 3-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30 [ 141.402761][ T45] usb 3-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37 [ 141.415973][ T45] usb 3-1: config 129 interface 135 has no altsetting 0 [ 141.423023][ T45] usb 3-1: config 129 interface 5 has no altsetting 0 [ 141.431393][ T45] usb 3-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00 [ 141.440546][ T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.448919][ T45] usb 3-1: Product: syz [ 141.453217][ T45] usb 3-1: Manufacturer: syz [ 141.457877][ T45] usb 3-1: SerialNumber: syz [ 141.474618][ T490] usb 1-1: Using ep0 maxpacket: 8 [ 141.483745][ T490] usb 1-1: config 1 interface 0 altsetting 8 bulk endpoint 0x82 has invalid maxpacket 1024 [ 141.499541][ T490] usb 1-1: config 1 interface 0 altsetting 8 bulk endpoint 0x3 has invalid maxpacket 32 [ 141.509372][ T490] usb 1-1: config 1 interface 0 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 141.522494][ T490] usb 1-1: config 1 interface 0 has no altsetting 0 [ 141.535154][ T490] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 141.544285][ T490] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.552402][ T490] usb 1-1: Product: 䙃ᔝ㢈圢䪉䷼쬙宼㐧㗇騊Ը䣓㜪幣뢝䪴퇆䃔⁴ꢏ앛㋜핎怞ミ媴i掣쑫켈뤃룠쭸렦孛ꉊ諘䲖딥褳ᔨ䑅誊᥾蚜峆鳽ዦ⩲鐽뻇Aᕕ䂨쥛諠떿꼾㩩뢏੝ഋσ捦 [ 141.575502][ T490] usb 1-1: Manufacturer: ဌ [ 141.580869][ T7491] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 141.593507][ T7491] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 141.601951][ T7491] CPU: 0 UID: 0 PID: 7491 Comm: syz.4.2433 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 141.601980][ T36] audit: type=1400 audit(2000000054.727:1361): avc: denied { write } for pid=282 comm="syz-executor" path="pipe:[2793]" dev="pipefs" ino=2793 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 141.613514][ T7491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 141.613533][ T7491] RIP: 0010:iter_file_splice_write+0xace/0x11b0 [ 141.613571][ T7491] Code: 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 67 d6 e6 ff 49 8b 1e 49 c7 06 00 00 00 00 48 83 c3 08 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 43 d6 e6 ff 4c 8b 1b 48 8b 3c 24 [ 141.613594][ T7491] RSP: 0018:ffffc90000e2f820 EFLAGS: 00010202 [ 141.678716][ T7491] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff8881072ccc00 [ 141.686726][ T7491] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 7ffffffffffff9b7 [ 141.694741][ T7491] RBP: ffffc90000e2fa40 R08: ffff8881f6e72240 R09: 1ffff1103edce448 [ 141.702757][ T7491] R10: 1ffff1103edce44b R11: 0000000000000fd8 R12: dffffc0000000000 [ 141.710768][ T7491] R13: 7ffffffffffff9b7 R14: ffff88810abdd038 R15: ffff88810abdd028 [ 141.718779][ T7491] FS: 00007f9e849a26c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 141.727748][ T7491] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.734366][ T7491] CR2: 000000110c2d925c CR3: 000000014698e000 CR4: 00000000003526b0 [ 141.742391][ T7491] DR0: 0000000000000f80 DR1: 0000000000000000 DR2: 0000000000000000 [ 141.750405][ T7491] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 141.758417][ T7491] Call Trace: [ 141.761728][ T7491] [ 141.764694][ T7491] ? __cfi_iter_file_splice_write+0x10/0x10 [ 141.770649][ T7491] ? __kmalloc_noprof+0x271/0x530 [ 141.775805][ T7491] ? futex_wait_setup+0x1bc/0x260 [ 141.780964][ T7491] ? __kasan_check_write+0x18/0x20 [ 141.786128][ T7491] ? __cfi_iter_file_splice_write+0x10/0x10 [ 141.792143][ T7491] direct_splice_actor+0x279/0x4b0 [ 141.797292][ T7491] splice_direct_to_actor+0x4fb/0xbc0 [ 141.802736][ T7491] ? __cfi_direct_splice_actor+0x10/0x10 [ 141.808408][ T7491] ? __cfi_splice_direct_to_actor+0x10/0x10 [ 141.814352][ T7491] do_splice_direct+0x182/0x270 [ 141.819253][ T7491] ? __cfi_do_splice_direct+0x10/0x10 [ 141.822363][ T36] audit: type=1400 audit(2000000054.907:1362): avc: denied { read } for pid=92 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 141.824675][ T7491] ? __cfi_direct_file_splice_eof+0x10/0x10 [ 141.824715][ T7491] ? security_file_permission+0x2e/0xc0 [ 141.824745][ T7491] ? rw_verify_area+0xac/0x230 [ 141.824779][ T7491] do_sendfile+0x5c8/0xfb0 [ 141.824807][ T7491] ? vfs_writev+0xcf0/0xcf0 [ 141.824833][ T7491] ? __se_sys_futex+0x28f/0x300 [ 141.824859][ T7491] __x64_sys_sendfile64+0x193/0x1f0 [ 141.824887][ T7491] ? __cfi___x64_sys_sendfile64+0x10/0x10 [ 141.824914][ T7491] ? switch_fpu_return+0x12/0x20 [ 141.824940][ T7491] x64_sys_call+0xa26/0x2ee0 [ 141.824975][ T7491] do_syscall_64+0x58/0xf0 [ 141.825004][ T7491] ? clear_bhb_loop+0x50/0xa0 [ 141.825031][ T7491] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 141.856786][ T36] audit: type=1400 audit(2000000054.907:1363): avc: denied { search } for pid=92 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 141.858788][ T7491] RIP: 0033:0x7f9e83b8efc9 [ 141.863697][ T36] audit: type=1400 audit(2000000054.907:1364): avc: denied { write } for pid=92 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 141.868115][ T7491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.868137][ T7491] RSP: 002b:00007f9e849a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 141.868165][ T7491] RAX: ffffffffffffffda RBX: 00007f9e83de5fa0 RCX: 00007f9e83b8efc9 [ 141.873277][ T36] audit: type=1400 audit(2000000054.907:1365): avc: denied { add_name } for pid=92 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 141.877766][ T7491] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000007 [ 141.877785][ T7491] RBP: 00007f9e83c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 141.877801][ T7491] R10: 000000007a680000 R11: 0000000000000246 R12: 0000000000000000 [ 141.877816][ T7491] R13: 00007f9e83de6038 R14: 00007f9e83de5fa0 R15: 00007ffccda58218 [ 141.883269][ T36] audit: type=1400 audit(2000000054.907:1366): avc: denied { create } for pid=92 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 141.888734][ T7491] [ 141.888745][ T7491] Modules linked in: [ 141.889461][ T7491] ---[ end trace 0000000000000000 ]--- [ 142.084139][ T7491] RIP: 0010:iter_file_splice_write+0xace/0x11b0 [ 142.090486][ T7491] Code: 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 67 d6 e6 ff 49 8b 1e 49 c7 06 00 00 00 00 48 83 c3 08 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 df e8 43 d6 e6 ff 4c 8b 1b 48 8b 3c 24 [ 142.110255][ T7491] RSP: 0018:ffffc90000e2f820 EFLAGS: 00010202 [ 142.116555][ T7491] RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff8881072ccc00 [ 142.124619][ T7491] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 7ffffffffffff9b7 [ 142.132671][ T7491] RBP: ffffc90000e2fa40 R08: ffff8881f6e72240 R09: 1ffff1103edce448 [ 142.140734][ T7491] R10: 1ffff1103edce44b R11: 0000000000000fd8 R12: dffffc0000000000 [ 142.148804][ T7491] R13: 7ffffffffffff9b7 R14: ffff88810abdd038 R15: ffff88810abdd028 [ 142.156977][ T7491] FS: 00007f9e849a26c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 142.166083][ T7491] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 142.172736][ T7491] CR2: 000000110c2d925c CR3: 000000014698e000 CR4: 00000000003526b0 [ 142.180796][ T7491] DR0: 0000000000000f80 DR1: 0000000000000000 DR2: 0000000000000000 [ 142.188932][ T7491] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 142.197043][ T7491] Kernel panic - not syncing: Fatal exception [ 142.203408][ T7491] Kernel Offset: disabled [ 142.207742][ T7491] Rebooting in 86400 seconds..