last executing test programs: 1m4.393976447s ago: executing program 0 (id=3949): r0 = socket$inet6_dccp(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c) ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x2000000) 1m4.318607827s ago: executing program 0 (id=3950): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x20, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}, @in={0x2, 0x4e23, @broadcast}]}, &(0x7f0000000180)=0x10) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000580)={r2, 0x7ff, 0x3, "89f469"}, 0xb) 1m4.317889346s ago: executing program 0 (id=3951): pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) mkdirat(r0, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f00000000c0)={[{@mpol={'mpol', 0x3d, {'bind', '', @val={0x3a, [0x30, 0x2d, 0x4e, 0x3a, 0x33, 0x2f, 0x37]}}}, 0x4e}]}) 1m4.258716619s ago: executing program 0 (id=3952): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000000c00000002000000002000000000001304000080"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) bind$xdp(0xffffffffffffffff, &(0x7f0000000000)={0x2}, 0x10) ioctl$TCFLSH(r0, 0x404c4701, 0x20000000) (fail_nth: 4) 1m4.158237941s ago: executing program 0 (id=3953): syz_io_uring_setup(0x307, &(0x7f0000000240)={0x0, 0xfffffffe, 0x10100, 0x2, 0x63}, &(0x7f0000000100), 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x50, 0x0, @fd, 0x0, 0x0, 0x1, 0x7}) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = syz_clone(0x1000, &(0x7f0000000340)="ddc97fa9960bd66e82b2979374e31db206cc1a829c898167b8", 0x19, &(0x7f0000000100), 0x0, 0x0) syz_open_procfs(r1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) creat(&(0x7f0000000040)='./file0\x00', 0x0) acct(&(0x7f00000001c0)='./file0\x00') sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socket$kcm(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'team_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) r8 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="090800000000000000000100000008000100", @ANYRES32=r7, @ANYBLOB="44000280400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000300000008000600", @ANYRES32=r6], 0x60}}, 0x0) r9 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140035007465616d5f736c6176655f310000000008000a"], 0x3c}}, 0x0) 1m3.994217617s ago: executing program 0 (id=3954): preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1, {0x270583a0}}, './cgroup/../file0\x00'}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r4}, 0x18) sendmsg$NFT_MSG_GETOBJ_RESET(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000150a01"], 0x34}, 0x1, 0x0, 0x0, 0x13be039c340f0c32}, 0x20040050) write$cgroup_subtree(r2, &(0x7f00000000c0)={[{0x2b, 'cpuset'}]}, 0x8) r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0xc0145b0d, 0x0) close(r5) openat$audio(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$SOUND_PCM_READ_BITS(r5, 0x80045005, &(0x7f0000000140)) creat(&(0x7f0000000140)='./cgroup/../file0\x00', 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = openat$cgroup_ro(r6, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r7, &(0x7f0000000200)=0x1, 0x12) r8 = openat$6lowpan_enable(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x3000000, 0x12, r8, 0x15ffb000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) 6.577982015s ago: executing program 1 (id=4400): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r0, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"}) 6.317961375s ago: executing program 1 (id=4401): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="280000001e000100000000000000000007000000", @ANYRES32, @ANYBLOB="000004000a0002"], 0x28}}, 0x0) 5.072021437s ago: executing program 3 (id=4411): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="90000000", @ANYRES16=r1, @ANYBLOB="0100000000000000000001"], 0x90}}, 0x0) 5.071824349s ago: executing program 3 (id=4412): socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000002, 0x8012, 0xffffffffffffffff, 0x0) syz_usb_connect$uac1(0x0, 0x9e, 0x0, &(0x7f00000006c0)={0x0, 0x0, 0x15, &(0x7f0000000080)=ANY=[@ANYBLOB="050f15000110100a061bd890ad3a6ba8de1c81"]}) sendto$packet(0xffffffffffffffff, &(0x7f00000002c0)="050405", 0x3, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}, 0x1, 0x0, 0x0, 0x20000004}, 0x4) 3.247842603s ago: executing program 2 (id=4416): timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) creat(&(0x7f0000000040)='./file0\x00', 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'team_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) r4 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="090800000000000000000100000008000100", @ANYRES32=r3, @ANYBLOB="44000280400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000300000008000600", @ANYRES32=r2], 0x60}}, 0x0) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140035007465616d5f736c6176655f310000000008000a"], 0x3c}}, 0x0) getgid() 2.788096692s ago: executing program 2 (id=4417): epoll_create1(0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) 2.787829072s ago: executing program 2 (id=4418): syz_usb_connect(0x0, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000009968810524711004f320102030109021b0001000000000904000001ff01320009050d"], 0x0) 2.328376079s ago: executing program 3 (id=4419): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$FAT_IOCTL_SET_ATTRIBUTES(r0, 0xc008af12, &(0x7f00000002c0)=0x1) 2.258065775s ago: executing program 3 (id=4420): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r0}, 0x10) r1 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000080)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x56a, 0x319, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x9, 0x90, 0x3, [{{0x9, 0x4, 0x0, 0xf1, 0x2, 0x3, 0x1, 0x2, 0x10, {0x9, 0x21, 0x8, 0x5, 0x1, {0x22, 0x13e}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x9, 0x8a, 0x5}}, [{{0x9, 0x5, 0x2, 0x3, 0x200, 0x4, 0xc3, 0x4}}]}}}]}}]}}, &(0x7f0000000680)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x250, 0x6, 0x9, 0x1, 0x8}, 0x2c, &(0x7f0000000280)={0x5, 0xf, 0x2c, 0x2, [@ssp_cap={0x24, 0x10, 0xa, 0x7, 0x6, 0x100000, 0xf0f, 0xfa19, [0x30, 0x1fec0c0, 0x0, 0xff0000, 0x0, 0x0]}, @ptm_cap={0x3}]}, 0x5, [{0x8f, &(0x7f00000004c0)=@string={0x8f, 0x3, "4609b1a8ace526d771414c79fabed196b6599f56835c09af693f744eaef20812046af1fcfca993720c9f13bc593cf6979124a60dcafddce0578a1acbb3f0fb332c71787f63edd9d239809f979ee15ee3ad1d9f09d7b4e745b61da6400197b8563b1c738a87c3a1f8191bcc62a5fd3fe373fb079edc0ebe4b8158820d7bc77fd3316527303ebf3e434b8615fd76"}}, {0x4, &(0x7f0000000300)=@string={0x4, 0x3, '=e'}}, {0x2b, &(0x7f0000000340)=@string={0x2b, 0x3, "be27d9f96503199d096579205ecb343c411c2bbef46c989f22c22b9449917d2b847febd5ff2fcadec9"}}, {0x83, &(0x7f0000000580)=@string={0x83, 0x3, "0dd4dfd1ad286104b38b0fef656d3613174639afe3c1db7be516ca856ed6ba43b6a0aef3f3fd972c75e2ecca4ea3c29b72b6e75a3911aaf504b8f08d5030a0fd60e9b87f8e4895afa1877c01ec9a53800ab297d087e27af96512b6898c6f84c3c4a748deef441c667415a3c1bedd69e9a21c537b089d6912276762ea7ed5d0be3f"}}, {0x24, &(0x7f0000000640)=@string={0x24, 0x3, "dc263b9e7d0cf7adaa98da72a47f4a3abd2f4ff3ebf73f0074dc7b4bba4696fc4d36"}}]}) syz_usb_disconnect(r1) 1.84982923s ago: executing program 1 (id=4402): bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x10, 0xb, &(0x7f0000001480)=ANY=[@ANYBLOB="18000000000000000000000000780000180100002020702500000000002020207b1af8ff00000000bf8100000000000007010000f8ffffffb76e6e8e9f000000b70300000000000085000000b300000095"], &(0x7f0000000700)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.767850299s ago: executing program 1 (id=4421): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x154, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @filter_kind_options=@f_fw={{0x7}, {0x118, 0x2, [@TCA_FW_CLASSID={0x8}, @TCA_FW_INDEV={0x14, 0x3, 'batadv_slave_1\x00'}, @TCA_FW_INDEV={0x14, 0x3, 'veth0_to_bond\x00'}, @TCA_FW_CLASSID={0x8, 0x1, {0xfff3, 0x6}}, @TCA_FW_POLICE={0x18, 0x2, [@TCA_POLICE_AVRATE={0x8}, @TCA_POLICE_RATE64={0xc}]}, @TCA_FW_CLASSID={0x8}, @TCA_FW_INDEV={0x14, 0x3, 'pimreg1\x00'}, @TCA_FW_ACT={0xa8, 0x4, [@m_simple={0xa4, 0x0, 0x0, 0x0, {{0xb}, {0x78, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x0, 0x1}}, @TCA_DEF_PARMS={0x18}, @TCA_DEF_DATA={0x7, 0x3, '9p\x00'}, @TCA_DEF_PARMS={0x18}, @TCA_DEF_PARMS={0x18}, @TCA_DEF_DATA={0xb, 0x3, 'ctinfo\x00'}]}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x154}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x7e}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xb00}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 1.767607691s ago: executing program 1 (id=4422): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) listen(r0, 0x4) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000400)=""/202, 0xca}], 0x1) 1.707831735s ago: executing program 1 (id=4423): syz_usb_connect(0x6, 0x24, 0x0, 0x0) mlockall(0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000480)='auxv\x00') r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000780)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x0}, 0x68) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) r5 = socket(0x22, 0x2, 0x11) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_freezer_state(r6, &(0x7f0000000140), 0x2, 0x0) mkdirat$cgroup(r6, &(0x7f0000000740)='syz1\x00', 0x1ff) brk(0x20ff8000) syz_open_procfs(0x0, &(0x7f0000001880)='numa_maps\x00') dup3(r1, r0, 0x0) connect$packet(r5, &(0x7f0000000280)={0x2, 0x0, 0x0, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}}, 0x14) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x15, 0x4, 0x3) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000240)={'veth1\x00', 0x0}) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0xa000000, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="003edc000800"/20, @ANYRES32=r9, @ANYBLOB="20000100", @ANYRES32=r10, @ANYBLOB="01000000ffffffff00"/24], 0x38}}, 0x0) syz_io_uring_setup(0xe7f, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000040)) 1.618008579s ago: executing program 2 (id=4424): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x10) flock(r0, 0x5) r1 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) flock(r1, 0x2) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}]}, &(0x7f0000000180)=0x10) 907.932469ms ago: executing program 3 (id=4425): process_vm_writev(0x0, 0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000217f28)=""/220, 0xdc}], 0x1, 0x0) r0 = socket$kcm(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001140)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000c00007b08000300", @ANYRES32=r4, @ANYBLOB="1400508005000200000000000800070001"], 0x30}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r8, 0x3b70, 0xfffffffffffffffe) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r2, {0x9d}}, './file0\x00'}) ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000180)={0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r8, 0xc01064bd, &(0x7f00000001c0)={&(0x7f0000000280)="5cd285e1238f99797609fc7b754d12481bca6ae43db60ad15c61fd251d8aed4fc6061c7654bc2d9e48eca05335dc0c03b39022ed3b3e7c301a7941fb2c5779e4fcbc22c15180d9c14257d298e1eb9a85713d3f4fa8a0c0013cf780b03174c3e43c3884723853a862a8f99d3f28e56c3af8437c48c1772fd84a1ecb169ac13c61be00d52d117f3c34a0", 0x89, 0x0}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r9, 0xc01864c6, &(0x7f0000000380)={&(0x7f0000000340)=[0x0, r10, 0x0, r11, 0x0], 0x5, 0x80000}) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e03002a000b05d25a806c8c6f94f90424fc601100077a0a000312050282c137153e370e0c1180fc0b0c000300", 0x33fe0}], 0x1}, 0x0) 767.579108ms ago: executing program 2 (id=4426): rename(&(0x7f0000000e00)='./bus\x00', &(0x7f0000001080)='./file0\x00') r0 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x20000400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) munmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) r2 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ff6000/0x3000)=nil) shmat(r2, &(0x7f00006a0000/0x4000)=nil, 0x6000) r3 = memfd_create(&(0x7f0000000600)='\x00\xac=\x9d\xd2\xdb\x1a\'\xf8\n\xedcJ\x8e\x84\xd4N\x00\x9b\x1f\t\xbd\x11\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3\xceB\xfc\xd4c\x1a\x8d>Xt\xdd\xbb\x80!Y\x12\"p^\x00\x02\xb4\xfdHA\xce\x9a\xde\xe4\xb6\xbcK#^\x00}2\xc6\xde7\x17\x95$\xdd\x8ew\a\xe5\x1f\xe0:|R\x04\xc2\xb8I\xa3\xb9\xe2\xa2\xebw\xdeI\x0f7i$\xf1\xd4\x9b\xc7\xb2\xbeD`\x8f\t\xdbb\x9d\x9dN\xa2\xee\xb8\xf6\xe2\xb4c\xc4\xb0\xc3\x964\x17\xf5\xb3\xc9\xb2\x94\xa8_f!\xdf\x90}\xba\xa3\x01\xe2\xcf\xb7\"S\a\x04ry\x00#4\x87m\xf7\xe3\xf5\xa7\xda\xb9\xcbU\xbe\x06]\xa9\xb6R~\xc9l}\xb7I\xfe\xae>\xf6quc9\xe0\xbf\x94\xdc\x99\xf4\\\xd0\x96:\xfb\x8c\x12o\xcc-\x13\x14\xbev\xae\x80Zp\x95c]\x98\x8c\x01\x8fo\xafjN\xcb\x98\xdf\xd3[V\xbd[\xb9\x10v\xee\xdc\xc8G\xd0\xdc9\xccO\xf74\x84o\x99\xe9\x14\x00\x00dU\x00\x00\x00\b\xfb\xb5Z\xb0-\xc8\xdb\x88f\xf4W\xeb\x06\xc2\xd1\xb6\xd1%\xca\x8f\x013|\x8ez\x1eo\x18\xb6#@P&[\xe0\xad\xda\nmU\x823\\&P\xdc\xbcS\x80\xc1dJ!LH\xaa\a\x82\f=_\t\x18L&\xaf\xb4v\"ukO\xa6\xf3\xde\x96\x85\xc5\xdd\x12|C.\x91\xf2[Y\x06\x8a\x9fN\x10\xb9\xf4\xecq\xce\xd2\x17\x88\xae\xcc7r\xd7\xeaz\xcevR\xcau\r\xf1\t\xc2$k\xdf\x8f\xe2\xbe\xfe\x14AN\xf8\xc6\xa8`Fs[6k\x00\x00+\xa5\xdcxUY3\xeb\xf6\xa3\x95!:\xd1CF\xfd\xcdx\x86\xe3\x19\xb2u[2\xd6=\xd6\'\n\xc1\xdc\x7f\x8c\xdc\x02\xb7=\xc1\xf9\xb5\xa8\x88\a\xbbL\x87\xa5\xd8_\xae\xa4\r\xc9\b6)&\xe1\xea\xcdo\xa3\xcc\x9d`.\xdb\"Y\xd8\x86J#o\xcc\xff\xaaS\x03\xa8~\x99\xe5\n\x00\x00\x00\x00\x00\x00\x03\xcd\xab\x89h6FvS\xf9\x1a\xa0\xba\xed\xcc\x94\x91\xfez\x96MQ\x99{w\x82ge5\xa0K\xd8\xba\x87u\xe19\x8a{,\x06\x06\xcb\x17:~\xa0@\xefF?\x00\x00\x00\x00\xb6\x9ff\x96\x0e\x1b/\x12lUpW@\x90\"\x02L\"S\xeb\xd6\xb3\xf1\a\x8f\x93\xb5P\xd5\x892\xaa\xa4N\xf9\xf6C\xc4\n\xe3\xf9\xcb\xce\xe7\xdcS\xb0r\xf6M0\xe3y\xcdQ\xfc9C<\x06W\x8f\n\xa13L\xfb\xee?dN\"\xa8\xe6\x10L\xd9\xc6|\xear\r\xb7\xda`\xb8\xf2\b\xf6\xa76\xdb\xbe&\x16\x06\xc0\x97\xab\x98\xcdA\x1f&\x98\xb4\xf0g\x05\xe2[\x97\xbb\xd7\xba\xcc\x9b3L5\x06\x95!\\\x81\x16\xdeY\xcb=\x8e\xe4\xd5\xc1\xbd!\x1dp]Q\x03\x1e0\xb0\x05\xe6Frv\xf5Lu\xdc7\xa13s\xd9j\xe2\b\x00\x00\x00\x00\x00\x00\x00/\x1b(\xeea(~\xb7\xf2\xd7\xdc\xea\x02f\x04\x14\x0e\xcc\x99\x9ff\xa0\xaa\xe2\x94\xfd\xfa\xfbW\xa8\xe0\x00\x00\xb8\xb4o\xdd\xd0\xd1\x9a\xc9\xc2\xfc(\x8c7\xce\xf8N\xa3\x91R&\xb2\x04;g\x8c/x~\x16\x8co<\x8bh\xdd\x87&\x01y\x9b\n_|\x06<\xd7n\xff\xd0\xdd0\x1d?\x88m\aB_\x94(XAv\x10\x14\x9c\xb1\xb7\xcf\x02\x1f4\xa5\xd7\x14\xd6Y*\x02\x06j\x87\x89G\xfb\xce6\x0e\x95h4-\xbc\x11a4\"@qs\xf4\x9a\xc8\xbfyo\x12\b\x9b\xb9}\x00\xd534\xc7(\x01w\x9c\x94u\x8b!\xac\xd6\x89\x19J\xae\x7fE\x0eB\x9a\xc4%\xf8\xa7\x16\x8a\x05Rj\x85\xeb\xa3L\xcc\x9a\x02\xe5\x83h!\x99\x93lD\xe1\xa7\xfe>\xdb\x9d\xab\x1d\xb6r\xee\x04D\xa0\x94(\xdb\xe1&\x11\xdf\xb3\xa7b\x14\xda^U5\xf6\x9dN\x9d\x9cM\xb2\xf5\x10\xc4QW\xe2\xe0\xf4\x7f\x0e\xd3\xd9)\x9eq2\xeb\xd8\xbf\xfe\xef^\x1e\xb2\x7f\xf1\xb3\xa7\xe1G\xc1\x06Q7\x95\x02`\x93\xf4\xb6YM_\xa3\x94q\xb0\xe1\x01\xf1 \f\xaeM\xa7\x8e\r:A\x1b\x06\xd6e\x85\xf1\x7fG\xf6\x9aa?\xd6v\x9f\xe2\xdd\xd9\xb6\x87\x88\xc2+\xc4\xfb\xdc\x95\x89\xc1\xd0yD\xac\x1b\x00Zo\xd4\xcf\'+\x00e\x85\x00'/1214, 0x1) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='cdg\x00', 0x4) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000100), 0xfffffd9d) sendfile(r4, r5, 0x0, 0x8000002b) accept$unix(r0, &(0x7f00000000c0), &(0x7f0000000140)=0x6e) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9e) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x6000009, 0x10, r3, 0x0) openat(r5, &(0x7f0000000000)='./bus\x00', 0x0, 0x114) r6 = gettid() tkill(r6, 0x20000b) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xeee141d97fdc3b1c, 0x8010, 0xffffffffffffffff, 0x0) shmctl$IPC_STAT(r2, 0x2, &(0x7f0000000200)=""/17) shmctl$IPC_RMID(0x0, 0x0) shmget$private(0x0, 0x4000, 0x0, &(0x7f000069f000/0x4000)=nil) mlock2(&(0x7f0000048000/0x2000)=nil, 0x2000, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) 58.711433ms ago: executing program 3 (id=4427): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x0, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000001680)={0x0, 0x0, 0x0}, 0x0) r2 = getpid() prctl$PR_SCHED_CORE(0x3e, 0x20000000000001, 0x0, 0x2, 0x0) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) ioctl$BLKFLSBUF(0xffffffffffffffff, 0x1261, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r3) mount(0x0, &(0x7f0000000540)='.\x00', &(0x7f0000000500)='proc\x00', 0x0, 0x0) r4 = inotify_init1(0x0) fcntl$setown(r4, 0x8, 0xffffffffffffffff) fcntl$getownex(r4, 0x10, &(0x7f0000000140)) r5 = syz_open_dev$dri(&(0x7f0000000080), 0x2, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000440)={0x101, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = syz_open_procfs(r2, &(0x7f0000000040)='fd/4\x00') ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r6, 0x40086610, &(0x7f0000000180)={@id={0x4003f, 0x0, @b}}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') read$FUSE(0xffffffffffffffff, 0x0, 0x0) write$uinput_user_dev(r1, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x84e], [0x10, 0x1, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70f04953, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0xf37, 0x0, 0x10000, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e66, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x404], [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffff, 0x0, 0x7fffffff, 0x0, 0x5, 0x0, 0xffffffff]}, 0x45c) ioctl$UI_SET_PROPBIT(r1, 0x5501, 0x0) 0s ago: executing program 2 (id=4428): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000002004000b7080000000000007b8af8ff00000000b7080000000200007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a50000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0x4, 0x3, 0x6}, 0x10, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = syz_clone(0x800c000, &(0x7f0000001480), 0x0, 0x0, 0x0, 0x0) kcmp(r0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0}) r4 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8}]}}]}, 0x3c}}, 0x0) llistxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)=""/89, 0x59) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r5, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x10006}) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x1f, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) creat(&(0x7f0000000340)='./file0/file0\x00', 0x0) 0s ago: executing program 3 (id=4429): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000000)={0x0, 0x57, "3b60a5b628168bad0f34e01d9db2300790ca05ba79ff3a83a5c3411ea9d018ec84c8407cef23622635c64e7d15e5d59f5ac8fc2203fda5b236788b01f703ee09996970f3eb12dfecbdd707ead044b8cb2ee0026bb4cb9b"}, &(0x7f0000000080)=0x5f) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYRESDEC=r1, @ANYRES32=r1, @ANYRESDEC], &(0x7f0000000540)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = socket(0x10, 0x3, 0x0) connect$netlink(r3, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) sendmsg$nl_route_sched(r3, &(0x7f0000000080)={&(0x7f0000000800), 0xc, &(0x7f00000005c0)={&(0x7f0000001580)=@newtaction={0x14, 0x31, 0x200}, 0x14}, 0x1, 0x0, 0x0, 0x48010}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0], 0x0, 0xd6, &(0x7f0000000140)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0xe2, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800"/13], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r4 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) fsmount(r4, 0x0, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r6 = gettid() fcntl$setownex(r5, 0xf, &(0x7f0000000080)={0x2, r6}) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$UI_DEV_SETUP(r7, 0x405c5503, &(0x7f0000000000)={{}, 'syz1\x00'}) ioctl$UI_DEV_CREATE(r7, 0x5501) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x40045564) fcntl$setlease(r5, 0x400, 0x1) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r8 = open(&(0x7f0000000200)='./bus\x00', 0x1612c2, 0x0) mount(&(0x7f0000000440)=@filename='./bus\x00', &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='tracefs\x00', 0x0, 0x0) sendfile(r8, 0xffffffffffffffff, 0x0, 0x200) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xb, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) connect$inet(r5, 0x0, 0x0) kernel console output (not intermixed with test programs): 50564][T19559] RSP: 002b:00007fd5bbed2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 625.053549][T19559] RAX: ffffffffffffffda RBX: 00007fd5bb335f80 RCX: 00007fd5bb17dff9 [ 625.056429][T19559] RDX: 00000000200000c0 RSI: 000000004008ae8a RDI: 0000000000000005 [ 625.059173][T19559] RBP: 00007fd5bbed2090 R08: 0000000000000000 R09: 0000000000000000 [ 625.061841][T19559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 625.064595][T19559] R13: 0000000000000000 R14: 00007fd5bb335f80 R15: 00007ffed2e54418 [ 625.067600][T19559] [ 625.070158][T19559] ERROR: Out of memory at tomoyo_realpath_from_path. [ 625.200278][ T39] audit: type=1400 audit(2000000484.539:1900): avc: denied { append } for pid=19561 comm="syz.0.3920" name="sg0" dev="devtmpfs" ino=705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 625.278994][T19562] vlan2: entered allmulticast mode [ 625.280420][T19562] vlan1: entered allmulticast mode [ 625.281773][T19562] veth0_vlan: entered allmulticast mode [ 625.284080][T19562] bridge0: port 3(vlan2) entered blocking state [ 625.285770][T19562] bridge0: port 3(vlan2) entered disabled state [ 625.288029][T19562] vlan2: entered promiscuous mode [ 625.289395][T19562] vlan1: entered promiscuous mode [ 625.291153][T19562] bridge0: port 3(vlan2) entered blocking state [ 625.292966][T19562] bridge0: port 3(vlan2) entered forwarding state [ 625.414944][T19562] bridge0: port 3(vlan2) entered disabled state [ 625.416682][T19562] bridge0: port 2(bridge_slave_1) entered disabled state [ 625.419054][T19562] bridge0: port 1(bridge_slave_0) entered disabled state [ 625.573362][T19575] usb usb2: usbfs: process 19575 (syz.1.3924) did not claim interface 0 before use [ 625.669719][T19562] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 625.690328][T19562] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 625.698053][ T39] audit: type=1400 audit(2000000485.039:1901): avc: denied { map } for pid=19576 comm="syz.1.3925" path="socket:[116806]" dev="sockfs" ino=116806 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 625.710530][ T39] audit: type=1400 audit(2000000485.039:1902): avc: denied { read } for pid=19576 comm="syz.1.3925" path="socket:[116806]" dev="sockfs" ino=116806 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 625.767877][T19562] veth0_vlan: left allmulticast mode [ 625.771027][T19562] vlan1: left allmulticast mode [ 625.772367][T19562] vlan1: left promiscuous mode [ 625.845064][T19562] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.847474][T19562] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.849776][T19562] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.852108][T19562] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 625.869271][T19583] FAULT_INJECTION: forcing a failure. [ 625.869271][T19583] name failslab, interval 1, probability 0, space 0, times 0 [ 625.876345][T19583] CPU: 1 UID: 0 PID: 19583 Comm: syz.2.3927 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0 [ 625.880239][T19583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 625.884160][T19583] Call Trace: [ 625.885386][T19583] [ 625.886439][T19583] dump_stack_lvl+0x16c/0x1f0 [ 625.888135][T19583] should_fail_ex+0x497/0x5b0 [ 625.889830][T19583] ? fs_reclaim_acquire+0xae/0x160 [ 625.891615][T19583] should_failslab+0xc2/0x120 [ 625.893277][T19583] __kmalloc_node_noprof+0xd1/0x430 [ 625.895243][T19583] ? synchronize_rcu_expedited+0x424/0x450 [ 625.897477][T19583] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 625.899553][T19583] __kvmalloc_node_noprof+0xad/0x1a0 [ 625.901517][T19583] bpf_test_run_xdp_live+0x140/0x500 [ 625.903474][T19583] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 625.905581][T19583] ? find_held_lock+0x2d/0x110 [ 625.907191][T19583] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 625.909262][T19583] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 625.911361][T19583] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 625.913411][T19583] ? __pfx_wait_rcu_exp_gp+0x10/0x10 [ 625.915256][T19583] ? 0xffffffffa00045c0 [ 625.916699][T19583] ? 0xffffffffa00045c0 [ 625.918156][T19583] ? 0xffffffffa00045c0 [ 625.919614][T19583] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 625.921812][T19583] bpf_prog_test_run_xdp+0x827/0x1580 [ 625.923885][T19583] ? lock_acquire+0x2f/0xb0 [ 625.925622][T19583] ? __fget_files+0x40/0x3f0 [ 625.927387][T19583] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 625.929445][T19583] ? fput+0x30/0x390 [ 625.930730][T19583] ? __bpf_prog_get+0xa0/0x290 [ 625.931978][T19583] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 625.933500][T19583] __sys_bpf+0xfc6/0x49a0 [ 625.934751][T19583] ? ksys_write+0x21e/0x260 [ 625.935974][T19583] ? reacquire_held_locks+0x440/0x4c0 [ 625.937362][T19583] ? __pfx___sys_bpf+0x10/0x10 [ 625.938636][T19583] ? vfs_write+0x14d/0x1140 [ 625.939858][T19583] ? __mutex_unlock_slowpath+0x164/0x650 [ 625.941428][T19583] ? fput+0x30/0x390 [ 625.942546][T19583] ? ksys_write+0x1ad/0x260 [ 625.943999][T19583] ? __pfx_ksys_write+0x10/0x10 [ 625.945344][T19583] __x64_sys_bpf+0x78/0xc0 [ 625.946532][T19583] ? lockdep_hardirqs_on+0x7c/0x110 [ 625.947900][T19583] do_syscall_64+0xcd/0x250 [ 625.949089][T19583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.950657][T19583] RIP: 0033:0x7fac91d7dff9 [ 625.951936][T19583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.956916][T19583] RSP: 002b:00007fac92c42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 625.959109][T19583] RAX: ffffffffffffffda RBX: 00007fac91f35f80 RCX: 00007fac91d7dff9 [ 625.961194][T19583] RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a [ 625.963547][T19583] RBP: 00007fac92c42090 R08: 0000000000000000 R09: 0000000000000000 [ 625.965598][T19583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 625.967748][T19583] R13: 0000000000000000 R14: 00007fac91f35f80 R15: 00007ffc834494c8 [ 625.970519][T19583] [ 625.998795][T19563] bridge_slave_0: left allmulticast mode [ 626.000839][T19563] bridge_slave_0: left promiscuous mode [ 626.006415][T19563] bridge0: port 1(bridge_slave_0) entered disabled state [ 626.011900][T19563] bridge_slave_1: left allmulticast mode [ 626.015678][T19563] bridge_slave_1: left promiscuous mode [ 626.017974][T19563] bridge0: port 2(bridge_slave_1) entered disabled state [ 626.026547][T19563] bond0: (slave bond_slave_0): Releasing backup interface [ 626.033603][T19563] bond0: (slave bond_slave_1): Releasing backup interface [ 626.053785][T19563] team0: Port device team_slave_0 removed [ 626.062254][T19563] team0: Port device team_slave_1 removed [ 626.064585][T19563] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 626.067698][T19563] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 626.070953][T19563] vlan2: left promiscuous mode [ 626.072697][T19563] bridge0: port 3(vlan2) entered disabled state [ 626.074114][ T39] audit: type=1400 audit(2000000485.419:1903): avc: denied { setcurrent } for pid=19587 comm="syz.2.3928" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 626.112566][ T39] audit: type=1400 audit(2000000485.449:1904): avc: denied { map } for pid=19587 comm="syz.2.3928" path="/dev/sg0" dev="devtmpfs" ino=705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 626.151703][T19592] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3931'. [ 626.155397][T19592] openvswitch: netlink: IP tunnel attribute has 3040 unknown bytes. [ 626.317153][T19605] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3935'. [ 626.339707][T19605] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 626.505280][T19605] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 626.694680][ T39] audit: type=1326 audit(2000000486.039:1905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19616 comm="syz.0.3936" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd5bb17dff9 code=0x0 [ 626.792012][T19620] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 627.904186][T19640] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3944'. [ 627.953140][T18468] usb 8-1: new high-speed USB device number 27 using dummy_hcd [ 628.104116][T18468] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 628.107819][T18468] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 628.111101][T18468] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 628.115494][T18468] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 628.118690][T18468] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.122811][T18468] usb 8-1: config 0 descriptor?? [ 628.527949][T18468] plantronics 0003:047F:FFFF.000F: unknown main item tag 0x0 [ 628.530762][T18468] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving [ 628.535290][T18468] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 628.793563][ T55] usb 8-1: USB disconnect, device number 27 [ 629.046889][T19662] FAULT_INJECTION: forcing a failure. [ 629.046889][T19662] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 629.051413][T19662] CPU: 0 UID: 0 PID: 19662 Comm: syz.0.3952 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0 [ 629.054817][T19662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 629.058458][T19662] Call Trace: [ 629.059621][T19662] [ 629.060654][T19662] dump_stack_lvl+0x16c/0x1f0 [ 629.062307][T19662] should_fail_ex+0x497/0x5b0 [ 629.063948][T19662] _copy_to_user+0x30/0xc0 [ 629.065584][T19662] simple_read_from_buffer+0xd0/0x160 [ 629.067572][T19662] proc_fail_nth_read+0x198/0x270 [ 629.069218][T19662] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 629.070710][T19662] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 629.072192][T19662] vfs_read+0x1ce/0xbd0 [ 629.073477][T19662] ? __fget_files+0x23a/0x3f0 [ 629.075072][T19662] ? fdget_pos+0x24c/0x360 [ 629.076616][T19662] ? __pfx_lock_release+0x10/0x10 [ 629.078351][T19662] ? trace_lock_acquire+0x14a/0x1d0 [ 629.080204][T19662] ? __pfx_vfs_read+0x10/0x10 [ 629.081959][T19662] ? __pfx___mutex_lock+0x10/0x10 [ 629.083772][T19662] ? __fget_files+0x244/0x3f0 [ 629.085418][T19662] ksys_read+0x12f/0x260 [ 629.086906][T19662] ? __pfx_ksys_read+0x10/0x10 [ 629.088564][T19662] do_syscall_64+0xcd/0x250 [ 629.090165][T19662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.092227][T19662] RIP: 0033:0x7fd5bb17ca3c [ 629.093791][T19662] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 629.100393][T19662] RSP: 002b:00007fd5bbed2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 629.103235][T19662] RAX: ffffffffffffffda RBX: 00007fd5bb335f80 RCX: 00007fd5bb17ca3c [ 629.105922][T19662] RDX: 000000000000000f RSI: 00007fd5bbed20a0 RDI: 0000000000000004 [ 629.108621][T19662] RBP: 00007fd5bbed2090 R08: 0000000000000000 R09: 0000000000000000 [ 629.111408][T19662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 629.114145][T19662] R13: 0000000000000000 R14: 00007fd5bb335f80 R15: 00007ffed2e54418 [ 629.116887][T19662] [ 629.292200][T19663] Process accounting resumed [ 629.343085][T19668] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3954'. [ 630.258157][T19672] team0: Port device team_slave_1 removed [ 630.292933][T19671] Process accounting resumed [ 631.070452][T19650] delete_channel: no stack [ 631.136929][T19682] FAULT_INJECTION: forcing a failure. [ 631.136929][T19682] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 631.141957][T19682] CPU: 2 UID: 0 PID: 19682 Comm: syz.2.3959 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0 [ 631.145948][T19682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 631.149941][T19682] Call Trace: [ 631.151209][T19682] [ 631.152329][T19682] dump_stack_lvl+0x16c/0x1f0 [ 631.154074][T19682] should_fail_ex+0x497/0x5b0 [ 631.155750][T19682] _copy_from_iter+0x2a1/0x1540 [ 631.157469][T19682] ? __pfx__copy_from_iter+0x10/0x10 [ 631.159353][T19682] ? __virt_addr_valid+0x1a4/0x590 [ 631.161164][T19682] ? __virt_addr_valid+0x5e/0x590 [ 631.162960][T19682] ? __phys_addr_symbol+0x30/0x80 [ 631.165138][T19682] ? __check_object_size+0x488/0x710 [ 631.167012][T19682] netlink_sendmsg+0x813/0xd70 [ 631.168785][T19682] ? __pfx_netlink_sendmsg+0x10/0x10 [ 631.170810][T19682] ? __import_iovec+0x1fd/0x6e0 [ 631.172737][T19682] ____sys_sendmsg+0xaaf/0xc90 [ 631.174491][T19682] ? copy_msghdr_from_user+0x10b/0x160 [ 631.176444][T19682] ? __pfx_____sys_sendmsg+0x10/0x10 [ 631.178355][T19682] ? __pfx___lock_acquire+0x10/0x10 [ 631.180190][T19682] ___sys_sendmsg+0x135/0x1e0 [ 631.181856][T19682] ? __pfx____sys_sendmsg+0x10/0x10 [ 631.183764][T19682] ? lock_acquire+0x2f/0xb0 [ 631.185385][T19682] ? __fget_files+0x40/0x3f0 [ 631.187060][T19682] ? fdget+0x176/0x210 [ 631.188562][T19682] __sys_sendmsg+0x117/0x1f0 [ 631.190327][T19682] ? __pfx___sys_sendmsg+0x10/0x10 [ 631.192253][T19682] ? __fget_files+0x244/0x3f0 [ 631.194039][T19682] do_syscall_64+0xcd/0x250 [ 631.195694][T19682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.197838][T19682] RIP: 0033:0x7fac91d7dff9 [ 631.199440][T19682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 631.206188][T19682] RSP: 002b:00007fac92c42038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 631.209123][T19682] RAX: ffffffffffffffda RBX: 00007fac91f35f80 RCX: 00007fac91d7dff9 [ 631.211951][T19682] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 631.214871][T19682] RBP: 00007fac92c42090 R08: 0000000000000000 R09: 0000000000000000 [ 631.217657][T19682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 631.220429][T19682] R13: 0000000000000000 R14: 00007fac91f35f80 R15: 00007ffc834494c8 [ 631.223278][T19682] [ 631.229842][T19684] FAULT_INJECTION: forcing a failure. [ 631.229842][T19684] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 631.234581][T19684] CPU: 0 UID: 0 PID: 19684 Comm: syz.3.3960 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0 [ 631.238324][T19684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 631.241729][T19684] Call Trace: [ 631.242644][T19684] [ 631.243430][T19684] dump_stack_lvl+0x16c/0x1f0 [ 631.244665][T19684] should_fail_ex+0x497/0x5b0 [ 631.245904][T19684] _copy_from_iter+0x2a1/0x1540 [ 631.247247][T19684] ? __pfx__copy_from_iter+0x10/0x10 [ 631.248943][T19684] ? __virt_addr_valid+0x1a4/0x590 [ 631.250672][T19684] ? __virt_addr_valid+0x5e/0x590 [ 631.252479][T19684] ? __phys_addr_symbol+0x30/0x80 [ 631.254218][T19684] ? __check_object_size+0x488/0x710 [ 631.255829][T19684] netlink_sendmsg+0x813/0xd70 [ 631.257456][T19684] ? __pfx_netlink_sendmsg+0x10/0x10 [ 631.259232][T19684] ? __import_iovec+0x1fd/0x6e0 [ 631.260700][T19684] ____sys_sendmsg+0xaaf/0xc90 [ 631.262163][T19684] ? copy_msghdr_from_user+0x10b/0x160 [ 631.263743][T19684] ? __pfx_____sys_sendmsg+0x10/0x10 [ 631.265462][T19684] ? __pfx___lock_acquire+0x10/0x10 [ 631.267182][T19684] ___sys_sendmsg+0x135/0x1e0 [ 631.268810][T19684] ? __pfx____sys_sendmsg+0x10/0x10 [ 631.270534][T19684] ? lock_acquire+0x2f/0xb0 [ 631.272161][T19684] ? __fget_files+0x40/0x3f0 [ 631.273822][T19684] ? fdget+0x176/0x210 [ 631.275056][T19684] __sys_sendmmsg+0x1a1/0x450 [ 631.276724][T19684] ? __pfx___sys_sendmmsg+0x10/0x10 [ 631.278439][T19684] ? vfs_write+0x14d/0x1140 [ 631.279613][T19684] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 631.281120][T19684] ? fput+0x30/0x390 [ 631.282115][T19684] ? ksys_write+0x1ad/0x260 [ 631.283431][T19684] ? __pfx_ksys_write+0x10/0x10 [ 631.285141][T19684] __x64_sys_sendmmsg+0x9c/0x100 [ 631.286836][T19684] ? lockdep_hardirqs_on+0x7c/0x110 [ 631.288634][T19684] do_syscall_64+0xcd/0x250 [ 631.290230][T19684] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.292167][T19684] RIP: 0033:0x7f2d9e37dff9 [ 631.293736][T19684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 631.300006][T19684] RSP: 002b:00007f2d9f09e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 631.302761][T19684] RAX: ffffffffffffffda RBX: 00007f2d9e535f80 RCX: 00007f2d9e37dff9 [ 631.305125][T19684] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 631.307830][T19684] RBP: 00007f2d9f09e090 R08: 0000000000000000 R09: 0000000000000000 [ 631.310830][T19684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 631.314184][T19684] R13: 0000000000000000 R14: 00007f2d9e535f80 R15: 00007ffd35c4f3f8 [ 631.317578][T19684] [ 631.507115][ T39] audit: type=1400 audit(2000000490.849:1906): avc: denied { mount } for pid=19687 comm="syz.3.3962" name="/" dev="ramfs" ino=116005 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 632.100449][ T39] audit: type=1326 audit(2000000491.439:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19685 comm="syz.2.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7fc00000 [ 632.108127][ T39] audit: type=1326 audit(2000000491.439:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19685 comm="syz.2.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fac91d7dff9 code=0x7fc00000 [ 632.115400][ T39] audit: type=1326 audit(2000000491.439:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19685 comm="syz.2.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7fc00000 [ 632.122969][ T39] audit: type=1326 audit(2000000491.439:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19685 comm="syz.2.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7fc00000 [ 632.129350][ T39] audit: type=1326 audit(2000000491.439:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19685 comm="syz.2.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7fc00000 [ 632.135542][ T39] audit: type=1326 audit(2000000491.439:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19685 comm="syz.2.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7fc00000 [ 632.142802][ T39] audit: type=1326 audit(2000000491.439:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19685 comm="syz.2.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7fc00000 [ 632.149825][ T39] audit: type=1326 audit(2000000491.439:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19685 comm="syz.2.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7fc00000 [ 632.157032][ T39] audit: type=1326 audit(2000000491.439:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19685 comm="syz.2.3961" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7fc00000 [ 632.672606][ T827] usb 8-1: new high-speed USB device number 28 using dummy_hcd [ 632.834134][ T827] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 632.841224][ T827] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 632.845134][ T827] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 632.848920][ T827] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 632.856862][ T827] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 632.859830][ T827] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.863910][ T827] usb 8-1: config 0 descriptor?? [ 632.866246][T19700] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 633.393371][T19702] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 633.395173][T19702] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 633.399648][T19702] vhci_hcd vhci_hcd.0: Device attached [ 633.403561][T19703] vhci_hcd: cannot find the pending unlink 5 [ 633.404168][T19702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 633.408454][T19702] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 633.642661][T18468] usb 19-1: new high-speed USB device number 3 using vhci_hcd [ 634.304886][T19706] FAULT_INJECTION: forcing a failure. [ 634.304886][T19706] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 634.308312][T19706] CPU: 0 UID: 0 PID: 19706 Comm: syz.2.3965 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0 [ 634.311396][T19706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 634.314234][T19706] Call Trace: [ 634.315402][T19706] [ 634.316434][T19706] dump_stack_lvl+0x16c/0x1f0 [ 634.318075][T19706] should_fail_ex+0x497/0x5b0 [ 634.319490][T19706] _copy_to_user+0x30/0xc0 [ 634.320914][T19706] simple_read_from_buffer+0xd0/0x160 [ 634.322897][T19706] proc_fail_nth_read+0x198/0x270 [ 634.324679][T19706] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 634.326693][T19706] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 634.328538][T19706] vfs_read+0x1ce/0xbd0 [ 634.329645][T19706] ? __fget_files+0x23a/0x3f0 [ 634.330901][T19706] ? fdget_pos+0x24c/0x360 [ 634.332265][T19706] ? __pfx_lock_release+0x10/0x10 [ 634.333804][T19706] ? trace_lock_acquire+0x14a/0x1d0 [ 634.335368][T19706] ? __pfx_vfs_read+0x10/0x10 [ 634.336815][T19706] ? __pfx___mutex_lock+0x10/0x10 [ 634.338314][T19706] ? __fget_files+0x244/0x3f0 [ 634.339553][T19706] ksys_read+0x12f/0x260 [ 634.340750][T19706] ? __pfx_ksys_read+0x10/0x10 [ 634.342121][T19706] do_syscall_64+0xcd/0x250 [ 634.343257][T19706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 634.345003][T19706] RIP: 0033:0x7fac91d7ca3c [ 634.346597][T19706] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 634.353228][T19706] RSP: 002b:00007fac92c42030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 634.356083][T19706] RAX: ffffffffffffffda RBX: 00007fac91f35f80 RCX: 00007fac91d7ca3c [ 634.358789][T19706] RDX: 000000000000000f RSI: 00007fac92c420a0 RDI: 0000000000000004 [ 634.361531][T19706] RBP: 00007fac92c42090 R08: 0000000000000000 R09: 0000000000000020 [ 634.363715][T19706] R10: 0000000004048814 R11: 0000000000000246 R12: 0000000000000001 [ 634.366132][T19706] R13: 0000000000000000 R14: 00007fac91f35f80 R15: 00007ffc834494c8 [ 634.368184][T19706] [ 635.440898][T19703] vhci_hcd: connection reset by peer [ 635.454118][ T827] usbhid 8-1:0.0: can't add hid device: -71 [ 635.454978][T14907] vhci_hcd: stop threads [ 635.455955][ T827] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 635.457581][T14907] vhci_hcd: release socket [ 635.461265][ T827] usb 8-1: USB disconnect, device number 28 [ 635.461410][T14907] vhci_hcd: disconnect device [ 635.546574][T19716] netlink: 'syz.3.3968': attribute type 7 has an invalid length. [ 635.549467][T19716] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3968'. [ 636.385072][T19719] FAULT_INJECTION: forcing a failure. [ 636.385072][T19719] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 636.389792][T19719] CPU: 1 UID: 0 PID: 19719 Comm: syz.3.3969 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0 [ 636.394360][T19719] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 636.398765][T19719] Call Trace: [ 636.400071][T19719] [ 636.401335][T19719] dump_stack_lvl+0x16c/0x1f0 [ 636.403038][T19719] should_fail_ex+0x497/0x5b0 [ 636.404847][T19719] _copy_from_iter+0x2a1/0x1540 [ 636.406648][T19719] ? __pfx__copy_from_iter+0x10/0x10 [ 636.408814][T19719] ? __virt_addr_valid+0x1a4/0x590 [ 636.411014][T19719] ? __virt_addr_valid+0x5e/0x590 [ 636.413338][T19719] ? __phys_addr_symbol+0x30/0x80 [ 636.415459][T19719] ? __check_object_size+0x488/0x710 [ 636.417641][T19719] netlink_sendmsg+0x813/0xd70 [ 636.419517][T19719] ? __pfx_netlink_sendmsg+0x10/0x10 [ 636.421393][T19719] ? __import_iovec+0x1fd/0x6e0 [ 636.423150][T19719] ____sys_sendmsg+0xaaf/0xc90 [ 636.424745][T19719] ? copy_msghdr_from_user+0x10b/0x160 [ 636.426385][T19719] ? __pfx_____sys_sendmsg+0x10/0x10 [ 636.427890][T19719] ? __pfx___lock_acquire+0x10/0x10 [ 636.429432][T19719] ___sys_sendmsg+0x135/0x1e0 [ 636.430925][T19719] ? __pfx____sys_sendmsg+0x10/0x10 [ 636.432946][T19719] ? lock_acquire+0x2f/0xb0 [ 636.434864][T19719] ? __fget_files+0x40/0x3f0 [ 636.436747][T19719] ? fdget+0x176/0x210 [ 636.438274][T19719] __sys_sendmsg+0x117/0x1f0 [ 636.439975][T19719] ? __pfx___sys_sendmsg+0x10/0x10 [ 636.441906][T19719] ? __fget_files+0x244/0x3f0 [ 636.443635][T19719] do_syscall_64+0xcd/0x250 [ 636.445294][T19719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 636.447458][T19719] RIP: 0033:0x7f2d9e37dff9 [ 636.449069][T19719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 636.455180][T19719] RSP: 002b:00007f2d9f09e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 636.457782][T19719] RAX: ffffffffffffffda RBX: 00007f2d9e535f80 RCX: 00007f2d9e37dff9 [ 636.460521][T19719] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 636.463436][T19719] RBP: 00007f2d9f09e090 R08: 0000000000000000 R09: 0000000000000000 [ 636.466299][T19719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 636.469456][T19719] R13: 0000000000000000 R14: 00007f2d9e535f80 R15: 00007ffd35c4f3f8 [ 636.472677][T19719] [ 636.776174][ T39] kauditd_printk_skb: 22688 callbacks suppressed [ 636.776191][ T39] audit: type=1400 audit(2000000496.119:24604): avc: denied { read } for pid=19720 comm="syz.3.3970" path="socket:[116939]" dev="sockfs" ino=116939 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 636.834904][T19722] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 637.529076][T19725] fuse: Unknown parameter 'fd9R|#ymiI.VbuDzsri 7#C' [ 637.764196][T19731] audit: audit_lost=9 audit_rate_limit=0 audit_backlog_limit=64 [ 637.767010][T19731] audit: out of memory in audit_log_start [ 637.795880][ T5350] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 637.808240][ T5350] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 637.814948][ T5350] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 637.821369][ T5350] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 637.830596][ T5350] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 637.835025][ T5350] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 637.840780][ T4772] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 637.850282][ T4772] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 637.853079][ T4772] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 637.862326][ T4772] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 637.866313][ T4772] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 637.869062][ T4772] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 638.020590][ T39] audit: type=1400 audit(2000000497.359:24605): avc: denied { setopt } for pid=19739 comm="syz.3.3977" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 638.026166][T19732] chnl_net:caif_netlink_parms(): no params data found [ 638.165062][T19749] [U] V3Fپ"W/4:XTZWTLW= [ 638.169421][ T39] audit: type=1400 audit(2000000497.509:24606): avc: denied { ioctl } for pid=19745 comm="syz.2.3978" path="socket:[117818]" dev="sockfs" ino=117818 ioctlcmd=0x9422 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 638.253333][T19732] bridge0: port 1(bridge_slave_0) entered blocking state [ 638.256038][T19732] bridge0: port 1(bridge_slave_0) entered disabled state [ 638.258777][T19732] bridge_slave_0: entered allmulticast mode [ 638.261825][T19732] bridge_slave_0: entered promiscuous mode [ 638.280397][T19732] bridge0: port 2(bridge_slave_1) entered blocking state [ 638.283038][T19732] bridge0: port 2(bridge_slave_1) entered disabled state [ 638.285629][T19732] bridge_slave_1: entered allmulticast mode [ 638.288784][T19732] bridge_slave_1: entered promiscuous mode [ 638.405350][T19732] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 638.412135][T19732] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 638.457698][T19732] team0: Port device team_slave_0 added [ 638.461679][T19732] team0: Port device team_slave_1 added [ 638.493716][T19732] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 638.495530][T19732] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.503693][T19732] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 638.509008][T19732] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 638.511494][T19732] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.521089][T19732] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 638.566178][T19732] hsr_slave_0: entered promiscuous mode [ 638.569144][T19732] hsr_slave_1: entered promiscuous mode [ 638.684953][T19753] futex_wake_op: syz.2.3979 tries to shift op by 144; fix this program [ 638.742399][T19732] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 638.798002][T18468] vhci_hcd: vhci_device speed not set [ 638.847314][T19732] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 639.008837][T19732] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 639.125936][ T39] audit: type=1400 audit(2000000498.469:24607): avc: denied { connect } for pid=19761 comm="syz.3.3981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 639.140520][T19732] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 639.523903][T19732] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 639.530732][T19732] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 639.542059][T19732] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 639.550186][T19732] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 639.668446][T19732] 8021q: adding VLAN 0 to HW filter on device bond0 [ 639.726003][T19732] 8021q: adding VLAN 0 to HW filter on device team0 [ 639.746610][T14907] bridge0: port 1(bridge_slave_0) entered blocking state [ 639.748964][T14907] bridge0: port 1(bridge_slave_0) entered forwarding state [ 639.771765][ T1103] bridge0: port 2(bridge_slave_1) entered blocking state [ 639.776375][ T1103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 639.856243][ T4772] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 639.865019][ T4772] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 639.870352][ T4772] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 639.873437][ T4772] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 639.878448][ T4772] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 639.884107][ T4772] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 639.922566][ T4772] Bluetooth: hci0: command tx timeout [ 640.127860][T19732] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 640.197391][T19732] veth0_vlan: entered promiscuous mode [ 640.202007][T19732] veth1_vlan: entered promiscuous mode [ 640.232593][T18504] usb 7-1: new low-speed USB device number 34 using dummy_hcd [ 640.238928][T19769] chnl_net:caif_netlink_parms(): no params data found [ 640.340234][T19769] bridge0: port 1(bridge_slave_0) entered blocking state [ 640.342624][T19769] bridge0: port 1(bridge_slave_0) entered disabled state [ 640.344857][T19769] bridge_slave_0: entered allmulticast mode [ 640.346898][T19769] bridge_slave_0: entered promiscuous mode [ 640.349555][T19732] veth0_macvtap: entered promiscuous mode [ 640.355960][T19769] bridge0: port 2(bridge_slave_1) entered blocking state [ 640.358341][T19769] bridge0: port 2(bridge_slave_1) entered disabled state [ 640.360220][T19769] bridge_slave_1: entered allmulticast mode [ 640.362262][T19769] bridge_slave_1: entered promiscuous mode [ 640.382634][T18504] usb 7-1: Invalid ep0 maxpacket: 16 [ 640.414963][T19769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 640.418668][T19732] veth1_macvtap: entered promiscuous mode [ 640.430950][T19769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 640.463416][T19769] team0: Port device team_slave_0 added [ 640.509050][T19769] team0: Port device team_slave_1 added [ 640.522590][T18504] usb 7-1: new low-speed USB device number 35 using dummy_hcd [ 640.538871][T19769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 640.541282][T19769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 640.549688][T19769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 640.554905][T19769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 640.557032][T19769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 640.566078][T19769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 640.594779][T19732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.597606][T19732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.600321][T19732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.604571][T19732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.607848][T19732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.610727][T19732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.613406][T19732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 640.616003][T19732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.619246][T19732] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 640.663465][T19769] hsr_slave_0: entered promiscuous mode [ 640.666187][T19769] hsr_slave_1: entered promiscuous mode [ 640.668561][T19769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 640.671219][T19769] Cannot create hsr debugfs directory [ 640.693486][T18504] usb 7-1: Invalid ep0 maxpacket: 16 [ 640.695949][T19732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 640.696592][T18504] usb usb7-port1: attempt power cycle [ 640.698603][T19732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.704110][T19732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 640.707349][T19732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.710121][T19732] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 640.713475][T19732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 640.716985][T19732] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 640.721087][T19732] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 640.725187][T19732] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 640.728106][T19732] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 640.730886][T19732] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 640.899431][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 640.901513][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 640.979264][ T88] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 640.982214][ T88] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 641.044116][T18504] usb 7-1: new low-speed USB device number 36 using dummy_hcd [ 641.088272][T18504] usb 7-1: Invalid ep0 maxpacket: 16 [ 641.213174][T18504] usb 7-1: new low-speed USB device number 37 using dummy_hcd [ 641.234128][T18504] usb 7-1: Invalid ep0 maxpacket: 16 [ 641.238744][T18504] usb usb7-port1: unable to enumerate USB device [ 641.551781][T18558] bond0 (unregistering): Released all slaves [ 641.907752][T18558] hsr_slave_0: left promiscuous mode [ 641.910304][T18558] hsr_slave_1: left promiscuous mode [ 642.005908][ T4772] Bluetooth: hci0: command tx timeout [ 642.018213][ T4772] Bluetooth: hci2: command tx timeout [ 642.373024][ T829] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 642.553205][ T829] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 642.557032][ T829] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 642.560357][ T829] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 642.564500][ T829] usb 6-1: config 0 interface 0 has no altsetting 0 [ 642.571011][ T829] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 642.576269][ T829] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 642.580093][ T829] usb 6-1: config 0 interface 0 has no altsetting 0 [ 642.583828][ T829] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 642.589221][ T829] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 642.593130][ T829] usb 6-1: config 0 interface 0 has no altsetting 0 [ 642.596570][ T829] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 642.599904][ T829] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 642.603993][ T829] usb 6-1: config 0 interface 0 has no altsetting 0 [ 642.607464][ T829] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 642.610422][ T829] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 642.614558][ T829] usb 6-1: config 0 interface 0 has no altsetting 0 [ 642.618395][ T829] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 642.621594][ T829] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 642.625649][ T829] usb 6-1: config 0 interface 0 has no altsetting 0 [ 642.629203][ T829] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 642.632302][ T829] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 642.636111][ T829] usb 6-1: config 0 interface 0 has no altsetting 0 [ 642.639546][ T829] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 642.643102][ T829] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 642.647016][ T829] usb 6-1: config 0 interface 0 has no altsetting 0 [ 642.651592][ T829] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 642.657576][ T829] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 642.660443][ T829] usb 6-1: Product: syz [ 642.661906][ T829] usb 6-1: Manufacturer: syz [ 642.663575][ T829] usb 6-1: SerialNumber: syz [ 642.666868][ T829] usb 6-1: config 0 descriptor?? [ 642.671918][ T829] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 643.104138][ T39] audit: type=1400 audit(2000000502.449:24608): avc: denied { map } for pid=19806 comm="syz.2.3989" path="socket:[117345]" dev="sockfs" ino=117345 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 643.850589][ T39] audit: type=1400 audit(2000000503.189:24609): avc: denied { name_bind } for pid=19811 comm="syz.3.3990" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 644.083805][ T4772] Bluetooth: hci2: command tx timeout [ 644.092617][ T4772] Bluetooth: hci0: command tx timeout [ 644.719246][T19797] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3985'. [ 644.786416][T19769] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 644.790642][T19769] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 644.795239][T19769] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 644.799606][T19769] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 644.864225][T19769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 644.874961][T18504] usb 6-1: USB disconnect, device number 24 [ 644.875627][T19769] 8021q: adding VLAN 0 to HW filter on device team0 [ 644.878543][T18504] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 644.881028][T14907] bridge0: port 1(bridge_slave_0) entered blocking state [ 644.883057][T14907] bridge0: port 1(bridge_slave_0) entered forwarding state [ 644.888507][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 644.890615][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 645.017248][T19769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 645.036430][T19769] veth0_vlan: entered promiscuous mode [ 645.044065][T19769] veth1_vlan: entered promiscuous mode [ 645.064516][T19769] veth0_macvtap: entered promiscuous mode [ 645.069488][T19769] veth1_macvtap: entered promiscuous mode [ 645.081608][T19769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 645.085795][T19769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.089359][T19769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 645.093124][T19769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.096661][T19769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 645.100366][T19769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.103911][T19769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 645.107692][T19769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.111341][T19769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 645.115354][T19769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.119970][T19769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 645.126976][T19769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 645.130753][T19769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.134747][T19769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 645.138352][T19769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.141732][T19769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 645.145603][T19769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.149107][T19769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 645.153121][T19769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 645.157675][T19769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 645.164207][T19769] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.167249][T19769] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.170319][T19769] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.173555][T19769] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 645.214471][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 645.217345][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 645.239056][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 645.241922][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 645.517612][T19822] team0: Port device team_slave_1 removed [ 645.539008][T19820] Process accounting resumed [ 645.832936][T18504] usb 7-1: new high-speed USB device number 38 using dummy_hcd [ 645.907187][T19840] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 0, id = 0 [ 645.992940][T18504] usb 7-1: Using ep0 maxpacket: 32 [ 645.996363][T18504] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 646.001435][T18504] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 646.003991][T18504] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 646.006085][T18504] usb 7-1: Product: syz [ 646.007341][T18504] usb 7-1: Manufacturer: syz [ 646.008777][T18504] usb 7-1: SerialNumber: syz [ 646.011398][T18504] usb 7-1: config 0 descriptor?? [ 646.176971][ T4772] Bluetooth: hci2: command tx timeout [ 646.178897][ T4772] Bluetooth: hci0: command tx timeout [ 646.272871][T19826] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 646.275345][T19843] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 646.297233][T19843] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 646.302359][T19833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 646.314164][T19833] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 646.318463][T19833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 646.336849][T19833] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 646.472831][T18480] usb 8-1: new high-speed USB device number 29 using dummy_hcd [ 646.506344][ T827] usb 7-1: USB disconnect, device number 38 [ 646.626466][ T39] audit: type=1400 audit(2000000505.969:24610): avc: denied { read } for pid=19853 comm="syz.1.3999" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 646.626889][T18480] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 646.634654][T19854] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 646.637038][T18480] usb 8-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 646.640286][T19855] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 646.643382][T18480] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 646.650068][T18480] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.655537][T18480] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 646.657699][T18480] usb 8-1: invalid MIDI out EP 0 [ 646.721463][T18480] snd-usb-audio 8-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 646.862265][T18480] usb 8-1: USB disconnect, device number 29 [ 647.070376][T19842] xt_time: unknown flags 0x4 [ 647.312583][ T827] usb 8-1: new high-speed USB device number 30 using dummy_hcd [ 647.473212][ T827] usb 8-1: Using ep0 maxpacket: 16 [ 647.476784][ T827] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 647.481539][ T827] usb 8-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 647.485009][ T827] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 647.489629][ T827] usb 8-1: config 0 descriptor?? [ 647.494902][ T827] input: bcm5974 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input54 [ 647.756057][ T4819] bcm5974 8-1:0.0: could not read from device [ 647.762133][T18480] usb 8-1: USB disconnect, device number 30 [ 647.918341][T19882] netlink: 'syz.2.4006': attribute type 5 has an invalid length. [ 647.954377][T19884] FAULT_INJECTION: forcing a failure. [ 647.954377][T19884] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 647.958884][T19884] CPU: 2 UID: 0 PID: 19884 Comm: syz.2.4007 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0 [ 647.962574][T19884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 647.966116][T19884] Call Trace: [ 647.967268][T19884] [ 647.968293][T19884] dump_stack_lvl+0x16c/0x1f0 [ 647.969998][T19884] should_fail_ex+0x497/0x5b0 [ 647.971671][T19884] _copy_from_iter+0x2a1/0x1540 [ 647.973344][T19884] ? __pfx__copy_from_iter+0x10/0x10 [ 647.975169][T19884] ? __virt_addr_valid+0x1a4/0x590 [ 647.976927][T19884] ? __virt_addr_valid+0x5e/0x590 [ 647.978669][T19884] ? __phys_addr_symbol+0x30/0x80 [ 647.980421][T19884] ? __check_object_size+0x488/0x710 [ 647.982277][T19884] netlink_sendmsg+0x813/0xd70 [ 647.983940][T19884] ? __pfx_netlink_sendmsg+0x10/0x10 [ 647.985791][T19884] ? __import_iovec+0x1fd/0x6e0 [ 647.987483][T19884] ____sys_sendmsg+0xaaf/0xc90 [ 647.989187][T19884] ? copy_msghdr_from_user+0x10b/0x160 [ 647.991109][T19884] ? __pfx_____sys_sendmsg+0x10/0x10 [ 647.992959][T19884] ? __pfx___lock_acquire+0x10/0x10 [ 647.994784][T19884] ___sys_sendmsg+0x135/0x1e0 [ 647.996458][T19884] ? __pfx____sys_sendmsg+0x10/0x10 [ 647.998320][T19884] ? lock_acquire+0x2f/0xb0 [ 647.999905][T19884] ? __fget_files+0x40/0x3f0 [ 648.001513][T19884] ? fdget+0x176/0x210 [ 648.003010][T19884] __sys_sendmsg+0x117/0x1f0 [ 648.004674][T19884] ? __pfx___sys_sendmsg+0x10/0x10 [ 648.006464][T19884] ? __fget_files+0x244/0x3f0 [ 648.008132][T19884] do_syscall_64+0xcd/0x250 [ 648.009892][T19884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.012088][T19884] RIP: 0033:0x7fac91d7dff9 [ 648.013702][T19884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 648.020374][T19884] RSP: 002b:00007fac92c42038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 648.023318][T19884] RAX: ffffffffffffffda RBX: 00007fac91f35f80 RCX: 00007fac91d7dff9 [ 648.026200][T19884] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 648.028909][T19884] RBP: 00007fac92c42090 R08: 0000000000000000 R09: 0000000000000000 [ 648.031590][T19884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 648.034265][T19884] R13: 0000000000000000 R14: 00007fac91f35f80 R15: 00007ffc834494c8 [ 648.036939][T19884] [ 648.252715][ T5350] Bluetooth: hci2: command tx timeout [ 648.467931][T19891] FAULT_INJECTION: forcing a failure. [ 648.467931][T19891] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 648.481432][T19891] CPU: 0 UID: 0 PID: 19891 Comm: syz.3.4009 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0 [ 648.484951][T19891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 648.488883][T19891] Call Trace: [ 648.490134][T19891] [ 648.491201][T19891] dump_stack_lvl+0x16c/0x1f0 [ 648.492916][T19891] should_fail_ex+0x497/0x5b0 [ 648.494626][T19891] _copy_from_user+0x30/0xf0 [ 648.496123][T19891] restore_altstack+0x94/0x170 [ 648.497750][T19891] ? __pfx_restore_altstack+0x10/0x10 [ 648.499656][T19891] ? _raw_spin_unlock_irq+0x23/0x50 [ 648.501495][T19891] ? lockdep_hardirqs_on+0x7c/0x110 [ 648.503338][T19891] ? _raw_spin_unlock_irq+0x2e/0x50 [ 648.505172][T19891] ? set_current_blocked+0xdd/0x120 [ 648.507025][T19891] __do_sys_rt_sigreturn+0x132/0x230 [ 648.508849][T19891] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 648.510895][T19891] do_syscall_64+0xcd/0x250 [ 648.512496][T19891] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.514525][T19891] RIP: 0033:0x7f2d9e319959 [ 648.516169][T19891] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 648.522857][T19891] RSP: 002b:00007f2d9f09d340 EFLAGS: 00000206 ORIG_RAX: 000000000000000f [ 648.525816][T19891] RAX: ffffffffffffffda RBX: 00007f2d9e535f80 RCX: 00007f2d9e319959 [ 648.528559][T19891] RDX: 00007f2d9f09d340 RSI: 00007f2d9f09d470 RDI: 0000000000000021 [ 648.531383][T19891] RBP: 00007f2d9f09e090 R08: 0000000000000000 R09: 0000000000000000 [ 648.534214][T19891] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 648.537005][T19891] R13: 0000000000000000 R14: 00007f2d9e535f80 R15: 00007ffd35c4f3f8 [ 648.539814][T19891] [ 648.832554][T19900] cgroup: none used incorrectly [ 650.691135][ T39] audit: type=1400 audit(2000000510.029:24611): avc: denied { write } for pid=19921 comm="syz.1.4024" path="socket:[117597]" dev="sockfs" ino=117597 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 650.832516][T18468] usb 8-1: new high-speed USB device number 31 using dummy_hcd [ 651.014625][T18468] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 651.017591][T18468] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 651.020111][T18468] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 651.023734][T18468] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 651.026142][T18468] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 651.029959][T18468] usb 8-1: config 0 descriptor?? [ 651.447709][T18468] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 651.451950][T18468] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving [ 651.459348][T18468] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 651.832318][ T55] usb 8-1: USB disconnect, device number 31 [ 651.834512][T19920] usb 8-1: string descriptor 0 read error: -19 [ 651.834995][T19925] plantronics 0003:047F:FFFF.0010: usb_submit_urb(ctrl) failed: -19 [ 652.024340][T19904] delete_channel: no stack [ 652.163549][ T39] audit: type=1326 audit(2000000511.509:24612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19927 comm="syz.2.4018" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 652.171064][ T39] audit: type=1326 audit(2000000511.509:24613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19927 comm="syz.2.4018" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 652.178997][ T39] audit: type=1326 audit(2000000511.509:24614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19927 comm="syz.2.4018" exe="/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 652.187528][ T39] audit: type=1326 audit(2000000511.509:24615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19927 comm="syz.2.4018" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 652.194671][ T39] audit: type=1326 audit(2000000511.509:24616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19927 comm="syz.2.4018" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 652.201042][ T39] audit: type=1326 audit(2000000511.509:24617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19927 comm="syz.2.4018" exe="/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 652.208944][ T39] audit: type=1326 audit(2000000511.509:24618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19927 comm="syz.2.4018" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 652.216856][ T39] audit: type=1326 audit(2000000511.509:24619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19927 comm="syz.2.4018" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 652.223936][ T39] audit: type=1326 audit(2000000511.509:24620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19927 comm="syz.2.4018" exe="/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 652.864533][T19927] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 653.487765][T19935] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4020'. [ 653.490061][T19938] FAULT_INJECTION: forcing a failure. [ 653.490061][T19938] name failslab, interval 1, probability 0, space 0, times 0 [ 653.495830][T19938] CPU: 3 UID: 0 PID: 19938 Comm: syz.2.4021 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0 [ 653.499303][T19938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 653.502865][T19938] Call Trace: [ 653.503944][T19938] [ 653.504974][T19938] dump_stack_lvl+0x16c/0x1f0 [ 653.506653][T19938] should_fail_ex+0x497/0x5b0 [ 653.508363][T19938] ? fs_reclaim_acquire+0xae/0x160 [ 653.510322][T19938] should_failslab+0xc2/0x120 [ 653.512053][T19938] kmem_cache_alloc_node_noprof+0x71/0x310 [ 653.514118][T19938] ? __alloc_skb+0x2b1/0x380 [ 653.515825][T19938] __alloc_skb+0x2b1/0x380 [ 653.517381][T19938] ? __pfx___alloc_skb+0x10/0x10 [ 653.519109][T19938] ? __lock_acquire+0xbdd/0x3ce0 [ 653.520882][T19938] alloc_skb_with_frags+0xe4/0x850 [ 653.522650][T19938] ? __pfx___lock_acquire+0x10/0x10 [ 653.524578][T19938] ? lock_acquire+0x2f/0xb0 [ 653.526283][T19938] ? __might_fault+0xe3/0x190 [ 653.528054][T19938] sock_alloc_send_pskb+0x7f1/0x980 [ 653.530009][T19938] ? find_held_lock+0x2d/0x110 [ 653.532045][T19938] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 653.534056][T19938] ? lock_acquire+0x2f/0xb0 [ 653.535643][T19938] ? dev_get_by_index+0x37/0x380 [ 653.537368][T19938] isotp_sendmsg+0x8dc/0x1da0 [ 653.539101][T19938] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 653.541744][T19938] ? __pfx_isotp_sendmsg+0x10/0x10 [ 653.543724][T19938] ? __import_iovec+0x1fd/0x6e0 [ 653.545581][T19938] ? lock_acquire+0x2f/0xb0 [ 653.546991][T19938] ____sys_sendmsg+0xaaf/0xc90 [ 653.548361][T19938] ? copy_msghdr_from_user+0x10b/0x160 [ 653.550440][T19938] ? __pfx_____sys_sendmsg+0x10/0x10 [ 653.552411][T19938] ? __pfx___lock_acquire+0x10/0x10 [ 653.554342][T19938] ___sys_sendmsg+0x135/0x1e0 [ 653.556023][T19938] ? __pfx____sys_sendmsg+0x10/0x10 [ 653.557872][T19938] ? lock_acquire+0x2f/0xb0 [ 653.559497][T19938] ? __fget_files+0x40/0x3f0 [ 653.561224][T19938] ? fdget+0x176/0x210 [ 653.562857][T19938] __sys_sendmmsg+0x1a1/0x450 [ 653.564715][T19938] ? __pfx___sys_sendmmsg+0x10/0x10 [ 653.566790][T19938] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 653.569079][T19938] ? xfd_validate_state+0x5d/0x180 [ 653.571196][T19938] ? rcu_is_watching+0x12/0xc0 [ 653.572866][T19938] __x64_sys_sendmmsg+0x9c/0x100 [ 653.574180][T19938] ? lockdep_hardirqs_on+0x7c/0x110 [ 653.575749][T19938] do_syscall_64+0xcd/0x250 [ 653.577522][T19938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 653.579686][T19938] RIP: 0033:0x7fac91d7dff9 [ 653.581289][T19938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 653.587444][T19938] RSP: 002b:00007fac92c42038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 653.590235][T19938] RAX: ffffffffffffffda RBX: 00007fac91f35f80 RCX: 00007fac91d7dff9 [ 653.592243][T19938] RDX: 0000000000000002 RSI: 0000000020006640 RDI: 0000000000000003 [ 653.594333][T19938] RBP: 00007fac92c42090 R08: 0000000000000000 R09: 0000000000000000 [ 653.596325][T19938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 653.598525][T19938] R13: 0000000000000000 R14: 00007fac91f35f80 R15: 00007ffc834494c8 [ 653.600585][T19938] [ 653.657006][T19945] 9pnet_fd: Insufficient options for proto=fd [ 654.614642][T19967] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=19967 comm=syz.3.4030 [ 654.620310][T19967] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 654.626726][T19967] veth0_to_bridge: entered promiscuous mode [ 654.660669][T19966] veth0_to_bridge: left promiscuous mode [ 656.462522][ T72] usb 8-1: new full-speed USB device number 32 using dummy_hcd [ 656.614424][ T72] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 656.616883][ T72] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 656.619709][ T72] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 656.623041][ T72] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 656.626219][ T72] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 656.629555][ T72] usb 8-1: config 0 interface 0 has no altsetting 0 [ 656.636276][ T72] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 656.639487][ T72] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 656.641868][ T72] usb 8-1: Product: syz [ 656.643050][ T72] usb 8-1: Manufacturer: syz [ 656.644267][ T72] usb 8-1: SerialNumber: syz [ 656.646875][ T72] usb 8-1: config 0 descriptor?? [ 656.648713][T20015] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 656.651751][ T72] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 656.655074][ T72] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 656.959142][T20031] netlink: 'syz.2.4057': attribute type 3 has an invalid length. [ 656.963314][T20031] netlink: 'syz.2.4057': attribute type 3 has an invalid length. [ 657.026631][ T72] usb 8-1: USB disconnect, device number 32 [ 657.029184][ T72] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 657.473166][ T39] kauditd_printk_skb: 8 callbacks suppressed [ 657.473183][ T39] audit: type=1326 audit(2000000516.819:24629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20047 comm="syz.3.4065" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d9e37dff9 code=0x7ffc0000 [ 657.483904][ T39] audit: type=1326 audit(2000000516.819:24630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20047 comm="syz.3.4065" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d9e37dff9 code=0x7ffc0000 [ 657.491782][ T39] audit: type=1326 audit(2000000516.819:24631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20047 comm="syz.3.4065" exe="/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f2d9e37dff9 code=0x7ffc0000 [ 657.500077][ T39] audit: type=1326 audit(2000000516.819:24632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20047 comm="syz.3.4065" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d9e37dff9 code=0x7ffc0000 [ 657.508190][ T39] audit: type=1326 audit(2000000516.819:24633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20047 comm="syz.3.4065" exe="/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f2d9e37dff9 code=0x7ffc0000 [ 657.516632][ T39] audit: type=1326 audit(2000000516.819:24634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20047 comm="syz.3.4065" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d9e37dff9 code=0x7ffc0000 [ 657.632765][ T5382] usb 7-1: new high-speed USB device number 39 using dummy_hcd [ 657.794621][ T5382] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 657.798703][ T5382] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 657.802658][ T5382] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 657.806480][ T5382] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 657.811089][ T5382] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 657.814644][ T5382] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 657.818960][ T5382] usb 7-1: config 0 descriptor?? [ 657.821417][T20042] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 657.892528][T18480] usb 8-1: new high-speed USB device number 33 using dummy_hcd [ 658.044594][T18480] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 658.046995][T18480] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 658.050532][T18480] usb 8-1: config 0 descriptor?? [ 658.230681][ T5382] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 658.232835][ T5382] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 658.234816][ T5382] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 658.236766][ T5382] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 658.238774][ T5382] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 658.240836][ T5382] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 658.243285][ T5382] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving [ 658.246234][ T5382] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 658.256963][T18480] ath6kl: Failed to submit usb control message: -71 [ 658.258664][T18480] ath6kl: unable to send the bmi data to the device: -71 [ 658.260786][T18480] ath6kl: Unable to send get target info: -71 [ 658.268849][T18480] ath6kl: Failed to init ath6kl core: -71 [ 658.279513][T18480] ath6kl_usb 8-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 658.284817][T18480] usb 8-1: USB disconnect, device number 33 [ 658.497472][T18480] usb 7-1: USB disconnect, device number 39 [ 659.177277][T20074] fuse: Bad value for 'fd' [ 659.231931][T20080] serio: Serial port pts0 [ 659.385299][T20087] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4082'. [ 659.387850][T20087] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4082'. [ 659.735660][ T39] audit: type=1400 audit(2000000519.079:24635): avc: denied { audit_write } for pid=20109 comm="syz.3.4093" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 659.741437][ T39] audit: type=1107 audit(2000000519.079:24636): pid=20109 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='n' [ 660.842842][ T5382] usb 7-1: new high-speed USB device number 40 using dummy_hcd [ 660.992688][ T5382] usb 7-1: Using ep0 maxpacket: 16 [ 660.999260][ T5382] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 661.003890][ T5382] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 661.006156][ T5382] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 661.008343][ T5382] usb 7-1: Product: syz [ 661.009754][ T5382] usb 7-1: Manufacturer: syz [ 661.010967][ T5382] usb 7-1: SerialNumber: syz [ 661.013157][ T5382] usb 7-1: config 0 descriptor?? [ 661.015999][ T5382] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 661.018561][ T5382] em28xx 7-1:0.0: DVB interface 0 found: bulk [ 661.022616][T18480] usb 8-1: new high-speed USB device number 34 using dummy_hcd [ 661.177417][T18480] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 661.181106][T18480] usb 8-1: config 0 has no interfaces? [ 661.184982][T18480] usb 8-1: New USB device found, idVendor=10d6, idProduct=2200, bcdDevice= 0.02 [ 661.188064][T18480] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 661.190481][T18480] usb 8-1: SerialNumber: syz [ 661.192684][T18480] usb 8-1: config 0 descriptor?? [ 661.436166][T18468] usb 8-1: USB disconnect, device number 34 [ 661.629720][ T5382] em28xx 7-1:0.0: unknown em28xx chip ID (0) [ 661.980339][ T39] audit: type=1400 audit(2000000521.319:24637): avc: denied { connect } for pid=20134 comm="syz.3.4102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 662.120924][ T39] audit: type=1400 audit(2000000521.459:24638): avc: denied { unmount } for pid=18459 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 662.239629][ T5382] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 662.241668][ T5382] em28xx 7-1:0.0: board has no eeprom [ 662.302621][ T5382] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 662.305205][ T5382] em28xx 7-1:0.0: dvb set to bulk mode. [ 662.308643][T18468] em28xx 7-1:0.0: Binding DVB extension [ 662.314220][ T5382] usb 7-1: USB disconnect, device number 40 [ 662.316222][ T5382] em28xx 7-1:0.0: Disconnecting em28xx [ 662.340893][T18468] em28xx 7-1:0.0: Registering input extension [ 662.343559][ T5382] em28xx 7-1:0.0: Closing input extension [ 662.361392][ T5382] em28xx 7-1:0.0: Freeing device [ 662.452531][T18480] usb 8-1: new high-speed USB device number 35 using dummy_hcd [ 662.612612][T18480] usb 8-1: Using ep0 maxpacket: 32 [ 662.616810][T18480] usb 8-1: config 1 interface 0 has no altsetting 0 [ 662.621853][T18480] usb 8-1: New USB device found, idVendor=056a, idProduct=0319, bcdDevice= 0.40 [ 662.624526][T18480] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.627143][T18480] usb 8-1: Product: syz [ 662.628565][T18480] usb 8-1: Manufacturer: syz [ 662.630065][T18480] usb 8-1: SerialNumber: syz [ 662.840624][T18480] usbhid 8-1:1.0: can't add hid device: -71 [ 662.842302][T18480] usbhid 8-1:1.0: probe with driver usbhid failed with error -71 [ 662.845529][T18480] usb 8-1: USB disconnect, device number 35 [ 663.851448][ T4772] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 663.857866][ T4772] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 663.861711][ T4772] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 663.865639][ T4772] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 663.880513][ T4772] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 663.883338][ T4772] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 664.002688][T20168] chnl_net:caif_netlink_parms(): no params data found [ 664.084692][T20168] bridge0: port 1(bridge_slave_0) entered blocking state [ 664.086899][T20168] bridge0: port 1(bridge_slave_0) entered disabled state [ 664.088761][T20168] bridge_slave_0: entered allmulticast mode [ 664.090881][T20168] bridge_slave_0: entered promiscuous mode [ 664.094144][T20168] bridge0: port 2(bridge_slave_1) entered blocking state [ 664.095920][T20168] bridge0: port 2(bridge_slave_1) entered disabled state [ 664.097819][T20168] bridge_slave_1: entered allmulticast mode [ 664.099835][T20168] bridge_slave_1: entered promiscuous mode [ 664.148272][T20168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 664.151830][T20168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 664.193186][T20168] team0: Port device team_slave_0 added [ 664.197491][T20168] team0: Port device team_slave_1 added [ 664.236616][T20168] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 664.239099][T20168] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 664.247935][T20168] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 664.251569][T20168] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 664.253337][T20168] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 664.259649][T20168] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 664.307139][T20168] hsr_slave_0: entered promiscuous mode [ 664.315607][T20168] hsr_slave_1: entered promiscuous mode [ 664.318475][T20168] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 664.320661][T20168] Cannot create hsr debugfs directory [ 664.337629][ T39] audit: type=1400 audit(2000000523.679:24639): avc: denied { bind } for pid=20191 comm="syz.2.4122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 664.349745][T20192] overlayfs: missing 'lowerdir' [ 664.398451][T20194] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=null. [ 664.401667][T20194] overlayfs: overlapping lowerdir path [ 664.450192][T20168] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.588042][T20168] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.694408][T20168] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.725594][T20202] loop4: detected capacity change from 0 to 2 [ 664.752625][ T5382] usb 7-1: new high-speed USB device number 41 using dummy_hcd [ 664.859002][T20168] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.912671][ T5382] usb 7-1: Using ep0 maxpacket: 8 [ 664.916912][ T5382] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 664.920032][ T5382] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 664.931081][ T5382] usb 7-1: New USB device found, idVendor=056a, idProduct=0090, bcdDevice= 0.00 [ 664.935763][ T5382] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 664.943050][ T5382] usb 7-1: config 0 descriptor?? [ 664.979993][T20168] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 664.983246][T20168] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 664.987494][T20168] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 664.991505][T20168] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 665.020020][T20168] bridge0: port 2(bridge_slave_1) entered blocking state [ 665.022910][T20168] bridge0: port 2(bridge_slave_1) entered forwarding state [ 665.025892][T20168] bridge0: port 1(bridge_slave_0) entered blocking state [ 665.028277][T20168] bridge0: port 1(bridge_slave_0) entered forwarding state [ 665.054516][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 665.087478][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 665.162321][ T5382] usbhid 7-1:0.0: can't add hid device: -71 [ 665.170447][ T5382] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 665.186536][ T5382] usb 7-1: USB disconnect, device number 41 [ 665.224639][T20168] 8021q: adding VLAN 0 to HW filter on device bond0 [ 665.246581][T20168] 8021q: adding VLAN 0 to HW filter on device team0 [ 665.279965][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 665.282853][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 665.326273][ T1103] bridge0: port 2(bridge_slave_1) entered blocking state [ 665.328224][ T1103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 665.417652][T20168] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 665.420552][T20168] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 665.504544][T20168] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 665.523146][T20168] veth0_vlan: entered promiscuous mode [ 665.529395][T20168] veth1_vlan: entered promiscuous mode [ 665.552934][T20168] veth0_macvtap: entered promiscuous mode [ 665.560095][T20168] veth1_macvtap: entered promiscuous mode [ 665.571627][T20168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 665.575279][T20168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 665.578111][T20168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 665.581336][T20168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 665.584366][T20168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 665.587651][T20168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 665.590295][T20168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 665.594383][T20168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 665.596864][T20168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 665.599701][T20168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 665.602805][T20168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 665.605410][T20168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 665.609311][T20168] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 665.624301][T20168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 665.627009][T20168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 665.629505][T20168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 665.632177][T20168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 665.635052][T20168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 665.637712][T20168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 665.640216][T20168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 665.642958][T20168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 665.645515][T20168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 665.648181][T20168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 665.651487][T20168] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 665.656324][T20168] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 665.659254][T20168] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 665.661524][T20168] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 665.663854][T20168] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 665.707107][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 665.709165][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 665.721643][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 665.724145][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 665.751866][T20219] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4111'. [ 665.922784][T20172] Bluetooth: hci3: command tx timeout [ 666.034127][T20241] tipc: Started in network mode [ 666.035423][T20241] tipc: Node identity aaaaaaaaaa41, cluster identity 4711 [ 666.038070][T20241] tipc: Enabled bearer , priority 10 [ 666.096432][ T39] audit: type=1400 audit(2000000525.439:24640): avc: denied { ioctl } for pid=20245 comm="syz.2.4145" path="socket:[121914]" dev="sockfs" ino=121914 ioctlcmd=0x89f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 666.135368][T20253] netlink: 'syz.2.4147': attribute type 4 has an invalid length. [ 666.342718][T20271] tipc: Enabling of bearer rejected, failed to enable media [ 666.416691][T20281] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 666.442253][T20283] netlink: 'syz.1.4160': attribute type 10 has an invalid length. [ 666.449964][T20283] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 666.602555][ T828] usb 8-1: new high-speed USB device number 36 using dummy_hcd [ 666.754148][ T828] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 666.757926][ T828] usb 8-1: config 0 has no interfaces? [ 666.760112][ T828] usb 8-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 666.763648][ T828] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 666.768054][ T828] usb 8-1: config 0 descriptor?? [ 666.832619][ T5382] usb 7-1: new high-speed USB device number 42 using dummy_hcd [ 666.912623][T14823] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 666.978096][ T828] usb 8-1: USB disconnect, device number 36 [ 666.992642][ T5382] usb 7-1: Using ep0 maxpacket: 8 [ 666.995921][ T5382] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 666.998333][ T5382] usb 7-1: config 179 has no interface number 0 [ 667.000565][ T5382] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 667.003994][ T5382] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 667.007649][ T5382] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 667.011671][ T5382] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 667.015348][ T5382] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 667.019671][ T5382] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 667.023057][ T5382] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 667.028166][T20299] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 667.069811][T14823] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 667.073812][T14823] usb 6-1: config 0 has no interfaces? [ 667.075862][T14823] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 667.079216][T14823] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 667.084319][T14823] usb 6-1: config 0 descriptor?? [ 667.152575][T14823] tipc: Node number set to 15444650 [ 667.238116][T18480] usb 7-1: USB disconnect, device number 42 [ 667.238186][ C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 667.292649][ T5382] usb 6-1: USB disconnect, device number 25 [ 667.773746][T20312] overlayfs: missing 'lowerdir' [ 667.832600][ T828] usb 8-1: new high-speed USB device number 37 using dummy_hcd [ 667.837829][ T39] audit: type=1400 audit(2000000527.179:24641): avc: denied { getopt } for pid=20315 comm="syz.1.4175" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 667.993166][ T828] usb 8-1: Using ep0 maxpacket: 32 [ 668.003348][ T828] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 668.006874][ T828] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 668.010293][ T828] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 668.013062][ T828] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 668.017404][ T828] usb 8-1: config 0 descriptor?? [ 668.020074][ T828] hub 8-1:0.0: USB hub found [ 668.052576][T14823] usb 7-1: new high-speed USB device number 43 using dummy_hcd [ 668.084622][T20321] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 668.086254][T20321] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 668.094442][T20321] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 668.096073][T20321] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 668.099666][T20321] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 668.101415][T20321] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 668.202565][T14823] usb 7-1: Using ep0 maxpacket: 16 [ 668.206134][T14823] usb 7-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 668.210202][T14823] usb 7-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0 [ 668.213858][T14823] usb 7-1: config 0 interface 0 has no altsetting 0 [ 668.216928][T14823] usb 7-1: New USB device found, idVendor=056a, idProduct=00db, bcdDevice= 0.00 [ 668.220162][T14823] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 668.226998][ T828] hub 8-1:0.0: config failed, can't read hub descriptor (err -22) [ 668.231598][T14823] usb 7-1: config 0 descriptor?? [ 668.232109][ T828] usbhid 8-1:0.0: can't add hid device: -71 [ 668.235269][ T828] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 668.252711][ T828] usb 8-1: USB disconnect, device number 37 [ 668.643192][T14823] wacom 0003:056A:00DB.0012: Unknown device_type for 'HID 056a:00db'. Assuming pen. [ 668.649114][T14823] wacom 0003:056A:00DB.0012: hidraw1: USB HID v0.06 Device [HID 056a:00db] on usb-dummy_hcd.2-1/input0 [ 668.652615][T14823] input: Wacom Bamboo 2FG 6x8 SE Pen as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:056A:00DB.0012/input/input56 [ 668.855513][ T829] usb 7-1: USB disconnect, device number 43 [ 669.697779][T20349] rdma_op ffff88805f7511f0 conn xmit_rdma 0000000000000000 [ 669.712550][ T829] usb 7-1: new high-speed USB device number 44 using dummy_hcd [ 669.787954][T20355] netlink: 83 bytes leftover after parsing attributes in process `syz.3.4192'. [ 669.862715][ T829] usb 7-1: Using ep0 maxpacket: 32 [ 669.868102][ T829] usb 7-1: descriptor type invalid, skip [ 669.870267][ T829] usb 7-1: descriptor type invalid, skip [ 669.875739][ T829] usb 7-1: config 1 interface 0 altsetting 241 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 669.880928][ T829] usb 7-1: config 1 interface 0 has no altsetting 0 [ 669.886679][ T829] usb 7-1: New USB device found, idVendor=056a, idProduct=0319, bcdDevice= 0.40 [ 669.890457][ T829] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.897967][ T829] usb 7-1: Product: syz [ 669.899506][ T829] usb 7-1: Manufacturer: syz [ 669.901184][ T829] usb 7-1: SerialNumber: syz [ 669.918840][T20361] vlan2: entered promiscuous mode [ 669.920801][T20361] vlan2: entered allmulticast mode [ 669.953875][ T72] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 670.110748][ T72] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 670.114359][ T72] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 670.116405][ T829] usbhid 7-1:1.0: can't add hid device: -71 [ 670.119554][ T829] usbhid 7-1:1.0: probe with driver usbhid failed with error -71 [ 670.123196][ T72] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 670.126730][ T72] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 670.129414][ T72] usb 6-1: Product: 抡֨顼쐼⃉ꝫ㧨㙘ܓ슪ꀡ⚃⶟墔蓼༣鴾Ꚑ儧홳ڋ쪗鸎 [ 670.131247][ T829] usb 7-1: USB disconnect, device number 44 [ 670.138581][ T72] usb 6-1: Manufacturer: 她蕋멳龜ؔ됛ꦆ뗮齔㗘మᆤ幽埍瀷쬎룱窛퍽黱覝轤㴓犂讯࣍䉙녒ⶇ扚邆镻㢗濇蕃鐍혣☲밉庙랸袰৽夂憬芣稐录빬旟깿ꦇ婞㘳௴ﺋ࣊绾鸓ᬪ哴s [ 670.146742][ T72] usb 6-1: SerialNumber: syz [ 670.247518][ T39] audit: type=1400 audit(2000000529.589:24642): avc: denied { read } for pid=20365 comm="syz.3.4197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 670.364138][ T72] usb 6-1: 0:2 : does not exist [ 670.374599][ T72] usb 6-1: USB disconnect, device number 26 [ 670.522806][ T25] usb 8-1: new high-speed USB device number 38 using dummy_hcd [ 670.682644][ T25] usb 8-1: Using ep0 maxpacket: 8 [ 670.688258][ T25] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 670.692399][ T25] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 670.695726][ T25] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 670.700839][ T25] usb 8-1: config 0 descriptor?? [ 670.909012][ T25] iowarrior 8-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 670.917263][T20374] xt_CT: You must specify a L4 protocol and not use inversions on it [ 671.081027][ T39] audit: type=1400 audit(2000000530.419:24643): avc: denied { append } for pid=20385 comm="syz.1.4207" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 671.081094][T20386] random: crng reseeded on system resumption [ 671.114128][ T25] usb 8-1: USB disconnect, device number 38 [ 671.122971][ T25] iowarrior 8-1:0.0: I/O-Warror #0 now disconnected [ 671.663470][T18518] IPVS: starting estimator thread 0... [ 671.753042][T20393] IPVS: using max 32 ests per chain, 76800 per kthread [ 671.946685][T20411] nlmon0: Master is either lo or non-ether device [ 671.994967][T20413] input: syz0 as /devices/virtual/input/input59 [ 672.349776][T20443] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 672.351625][T20443] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 672.352575][ T829] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 672.355436][T20443] vhci_hcd vhci_hcd.0: Device attached [ 672.359551][T20444] vhci_hcd: connection closed [ 672.359702][T18558] vhci_hcd: stop threads [ 672.369430][T18558] vhci_hcd: release socket [ 672.371015][T18558] vhci_hcd: disconnect device [ 672.490248][T20453] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4235'. [ 672.497199][T20453] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4235'. [ 672.506099][ T829] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 672.508949][ T829] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 672.511575][ T829] usb 6-1: Product: syz [ 672.513523][ T829] usb 6-1: Manufacturer: syz [ 672.515082][ T829] usb 6-1: SerialNumber: syz [ 672.518248][ T829] usb 6-1: config 0 descriptor?? [ 672.521196][ T829] ch341 6-1:0.0: ch341-uart converter detected [ 672.652733][T20460] nvme_fabrics: missing parameter 'transport=%s' [ 672.655146][T20460] nvme_fabrics: missing parameter 'nqn=%s' [ 672.675163][T20460] nvme_fabrics: missing parameter 'transport=%s' [ 672.677423][T20460] nvme_fabrics: missing parameter 'nqn=%s' [ 673.152571][ T55] usb 8-1: new high-speed USB device number 39 using dummy_hcd [ 673.305579][ T55] usb 8-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 673.308666][ T55] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 673.311546][ T55] usb 8-1: Product: syz [ 673.313180][ T55] usb 8-1: Manufacturer: syz [ 673.314836][ T55] usb 8-1: SerialNumber: syz [ 673.318899][ T55] r8152-cfgselector 8-1: Unknown version 0x0000 [ 673.321140][ T55] r8152-cfgselector 8-1: config 0 descriptor?? [ 673.733450][ T55] r8152-cfgselector 8-1: USB disconnect, device number 39 [ 673.768900][ T829] ch341-uart ttyUSB0: failed to read break control: -71 [ 673.771122][ T829] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 673.778367][ T829] usb 6-1: USB disconnect, device number 27 [ 673.780815][ T829] ch341 6-1:0.0: device disconnected [ 674.320204][T20488] program syz.3.4247 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 674.759455][T20506] netlink: 192 bytes leftover after parsing attributes in process `syz.2.4254'. [ 674.845346][ T39] audit: type=1804 audit(2000000534.189:24644): pid=20510 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.4256" name="/newroot/202/bus/file0" dev="overlay" ino=1089 res=1 errno=0 [ 674.948517][ T39] audit: type=1326 audit(2000000534.289:24645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20515 comm="syz.2.4259" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 674.960715][ T39] audit: type=1326 audit(2000000534.289:24646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20515 comm="syz.2.4259" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 674.971107][ T39] audit: type=1326 audit(2000000534.289:24647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20515 comm="syz.2.4259" exe="/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 674.978447][ T39] audit: type=1326 audit(2000000534.289:24648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20515 comm="syz.2.4259" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 674.987976][ T39] audit: type=1326 audit(2000000534.289:24649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20515 comm="syz.2.4259" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 674.994697][ T39] audit: type=1326 audit(2000000534.289:24650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20515 comm="syz.2.4259" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 675.001045][ T39] audit: type=1326 audit(2000000534.289:24651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20515 comm="syz.2.4259" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fac91d7dff9 code=0x7ffc0000 [ 675.215737][T20527] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4264'. [ 675.958390][T20539] Bluetooth: MGMT ver 1.23 [ 676.154069][T20550] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4272'. [ 676.752601][ T72] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 676.914313][ T72] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 676.918715][ T72] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 676.929161][ T72] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 676.934743][ T72] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 676.939847][ T72] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 676.943312][ T72] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 676.948811][ T72] usb 6-1: config 0 descriptor?? [ 676.951496][T20567] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 677.350795][T20584] 9pnet_fd: p9_fd_create_unix (20584): address too long: ./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 677.352041][T20584] syz.3.4282 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 678.286379][ T72] plantronics 0003:047F:FFFF.0013: unknown main item tag 0xd [ 678.289134][ T72] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 678.304047][ T72] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 678.308177][ T72] usb 6-1: USB disconnect, device number 28 [ 678.552543][ T25] usb 8-1: new high-speed USB device number 40 using dummy_hcd [ 678.572513][ T827] usb 7-1: new full-speed USB device number 45 using dummy_hcd [ 678.630345][T20607] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4295'. [ 678.726101][ T25] usb 8-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 678.728455][ T25] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 678.730540][ T25] usb 8-1: Product: syz [ 678.731632][ T25] usb 8-1: Manufacturer: syz [ 678.733907][ T827] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 678.735732][ T25] usb 8-1: SerialNumber: syz [ 678.736060][ T827] usb 7-1: config 0 has no interface number 0 [ 678.738150][ T25] usb 8-1: config 0 descriptor?? [ 678.738928][ T827] usb 7-1: New USB device found, idVendor=15ba, idProduct=0004, bcdDevice=27.55 [ 678.743041][ T827] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.743147][ T25] ch341 8-1:0.0: ch341-uart converter detected [ 678.745933][ T827] usb 7-1: config 0 descriptor?? [ 678.749611][ T827] ftdi_sio 7-1:0.1: FTDI USB Serial Device converter detected [ 678.751952][ T827] ftdi_sio ttyUSB1: unknown device type: 0x2755 [ 678.952147][ T72] usb 7-1: USB disconnect, device number 45 [ 678.954426][ T72] ftdi_sio 7-1:0.1: device disconnected [ 679.132525][T18480] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 679.286437][T18480] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 679.288848][T18480] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 679.291006][T18480] usb 6-1: Product: syz [ 679.292134][T18480] usb 6-1: Manufacturer: syz [ 679.293511][T18480] usb 6-1: SerialNumber: syz [ 679.296075][T18480] usb 6-1: config 0 descriptor?? [ 679.298784][T18480] ch341 6-1:0.0: ch341-uart converter detected [ 679.547138][ T25] usb 8-1: failed to send control message: -71 [ 679.548840][ T25] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 679.554677][ T25] usb 8-1: USB disconnect, device number 40 [ 679.556706][ T25] ch341 8-1:0.0: device disconnected [ 679.706788][T18480] usb 6-1: failed to send control message: -71 [ 679.708513][T18480] ch341-uart ttyUSB1: probe with driver ch341-uart failed with error -71 [ 679.711315][T18480] usb 6-1: USB disconnect, device number 29 [ 679.713346][T18480] ch341 6-1:0.0: device disconnected [ 680.198287][ T39] kauditd_printk_skb: 13 callbacks suppressed [ 680.198305][ T39] audit: type=1400 audit(2000000539.539:24665): avc: denied { bind } for pid=20632 comm="syz.3.4306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 680.272272][T20637] rdma_rxe: rxe_newlink: failed to add veth1_vlan [ 680.352509][T20641] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4310'. [ 680.443234][ T39] audit: type=1400 audit(2000000539.789:24666): avc: denied { write } for pid=20644 comm="syz.1.4313" path="socket:[122324]" dev="sockfs" ino=122324 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 680.622975][ T39] audit: type=1400 audit(2000000539.969:24667): avc: denied { getopt } for pid=20656 comm="syz.1.4318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 680.756287][ T39] audit: type=1400 audit(2000000540.099:24668): avc: denied { getopt } for pid=20667 comm="syz.1.4322" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 680.848349][T20676] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4326'. [ 680.852204][T20676] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4326'. [ 680.958116][ T39] audit: type=1400 audit(2000000540.299:24669): avc: denied { read } for pid=20681 comm="syz.1.4329" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 680.966615][ T39] audit: type=1400 audit(2000000540.299:24670): avc: denied { open } for pid=20681 comm="syz.1.4329" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 680.980466][ T39] audit: type=1400 audit(2000000540.309:24671): avc: denied { ioctl } for pid=20681 comm="syz.1.4329" path="/dev/loop-control" dev="devtmpfs" ino=657 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 681.093426][ T39] audit: type=1326 audit(2000000540.439:24672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20698 comm="syz.1.4336" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21cf97dff9 code=0x7ffc0000 [ 681.098839][ T39] audit: type=1326 audit(2000000540.439:24673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20698 comm="syz.1.4336" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f21cf97dff9 code=0x7ffc0000 [ 681.108014][ T39] audit: type=1326 audit(2000000540.439:24674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20698 comm="syz.1.4336" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f21cf97dff9 code=0x7ffc0000 [ 681.214249][T20709] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4342'. [ 681.216781][T20709] bridge_slave_1: left allmulticast mode [ 681.219360][T20709] bridge_slave_1: left promiscuous mode [ 681.222658][T20709] bridge0: port 2(bridge_slave_1) entered disabled state [ 681.228740][T20709] bridge_slave_0: left allmulticast mode [ 681.230361][T20709] bridge_slave_0: left promiscuous mode [ 681.231886][T20709] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.202610][ T55] usb 8-1: new high-speed USB device number 41 using dummy_hcd [ 682.374602][ T55] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 682.378623][ T55] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 682.382339][ T55] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 682.385824][ T55] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 682.390251][ T55] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 682.393493][ T55] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 682.397911][ T55] usb 8-1: config 0 descriptor?? [ 682.579259][T20746] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 682.582889][T20746] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4357'. [ 682.676343][T20755] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=20755 comm=syz.2.4359 [ 682.976174][ T72] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 683.123779][ T72] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 683.126851][ T72] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 683.129660][ T72] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 683.132166][ T72] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 683.135669][ T72] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 683.138101][ T72] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 683.141107][ T72] usb 6-1: config 0 descriptor?? [ 683.549672][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.552303][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.554685][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.557370][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.559435][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.561360][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.563454][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.565435][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.567438][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.569445][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.571377][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.573449][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.575381][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.577825][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.580036][ T72] plantronics 0003:047F:FFFF.0014: unknown main item tag 0x0 [ 683.582253][ T72] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving [ 683.585219][ T72] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 683.816090][T18504] usb 6-1: USB disconnect, device number 30 [ 683.972596][T18518] usb 7-1: new high-speed USB device number 46 using dummy_hcd [ 684.134295][T18518] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 684.137946][T18518] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 684.142391][T18518] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 684.145552][T18518] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 684.148277][T18518] usb 7-1: SerialNumber: syz [ 684.355526][T18518] usb 7-1: 0:2 : does not exist [ 684.356957][T18518] usb 7-1: unit 5: unexpected type 0x0d [ 684.365322][T18518] usb 7-1: USB disconnect, device number 46 [ 684.388980][T20776] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4371'. [ 684.896655][ T55] usbhid 8-1:0.0: can't add hid device: -71 [ 684.899328][ T55] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 684.902160][ T55] usb 8-1: USB disconnect, device number 41 [ 685.232588][T18504] usb 7-1: new high-speed USB device number 47 using dummy_hcd [ 685.392998][T18504] usb 7-1: Using ep0 maxpacket: 8 [ 685.399624][T18504] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 685.403698][T18504] usb 7-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 685.407255][T18504] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 685.412076][T18504] usb 7-1: config 0 descriptor?? [ 685.418983][T18504] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 685.524579][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.024420][T20812] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 686.628729][T18504] gspca_vc032x: reg_w err -71 [ 686.630055][T18504] vc032x 7-1:0.0: probe with driver vc032x failed with error -71 [ 686.635499][T18504] usb 7-1: USB disconnect, device number 47 [ 687.020730][ T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 687.136019][ T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 687.183846][T20853] input: syz1 as /devices/virtual/input/input61 [ 687.185760][ T5350] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 687.190802][ T5350] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 687.193797][ T5350] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 687.197155][ T5350] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 687.199433][ T5350] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 687.201518][ T5350] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 687.223662][T20172] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 687.226733][T20172] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 687.229654][T20172] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 687.241844][T20172] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 687.248194][ T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 687.248746][T20172] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 687.254584][T20172] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 687.349493][ T12] bond0: (slave netdevsim0): Releasing backup interface [ 687.353002][ T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 687.418512][T20854] chnl_net:caif_netlink_parms(): no params data found [ 687.512693][ T12] tipc: Resetting bearer [ 687.592530][T18518] usb 7-1: new high-speed USB device number 48 using dummy_hcd [ 687.670202][ T12] tipc: Disabling bearer [ 687.754143][T18518] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 687.757629][T18518] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 687.760440][T18518] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 687.763341][T18518] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 687.766608][T18518] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 687.768893][T18518] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 687.772221][T18518] usb 7-1: config 0 descriptor?? [ 687.774845][T20857] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 687.820849][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 687.825606][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 687.829832][ T12] bond0 (unregistering): Released all slaves [ 687.834379][T20854] bridge0: port 1(bridge_slave_0) entered blocking state [ 687.836228][T20854] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.838268][T20854] bridge_slave_0: entered allmulticast mode [ 687.840564][T20854] bridge_slave_0: entered promiscuous mode [ 687.843642][T20854] bridge0: port 2(bridge_slave_1) entered blocking state [ 687.845530][T20854] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.848070][T20854] bridge_slave_1: entered allmulticast mode [ 687.851010][T20854] bridge_slave_1: entered promiscuous mode [ 687.878145][T20854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 687.882290][T20854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 687.953751][ T12] tipc: Left network mode [ 687.976087][T20854] team0: Port device team_slave_0 added [ 687.979064][T20854] team0: Port device team_slave_1 added [ 688.027971][T20854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 688.029656][ T39] kauditd_printk_skb: 61 callbacks suppressed [ 688.029666][ T39] audit: type=1400 audit(2000000547.369:24736): avc: denied { mount } for pid=20868 comm="syz.3.4407" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 688.030193][T20854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 688.030208][T20854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 688.031023][T20854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 688.032086][T20869] devpts: called with bogus options [ 688.038708][T20854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 688.038735][T20854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 688.042490][ T39] audit: type=1400 audit(2000000547.369:24737): avc: denied { remount } for pid=20868 comm="syz.3.4407" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 688.082489][ T39] audit: type=1400 audit(2000000547.409:24738): avc: denied { unmount } for pid=18459 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 688.107810][T20854] hsr_slave_0: entered promiscuous mode [ 688.110027][T20854] hsr_slave_1: entered promiscuous mode [ 688.111943][T20854] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 688.115324][T20854] Cannot create hsr debugfs directory [ 688.168197][ T39] audit: type=1326 audit(2000000547.509:24739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20874 comm="syz.3.4410" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d9e37dff9 code=0x7ffc0000 [ 688.175174][ T39] audit: type=1326 audit(2000000547.509:24740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20874 comm="syz.3.4410" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d9e37dff9 code=0x7ffc0000 [ 688.189150][ T39] audit: type=1326 audit(2000000547.519:24741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20874 comm="syz.3.4410" exe="/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f2d9e37dff9 code=0x7ffc0000 [ 688.202502][ T39] audit: type=1326 audit(2000000547.519:24742): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20874 comm="syz.3.4410" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d9e37dff9 code=0x7ffc0000 [ 688.210810][ T39] audit: type=1326 audit(2000000547.519:24743): auid=4294967295 uid=0 gid=60928 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20874 comm="syz.3.4410" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d9e37dff9 code=0x7ffc0000 [ 688.217177][T20877] netlink: 124 bytes leftover after parsing attributes in process `syz.3.4411'. [ 688.222160][T20877] nbd: must specify at least one socket [ 688.243610][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.245476][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.247218][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.248933][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.250679][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.253158][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.254911][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.256640][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.258597][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.263663][ T12] hsr_slave_0: left promiscuous mode [ 688.263793][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.267907][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.270321][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.272306][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.272546][ T12] hsr_slave_1: left promiscuous mode [ 688.274804][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.280403][T18518] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 688.280569][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 688.283140][T18518] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving [ 688.285490][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 688.291791][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 688.294744][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 688.297131][T18518] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 688.324254][ T12] veth1_macvtap: left promiscuous mode [ 688.325611][ T12] veth0_macvtap: left promiscuous mode [ 688.326931][ T12] veth1_vlan: left promiscuous mode [ 688.328131][ T12] veth0_vlan: left promiscuous mode [ 688.446055][T20857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 688.452816][T20857] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 688.574059][T18480] usb 7-1: USB disconnect, device number 48 [ 689.295472][T20172] Bluetooth: hci3: command tx timeout [ 689.334708][ T12] team0 (unregistering): Port device team_slave_1 removed [ 689.462747][ T12] team0 (unregistering): Port device team_slave_0 removed [ 690.772600][ T25] usb 7-1: new high-speed USB device number 49 using dummy_hcd [ 690.922612][ T25] usb 7-1: Using ep0 maxpacket: 16 [ 690.925410][ T25] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 690.929420][ T25] usb 7-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 690.931855][ T25] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 690.934147][ T25] usb 7-1: Product: syz [ 690.935310][ T25] usb 7-1: Manufacturer: syz [ 690.936544][ T25] usb 7-1: SerialNumber: syz [ 690.938815][ T25] usb 7-1: config 0 descriptor?? [ 690.940910][ T25] hub 7-1:0.0: bad descriptor, ignoring hub [ 690.942615][ T25] hub 7-1:0.0: probe with driver hub failed with error -5 [ 690.946171][ T25] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 690.957128][ T25] snd-usb-audio 7-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 691.071338][T20854] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 691.074675][T20854] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 691.077660][T20854] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 691.080598][T20854] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 691.120068][T20854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 691.127293][T20854] 8021q: adding VLAN 0 to HW filter on device team0 [ 691.131291][T18558] bridge0: port 1(bridge_slave_0) entered blocking state [ 691.133728][T18558] bridge0: port 1(bridge_slave_0) entered forwarding state [ 691.147557][T18558] bridge0: port 2(bridge_slave_1) entered blocking state [ 691.149512][T18558] bridge0: port 2(bridge_slave_1) entered forwarding state [ 691.246686][T20854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 691.252664][T18480] usb 7-1: USB disconnect, device number 49 [ 691.269955][T20854] veth0_vlan: entered promiscuous mode [ 691.272537][T18504] usb 8-1: new high-speed USB device number 42 using dummy_hcd [ 691.277030][T20854] veth1_vlan: entered promiscuous mode [ 691.290687][T20854] veth0_macvtap: entered promiscuous mode [ 691.295373][T20854] veth1_macvtap: entered promiscuous mode [ 691.303016][T20854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 691.305852][T20854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.308422][T20854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 691.311320][T20854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.314112][T20854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 691.316820][T20854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.319406][T20854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 691.322239][T20854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.324947][T20854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 691.327639][T20854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.331085][T20854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 691.337024][T20854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 691.339768][T20854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.342359][T20854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 691.345519][T20854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.348083][T20854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 691.351365][T20854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.354939][T20854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 691.357782][T20854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.360834][T20854] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 691.362615][T20172] Bluetooth: hci3: command tx timeout [ 691.363758][T20854] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 691.368602][T20854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 691.373751][T20854] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.376076][T20854] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.378479][T20854] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.380786][T20854] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.422666][T18504] usb 8-1: Using ep0 maxpacket: 32 [ 691.426315][T18504] usb 8-1: config 1 interface 0 has no altsetting 0 [ 691.426495][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 691.429781][T18504] usb 8-1: New USB device found, idVendor=056a, idProduct=0319, bcdDevice= 0.40 [ 691.430954][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 691.435932][T18504] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 691.438577][T18504] usb 8-1: Product: ➾慄ͥ鴙攉⁹쭞㰴᱁븫泴龘숢鐫酉⭽羄헫⿿ [ 691.440856][T18504] usb 8-1: Manufacturer: 攽 [ 691.442099][T18504] usb 8-1: SerialNumber: 퐍퇟⢭ѡ讳浥ጶ䘗꼹쇣篛ᛥ藊홮䎺ꂶﷳⲗ쫬ꍎ鯂뙲嫧ᄹ렄跰ぐﶠ羸䢎꾕螡ż髬聓눊킗梁ብ覶澌쎄Ꞔ䓯昜ᕴ솣Ტ筓鴈ቩ朧핾뻐 [ 691.450969][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 691.453289][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 691.572471][ T39] audit: type=1400 audit(2000000550.909:24744): avc: denied { read } for pid=20908 comm="syz.1.4422" path="socket:[123414]" dev="sockfs" ino=123414 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 691.669437][T18504] usbhid 8-1:1.0: can't add hid device: -71 [ 691.671035][T18504] usbhid 8-1:1.0: probe with driver usbhid failed with error -71 [ 691.675923][T18504] usb 8-1: USB disconnect, device number 42 [ 692.540482][T20918] netlink: 'syz.3.4425': attribute type 12 has an invalid length. [ 692.542611][T20918] netlink: 197276 bytes leftover after parsing attributes in process `syz.3.4425'. [ 693.356837][T20927] input: syz0 as /devices/virtual/input/input62 [ 693.361110][ T39] audit: type=1400 audit(2000000552.699:24745): avc: denied { read } for pid=20923 comm="syz.3.4427" dev="sockfs" ino=123430 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 693.442570][T20172] Bluetooth: hci3: command tx timeout [ 693.961010][T20932] input: syz1 as /devices/virtual/input/input63 [ 693.967675][T20932] [ 693.968541][T20932] ===================================================== [ 693.970730][T20932] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 693.972662][T20932] 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0 Not tainted [ 693.974818][T20932] ----------------------------------------------------- [ 693.978827][T20932] syz.3.4429/20932 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 693.981411][T20932] ffffffff8de0a098 (tasklist_lock){.+.+}-{2:2}, at: send_sigio+0xb8/0x3e0 [ 693.982057][ T39] audit: type=1400 audit(2000000553.319:24746): avc: denied { write } for pid=5253 comm="syz-executor" path="pipe:[3983]" dev="pipefs" ino=3983 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 693.984119][T20932] [ 693.984119][T20932] and this task is already holding: [ 693.984127][T20932] ffff888059e7d320 (&f_owner->lock){....}-{2:2}, at: send_sigio+0x31/0x3e0 [ 693.984167][T20932] which would create a new lock dependency: [ 693.984174][T20932] (&f_owner->lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2} [ 694.001179][T20932] [ 694.001179][T20932] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 694.004175][T20932] (&dev->event_lock#2){..-.}-{2:2} [ 694.004199][T20932] [ 694.004199][T20932] ... which became SOFTIRQ-irq-safe at: [ 694.007892][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.009230][T20932] _raw_spin_lock_irqsave+0x3a/0x60 [ 694.010555][T20932] input_inject_event+0xa4/0x370 [ 694.011819][T20932] led_set_brightness+0x211/0x290 [ 694.013542][T20932] led_trigger_event+0xda/0x270 [ 694.015391][T20932] kbd_bh+0x21b/0x300 [ 694.016707][T20932] tasklet_action_common+0x24c/0x3e0 [ 694.018495][T20932] handle_softirqs+0x213/0x8f0 [ 694.020102][T20932] run_ksoftirqd+0x3a/0x60 [ 694.021508][T20932] smpboot_thread_fn+0x661/0xa30 [ 694.023140][T20932] kthread+0x2c1/0x3a0 [ 694.024497][T20932] ret_from_fork+0x45/0x80 [ 694.025898][T20932] ret_from_fork_asm+0x1a/0x30 [ 694.027495][T20932] [ 694.027495][T20932] to a SOFTIRQ-irq-unsafe lock: [ 694.029817][T20932] (tasklist_lock){.+.+}-{2:2} [ 694.029841][T20932] [ 694.029841][T20932] ... which became SOFTIRQ-irq-unsafe at: [ 694.033948][T20932] ... [ 694.033955][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.034617][ T39] audit: type=1400 audit(2000000553.379:24747): avc: denied { mount } for pid=20931 comm="syz.3.4429" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 694.034773][T20932] _raw_read_lock+0x5f/0x70 [ 694.043925][T20932] __do_wait+0x105/0x890 [ 694.045448][T20932] do_wait+0x219/0x570 [ 694.046837][T20932] kernel_wait+0xa0/0x160 [ 694.048330][T20932] call_usermodehelper_exec_work+0xf1/0x170 [ 694.050340][T20932] process_one_work+0x9c5/0x1ba0 [ 694.052001][T20932] worker_thread+0x6c8/0xf00 [ 694.053490][T20932] kthread+0x2c1/0x3a0 [ 694.054847][T20932] ret_from_fork+0x45/0x80 [ 694.056341][T20932] ret_from_fork_asm+0x1a/0x30 [ 694.057962][T20932] [ 694.057962][T20932] other info that might help us debug this: [ 694.057962][T20932] [ 694.061312][T20932] Chain exists of: [ 694.061312][T20932] &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock [ 694.061312][T20932] [ 694.065556][T20932] Possible interrupt unsafe locking scenario: [ 694.065556][T20932] [ 694.067731][T20932] CPU0 CPU1 [ 694.069147][T20932] ---- ---- [ 694.070822][T20932] lock(tasklist_lock); [ 694.072059][T20932] local_irq_disable(); [ 694.073847][T20932] lock(&dev->event_lock#2); [ 694.075734][T20932] lock(&f_owner->lock); [ 694.077544][T20932] [ 694.078476][T20932] lock(&dev->event_lock#2); [ 694.079770][T20932] [ 694.079770][T20932] *** DEADLOCK *** [ 694.079770][T20932] [ 694.081885][T20932] 5 locks held by syz.3.4429/20932: [ 694.083264][T20932] #0: ffffffff8e3eb790 (file_rwsem){.+.+}-{0:0}, at: do_dentry_open+0x665/0x1530 [ 694.085687][T20932] #1: ffff888028bc29b8 (&ctx->flc_lock){+.+.}-{2:2}, at: __break_lease+0x49b/0x17d0 [ 694.088148][T20932] #2: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x6d/0x520 [ 694.090543][T20932] #3: ffff8880446212b8 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x138/0x520 [ 694.092949][T20932] #4: ffff888059e7d320 (&f_owner->lock){....}-{2:2}, at: send_sigio+0x31/0x3e0 [ 694.095322][T20932] [ 694.095322][T20932] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 694.097981][T20932] -> (&dev->event_lock#2){..-.}-{2:2} { [ 694.099490][T20932] IN-SOFTIRQ-W at: [ 694.100573][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.102449][T20932] _raw_spin_lock_irqsave+0x3a/0x60 [ 694.104328][T20932] input_inject_event+0xa4/0x370 [ 694.106195][T20932] led_set_brightness+0x211/0x290 [ 694.108085][T20932] led_trigger_event+0xda/0x270 [ 694.109932][T20932] kbd_bh+0x21b/0x300 [ 694.111539][T20932] tasklet_action_common+0x24c/0x3e0 [ 694.113498][T20932] handle_softirqs+0x213/0x8f0 [ 694.115298][T20932] run_ksoftirqd+0x3a/0x60 [ 694.117026][T20932] smpboot_thread_fn+0x661/0xa30 [ 694.118887][T20932] kthread+0x2c1/0x3a0 [ 694.120525][T20932] ret_from_fork+0x45/0x80 [ 694.122281][T20932] ret_from_fork_asm+0x1a/0x30 [ 694.124093][T20932] INITIAL USE at: [ 694.125164][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.127031][T20932] _raw_spin_lock_irqsave+0x3a/0x60 [ 694.128908][T20932] input_inject_event+0xa4/0x370 [ 694.130724][T20932] led_set_brightness+0x211/0x290 [ 694.132534][T20932] kbd_led_trigger_activate+0xcb/0x110 [ 694.134510][T20932] led_trigger_set+0x59a/0xc60 [ 694.136252][T20932] led_trigger_set_default+0x1bd/0x2a0 [ 694.138199][T20932] led_classdev_register_ext+0x78c/0x9e0 [ 694.140151][T20932] input_leds_connect+0x552/0x8e0 [ 694.142294][T20932] input_attach_handler.isra.0+0x181/0x260 [ 694.144781][T20932] input_register_device+0xa84/0x1110 [ 694.146644][T20932] atkbd_connect+0x5e2/0xa20 [ 694.148319][T20932] serio_driver_probe+0x74/0xa0 [ 694.150098][T20932] really_probe+0x23e/0xa90 [ 694.151765][T20932] __driver_probe_device+0x1de/0x440 [ 694.153680][T20932] driver_probe_device+0x4c/0x1b0 [ 694.155539][T20932] __driver_attach+0x283/0x580 [ 694.157342][T20932] bus_for_each_dev+0x13c/0x1d0 [ 694.159143][T20932] serio_handle_event+0x2bb/0xa90 [ 694.161206][T20932] process_one_work+0x9c5/0x1ba0 [ 694.163445][T20932] worker_thread+0x6c8/0xf00 [ 694.165681][T20932] kthread+0x2c1/0x3a0 [ 694.167766][T20932] ret_from_fork+0x45/0x80 [ 694.169979][T20932] ret_from_fork_asm+0x1a/0x30 [ 694.172194][T20932] } [ 694.173126][T20932] ... key at: [] __key.7+0x0/0x40 [ 694.175551][T20932] -> (&client->buffer_lock){....}-{2:2} { [ 694.177588][T20932] INITIAL USE at: [ 694.178968][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.181360][T20932] _raw_spin_lock+0x2e/0x40 [ 694.183472][T20932] evdev_pass_values+0x10e/0x9b0 [ 694.185784][T20932] evdev_events+0x1bb/0x390 [ 694.187932][T20932] input_pass_values+0x777/0x8e0 [ 694.190251][T20932] input_handle_event+0xf0b/0x14d0 [ 694.192603][T20932] input_inject_event+0x1bb/0x370 [ 694.194951][T20932] evdev_write+0x44f/0x750 [ 694.197093][T20932] vfs_write+0x28e/0x1140 [ 694.199055][T20932] ksys_write+0x1fa/0x260 [ 694.200691][T20932] do_syscall_64+0xcd/0x250 [ 694.202676][T20932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.204971][T20932] } [ 694.205732][T20932] ... key at: [] __key.1+0x0/0x40 [ 694.208030][T20932] ... acquired at: [ 694.209410][T20932] _raw_spin_lock+0x2e/0x40 [ 694.210994][T20932] evdev_pass_values+0x10e/0x9b0 [ 694.212718][T20932] evdev_events+0x1bb/0x390 [ 694.214176][T20932] input_pass_values+0x777/0x8e0 [ 694.215506][T20932] input_handle_event+0xf0b/0x14d0 [ 694.216816][T20932] input_inject_event+0x1bb/0x370 [ 694.218217][T20932] evdev_write+0x44f/0x750 [ 694.219442][T20932] vfs_write+0x28e/0x1140 [ 694.220644][T20932] ksys_write+0x1fa/0x260 [ 694.221874][T20932] do_syscall_64+0xcd/0x250 [ 694.223117][T20932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.224728][T20932] [ 694.225374][T20932] -> (&new->fa_lock){....}-{2:2} { [ 694.226750][T20932] INITIAL USE at: [ 694.227806][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.229836][T20932] _raw_write_lock_irq+0x36/0x50 [ 694.231932][T20932] fasync_remove_entry+0xb9/0x1e0 [ 694.233706][T20932] fasync_helper+0xaf/0xd0 [ 694.235309][T20932] __fput+0x958/0xb60 [ 694.236802][T20932] task_work_run+0x14e/0x250 [ 694.238479][T20932] syscall_exit_to_user_mode+0x27b/0x2a0 [ 694.240404][T20932] do_syscall_64+0xda/0x250 [ 694.242052][T20932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.244035][T20932] INITIAL READ USE at: [ 694.245211][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.247126][T20932] _raw_read_lock_irqsave+0x74/0x90 [ 694.249053][T20932] kill_fasync+0x138/0x520 [ 694.250798][T20932] evdev_pass_values+0x619/0x9b0 [ 694.252693][T20932] evdev_events+0x1bb/0x390 [ 694.254706][T20932] input_pass_values+0x777/0x8e0 [ 694.256964][T20932] input_handle_event+0xf0b/0x14d0 [ 694.258831][T20932] input_inject_event+0x1bb/0x370 [ 694.260622][T20932] evdev_write+0x44f/0x750 [ 694.262366][T20932] vfs_write+0x28e/0x1140 [ 694.264078][T20932] ksys_write+0x1fa/0x260 [ 694.265797][T20932] do_syscall_64+0xcd/0x250 [ 694.267541][T20932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.269649][T20932] } [ 694.270348][T20932] ... key at: [] __key.0+0x0/0x40 [ 694.272223][T20932] ... acquired at: [ 694.273254][T20932] _raw_read_lock_irqsave+0x74/0x90 [ 694.274672][T20932] kill_fasync+0x138/0x520 [ 694.275888][T20932] evdev_pass_values+0x619/0x9b0 [ 694.277237][T20932] evdev_events+0x1bb/0x390 [ 694.278485][T20932] input_pass_values+0x777/0x8e0 [ 694.279842][T20932] input_handle_event+0xf0b/0x14d0 [ 694.281240][T20932] input_inject_event+0x1bb/0x370 [ 694.282623][T20932] evdev_write+0x44f/0x750 [ 694.283844][T20932] vfs_write+0x28e/0x1140 [ 694.284976][T20932] ksys_write+0x1fa/0x260 [ 694.286141][T20932] do_syscall_64+0xcd/0x250 [ 694.287369][T20932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.288917][T20932] [ 694.289553][T20932] -> (&f_owner->lock){....}-{2:2} { [ 694.290874][T20932] INITIAL USE at: [ 694.291858][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.293556][T20932] _raw_write_lock_irq+0x36/0x50 [ 694.295187][T20932] __f_setown+0x67/0x3c0 [ 694.296652][T20932] f_setown+0x122/0x290 [ 694.298110][T20932] do_fcntl+0xf44/0x1510 [ 694.299791][T20932] __x64_sys_fcntl+0x176/0x210 [ 694.301483][T20932] do_syscall_64+0xcd/0x250 [ 694.303036][T20932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.304911][T20932] INITIAL READ USE at: [ 694.306019][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.307835][T20932] _raw_read_lock_irq+0x67/0x80 [ 694.309566][T20932] do_fcntl+0x45b/0x1510 [ 694.311148][T20932] __x64_sys_fcntl+0x176/0x210 [ 694.312877][T20932] do_syscall_64+0xcd/0x250 [ 694.314565][T20932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.316591][T20932] } [ 694.317272][T20932] ... key at: [] __key.1+0x0/0x40 [ 694.319392][T20932] ... acquired at: [ 694.320701][T20932] _raw_read_lock_irqsave+0x74/0x90 [ 694.322527][T20932] send_sigio+0x31/0x3e0 [ 694.324062][T20932] kill_fasync+0x21a/0x520 [ 694.325676][T20932] lease_break_callback+0x23/0x30 [ 694.327331][T20932] __break_lease+0x67c/0x17d0 [ 694.328636][T20932] vfs_truncate+0x32e/0x4e0 [ 694.329998][T20932] __x64_sys_truncate+0x174/0x1e0 [ 694.331782][T20932] do_syscall_64+0xcd/0x250 [ 694.333412][T20932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.335197][T20932] [ 694.335844][T20932] [ 694.335844][T20932] the dependencies between the lock to be acquired [ 694.335849][T20932] and SOFTIRQ-irq-unsafe lock: [ 694.340179][T20932] -> (tasklist_lock){.+.+}-{2:2} { [ 694.341960][T20932] HARDIRQ-ON-R at: [ 694.343293][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.345235][T20932] _raw_read_lock+0x5f/0x70 [ 694.347339][T20932] __do_wait+0x105/0x890 [ 694.349361][T20932] do_wait+0x219/0x570 [ 694.351304][T20932] kernel_wait+0xa0/0x160 [ 694.353257][T20932] call_usermodehelper_exec_work+0xf1/0x170 [ 694.355841][T20932] process_one_work+0x9c5/0x1ba0 [ 694.357983][T20932] worker_thread+0x6c8/0xf00 [ 694.359971][T20932] kthread+0x2c1/0x3a0 [ 694.361926][T20932] ret_from_fork+0x45/0x80 [ 694.363992][T20932] ret_from_fork_asm+0x1a/0x30 [ 694.366126][T20932] SOFTIRQ-ON-R at: [ 694.367657][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.369919][T20932] _raw_read_lock+0x5f/0x70 [ 694.372028][T20932] __do_wait+0x105/0x890 [ 694.374056][T20932] do_wait+0x219/0x570 [ 694.376014][T20932] kernel_wait+0xa0/0x160 [ 694.378077][T20932] call_usermodehelper_exec_work+0xf1/0x170 [ 694.380509][T20932] process_one_work+0x9c5/0x1ba0 [ 694.382753][T20932] worker_thread+0x6c8/0xf00 [ 694.384477][T20932] kthread+0x2c1/0x3a0 [ 694.385984][T20932] ret_from_fork+0x45/0x80 [ 694.387885][T20932] ret_from_fork_asm+0x1a/0x30 [ 694.390098][T20932] INITIAL USE at: [ 694.391259][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.393025][T20932] _raw_write_lock_irq+0x36/0x50 [ 694.394732][T20932] copy_process+0x3fe6/0x8db0 [ 694.396446][T20932] kernel_clone+0xfd/0x960 [ 694.398660][T20932] user_mode_thread+0xb4/0xf0 [ 694.400786][T20932] rest_init+0x23/0x2b0 [ 694.402771][T20932] start_kernel+0x3e4/0x4d0 [ 694.404854][T20932] x86_64_start_reservations+0x18/0x30 [ 694.407278][T20932] x86_64_start_kernel+0xb2/0xc0 [ 694.409609][T20932] common_startup_64+0x13e/0x148 [ 694.411795][T20932] INITIAL READ USE at: [ 694.413097][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.415240][T20932] _raw_read_lock+0x5f/0x70 [ 694.417038][T20932] __do_wait+0x105/0x890 [ 694.418827][T20932] do_wait+0x219/0x570 [ 694.420789][T20932] kernel_wait+0xa0/0x160 [ 694.422759][T20932] call_usermodehelper_exec_work+0xf1/0x170 [ 694.425050][T20932] process_one_work+0x9c5/0x1ba0 [ 694.427390][T20932] worker_thread+0x6c8/0xf00 [ 694.429229][T20932] kthread+0x2c1/0x3a0 [ 694.430875][T20932] ret_from_fork+0x45/0x80 [ 694.433045][T20932] ret_from_fork_asm+0x1a/0x30 [ 694.435336][T20932] } [ 694.436095][T20932] ... key at: [] tasklist_lock+0x18/0x40 [ 694.438153][T20932] ... acquired at: [ 694.439462][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.441152][T20932] _raw_read_lock+0x5f/0x70 [ 694.442690][T20932] send_sigio+0xb8/0x3e0 [ 694.444212][T20932] kill_fasync+0x21a/0x520 [ 694.445810][T20932] lease_break_callback+0x23/0x30 [ 694.447261][T20932] __break_lease+0x67c/0x17d0 [ 694.448540][T20932] do_dentry_open+0x665/0x1530 [ 694.450211][T20932] vfs_open+0x82/0x3f0 [ 694.451576][T20932] path_openat+0x1e6a/0x2d60 [ 694.452832][T20932] do_filp_open+0x1dc/0x430 [ 694.454389][T20932] do_sys_openat2+0x17a/0x1e0 [ 694.456020][T20932] __x64_sys_open+0x154/0x1e0 [ 694.457327][T20932] do_syscall_64+0xcd/0x250 [ 694.458562][T20932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.460142][T20932] [ 694.460773][T20932] [ 694.460773][T20932] stack backtrace: [ 694.462403][T20932] CPU: 2 UID: 0 PID: 20932 Comm: syz.3.4429 Not tainted 6.12.0-rc2-syzkaller-00058-g75b607fab38d #0 [ 694.465766][T20932] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 694.468478][T20932] Call Trace: [ 694.469366][T20932] [ 694.470172][T20932] dump_stack_lvl+0x116/0x1f0 [ 694.471767][T20932] check_irq_usage+0xf22/0x1290 [ 694.473441][T20932] ? __pfx_check_irq_usage+0x10/0x10 [ 694.474941][T20932] ? hlock_conflict+0x58/0x200 [ 694.476349][T20932] ? __bfs+0x2fa/0x670 [ 694.477769][T20932] ? __pfx_hlock_conflict+0x10/0x10 [ 694.479247][T20932] ? lockdep_lock+0xc6/0x200 [ 694.480588][T20932] ? __pfx_lockdep_lock+0x10/0x10 [ 694.482321][T20932] ? __lock_acquire+0x2521/0x3ce0 [ 694.483806][T20932] __lock_acquire+0x2521/0x3ce0 [ 694.485081][T20932] ? __pfx___lock_acquire+0x10/0x10 [ 694.486437][T20932] lock_acquire.part.0+0x11b/0x380 [ 694.487947][T20932] ? send_sigio+0xb8/0x3e0 [ 694.489457][T20932] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 694.491076][T20932] ? rcu_is_watching+0x12/0xc0 [ 694.492269][T20932] ? trace_lock_acquire+0x14a/0x1d0 [ 694.493601][T20932] ? send_sigio+0x31/0x3e0 [ 694.494741][T20932] ? send_sigio+0xb8/0x3e0 [ 694.495914][T20932] ? lock_acquire+0x2f/0xb0 [ 694.497232][T20932] ? send_sigio+0xb8/0x3e0 [ 694.498783][T20932] _raw_read_lock+0x5f/0x70 [ 694.500292][T20932] ? send_sigio+0xb8/0x3e0 [ 694.501485][T20932] send_sigio+0xb8/0x3e0 [ 694.502604][T20932] kill_fasync+0x21a/0x520 [ 694.503972][T20932] lease_break_callback+0x23/0x30 [ 694.505709][T20932] __break_lease+0x67c/0x17d0 [ 694.507315][T20932] ? __pfx___break_lease+0x10/0x10 [ 694.509071][T20932] ? __pfx_selinux_file_open+0x10/0x10 [ 694.510950][T20932] ? bpf_lsm_file_open+0x9/0x10 [ 694.512617][T20932] ? security_file_open+0x62a/0x9d0 [ 694.514401][T20932] do_dentry_open+0x665/0x1530 [ 694.516051][T20932] ? inode_permission+0xdd/0x5f0 [ 694.517653][T20932] vfs_open+0x82/0x3f0 [ 694.518803][T20932] ? may_open+0x1f2/0x400 [ 694.520285][T20932] path_openat+0x1e6a/0x2d60 [ 694.521833][T20932] ? __pfx_path_openat+0x10/0x10 [ 694.523489][T20932] ? __pfx___lock_acquire+0x10/0x10 [ 694.524885][T20932] do_filp_open+0x1dc/0x430 [ 694.526440][T20932] ? __pfx_do_filp_open+0x10/0x10 [ 694.528090][T20932] ? _raw_spin_unlock+0x28/0x50 [ 694.529759][T20932] ? alloc_fd+0x2d7/0x6c0 [ 694.531221][T20932] do_sys_openat2+0x17a/0x1e0 [ 694.532669][T20932] ? __pfx_do_sys_openat2+0x10/0x10 [ 694.534052][T20932] ? do_fcntl+0x1ec/0x1510 [ 694.535237][T20932] __x64_sys_open+0x154/0x1e0 [ 694.536480][T20932] ? __pfx___x64_sys_open+0x10/0x10 [ 694.537854][T20932] do_syscall_64+0xcd/0x250 [ 694.539378][T20932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 694.541327][T20932] RIP: 0033:0x7f2d9e37dff9 [ 694.542786][T20932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 694.548604][T20932] RSP: 002b:00007f2d9f09e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 694.551395][T20932] RAX: ffffffffffffffda RBX: 00007f2d9e535f80 RCX: 00007f2d9e37dff9 [ 694.554039][T20932] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 694.556659][T20932] RBP: 00007f2d9e3f0296 R08: 0000000000000000 R09: 0000000000000000 [ 694.559356][T20932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 694.561862][T20932] R13: 0000000000000000 R14: 00007f2d9e535f80 R15: 00007ffd35c4f3f8 [ 694.563787][T20932] [ 694.915235][T14907] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.016216][T14907] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.155529][T14907] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.206743][T14907] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 695.258465][T14907] bridge_slave_1: left allmulticast mode [ 695.260405][T14907] bridge_slave_1: left promiscuous mode [ 695.262332][T14907] bridge0: port 2(bridge_slave_1) entered disabled state [ 695.265896][T14907] bridge_slave_0: left allmulticast mode [ 695.267874][T14907] bridge_slave_0: left promiscuous mode [ 695.269876][T14907] bridge0: port 1(bridge_slave_0) entered disabled state [ 695.458837][T14907] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 695.462844][T14907] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 695.466532][T14907] bond0 (unregistering): Released all slaves [ 695.776469][T14907] hsr_slave_0: left promiscuous mode [ 695.778269][T14907] hsr_slave_1: left promiscuous mode [ 695.780067][T14907] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 695.782029][T14907] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 695.784250][T14907] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 695.786294][T14907] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 695.789525][T14907] veth1_macvtap: left promiscuous mode [ 695.790926][T14907] veth0_macvtap: left promiscuous mode [ 695.792329][T14907] veth1_vlan: left promiscuous mode [ 695.793667][T14907] veth0_vlan: left promiscuous mode [ 696.045383][T14907] team0 (unregistering): Port device team_slave_1 removed [ 696.098392][T14907] team0 (unregistering): Port device team_slave_0 removed [ 696.783029][T20912] delete_channel: no stack [ 696.818202][T14907] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 696.925473][T14907] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.047234][T14907] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.113734][T14907] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.194813][T14907] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.285436][T14907] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.366210][T14907] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.445213][T14907] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 697.522152][T14907] bridge_slave_1: left allmulticast mode [ 697.523941][T14907] bridge_slave_1: left promiscuous mode [ 697.525584][T14907] bridge0: port 2(bridge_slave_1) entered disabled state [ 697.528202][T14907] bridge_slave_0: left allmulticast mode [ 697.529735][T14907] bridge_slave_0: left promiscuous mode [ 697.531555][T14907] bridge0: port 1(bridge_slave_0) entered disabled state [ 697.534351][T14907] bridge_slave_1: left allmulticast mode [ 697.535993][T14907] bridge_slave_1: left promiscuous mode [ 697.537675][T14907] bridge0: port 2(bridge_slave_1) entered disabled state [ 697.540104][T14907] bridge_slave_0: left allmulticast mode [ 697.541610][T14907] bridge_slave_0: left promiscuous mode [ 697.543598][T14907] bridge0: port 1(bridge_slave_0) entered disabled state [ 697.846619][T14907] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 697.849123][T14907] bond_slave_0: left promiscuous mode [ 697.850614][T14907] bond_slave_0: left allmulticast mode [ 697.853216][T14907] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 697.855798][T14907] bond_slave_1: left promiscuous mode [ 697.857341][T14907] bond_slave_1: left allmulticast mode [ 697.859455][T14907] bond0 (unregistering): Released all slaves [ 697.866765][T14907] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 697.870157][T14907] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 697.873323][T14907] bond0 (unregistering): Released all slaves [ 698.667360][T14907] hsr_slave_0: left promiscuous mode [ 698.669197][T14907] hsr_slave_1: left promiscuous mode [ 698.671007][T14907] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 698.672917][T14907] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 698.675070][T14907] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 698.676989][T14907] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 698.681504][T14907] hsr_slave_0: left promiscuous mode [ 698.683857][T14907] hsr_slave_1: left promiscuous mode [ 698.686016][T14907] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 698.690543][T14907] veth1_macvtap: left promiscuous mode [ 698.692513][T14907] veth0_macvtap: left promiscuous mode [ 698.694422][T14907] veth1_vlan: left promiscuous mode [ 698.696254][T14907] veth0_vlan: left promiscuous mode [ 698.698706][T14907] veth1_macvtap: left promiscuous mode [ 698.700589][T14907] veth0_macvtap: left promiscuous mode [ 698.703119][T14907] veth1_vlan: left promiscuous mode [ 698.704927][T14907] veth0_vlan: left promiscuous mode [ 699.074657][T14907] team0 (unregistering): Port device team_slave_0 removed [ 699.311495][T14907] pimreg (unregistering): left allmulticast mode [ 699.701303][T14907] team0 (unregistering): Port device team_slave_0 removed [ 700.595497][T14907] IPVS: stop unused estimator thread 0... [ 700.706916][ T1145] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.837478][ T1145] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.886219][ T1145] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 701.086503][ T1145] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 701.190097][ T1145] bridge_slave_1: left allmulticast mode [ 701.192032][ T1145] bridge_slave_1: left promiscuous mode [ 701.194049][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state [ 701.197389][ T1145] bridge_slave_0: left allmulticast mode [ 701.199375][ T1145] bridge_slave_0: left promiscuous mode [ 701.201412][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state [ 701.306847][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 701.310845][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 701.314991][ T1145] bond0 (unregistering): Released all slaves [ 701.700446][ T1145] hsr_slave_0: left promiscuous mode [ 701.703025][ T1145] hsr_slave_1: left promiscuous mode [ 701.704935][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 701.706939][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 701.709425][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 701.711736][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 701.715251][ T1145] veth1_macvtap: left promiscuous mode [ 701.716798][ T1145] veth0_macvtap: left promiscuous mode [ 701.718411][ T1145] veth1_vlan: left promiscuous mode [ 701.719852][ T1145] veth0_vlan: left promiscuous mode [ 702.031278][ T1145] team0 (unregistering): Port device team_slave_1 removed [ 702.091609][ T1145] team0 (unregistering): Port device team_slave_0 removed VM DIAGNOSIS: 14:32:24 Registers: info registers vcpu 0 CPU#0 RAX=0000000003022264 RBX=0000000000000000 RCX=ffffffff8b21e0b9 RDX=ffffed100d4c7026 RSI=ffffffff8bd1a080 RDI=ffffffff81647e7c RBP=fffffbfff1bd2af8 RSP=ffffffff8de07e20 R8 =0000000000000000 R9 =ffffed100d4c7025 R10=ffff88806a63812b R11=0000000000000001 R12=0000000000000000 R13=ffffffff8de957c0 R14=ffffffff905f37c8 R15=0000000000000000 RIP=ffffffff8b21f49f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fac92bfff98 CR3=000000004c1ec000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f56827f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f56827f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f56827f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f56827f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f56827f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f56827f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f568290b488 00007f568290b480 00007f568290b478 00007f568290b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f568346d100 00007f568290b440 00007f5682900004 0000000b000c000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f568290b498 00007f568290b490 00007f568290b488 00007f568290b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000005 0000000000000000 0000000000000000 00000000000001ac ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000003 RBX=dffffc0000000000 RCX=ffffffff84855734 RDX=ffff88802d728000 RSI=0000000000000000 RDI=0000000000000007 RBP=0000000000000001 RSP=ffffc9000594fbc0 R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000001 R11=000000000003fffc R12=0000000000000001 R13=ffff88802d728000 R14=ffff888031dac2d0 R15=ffff888031dac000 RIP=ffffffff818d8312 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f6549e606c0 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000055558f166808 CR3=000000002e7aa000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000001000000 Opmask01=0000000001000003 Opmask02=000000007ffbffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc83449860 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac91df1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac91df1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac91df113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac91df114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac91df11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fac91df12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000011c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000004 0000000000000000 0000000000000000 000000000000011c ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff850a7770 RDI=ffffffff9aae3b40 RBP=ffffffff9aae3b00 RSP=ffffc90007b86e68 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=0000000000000020 R14=fffffbfff355c7ba R15=dffffc0000000000 RIP=ffffffff850a7797 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f2d9f09e6c0 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000000000000 CR3=0000000045e8a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2d9e3f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2d9e3f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2d9e3f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2d9e3f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2d9e3f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2d9e3f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2d9e50b488 00007f2d9e50b480 00007f2d9e50b478 00007f2d9e50b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2d9f06d100 00007f2d9e50b440 00007f2d9e50b458 00007f2d9e50b4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2d9e50b498 00007f2d9e50b490 00007f2d9e50b488 00007f2d9e50b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6161616161616161 6161616161616161 6161616161616161 6161616161616161 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000000 RBX=0000000000000009 RCX=ffffffff8495f40e RDX=0000000000000009 RSI=0000000000000007 RDI=0000000000000007 RBP=ffffc90003a97538 RSP=ffffc90003a972d0 R8 =0000000000000005 R9 =0000000000000040 R10=0000000000000037 R11=00000000000a4012 R12=00000000000001ff R13=ffffc90003a97388 R14=ffff88805950473a R15=ffffc90003a97540 RIP=ffffffff818d8440 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fe836aead00 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000056011b4ee000 CR3=000000002f90e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=ada1729dada1729d ada1729dada1729d ada1729dada1729d ada1729dada1729d ada1729dada1729d ada1729dada1729d ada1729dada1729d ada1729dada1729d ZMM22=d20d5d7dd20d5d7d d20d5d7dd20d5d7d d20d5d7dd20d5d7d d20d5d7dd20d5d7d d20d5d7dd20d5d7d d20d5d7dd20d5d7d d20d5d7dd20d5d7d d20d5d7dd20d5d7d ZMM23=2e27bb1a2e27bb1a 2e27bb1a2e27bb1a 2e27bb1a2e27bb1a 2e27bb1a2e27bb1a 2e27bb1a2e27bb1a 2e27bb1a2e27bb1a 2e27bb1a2e27bb1a 2e27bb1a2e27bb1a ZMM24=8cae8a128cae8a12 8cae8a128cae8a12 8cae8a128cae8a12 8cae8a128cae8a12 8cae8a128cae8a12 8cae8a128cae8a12 8cae8a128cae8a12 8cae8a128cae8a12 ZMM25=d130bfc3d130bfc3 d130bfc3d130bfc3 d130bfc3d130bfc3 d130bfc3d130bfc3 d130bfc3d130bfc3 d130bfc3d130bfc3 d130bfc3d130bfc3 d130bfc3d130bfc3 ZMM26=7ddb0cbf7ddb0cbf 7ddb0cbf7ddb0cbf 7ddb0cbf7ddb0cbf 7ddb0cbf7ddb0cbf 7ddb0cbf7ddb0cbf 7ddb0cbf7ddb0cbf 7ddb0cbf7ddb0cbf 7ddb0cbf7ddb0cbf ZMM27=108244a4108244a4 108244a4108244a4 108244a4108244a4 108244a4108244a4 108244a4108244a4 108244a4108244a4 108244a4108244a4 108244a4108244a4 ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=392e0000392e0000 392e0000392e0000 392e0000392e0000 392e0000392e0000 392e0000392e0000 392e0000392e0000 392e0000392e0000 392e0000392e0000