last executing test programs: 3.722002577s ago: executing program 1 (id=6059): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r5, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030"], 0x15) r6 = dup(r5) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000380)=ANY=[@ANYBLOB="380100"], 0x138) r7 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r7, 0x0, 0x0, 0x805, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000640)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}}) 3.647006505s ago: executing program 1 (id=6061): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) tkill(0xffffffffffffffff, 0x28) 2.379916652s ago: executing program 1 (id=6083): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000140)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r2, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) 2.0043335s ago: executing program 2 (id=6089): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, 0x0) 1.965802233s ago: executing program 1 (id=6091): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(r0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) tkill(0xffffffffffffffff, 0x28) 1.105423999s ago: executing program 2 (id=6107): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, 0x0, 0x118) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x101, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e23, 0x0, @remote, 0x1000}}}, 0x108) 956.198464ms ago: executing program 1 (id=6109): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8=r1, @ANYRES64=r0], 0x118) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x101, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e23, 0x0, @remote, 0x1000}}}, 0x108) setsockopt$inet6_group_source_req(r4, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x2, 0x3, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffd, 0x0, @remote}}}, 0x108) 879.553262ms ago: executing program 2 (id=6112): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) setgroups(0x0, 0x0) 850.153325ms ago: executing program 2 (id=6113): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[], 0x118) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x101, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e23, 0x0, @remote, 0x1000}}}, 0x108) setsockopt$inet6_group_source_req(r4, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x2, 0x3, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffd, 0x0, @remote}}}, 0x108) 818.361338ms ago: executing program 2 (id=6115): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000380)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) write(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, 0x0) 693.153431ms ago: executing program 1 (id=6117): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, 0x0) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r2, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40804) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) sendmmsg$inet6(r3, &(0x7f0000003480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x14) mount$binderfs(0x0, &(0x7f0000000080)='./binderfs\x00', &(0x7f0000000140), 0x4a81, &(0x7f0000000040)=ANY=[@ANYBLOB="6d61783d30303030303030304d9e3030"]) 470.103643ms ago: executing program 3 (id=6122): rt_sigaction(0xd, 0x0, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) io_pgetevents(0x0, 0x20000000008, 0x4, &(0x7f0000000e40)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000c80), &(0x7f0000000d00)={&(0x7f0000000280)={[0x7]}, 0x1}) 469.674093ms ago: executing program 3 (id=6123): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[], 0x118) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x101, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e23, 0x0, @remote, 0x1000}}}, 0x108) setsockopt$inet6_group_source_req(r4, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x2, 0x3, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffd, 0x0, @remote}}}, 0x108) 435.824857ms ago: executing program 3 (id=6124): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendfile(r2, r1, 0x0, 0xe) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) setuid(0xee01) r4 = socket$unix(0x1, 0x5, 0x0) setsockopt$sock_int(r4, 0x1, 0xc, &(0x7f0000000000)=0x40, 0x4) 383.728802ms ago: executing program 0 (id=6125): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = userfaultfd(0x80801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f00000001c0)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) 383.476702ms ago: executing program 3 (id=6126): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r5, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r6 = dup(r5) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000380)=ANY=[], 0x138) r7 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r7, 0x0, 0x0, 0x805, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000640)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}}) 383.281962ms ago: executing program 0 (id=6127): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r2, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=ANY=[], 0x50}}], 0x1, 0x40804) r3 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r3, 0x13) 327.838757ms ago: executing program 3 (id=6128): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r1, 0x0, 0x0, 0x805, 0x0, 0x0) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f00000001c0)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) 260.087134ms ago: executing program 3 (id=6129): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x4]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x101, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e23, 0x0, @remote, 0x1000}}}, 0x108) 259.781474ms ago: executing program 0 (id=6130): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) write(r0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(r4, 0x5411, &(0x7f0000000000)) 251.928325ms ago: executing program 0 (id=6131): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x805, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r3, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) sendmmsg$inet6(r3, &(0x7f00000075c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=ANY=[], 0x50}}], 0x1, 0x40804) r4 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r4, 0x13) tkill(r4, 0x12) waitid(0x0, r4, 0x0, 0x8, 0x0) 195.519971ms ago: executing program 0 (id=6132): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8000) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) write(r4, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r5, &(0x7f0000004600)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) r6 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)='\b\x00', 0x2}, {&(0x7f0000000180)="96bc1480bb35", 0x6}], 0x2, &(0x7f0000000240)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @broadcast}}}], 0x20}, 0x24008004) 92.264491ms ago: executing program 0 (id=6133): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r0, @ANYRES64], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(r3, 0x5411, &(0x7f0000000000)) 0s ago: executing program 2 (id=6134): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x44000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f26, 0x4}) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x805, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f27, 0x4}) sendmmsg$inet6(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x8014) r3 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r3, 0x13) tkill(r3, 0x12) kernel console output (not intermixed with test programs): cfi_proc_fail_nth_write+0x10/0x10 [ 142.235206][ T6603] __x64_sys_sendmsg+0x1eb/0x2c0 [ 142.235238][ T6603] ? fput+0x1a5/0x240 [ 142.235266][ T6603] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 142.235299][ T6603] ? ksys_write+0x1ef/0x250 [ 142.235323][ T6603] ? __kasan_check_read+0x15/0x20 [ 142.235358][ T6603] x64_sys_call+0x2a4c/0x2ee0 [ 142.235391][ T6603] do_syscall_64+0x58/0xf0 [ 142.235420][ T6603] ? clear_bhb_loop+0x50/0xa0 [ 142.235447][ T6603] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 142.235471][ T6603] RIP: 0033:0x7f3ab4d8f6c9 [ 142.235490][ T6603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.235511][ T6603] RSP: 002b:00007f3ab37f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 142.235536][ T6603] RAX: ffffffffffffffda RBX: 00007f3ab4fe5fa0 RCX: 00007f3ab4d8f6c9 [ 142.235554][ T6603] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000006 [ 142.235569][ T6603] RBP: 00007f3ab37f7090 R08: 0000000000000000 R09: 0000000000000000 [ 142.235585][ T6603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.235600][ T6603] R13: 00007f3ab4fe6038 R14: 00007f3ab4fe5fa0 R15: 00007ffe603ecd58 [ 142.235621][ T6603] [ 142.593123][ T6616] FAULT_INJECTION: forcing a failure. [ 142.593123][ T6616] name failslab, interval 1, probability 0, space 0, times 0 [ 142.634729][ T6616] CPU: 0 UID: 0 PID: 6616 Comm: syz.2.2939 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 142.634767][ T6616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 142.634782][ T6616] Call Trace: [ 142.634791][ T6616] [ 142.634801][ T6616] __dump_stack+0x21/0x30 [ 142.634838][ T6616] dump_stack_lvl+0x10c/0x190 [ 142.634869][ T6616] ? __cfi_dump_stack_lvl+0x10/0x10 [ 142.634900][ T6616] ? __kasan_check_write+0x18/0x20 [ 142.634935][ T6616] ? proc_fail_nth_write+0x17e/0x210 [ 142.634966][ T6616] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 142.634998][ T6616] dump_stack+0x19/0x20 [ 142.635027][ T6616] should_fail_ex+0x3d9/0x530 [ 142.635052][ T6616] should_failslab+0xac/0x100 [ 142.635078][ T6616] kmem_cache_alloc_noprof+0x42/0x430 [ 142.635101][ T6616] ? getname_flags+0xc6/0x710 [ 142.635133][ T6616] getname_flags+0xc6/0x710 [ 142.635156][ T6616] ? build_open_flags+0x487/0x600 [ 142.635187][ T6616] getname+0x1b/0x30 [ 142.635208][ T6616] do_sys_openat2+0xcb/0x1c0 [ 142.635238][ T6616] ? fput+0x1a5/0x240 [ 142.635265][ T6616] ? do_sys_open+0x100/0x100 [ 142.635293][ T6616] ? ksys_write+0x1ef/0x250 [ 142.635315][ T6616] ? __cfi_ksys_write+0x10/0x10 [ 142.635338][ T6616] __x64_sys_openat+0x13a/0x170 [ 142.635369][ T6616] x64_sys_call+0xe69/0x2ee0 [ 142.635403][ T6616] do_syscall_64+0x58/0xf0 [ 142.635432][ T6616] ? clear_bhb_loop+0x50/0xa0 [ 142.635459][ T6616] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 142.635484][ T6616] RIP: 0033:0x7f8f0f18df10 [ 142.635505][ T6616] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 142.635525][ T6616] RSP: 002b:00007f8f0dbe2f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 142.635550][ T6616] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f8f0f18df10 [ 142.635567][ T6616] RDX: 0000000000000002 RSI: 00007f8f0dbe2fa0 RDI: 00000000ffffff9c [ 142.635584][ T6616] RBP: 00007f8f0dbe2fa0 R08: 0000000000000000 R09: 0000000000000000 [ 142.635599][ T6616] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 142.635614][ T6616] R13: 00007f8f0f3e6038 R14: 00007f8f0f3e5fa0 R15: 00007ffdac3ba588 [ 142.635634][ T6616] [ 142.880852][ T6625] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 142.880917][ T6625] rust_binder: Read failure Err(EFAULT) in pid:296 [ 142.972937][ T6633] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 142.985054][ T6635] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 142.993296][ T6635] rust_binder: Read failure Err(EFAULT) in pid:349 [ 143.011968][ T6633] rust_binder: Read failure Err(EFAULT) in pid:302 [ 143.113664][ T6641] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.128368][ T6641] rust_binder: Read failure Err(EFAULT) in pid:353 [ 143.176201][ T6643] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.194670][ T6643] rust_binder: Read failure Err(EFAULT) in pid:355 [ 143.315683][ T6655] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.322652][ T6655] rust_binder: Read failure Err(EFAULT) in pid:345 [ 143.349463][ T6659] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.364682][ T6659] rust_binder: Read failure Err(EFAULT) in pid:184 [ 143.386409][ T6667] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.393466][ T6667] rust_binder: Read failure Err(EFAULT) in pid:349 [ 143.473814][ T6682] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.480542][ T6682] rust_binder: Read failure Err(EFAULT) in pid:372 [ 143.510209][ T6688] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.516879][ T6688] rust_binder: Read failure Err(EFAULT) in pid:374 [ 143.520921][ T6690] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.535176][ T6690] rust_binder: Read failure Err(EFAULT) in pid:357 [ 143.587295][ T6699] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.604102][ T6699] rust_binder: Read failure Err(EFAULT) in pid:361 [ 143.617230][ T6705] FAULT_INJECTION: forcing a failure. [ 143.617230][ T6705] name failslab, interval 1, probability 0, space 0, times 0 [ 143.648817][ T6705] CPU: 0 UID: 0 PID: 6705 Comm: syz.0.2980 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 143.648854][ T6705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 143.648869][ T6705] Call Trace: [ 143.648877][ T6705] [ 143.648885][ T6705] __dump_stack+0x21/0x30 [ 143.648920][ T6705] dump_stack_lvl+0x10c/0x190 [ 143.648950][ T6705] ? __cfi_dump_stack_lvl+0x10/0x10 [ 143.648980][ T6705] ? __kasan_check_write+0x18/0x20 [ 143.649014][ T6705] ? proc_fail_nth_write+0x17e/0x210 [ 143.649045][ T6705] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 143.649085][ T6705] dump_stack+0x19/0x20 [ 143.649116][ T6705] should_fail_ex+0x3d9/0x530 [ 143.649139][ T6705] should_failslab+0xac/0x100 [ 143.649165][ T6705] kmem_cache_alloc_noprof+0x42/0x430 [ 143.649186][ T6705] ? getname_flags+0xc6/0x710 [ 143.649210][ T6705] getname_flags+0xc6/0x710 [ 143.649232][ T6705] ? build_open_flags+0x487/0x600 [ 143.649264][ T6705] getname+0x1b/0x30 [ 143.649285][ T6705] do_sys_openat2+0xcb/0x1c0 [ 143.649315][ T6705] ? fput+0x1a5/0x240 [ 143.649342][ T6705] ? do_sys_open+0x100/0x100 [ 143.649372][ T6705] ? ksys_write+0x1ef/0x250 [ 143.649393][ T6705] ? __cfi_ksys_write+0x10/0x10 [ 143.649416][ T6705] __x64_sys_openat+0x13a/0x170 [ 143.649447][ T6705] x64_sys_call+0xe69/0x2ee0 [ 143.649481][ T6705] do_syscall_64+0x58/0xf0 [ 143.649512][ T6705] ? clear_bhb_loop+0x50/0xa0 [ 143.649537][ T6705] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 143.649563][ T6705] RIP: 0033:0x7f9a73b8df10 [ 143.649582][ T6705] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 143.649602][ T6705] RSP: 002b:00007f9a749bef10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 143.649627][ T6705] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f9a73b8df10 [ 143.649645][ T6705] RDX: 0000000000000002 RSI: 00007f9a749befa0 RDI: 00000000ffffff9c [ 143.649661][ T6705] RBP: 00007f9a749befa0 R08: 0000000000000000 R09: 0000000000000000 [ 143.649676][ T6705] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 143.649692][ T6705] R13: 00007f9a73de6038 R14: 00007f9a73de5fa0 R15: 00007fffb90bd018 [ 143.649713][ T6705] [ 143.665989][ T6708] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.727433][ T6715] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.734065][ T6708] rust_binder: Read failure Err(EFAULT) in pid:363 [ 143.741403][ T6715] rust_binder: Read failure Err(EFAULT) in pid:386 [ 143.829980][ T6723] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.871237][ T6727] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.876634][ T6723] rust_binder: Read failure Err(EFAULT) in pid:206 [ 143.885835][ T6727] rust_binder: Read failure Err(EFAULT) in pid:388 [ 143.898075][ T6729] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.945156][ T6729] rust_binder: Read failure Err(EFAULT) in pid:368 [ 143.977444][ T6739] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 143.984056][ T6739] rust_binder: Read failure Err(EFAULT) in pid:394 [ 144.067522][ T6754] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 144.074161][ T6754] rust_binder: Read failure Err(EFAULT) in pid:373 [ 144.162840][ T6768] FAULT_INJECTION: forcing a failure. [ 144.162840][ T6768] name failslab, interval 1, probability 0, space 0, times 0 [ 144.182410][ T6768] CPU: 1 UID: 0 PID: 6768 Comm: syz.0.3009 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 144.182447][ T6768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 144.182462][ T6768] Call Trace: [ 144.182470][ T6768] [ 144.182479][ T6768] __dump_stack+0x21/0x30 [ 144.182513][ T6768] dump_stack_lvl+0x10c/0x190 [ 144.182543][ T6768] ? __cfi_dump_stack_lvl+0x10/0x10 [ 144.182573][ T6768] ? __kasan_check_write+0x18/0x20 [ 144.182607][ T6768] ? proc_fail_nth_write+0x17e/0x210 [ 144.182636][ T6768] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 144.182667][ T6768] dump_stack+0x19/0x20 [ 144.182706][ T6768] should_fail_ex+0x3d9/0x530 [ 144.182730][ T6768] should_failslab+0xac/0x100 [ 144.182755][ T6768] kmem_cache_alloc_noprof+0x42/0x430 [ 144.182776][ T6768] ? getname_flags+0xc6/0x710 [ 144.182799][ T6768] getname_flags+0xc6/0x710 [ 144.182820][ T6768] ? build_open_flags+0x487/0x600 [ 144.182852][ T6768] getname+0x1b/0x30 [ 144.182873][ T6768] do_sys_openat2+0xcb/0x1c0 [ 144.182902][ T6768] ? fput+0x1a5/0x240 [ 144.182928][ T6768] ? do_sys_open+0x100/0x100 [ 144.182954][ T6768] ? ksys_write+0x1ef/0x250 [ 144.182976][ T6768] ? __cfi_ksys_write+0x10/0x10 [ 144.182998][ T6768] __x64_sys_openat+0x13a/0x170 [ 144.183030][ T6768] x64_sys_call+0xe69/0x2ee0 [ 144.183064][ T6768] do_syscall_64+0x58/0xf0 [ 144.183095][ T6768] ? clear_bhb_loop+0x50/0xa0 [ 144.183121][ T6768] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 144.183146][ T6768] RIP: 0033:0x7f9a73b8df10 [ 144.183165][ T6768] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 69 95 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 bc 95 02 00 8b 44 [ 144.183185][ T6768] RSP: 002b:00007f9a749bef10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 144.183208][ T6768] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f9a73b8df10 [ 144.183224][ T6768] RDX: 0000000000000002 RSI: 00007f9a749befa0 RDI: 00000000ffffff9c [ 144.183238][ T6768] RBP: 00007f9a749befa0 R08: 0000000000000000 R09: 0000000000000000 [ 144.183252][ T6768] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 144.183266][ T6768] R13: 00007f9a73de6038 R14: 00007f9a73de5fa0 R15: 00007fffb90bd018 [ 144.183284][ T6768] [ 144.476275][ T6782] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 144.476303][ T6782] rust_binder: Read failure Err(EFAULT) in pid:322 [ 144.523410][ T6787] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 144.530338][ T6787] rust_binder: Read failure Err(EFAULT) in pid:326 [ 144.588473][ T6792] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 144.595197][ T6792] rust_binder: Read failure Err(EFAULT) in pid:330 [ 144.765213][ T6814] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 144.774865][ T6814] rust_binder: Read failure Err(EFAULT) in pid:339 [ 144.801104][ T6816] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 144.816209][ T6816] rust_binder: Read failure Err(EFAULT) in pid:406 [ 144.844559][ T6823] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 144.867037][ T6823] rust_binder: Read failure Err(EFAULT) in pid:238 [ 144.996002][ T6835] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 145.014762][ T6835] rust_binder: Read failure Err(EFAULT) in pid:240 [ 145.117237][ T6852] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 145.134825][ T6852] rust_binder: Read failure Err(EFAULT) in pid:417 [ 145.194945][ T6854] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 145.211710][ T6854] rust_binder: Read failure Err(EFAULT) in pid:419 [ 145.311273][ T6858] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 145.328071][ T6858] rust_binder: Read failure Err(EFAULT) in pid:423 [ 145.548743][ T6869] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 145.571663][ T6869] rust_binder: Read failure Err(EFAULT) in pid:379 [ 145.656721][ T6876] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 145.673525][ T6876] rust_binder: Read failure Err(EFAULT) in pid:437 [ 145.889153][ T6889] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 145.895864][ T6889] rust_binder: Read failure Err(EFAULT) in pid:248 [ 145.954207][ T6895] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 145.960908][ T6895] rust_binder: Read failure Err(EFAULT) in pid:254 [ 146.357032][ T6901] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 146.363670][ T6901] rust_binder: Read failure Err(EFAULT) in pid:362 [ 146.508199][ T6907] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 146.524711][ T6907] rust_binder: Read failure Err(EFAULT) in pid:368 [ 146.844733][ T850] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 147.024703][ T850] usb 4-1: device descriptor read/64, error -71 [ 147.274692][ T850] usb 4-1: device descriptor read/64, error -71 [ 147.526744][ T850] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 147.664692][ T850] usb 4-1: device descriptor read/64, error -71 [ 147.914687][ T850] usb 4-1: device descriptor read/64, error -71 [ 148.024798][ T850] usb usb4-port1: attempt power cycle [ 148.384715][ T850] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 148.425715][ T850] usb 4-1: device descriptor read/8, error -71 [ 148.566814][ T850] usb 4-1: device descriptor read/8, error -71 [ 148.636999][ T6980] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 148.637027][ T6980] rust_binder: Read failure Err(EFAULT) in pid:402 [ 148.689805][ T6984] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 148.697450][ T6984] rust_binder: Read failure Err(EFAULT) in pid:477 [ 148.739310][ T6992] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 148.746450][ T6992] rust_binder: Read failure Err(EFAULT) in pid:272 [ 148.793896][ T6996] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 148.804716][ T850] usb 4-1: new full-speed USB device number 22 using dummy_hcd [ 148.808397][ T6996] rust_binder: Read failure Err(EFAULT) in pid:274 [ 148.837208][ T6998] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 148.845682][ T850] usb 4-1: device descriptor read/8, error -71 [ 148.851394][ T6998] rust_binder: Read failure Err(EFAULT) in pid:483 [ 148.885502][ T7004] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 148.892077][ T7004] rust_binder: Read failure Err(EFAULT) in pid:485 [ 148.978014][ T850] usb 4-1: device descriptor read/8, error -71 [ 149.114793][ T850] usb usb4-port1: unable to enumerate USB device [ 149.355892][ T7031] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 149.355920][ T7031] rust_binder: Read failure Err(EFAULT) in pid:508 [ 149.396155][ T7033] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 149.402844][ T7033] rust_binder: Read failure Err(EFAULT) in pid:408 [ 149.469090][ T7043] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 149.569953][ T7052] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 149.569983][ T7052] rust_binder: Read failure Err(EFAULT) in pid:421 [ 149.644079][ T7061] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 149.654567][ T7061] rust_binder: Read failure Err(EFAULT) in pid:427 [ 149.747301][ T36] kauditd_printk_skb: 2 callbacks suppressed [ 149.747322][ T36] audit: type=1400 audit(1763511025.940:193): avc: denied { connect } for pid=7073 comm="syz.3.3150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 149.781244][ T12] tipc: Subscription rejected, illegal request [ 149.804689][ T36] audit: type=1400 audit(1763511025.980:194): avc: denied { write } for pid=7073 comm="syz.3.3150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 149.849673][ T36] audit: type=1400 audit(1763511025.980:195): avc: denied { read } for pid=7073 comm="syz.3.3150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 149.884706][ T7078] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 149.884734][ T7078] rust_binder: Read failure Err(EFAULT) in pid:385 [ 149.933621][ T7080] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 149.950183][ T7080] rust_binder: Read failure Err(EFAULT) in pid:387 [ 150.455206][ T7106] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3159'. [ 150.666294][ T7126] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 150.666322][ T7126] rust_binder: Read failure Err(EFAULT) in pid:300 [ 150.758754][ T7130] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 150.774703][ T7130] rust_binder: Read failure Err(EFAULT) in pid:304 [ 150.857638][ T7134] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 150.874464][ T7134] rust_binder: Read failure Err(EFAULT) in pid:308 [ 150.925058][ T5878] tipc: Subscription rejected, illegal request [ 151.103192][ T7144] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 151.103220][ T7144] rust_binder: Read failure Err(EFAULT) in pid:318 [ 151.275638][ T7149] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 151.292445][ T7149] rust_binder: Read failure Err(EFAULT) in pid:323 [ 151.369525][ T7153] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 151.384224][ T7153] rust_binder: Read failure Err(EFAULT) in pid:327 [ 151.483953][ T7159] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 151.490578][ T7159] rust_binder: Read failure Err(EFAULT) in pid:405 [ 151.531325][ T7161] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 151.538549][ T7161] rust_binder: Read failure Err(EFAULT) in pid:435 [ 151.555022][ T36] audit: type=1400 audit(1763511027.740:196): avc: denied { create } for pid=7162 comm="syz.3.3192" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 151.609984][ T36] audit: type=1400 audit(1763511027.740:197): avc: denied { write } for pid=7162 comm="syz.3.3192" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 151.705007][ T7175] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 151.705032][ T7175] rust_binder: Read failure Err(EFAULT) in pid:337 [ 151.728988][ T7177] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 151.746956][ T7177] rust_binder: Read failure Err(EFAULT) in pid:533 [ 151.775321][ T7179] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 151.781894][ T7179] rust_binder: Read failure Err(EFAULT) in pid:339 [ 151.804711][ T7181] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 151.814719][ T7181] rust_binder: Read failure Err(EFAULT) in pid:535 [ 151.863294][ T7185] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 151.885176][ T7185] rust_binder: Read failure Err(EFAULT) in pid:537 [ 151.939222][ T7189] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 151.965757][ T7189] rust_binder: Read failure Err(EFAULT) in pid:539 [ 152.060556][ T7194] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.074784][ T7194] rust_binder: Read failure Err(EFAULT) in pid:541 [ 152.093483][ T7196] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.100220][ T7196] rust_binder: Read failure Err(EFAULT) in pid:348 [ 152.150798][ T7198] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.165327][ T7198] rust_binder: Read failure Err(EFAULT) in pid:543 [ 152.215542][ T7202] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.222289][ T7202] rust_binder: Read failure Err(EFAULT) in pid:545 [ 152.243462][ T7204] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.260532][ T7204] rust_binder: Read failure Err(EFAULT) in pid:352 [ 152.285928][ T7206] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.306389][ T7206] rust_binder: Read failure Err(EFAULT) in pid:547 [ 152.397562][ T7212] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.404131][ T7212] rust_binder: Read failure Err(EFAULT) in pid:551 [ 152.448390][ T7214] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.464682][ T7214] rust_binder: Read failure Err(EFAULT) in pid:553 [ 152.621949][ T7222] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.644753][ T7222] rust_binder: Read failure Err(EFAULT) in pid:439 [ 152.648430][ T7228] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.664356][ T7228] rust_binder: Read failure Err(EFAULT) in pid:563 [ 152.796047][ T7245] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.811560][ T7245] rust_binder: Read failure Err(EFAULT) in pid:446 [ 152.831335][ T7249] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.844755][ T7249] rust_binder: Read failure Err(EFAULT) in pid:417 [ 152.861584][ T7252] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.868459][ T7252] rust_binder: Read failure Err(EFAULT) in pid:572 [ 152.890395][ T7254] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.907167][ T7254] rust_binder: Read failure Err(EFAULT) in pid:448 [ 152.948124][ T7261] 9pnet_fd: Insufficient options for proto=fd [ 152.966858][ T7264] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 152.966884][ T7264] rust_binder: Read failure Err(EFAULT) in pid:450 [ 153.012318][ T5878] tipc: Subscription rejected, illegal request [ 153.065141][ T7275] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 153.065172][ T7275] rust_binder: Read failure Err(EFAULT) in pid:426 [ 153.098642][ T7283] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 153.105809][ T7283] rust_binder: Read failure Err(EFAULT) in pid:428 [ 153.143878][ T7285] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 153.153273][ T7285] rust_binder: Read failure Err(EFAULT) in pid:430 [ 153.289211][ T7300] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 153.304204][ T7300] rust_binder: Read failure Err(EFAULT) in pid:436 [ 153.356099][ T7311] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 153.373476][ T7313] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 153.374761][ T7311] rust_binder: Read failure Err(EFAULT) in pid:438 [ 153.389590][ T7313] rust_binder: Read failure Err(EFAULT) in pid:468 [ 153.436974][ T7316] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 153.443555][ T7316] rust_binder: Read failure Err(EFAULT) in pid:440 [ 153.567268][ T7327] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 153.573843][ T7327] rust_binder: Read failure Err(EFAULT) in pid:446 [ 153.595926][ T7329] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 153.614851][ T7329] rust_binder: Read failure Err(EFAULT) in pid:476 [ 153.673414][ T7333] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 153.700387][ T7333] rust_binder: Read failure Err(EFAULT) in pid:478 [ 153.741293][ T7337] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 153.750938][ T7337] rust_binder: Read failure Err(EFAULT) in pid:452 [ 153.863028][ T7347] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 153.884697][ T7347] rust_binder: Read failure Err(EFAULT) in pid:456 [ 154.054875][ T7358] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 154.075117][ T7358] rust_binder: Read failure Err(EFAULT) in pid:460 [ 154.096769][ T7360] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 154.114716][ T7360] rust_binder: Read failure Err(EFAULT) in pid:493 [ 154.227428][ T7374] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 154.232653][ T7376] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 154.233992][ T7374] rust_binder: Read failure Err(EFAULT) in pid:498 [ 154.246313][ T7376] rust_binder: Read failure Err(EFAULT) in pid:467 [ 154.325381][ T7387] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 154.344129][ T7387] rust_binder: Read failure Err(EFAULT) in pid:364 [ 154.400381][ T5878] tipc: Subscription rejected, illegal request [ 154.475116][ T7397] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 154.475144][ T7397] rust_binder: Read failure Err(EFAULT) in pid:508 [ 154.549136][ T7400] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 154.579138][ T7400] rust_binder: Read failure Err(EFAULT) in pid:370 [ 154.639392][ T7406] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 154.656380][ T7406] rust_binder: Read failure Err(EFAULT) in pid:372 [ 154.725935][ T7410] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 154.734693][ T7410] rust_binder: Read failure Err(EFAULT) in pid:374 [ 154.826880][ T5878] tipc: Subscription rejected, illegal request [ 154.880807][ T7416] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 154.880837][ T7416] rust_binder: Read failure Err(EFAULT) in pid:380 [ 155.287001][ T7424] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 155.293602][ T7424] rust_binder: Read failure Err(EFAULT) in pid:594 [ 155.346357][ T7428] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 155.364672][ T7428] rust_binder: Read failure Err(EFAULT) in pid:473 [ 155.789662][ T7440] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 155.814687][ T7440] rust_binder: Read failure Err(EFAULT) in pid:518 [ 155.869489][ T7444] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 155.876127][ T7444] rust_binder: Read failure Err(EFAULT) in pid:522 [ 155.994044][ T7452] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 156.014720][ T7452] rust_binder: Read failure Err(EFAULT) in pid:529 [ 156.073561][ T7454] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 156.084741][ T7454] rust_binder: Read failure Err(EFAULT) in pid:531 [ 156.173108][ T5878] tipc: Subscription rejected, illegal request [ 156.211055][ T7464] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 156.211084][ T7464] rust_binder: Read failure Err(EFAULT) in pid:537 [ 156.215166][ T7462] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 156.254743][ T7462] rust_binder: Read failure Err(EFAULT) in pid:388 [ 156.255482][ T7468] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 156.270877][ T7468] rust_binder: Read failure Err(EFAULT) in pid:541 [ 156.331611][ T7474] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 156.354268][ T7474] rust_binder: Read failure Err(EFAULT) in pid:545 [ 156.462467][ T7482] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 156.492064][ T7482] rust_binder: Read failure Err(EFAULT) in pid:396 [ 156.552316][ T7491] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 156.563658][ T7491] rust_binder: Read failure Err(EFAULT) in pid:602 [ 156.580725][ T7495] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 156.595104][ T7495] rust_binder: Read failure Err(EFAULT) in pid:483 [ 156.635807][ T7502] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 156.654196][ T7502] rust_binder: Read failure Err(EFAULT) in pid:606 [ 156.715039][ T7512] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 156.735495][ T7512] rust_binder: Read failure Err(EFAULT) in pid:406 [ 156.808937][ T7520] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 156.834751][ T7520] rust_binder: Read failure Err(EFAULT) in pid:408 [ 156.977568][ T7531] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 156.984152][ T7531] rust_binder: Read failure Err(EFAULT) in pid:412 [ 157.354922][ T7551] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 157.365667][ T7553] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 157.379407][ T7551] rust_binder: Read failure Err(EFAULT) in pid:432 [ 157.387562][ T7553] rust_binder: Read failure Err(EFAULT) in pid:549 [ 157.477119][ T5878] tipc: Subscription rejected, illegal request [ 157.506320][ T7561] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 157.506346][ T7561] rust_binder: Read failure Err(EFAULT) in pid:553 [ 157.615210][ T7570] FAULT_INJECTION: forcing a failure. [ 157.615210][ T7570] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 157.662395][ T7572] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 157.662425][ T7572] rust_binder: Read failure Err(EFAULT) in pid:443 [ 157.664710][ T7570] CPU: 1 UID: 0 PID: 7570 Comm: syz.1.3387 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 157.664817][ T7570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 157.664837][ T7570] Call Trace: [ 157.664849][ T7570] [ 157.664863][ T7570] __dump_stack+0x21/0x30 [ 157.664908][ T7570] dump_stack_lvl+0x10c/0x190 [ 157.664947][ T7570] ? __cfi_dump_stack_lvl+0x10/0x10 [ 157.664987][ T7570] ? kstrtoull+0x13b/0x1e0 [ 157.665016][ T7570] dump_stack+0x19/0x20 [ 157.665054][ T7570] should_fail_ex+0x3d9/0x530 [ 157.665085][ T7570] should_fail+0xf/0x20 [ 157.665112][ T7570] should_fail_usercopy+0x1e/0x30 [ 157.665149][ T7570] _copy_from_user+0x22/0xb0 [ 157.665186][ T7570] ___sys_sendmsg+0x159/0x2a0 [ 157.665229][ T7570] ? __sys_sendmsg+0x280/0x280 [ 157.665271][ T7570] ? proc_fail_nth_write+0x17e/0x210 [ 157.665311][ T7570] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 157.665360][ T7570] __x64_sys_sendmsg+0x1eb/0x2c0 [ 157.665404][ T7570] ? fput+0x1a5/0x240 [ 157.665439][ T7570] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 157.665496][ T7570] ? ksys_write+0x1ef/0x250 [ 157.665526][ T7570] ? __kasan_check_read+0x15/0x20 [ 157.665580][ T7570] x64_sys_call+0x2a4c/0x2ee0 [ 157.665623][ T7570] do_syscall_64+0x58/0xf0 [ 157.665661][ T7570] ? clear_bhb_loop+0x50/0xa0 [ 157.665694][ T7570] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 157.665725][ T7570] RIP: 0033:0x7f3ab4d8f6c9 [ 157.665748][ T7570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.665775][ T7570] RSP: 002b:00007f3ab37f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 157.665806][ T7570] RAX: ffffffffffffffda RBX: 00007f3ab4fe5fa0 RCX: 00007f3ab4d8f6c9 [ 157.665829][ T7570] RDX: 0000000024008004 RSI: 00002000000005c0 RDI: 0000000000000008 [ 157.665849][ T7570] RBP: 00007f3ab37f7090 R08: 0000000000000000 R09: 0000000000000000 [ 157.665869][ T7570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 157.665889][ T7570] R13: 00007f3ab4fe6038 R14: 00007f3ab4fe5fa0 R15: 00007ffe603ecd58 [ 157.665916][ T7570] [ 157.798047][ T7577] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 157.902138][ T7577] rust_binder: Read failure Err(EFAULT) in pid:559 [ 157.943788][ T7587] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 157.950380][ T7587] rust_binder: Read failure Err(EFAULT) in pid:561 [ 158.016201][ T7603] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 158.023405][ T7600] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 158.025711][ T7603] rust_binder: Read failure Err(EFAULT) in pid:505 [ 158.032112][ T7600] rust_binder: Read failure Err(EFAULT) in pid:449 [ 158.266631][ T7629] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 158.294675][ T7629] rust_binder: Read failure Err(EFAULT) in pid:459 [ 158.445759][ T7641] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 158.462573][ T7641] rust_binder: Read failure Err(EFAULT) in pid:586 [ 158.521517][ T7643] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 158.534727][ T7643] rust_binder: Read failure Err(EFAULT) in pid:588 [ 158.696680][ T7652] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 158.713484][ T7652] rust_binder: Read failure Err(EFAULT) in pid:597 [ 159.374194][ T7689] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 159.391050][ T7689] rust_binder: Read failure Err(EFAULT) in pid:518 [ 159.519247][ T7693] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 159.534731][ T7693] rust_binder: Read failure Err(EFAULT) in pid:465 [ 160.187875][ T7711] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3454'. [ 160.232481][ T7715] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 160.232512][ T7715] rust_binder: Read failure Err(EFAULT) in pid:633 [ 160.282351][ T7720] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 160.297573][ T7720] rust_binder: Read failure Err(EFAULT) in pid:628 [ 160.515293][ T7734] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 160.521957][ T7734] rust_binder: Read failure Err(EFAULT) in pid:636 [ 160.666381][ T5878] tipc: Subscription rejected, illegal request [ 160.870076][ T5878] tipc: Subscription rejected, illegal request [ 160.889127][ T7768] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 160.889155][ T7768] rust_binder: Read failure Err(EFAULT) in pid:542 [ 160.951093][ T7772] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 160.970390][ T7772] rust_binder: Read failure Err(EFAULT) in pid:544 [ 161.026624][ T7776] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3485'. [ 161.126402][ T7782] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 161.126431][ T7782] rust_binder: Read failure Err(EFAULT) in pid:548 [ 161.295777][ T7795] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 161.302761][ T7795] rust_binder: Read failure Err(EFAULT) in pid:643 [ 161.354729][ T358] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 161.373160][ T7802] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 161.373198][ T7802] rust_binder: Read failure Err(EFAULT) in pid:558 [ 161.494698][ T358] usb 2-1: device descriptor read/64, error -71 [ 161.537698][ T7829] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 161.537727][ T7829] rust_binder: Read failure Err(EFAULT) in pid:568 [ 161.541115][ T7827] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 161.552380][ T7827] rust_binder: Read failure Err(EFAULT) in pid:658 [ 161.585497][ T7833] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 161.592597][ T7833] rust_binder: Read failure Err(EFAULT) in pid:484 [ 161.655878][ T7850] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 161.662769][ T7850] rust_binder: Read failure Err(EFAULT) in pid:576 [ 161.718138][ T7861] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 161.733936][ T7861] rust_binder: Read failure Err(EFAULT) in pid:669 [ 161.754701][ T358] usb 2-1: device descriptor read/64, error -71 [ 161.802329][ T5878] tipc: Subscription rejected, illegal request [ 161.821284][ T7872] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 161.821311][ T7872] rust_binder: Read failure Err(EFAULT) in pid:498 [ 161.857970][ T7877] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 161.864695][ T7877] rust_binder: Read failure Err(EFAULT) in pid:677 [ 161.938858][ T7887] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 161.945529][ T7887] rust_binder: Read failure Err(EFAULT) in pid:681 [ 162.007617][ T7894] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 162.017509][ T7894] rust_binder: Read failure Err(EFAULT) in pid:685 [ 162.026006][ T358] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 162.158810][ T7911] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 162.158839][ T7911] rust_binder: Read failure Err(EFAULT) in pid:694 [ 162.184691][ T358] usb 2-1: device descriptor read/64, error -71 [ 162.203828][ T7915] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 162.203857][ T7915] rust_binder: Read failure Err(EFAULT) in pid:520 [ 162.283247][ T5878] tipc: Subscription rejected, illegal request [ 162.357053][ T7933] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 162.357095][ T7933] rust_binder: Read failure Err(EFAULT) in pid:704 [ 162.398940][ T7937] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 162.414700][ T7937] rust_binder: Read failure Err(EFAULT) in pid:706 [ 162.434684][ T358] usb 2-1: device descriptor read/64, error -71 [ 162.461658][ T7944] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 162.461687][ T7944] rust_binder: Read failure Err(EFAULT) in pid:584 [ 162.490807][ T7947] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 162.497824][ T7947] rust_binder: Read failure Err(EFAULT) in pid:586 [ 162.535443][ T7949] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 162.548570][ T7949] rust_binder: Read failure Err(EFAULT) in pid:588 [ 162.564809][ T358] usb usb2-port1: attempt power cycle [ 162.648915][ T7961] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 162.648945][ T7961] rust_binder: Read failure Err(EFAULT) in pid:714 [ 162.681786][ T7965] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 162.688514][ T7965] rust_binder: Read failure Err(EFAULT) in pid:716 [ 162.715259][ T7967] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 162.727483][ T7967] rust_binder: Read failure Err(EFAULT) in pid:718 [ 162.746009][ T7969] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 162.754711][ T7969] rust_binder: Read failure Err(EFAULT) in pid:598 [ 162.861228][ T7982] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 162.880424][ T7982] rust_binder: Read failure Err(EFAULT) in pid:604 [ 162.924718][ T358] usb 2-1: new full-speed USB device number 19 using dummy_hcd [ 162.966097][ T358] usb 2-1: device descriptor read/8, error -71 [ 163.015211][ T7989] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 163.015240][ T7989] rust_binder: Read failure Err(EFAULT) in pid:611 [ 163.095668][ T358] usb 2-1: device descriptor read/8, error -71 [ 163.121215][ T7995] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 163.121243][ T7995] rust_binder: Read failure Err(EFAULT) in pid:532 [ 163.136255][ T7994] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3591'. [ 163.197345][ T8002] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 163.197374][ T8002] rust_binder: Read failure Err(EFAULT) in pid:619 [ 163.263534][ T8009] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 163.280104][ T8009] rust_binder: Read failure Err(EFAULT) in pid:539 [ 163.329039][ T8017] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 163.335743][ T8017] rust_binder: Read failure Err(EFAULT) in pid:541 [ 163.354690][ T358] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 163.415713][ T358] usb 2-1: device descriptor read/8, error -71 [ 163.545691][ T358] usb 2-1: device descriptor read/8, error -71 [ 163.654866][ T358] usb usb2-port1: unable to enumerate USB device [ 164.253608][ T8055] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 164.253636][ T8055] rust_binder: Read failure Err(EFAULT) in pid:553 [ 164.435811][ T8066] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 164.442383][ T8066] rust_binder: Read failure Err(EFAULT) in pid:732 [ 164.546506][ T8071] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 164.563209][ T8071] rust_binder: Read failure Err(EFAULT) in pid:736 [ 164.604710][ T358] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 164.754686][ T358] usb 1-1: device descriptor read/64, error -71 [ 164.799782][ T8089] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 164.799812][ T8089] rust_binder: Read failure Err(EFAULT) in pid:659 [ 164.876458][ T8091] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 164.893229][ T8091] rust_binder: Read failure Err(EFAULT) in pid:661 [ 164.982484][ T8097] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 164.989125][ T8097] rust_binder: Read failure Err(EFAULT) in pid:667 [ 165.004717][ T358] usb 1-1: device descriptor read/64, error -71 [ 165.165238][ T8108] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 165.165267][ T8108] rust_binder: Read failure Err(EFAULT) in pid:676 [ 165.274703][ T358] usb 1-1: new full-speed USB device number 14 using dummy_hcd [ 165.366602][ T8124] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 165.366629][ T8124] rust_binder: Read failure Err(EFAULT) in pid:683 [ 165.434716][ T358] usb 1-1: device descriptor read/64, error -71 [ 165.579702][ T5878] tipc: Subscription rejected, illegal request [ 165.620272][ T8158] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 165.620299][ T8158] rust_binder: Read failure Err(EFAULT) in pid:757 [ 165.707972][ T358] usb 1-1: device descriptor read/64, error -71 [ 165.735848][ T8168] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 165.735875][ T8168] rust_binder: Read failure Err(EFAULT) in pid:706 [ 165.812321][ T8170] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 165.829047][ T8170] rust_binder: Read failure Err(EFAULT) in pid:708 [ 165.834888][ T358] usb usb1-port1: attempt power cycle [ 165.885988][ T5878] tipc: Subscription rejected, illegal request [ 165.958443][ T8178] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 165.958472][ T8178] rust_binder: Read failure Err(EFAULT) in pid:714 [ 166.013350][ T8182] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 166.025209][ T8182] rust_binder: Read failure Err(EFAULT) in pid:718 [ 166.118019][ T8195] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 166.131920][ T8195] rust_binder: Read failure Err(EFAULT) in pid:688 [ 166.214715][ T358] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 166.265697][ T358] usb 1-1: device descriptor read/8, error -71 [ 166.286747][ T8217] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3696'. [ 166.405695][ T358] usb 1-1: device descriptor read/8, error -71 [ 166.448537][ T5878] tipc: Subscription rejected, illegal request [ 166.492286][ T8240] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3706'. [ 166.600398][ T8254] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 166.600427][ T8254] rust_binder: Read failure Err(EFAULT) in pid:753 [ 166.644762][ T358] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 166.695701][ T358] usb 1-1: device descriptor read/8, error -71 [ 166.855137][ T358] usb 1-1: device descriptor read/8, error -71 [ 166.964835][ T358] usb usb1-port1: unable to enumerate USB device [ 167.031212][ T8273] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 167.031239][ T8273] rust_binder: Read failure Err(EFAULT) in pid:706 [ 167.072843][ T8277] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 167.079558][ T8277] rust_binder: Read failure Err(EFAULT) in pid:710 [ 167.450173][ T8294] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 167.463176][ T8294] rust_binder: Read failure Err(EFAULT) in pid:724 [ 167.689996][ T8319] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 167.711939][ T8319] rust_binder: Read failure Err(EFAULT) in pid:790 [ 168.045184][ T8351] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 168.054835][ T8351] rust_binder: Read failure Err(EFAULT) in pid:803 [ 168.124772][ T12] tipc: Subscription rejected, illegal request [ 168.436473][ T8386] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 168.436502][ T8386] rust_binder: Read failure Err(EFAULT) in pid:814 [ 168.642244][ T8409] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 168.657249][ T8409] rust_binder: Read failure Err(EFAULT) in pid:581 [ 168.942455][ T8439] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 168.955169][ T8439] rust_binder: Read failure Err(EFAULT) in pid:748 [ 169.021965][ T8445] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 169.034691][ T8445] rust_binder: Read failure Err(EFAULT) in pid:750 [ 169.204692][ T8459] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 169.221489][ T8459] rust_binder: Read failure Err(EFAULT) in pid:849 [ 169.662899][ T8523] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 169.674694][ T8523] rust_binder: Read failure Err(EFAULT) in pid:824 [ 169.707355][ T8526] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 169.713930][ T8526] rust_binder: Read failure Err(EFAULT) in pid:786 [ 170.005188][ T8573] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 170.011881][ T8573] rust_binder: Read failure Err(EFAULT) in pid:842 [ 170.081088][ T8582] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 170.106436][ T8582] rust_binder: Read failure Err(EFAULT) in pid:844 [ 170.455576][ T8634] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 170.462158][ T8634] rust_binder: Read failure Err(EFAULT) in pid:627 [ 171.690821][ T8694] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 171.714662][ T8694] rust_binder: Read failure Err(EFAULT) in pid:869 [ 171.845475][ T12] tipc: Subscription rejected, illegal request [ 171.904290][ T8721] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 171.904318][ T8721] rust_binder: Read failure Err(EFAULT) in pid:878 [ 172.094927][ T8746] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 172.101610][ T8746] rust_binder: Read failure Err(EFAULT) in pid:657 [ 172.144693][ T8750] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 172.174759][ T8750] rust_binder: Read failure Err(EFAULT) in pid:884 [ 173.192279][ T8776] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 173.209421][ T8776] rust_binder: Read failure Err(EFAULT) in pid:902 [ 173.264836][ T5878] tipc: Subscription rejected, illegal request [ 173.498257][ T8801] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 173.498288][ T8801] rust_binder: Read failure Err(EFAULT) in pid:894 [ 174.147491][ T8846] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 174.161736][ T8846] rust_binder: Read failure Err(EFAULT) in pid:930 [ 174.378784][ T8865] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4003'. [ 174.515018][ T8877] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 174.515047][ T8877] rust_binder: Read failure Err(EFAULT) in pid:873 [ 174.579647][ T8889] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4014'. [ 174.677753][ T8900] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 174.677959][ T8900] rust_binder: Read failure Err(EFAULT) in pid:881 [ 174.879178][ T36] audit: type=1400 audit(1763511051.070:198): avc: denied { ioctl } for pid=8913 comm="syz.3.4026" path="socket:[50206]" dev="sockfs" ino=50206 ioctlcmd=0x8941 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 175.358639][ T5878] tipc: Subscription rejected, illegal request [ 175.615769][ T8953] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4046'. [ 175.821619][ T36] audit: type=1400 audit(1763511052.010:199): avc: denied { getopt } for pid=8972 comm="syz.2.4053" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 176.464670][ T358] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 176.625737][ T358] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 176.635963][ T358] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 176.656173][ T358] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 176.674669][ T358] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 176.678801][ T9012] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 176.693924][ T9012] rust_binder: Read failure Err(EFAULT) in pid:960 [ 176.703425][ T358] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 176.719282][ T358] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.727594][ T358] usb 1-1: Product: syz [ 176.734949][ T358] usb 1-1: Manufacturer: syz [ 176.739604][ T358] usb 1-1: SerialNumber: syz [ 176.754814][ T9001] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 176.762994][ T358] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found [ 176.770435][ T358] cdc_ncm 1-1:1.0: bind() failure [ 176.811610][ T9026] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 176.811638][ T9026] rust_binder: Read failure Err(EFAULT) in pid:934 [ 177.595447][ T9085] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 177.602354][ T9085] rust_binder: Read failure Err(EFAULT) in pid:989 [ 179.240887][ T358] usb 1-1: USB disconnect, device number 17 [ 179.447032][ T9190] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 179.447062][ T9190] rust_binder: Read failure Err(EFAULT) in pid:730 [ 179.784693][ T358] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 179.955747][ T358] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 179.968584][ T358] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 179.989422][ T358] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 180.001572][ T358] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 180.014534][ T358] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 180.025028][ T358] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.033355][ T358] usb 1-1: Product: syz [ 180.045735][ T358] usb 1-1: Manufacturer: syz [ 180.050485][ T358] usb 1-1: SerialNumber: syz [ 180.055581][ T12] tipc: Subscription rejected, illegal request [ 180.064843][ T9194] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 180.075120][ T358] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found [ 180.092118][ T358] cdc_ncm 1-1:1.0: bind() failure [ 180.731177][ T9277] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 180.731206][ T9277] rust_binder: Read failure Err(EFAULT) in pid:1048 [ 181.160381][ T9295] rust_binder: Failure when writing BR_NOOP at beginning of buffer. [ 181.183510][ T9295] rust_binder: Read failure Err(EFAULT) in pid:1026 [ 181.664672][ T358] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 181.708097][ T12] tipc: Subscription rejected, illegal request [ 181.834662][ T358] usb 2-1: Using ep0 maxpacket: 8 [ 181.842463][ T358] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 181.851129][ T358] usb 2-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 181.871719][ T358] usb 2-1: config 179 has no interface number 0 [ 181.881988][ T358] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 181.894599][ T358] usb 2-1: config 179 interface 65 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 23 [ 181.908939][ T358] usb 2-1: config 179 interface 65 has no altsetting 0 [ 181.916853][ T358] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 181.927947][ T358] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.146239][ T358] usb 2-1: USB disconnect, device number 21 [ 182.342838][ T12] tipc: Subscription rejected, illegal request [ 182.555652][ T358] usb 1-1: USB disconnect, device number 18 [ 183.061372][ T9384] FAULT_INJECTION: forcing a failure. [ 183.061372][ T9384] name failslab, interval 1, probability 0, space 0, times 0 [ 183.074266][ T9384] CPU: 0 UID: 0 PID: 9384 Comm: syz.1.4249 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 183.074305][ T9384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 183.074331][ T9384] Call Trace: [ 183.074340][ T9384] [ 183.074350][ T9384] __dump_stack+0x21/0x30 [ 183.074387][ T9384] dump_stack_lvl+0x10c/0x190 [ 183.074419][ T9384] ? __cfi_dump_stack_lvl+0x10/0x10 [ 183.074450][ T9384] ? __kasan_check_write+0x18/0x20 [ 183.074485][ T9384] ? proc_fail_nth_write+0x17e/0x210 [ 183.074516][ T9384] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 183.074547][ T9384] dump_stack+0x19/0x20 [ 183.074576][ T9384] should_fail_ex+0x3d9/0x530 [ 183.074601][ T9384] should_failslab+0xac/0x100 [ 183.074631][ T9384] kmem_cache_alloc_noprof+0x42/0x430 [ 183.074653][ T9384] ? getname_flags+0xc6/0x710 [ 183.074674][ T9384] getname_flags+0xc6/0x710 [ 183.074696][ T9384] ? build_open_flags+0x487/0x600 [ 183.074726][ T9384] getname+0x1b/0x30 [ 183.074748][ T9384] do_sys_openat2+0xcb/0x1c0 [ 183.074777][ T9384] ? fput+0x1a5/0x240 [ 183.074804][ T9384] ? do_sys_open+0x100/0x100 [ 183.074832][ T9384] ? ksys_write+0x1ef/0x250 [ 183.074853][ T9384] ? __cfi_ksys_write+0x10/0x10 [ 183.074875][ T9384] __x64_sys_openat+0x13a/0x170 [ 183.074906][ T9384] x64_sys_call+0xe69/0x2ee0 [ 183.074939][ T9384] do_syscall_64+0x58/0xf0 [ 183.074967][ T9384] ? clear_bhb_loop+0x50/0xa0 [ 183.074993][ T9384] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 183.075017][ T9384] RIP: 0033:0x7f3ab4d8f6c9 [ 183.075037][ T9384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.075057][ T9384] RSP: 002b:00007f3ab37f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 183.075082][ T9384] RAX: ffffffffffffffda RBX: 00007f3ab4fe5fa0 RCX: 00007f3ab4d8f6c9 [ 183.075100][ T9384] RDX: 000000000000275a RSI: 0000200000000280 RDI: ffffffffffffff9c [ 183.075116][ T9384] RBP: 00007f3ab37f7090 R08: 0000000000000000 R09: 0000000000000000 [ 183.075131][ T9384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.075145][ T9384] R13: 00007f3ab4fe6038 R14: 00007f3ab4fe5fa0 R15: 00007ffe603ecd58 [ 183.075166][ T9384] [ 183.127723][ T358] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 183.383536][ T36] audit: type=1400 audit(1763511059.570:200): avc: denied { write } for pid=9395 comm="syz.1.4255" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 183.430270][ T36] audit: type=1400 audit(1763511059.620:201): avc: denied { bind } for pid=9398 comm="syz.1.4256" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 183.485741][ T358] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 183.495960][ T358] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 183.514660][ T358] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 183.534685][ T358] usb 1-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0x78, changing to 0x8 [ 183.554671][ T358] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0 [ 183.564378][ T358] usb 1-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 183.606069][ T358] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 183.615253][ T358] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.634681][ T358] usb 1-1: Product: syz [ 183.638931][ T358] usb 1-1: Manufacturer: syz [ 183.643645][ T358] usb 1-1: SerialNumber: syz [ 183.665952][ T9371] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 184.076855][ T358] cdc_ncm 1-1:1.0: bind() failure [ 184.085961][ T358] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71 [ 184.104681][ T358] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71 [ 184.110298][ T9444] FAULT_INJECTION: forcing a failure. [ 184.110298][ T9444] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 184.132017][ T358] usb 1-1: USB disconnect, device number 19 [ 184.144720][ T9444] CPU: 0 UID: 0 PID: 9444 Comm: syz.1.4278 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 184.144763][ T9444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 184.144778][ T9444] Call Trace: [ 184.144786][ T9444] [ 184.144796][ T9444] __dump_stack+0x21/0x30 [ 184.144832][ T9444] dump_stack_lvl+0x10c/0x190 [ 184.144861][ T9444] ? __cfi_dump_stack_lvl+0x10/0x10 [ 184.144893][ T9444] ? kstrtoull+0x13b/0x1e0 [ 184.144913][ T9444] dump_stack+0x19/0x20 [ 184.144943][ T9444] should_fail_ex+0x3d9/0x530 [ 184.144967][ T9444] should_fail+0xf/0x20 [ 184.144988][ T9444] should_fail_usercopy+0x1e/0x30 [ 184.145012][ T9444] _copy_from_user+0x22/0xb0 [ 184.145040][ T9444] ___sys_sendmsg+0x159/0x2a0 [ 184.145074][ T9444] ? __sys_sendmsg+0x280/0x280 [ 184.145106][ T9444] ? proc_fail_nth_write+0x17e/0x210 [ 184.145134][ T9444] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 184.145178][ T9444] __x64_sys_sendmsg+0x1eb/0x2c0 [ 184.145212][ T9444] ? fput+0x1a5/0x240 [ 184.145239][ T9444] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 184.145270][ T9444] ? ksys_write+0x1ef/0x250 [ 184.145292][ T9444] ? __kasan_check_read+0x15/0x20 [ 184.145326][ T9444] x64_sys_call+0x2a4c/0x2ee0 [ 184.145359][ T9444] do_syscall_64+0x58/0xf0 [ 184.145389][ T9444] ? clear_bhb_loop+0x50/0xa0 [ 184.145414][ T9444] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 184.145439][ T9444] RIP: 0033:0x7f3ab4d8f6c9 [ 184.145459][ T9444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.145479][ T9444] RSP: 002b:00007f3ab37f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 184.145504][ T9444] RAX: ffffffffffffffda RBX: 00007f3ab4fe5fa0 RCX: 00007f3ab4d8f6c9 [ 184.145522][ T9444] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000000b [ 184.145538][ T9444] RBP: 00007f3ab37f7090 R08: 0000000000000000 R09: 0000000000000000 [ 184.145554][ T9444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 184.145568][ T9444] R13: 00007f3ab4fe6038 R14: 00007f3ab4fe5fa0 R15: 00007ffe603ecd58 [ 184.145589][ T9444] [ 186.136904][ T9561] FAULT_INJECTION: forcing a failure. [ 186.136904][ T9561] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 186.152276][ T9561] CPU: 1 UID: 0 PID: 9561 Comm: syz.3.4333 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 186.152314][ T9561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 186.152330][ T9561] Call Trace: [ 186.152338][ T9561] [ 186.152347][ T9561] __dump_stack+0x21/0x30 [ 186.152383][ T9561] dump_stack_lvl+0x10c/0x190 [ 186.152415][ T9561] ? __cfi_dump_stack_lvl+0x10/0x10 [ 186.152447][ T9561] ? selinux_file_open+0x457/0x610 [ 186.152476][ T9561] dump_stack+0x19/0x20 [ 186.152515][ T9561] should_fail_ex+0x3d9/0x530 [ 186.152541][ T9561] should_fail_alloc_page+0xeb/0x110 [ 186.152569][ T9561] __alloc_pages_noprof+0x19b/0x7b0 [ 186.152602][ T9561] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 186.152634][ T9561] ? is_bpf_text_address+0x17b/0x1a0 [ 186.152661][ T9561] ? __kernel_text_address+0x11/0x40 [ 186.152690][ T9561] ? unwind_get_return_address+0x51/0x90 [ 186.152718][ T9561] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 186.152752][ T9561] ? arch_stack_walk+0x10b/0x170 [ 186.152774][ T9561] __folio_alloc_noprof+0x14/0x80 [ 186.152805][ T9561] folio_prealloc+0x46/0x240 [ 186.152834][ T9561] do_pte_missing+0x164c/0x4240 [ 186.152863][ T9561] ? _parse_integer+0x2e/0x40 [ 186.152900][ T9561] ? pte_marker_clear+0x1b0/0x1b0 [ 186.152928][ T9561] ? kstrtouint_from_user+0xfb/0x150 [ 186.152960][ T9561] ? __x64_sys_openat+0x13a/0x170 [ 186.152991][ T9561] ? x64_sys_call+0xe69/0x2ee0 [ 186.153026][ T9561] ? selinux_file_permission+0x309/0xb30 [ 186.153055][ T9561] ? __pte_offset_map+0x1b0/0x230 [ 186.153089][ T9561] ? pte_offset_map_rw_nolock+0xba/0x110 [ 186.153124][ T9561] handle_mm_fault+0x1166/0x1b90 [ 186.153153][ T9561] ? __cfi_handle_mm_fault+0x10/0x10 [ 186.153178][ T9561] ? lock_vma_under_rcu+0x49d/0x540 [ 186.153208][ T9561] ? __kasan_check_write+0x18/0x20 [ 186.153245][ T9561] do_user_addr_fault+0x96c/0x1200 [ 186.153277][ T9561] ? __cfi_ksys_write+0x10/0x10 [ 186.153302][ T9561] exc_page_fault+0x59/0xc0 [ 186.153326][ T9561] asm_exc_page_fault+0x2b/0x30 [ 186.153350][ T9561] RIP: 0033:0x7f652e860576 [ 186.153371][ T9561] Code: 00 00 00 00 41 57 31 c0 41 56 49 89 d6 41 55 49 89 f5 48 89 d6 41 54 49 89 fc 48 8d 3d 0c 2f 1b 00 55 53 48 81 ec 88 20 00 00 <48> 89 0c 24 4c 89 44 24 08 e8 ec d9 fe ff 4d 85 f6 0f 84 46 0a 00 [ 186.153391][ T9561] RSP: 002b:00007f652f79ef70 EFLAGS: 00010202 [ 186.153413][ T9561] RAX: 0000000000000000 RBX: 00007f652ebe5fa0 RCX: 0000000000000000 [ 186.153430][ T9561] RDX: 0000200000000040 RSI: 0000200000000040 RDI: 00007f652ea13479 [ 186.153447][ T9561] RBP: 00007f652f7a1090 R08: 00007f652e84e2f0 R09: 0000000000000000 [ 186.153464][ T9561] R10: 0000000000000000 R11: 0000200000000040 R12: 0000000000000000 [ 186.153480][ T9561] R13: 0000000000000036 R14: 0000200000000040 R15: 00007ffda441e0a8 [ 186.153500][ T9561] [ 186.153643][ T9561] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 186.434689][ T330] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 186.604664][ T330] usb 3-1: Using ep0 maxpacket: 8 [ 186.611326][ T330] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 186.621366][ T330] usb 3-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 186.631820][ T330] usb 3-1: config 179 has no interface number 0 [ 186.638163][ T330] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 186.651411][ T330] usb 3-1: config 179 interface 65 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 23 [ 186.665086][ T330] usb 3-1: config 179 interface 65 has no altsetting 0 [ 186.672012][ T330] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 186.674729][ T358] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 186.682239][ T330] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.724027][ T9600] FAULT_INJECTION: forcing a failure. [ 186.724027][ T9600] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 186.737261][ T9600] CPU: 1 UID: 0 PID: 9600 Comm: syz.1.4351 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 186.737299][ T9600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 186.737315][ T9600] Call Trace: [ 186.737323][ T9600] [ 186.737333][ T9600] __dump_stack+0x21/0x30 [ 186.737370][ T9600] dump_stack_lvl+0x10c/0x190 [ 186.737400][ T9600] ? __cfi_dump_stack_lvl+0x10/0x10 [ 186.737431][ T9600] ? do_vfs_ioctl+0xeda/0x1e30 [ 186.737459][ T9600] dump_stack+0x19/0x20 [ 186.737487][ T9600] should_fail_ex+0x3d9/0x530 [ 186.737511][ T9600] should_fail+0xf/0x20 [ 186.737532][ T9600] should_fail_usercopy+0x1e/0x30 [ 186.737557][ T9600] _copy_from_user+0x22/0xb0 [ 186.737585][ T9600] kvm_vm_ioctl+0x305/0xb80 [ 186.737615][ T9600] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 186.737646][ T9600] ? ioctl_has_perm+0x1aa/0x4d0 [ 186.737673][ T9600] ? __asan_memcpy+0x5a/0x80 [ 186.737694][ T9600] ? ioctl_has_perm+0x3e0/0x4d0 [ 186.737720][ T9600] ? has_cap_mac_admin+0xd0/0xd0 [ 186.737748][ T9600] ? proc_fail_nth_write+0x17e/0x210 [ 186.737778][ T9600] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 186.737809][ T9600] ? selinux_file_ioctl+0x6e0/0x1360 [ 186.737844][ T9600] ? vfs_write+0x93e/0xf30 [ 186.737865][ T9600] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 186.737893][ T9600] ? __cfi_vfs_write+0x10/0x10 [ 186.737924][ T9600] ? __kasan_check_write+0x18/0x20 [ 186.737958][ T9600] ? mutex_unlock+0x8b/0x240 [ 186.737980][ T9600] ? __cfi_mutex_unlock+0x10/0x10 [ 186.738001][ T9600] ? __fget_files+0x2c5/0x340 [ 186.738028][ T9600] ? __fget_files+0x2c5/0x340 [ 186.738053][ T9600] ? bpf_lsm_file_ioctl+0xd/0x20 [ 186.738084][ T9600] ? security_file_ioctl+0x34/0xd0 [ 186.738109][ T9600] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 186.738139][ T9600] __se_sys_ioctl+0x135/0x1b0 [ 186.738166][ T9600] __x64_sys_ioctl+0x7f/0xa0 [ 186.738191][ T9600] x64_sys_call+0x1878/0x2ee0 [ 186.738223][ T9600] do_syscall_64+0x58/0xf0 [ 186.738252][ T9600] ? clear_bhb_loop+0x50/0xa0 [ 186.738278][ T9600] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 186.738303][ T9600] RIP: 0033:0x7f3ab4d8f6c9 [ 186.738321][ T9600] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 186.738343][ T9600] RSP: 002b:00007f3ab37f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 186.738367][ T9600] RAX: ffffffffffffffda RBX: 00007f3ab4fe5fa0 RCX: 00007f3ab4d8f6c9 [ 186.738386][ T9600] RDX: 0000200000000140 RSI: 00000000c00caee0 RDI: 000000000000000a [ 186.738402][ T9600] RBP: 00007f3ab37f7090 R08: 0000000000000000 R09: 0000000000000000 [ 186.738418][ T9600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 186.738439][ T9600] R13: 00007f3ab4fe6038 R14: 00007f3ab4fe5fa0 R15: 00007ffe603ecd58 [ 186.738459][ T9600] [ 187.020165][ T10] usb 3-1: USB disconnect, device number 15 [ 187.104668][ T358] usb 4-1: Using ep0 maxpacket: 8 [ 187.129157][ T358] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 187.137976][ T358] usb 4-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 187.148425][ T358] usb 4-1: config 179 has no interface number 0 [ 187.154858][ T358] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 187.166498][ T358] usb 4-1: config 179 interface 65 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 23 [ 187.179790][ T358] usb 4-1: config 179 interface 65 has no altsetting 0 [ 187.186914][ T358] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 187.196007][ T358] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.364767][ T850] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 187.438365][ T358] usb 4-1: USB disconnect, device number 23 [ 187.494683][ T850] usb 2-1: device descriptor read/64, error -71 [ 187.562614][ T36] audit: type=1400 audit(1763511063.750:202): avc: denied { create } for pid=9643 comm="syz.2.4372" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 187.708768][ T9661] 9pnet_fd: Insufficient options for proto=fd [ 187.734671][ T850] usb 2-1: device descriptor read/64, error -71 [ 187.984682][ T850] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 188.134673][ T850] usb 2-1: device descriptor read/64, error -71 [ 188.162012][ T36] audit: type=1400 audit(1763511064.350:203): avc: denied { map } for pid=9682 comm="syz.3.4391" path="socket:[54106]" dev="sockfs" ino=54106 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 188.226665][ T9693] FAULT_INJECTION: forcing a failure. [ 188.226665][ T9693] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 188.240174][ T9693] CPU: 0 UID: 0 PID: 9693 Comm: syz.0.4395 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 188.240211][ T9693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 188.240226][ T9693] Call Trace: [ 188.240234][ T9693] [ 188.240243][ T9693] __dump_stack+0x21/0x30 [ 188.240278][ T9693] dump_stack_lvl+0x10c/0x190 [ 188.240308][ T9693] ? __cfi_dump_stack_lvl+0x10/0x10 [ 188.240338][ T9693] ? kstrtoull+0x13b/0x1e0 [ 188.240357][ T9693] dump_stack+0x19/0x20 [ 188.240385][ T9693] should_fail_ex+0x3d9/0x530 [ 188.240407][ T9693] should_fail+0xf/0x20 [ 188.240427][ T9693] should_fail_usercopy+0x1e/0x30 [ 188.240451][ T9693] _copy_from_user+0x22/0xb0 [ 188.240478][ T9693] ___sys_sendmsg+0x159/0x2a0 [ 188.240511][ T9693] ? __sys_sendmsg+0x280/0x280 [ 188.240542][ T9693] ? proc_fail_nth_write+0x17e/0x210 [ 188.240571][ T9693] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 188.240608][ T9693] __x64_sys_sendmsg+0x1eb/0x2c0 [ 188.240640][ T9693] ? fput+0x1a5/0x240 [ 188.240666][ T9693] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 188.240697][ T9693] ? ksys_write+0x1ef/0x250 [ 188.240719][ T9693] ? __kasan_check_read+0x15/0x20 [ 188.240752][ T9693] x64_sys_call+0x2a4c/0x2ee0 [ 188.240793][ T9693] do_syscall_64+0x58/0xf0 [ 188.240821][ T9693] ? clear_bhb_loop+0x50/0xa0 [ 188.240845][ T9693] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 188.240869][ T9693] RIP: 0033:0x7f9a73b8f6c9 [ 188.240887][ T9693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.240907][ T9693] RSP: 002b:00007f9a749bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 188.240931][ T9693] RAX: ffffffffffffffda RBX: 00007f9a73de5fa0 RCX: 00007f9a73b8f6c9 [ 188.240949][ T9693] RDX: 0000000000040080 RSI: 0000200000000740 RDI: 0000000000000006 [ 188.240964][ T9693] RBP: 00007f9a749bf090 R08: 0000000000000000 R09: 0000000000000000 [ 188.240979][ T9693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.240994][ T9693] R13: 00007f9a73de6038 R14: 00007f9a73de5fa0 R15: 00007fffb90bd018 [ 188.241014][ T9693] [ 188.513174][ T9705] FAULT_INJECTION: forcing a failure. [ 188.513174][ T9705] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 188.526485][ T9705] CPU: 1 UID: 0 PID: 9705 Comm: syz.2.4402 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 188.526523][ T9705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 188.526538][ T9705] Call Trace: [ 188.526547][ T9705] [ 188.526556][ T9705] __dump_stack+0x21/0x30 [ 188.526591][ T9705] dump_stack_lvl+0x10c/0x190 [ 188.526622][ T9705] ? __cfi_dump_stack_lvl+0x10/0x10 [ 188.526653][ T9705] ? check_stack_object+0x12c/0x140 [ 188.526676][ T9705] dump_stack+0x19/0x20 [ 188.526723][ T9705] should_fail_ex+0x3d9/0x530 [ 188.526749][ T9705] should_fail+0xf/0x20 [ 188.526769][ T9705] should_fail_usercopy+0x1e/0x30 [ 188.526796][ T9705] _copy_to_user+0x24/0xa0 [ 188.526823][ T9705] simple_read_from_buffer+0xed/0x160 [ 188.526853][ T9705] proc_fail_nth_read+0x19e/0x210 [ 188.526883][ T9705] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 188.526913][ T9705] ? bpf_lsm_file_permission+0xd/0x20 [ 188.526944][ T9705] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 188.526974][ T9705] vfs_read+0x27d/0xc70 [ 188.526995][ T9705] ? __cfi_vfs_read+0x10/0x10 [ 188.527021][ T9705] ? __kasan_check_write+0x18/0x20 [ 188.527055][ T9705] ? mutex_lock+0x92/0x1c0 [ 188.527076][ T9705] ? __cfi_mutex_lock+0x10/0x10 [ 188.527097][ T9705] ? __fget_files+0x2c5/0x340 [ 188.527123][ T9705] ksys_read+0x141/0x250 [ 188.527143][ T9705] ? __cfi_ksys_read+0x10/0x10 [ 188.527165][ T9705] ? __kasan_check_read+0x15/0x20 [ 188.527200][ T9705] __x64_sys_read+0x7f/0x90 [ 188.527221][ T9705] x64_sys_call+0x2638/0x2ee0 [ 188.527253][ T9705] do_syscall_64+0x58/0xf0 [ 188.527282][ T9705] ? clear_bhb_loop+0x50/0xa0 [ 188.527307][ T9705] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 188.527331][ T9705] RIP: 0033:0x7f8f0f18e0dc [ 188.527350][ T9705] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 188.527371][ T9705] RSP: 002b:00007f8f0dbe3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 188.527396][ T9705] RAX: ffffffffffffffda RBX: 00007f8f0f3e5fa0 RCX: 00007f8f0f18e0dc [ 188.527414][ T9705] RDX: 000000000000000f RSI: 00007f8f0dbe30a0 RDI: 000000000000000b [ 188.527430][ T9705] RBP: 00007f8f0dbe3090 R08: 0000000000000000 R09: 0000000000000000 [ 188.527446][ T9705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.527461][ T9705] R13: 00007f8f0f3e6038 R14: 00007f8f0f3e5fa0 R15: 00007ffdac3ba588 [ 188.527482][ T9705] [ 188.584682][ T850] usb 2-1: device descriptor read/64, error -71 [ 188.894898][ T850] usb usb2-port1: attempt power cycle [ 188.904686][ T9623] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 189.055986][ T9623] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 189.066490][ T9623] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 189.087663][ T9623] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 189.114672][ T9623] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 189.135800][ T9623] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 189.144961][ T9623] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.153067][ T9623] usb 4-1: Product: syz [ 189.157546][ T9623] usb 4-1: Manufacturer: syz [ 189.162263][ T9623] usb 4-1: SerialNumber: syz [ 189.168381][ T9711] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 189.176815][ T9623] usb 4-1: selecting invalid altsetting 1 [ 189.234720][ T850] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 189.275712][ T850] usb 2-1: device descriptor read/8, error -71 [ 189.405696][ T850] usb 2-1: device descriptor read/8, error -71 [ 189.524846][ T9761] FAULT_INJECTION: forcing a failure. [ 189.524846][ T9761] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 189.538093][ T9761] CPU: 1 UID: 0 PID: 9761 Comm: syz.0.4430 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 189.538130][ T9761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 189.538145][ T9761] Call Trace: [ 189.538152][ T9761] [ 189.538162][ T9761] __dump_stack+0x21/0x30 [ 189.538195][ T9761] dump_stack_lvl+0x10c/0x190 [ 189.538224][ T9761] ? __cfi_dump_stack_lvl+0x10/0x10 [ 189.538256][ T9761] ? do_vfs_ioctl+0xeda/0x1e30 [ 189.538286][ T9761] dump_stack+0x19/0x20 [ 189.538314][ T9761] should_fail_ex+0x3d9/0x530 [ 189.538338][ T9761] should_fail+0xf/0x20 [ 189.538435][ T9761] should_fail_usercopy+0x1e/0x30 [ 189.538461][ T9761] _copy_from_user+0x22/0xb0 [ 189.538490][ T9761] kvm_vm_ioctl+0x305/0xb80 [ 189.538519][ T9761] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 189.538541][ T9761] ? ioctl_has_perm+0x1aa/0x4d0 [ 189.538567][ T9761] ? __asan_memcpy+0x5a/0x80 [ 189.538588][ T9761] ? ioctl_has_perm+0x3e0/0x4d0 [ 189.538614][ T9761] ? has_cap_mac_admin+0xd0/0xd0 [ 189.538674][ T9761] ? proc_fail_nth_write+0x17e/0x210 [ 189.538696][ T9761] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 189.538728][ T9761] ? selinux_file_ioctl+0x6e0/0x1360 [ 189.538755][ T9761] ? vfs_write+0x93e/0xf30 [ 189.538775][ T9761] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 189.538801][ T9761] ? __cfi_vfs_write+0x10/0x10 [ 189.538815][ T9761] ? __kasan_check_write+0x18/0x20 [ 189.538839][ T9761] ? mutex_unlock+0x8b/0x240 [ 189.538854][ T9761] ? __cfi_mutex_unlock+0x10/0x10 [ 189.538877][ T9761] ? __fget_files+0x2c5/0x340 [ 189.538903][ T9761] ? __fget_files+0x2c5/0x340 [ 189.538935][ T9761] ? bpf_lsm_file_ioctl+0xd/0x20 [ 189.538961][ T9761] ? security_file_ioctl+0x34/0xd0 [ 189.538980][ T9761] ? __cfi_kvm_vm_ioctl+0x10/0x10 [ 189.539001][ T9761] __se_sys_ioctl+0x135/0x1b0 [ 189.539030][ T9761] __x64_sys_ioctl+0x7f/0xa0 [ 189.539053][ T9761] x64_sys_call+0x1878/0x2ee0 [ 189.539087][ T9761] do_syscall_64+0x58/0xf0 [ 189.539109][ T9761] ? clear_bhb_loop+0x50/0xa0 [ 189.539128][ T9761] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 189.539145][ T9761] RIP: 0033:0x7f9a73b8f6c9 [ 189.539167][ T9761] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.539187][ T9761] RSP: 002b:00007f9a749bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 189.539212][ T9761] RAX: ffffffffffffffda RBX: 00007f9a73de5fa0 RCX: 00007f9a73b8f6c9 [ 189.539230][ T9761] RDX: 0000200000000140 RSI: 00000000c00caee0 RDI: 000000000000000a [ 189.539244][ T9761] RBP: 00007f9a749bf090 R08: 0000000000000000 R09: 0000000000000000 [ 189.539254][ T9761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 189.539264][ T9761] R13: 00007f9a73de6038 R14: 00007f9a73de5fa0 R15: 00007fffb90bd018 [ 189.539278][ T9761] [ 189.581197][ T9623] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 189.820509][ T9623] cdc_ncm 4-1:1.0: bind() failure [ 189.826608][ T9623] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 189.833417][ T9623] cdc_ncm 4-1:1.1: bind() failure [ 189.840119][ T9623] usb 4-1: USB disconnect, device number 24 [ 189.874724][ T850] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 189.896194][ T850] usb 2-1: device descriptor read/8, error -71 [ 189.924288][ T36] audit: type=1400 audit(1763511066.110:204): avc: denied { append } for pid=9776 comm="syz.2.4438" name="loop2" dev="devtmpfs" ino=51 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 189.949917][ T36] audit: type=1400 audit(1763511066.140:205): avc: denied { unmount } for pid=5032 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 190.025872][ T850] usb 2-1: device descriptor read/8, error -71 [ 190.134749][ T850] usb usb2-port1: unable to enumerate USB device [ 190.252310][ T9821] FAULT_INJECTION: forcing a failure. [ 190.252310][ T9821] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 190.274812][ T9821] CPU: 0 UID: 0 PID: 9821 Comm: syz.2.4458 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 190.274850][ T9821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 190.274866][ T9821] Call Trace: [ 190.274874][ T9821] [ 190.274883][ T9821] __dump_stack+0x21/0x30 [ 190.274919][ T9821] dump_stack_lvl+0x10c/0x190 [ 190.274948][ T9821] ? __cfi_dump_stack_lvl+0x10/0x10 [ 190.274978][ T9821] ? check_stack_object+0x12c/0x140 [ 190.274999][ T9821] dump_stack+0x19/0x20 [ 190.275026][ T9821] should_fail_ex+0x3d9/0x530 [ 190.275049][ T9821] should_fail+0xf/0x20 [ 190.275068][ T9821] should_fail_usercopy+0x1e/0x30 [ 190.275093][ T9821] _copy_to_user+0x24/0xa0 [ 190.275121][ T9821] simple_read_from_buffer+0xed/0x160 [ 190.275151][ T9821] proc_fail_nth_read+0x19e/0x210 [ 190.275180][ T9821] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 190.275210][ T9821] ? bpf_lsm_file_permission+0xd/0x20 [ 190.275239][ T9821] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 190.275269][ T9821] vfs_read+0x27d/0xc70 [ 190.275288][ T9821] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 190.275317][ T9821] ? __cfi_vfs_read+0x10/0x10 [ 190.275336][ T9821] ? __kasan_check_write+0x18/0x20 [ 190.275370][ T9821] ? mutex_lock+0x92/0x1c0 [ 190.275392][ T9821] ? __cfi_mutex_lock+0x10/0x10 [ 190.275413][ T9821] ? __fget_files+0x2c5/0x340 [ 190.275439][ T9821] ksys_read+0x141/0x250 [ 190.275460][ T9821] ? __cfi_ksys_read+0x10/0x10 [ 190.275481][ T9821] ? __kasan_check_read+0x15/0x20 [ 190.275515][ T9821] __x64_sys_read+0x7f/0x90 [ 190.275536][ T9821] x64_sys_call+0x2638/0x2ee0 [ 190.275569][ T9821] do_syscall_64+0x58/0xf0 [ 190.275607][ T9821] ? clear_bhb_loop+0x50/0xa0 [ 190.275633][ T9821] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 190.275657][ T9821] RIP: 0033:0x7f8f0f18e0dc [ 190.275677][ T9821] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 190.275698][ T9821] RSP: 002b:00007f8f0dbe3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 190.275723][ T9821] RAX: ffffffffffffffda RBX: 00007f8f0f3e5fa0 RCX: 00007f8f0f18e0dc [ 190.275741][ T9821] RDX: 000000000000000f RSI: 00007f8f0dbe30a0 RDI: 0000000000000009 [ 190.275757][ T9821] RBP: 00007f8f0dbe3090 R08: 0000000000000000 R09: 0000000000000000 [ 190.275772][ T9821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.275787][ T9821] R13: 00007f8f0f3e6038 R14: 00007f8f0f3e5fa0 R15: 00007ffdac3ba588 [ 190.275807][ T9821] [ 191.112758][ T36] audit: type=1400 audit(1763511067.300:206): avc: denied { name_bind } for pid=9850 comm="syz.3.4469" src=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=udp_socket permissive=1 [ 191.158775][ T36] audit: type=1400 audit(1763511067.300:207): avc: denied { name_bind } for pid=9850 comm="syz.3.4469" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 191.699212][ T9881] 9pnet_fd: Insufficient options for proto=fd [ 193.063076][ T9943] FAULT_INJECTION: forcing a failure. [ 193.063076][ T9943] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 193.090813][ T9943] CPU: 1 UID: 0 PID: 9943 Comm: syz.0.4516 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 193.090852][ T9943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 193.090867][ T9943] Call Trace: [ 193.090876][ T9943] [ 193.090886][ T9943] __dump_stack+0x21/0x30 [ 193.090921][ T9943] dump_stack_lvl+0x10c/0x190 [ 193.090952][ T9943] ? __cfi_dump_stack_lvl+0x10/0x10 [ 193.090984][ T9943] ? check_stack_object+0x12c/0x140 [ 193.091007][ T9943] dump_stack+0x19/0x20 [ 193.091035][ T9943] should_fail_ex+0x3d9/0x530 [ 193.091059][ T9943] should_fail+0xf/0x20 [ 193.091080][ T9943] should_fail_usercopy+0x1e/0x30 [ 193.091105][ T9943] _copy_to_user+0x24/0xa0 [ 193.091133][ T9943] simple_read_from_buffer+0xed/0x160 [ 193.091163][ T9943] proc_fail_nth_read+0x19e/0x210 [ 193.091194][ T9943] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 193.091225][ T9943] ? bpf_lsm_file_permission+0xd/0x20 [ 193.091257][ T9943] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 193.091287][ T9943] vfs_read+0x27d/0xc70 [ 193.091307][ T9943] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 193.091336][ T9943] ? __cfi_vfs_read+0x10/0x10 [ 193.091356][ T9943] ? __kasan_check_write+0x18/0x20 [ 193.091389][ T9943] ? mutex_lock+0x92/0x1c0 [ 193.091411][ T9943] ? __cfi_mutex_lock+0x10/0x10 [ 193.091432][ T9943] ? __fget_files+0x2c5/0x340 [ 193.091459][ T9943] ksys_read+0x141/0x250 [ 193.091479][ T9943] ? __cfi_ksys_read+0x10/0x10 [ 193.091501][ T9943] ? __kasan_check_read+0x15/0x20 [ 193.091535][ T9943] __x64_sys_read+0x7f/0x90 [ 193.091556][ T9943] x64_sys_call+0x2638/0x2ee0 [ 193.091597][ T9943] do_syscall_64+0x58/0xf0 [ 193.091626][ T9943] ? clear_bhb_loop+0x50/0xa0 [ 193.091652][ T9943] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 193.091676][ T9943] RIP: 0033:0x7f9a73b8e0dc [ 193.091695][ T9943] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 193.091716][ T9943] RSP: 002b:00007f9a749bf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 193.091741][ T9943] RAX: ffffffffffffffda RBX: 00007f9a73de5fa0 RCX: 00007f9a73b8e0dc [ 193.091760][ T9943] RDX: 000000000000000f RSI: 00007f9a749bf0a0 RDI: 0000000000000009 [ 193.091775][ T9943] RBP: 00007f9a749bf090 R08: 0000000000000000 R09: 0000000000000000 [ 193.091791][ T9943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 193.091806][ T9943] R13: 00007f9a73de6038 R14: 00007f9a73de5fa0 R15: 00007fffb90bd018 [ 193.091827][ T9943] [ 193.604666][ T850] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 193.774779][ T850] usb 3-1: Using ep0 maxpacket: 8 [ 193.785268][ T850] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 193.793686][ T850] usb 3-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 193.844697][ T850] usb 3-1: config 179 has no interface number 0 [ 193.851036][ T850] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 193.882480][ T850] usb 3-1: config 179 interface 65 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 23 [ 193.914663][ T850] usb 3-1: config 179 interface 65 has no altsetting 0 [ 193.921799][ T850] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 193.941108][ T850] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.173390][ T850] usb 3-1: USB disconnect, device number 16 [ 194.588507][T10029] FAULT_INJECTION: forcing a failure. [ 194.588507][T10029] name failslab, interval 1, probability 0, space 0, times 0 [ 194.601281][T10029] CPU: 1 UID: 0 PID: 10029 Comm: syz.1.4553 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 194.601318][T10029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 194.601333][T10029] Call Trace: [ 194.601341][T10029] [ 194.601350][T10029] __dump_stack+0x21/0x30 [ 194.601386][T10029] dump_stack_lvl+0x10c/0x190 [ 194.601416][T10029] ? __cfi_dump_stack_lvl+0x10/0x10 [ 194.601453][T10029] ? kstrtouint_from_user+0xfb/0x150 [ 194.601476][T10029] dump_stack+0x19/0x20 [ 194.601505][T10029] should_fail_ex+0x3d9/0x530 [ 194.601529][T10029] should_failslab+0xac/0x100 [ 194.601554][T10029] kmem_cache_alloc_noprof+0x42/0x430 [ 194.601576][T10029] ? getname_flags+0xc6/0x710 [ 194.601599][T10029] ? proc_fail_nth_write+0x17e/0x210 [ 194.601629][T10029] getname_flags+0xc6/0x710 [ 194.601652][T10029] __se_sys_newlstat+0xb9/0x360 [ 194.601677][T10029] ? __x64_sys_newlstat+0x80/0x80 [ 194.601704][T10029] ? __cfi_vfs_write+0x10/0x10 [ 194.601725][T10029] ? __kasan_check_write+0x18/0x20 [ 194.601758][T10029] ? mutex_unlock+0x8b/0x240 [ 194.601779][T10029] ? __cfi_mutex_unlock+0x10/0x10 [ 194.601799][T10029] ? __fget_files+0x2c5/0x340 [ 194.601827][T10029] ? __cfi_ksys_write+0x10/0x10 [ 194.601849][T10029] ? __kasan_check_read+0x15/0x20 [ 194.601882][T10029] __x64_sys_newlstat+0x5f/0x80 [ 194.601908][T10029] x64_sys_call+0x1b6f/0x2ee0 [ 194.601940][T10029] do_syscall_64+0x58/0xf0 [ 194.601969][T10029] ? clear_bhb_loop+0x50/0xa0 [ 194.601994][T10029] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 194.602018][T10029] RIP: 0033:0x7f3ab4d8f6c9 [ 194.602037][T10029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 194.602057][T10029] RSP: 002b:00007f3ab37f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000006 [ 194.602082][T10029] RAX: ffffffffffffffda RBX: 00007f3ab4fe5fa0 RCX: 00007f3ab4d8f6c9 [ 194.602099][T10029] RDX: 0000000000000000 RSI: 000020000000a600 RDI: 000020000000a5c0 [ 194.602116][T10029] RBP: 00007f3ab37f7090 R08: 0000000000000000 R09: 0000000000000000 [ 194.602131][T10029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 194.602146][T10029] R13: 00007f3ab4fe6038 R14: 00007f3ab4fe5fa0 R15: 00007ffe603ecd58 [ 194.602166][T10029] [ 195.194874][ T36] audit: type=1400 audit(1763511071.390:208): avc: denied { create } for pid=10093 comm="syz.1.4586" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 195.237692][ T36] audit: type=1400 audit(1763511071.410:209): avc: denied { write } for pid=10093 comm="syz.1.4586" name="file0" dev="tmpfs" ino=3565 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 195.284668][ T36] audit: type=1400 audit(1763511071.410:210): avc: denied { open } for pid=10093 comm="syz.1.4586" path="/587/file0" dev="tmpfs" ino=3565 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 195.327058][ T36] audit: type=1400 audit(1763511071.420:211): avc: denied { unlink } for pid=5525 comm="syz-executor" name="file0" dev="tmpfs" ino=3565 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 195.359772][ T36] audit: type=1400 audit(1763511071.420:212): avc: denied { ioctl } for pid=10092 comm="syz.2.4585" path="socket:[57377]" dev="sockfs" ino=57377 ioctlcmd=0x8b32 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 196.344688][ T10] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 196.364645][ T36] audit: type=1400 audit(1763511072.550:213): avc: denied { mounton } for pid=10168 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 196.477801][T10168] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.485029][T10168] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.501338][T10168] bridge_slave_0: entered allmulticast mode [ 196.525713][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 196.528225][T10168] bridge_slave_0: entered promiscuous mode [ 196.535913][ T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 196.564547][ T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 196.573004][T10168] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.580673][ T10] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 196.603024][T10168] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.611485][T10168] bridge_slave_1: entered allmulticast mode [ 196.618243][ T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 196.627406][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.635839][T10168] bridge_slave_1: entered promiscuous mode [ 196.644658][ T10] usb 4-1: Product: syz [ 196.648990][ T10] usb 4-1: Manufacturer: syz [ 196.653623][ T10] usb 4-1: SerialNumber: syz [ 196.669099][T10164] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 196.752498][ T5878] bridge_slave_1: left allmulticast mode [ 196.758256][ T5878] bridge_slave_1: left promiscuous mode [ 196.763942][ T5878] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.781852][ T5878] bridge_slave_0: left allmulticast mode [ 196.794653][ T5878] bridge_slave_0: left promiscuous mode [ 196.804765][ T5878] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.922716][ T5878] veth1_macvtap: left promiscuous mode [ 196.932140][ T5878] veth0_vlan: left promiscuous mode [ 197.025628][T10168] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.032740][T10168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.040103][T10168] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.047194][T10168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.080959][ T10] cdc_ncm 4-1:1.0: bind() failure [ 197.095776][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.103268][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.110588][ T10] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 197.129218][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.136408][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.144849][ T10] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 197.154140][ T10] usb 4-1: USB disconnect, device number 25 [ 197.165943][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.173033][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.221796][T10168] veth0_vlan: entered promiscuous mode [ 197.249707][T10168] veth1_macvtap: entered promiscuous mode [ 197.415627][T10205] netlink: 3 bytes leftover after parsing attributes in process `syz.2.4635'. [ 198.304882][ T850] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 198.475742][ T850] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 198.485957][ T850] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 198.504990][ T850] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 198.534685][ T850] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 198.556477][ T850] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 198.565761][ T850] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.573803][ T850] usb 4-1: Product: syz [ 198.591678][ T850] usb 4-1: Manufacturer: syz [ 198.596601][ T850] usb 4-1: SerialNumber: syz [ 198.607982][T10234] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 198.890791][T10259] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.925002][T10259] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.932152][T10259] bridge_slave_0: entered allmulticast mode [ 198.938729][T10259] bridge_slave_0: entered promiscuous mode [ 198.945757][T10259] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.952871][T10259] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.960072][T10259] bridge_slave_1: entered allmulticast mode [ 198.966707][T10259] bridge_slave_1: entered promiscuous mode [ 199.025278][ T850] cdc_ncm 4-1:1.0: bind() failure [ 199.037406][ T850] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 199.064672][ T850] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 199.085258][ T850] usb 4-1: USB disconnect, device number 26 [ 199.147806][T10259] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.155908][T10259] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.163255][T10259] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.170369][T10259] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.182389][ T12] bridge_slave_1: left allmulticast mode [ 199.188281][ T12] bridge_slave_1: left promiscuous mode [ 199.194042][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.202221][ T12] bridge_slave_0: left allmulticast mode [ 199.208241][ T12] bridge_slave_0: left promiscuous mode [ 199.213982][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.343960][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.351904][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.367444][ T12] veth1_macvtap: left promiscuous mode [ 199.373025][ T12] veth0_vlan: left promiscuous mode [ 199.442994][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.450215][ T5878] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.462454][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.469672][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 199.513714][T10259] veth0_vlan: entered promiscuous mode [ 199.531350][T10259] veth1_macvtap: entered promiscuous mode [ 199.904720][ T357] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 200.058933][ T357] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 200.073244][ T357] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 200.084548][ T357] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 200.096838][ T357] usb 4-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0x78, changing to 0x8 [ 200.109120][ T357] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0 [ 200.119611][ T357] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 200.135102][ T357] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 200.144281][ T357] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.164651][ T357] usb 4-1: Product: syz [ 200.174726][ T357] usb 4-1: Manufacturer: syz [ 200.179390][ T357] usb 4-1: SerialNumber: syz [ 200.196370][T10332] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 200.626417][ T357] cdc_ncm 4-1:1.0: bind() failure [ 200.636351][ T357] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 200.654763][ T357] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 200.667931][ T357] usb 4-1: USB disconnect, device number 27 [ 200.761561][T10390] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4717'. [ 200.786270][ T36] audit: type=1400 audit(1763511076.980:214): avc: denied { call } for pid=10389 comm="syz.0.4717" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 200.814721][T10390] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 200.814780][T10390] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1050 [ 202.418554][ T36] audit: type=1400 audit(1763511078.610:215): avc: denied { relabelfrom } for pid=10441 comm="syz.1.4744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 202.504784][ T36] audit: type=1400 audit(1763511078.610:216): avc: denied { relabelto } for pid=10441 comm="syz.1.4744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 203.217575][ T36] audit: type=1400 audit(1763511079.410:217): avc: denied { setopt } for pid=10499 comm="syz.0.4769" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 203.364694][ T358] usb 4-1: new full-speed USB device number 28 using dummy_hcd [ 203.525757][ T358] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 203.536353][ T358] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 203.564694][ T358] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 203.584686][ T358] usb 4-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0x78, changing to 0x8 [ 203.604676][ T358] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0 [ 203.624856][ T358] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 203.647201][ T358] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 203.656582][ T358] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.674658][ T358] usb 4-1: Product: syz [ 203.679002][ T358] usb 4-1: Manufacturer: syz [ 203.683618][ T358] usb 4-1: SerialNumber: syz [ 203.699772][T10490] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 204.110708][ T358] cdc_ncm 4-1:1.0: bind() failure [ 204.117908][ T358] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 204.126370][ T358] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 204.150764][ T358] usb 4-1: USB disconnect, device number 28 [ 204.474888][T10544] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 204.474931][T10544] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:107 [ 204.547303][T10556] 9pnet_fd: Insufficient options for proto=fd [ 204.745432][ T36] audit: type=1400 audit(1763511080.940:218): avc: denied { nlmsg_read } for pid=10585 comm="syz.0.4812" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 204.766287][T10587] netlink: 268 bytes leftover after parsing attributes in process `syz.0.4812'. [ 204.908189][T10620] FAULT_INJECTION: forcing a failure. [ 204.908189][T10620] name failslab, interval 1, probability 0, space 0, times 0 [ 204.939853][T10620] CPU: 0 UID: 0 PID: 10620 Comm: syz.2.4827 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 204.939893][T10620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 204.939908][T10620] Call Trace: [ 204.939916][T10620] [ 204.939926][T10620] __dump_stack+0x21/0x30 [ 204.939964][T10620] dump_stack_lvl+0x10c/0x190 [ 204.939994][T10620] ? __cfi_dump_stack_lvl+0x10/0x10 [ 204.940027][T10620] ? __kasan_check_write+0x18/0x20 [ 204.940061][T10620] ? proc_fail_nth_write+0x17e/0x210 [ 204.940092][T10620] dump_stack+0x19/0x20 [ 204.940122][T10620] should_fail_ex+0x3d9/0x530 [ 204.940145][T10620] should_failslab+0xac/0x100 [ 204.940171][T10620] kmem_cache_alloc_noprof+0x42/0x430 [ 204.940193][T10620] ? create_new_namespaces+0x48/0x720 [ 204.940227][T10620] create_new_namespaces+0x48/0x720 [ 204.940261][T10620] __se_sys_setns+0x2d1/0x12b0 [ 204.940293][T10620] ? fput+0x1a5/0x240 [ 204.940330][T10620] ? __x64_sys_setns+0x80/0x80 [ 204.940362][T10620] ? __kasan_check_read+0x15/0x20 [ 204.940397][T10620] __x64_sys_setns+0x5f/0x80 [ 204.940428][T10620] x64_sys_call+0x2de8/0x2ee0 [ 204.940462][T10620] do_syscall_64+0x58/0xf0 [ 204.940492][T10620] ? clear_bhb_loop+0x50/0xa0 [ 204.940518][T10620] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 204.940542][T10620] RIP: 0033:0x7f9b8478f6c9 [ 204.940562][T10620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.940581][T10620] RSP: 002b:00007f9b831f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000134 [ 204.940606][T10620] RAX: ffffffffffffffda RBX: 00007f9b849e5fa0 RCX: 00007f9b8478f6c9 [ 204.940625][T10620] RDX: 0000000000000000 RSI: 0000000024020000 RDI: 0000000000000008 [ 204.940639][T10620] RBP: 00007f9b831f7090 R08: 0000000000000000 R09: 0000000000000000 [ 204.940654][T10620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 204.940666][T10620] R13: 00007f9b849e6038 R14: 00007f9b849e5fa0 R15: 00007fff57699658 [ 204.940686][T10620] [ 205.514663][ T358] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 205.694886][ T358] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 205.714669][ T358] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 205.744719][ T358] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 205.774710][ T358] usb 4-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0x78, changing to 0x8 [ 205.804675][ T358] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0 [ 205.834836][ T358] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 205.866109][ T358] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 205.875457][ T358] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.883501][ T358] usb 4-1: Product: syz [ 205.894862][ T358] usb 4-1: Manufacturer: syz [ 205.904657][ T358] usb 4-1: SerialNumber: syz [ 205.918882][T10674] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 206.330916][ T358] cdc_ncm 4-1:1.0: bind() failure [ 206.339770][ T358] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 206.348464][ T358] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 206.369185][ T358] usb 4-1: USB disconnect, device number 29 [ 207.244758][ T9623] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 207.405725][ T9623] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 207.426109][ T9623] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 207.447374][ T9623] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 207.474784][ T9623] usb 1-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0x78, changing to 0x8 [ 207.504651][ T9623] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0 [ 207.529371][ T9623] usb 1-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 207.572426][ T9623] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 207.598832][ T9623] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.623868][ T9623] usb 1-1: Product: syz [ 207.632788][ T9623] usb 1-1: Manufacturer: syz [ 207.645915][T10789] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.656439][T10789] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.664662][ T9623] usb 1-1: SerialNumber: syz [ 207.667171][T10789] bridge_slave_0: entered allmulticast mode [ 207.681154][T10757] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 207.683204][T10789] bridge_slave_0: entered promiscuous mode [ 207.720185][T10789] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.727544][T10789] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.747671][T10789] bridge_slave_1: entered allmulticast mode [ 207.754226][T10789] bridge_slave_1: entered promiscuous mode [ 207.887917][ T12] bridge_slave_1: left allmulticast mode [ 207.893724][ T12] bridge_slave_1: left promiscuous mode [ 207.899941][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.909131][ T12] bridge_slave_0: left allmulticast mode [ 207.914941][ T12] bridge_slave_0: left promiscuous mode [ 207.920907][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.049601][ T12] veth1_macvtap: left promiscuous mode [ 208.061758][ T12] veth0_vlan: left promiscuous mode [ 208.097507][ T9623] cdc_ncm 1-1:1.0: bind() failure [ 208.114461][ T9623] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71 [ 208.135104][ T9623] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71 [ 208.155680][ T9623] usb 1-1: USB disconnect, device number 20 [ 208.197207][T10789] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.204330][T10789] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.211692][T10789] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.218780][T10789] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.292291][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.299998][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.315888][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.322986][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.346909][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.353981][ T5878] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.416435][T10789] veth0_vlan: entered promiscuous mode [ 208.439313][T10789] veth1_macvtap: entered promiscuous mode [ 208.626134][T10833] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 208.626175][T10833] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:1171 [ 208.810642][T10841] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4932'. [ 208.834693][ T358] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 208.864685][T10841] bridge_slave_1: left allmulticast mode [ 208.870379][T10841] bridge_slave_1: left promiscuous mode [ 208.894736][T10841] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.924969][T10841] bridge_slave_0: left allmulticast mode [ 208.930877][T10841] bridge_slave_0: left promiscuous mode [ 208.940126][T10841] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.015821][ T358] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 209.026339][ T358] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 209.039322][ T358] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 209.050650][ T358] usb 3-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0x78, changing to 0x8 [ 209.062655][ T358] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0 [ 209.072933][ T358] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 209.087582][ T358] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 209.097258][ T358] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.106076][ T358] usb 3-1: Product: syz [ 209.110339][ T358] usb 3-1: Manufacturer: syz [ 209.115456][ T358] usb 3-1: SerialNumber: syz [ 209.124923][T10831] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 209.224655][ T65] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 209.244513][T10863] FAULT_INJECTION: forcing a failure. [ 209.244513][T10863] name failslab, interval 1, probability 0, space 0, times 0 [ 209.257347][T10863] CPU: 0 UID: 0 PID: 10863 Comm: syz.0.4943 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 209.257383][T10863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 209.257399][T10863] Call Trace: [ 209.257407][T10863] [ 209.257416][T10863] __dump_stack+0x21/0x30 [ 209.257452][T10863] dump_stack_lvl+0x10c/0x190 [ 209.257484][T10863] ? __cfi_dump_stack_lvl+0x10/0x10 [ 209.257515][T10863] ? __cfi_selinux_file_open+0x10/0x10 [ 209.257544][T10863] dump_stack+0x19/0x20 [ 209.257575][T10863] should_fail_ex+0x3d9/0x530 [ 209.257600][T10863] should_failslab+0xac/0x100 [ 209.257626][T10863] __kmalloc_cache_noprof+0x41/0x490 [ 209.257650][T10863] ? tcp_sendmsg_fastopen+0x1e2/0x6e0 [ 209.257683][T10863] ? is_bpf_text_address+0x17b/0x1a0 [ 209.257713][T10863] tcp_sendmsg_fastopen+0x1e2/0x6e0 [ 209.257746][T10863] tcp_sendmsg_locked+0x449b/0x4b40 [ 209.257777][T10863] ? __asan_memcpy+0x5a/0x80 [ 209.257801][T10863] ? __kasan_check_write+0x18/0x20 [ 209.257835][T10863] ? _raw_spin_lock_bh+0x90/0x120 [ 209.257881][T10863] ? __cfi__raw_spin_lock_bh+0x10/0x10 [ 209.257912][T10863] ? kstrtouint_from_user+0xfb/0x150 [ 209.257934][T10863] ? x64_sys_call+0xe69/0x2ee0 [ 209.257971][T10863] ? _raw_spin_unlock_bh+0x54/0x60 [ 209.258003][T10863] ? lock_sock_nested+0x1f5/0x290 [ 209.258029][T10863] ? __cfi_tcp_sendmsg_locked+0x10/0x10 [ 209.258061][T10863] ? __kasan_check_write+0x18/0x20 [ 209.258096][T10863] ? proc_fail_nth_write+0x17e/0x210 [ 209.258129][T10863] ? __cfi_tcp_sendmsg+0x10/0x10 [ 209.258160][T10863] tcp_sendmsg+0x3e/0xe0 [ 209.258191][T10863] ? __cfi_tcp_sendmsg+0x10/0x10 [ 209.258221][T10863] inet6_sendmsg+0xb7/0x120 [ 209.258256][T10863] __sys_sendto+0x446/0x6f0 [ 209.258287][T10863] ? __cfi___sys_sendto+0x10/0x10 [ 209.258321][T10863] ? __kasan_check_write+0x18/0x20 [ 209.258356][T10863] ? __cfi_ksys_write+0x10/0x10 [ 209.258378][T10863] __x64_sys_sendto+0xe9/0x100 [ 209.258411][T10863] x64_sys_call+0x2c2c/0x2ee0 [ 209.258445][T10863] do_syscall_64+0x58/0xf0 [ 209.258475][T10863] ? clear_bhb_loop+0x50/0xa0 [ 209.258500][T10863] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 209.258526][T10863] RIP: 0033:0x7f9a73b8f6c9 [ 209.258547][T10863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.258568][T10863] RSP: 002b:00007f9a749bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 209.258593][T10863] RAX: ffffffffffffffda RBX: 00007f9a73de5fa0 RCX: 00007f9a73b8f6c9 [ 209.258611][T10863] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 209.258626][T10863] RBP: 00007f9a749bf090 R08: 0000000000000000 R09: 0000000000000000 [ 209.258642][T10863] R10: 0000000020000004 R11: 0000000000000246 R12: 0000000000000001 [ 209.258658][T10863] R13: 00007f9a73de6038 R14: 00007f9a73de5fa0 R15: 00007fffb90bd018 [ 209.258679][T10863] [ 209.478164][ T65] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 209.561720][ T65] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 209.572853][ T358] cdc_ncm 3-1:1.0: bind() failure [ 209.580784][ T358] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 209.599867][ T65] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 209.612611][ T65] usb 2-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0x78, changing to 0x8 [ 209.624572][ T358] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 209.640641][ T358] usb 3-1: USB disconnect, device number 17 [ 209.650949][ T65] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0 [ 209.661859][ T65] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 209.685784][ T65] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 209.695095][ T65] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.703224][ T65] usb 2-1: Product: syz [ 209.707507][ T65] usb 2-1: Manufacturer: syz [ 209.712298][ T65] usb 2-1: SerialNumber: syz [ 209.722076][T10849] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 209.864690][ T31] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 210.014702][ T31] usb 1-1: Using ep0 maxpacket: 16 [ 210.021049][ T31] usb 1-1: config index 0 descriptor too short (expected 25953, got 27) [ 210.029998][ T31] usb 1-1: config 9 has an invalid interface number: 144 but max is 0 [ 210.038399][ T31] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 210.048716][ T31] usb 1-1: config 9 has no interface number 0 [ 210.055102][ T31] usb 1-1: config 9 interface 144 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 210.068511][ T31] usb 1-1: config 9 interface 144 has no altsetting 0 [ 210.077197][ T31] usb 1-1: New USB device found, idVendor=045e, idProduct=0927, bcdDevice=4b.68 [ 210.088729][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.097503][ T31] usb 1-1: Product: syz [ 210.102293][ T31] usb 1-1: Manufacturer: syz [ 210.107825][ T31] usb 1-1: SerialNumber: syz [ 210.116632][ T31] r8152-cfgselector 1-1: Unknown version 0x0000 [ 210.131020][ T65] cdc_ncm 2-1:1.0: bind() failure [ 210.142688][ T65] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 210.151316][ T65] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 210.167893][ T65] usb 2-1: USB disconnect, device number 26 [ 210.173380][T10887] FAULT_INJECTION: forcing a failure. [ 210.173380][T10887] name failslab, interval 1, probability 0, space 0, times 0 [ 210.189112][T10887] CPU: 0 UID: 0 PID: 10887 Comm: syz.3.4954 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 210.189149][T10887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 210.189164][T10887] Call Trace: [ 210.189173][T10887] [ 210.189182][T10887] __dump_stack+0x21/0x30 [ 210.189219][T10887] dump_stack_lvl+0x10c/0x190 [ 210.189250][T10887] ? __cfi_dump_stack_lvl+0x10/0x10 [ 210.189281][T10887] ? proc_fail_nth_write+0x17e/0x210 [ 210.189313][T10887] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 210.189344][T10887] dump_stack+0x19/0x20 [ 210.189374][T10887] should_fail_ex+0x3d9/0x530 [ 210.189399][T10887] should_failslab+0xac/0x100 [ 210.189425][T10887] kmem_cache_alloc_noprof+0x42/0x430 [ 210.189447][T10887] ? getname_flags+0xc6/0x710 [ 210.189471][T10887] getname_flags+0xc6/0x710 [ 210.189493][T10887] ? __fget_files+0x2c5/0x340 [ 210.189519][T10887] user_path_at+0x2b/0x60 [ 210.189545][T10887] __se_sys_mount+0x288/0x480 [ 210.189567][T10887] ? ksys_write+0x1ef/0x250 [ 210.189590][T10887] ? __x64_sys_mount+0xf0/0xf0 [ 210.189612][T10887] __x64_sys_mount+0xc3/0xf0 [ 210.189633][T10887] x64_sys_call+0x2021/0x2ee0 [ 210.189667][T10887] do_syscall_64+0x58/0xf0 [ 210.189694][T10887] ? clear_bhb_loop+0x50/0xa0 [ 210.189720][T10887] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 210.189744][T10887] RIP: 0033:0x7fcb0e38f6c9 [ 210.189763][T10887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 210.189782][T10887] RSP: 002b:00007fcb0f203038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 210.189807][T10887] RAX: ffffffffffffffda RBX: 00007fcb0e5e5fa0 RCX: 00007fcb0e38f6c9 [ 210.189825][T10887] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000000 [ 210.189841][T10887] RBP: 00007fcb0f203090 R08: 0000000000000000 R09: 0000000000000000 [ 210.189868][T10887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 210.189882][T10887] R13: 00007fcb0e5e6038 R14: 00007fcb0e5e5fa0 R15: 00007ffd65b7e308 [ 210.189902][T10887] [ 210.332743][ T31] r8152 1-1:9.144: Expected endpoints are not found [ 210.440634][ T31] r8152-cfgselector 1-1: USB disconnect, device number 21 [ 210.462065][T10915] netlink: 'syz.3.4968': attribute type 13 has an invalid length. [ 211.954482][T11076] FAULT_INJECTION: forcing a failure. [ 211.954482][T11076] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.968222][T11076] CPU: 0 UID: 0 PID: 11076 Comm: syz.0.5040 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 211.968259][T11076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 211.968274][T11076] Call Trace: [ 211.968281][T11076] [ 211.968290][T11076] __dump_stack+0x21/0x30 [ 211.968324][T11076] dump_stack_lvl+0x10c/0x190 [ 211.968355][T11076] ? __cfi_dump_stack_lvl+0x10/0x10 [ 211.968387][T11076] dump_stack+0x19/0x20 [ 211.968416][T11076] should_fail_ex+0x3d9/0x530 [ 211.968448][T11076] should_fail+0xf/0x20 [ 211.968469][T11076] should_fail_usercopy+0x1e/0x30 [ 211.968494][T11076] _copy_from_user+0x22/0xb0 [ 211.968522][T11076] inet6_ioctl+0x17c/0x280 [ 211.968554][T11076] ? __cfi_inet6_ioctl+0x10/0x10 [ 211.968586][T11076] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 211.968618][T11076] sock_do_ioctl+0x105/0x330 [ 211.968653][T11076] ? sock_show_fdinfo+0xd0/0xd0 [ 211.968678][T11076] ? __cfi_vfs_write+0x10/0x10 [ 211.968699][T11076] ? __kasan_check_write+0x18/0x20 [ 211.968733][T11076] ? mutex_unlock+0x8b/0x240 [ 211.968755][T11076] sock_ioctl+0x634/0x7b0 [ 211.968778][T11076] ? __cfi_sock_ioctl+0x10/0x10 [ 211.968801][T11076] ? __fget_files+0x2c5/0x340 [ 211.968826][T11076] ? bpf_lsm_file_ioctl+0xd/0x20 [ 211.968857][T11076] ? security_file_ioctl+0x34/0xd0 [ 211.968882][T11076] ? __cfi_sock_ioctl+0x10/0x10 [ 211.968905][T11076] __se_sys_ioctl+0x135/0x1b0 [ 211.968931][T11076] __x64_sys_ioctl+0x7f/0xa0 [ 211.968955][T11076] x64_sys_call+0x1878/0x2ee0 [ 211.968988][T11076] do_syscall_64+0x58/0xf0 [ 211.969017][T11076] ? clear_bhb_loop+0x50/0xa0 [ 211.969043][T11076] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 211.969067][T11076] RIP: 0033:0x7f9a73b8f6c9 [ 211.969086][T11076] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.969107][T11076] RSP: 002b:00007f9a749bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 211.969133][T11076] RAX: ffffffffffffffda RBX: 00007f9a73de5fa0 RCX: 00007f9a73b8f6c9 [ 211.969151][T11076] RDX: 0000200000000340 RSI: 000000000000890b RDI: 0000000000000007 [ 211.969168][T11076] RBP: 00007f9a749bf090 R08: 0000000000000000 R09: 0000000000000000 [ 211.969183][T11076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.969198][T11076] R13: 00007f9a73de6038 R14: 00007f9a73de5fa0 R15: 00007fffb90bd018 [ 211.969219][T11076] [ 212.228587][T11095] FAULT_INJECTION: forcing a failure. [ 212.228587][T11095] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 212.269251][T11095] CPU: 1 UID: 0 PID: 11095 Comm: syz.1.5059 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 212.269290][T11095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 212.269305][T11095] Call Trace: [ 212.269313][T11095] [ 212.269323][T11095] __dump_stack+0x21/0x30 [ 212.269359][T11095] dump_stack_lvl+0x10c/0x190 [ 212.269389][T11095] ? __cfi_dump_stack_lvl+0x10/0x10 [ 212.269420][T11095] ? check_stack_object+0x107/0x140 [ 212.269445][T11095] dump_stack+0x19/0x20 [ 212.269473][T11095] should_fail_ex+0x3d9/0x530 [ 212.269498][T11095] should_fail+0xf/0x20 [ 212.269519][T11095] should_fail_usercopy+0x1e/0x30 [ 212.269544][T11095] _copy_from_user+0x22/0xb0 [ 212.269572][T11095] __sys_bind+0x1de/0x3f0 [ 212.269601][T11095] ? __cfi___sys_bind+0x10/0x10 [ 212.269632][T11095] ? __kasan_check_read+0x15/0x20 [ 212.269666][T11095] __x64_sys_bind+0x7e/0x90 [ 212.269694][T11095] x64_sys_call+0x1ffd/0x2ee0 [ 212.269727][T11095] do_syscall_64+0x58/0xf0 [ 212.269757][T11095] ? clear_bhb_loop+0x50/0xa0 [ 212.269782][T11095] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 212.269806][T11095] RIP: 0033:0x7f31a218f6c9 [ 212.269825][T11095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.269844][T11095] RSP: 002b:00007f31a2fd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 212.269877][T11095] RAX: ffffffffffffffda RBX: 00007f31a23e5fa0 RCX: 00007f31a218f6c9 [ 212.269895][T11095] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000007 [ 212.269911][T11095] RBP: 00007f31a2fd7090 R08: 0000000000000000 R09: 0000000000000000 [ 212.269926][T11095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.269941][T11095] R13: 00007f31a23e6038 R14: 00007f31a23e5fa0 R15: 00007ffe65f983e8 [ 212.269961][T11095] [ 212.509544][T11120] FAULT_INJECTION: forcing a failure. [ 212.509544][T11120] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 212.522728][T11120] CPU: 1 UID: 0 PID: 11120 Comm: syz.0.5070 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 212.522772][T11120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 212.522788][T11120] Call Trace: [ 212.522796][T11120] [ 212.522806][T11120] __dump_stack+0x21/0x30 [ 212.522850][T11120] dump_stack_lvl+0x10c/0x190 [ 212.522881][T11120] ? __cfi_dump_stack_lvl+0x10/0x10 [ 212.522918][T11120] dump_stack+0x19/0x20 [ 212.522947][T11120] should_fail_ex+0x3d9/0x530 [ 212.522972][T11120] should_fail+0xf/0x20 [ 212.522993][T11120] should_fail_usercopy+0x1e/0x30 [ 212.523018][T11120] _copy_from_user+0x22/0xb0 [ 212.523046][T11120] get_user_ifreq+0x71/0x180 [ 212.523069][T11120] sock_ioctl+0x6fb/0x7b0 [ 212.523092][T11120] ? __cfi_sock_ioctl+0x10/0x10 [ 212.523117][T11120] ? bpf_lsm_file_ioctl+0xd/0x20 [ 212.523148][T11120] ? security_file_ioctl+0x34/0xd0 [ 212.523174][T11120] ? __cfi_sock_ioctl+0x10/0x10 [ 212.523196][T11120] __se_sys_ioctl+0x135/0x1b0 [ 212.523222][T11120] __x64_sys_ioctl+0x7f/0xa0 [ 212.523247][T11120] x64_sys_call+0x1878/0x2ee0 [ 212.523279][T11120] do_syscall_64+0x58/0xf0 [ 212.523309][T11120] ? clear_bhb_loop+0x50/0xa0 [ 212.523334][T11120] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 212.523358][T11120] RIP: 0033:0x7f9a73b8f6c9 [ 212.523377][T11120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.523397][T11120] RSP: 002b:00007f9a749bf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 212.523422][T11120] RAX: ffffffffffffffda RBX: 00007f9a73de5fa0 RCX: 00007f9a73b8f6c9 [ 212.523440][T11120] RDX: 0000200000000440 RSI: 00000000000089f1 RDI: 0000000000000006 [ 212.523455][T11120] RBP: 00007f9a749bf090 R08: 0000000000000000 R09: 0000000000000000 [ 212.523470][T11120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.523484][T11120] R13: 00007f9a73de6038 R14: 00007f9a73de5fa0 R15: 00007fffb90bd018 [ 212.523504][T11120] [ 212.646245][T11137] FAULT_INJECTION: forcing a failure. [ 212.646245][T11137] name failslab, interval 1, probability 0, space 0, times 0 [ 212.751305][T11149] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 212.751347][T11149] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:241 [ 212.764891][T11137] CPU: 1 UID: 0 PID: 11137 Comm: syz.3.5078 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 212.764931][T11137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 212.764946][T11137] Call Trace: [ 212.764954][T11137] [ 212.764963][T11137] __dump_stack+0x21/0x30 [ 212.764997][T11137] dump_stack_lvl+0x10c/0x190 [ 212.765027][T11137] ? __cfi_dump_stack_lvl+0x10/0x10 [ 212.765057][T11137] ? __kasan_check_write+0x18/0x20 [ 212.765090][T11137] ? proc_fail_nth_write+0x17e/0x210 [ 212.765127][T11137] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 212.765157][T11137] dump_stack+0x19/0x20 [ 212.765186][T11137] should_fail_ex+0x3d9/0x530 [ 212.765211][T11137] should_failslab+0xac/0x100 [ 212.765236][T11137] kmem_cache_alloc_noprof+0x42/0x430 [ 212.765258][T11137] ? getname_flags+0xc6/0x710 [ 212.765281][T11137] getname_flags+0xc6/0x710 [ 212.765303][T11137] ? build_open_flags+0x487/0x600 [ 212.765333][T11137] getname+0x1b/0x30 [ 212.765354][T11137] do_sys_openat2+0xcb/0x1c0 [ 212.765382][T11137] ? fput+0x1a5/0x240 [ 212.765408][T11137] ? do_sys_open+0x100/0x100 [ 212.765436][T11137] ? ksys_write+0x1ef/0x250 [ 212.765456][T11137] ? __cfi_ksys_write+0x10/0x10 [ 212.765479][T11137] __x64_sys_openat+0x13a/0x170 [ 212.765509][T11137] x64_sys_call+0xe69/0x2ee0 [ 212.765542][T11137] do_syscall_64+0x58/0xf0 [ 212.765570][T11137] ? clear_bhb_loop+0x50/0xa0 [ 212.765595][T11137] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 212.765619][T11137] RIP: 0033:0x7fcb0e38f6c9 [ 212.765638][T11137] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.765658][T11137] RSP: 002b:00007fcb0f203038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 212.765682][T11137] RAX: ffffffffffffffda RBX: 00007fcb0e5e5fa0 RCX: 00007fcb0e38f6c9 [ 212.765700][T11137] RDX: 0000000000000002 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 212.765717][T11137] RBP: 00007fcb0f203090 R08: 0000000000000000 R09: 0000000000000000 [ 212.765732][T11137] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 212.765747][T11137] R13: 00007fcb0e5e6038 R14: 00007fcb0e5e5fa0 R15: 00007ffd65b7e308 [ 212.765768][T11137] [ 213.817397][T11276] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 213.817436][T11276] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:285 [ 213.869726][T11271] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.886908][T11271] bridge0: port 1(bridge_slave_0) entered disabled state [ 213.894088][T11271] bridge_slave_0: entered allmulticast mode [ 213.901727][T11271] bridge_slave_0: entered promiscuous mode [ 213.909243][T11271] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.918578][T11271] bridge0: port 2(bridge_slave_1) entered disabled state [ 213.925872][T11271] bridge_slave_1: entered allmulticast mode [ 213.933846][T11271] bridge_slave_1: entered promiscuous mode [ 213.940924][T11297] FAULT_INJECTION: forcing a failure. [ 213.940924][T11297] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 213.980398][T11297] CPU: 1 UID: 0 PID: 11297 Comm: syz.3.5156 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 213.980436][T11297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 213.980450][T11297] Call Trace: [ 213.980458][T11297] [ 213.980467][T11297] __dump_stack+0x21/0x30 [ 213.980504][T11297] dump_stack_lvl+0x10c/0x190 [ 213.980535][T11297] ? __cfi_dump_stack_lvl+0x10/0x10 [ 213.980566][T11297] ? check_stack_object+0x12c/0x140 [ 213.980589][T11297] dump_stack+0x19/0x20 [ 213.980617][T11297] should_fail_ex+0x3d9/0x530 [ 213.980642][T11297] should_fail+0xf/0x20 [ 213.980663][T11297] should_fail_usercopy+0x1e/0x30 [ 213.980688][T11297] _copy_to_user+0x24/0xa0 [ 213.980717][T11297] simple_read_from_buffer+0xed/0x160 [ 213.980756][T11297] proc_fail_nth_read+0x19e/0x210 [ 213.980786][T11297] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 213.980817][T11297] ? bpf_lsm_file_permission+0xd/0x20 [ 213.980848][T11297] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 213.980878][T11297] vfs_read+0x27d/0xc70 [ 213.980899][T11297] ? __cfi_vfs_read+0x10/0x10 [ 213.980919][T11297] ? __kasan_check_write+0x18/0x20 [ 213.980954][T11297] ? mutex_lock+0x92/0x1c0 [ 213.980975][T11297] ? __cfi_mutex_lock+0x10/0x10 [ 213.980996][T11297] ? __fget_files+0x2c5/0x340 [ 213.981022][T11297] ksys_read+0x141/0x250 [ 213.981042][T11297] ? __cfi_ksys_read+0x10/0x10 [ 213.981064][T11297] ? __kasan_check_read+0x15/0x20 [ 213.981098][T11297] __x64_sys_read+0x7f/0x90 [ 213.981119][T11297] x64_sys_call+0x2638/0x2ee0 [ 213.981152][T11297] do_syscall_64+0x58/0xf0 [ 213.981181][T11297] ? clear_bhb_loop+0x50/0xa0 [ 213.981207][T11297] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 213.981231][T11297] RIP: 0033:0x7fcb0e38e0dc [ 213.981250][T11297] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 213.981271][T11297] RSP: 002b:00007fcb0f203030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 213.981296][T11297] RAX: ffffffffffffffda RBX: 00007fcb0e5e5fa0 RCX: 00007fcb0e38e0dc [ 213.981314][T11297] RDX: 000000000000000f RSI: 00007fcb0f2030a0 RDI: 0000000000000006 [ 213.981330][T11297] RBP: 00007fcb0f203090 R08: 0000000000000000 R09: 0000000000000000 [ 213.981346][T11297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 213.981361][T11297] R13: 00007fcb0e5e6038 R14: 00007fcb0e5e5fa0 R15: 00007ffd65b7e308 [ 213.981382][T11297] [ 214.276473][ T12] veth1_macvtap: left promiscuous mode [ 214.291406][ T12] veth0_vlan: left promiscuous mode [ 214.582878][T11271] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.589997][T11271] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.597342][T11271] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.604414][T11271] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.686937][ T5878] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.709702][ T5878] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.730619][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.737755][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.755633][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.762728][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.821724][T11271] veth0_vlan: entered promiscuous mode [ 214.849876][T11271] veth1_macvtap: entered promiscuous mode [ 215.729683][T11465] rust_binder: Failure in copy_transaction_data: BR_FAILED_REPLY { source: EINVAL } [ 215.729724][T11465] rust_binder: Transaction failed: BR_FAILED_REPLY { source: EINVAL } my_pid:169 [ 217.786627][ T36] audit: type=1400 audit(1763511093.980:219): avc: denied { read } for pid=11506 comm="syz.2.5257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 217.787209][T11507] cgroup: subsys name conflicts with all [ 217.860832][ T36] audit: type=1400 audit(1763511094.050:220): avc: denied { write } for pid=11506 comm="syz.2.5257" name="binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 218.037948][T11531] FAULT_INJECTION: forcing a failure. [ 218.037948][T11531] name failslab, interval 1, probability 0, space 0, times 0 [ 218.052566][T11531] CPU: 1 UID: 0 PID: 11531 Comm: syz.1.5266 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 218.052604][T11531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 218.052620][T11531] Call Trace: [ 218.052628][T11531] [ 218.052638][T11531] __dump_stack+0x21/0x30 [ 218.052674][T11531] dump_stack_lvl+0x10c/0x190 [ 218.052706][T11531] ? __cfi_dump_stack_lvl+0x10/0x10 [ 218.052739][T11531] dump_stack+0x19/0x20 [ 218.052779][T11531] should_fail_ex+0x3d9/0x530 [ 218.052804][T11531] should_failslab+0xac/0x100 [ 218.052830][T11531] kmem_cache_alloc_lru_noprof+0x44/0x430 [ 218.052853][T11531] ? sock_alloc_inode+0x48/0x150 [ 218.052881][T11531] sock_alloc_inode+0x48/0x150 [ 218.052905][T11531] ? __cfi_sock_alloc_inode+0x10/0x10 [ 218.052930][T11531] alloc_inode+0x7a/0x270 [ 218.052957][T11531] new_inode_pseudo+0x19/0x40 [ 218.052985][T11531] do_accept+0x15a/0x6b0 [ 218.053013][T11531] ? _raw_spin_lock+0x8c/0x120 [ 218.053042][T11531] ? __cfi_do_accept+0x10/0x10 [ 218.053075][T11531] __sys_accept4+0x11e/0x1c0 [ 218.053118][T11531] ? __cfi___sys_accept4+0x10/0x10 [ 218.053148][T11531] ? __kasan_check_read+0x15/0x20 [ 218.053182][T11531] __x64_sys_accept+0x81/0xa0 [ 218.053213][T11531] x64_sys_call+0x2bcc/0x2ee0 [ 218.053246][T11531] do_syscall_64+0x58/0xf0 [ 218.053276][T11531] ? clear_bhb_loop+0x50/0xa0 [ 218.053302][T11531] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 218.053327][T11531] RIP: 0033:0x7f31a218f6c9 [ 218.053346][T11531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.053366][T11531] RSP: 002b:00007f31a2fd7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 218.053392][T11531] RAX: ffffffffffffffda RBX: 00007f31a23e5fa0 RCX: 00007f31a218f6c9 [ 218.053410][T11531] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 218.053425][T11531] RBP: 00007f31a2fd7090 R08: 0000000000000000 R09: 0000000000000000 [ 218.053441][T11531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 218.053455][T11531] R13: 00007f31a23e6038 R14: 00007f31a23e5fa0 R15: 00007ffe65f983e8 [ 218.053482][T11531] [ 218.592021][T11579] FAULT_INJECTION: forcing a failure. [ 218.592021][T11579] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 218.613065][T11579] CPU: 1 UID: 0 PID: 11579 Comm: syz.0.5290 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 218.613103][T11579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 218.613117][T11579] Call Trace: [ 218.613125][T11579] [ 218.613133][T11579] __dump_stack+0x21/0x30 [ 218.613168][T11579] dump_stack_lvl+0x10c/0x190 [ 218.613196][T11579] ? __cfi_dump_stack_lvl+0x10/0x10 [ 218.613226][T11579] ? check_stack_object+0x12c/0x140 [ 218.613248][T11579] dump_stack+0x19/0x20 [ 218.613276][T11579] should_fail_ex+0x3d9/0x530 [ 218.613309][T11579] should_fail+0xf/0x20 [ 218.613330][T11579] should_fail_usercopy+0x1e/0x30 [ 218.613355][T11579] _copy_to_user+0x24/0xa0 [ 218.613382][T11579] simple_read_from_buffer+0xed/0x160 [ 218.613411][T11579] proc_fail_nth_read+0x19e/0x210 [ 218.613440][T11579] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 218.613470][T11579] ? update_rq_clock+0x31b/0x7c0 [ 218.613504][T11579] ? bpf_lsm_file_permission+0xd/0x20 [ 218.613535][T11579] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 218.613566][T11579] vfs_read+0x27d/0xc70 [ 218.613586][T11579] ? __cfi_vfs_read+0x10/0x10 [ 218.613606][T11579] ? __kasan_check_write+0x18/0x20 [ 218.613640][T11579] ? mutex_lock+0x92/0x1c0 [ 218.613661][T11579] ? __cfi_mutex_lock+0x10/0x10 [ 218.613681][T11579] ? __fget_files+0x2c5/0x340 [ 218.613706][T11579] ksys_read+0x141/0x250 [ 218.613727][T11579] ? __cfi_ksys_read+0x10/0x10 [ 218.613748][T11579] ? __kasan_check_read+0x15/0x20 [ 218.613780][T11579] __x64_sys_read+0x7f/0x90 [ 218.613802][T11579] x64_sys_call+0x2638/0x2ee0 [ 218.613836][T11579] do_syscall_64+0x58/0xf0 [ 218.613864][T11579] ? clear_bhb_loop+0x50/0xa0 [ 218.613890][T11579] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 218.613914][T11579] RIP: 0033:0x7f776758e0dc [ 218.613934][T11579] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 218.613954][T11579] RSP: 002b:00007f7768379030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 218.613979][T11579] RAX: ffffffffffffffda RBX: 00007f77677e5fa0 RCX: 00007f776758e0dc [ 218.613998][T11579] RDX: 000000000000000f RSI: 00007f77683790a0 RDI: 000000000000000a [ 218.614013][T11579] RBP: 00007f7768379090 R08: 0000000000000000 R09: 0000000000000000 [ 218.614029][T11579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 218.614043][T11579] R13: 00007f77677e6038 R14: 00007f77677e5fa0 R15: 00007fff90f01ac8 [ 218.614064][T11579] [ 218.928664][T11603] FAULT_INJECTION: forcing a failure. [ 218.928664][T11603] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 218.956098][T11603] CPU: 0 UID: 0 PID: 11603 Comm: syz.3.5301 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 218.956136][T11603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 218.956151][T11603] Call Trace: [ 218.956159][T11603] [ 218.956169][T11603] __dump_stack+0x21/0x30 [ 218.956206][T11603] dump_stack_lvl+0x10c/0x190 [ 218.956237][T11603] ? __cfi_dump_stack_lvl+0x10/0x10 [ 218.956269][T11603] ? check_stack_object+0x107/0x140 [ 218.956293][T11603] dump_stack+0x19/0x20 [ 218.956332][T11603] should_fail_ex+0x3d9/0x530 [ 218.956357][T11603] should_fail+0xf/0x20 [ 218.956378][T11603] should_fail_usercopy+0x1e/0x30 [ 218.956404][T11603] _copy_from_user+0x22/0xb0 [ 218.956433][T11603] __sys_bind+0x1de/0x3f0 [ 218.956462][T11603] ? __cfi___sys_bind+0x10/0x10 [ 218.956494][T11603] ? __kasan_check_read+0x15/0x20 [ 218.956529][T11603] __x64_sys_bind+0x7e/0x90 [ 218.956558][T11603] x64_sys_call+0x1ffd/0x2ee0 [ 218.956592][T11603] do_syscall_64+0x58/0xf0 [ 218.956622][T11603] ? clear_bhb_loop+0x50/0xa0 [ 218.956648][T11603] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 218.956673][T11603] RIP: 0033:0x7fcb0e38f6c9 [ 218.956693][T11603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.956714][T11603] RSP: 002b:00007fcb0f203038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 218.956738][T11603] RAX: ffffffffffffffda RBX: 00007fcb0e5e5fa0 RCX: 00007fcb0e38f6c9 [ 218.956756][T11603] RDX: 000000000000001c RSI: 0000200000000080 RDI: 0000000000000008 [ 218.956772][T11603] RBP: 00007fcb0f203090 R08: 0000000000000000 R09: 0000000000000000 [ 218.956788][T11603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 218.956802][T11603] R13: 00007fcb0e5e6038 R14: 00007fcb0e5e5fa0 R15: 00007ffd65b7e308 [ 218.956823][T11603] [ 219.494863][T11622] FAULT_INJECTION: forcing a failure. [ 219.494863][T11622] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 219.514679][T11622] CPU: 0 UID: 0 PID: 11622 Comm: syz.0.5311 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 219.514719][T11622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 219.514734][T11622] Call Trace: [ 219.514742][T11622] [ 219.514752][T11622] __dump_stack+0x21/0x30 [ 219.514788][T11622] dump_stack_lvl+0x10c/0x190 [ 219.514817][T11622] ? __cfi_dump_stack_lvl+0x10/0x10 [ 219.514850][T11622] ? kstrtoull+0x13b/0x1e0 [ 219.514871][T11622] dump_stack+0x19/0x20 [ 219.514899][T11622] should_fail_ex+0x3d9/0x530 [ 219.514923][T11622] should_fail+0xf/0x20 [ 219.514943][T11622] should_fail_usercopy+0x1e/0x30 [ 219.514968][T11622] _copy_from_user+0x22/0xb0 [ 219.514997][T11622] ___sys_sendmsg+0x159/0x2a0 [ 219.515031][T11622] ? __sys_sendmsg+0x280/0x280 [ 219.515064][T11622] ? proc_fail_nth_write+0x17e/0x210 [ 219.515095][T11622] ? __cfi_proc_fail_nth_write+0x10/0x10 [ 219.515132][T11622] __x64_sys_sendmsg+0x1eb/0x2c0 [ 219.515163][T11622] ? fput+0x1a5/0x240 [ 219.515188][T11622] ? __cfi___x64_sys_sendmsg+0x10/0x10 [ 219.515221][T11622] ? ksys_write+0x1ef/0x250 [ 219.515245][T11622] ? __kasan_check_read+0x15/0x20 [ 219.515289][T11622] x64_sys_call+0x2a4c/0x2ee0 [ 219.515322][T11622] do_syscall_64+0x58/0xf0 [ 219.515351][T11622] ? clear_bhb_loop+0x50/0xa0 [ 219.515376][T11622] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 219.515402][T11622] RIP: 0033:0x7f776758f6c9 [ 219.515420][T11622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 219.515439][T11622] RSP: 002b:00007f7768379038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 219.515463][T11622] RAX: ffffffffffffffda RBX: 00007f77677e5fa0 RCX: 00007f776758f6c9 [ 219.515481][T11622] RDX: 0000000000000080 RSI: 0000200000000200 RDI: 0000000000000008 [ 219.515496][T11622] RBP: 00007f7768379090 R08: 0000000000000000 R09: 0000000000000000 [ 219.515510][T11622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 219.515524][T11622] R13: 00007f77677e6038 R14: 00007f77677e5fa0 R15: 00007fff90f01ac8 [ 219.515545][T11622] [ 219.554678][ T36] audit: type=1400 audit(1763511095.720:221): avc: denied { write } for pid=11623 comm="syz.1.5306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 220.137394][T11651] FAULT_INJECTION: forcing a failure. [ 220.137394][T11651] name failslab, interval 1, probability 0, space 0, times 0 [ 220.157411][T11651] CPU: 0 UID: 0 PID: 11651 Comm: syz.3.5325 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 220.157450][T11651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 220.157465][T11651] Call Trace: [ 220.157474][T11651] [ 220.157484][T11651] __dump_stack+0x21/0x30 [ 220.157520][T11651] dump_stack_lvl+0x10c/0x190 [ 220.157551][T11651] ? __cfi_dump_stack_lvl+0x10/0x10 [ 220.157585][T11651] dump_stack+0x19/0x20 [ 220.157615][T11651] should_fail_ex+0x3d9/0x530 [ 220.157640][T11651] should_failslab+0xac/0x100 [ 220.157666][T11651] kmem_cache_alloc_lru_noprof+0x44/0x430 [ 220.157690][T11651] ? sock_alloc_inode+0x48/0x150 [ 220.157718][T11651] sock_alloc_inode+0x48/0x150 [ 220.157744][T11651] ? __cfi_sock_alloc_inode+0x10/0x10 [ 220.157769][T11651] alloc_inode+0x7a/0x270 [ 220.157796][T11651] new_inode_pseudo+0x19/0x40 [ 220.157823][T11651] do_accept+0x15a/0x6b0 [ 220.157852][T11651] ? _raw_spin_lock+0x8c/0x120 [ 220.157882][T11651] ? __cfi_do_accept+0x10/0x10 [ 220.157915][T11651] __sys_accept4+0x11e/0x1c0 [ 220.157945][T11651] ? __cfi___sys_accept4+0x10/0x10 [ 220.157976][T11651] ? __kasan_check_read+0x15/0x20 [ 220.158011][T11651] __x64_sys_accept+0x81/0xa0 [ 220.158040][T11651] x64_sys_call+0x2bcc/0x2ee0 [ 220.158074][T11651] do_syscall_64+0x58/0xf0 [ 220.158104][T11651] ? clear_bhb_loop+0x50/0xa0 [ 220.158130][T11651] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 220.158162][T11651] RIP: 0033:0x7fcb0e38f6c9 [ 220.158181][T11651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 220.158202][T11651] RSP: 002b:00007fcb0f203038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 220.158228][T11651] RAX: ffffffffffffffda RBX: 00007fcb0e5e5fa0 RCX: 00007fcb0e38f6c9 [ 220.158246][T11651] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 220.158261][T11651] RBP: 00007fcb0f203090 R08: 0000000000000000 R09: 0000000000000000 [ 220.158276][T11651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 220.158291][T11651] R13: 00007fcb0e5e6038 R14: 00007fcb0e5e5fa0 R15: 00007ffd65b7e308 [ 220.158311][T11651] [ 220.407536][T11659] binder: Bad value for 'max' [ 220.700751][T11693] FAULT_INJECTION: forcing a failure. [ 220.700751][T11693] name failslab, interval 1, probability 0, space 0, times 0 [ 220.719563][T11693] CPU: 1 UID: 0 PID: 11693 Comm: syz.1.5336 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 220.719601][T11693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 220.719617][T11693] Call Trace: [ 220.719625][T11693] [ 220.719635][T11693] __dump_stack+0x21/0x30 [ 220.719671][T11693] dump_stack_lvl+0x10c/0x190 [ 220.719703][T11693] ? __cfi_dump_stack_lvl+0x10/0x10 [ 220.719735][T11693] ? proc_tid_base_lookup+0x2f/0x40 [ 220.719768][T11693] ? do_filp_open+0x1c6/0x3e0 [ 220.719796][T11693] ? do_sys_openat2+0x12c/0x1c0 [ 220.719825][T11693] ? __x64_sys_openat+0x13a/0x170 [ 220.719856][T11693] ? do_syscall_64+0x58/0xf0 [ 220.719886][T11693] dump_stack+0x19/0x20 [ 220.719916][T11693] should_fail_ex+0x3d9/0x530 [ 220.719941][T11693] should_failslab+0xac/0x100 [ 220.719968][T11693] kmem_cache_alloc_noprof+0x42/0x430 [ 220.719990][T11693] ? __asan_memcpy+0x5a/0x80 [ 220.720010][T11693] ? vm_area_dup+0x42/0x570 [ 220.720035][T11693] vm_area_dup+0x42/0x570 [ 220.720058][T11693] __split_vma+0x1bd/0xa80 [ 220.720082][T11693] ? kasan_save_alloc_info+0x40/0x50 [ 220.720124][T11693] ? vms_gather_munmap_vmas+0xdd0/0xdd0 [ 220.720152][T11693] vms_gather_munmap_vmas+0x273/0xdd0 [ 220.720180][T11693] mmap_region+0x598/0x1bc0 [ 220.720205][T11693] ? __cfi_mmap_region+0x10/0x10 [ 220.720230][T11693] ? __kasan_check_read+0x15/0x20 [ 220.720264][T11693] ? arch_get_unmapped_area_topdown+0x232/0x8d0 [ 220.720293][T11693] ? file_mmap_ok+0x147/0x1a0 [ 220.720315][T11693] do_mmap+0xb6d/0x13c0 [ 220.720337][T11693] ? __cfi_do_mmap+0x10/0x10 [ 220.720357][T11693] ? down_write_killable+0xe9/0x2d0 [ 220.720382][T11693] ? __cfi_down_write_killable+0x10/0x10 [ 220.720409][T11693] vm_mmap_pgoff+0x38f/0x4e0 [ 220.720432][T11693] ? __cfi_vm_mmap_pgoff+0x10/0x10 [ 220.720452][T11693] ? __fget_files+0x2c5/0x340 [ 220.720479][T11693] ksys_mmap_pgoff+0x166/0x1e0 [ 220.720501][T11693] __x64_sys_mmap+0x121/0x140 [ 220.720536][T11693] x64_sys_call+0x13bf/0x2ee0 [ 220.720570][T11693] do_syscall_64+0x58/0xf0 [ 220.720598][T11693] ? clear_bhb_loop+0x50/0xa0 [ 220.720624][T11693] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 220.720649][T11693] RIP: 0033:0x7f31a218f6c9 [ 220.720669][T11693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 220.720690][T11693] RSP: 002b:00007f31a2fd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 220.720715][T11693] RAX: ffffffffffffffda RBX: 00007f31a23e5fa0 RCX: 00007f31a218f6c9 [ 220.720733][T11693] RDX: 0000000000000004 RSI: 0000000000003000 RDI: 0000200000001000 [ 220.720750][T11693] RBP: 00007f31a2fd7090 R08: 0000000000000007 R09: 00000000f0697000 [ 220.720766][T11693] R10: 0000000000000013 R11: 0000000000000246 R12: 0000000000000001 [ 220.720781][T11693] R13: 00007f31a23e6038 R14: 00007f31a23e5fa0 R15: 00007ffe65f983e8 [ 220.720802][T11693] [ 222.050655][T11783] binder: Bad value for 'max' [ 222.136501][T11795] binder: Bad value for 'max' [ 222.159945][ T36] audit: type=1400 audit(1763511098.350:222): avc: denied { ioctl } for pid=11796 comm="syz.3.5396" path="socket:[66958]" dev="sockfs" ino=66958 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 222.174518][T11799] FAULT_INJECTION: forcing a failure. [ 222.174518][T11799] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 222.215689][T11799] CPU: 0 UID: 0 PID: 11799 Comm: syz.2.5397 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 222.215736][T11799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 222.215752][T11799] Call Trace: [ 222.215760][T11799] [ 222.215770][T11799] __dump_stack+0x21/0x30 [ 222.215807][T11799] dump_stack_lvl+0x10c/0x190 [ 222.215837][T11799] ? __cfi_dump_stack_lvl+0x10/0x10 [ 222.215869][T11799] ? selinux_file_open+0x457/0x610 [ 222.215899][T11799] dump_stack+0x19/0x20 [ 222.215928][T11799] should_fail_ex+0x3d9/0x530 [ 222.215952][T11799] should_fail_alloc_page+0xeb/0x110 [ 222.215980][T11799] __alloc_pages_noprof+0x19b/0x7b0 [ 222.216012][T11799] ? __cfi___alloc_pages_noprof+0x10/0x10 [ 222.216043][T11799] ? is_bpf_text_address+0x17b/0x1a0 [ 222.216072][T11799] ? __kernel_text_address+0x11/0x40 [ 222.216101][T11799] ? unwind_get_return_address+0x51/0x90 [ 222.216128][T11799] ? __cfi_stack_trace_consume_entry+0x10/0x10 [ 222.216164][T11799] ? arch_stack_walk+0x10b/0x170 [ 222.216185][T11799] __folio_alloc_noprof+0x14/0x80 [ 222.216216][T11799] folio_prealloc+0x46/0x240 [ 222.216244][T11799] do_pte_missing+0x164c/0x4240 [ 222.216272][T11799] ? _parse_integer+0x2e/0x40 [ 222.216309][T11799] ? pte_marker_clear+0x1b0/0x1b0 [ 222.216337][T11799] ? kstrtouint_from_user+0xfb/0x150 [ 222.216359][T11799] ? __x64_sys_openat+0x13a/0x170 [ 222.216390][T11799] ? x64_sys_call+0xe69/0x2ee0 [ 222.216424][T11799] ? selinux_file_permission+0x309/0xb30 [ 222.216453][T11799] ? __pte_offset_map+0x1b0/0x230 [ 222.216487][T11799] ? pte_offset_map_rw_nolock+0xba/0x110 [ 222.216521][T11799] handle_mm_fault+0x1166/0x1b90 [ 222.216551][T11799] ? __cfi_handle_mm_fault+0x10/0x10 [ 222.216575][T11799] ? lock_vma_under_rcu+0x49d/0x540 [ 222.216606][T11799] ? __kasan_check_write+0x18/0x20 [ 222.216642][T11799] do_user_addr_fault+0x96c/0x1200 [ 222.216676][T11799] ? __cfi_ksys_write+0x10/0x10 [ 222.216708][T11799] exc_page_fault+0x59/0xc0 [ 222.216733][T11799] asm_exc_page_fault+0x2b/0x30 [ 222.216758][T11799] RIP: 0033:0x7f9b84660576 [ 222.216778][T11799] Code: 00 00 00 00 41 57 31 c0 41 56 49 89 d6 41 55 49 89 f5 48 89 d6 41 54 49 89 fc 48 8d 3d 0c 2f 1b 00 55 53 48 81 ec 88 20 00 00 <48> 89 0c 24 4c 89 44 24 08 e8 ec d9 fe ff 4d 85 f6 0f 84 46 0a 00 [ 222.216799][T11799] RSP: 002b:00007f9b831f4f70 EFLAGS: 00010202 [ 222.216821][T11799] RAX: 0000000000000000 RBX: 00007f9b849e5fa0 RCX: 0000200000000140 [ 222.216839][T11799] RDX: 00002000000001c0 RSI: 00002000000001c0 RDI: 00007f9b84813479 [ 222.216856][T11799] RBP: 00007f9b831f7090 R08: 00007f9b8464e2f0 R09: 0000000000000000 [ 222.216872][T11799] R10: 0000000000000003 R11: 00002000000001c0 R12: 0000000000000003 [ 222.216887][T11799] R13: 000000000000003f R14: 00002000000001c0 R15: 00007fff57699658 [ 222.216907][T11799] [ 222.216920][T11799] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 222.552537][T11809] binder: Bad value for 'max' [ 222.734698][ T850] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 222.744288][T11819] binder: Bad value for 'max' [ 222.894671][ T850] usb 3-1: Using ep0 maxpacket: 8 [ 222.901126][ T850] usb 3-1: unable to get BOS descriptor or descriptor too short [ 222.925029][ T850] usb 3-1: config 0 has no interfaces? [ 222.932301][ T850] usb 3-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 2.2c [ 222.954647][ T850] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.962754][ T850] usb 3-1: Product: syz [ 222.966999][ T850] usb 3-1: Manufacturer: syz [ 222.971623][ T850] usb 3-1: SerialNumber: syz [ 222.995487][ T850] usb 3-1: config 0 descriptor?? [ 223.116721][T11842] binder: Bad value for 'max' [ 223.169603][ T36] audit: type=1400 audit(1763511099.360:223): avc: denied { create } for pid=11850 comm="syz.0.5423" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 223.202021][ T31] usb 3-1: USB disconnect, device number 18 [ 223.214654][ T36] audit: type=1400 audit(1763511099.390:224): avc: denied { sys_admin } for pid=11850 comm="syz.0.5423" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 223.634447][T11901] binder: Bad value for 'max' [ 223.746032][ T36] audit: type=1400 audit(1763511099.940:225): avc: denied { connect } for pid=11915 comm="syz.0.5454" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 223.825743][T11928] binder: Bad value for 'max' [ 223.979360][T11952] binder: Bad value for 'max' [ 224.084925][T11964] FAULT_INJECTION: forcing a failure. [ 224.084925][T11964] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.124641][T11964] CPU: 0 UID: 0 PID: 11964 Comm: syz.1.5478 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 224.124682][T11964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 224.124698][T11964] Call Trace: [ 224.124705][T11964] [ 224.124714][T11964] __dump_stack+0x21/0x30 [ 224.124750][T11964] dump_stack_lvl+0x10c/0x190 [ 224.124792][T11964] ? __cfi_dump_stack_lvl+0x10/0x10 [ 224.124824][T11964] dump_stack+0x19/0x20 [ 224.124853][T11964] should_fail_ex+0x3d9/0x530 [ 224.124879][T11964] should_fail+0xf/0x20 [ 224.124901][T11964] should_fail_usercopy+0x1e/0x30 [ 224.124927][T11964] strncpy_from_user+0x28/0x270 [ 224.124952][T11964] __se_sys_add_key+0xcd/0x490 [ 224.124984][T11964] ? __x64_sys_add_key+0xf0/0xf0 [ 224.125018][T11964] __x64_sys_add_key+0xc3/0xf0 [ 224.125049][T11964] x64_sys_call+0x195f/0x2ee0 [ 224.125083][T11964] do_syscall_64+0x58/0xf0 [ 224.125114][T11964] ? clear_bhb_loop+0x50/0xa0 [ 224.125140][T11964] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 224.125165][T11964] RIP: 0033:0x7f31a218f6c9 [ 224.125185][T11964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.125207][T11964] RSP: 002b:00007f31a2fd7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 224.125231][T11964] RAX: ffffffffffffffda RBX: 00007f31a23e5fa0 RCX: 00007f31a218f6c9 [ 224.125249][T11964] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040 [ 224.125264][T11964] RBP: 00007f31a2fd7090 R08: fffffffffffffffe R09: 0000000000000000 [ 224.125280][T11964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 224.125294][T11964] R13: 00007f31a23e6038 R14: 00007f31a23e5fa0 R15: 00007ffe65f983e8 [ 224.125313][T11964] [ 224.555978][T12002] FAULT_INJECTION: forcing a failure. [ 224.555978][T12002] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 224.574667][T12002] CPU: 0 UID: 0 PID: 12002 Comm: syz.2.5497 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 224.574704][T12002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 224.574718][T12002] Call Trace: [ 224.574726][T12002] [ 224.574735][T12002] __dump_stack+0x21/0x30 [ 224.574771][T12002] dump_stack_lvl+0x10c/0x190 [ 224.574799][T12002] ? __cfi_dump_stack_lvl+0x10/0x10 [ 224.574829][T12002] dump_stack+0x19/0x20 [ 224.574857][T12002] should_fail_ex+0x3d9/0x530 [ 224.574879][T12002] should_fail+0xf/0x20 [ 224.574899][T12002] should_fail_usercopy+0x1e/0x30 [ 224.574923][T12002] strncpy_from_user+0x28/0x270 [ 224.574944][T12002] __se_sys_add_key+0xcd/0x490 [ 224.574975][T12002] ? __x64_sys_add_key+0xf0/0xf0 [ 224.575006][T12002] __x64_sys_add_key+0xc3/0xf0 [ 224.575035][T12002] x64_sys_call+0x195f/0x2ee0 [ 224.575068][T12002] do_syscall_64+0x58/0xf0 [ 224.575097][T12002] ? clear_bhb_loop+0x50/0xa0 [ 224.575124][T12002] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 224.575149][T12002] RIP: 0033:0x7f9b8478f6c9 [ 224.575168][T12002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 224.575188][T12002] RSP: 002b:00007f9b831f7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 224.575213][T12002] RAX: ffffffffffffffda RBX: 00007f9b849e5fa0 RCX: 00007f9b8478f6c9 [ 224.575232][T12002] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040 [ 224.575248][T12002] RBP: 00007f9b831f7090 R08: fffffffffffffffe R09: 0000000000000000 [ 224.575264][T12002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 224.575279][T12002] R13: 00007f9b849e6038 R14: 00007f9b849e5fa0 R15: 00007fff57699658 [ 224.575299][T12002] [ 225.777525][T12044] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 225.800187][T12044] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 1th superblock [ 225.819319][T12044] F2FS-fs (rnullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 225.837440][T12044] F2FS-fs (rnullb0): Can't find valid F2FS filesystem in 2th superblock [ 225.963453][ T36] audit: type=1400 audit(1763511102.150:226): avc: denied { watch watch_reads } for pid=12055 comm="syz.1.5524" path="/237" dev="tmpfs" ino=1475 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 226.236368][T12060] FAULT_INJECTION: forcing a failure. [ 226.236368][T12060] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 226.264691][T12060] CPU: 1 UID: 0 PID: 12060 Comm: syz.3.5526 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 226.264729][T12060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 226.264743][T12060] Call Trace: [ 226.264752][T12060] [ 226.264761][T12060] __dump_stack+0x21/0x30 [ 226.264816][T12060] dump_stack_lvl+0x10c/0x190 [ 226.264848][T12060] ? __cfi_dump_stack_lvl+0x10/0x10 [ 226.264882][T12060] dump_stack+0x19/0x20 [ 226.264911][T12060] should_fail_ex+0x3d9/0x530 [ 226.264936][T12060] should_fail+0xf/0x20 [ 226.264957][T12060] should_fail_usercopy+0x1e/0x30 [ 226.264983][T12060] strncpy_from_user+0x28/0x270 [ 226.265008][T12060] __se_sys_add_key+0xcd/0x490 [ 226.265040][T12060] ? __x64_sys_add_key+0xf0/0xf0 [ 226.265072][T12060] __x64_sys_add_key+0xc3/0xf0 [ 226.265103][T12060] x64_sys_call+0x195f/0x2ee0 [ 226.265137][T12060] do_syscall_64+0x58/0xf0 [ 226.265166][T12060] ? clear_bhb_loop+0x50/0xa0 [ 226.265192][T12060] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 226.265217][T12060] RIP: 0033:0x7fcb0e38f6c9 [ 226.265237][T12060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.265258][T12060] RSP: 002b:00007fcb0f203038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8 [ 226.265283][T12060] RAX: ffffffffffffffda RBX: 00007fcb0e5e5fa0 RCX: 00007fcb0e38f6c9 [ 226.265302][T12060] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040 [ 226.265318][T12060] RBP: 00007fcb0f203090 R08: fffffffffffffffe R09: 0000000000000000 [ 226.265334][T12060] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.265349][T12060] R13: 00007fcb0e5e6038 R14: 00007fcb0e5e5fa0 R15: 00007ffd65b7e308 [ 226.265371][T12060] [ 227.060971][T12090] binder: Bad value for 'max' [ 227.839849][T12117] FAULT_INJECTION: forcing a failure. [ 227.839849][T12117] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 227.856923][T12117] CPU: 1 UID: 0 PID: 12117 Comm: syz.3.5555 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 227.856961][T12117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 227.856975][T12117] Call Trace: [ 227.856982][T12117] [ 227.856992][T12117] __dump_stack+0x21/0x30 [ 227.857027][T12117] dump_stack_lvl+0x10c/0x190 [ 227.857058][T12117] ? __cfi_dump_stack_lvl+0x10/0x10 [ 227.857088][T12117] ? check_stack_object+0x12c/0x140 [ 227.857111][T12117] dump_stack+0x19/0x20 [ 227.857141][T12117] should_fail_ex+0x3d9/0x530 [ 227.857164][T12117] should_fail+0xf/0x20 [ 227.857186][T12117] should_fail_usercopy+0x1e/0x30 [ 227.857242][T12117] _copy_to_user+0x24/0xa0 [ 227.857271][T12117] simple_read_from_buffer+0xed/0x160 [ 227.857300][T12117] proc_fail_nth_read+0x19e/0x210 [ 227.857331][T12117] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 227.857362][T12117] ? bpf_lsm_file_permission+0xd/0x20 [ 227.857395][T12117] ? __cfi_proc_fail_nth_read+0x10/0x10 [ 227.857426][T12117] vfs_read+0x27d/0xc70 [ 227.857448][T12117] ? __cfi_vfs_read+0x10/0x10 [ 227.857469][T12117] ? __kasan_check_write+0x18/0x20 [ 227.857503][T12117] ? mutex_lock+0x92/0x1c0 [ 227.857523][T12117] ? __cfi_mutex_lock+0x10/0x10 [ 227.857544][T12117] ? __fget_files+0x2c5/0x340 [ 227.857572][T12117] ksys_read+0x141/0x250 [ 227.857593][T12117] ? __cfi_ksys_read+0x10/0x10 [ 227.857615][T12117] ? __kasan_check_read+0x15/0x20 [ 227.857650][T12117] __x64_sys_read+0x7f/0x90 [ 227.857671][T12117] x64_sys_call+0x2638/0x2ee0 [ 227.857705][T12117] do_syscall_64+0x58/0xf0 [ 227.857733][T12117] ? clear_bhb_loop+0x50/0xa0 [ 227.857759][T12117] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 227.857783][T12117] RIP: 0033:0x7fcb0e38e0dc [ 227.857801][T12117] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 227.857820][T12117] RSP: 002b:00007fcb0f203030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 227.857844][T12117] RAX: ffffffffffffffda RBX: 00007fcb0e5e5fa0 RCX: 00007fcb0e38e0dc [ 227.857861][T12117] RDX: 000000000000000f RSI: 00007fcb0f2030a0 RDI: 0000000000000007 [ 227.857877][T12117] RBP: 00007fcb0f203090 R08: 0000000000000000 R09: 0000000000000000 [ 227.857892][T12117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 227.857905][T12117] R13: 00007fcb0e5e6038 R14: 00007fcb0e5e5fa0 R15: 00007ffd65b7e308 [ 227.857925][T12117] [ 228.178213][T12130] binder: Bad value for 'max' [ 228.753705][T12154] FAULT_INJECTION: forcing a failure. [ 228.753705][T12154] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 228.794689][T12154] CPU: 1 UID: 0 PID: 12154 Comm: syz.2.5574 Not tainted syzkaller #0 0b5ffdee5fcd2f7749818d1ff954e9c21353764e [ 228.794727][T12154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 228.794743][T12154] Call Trace: [ 228.794751][T12154] [ 228.794760][T12154] __dump_stack+0x21/0x30 [ 228.794796][T12154] dump_stack_lvl+0x10c/0x190 [ 228.794826][T12154] ? __cfi_dump_stack_lvl+0x10/0x10 [ 228.794857][T12154] ? vfs_write+0x93e/0xf30 [ 228.794880][T12154] dump_stack+0x19/0x20 [ 228.794908][T12154] should_fail_ex+0x3d9/0x530 [ 228.794932][T12154] should_fail+0xf/0x20 [ 228.794952][T12154] should_fail_usercopy+0x1e/0x30 [ 228.794977][T12154] _copy_from_user+0x22/0xb0 [ 228.795005][T12154] __se_sys_prlimit64+0x12a/0x7c0 [ 228.795039][T12154] ? __x64_sys_prlimit64+0xc0/0xc0 [ 228.795072][T12154] ? ksys_write+0x1ef/0x250 [ 228.795092][T12154] ? __cfi_ksys_write+0x10/0x10 [ 228.795115][T12154] __x64_sys_prlimit64+0x9f/0xc0 [ 228.795148][T12154] x64_sys_call+0x1f31/0x2ee0 [ 228.795181][T12154] do_syscall_64+0x58/0xf0 [ 228.795209][T12154] ? clear_bhb_loop+0x50/0xa0 [ 228.795234][T12154] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 228.795258][T12154] RIP: 0033:0x7f9b8478f6c9 [ 228.795277][T12154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.795297][T12154] RSP: 002b:00007f9b831f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012e [ 228.795321][T12154] RAX: ffffffffffffffda RBX: 00007f9b849e5fa0 RCX: 00007f9b8478f6c9 [ 228.795371][T12154] RDX: 00002000000000c0 RSI: 0000000000000004 RDI: 0000000000000000 [ 228.795394][T12154] RBP: 00007f9b831f7090 R08: 0000000000000000 R09: 0000000000000000 [ 228.795409][T12154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 228.795423][T12154] R13: 00007f9b849e6038 R14: 00007f9b849e5fa0 R15: 00007fff57699658 [ 228.795443][T12154] [ 229.366512][ T36] audit: type=1400 audit(1763511105.560:227): avc: denied { ioctl } for pid=12207 comm="syz.2.5598" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=69848 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 231.733956][T12411] binder: Bad value for 'max' [ 231.967508][T12446] binder: Bad value for 'max' [ 232.691080][T12497] rust_binder: Failed to allocate buffer. len:136, is_oneway:false [ 233.652456][T12539] binder: Bad value for 'max' [ 234.704179][ T36] audit: type=1326 audit(1763511110.890:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12569 comm="syz.3.5774" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb0e38f6c9 code=0x0 [ 236.058025][T12631] binder: Bad value for 'max' [ 236.734753][ T10] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 236.905828][ T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 236.934665][ T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 236.964649][ T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 236.994657][ T10] usb 4-1: config 1 interface 1 altsetting 1 has an endpoint descriptor with address 0x78, changing to 0x8 [ 237.014649][ T10] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0 [ 237.034666][ T10] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 237.059590][ T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 237.068876][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.079058][ T10] usb 4-1: Product: syz [ 237.083307][ T10] usb 4-1: Manufacturer: syz [ 237.099300][ T10] usb 4-1: SerialNumber: syz [ 237.111024][T12678] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 237.524267][ T10] cdc_ncm 4-1:1.0: bind() failure [ 237.544673][ T10] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 237.568837][ T10] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 237.583810][ T36] audit: type=1326 audit(1763511113.770:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12728 comm="syz.0.5851" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f776758f6c9 code=0x0 [ 237.585774][ T10] usb 4-1: USB disconnect, device number 30 [ 238.114892][ T36] audit: type=1326 audit(1763511114.300:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12789 comm="syz.0.5882" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f776758f6c9 code=0x0 [ 239.045644][ T36] audit: type=1326 audit(1763511115.240:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12849 comm="syz.0.5911" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f776758f6c9 code=0x0 [ 240.576633][T12916] 9pnet_fd: Insufficient options for proto=fd [ 241.357658][ T36] audit: type=1326 audit(1763511117.550:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12955 comm="syz.3.5961" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb0e38f6c9 code=0x0 [ 241.458710][T12965] binder: Bad value for 'max' [ 244.890635][ T36] audit: type=1326 audit(1763511121.080:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13112 comm="syz.3.6035" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb0e38f6c9 code=0x0 [ 245.715134][T13159] binder: Bad value for 'max' [ 245.937160][ T36] audit: type=1400 audit(1763511122.130:234): avc: denied { read } for pid=13168 comm="poweroff" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 246.305502][ T36] audit: type=1326 audit(1763511122.500:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13180 comm="syz.3.6066" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcb0e38f6c9 code=0x0 Stopping sshd: [ 246.415429][T13188] binder: Bad value for 'max' stopped /usr/sbin/sshd (pid 201) OK Stopping crond: stopped /usr/sbin/crond (pid 194) OK Stopping dhcpcd... stopped /sbin/dhcpcd (pid 148) [ 246.718764][ T36] audit: type=1400 audit(1763511122.910:236): avc: denied { search } for pid=13215 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 Stopping network: [ 246.846046][ T36] audit: type=1400 audit(1763511123.040:237): avc: denied { execute } for pid=13222 comm="syz.2.6079" path="/391/blkio.bfq.group_wait_time" dev="tmpfs" ino=2417 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 246.976411][ T36] audit: type=1400 audit(1763511123.170:238): avc: denied { write } for pid=149 comm="dhcpcd" name="dhcpcd" dev="tmpfs" ino=421 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 247.064696][ T36] audit: type=1400 audit(1763511123.170:239): avc: denied { remove_name } for pid=149 comm="dhcpcd" name="sock" dev="tmpfs" ino=423 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 OK [ 247.124643][ T36] audit: type=1400 audit(1763511123.170:240): avc: denied { unlink } for pid=149 comm="dhcpcd" name="sock" dev="tmpfs" ino=423 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=sock_file permissive=1 Stopping iptables: [ 247.174649][ T36] audit: type=1400 audit(1763511123.190:241): avc: denied { read write } for pid=13234 comm="ip" path="/dev/console" dev="rootfs" ino=104 scontext=system_u:system_r:ifconfig_t tcontext=system_u:object_r:root_t tclass=chr_file permissive=1 OK [ 247.232108][ T36] audit: type=1400 audit(1763511123.200:242): avc: denied { unlink } for pid=149 comm="dhcpcd" name="pid" dev="tmpfs" ino=422 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 247.268298][ T36] audit: type=1400 audit(1763511123.370:243): avc: denied { read write } for pid=13242 comm="iptables" path="/dev/console" dev="rootfs" ino=104 scontext=system_u:system_r:iptables_t tcontext=system_u:object_r:root_t tclass=chr_file permissive=1 [ 247.342994][ T36] audit: type=1400 audit(1763511123.370:244): avc: denied { search } for pid=13242 comm="iptables" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:iptables_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 Stopping system message bus: [ 247.394650][ T36] audit: type=1400 audit(1763511123.370:245): avc: denied { write } for pid=13242 comm="iptables" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:iptables_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 done Stopping klogd: OK Stopping acpid: OK Stopping syslogd: stopped /sbin/syslogd (pid 92) OK umount: can't remount debugfs read-only Connection to 10.128.0.219 closed by remote host. umount: sysfs busy - remounted read-only umount: devtmpfs busy - remounted read-only umount: can't remount /dev/root read-only The system is going down NOW! Sent SIGTERM to all processes [ 249.800299][ T12] bridge_slave_1: left allmulticast mode [ 249.808911][ T12] bridge_slave_1: left promiscuous mode [ 249.814581][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.855132][ T12] bridge_slave_0: left allmulticast mode [ 249.860833][ T12] bridge_slave_0: left promiscuous mode [ 249.884750][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.088587][ T12] veth1_macvtap: left promiscuous mode [ 250.094856][ T12] veth0_vlan: left promiscuous mode [ 250.450148][ T12] bridge_slave_1: left allmulticast mode [ 250.456244][ T12] bridge_slave_1: left promiscuous mode [ 250.462075][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.471621][ T12] bridge_slave_0: left allmulticast mode [ 250.479481][ T12] bridge_slave_0: left promiscuous mode [ 250.487671][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.497278][ T12] bridge_slave_1: left allmulticast mode [ 250.503895][ T12] bridge_slave_1: left promiscuous mode [ 250.509892][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.518473][ T12] bridge_slave_0: left allmulticast mode [ 250.524799][ T12] bridge_slave_0: left promiscuous mode [ 250.530622][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.538527][ T12] bridge_slave_1: left allmulticast mode [ 250.544176][ T12] bridge_slave_1: left promiscuous mode [ 250.549862][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.557528][ T12] bridge_slave_0: left allmulticast mode [ 250.563174][ T12] bridge_slave_0: left promiscuous mode [ 250.568914][ T12] bridge0: port 1(bridge_slave_0) entered disabled state Sent SIGKILL to all processes Requesting system poweroff [ 250.839871][ T12] veth1_macvtap: left promiscuous mode [ 250.845693][ T12] veth0_vlan: left promiscuous mode [ 250.851325][ T12] veth1_macvtap: left promiscuous mode [ 250.857005][ T12] veth0_vlan: left promiscuous mode [ 250.862747][ T12] veth1_macvtap: left promiscuous mode [ 250.868312][ T12] veth0_vlan: left promiscuous mode [ 251.584944][T13370] sd 0:0:1:0: [sda] Synchronizing SCSI cache [ 251.591611][T13370] ACPI: PM: Preparing to enter system sleep state S5 [ 251.598688][T13370] kvm: exiting hardware virtualization [ 251.604341][T13370] reboot: Power down serialport: VM disconnected.