last executing test programs: 7.206611325s ago: executing program 3 (id=1575): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000400)={0x36, 0x6, 0x0, {0x0, 0x0, 0xd, 0x0, 'dont_appraise'}}, 0x36) 6.349928791s ago: executing program 3 (id=1577): sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000d80)=ANY=[@ANYBLOB], 0x2d0}, 0x1, 0x0, 0x0, 0x4048850}, 0x40) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x2) getpid() sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, 0x0, 0x801) r1 = syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x8042) read$FUSE(r1, 0x0, 0x0) write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x12d8) 6.029964199s ago: executing program 1 (id=1581): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_emit_ethernet(0xda, &(0x7f0000001600)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa000800450000cc0000000000019078640101000000000000000089000000000000ac1414aa862a00000000000d5e000000ff00000000000000054eb8a600129606053d0006ff00800000b61af93a93831300ac1414007f0000017f000001e0000002864c0000000000074b6cefc500000cdf61168c24ac88ad078c000a2189ea43a2149b840012ffd11634eea26b0faffa0dea2e903528000902a20948fd7406000eccf0294e2a3bdb4aa40b249e4408000000000000000000a815a23da43974ff"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) recvmmsg(r2, &(0x7f0000002f00)=[{{0x0, 0x0, 0x0}, 0xfffffff4}], 0x1, 0x40010003, 0x0) syz_io_uring_setup(0x5e2, &(0x7f0000000280), &(0x7f0000000040), &(0x7f0000000180)) io_uring_enter(r1, 0x4e07, 0x0, 0x0, 0x0, 0x0) 5.489655822s ago: executing program 3 (id=1588): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_DELOBJ={0x28, 0x14, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_OBJ_TYPE={0x8}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x50}}, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = fanotify_init(0x200, 0x0) fanotify_mark(r2, 0x102, 0x4800101a, r1, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='cifs\x00', 0x10009, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000140)='./file1\x00') bpf$BPF_BTF_LOAD(0x12, &(0x7f00000013c0)={&(0x7f00000003c0)=ANY=[], 0x0, 0x6a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r3 = socket$can_j1939(0x1d, 0x2, 0x7) syz_emit_ethernet(0x276, &(0x7f0000000540)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd642b72b902403a00fe8000000000000000000000000000aa00000000000000000000ffffac14141dff03000000000000c910fc00000000000000000000000000000104016f0001001d0020c1640000003200080065000000010200080000000020010000000000000000000000000001620e021f00000000fc0100000000000000000000000000010000000000000000000000000000000120010000000000000000000000000002fe80000000000000000000000000000ffc020000000000000000000000000001fe8000000000000000000000000000aafe80000000200000000000000000003e3b14000600000000fc00000000000000000000000000000100000000000000000000ffffac1e0101000000000000000000000000000000012001000000000000000000000000000020010000000000000000002e7cd7ce00fc000000000000000000000000000001fc000000000000000000000000000000fe8000000000000000000000000000bbff010000000000000000000000000001ff01000000000000000000000000000187009078fe8000000000000000000000000000bb2201e61ec8d48d7044626a6608e84002160a5a57529ffb9c30c1b5a6c41a1b5d3290e45b70e0e6fb58d25dd3e5b8eeeed323ed5de4fbcaf254bf6b0d787415c2d8f83e90f26aea933f68321bdec137d764c7dd89b3cbab255a5bab800273124333b5d4bb43ed860d8a8b9b7f520484556c333014fd19b25923e8dc7fd2c02b301395b0d19cb2ddbf953d292e77f1aa8911a037d89926c23d23a0ee79a201abad134cb44345ac4aefafc457affa00ffeefdab9c04329016564291385f69ab9dcdd83e54ad"], 0x0) r4 = syz_io_uring_setup(0x48be, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}, &(0x7f00000011c0), &(0x7f0000ff4000)) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000002300)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x3100) io_uring_register$IORING_UNREGISTER_BUFFERS(r4, 0x1, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="f23109aaaaa2aaaa10000000"], 0xc) bpf$TOKEN_CREATE(0x24, &(0x7f00000012c0), 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x8, 0x4, &(0x7f0000000f80)=ANY=[@ANYBLOB], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000011c0)={'vxcan0\x00', 0x0}) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r0, &(0x7f0000001280)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000001240)={&(0x7f0000001180)={0x14, 0x4, 0x1, 0x101, 0x0, 0x0, {0x2, 0x0, 0x9}, ["", "", ""]}, 0x14}}, 0x10) bind$can_j1939(r3, &(0x7f0000001200)={0x1d, r5, 0x0, {0x1}}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x800, 0x83) socket$l2tp(0x2, 0x2, 0x73) r6 = socket$inet6(0xa, 0xa, 0x4f) bind$inet6(r6, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r7, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) 5.30017479s ago: executing program 3 (id=1590): r0 = add_key$user(&(0x7f0000000240), 0x0, &(0x7f0000000200)="1d", 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x0}, &(0x7f0000000740)="69bf05d40ff7e03db3ddca537c6c5612321b25d32064e9ed643d462211406432e87c4d40383939ab8276bfc0294ba021d1ccf9b6b32d1b6c9e8c9737ca2d08305301693ef20a414ca24bed3736d182271d197fc2146a9f55070f3f31155b9081ecbd0fcc0296c88eac143394a776955e8a075194717757c9e085976cac66fd4c5bc83183df2db8205863d7f803e302420e7fc5315861803024f921932a49a4283f6a7d8ab2cbd629e984582467fd6ca63598d554677517903644dc2ef01f8dec", 0xc0, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000280)={r0, r1, r1}, 0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={'sha1-avx\x00'}}) r2 = socket$rds(0x15, 0x5, 0x0) r3 = fanotify_init(0x81, 0x0) fanotify_mark(r3, 0x105, 0x40001032, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) socket$packet(0x11, 0x2, 0x300) ptrace(0x8, r4) wait4(0x0, 0x0, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) rt_tgsigqueueinfo(r4, 0xffffffffffffffff, 0x7, &(0x7f0000000580)={0x5, 0x735, 0x7}) read$FUSE(r3, &(0x7f00000057c0)={0x2020}, 0x2020) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200000300000085000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a4c000000060a01040000000000000000020000000c00064000000000000000020900020073797a32000000000900010073797a30"], 0x60}}, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 4.708918544s ago: executing program 2 (id=1595): socket$inet6_sctp(0xa, 0x5, 0x84) socket$packet(0x11, 0x2, 0x300) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b7040000000000008500000033000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) close(r0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r4}, &(0x7f0000000240), &(0x7f00000003c0)=r6}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r2, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x40) syz_emit_ethernet(0x5e, &(0x7f0000000340)={@local, @dev, @val={@val={0x8100}}, {@canfd={0xd, {{}, 0x0, 0x0, 0x0, 0x0, "ec7ab49f42266b558197758939c3a67064eb2413deb6d588b153902f5348321b2aa24fcea6549a091e651e6c1d3053eef4b8f189054244df8c1353433e834d4c"}}}}, 0x0) 4.640345159s ago: executing program 2 (id=1596): sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000d80)=ANY=[@ANYBLOB], 0x2d0}, 0x1, 0x0, 0x0, 0x4048850}, 0x40) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x2) getpid() sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, 0x0, 0x801) r1 = syz_open_dev$mouse(&(0x7f0000000000), 0x0, 0x8042) read$FUSE(r1, 0x0, 0x0) write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x12d8) 3.780120352s ago: executing program 2 (id=1600): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000480)="66f30f0f6782a7660f38cf4b00b9250a00000f3245d9680066b8d0008ec0b9f2030000b800780000ba000000000f300fc77100c442b97d3c689d9d0f0fa301000000a42e430f01c3", 0x48}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000050000f58b04"]) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r5, &(0x7f0000000140)={0x15, 0x110, 0xfa02, {r6, 0x0, 0x30, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"6e40db5d0076a1a5d48829eef778037c"}}, @ib={0x1b, 0x0, 0x0, {"0e00000000ae00000000000004000001"}}}}, 0x118) write$RDMA_USER_CM_CMD_ACCEPT(r4, &(0x7f00000002c0)={0x8, 0x120, 0xfa00, {0x3, {0x9, 0x40, "a59e7895aa2a958753f32bde079ec4f5cea1b3cfb06d06ec8c217d31bcf180b7cb8c1fbfc81eb462992cebbcbedf60cc3f5ab73b10f531534c3562c7ba0f0d1a7d93dfb0177bed784f045219a7fa0cf0b885396b752fed2cd732c6c7f06994a45ed60d7eeda3020b4620cad5b5543879a10dea34792bfb25627f9ce643de63b783e5130a81c0f03f449deffeccca6255e4173b320a0811b17363d1ae92205b29c9c92ab347113706d96ae98151c163ffabc8f48a1a76f3d9bb1085ffa94f06747191a79c883f9b18eabb793d173e987e0fcc5f19cb2061f55c6db2e533c16912e550a6684dda505e6d1ca5cfcf0b11dd3a913cde9b3ae1efbee5e6fdb6d8e74e", 0x6, 0x6, 0x5, 0x8, 0x8, 0x1, 0x5d, 0x1}, r6}}, 0x128) r7 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x78e}}) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000ac0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r7, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000700)={0x64, r8, 0x1, 0x70bd2d, 0x0, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}, {0x6}, {0x5, 0x12, 0x3}, {0x6}, {0x8}}]}, 0x64}, 0x1, 0x0, 0x0, 0x8841}, 0x0) sendmsg$DEVLINK_CMD_SB_POOL_SET(r4, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000500)={0x54, r8, 0x8, 0x70bd25, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x7ff}, {0x8}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x4040814) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f00000005c0)={0xff, 0x9, 0xe4, 0x3, 0x5a, "3befb8108b4e00d539e6e54b06ed1a4b2bf1a5", 0x1, 0x4}) openat$cgroup_ro(r4, &(0x7f0000000040)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x18, 0x2a, 0x9, 0x0, 0x0, {0x4, 0x0, 0x2c00}, [@nested={0x4, 0x10}]}, 0x18}, 0x1, 0x3000000}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x20004040}, 0x0) close(0xffffffffffffffff) 3.509925833s ago: executing program 2 (id=1602): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000400)={0x36, 0x6, 0x0, {0x0, 0x0, 0xd, 0x0, 'dont_appraise'}}, 0x36) 2.96025425s ago: executing program 1 (id=1606): ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x40187013, &(0x7f0000000140)={0x1}) 2.959965336s ago: executing program 1 (id=1607): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x10, 0x0, 0x40000002}, 0x24}}, 0x0) r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r0, 0x6089, 0x4e72, 0x0, 0x0, 0x0) 2.897919007s ago: executing program 1 (id=1608): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}]}], {0x14}}, 0xb8}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_mptcp(0xa, 0x1, 0x106) syz_emit_vhci(&(0x7f00000004c0)=ANY=[@ANYBLOB="040e0501460c1f00c7f641737da8c5df97e629d54f8eef8f4b4c287248623393943b5ba71f4c252077dee7cda5f191af639f6bc9ccce6307303924e47e62deed5d1bb5921eea00000c30f73971da9388b9ec29139dedf9d61d113d31eeef"], 0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x2b, &(0x7f0000000040)=0x200000000005) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_DELSET={0x30, 0xb, 0xa, 0xa05, 0x0, 0x0, {0x5, 0x0, 0x3}, [@NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x6}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x8000000000000001}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_DELRULE={0xc8, 0x8, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x3}, [@NFTA_RULE_ID={0x8, 0x9, 0x1, 0x0, 0x2}, @NFTA_RULE_EXPRESSIONS={0x54, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @meta={{0x9}, @void}}, {0x10, 0x1, 0x0, 0x1, @limit={{0xa}, @void}}, {0x30, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x11}, @NFTA_FIB_FLAGS={0x8}]}}}]}, @NFTA_RULE_COMPAT={0x4c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x73}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x6}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x2e}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x2f}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x6003}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x88}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x62}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x12c1530899ab3849}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x8884}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFT_MSG_DELSET={0x18c, 0xb, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x5}, @NFTA_SET_DESC={0x58, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x4c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x8}]}, {0x24, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x101}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7d}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x7f}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x6}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xffffffff}]}, {0xc, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0x603}]}]}, @NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x4}]}, @NFTA_SET_GC_INTERVAL={0x8, 0xc, 0x1, 0x0, 0x5}, @NFTA_SET_USERDATA={0xf0, 0xd, 0x1, 0x0, "d5d7041796cf1d05e56ca9285b7c54fc1b9f57af9246dcf5407ed827e5f9a852e60eecf54124700d93da14a31335fc9a2c450ea044637aef334c564fce1ccd2cf7a8ecaf942dd1bf1d9d1e81dd28adb7c6d508d9c65e4824c45792bac6fe04e2536139a0081be8d135fff5cc46756a655040275f46f5e7935d5bc3d57c7b2805cbe84aade5c8f09dbdc4682093450ec985458d7dddb949d3fe5328f0280cafca2a2cbf525abce03fb8b886e436ecb01e0e854c9346c803f627cccd0a6e23c237558658bdb0b8f557eb7be0f58ee308e37132b57578b98d5189b27d7d7e16b6244e18be8be993e72946ed230b"}, @NFTA_SET_DATA_TYPE={0x8}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x8}, @NFTA_SET_DATA_TYPE={0x8}]}, @NFT_MSG_DELFLOWTABLE={0x34, 0x18, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_HOOK={0x4}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELRULE={0x3a4, 0x8, 0xa, 0x3, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x3}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x248, 0x4, 0x0, 0x1, [{0x234, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x228, 0x2, 0x0, 0x1, [@NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_CMP_DATA={0xf8, 0x3, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x38, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffd}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}, @NFTA_DATA_VALUE={0xb9, 0x1, "1425d48f1134998f8c109bb0d6e7cd983432acbece76cd40ccea8d9583ec727781e4b12f799d89323d34fc71183a7873b1fbff614c0111e737704c86b39977ba160b146ebb8a0c31421609521b4f1ac61fb9e517b820a0d1a304bcd41660197ab0a4f26ca4244da3415ba152a42a2d83a7a7a1d934f16ed4943e3136d499768a63b01c253a1825424dbed84add5c3f990abaf4d25494e4dd5adf6239b28790a4771d8ab50e54efe97c318e3997b3da6c729e36ec76"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x10}, @NFTA_CMP_DATA={0xfc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x7, 0x1, "668d38"}, @NFTA_DATA_VALUE={0x9b, 0x1, "d7897352184a82fefadd4c56357913a2f73f3a35a0449fc294dd2e7014823a9077cf74da2b703621dc45c8b5453b641abb35b205393e7340f15ae31847bd70b40af11b047b9ae9d0b36fe1a5be7b2af3f808283af77b99281798735e738a303bea05447587660f77cbb1d92b610d77c7d9eb276dfccb3b14f6c3a64293d82f729def4b5b6ba81bb78ea9501b1f454292ecc3533a7b57f6"}, @NFTA_DATA_VERDICT={0x54, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}]}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xf}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xb}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @lookup={{0xb}, @void}}]}, @NFTA_RULE_USERDATA={0xcf, 0x7, 0x1, 0x0, "5c7303f71a77482071af5349c236d75fe670ef2376d631697333b52292deb54d5df7f3b104805614270dca5b348626d8a6296b86141b1a5f10db40e21023c6c35adb367b66e37ed29b82fde5d33b7b7922aff0cb2436f2b3e021838ddb83f6eff322927d48ed55472d0180f4fa352b523e7f37e8b77a743fab91ca08bc24e0e591455aff843ae9a7c0131ed9df46f3d267e95384a62db23686712100d34d2d38d87cb44175d9c98cf677cb0b5227c47b216b705dacc6572b5c08c863d4608c488a6a1a36b0532706b9c868"}, @NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0xf}, @NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0x1}]}}}, {0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0x367a}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x684}, 0x1, 0x0, 0x0, 0x10000410}, 0x80) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x1c9000, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x5) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x13, &(0x7f0000000100)=@framed={{}, [@map_fd={0x18, 0xb, 0x1, 0x0, r2}, @map_idx_val={0x18, 0x8, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x0, 0x4, 0x0, 0xfffffffffffffff8}, @map_idx={0x18, 0x7, 0x5, 0x0, 0x5}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}, @generic={0x7, 0x8, 0x9, 0x8, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0x5}]}, &(0x7f0000000000)='syzkaller\x00', 0x7f, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) r5 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r5, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r5, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r4, 0x400455c8, 0x0) ioctl$TIOCSTI(r4, 0x5437, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) sendmsg$NFT_MSG_GETCHAIN(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000980)=ANY=[@ANYBLOB="2c1d0000040a05"], 0x2c}}, 0x0) 2.640288239s ago: executing program 2 (id=1610): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x12}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x4, &(0x7f00000001c0)=ANY=[@ANYRES8], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000, 0x3, &(0x7f0000c51000/0x2000)=nil) mmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0xc, 0x2031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil) openat$proc_mixer(0xffffff9c, &(0x7f00000017c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r3, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x10) gettid() capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000002140)) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TCSETSF(r4, 0x5404, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "64f30ea84907e175d5966472c23d26ce8d6f3c"}) r5 = syz_open_dev$ttys(0xc, 0x2, 0x1) syz_open_dev$ptys(0xc, 0x3, 0x1) readv(r5, 0x0, 0x0) ioctl$TIOCPKT(r5, 0x5420, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[], 0x18c}, 0x1, 0x0, 0x0, 0x2400c0d0}, 0x48040) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) shmget$private(0x0, 0x1000, 0x78000000, &(0x7f0000064000/0x1000)=nil) 2.260174047s ago: executing program 3 (id=1611): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000480)="66f30f0f6782a7660f38cf4b00b9250a00000f3245d9680066b8d0008ec0b9f2030000b800780000ba000000000f300fc77100c442b97d3c689d9d0f0fa301000000a42e430f01c3", 0x48}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000050000f58b04"]) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r5, &(0x7f0000000140)={0x15, 0x110, 0xfa02, {r6, 0x0, 0x30, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"6e40db5d0076a1a5d48829eef778037c"}}, @ib={0x1b, 0x0, 0x0, {"0e00000000ae00000000000004000001"}}}}, 0x118) write$RDMA_USER_CM_CMD_ACCEPT(r4, &(0x7f00000002c0)={0x8, 0x120, 0xfa00, {0x3, {0x9, 0x40, "a59e7895aa2a958753f32bde079ec4f5cea1b3cfb06d06ec8c217d31bcf180b7cb8c1fbfc81eb462992cebbcbedf60cc3f5ab73b10f531534c3562c7ba0f0d1a7d93dfb0177bed784f045219a7fa0cf0b885396b752fed2cd732c6c7f06994a45ed60d7eeda3020b4620cad5b5543879a10dea34792bfb25627f9ce643de63b783e5130a81c0f03f449deffeccca6255e4173b320a0811b17363d1ae92205b29c9c92ab347113706d96ae98151c163ffabc8f48a1a76f3d9bb1085ffa94f06747191a79c883f9b18eabb793d173e987e0fcc5f19cb2061f55c6db2e533c16912e550a6684dda505e6d1ca5cfcf0b11dd3a913cde9b3ae1efbee5e6fdb6d8e74e", 0x6, 0x6, 0x5, 0x8, 0x8, 0x1, 0x5d, 0x1}, r6}}, 0x128) r7 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x78e}}) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000ac0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r7, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000700)={0x64, r8, 0x1, 0x70bd2d, 0x0, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}, {0x6}, {0x5, 0x12, 0x3}, {0x6}, {0x8}}]}, 0x64}, 0x1, 0x0, 0x0, 0x8841}, 0x0) sendmsg$DEVLINK_CMD_SB_POOL_SET(r4, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000500)={0x54, r8, 0x8, 0x70bd25, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x7ff}, {0x8}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x4040814) ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f00000005c0)={0xff, 0x9, 0xe4, 0x3, 0x5a, "3befb8108b4e00d539e6e54b06ed1a4b2bf1a5", 0x1, 0x4}) openat$cgroup_ro(r4, &(0x7f0000000040)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x18, 0x2a, 0x9, 0x0, 0x0, {0x4, 0x0, 0x2c00}, [@nested={0x4, 0x10}]}, 0x18}, 0x1, 0x3000000}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x20004040}, 0x0) close(0xffffffffffffffff) 2.225910362s ago: executing program 1 (id=1612): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000006180)=""/152, 0x98}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) socket$igmp6(0xa, 0x3, 0x2) sched_setaffinity(0x0, 0x0, 0x0) read$msr(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$cec(0x0, 0x0, 0x0) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r2}, 0x0, &(0x7f0000000180)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000400)={0x36, 0x6, 0x0, {0x0, 0x0, 0xd, 0x0, 'dont_appraise'}}, 0x36) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r3}, 0x50) 2.010347583s ago: executing program 3 (id=1613): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000005c0)={0x24, &(0x7f0000000440)={0x20, 0x24, 0xaa, {0xaa, 0x30, "a8ca0d7f3a7855ecdfdc3cec9e6f2bbf2f57c818442bac350c13203e347a4b9009dec58b7d54128a187a1d3c5717d4d728a6f9ef051034596947b750011f069dd5b0c26a239d7a242274842ce09fabbc68800d4ee373498e0ffc8521a125e85d3500287b610f8139479686d23b743200fc8bacb803c7b91fefaf7722a219421dabe5b0cdb264e834aef187c49e91343bb9961d9cf3512623b644ee4f8b6b22f3fd37d2ceb4ccf85e"}}, &(0x7f0000000500)={0x0, 0x3, 0x4, @lang_id={0x4}}, &(0x7f0000000540)={0x0, 0x22, 0x2, {[@global=@item_012={0x1, 0x1, 0x4, "c7"}]}}, &(0x7f0000000580)={0x0, 0x21, 0x9, {0x9, 0x21, 0x0, 0x9, 0x1, {0x22, 0xff4}}}}, &(0x7f0000000880)={0x2c, &(0x7f0000000600)={0x20, 0x17, 0xfd, "3695247b219a8901cc39e53606abe5bf93dbf6c4928825694b50e1db6a9bdfad576addd2aca6dfed4981a8f81e65ff0ff2c648f335c14885f522a6d605a08a4b8c9c4c6db4748aac3156694986bf80155dfbd2de77f0289e50145bb94236dcbdf3d43c29e0d51d5d25fc26a56cba0684b15722552e02cfde118a2a1ee8384d8bf61d3c052c8c6b7e01158fb77b1b6606e55e81fdd5d466045cca78d5f1fa88fc2ddf9c606d2eecb17af812dbca42320d0e8951168fc7c717ed14580607aec1b4bab96aa8c95d3d0d8ca97596167cbe35becacb5c804db410fd87388bff64a481366895d288f38fb49c552fc0a8a6636cdc56dd8caad81c1f2dad3ea59f"}, &(0x7f0000000740)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000780)={0x0, 0x8, 0x1, 0x2}, &(0x7f00000007c0)={0x20, 0x1, 0x3c, "1c554cd830fa6397e12eb98b2ee738012ba2c4efcf3e90de733a786b9c18bdfaabbe7fb833141aad68400f40e98584ea996edbb26cb8fea396eeec4e"}, &(0x7f0000000840)={0x20, 0x3, 0x1, 0x2}}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0) write$dsp(r1, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1830010000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0bfc0000000000000000020000000900010073797a30000000000900020073797a"], 0x54}}, 0x0) writev(r2, &(0x7f0000000040), 0x2) io_uring_setup(0x7ee9, &(0x7f00000002c0)) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)='%-5lx \x00'}, 0x20) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$BATADV_CMD_TP_METER(r4, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x68, r5, 0x4, 0x70bd27, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x4}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @local}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x2}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x1}]}, 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x4) ioctl$AUTOFS_IOC_SETTIMEOUT(r1, 0x80049367, &(0x7f0000000180)=0xc) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r3}, 0x4) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000040)) 1.960061078s ago: executing program 1 (id=1614): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_emit_ethernet(0xda, &(0x7f0000001600)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa000800450000cc0000000000019078640101000000000000000089000000000000ac1414aa862a00000000000d5e000000ff00000000000000054eb8a600129606053d0006ff00800000b61af93a93831300ac1414007f0000017f000001e0000002864c0000000000074b6cefc500000cdf61168c24ac88ad078c000a2189ea43a2149b840012ffd11634eea26b0faffa0dea2e903528000902a20948fd7406000eccf0294e2a3bdb4aa40b249e4408000000000000000000a815a23da43974ff"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) recvmmsg(r2, &(0x7f0000002f00)=[{{0x0, 0x0, 0x0}, 0xfffffff4}], 0x1, 0x40010003, 0x0) syz_io_uring_setup(0x5e2, &(0x7f0000000280), &(0x7f0000000040), &(0x7f0000000180)) io_uring_enter(r1, 0x4e07, 0x0, 0x0, 0x0, 0x0) 1.780229522s ago: executing program 0 (id=1617): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000fc0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000001040)={0x28, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r2}, @val={0xc}}}}, 0x28}}, 0x0) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f0000000040)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r5) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) ioctl$SIOCSIFHWADDR(r5, 0x8b14, &(0x7f0000000000)={'pimreg\x00'}) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@ipv4_newnexthop={0x17, 0x68, 0x521, 0x0, 0x0, {}, [@NHA_OIF={0x8}, @NHA_ID={0x8, 0x1, 0x2}]}, 0x28}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03400000000000000000010000000900010073797a300000000040000000160a07000000000000000000010000000900010073797a30000000000900020073797a3000000000140003800800024000000000080001400000000038000000160a09010000000000000000010000000900020073797a30000000000900010073797a300000000008000740000000000400038014000000110001"], 0xc0}}, 0x0) 1.670491729s ago: executing program 0 (id=1618): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000400)={0x36, 0x6, 0x0, {0x0, 0x0, 0xd, 0x0, 'dont_appraise'}}, 0x36) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1}, 0x50) 1.59052408s ago: executing program 0 (id=1619): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0xc, &(0x7f0000000240)=0x8004, 0x21) sendmsg$netlink(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="1800000056000106000000000000000007"], 0x18}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r5, 0x0, r7, 0x0, 0x6, 0x0) splice(r6, 0x0, r5, 0x0, 0x7f, 0xe) write(r4, 0x0, 0x0) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r8}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000002, 0x4012831, 0xffffffffffffffff, 0x0) r9 = memfd_create(&(0x7f0000000540)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0x0) fcntl$dupfd(r9, 0x0, r9) futex(&(0x7f0000000000), 0x8c, 0x1, 0x0, 0x0, 0x0) 1.590173058s ago: executing program 2 (id=1620): r0 = add_key$user(&(0x7f0000000240), 0x0, &(0x7f0000000200)="1d", 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x0}, &(0x7f0000000740)="69bf05d40ff7e03db3ddca537c6c5612321b25d32064e9ed643d462211406432e87c4d40383939ab8276bfc0294ba021d1ccf9b6b32d1b6c9e8c9737ca2d08305301693ef20a414ca24bed3736d182271d197fc2146a9f55070f3f31155b9081ecbd0fcc0296c88eac143394a776955e8a075194717757c9e085976cac66fd4c5bc83183df2db8205863d7f803e302420e7fc5315861803024f921932a49a4283f6a7d8ab2cbd629e984582467fd6ca63598d554677517903644dc2ef01f8dec", 0xc0, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000280)={r0, r1, r1}, &(0x7f00000002c0)=""/46, 0x2e, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) r3 = fanotify_init(0x81, 0x0) fanotify_mark(r3, 0x105, 0x40001032, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r4) socket$packet(0x11, 0x2, 0x300) ptrace(0x8, r4) wait4(0x0, 0x0, 0x0, 0x0) io_submit(0x0, 0x0, 0x0) rt_tgsigqueueinfo(r4, 0xffffffffffffffff, 0x7, &(0x7f0000000580)={0x5, 0x735, 0x7}) read$FUSE(r3, &(0x7f00000057c0)={0x2020}, 0x2020) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200000300000085000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a4c000000060a01040000000000000000020000000c00064000000000000000020900020073797a32000000000900010073797a30"], 0x60}}, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 1.091953766s ago: executing program 0 (id=1621): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000480)="66f30f0f6782a7660f38cf4b00b9250a00000f3245d9680066b8d0008ec0b9f2030000b800780000ba000000000f300fc77100c442b97d3c689d9d0f0fa301000000a42e430f01c3", 0x48}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000050000f58b04"]) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000140)={0x15, 0x110, 0xfa02, {r5, 0x0, 0x30, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"6e40db5d0076a1a5d48829eef778037c"}}, @ib={0x1b, 0x0, 0x0, {"0e00000000ae00000000000004000001"}}}}, 0x118) write$RDMA_USER_CM_CMD_ACCEPT(r3, &(0x7f00000002c0)={0x8, 0x120, 0xfa00, {0x3, {0x9, 0x40, "a59e7895aa2a958753f32bde079ec4f5cea1b3cfb06d06ec8c217d31bcf180b7cb8c1fbfc81eb462992cebbcbedf60cc3f5ab73b10f531534c3562c7ba0f0d1a7d93dfb0177bed784f045219a7fa0cf0b885396b752fed2cd732c6c7f06994a45ed60d7eeda3020b4620cad5b5543879a10dea34792bfb25627f9ce643de63b783e5130a81c0f03f449deffeccca6255e4173b320a0811b17363d1ae92205b29c9c92ab347113706d96ae98151c163ffabc8f48a1a76f3d9bb1085ffa94f06747191a79c883f9b18eabb793d173e987e0fcc5f19cb2061f55c6db2e533c16912e550a6684dda505e6d1ca5cfcf0b11dd3a913cde9b3ae1efbee5e6fdb6d8e74e", 0x6, 0x6, 0x5, 0x8, 0x8, 0x1, 0x5d, 0x1}, r5}}, 0x128) r6 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x78e}}) r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000ac0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r6, &(0x7f0000001b80)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000700)={0x64, r7, 0x1, 0x70bd2d, 0x0, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8}, {0x6}, {0x5, 0x12, 0x3}, {0x6}, {0x8}}]}, 0x64}, 0x1, 0x0, 0x0, 0x8841}, 0x0) sendmsg$DEVLINK_CMD_SB_POOL_SET(r3, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000500)={0x54, r7, 0x8, 0x70bd25, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x6}, {0x6, 0x11, 0x7ff}, {0x8}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x4040814) ioctl$TCSETSW2(r3, 0x402c542c, &(0x7f00000005c0)={0xff, 0x9, 0xe4, 0x3, 0x5a, "3befb8108b4e00d539e6e54b06ed1a4b2bf1a5", 0x1, 0x4}) openat$cgroup_ro(r3, &(0x7f0000000040)='blkio.throttle.io_service_bytes_recursive\x00', 0x0, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x20004040}, 0x0) close(r8) 900.108881ms ago: executing program 0 (id=1622): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r3, 0xc01064bd, &(0x7f0000000040)={&(0x7f00000000c0)="1b815aad", 0x4}) ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(0xffffffffffffffff, &(0x7f0000003240)={0x0, 0x0, &(0x7f0000003200)={&(0x7f0000003140)={0x50, r4, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private0}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bridge_slave_1\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x50}}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, 0x0, 0x0) fchown(0xffffffffffffffff, 0xee01, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10) r7 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x8, 0x3, 0x2e8, 0x1c0, 0x3, 0xd0e7500, 0x0, 0x60, 0x250, 0x1d8, 0x1d8, 0x250, 0x1d8, 0x3, 0x0, {[{{@ip={@private, @dev={0xac, 0x14, 0xd}, 0x0, 0x0, 'nr0\x00', 'vxcan1\x00', {}, {}, 0x11}, 0x0, 0x158, 0x1c0, 0x0, {0x60000000}, [@common=@inet=@udp={{0x30}}, @common=@unspec=@conntrack1={{0xb8}, {{@ipv6=@mcast2, [], @ipv6=@remote, [], @ipv4=@multicast2, [], @ipv4=@empty}}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x36c, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}, {{@ip={@loopback, @private, 0x0, 0x0, 'tunl0\x00', 'veth1_to_bond\x00'}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x348) sendmsg$IPSET_CMD_LIST(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x1c, 0x7, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4048050}, 0x0) 0s ago: executing program 0 (id=1623): socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket(0x0, 0x0, 0x0) unshare(0x8040080) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r2, r4, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[@ANYBLOB="bbbbbbbbbbbbfff7ffffffff88a800008100000086dd52e561b50010218779880000000000000000000000000001fe800000dfff0000000000000000000000000000040190780070068f000ca8a7"], 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000180), 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) io_setup(0x20, &(0x7f0000001140)) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r6, 0x8910, &(0x7f0000000000)={'vlan1\x00', @ifru_map={0x20000000000004}}) ioctl$sock_netdev_private(r5, 0x89f3, &(0x7f0000000000)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000fcffffff0000000000000018110000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00', r8}, 0x10) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x2, 0x56d, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r9}, 0x38) kernel console output (not intermixed with test programs): [ T7904] sp0: Synchronizing with TNC [ 139.441596][ T39] audit: type=1400 audit(1727898185.038:378): avc: denied { search } for pid=5054 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 139.448790][ T39] audit: type=1400 audit(1727898185.038:379): avc: denied { read } for pid=5054 comm="dhcpcd" name="n72" dev="tmpfs" ino=5085 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 139.456303][ T39] audit: type=1400 audit(1727898185.038:380): avc: denied { open } for pid=5054 comm="dhcpcd" path="/run/udev/data/n72" dev="tmpfs" ino=5085 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 139.463958][ T39] audit: type=1400 audit(1727898185.038:381): avc: denied { getattr } for pid=5054 comm="dhcpcd" path="/run/udev/data/n72" dev="tmpfs" ino=5085 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 139.524783][ T39] audit: type=1400 audit(1727898185.118:382): avc: denied { ioctl } for pid=7905 comm="syz.2.919" path="/dev/sg0" dev="devtmpfs" ino=705 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 139.840231][ T5340] Bluetooth: hci4: command 0x1003 tx timeout [ 139.842761][ T5345] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 140.378742][ T5345] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 140.382803][ T7931] netlink: 20 bytes leftover after parsing attributes in process `syz.2.926'. [ 140.387245][ T7931] netlink: 40 bytes leftover after parsing attributes in process `syz.2.926'. [ 141.276101][ T7940] netlink: 'syz.0.929': attribute type 1 has an invalid length. [ 141.352918][ T7953] binder: 7952:7953 ioctl c0306201 20000680 returned -14 [ 141.416097][ T5345] Bluetooth: hci2: unexpected event for opcode 0x0c46 [ 142.317614][ T7977] netlink: 256 bytes leftover after parsing attributes in process `syz.0.942'. [ 142.842320][ T7982] FAULT_INJECTION: forcing a failure. [ 142.842320][ T7982] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 142.845790][ T7982] CPU: 3 UID: 0 PID: 7982 Comm: syz.1.944 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 142.848591][ T7982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 142.851429][ T7982] Call Trace: [ 142.852307][ T7982] [ 142.853089][ T7982] dump_stack_lvl+0x16c/0x1f0 [ 142.854377][ T7982] should_fail_ex+0x497/0x5b0 [ 142.855622][ T7982] _copy_from_user+0x30/0xf0 [ 142.856834][ T7982] copy_folio_from_user+0xff/0x2a0 [ 142.858247][ T7982] mfill_atomic_copy+0x1ba6/0x1e70 [ 142.859593][ T7982] ? __pfx_mfill_atomic_copy+0x10/0x10 [ 142.861034][ T7982] ? __might_fault+0xe3/0x190 [ 142.862282][ T7982] userfaultfd_ioctl+0x1e50/0x3830 [ 142.863626][ T7982] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 142.865076][ T7982] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 142.866772][ T7982] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 142.868497][ T7982] ? trace_lock_acquire+0x14a/0x1d0 [ 142.869892][ T7982] ? selinux_file_ioctl+0x180/0x270 [ 142.871277][ T7982] ? selinux_file_ioctl+0xb4/0x270 [ 142.872614][ T7982] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 142.874064][ T7982] ? __x64_sys_ioctl+0x18f/0x220 [ 142.875362][ T7982] __x64_sys_ioctl+0x18f/0x220 [ 142.876630][ T7982] do_syscall_64+0xcd/0x250 [ 142.877862][ T7982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.879514][ T7982] RIP: 0033:0x7f3c8857dff9 [ 142.880720][ T7982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.885666][ T7982] RSP: 002b:00007f3c893b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 142.887845][ T7982] RAX: ffffffffffffffda RBX: 00007f3c88735f80 RCX: 00007f3c8857dff9 [ 142.889977][ T7982] RDX: 0000000020000000 RSI: 00000000c028aa03 RDI: 0000000000000003 [ 142.892787][ T7982] RBP: 00007f3c893b7090 R08: 0000000000000000 R09: 0000000000000000 [ 142.895489][ T7982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.897604][ T7982] R13: 0000000000000000 R14: 00007f3c88735f80 R15: 00007ffdc0933a98 [ 142.899766][ T7982] [ 143.520625][ T5345] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 143.801498][ T8013] netlink: 20 bytes leftover after parsing attributes in process `syz.1.955'. [ 143.806927][ T8013] netlink: 20 bytes leftover after parsing attributes in process `syz.1.955'. [ 144.565712][ T8047] netlink: 20 bytes leftover after parsing attributes in process `syz.1.965'. [ 144.820051][ T831] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 144.982677][ T831] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 144.985876][ T831] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 144.989478][ T831] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 144.992947][ T831] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.997294][ T831] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 145.000639][ T831] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 145.003554][ T831] usb 6-1: Product: syz [ 145.004783][ T831] usb 6-1: Manufacturer: syz [ 145.010331][ T831] cdc_wdm 6-1:1.0: skipping garbage [ 145.013022][ T831] cdc_wdm 6-1:1.0: skipping garbage [ 145.016867][ T831] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 145.018459][ T831] cdc_wdm 6-1:1.0: Unknown control protocol [ 145.213570][ T64] usb 6-1: USB disconnect, device number 8 [ 145.305693][ T8061] netlink: 'syz.2.969': attribute type 4 has an invalid length. [ 145.308056][ T8061] netlink: 'syz.2.969': attribute type 4 has an invalid length. [ 145.388340][ T5345] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 145.388809][ T5345] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 145.905317][ T8054] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 145.907711][ T8054] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 145.910227][ T8054] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 145.912753][ T8054] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 145.963075][ T39] kauditd_printk_skb: 9 callbacks suppressed [ 145.963091][ T39] audit: type=1400 audit(1727898447.564:392): avc: denied { ioctl } for pid=8066 comm="syz.2.972" path="user:[4026531837]" dev="nsfs" ino=4026531837 ioctlcmd=0xb706 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 146.145109][ T39] audit: type=1400 audit(1727898447.744:393): avc: denied { watch } for pid=8078 comm="syz.2.977" path="/263/net_prio.prioidx" dev="tmpfs" ino=1418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 146.151359][ T39] audit: type=1400 audit(1727898447.744:394): avc: denied { watch_sb watch_reads } for pid=8078 comm="syz.2.977" path="/263/net_prio.prioidx" dev="tmpfs" ino=1418 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 146.197784][ T8080] netlink: 4 bytes leftover after parsing attributes in process `syz.2.977'. [ 146.498823][ T8079] syz.2.977 (8079): drop_caches: 2 [ 146.503018][ T8080] syz.2.977 (8080) used greatest stack depth: 21200 bytes left [ 146.905341][ T39] audit: type=1400 audit(1727898448.504:395): avc: denied { create } for pid=8093 comm="syz.3.981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 147.200044][ T5340] Bluetooth: hci0: command 0x0419 tx timeout [ 147.521748][ T5340] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 147.522173][ T5340] Bluetooth: hci1: SCO packet for unknown connection handle 1039 [ 147.524811][ T5340] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 147.555738][ T39] audit: type=1400 audit(1727898449.154:396): avc: denied { bind } for pid=8098 comm="syz.1.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 147.562947][ T39] audit: type=1400 audit(1727898449.154:397): avc: denied { listen } for pid=8098 comm="syz.1.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 147.613235][ T5340] Bluetooth: hci1: unexpected event for opcode 0x0c46 [ 147.921653][ T5350] Bluetooth: hci2: command 0x0c1a tx timeout [ 147.921687][ T5345] Bluetooth: hci3: Opcode 0x206c failed: -110 [ 147.923985][ T5340] Bluetooth: hci3: command 0x0419 tx timeout [ 147.928181][ T5345] Bluetooth: hci3: Opcode 0x2046 failed: -110 [ 147.934028][ T5340] Bluetooth: hci4: sending frame failed (-49) [ 147.936260][ T5345] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 148.005067][ T8120] netlink: 'syz.0.990': attribute type 1 has an invalid length. [ 148.020008][ T8120] bond1: entered promiscuous mode [ 148.055448][ T8120] bond1: (slave veth3): Enslaving as an active interface with a down link [ 148.059574][ T8120] netlink: 4 bytes leftover after parsing attributes in process `syz.0.990'. [ 148.064904][ T8120] bond1 (unregistering): (slave veth3): Releasing active interface [ 148.069696][ T8120] bond1 (unregistering): Released all slaves [ 148.117791][ T8119] 9pnet_fd: Insufficient options for proto=fd [ 148.164352][ T5345] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 148.164653][ T5345] Bluetooth: hci3: SCO packet for unknown connection handle 1039 [ 148.166990][ T5345] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 148.672071][ T8134] netlink: 20 bytes leftover after parsing attributes in process `syz.1.995'. [ 148.869089][ T5345] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 148.869148][ T5345] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 148.872056][ T5345] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 149.111495][ T8162] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 149.113502][ T8162] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 149.116796][ T8162] vhci_hcd vhci_hcd.0: Device attached [ 149.150121][ T35] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 149.189140][ T8163] vhci_hcd: cannot find a urb of seqnum 9 max seqnum 0 [ 149.189978][ T11] nci: nci_extract_activation_params_iso_dep: unsupported activation_rf_tech_and_mode 0x80 [ 149.194180][ T217] vhci_hcd: stop threads [ 149.196811][ T217] vhci_hcd: release socket [ 149.198389][ T217] vhci_hcd: disconnect device [ 149.311192][ T35] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 149.313673][ T35] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 149.316396][ T35] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 149.318789][ T35] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 149.323030][ T35] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 149.325386][ T35] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 149.327465][ T35] usb 6-1: Product: syz [ 149.328559][ T35] usb 6-1: Manufacturer: syz [ 149.334310][ T35] cdc_wdm 6-1:1.0: skipping garbage [ 149.335720][ T35] cdc_wdm 6-1:1.0: skipping garbage [ 149.338141][ T35] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 149.340172][ T35] cdc_wdm 6-1:1.0: Unknown control protocol [ 149.535786][ T831] usb 6-1: USB disconnect, device number 9 [ 150.000135][ T5345] Bluetooth: hci3: command 0x0419 tx timeout [ 150.596964][ T5345] Bluetooth: hci2: unexpected event for opcode 0x0c46 [ 150.647545][ T5345] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 150.648734][ T5345] Bluetooth: hci0: SCO packet for unknown connection handle 1039 [ 150.650925][ T5345] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 151.001626][ T829] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 151.154825][ T829] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 151.159358][ T829] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.162479][ T829] usb 8-1: Product: syz [ 151.163597][ T829] usb 8-1: Manufacturer: syz [ 151.164798][ T829] usb 8-1: SerialNumber: syz [ 151.167922][ T829] usb 8-1: config 0 descriptor?? [ 151.445194][ T56] usb 8-1: USB disconnect, device number 9 [ 152.080129][ T5340] Bluetooth: hci3: command 0x0419 tx timeout [ 152.720080][ T5340] Bluetooth: hci4: command 0x1003 tx timeout [ 152.722228][ T5345] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 152.841308][ T8241] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1030'. [ 153.080034][ T829] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 153.231447][ T829] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 153.233480][ T829] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 153.235802][ T829] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 153.237912][ T829] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.242154][ T829] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 153.244433][ T829] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 153.246631][ T829] usb 6-1: Product: syz [ 153.247744][ T829] usb 6-1: Manufacturer: syz [ 153.252606][ T829] cdc_wdm 6-1:1.0: skipping garbage [ 153.254263][ T829] cdc_wdm 6-1:1.0: skipping garbage [ 153.257697][ T829] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 153.259360][ T829] cdc_wdm 6-1:1.0: Unknown control protocol [ 153.263292][ T8249] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1032'. [ 153.360224][ T56] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 153.453505][ T30] usb 6-1: USB disconnect, device number 10 [ 153.500004][ T829] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 153.510055][ T56] usb 8-1: Using ep0 maxpacket: 32 [ 153.514612][ T56] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 153.516823][ T56] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 153.519686][ T56] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 153.523691][ T56] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 153.528319][ T56] usb 8-1: config 0 interface 0 has no altsetting 0 [ 153.532693][ T56] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 153.535983][ T56] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 153.538421][ T56] usb 8-1: Product: syz [ 153.539518][ T56] usb 8-1: Manufacturer: syz [ 153.541351][ T56] usb 8-1: SerialNumber: syz [ 153.543600][ T56] usb 8-1: config 0 descriptor?? [ 153.547570][ T56] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 153.551040][ T56] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 153.671519][ T829] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 153.673852][ T829] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 153.676583][ T829] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 153.678942][ T829] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.683279][ T829] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 153.685691][ T829] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 153.687852][ T829] usb 5-1: Product: syz [ 153.688963][ T829] usb 5-1: Manufacturer: syz [ 153.692402][ T829] cdc_wdm 5-1:1.0: skipping garbage [ 153.693821][ T829] cdc_wdm 5-1:1.0: skipping garbage [ 153.695812][ T829] cdc_wdm 5-1:1.0: cdc-wdm1: USB WDM device [ 153.697372][ T829] cdc_wdm 5-1:1.0: Unknown control protocol [ 153.902888][ T30] usb 5-1: USB disconnect, device number 6 [ 156.328364][ T39] audit: type=1400 audit(1727898457.924:398): avc: denied { write } for pid=8286 comm="syz.0.1044" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 156.348738][ T5345] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 156.348997][ T5345] Bluetooth: hci3: SCO packet for unknown connection handle 1039 [ 156.460217][ T8291] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 156.467350][ T8291] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 156.469082][ T8291] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 156.471322][ T8291] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 156.619983][ T8295] Invalid logical block size (16) [ 156.686804][ T8310] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1049'. [ 156.766407][ T5345] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 156.766620][ T5345] Bluetooth: hci3: SCO packet for unknown connection handle 1039 [ 156.940002][ T831] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 157.018998][ T63] usb 8-1: USB disconnect, device number 10 [ 157.030875][ T63] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 157.092133][ T831] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 157.096866][ T831] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 157.099379][ T831] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 157.105010][ T831] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.111245][ T831] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 157.113552][ T831] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 157.115614][ T831] usb 6-1: Product: syz [ 157.116674][ T831] usb 6-1: Manufacturer: syz [ 157.124968][ T831] cdc_wdm 6-1:1.0: skipping garbage [ 157.126275][ T831] cdc_wdm 6-1:1.0: skipping garbage [ 157.131397][ T831] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 157.132950][ T831] cdc_wdm 6-1:1.0: Unknown control protocol [ 157.326373][ T829] usb 6-1: USB disconnect, device number 11 [ 157.659342][ T8341] Illegal XDP return value 1885926829 on prog (id 192) dev N/A, expect packet loss! [ 157.670470][ T39] audit: type=1400 audit(1727898459.274:399): avc: denied { search } for pid=4816 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 157.677604][ T5345] Bluetooth: hci3: unexpected event for opcode 0x1004 [ 157.782348][ T8350] netlink: 'syz.2.1066': attribute type 1 has an invalid length. [ 157.788011][ T8350] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1066'. [ 157.793739][ T39] audit: type=1400 audit(1727898459.394:400): avc: denied { read } for pid=8348 comm="syz.2.1066" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 157.794187][ T8350] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1066'. [ 157.800117][ T39] audit: type=1400 audit(1727898459.394:401): avc: denied { open } for pid=8348 comm="syz.2.1066" path="/dev/fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 157.808617][ T39] audit: type=1400 audit(1727898459.394:402): avc: denied { ioctl } for pid=8348 comm="syz.2.1066" path="/dev/fb0" dev="devtmpfs" ino=637 ioctlcmd=0x4608 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 157.895333][ T8354] fuse: Bad value for 'fd' [ 157.963511][ T8356] 9pnet_fd: Insufficient options for proto=fd [ 158.014876][ T39] audit: type=1400 audit(1727898459.614:403): avc: denied { connect } for pid=8357 comm="syz.3.1069" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 158.086324][ T8359] netlink: 'syz.3.1069': attribute type 13 has an invalid length. [ 158.089564][ T8359] veth0_macvtap: left promiscuous mode [ 158.091351][ T8359] macvtap0: entered allmulticast mode [ 158.095990][ T8359] macvtap0: refused to change device tx_queue_len [ 158.187585][ T8361] x_tables: duplicate underflow at hook 1 [ 158.480076][ T5345] Bluetooth: hci2: command 0x0c1a tx timeout [ 158.480148][ T5340] Bluetooth: hci1: command 0x0c1a tx timeout [ 158.480210][ T5350] Bluetooth: hci0: command 0x0419 tx timeout [ 158.654350][ T5340] Bluetooth: hci2: unexpected event for opcode 0x0c46 [ 158.719497][ T5345] Bluetooth: hci4: sending frame failed (-49) [ 158.722738][ T5340] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 159.077334][ T39] audit: type=1400 audit(1727898460.674:404): avc: denied { mount } for pid=8374 comm="syz.3.1075" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 159.082096][ T8375] Bluetooth: MGMT ver 1.23 [ 159.087869][ T39] audit: type=1400 audit(1727898460.684:405): avc: denied { bind } for pid=8374 comm="syz.3.1075" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 159.166132][ T8381] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1079'. [ 159.169587][ T8381] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1079'. [ 159.174018][ T8381] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1079'. [ 159.177253][ T8381] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1079'. [ 159.180406][ T8382] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1079'. [ 159.187715][ T39] audit: type=1400 audit(1727898460.784:406): avc: denied { bind } for pid=8380 comm="syz.0.1079" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 159.427116][ T8396] fuse: Bad value for 'fd' [ 159.570183][ T39] audit: type=1400 audit(1727898461.164:407): avc: denied { setopt } for pid=8397 comm="syz.2.1083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 160.340107][ T64] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 160.500022][ T64] usb 8-1: Using ep0 maxpacket: 8 [ 160.505213][ T64] usb 8-1: unable to read config index 0 descriptor/start: -61 [ 160.507372][ T64] usb 8-1: can't read configurations, error -61 [ 160.663418][ T64] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 160.810023][ T64] usb 8-1: Using ep0 maxpacket: 8 [ 160.814985][ T64] usb 8-1: unable to read config index 0 descriptor/start: -61 [ 160.817852][ T64] usb 8-1: can't read configurations, error -61 [ 160.824073][ T64] usb usb8-port1: attempt power cycle [ 161.052566][ T8431] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1092'. [ 161.160122][ T64] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 161.180711][ T64] usb 8-1: Using ep0 maxpacket: 8 [ 161.184531][ T64] usb 8-1: unable to read config index 0 descriptor/start: -61 [ 161.187276][ T64] usb 8-1: can't read configurations, error -61 [ 161.309994][ T63] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 161.335263][ T64] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 161.350719][ T64] usb 8-1: Using ep0 maxpacket: 8 [ 161.355508][ T64] usb 8-1: unable to read config index 0 descriptor/start: -61 [ 161.357618][ T64] usb 8-1: can't read configurations, error -61 [ 161.359850][ T64] usb usb8-port1: unable to enumerate USB device [ 161.462864][ T63] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 161.465126][ T63] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 161.468246][ T63] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 161.471105][ T63] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 161.475634][ T63] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 161.478441][ T63] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 161.481146][ T63] usb 5-1: Product: syz [ 161.482467][ T63] usb 5-1: Manufacturer: syz [ 161.492950][ T63] cdc_wdm 5-1:1.0: skipping garbage [ 161.494828][ T63] cdc_wdm 5-1:1.0: skipping garbage [ 161.498339][ T63] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 161.501570][ T63] cdc_wdm 5-1:1.0: Unknown control protocol [ 161.683280][ T5340] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 161.685542][ T5340] Bluetooth: hci3: Injecting HCI hardware error event [ 161.688546][ T5340] Bluetooth: hci3: hardware error 0x00 [ 161.696831][ T63] usb 5-1: USB disconnect, device number 7 [ 162.494229][ T8443] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 162.570466][ T5345] Bluetooth: hci2: unexpected event for opcode 0x0c46 [ 163.190725][ T8458] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 163.193464][ T8458] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 163.194988][ T8458] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 163.760019][ T5340] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 163.793089][ T8475] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1109'. [ 163.874063][ T39] kauditd_printk_skb: 2 callbacks suppressed [ 163.874074][ T39] audit: type=1400 audit(1727898465.474:410): avc: denied { getopt } for pid=8476 comm="syz.1.1110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 163.907585][ T8480] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1110'. [ 163.961100][ T8485] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 163.963059][ T8485] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 163.964842][ T8485] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 164.600571][ T56] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 164.640097][ T5340] Bluetooth: hci4: command 0x1003 tx timeout [ 164.640135][ T5345] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 164.750061][ T56] usb 8-1: Using ep0 maxpacket: 16 [ 164.756597][ T56] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 164.759782][ T56] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 164.763138][ T56] usb 8-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 164.765519][ T56] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.774959][ T56] usb 8-1: config 0 descriptor?? [ 165.078182][ T8497] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1116'. [ 165.080790][ T39] audit: type=1400 audit(1727898466.674:411): avc: denied { setopt } for pid=8496 comm="syz.0.1116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 165.184488][ T56] usbhid 8-1:0.0: can't add hid device: -71 [ 165.187223][ T56] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 165.198240][ T56] usb 8-1: USB disconnect, device number 15 [ 165.577656][ T8519] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket pid=8519 comm=syz.0.1123 [ 165.638370][ T8521] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1122'. [ 165.880154][ T831] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 165.883505][ T1102] Bluetooth: hci4: Frame reassembly failed (-84) [ 166.000051][ T5340] Bluetooth: hci2: command 0x0c1a tx timeout [ 166.000126][ T5350] Bluetooth: hci1: command 0x0c1a tx timeout [ 166.000890][ T5347] Bluetooth: hci0: command 0x0419 tx timeout [ 166.031658][ T831] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 166.034288][ T831] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 166.036943][ T831] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 166.039391][ T831] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.044216][ T831] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 166.046641][ T831] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 166.048783][ T831] usb 7-1: Product: syz [ 166.050248][ T831] usb 7-1: Manufacturer: syz [ 166.056326][ T831] cdc_wdm 7-1:1.0: skipping garbage [ 166.057790][ T831] cdc_wdm 7-1:1.0: skipping garbage [ 166.060716][ T831] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 166.062451][ T831] cdc_wdm 7-1:1.0: Unknown control protocol [ 166.261499][ T829] usb 7-1: USB disconnect, device number 8 [ 166.434445][ T8547] warning: `syz.1.1133' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 166.597054][ T39] audit: type=1400 audit(1727898468.194:412): avc: denied { create } for pid=8550 comm="syz.1.1135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 166.602374][ T39] audit: type=1400 audit(1727898468.194:413): avc: denied { read } for pid=8550 comm="syz.1.1135" path="socket:[20148]" dev="sockfs" ino=20148 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 166.724652][ T39] audit: type=1400 audit(1727898468.324:414): avc: denied { block_suspend } for pid=8555 comm="syz.3.1137" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 166.810435][ T8559] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 166.812131][ T8559] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 166.813807][ T8559] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 167.697595][ T8573] netlink: 'syz.1.1143': attribute type 5 has an invalid length. [ 167.920080][ T5345] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 167.920089][ T5340] Bluetooth: hci4: command 0x1003 tx timeout [ 167.965751][ T39] audit: type=1400 audit(1727898469.564:415): avc: denied { sqpoll } for pid=8581 comm="syz.3.1145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 168.139092][ T39] audit: type=1400 audit(1727898469.734:416): avc: denied { read } for pid=8594 comm="syz.3.1149" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 168.147034][ T39] audit: type=1400 audit(1727898469.734:417): avc: denied { open } for pid=8594 comm="syz.3.1149" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1 [ 168.517117][ T8604] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 168.519583][ T8604] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 168.519798][ T8609] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1154'. [ 168.522132][ T8604] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 168.557396][ T39] audit: type=1400 audit(1727898470.154:418): avc: denied { write } for pid=8611 comm="syz.0.1155" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 168.608674][ T39] audit: type=1400 audit(1727898470.204:419): avc: denied { execute } for pid=8611 comm="syz.0.1155" path="/dev/hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 168.839998][ T64] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 169.000034][ T64] usb 7-1: Using ep0 maxpacket: 16 [ 169.003646][ T64] usb 7-1: config 129 has an invalid interface number: 209 but max is 1 [ 169.006271][ T64] usb 7-1: config 129 has an invalid interface number: 223 but max is 1 [ 169.008760][ T64] usb 7-1: config 129 has no interface number 0 [ 169.011154][ T64] usb 7-1: config 129 has no interface number 1 [ 169.013089][ T64] usb 7-1: config 129 interface 209 altsetting 6 bulk endpoint 0xB has invalid maxpacket 64 [ 169.016028][ T64] usb 7-1: config 129 interface 209 altsetting 6 endpoint 0x5 has invalid maxpacket 1032, setting to 64 [ 169.019399][ T64] usb 7-1: config 129 interface 209 altsetting 6 has a duplicate endpoint with address 0x83, skipping [ 169.023318][ T64] usb 7-1: config 129 interface 209 altsetting 6 has an endpoint descriptor with address 0x52, changing to 0x2 [ 169.027406][ T64] usb 7-1: config 129 interface 209 altsetting 6 endpoint 0x2 has invalid maxpacket 48322, setting to 1024 [ 169.031045][ T64] usb 7-1: config 129 interface 209 altsetting 6 bulk endpoint 0x2 has invalid maxpacket 1024 [ 169.034397][ T64] usb 7-1: config 129 interface 209 altsetting 6 has a duplicate endpoint with address 0xB, skipping [ 169.037686][ T64] usb 7-1: config 129 interface 209 altsetting 6 has a duplicate endpoint with address 0x2, skipping [ 169.041238][ T64] usb 7-1: config 129 interface 209 altsetting 6 endpoint 0x1 has invalid maxpacket 1023, setting to 64 [ 169.044475][ T64] usb 7-1: config 129 interface 209 altsetting 6 has a duplicate endpoint with address 0x1, skipping [ 169.047412][ T64] usb 7-1: config 129 interface 209 altsetting 6 has a duplicate endpoint with address 0x3, skipping [ 169.050534][ T64] usb 7-1: config 129 interface 209 altsetting 6 has 11 endpoint descriptors, different from the interface descriptor's value: 10 [ 169.054280][ T64] usb 7-1: config 129 interface 223 altsetting 254 has an invalid descriptor for endpoint zero, skipping [ 169.057281][ T64] usb 7-1: config 129 interface 223 altsetting 254 has a duplicate endpoint with address 0x8, skipping [ 169.060258][ T64] usb 7-1: config 129 interface 223 altsetting 254 has an invalid descriptor for endpoint zero, skipping [ 169.063371][ T64] usb 7-1: config 129 interface 223 altsetting 254 bulk endpoint 0xA has invalid maxpacket 64 [ 169.066144][ T64] usb 7-1: config 129 interface 223 altsetting 254 has a duplicate endpoint with address 0xD, skipping [ 169.069071][ T64] usb 7-1: config 129 interface 223 altsetting 254 has a duplicate endpoint with address 0xD, skipping [ 169.072509][ T64] usb 7-1: config 129 interface 223 altsetting 254 has a duplicate endpoint with address 0xB, skipping [ 169.076146][ T64] usb 7-1: config 129 interface 223 altsetting 254 has a duplicate endpoint with address 0x5, skipping [ 169.079420][ T64] usb 7-1: config 129 interface 223 altsetting 254 has an endpoint descriptor with address 0x39, changing to 0x9 [ 169.082910][ T64] usb 7-1: config 129 interface 223 altsetting 254 endpoint 0x9 has invalid maxpacket 22028, setting to 64 [ 169.086269][ T64] usb 7-1: config 129 interface 223 altsetting 254 has a duplicate endpoint with address 0x5, skipping [ 169.089362][ T64] usb 7-1: config 129 interface 223 altsetting 254 has an invalid descriptor for endpoint zero, skipping [ 169.092699][ T64] usb 7-1: config 129 interface 223 altsetting 254 has an invalid descriptor for endpoint zero, skipping [ 169.096212][ T64] usb 7-1: config 129 interface 223 altsetting 254 has 15 endpoint descriptors, different from the interface descriptor's value: 14 [ 169.100252][ T64] usb 7-1: config 129 interface 209 has no altsetting 0 [ 169.102591][ T64] usb 7-1: config 129 interface 223 has no altsetting 0 [ 169.107515][ T64] usb 7-1: New USB device found, idVendor=0bb4, idProduct=0a28, bcdDevice=ba.3f [ 169.110232][ T64] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.112583][ T64] usb 7-1: Product: 㷻氽奇गṅ퐰몺퓓歱떈뙉㣺琌쑻ꚇΣẇ搧绌僈匤怃硺丢둪挃팮ரߞ姑竿鳖墀杶ꂊ濅쀟玓䊞ꜰ᳔䗪䊻糃Ი龴짍⃩ⴾ俍좎쓛⇁劄쮱ﵜ煋鿩뉖ⴂ⹢⬘ [ 169.119018][ T64] usb 7-1: Manufacturer: ဆ뜻ᵕ푼Ụ㠬ᛦ륊᩵ [ 169.121122][ T64] usb 7-1: SerialNumber: 垦䷿竫孵䧭釙辺ꜩ佖⺶臘鶠턠˗᫖꽷ᣗ혇䋾휭횦䈑첚뼿멩礢퉶멋ҔҲ刁䧤滍䍲⁎ꃁᠨ윥嘱呗朗퍅롯練튀铂픗≹䱧쒛咖摝魓螜蟑뤦犩뮟珃훪ꗈѣᶲ๻夵蒮푩℉偬搀片ᅄ獵ꜜ콍舤깔馕忽쀬ઘꍽ⊀럳濤鎒ᇂ騄㲟悛鱾ﱝɶ럞㿪寙좒艵榈鳩狺绦됕ᆔ糠 [ 169.134830][ T8615] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 169.137911][ T8615] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 169.140641][ T8615] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 169.220049][ T56] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 169.355776][ T64] usb 7-1: USB disconnect, device number 9 [ 169.380493][ T56] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 169.383491][ T56] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.386252][ T56] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.391093][ T56] usb 6-1: config 0 interface 0 has no altsetting 0 [ 169.394439][ T56] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.397657][ T56] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.403451][ T56] usb 6-1: config 0 interface 0 has no altsetting 0 [ 169.404774][ T8630] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1161'. [ 169.406587][ T56] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.411716][ T56] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.414543][ T56] usb 6-1: config 0 interface 0 has no altsetting 0 [ 169.417228][ T56] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.419794][ T56] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.423466][ T56] usb 6-1: config 0 interface 0 has no altsetting 0 [ 169.426633][ T56] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.429821][ T56] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.433886][ T56] usb 6-1: config 0 interface 0 has no altsetting 0 [ 169.437292][ T56] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.440621][ T56] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.444516][ T56] usb 6-1: config 0 interface 0 has no altsetting 0 [ 169.449401][ T56] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.452299][ T56] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.455819][ T56] usb 6-1: config 0 interface 0 has no altsetting 0 [ 169.458344][ T56] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 169.460903][ T56] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 169.463765][ T56] usb 6-1: config 0 interface 0 has no altsetting 0 [ 169.466950][ T56] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 169.469610][ T56] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 169.474349][ T56] usb 6-1: Product: syz [ 169.475955][ T56] usb 6-1: Manufacturer: syz [ 169.477675][ T56] usb 6-1: SerialNumber: syz [ 169.482639][ T56] usb 6-1: config 0 descriptor?? [ 169.487083][ T56] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 169.660018][ T829] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 169.693582][ T56] usb 6-1: USB disconnect, device number 12 [ 169.696888][ T56] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 169.821467][ T829] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 169.824120][ T829] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 169.827410][ T829] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 169.829739][ T829] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.834666][ T829] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 169.837307][ T829] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 169.839467][ T829] usb 8-1: Product: syz [ 169.840929][ T829] usb 8-1: Manufacturer: syz [ 169.847662][ T829] cdc_wdm 8-1:1.0: skipping garbage [ 169.849228][ T829] cdc_wdm 8-1:1.0: skipping garbage [ 169.852465][ T829] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 169.854760][ T829] cdc_wdm 8-1:1.0: Unknown control protocol [ 169.956124][ T8655] FAULT_INJECTION: forcing a failure. [ 169.956124][ T8655] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 169.963912][ T8655] CPU: 2 UID: 0 PID: 8655 Comm: syz.0.1170 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 169.966710][ T8655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 169.970203][ T8655] Call Trace: [ 169.971428][ T8655] [ 169.972507][ T8655] dump_stack_lvl+0x16c/0x1f0 [ 169.974261][ T8655] should_fail_ex+0x497/0x5b0 [ 169.975976][ T8655] _copy_from_user+0x30/0xf0 [ 169.977557][ T8655] copy_folio_from_user+0xff/0x2a0 [ 169.979371][ T8655] mfill_atomic_copy+0x1ba6/0x1e70 [ 169.981204][ T8655] ? __pfx_mfill_atomic_copy+0x10/0x10 [ 169.983160][ T8655] ? __might_fault+0xe3/0x190 [ 169.984649][ T8655] userfaultfd_ioctl+0x1e50/0x3830 [ 169.986012][ T8655] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 169.987435][ T8655] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 169.989566][ T8655] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 169.991884][ T8655] ? trace_lock_acquire+0x14a/0x1d0 [ 169.993774][ T8655] ? selinux_file_ioctl+0x180/0x270 [ 169.995569][ T8655] ? selinux_file_ioctl+0xb4/0x270 [ 169.997417][ T8655] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 169.999387][ T8655] ? __x64_sys_ioctl+0x18f/0x220 [ 170.001152][ T8655] __x64_sys_ioctl+0x18f/0x220 [ 170.002602][ T8655] do_syscall_64+0xcd/0x250 [ 170.003781][ T8655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 170.005333][ T8655] RIP: 0033:0x7fc90457dff9 [ 170.006655][ T8655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.013082][ T8655] RSP: 002b:00007fc9052f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 170.015888][ T8655] RAX: ffffffffffffffda RBX: 00007fc904735f80 RCX: 00007fc90457dff9 [ 170.018484][ T8655] RDX: 0000000020000000 RSI: 00000000c028aa03 RDI: 0000000000000003 [ 170.021246][ T8655] RBP: 00007fc9052f6090 R08: 0000000000000000 R09: 0000000000000000 [ 170.023987][ T8655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 170.026704][ T8655] R13: 0000000000000000 R14: 00007fc904735f80 R15: 00007fff579fc568 [ 170.029562][ T8655] [ 170.048653][ T829] usb 8-1: USB disconnect, device number 16 [ 170.104864][ T39] audit: type=1400 audit(1727898471.704:420): avc: denied { mount } for pid=8659 comm="syz.0.1172" name="/" dev="configfs" ino=2107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 170.114958][ T39] audit: type=1400 audit(1727898471.714:421): avc: denied { setattr } for pid=8659 comm="syz.0.1172" name="/" dev="configfs" ino=2107 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 170.131421][ T39] audit: type=1400 audit(1727898471.734:422): avc: denied { unmount } for pid=5346 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 170.200923][ T8664] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 170.203227][ T8664] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 170.204864][ T8664] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 170.547397][ T8681] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1178'. [ 170.579870][ T39] audit: type=1400 audit(1727898472.174:423): avc: denied { write } for pid=8686 comm="syz.1.1181" name="sg0" dev="devtmpfs" ino=705 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 170.588177][ T39] audit: type=1400 audit(1727898472.184:424): avc: denied { write } for pid=8686 comm="syz.1.1181" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 170.740105][ T8693] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 170.742941][ T8693] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 170.744734][ T8693] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 170.783796][ T39] audit: type=1326 audit(1727898472.384:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8694 comm="syz.2.1184" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff33df7dff9 code=0x0 [ 170.996646][ T39] audit: type=1400 audit(1727898472.594:426): avc: denied { create } for pid=8694 comm="syz.2.1184" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 170.996987][ T5345] Bluetooth: hci2: unexpected event for opcode 0x2029 [ 171.003059][ T39] audit: type=1400 audit(1727898472.604:427): avc: denied { write } for pid=8694 comm="syz.2.1184" name="file0" dev="tmpfs" ino=1722 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 171.010045][ T39] audit: type=1400 audit(1727898472.604:428): avc: denied { open } for pid=8694 comm="syz.2.1184" path="/313/file0" dev="tmpfs" ino=1722 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 171.010065][ T39] audit: type=1400 audit(1727898472.604:429): avc: denied { ioctl } for pid=8694 comm="syz.2.1184" path="/313/file0" dev="tmpfs" ino=1722 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 171.360006][ T831] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 171.511814][ T831] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 171.514623][ T831] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 171.516944][ T831] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 171.519778][ T831] usb 5-1: config 0 interface 0 has no altsetting 0 [ 171.522974][ T831] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 171.525341][ T831] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 171.528160][ T831] usb 5-1: config 0 interface 0 has no altsetting 0 [ 171.530917][ T831] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 171.533278][ T831] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 171.536070][ T831] usb 5-1: config 0 interface 0 has no altsetting 0 [ 171.538526][ T831] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 171.541375][ T831] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 171.544190][ T831] usb 5-1: config 0 interface 0 has no altsetting 0 [ 171.547068][ T831] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 171.549416][ T831] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 171.552336][ T831] usb 5-1: config 0 interface 0 has no altsetting 0 [ 171.555082][ T831] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 171.557382][ T831] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 171.560437][ T831] usb 5-1: config 0 interface 0 has no altsetting 0 [ 171.563273][ T831] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 171.565571][ T831] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 171.568350][ T831] usb 5-1: config 0 interface 0 has no altsetting 0 [ 171.570998][ T831] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 171.573347][ T831] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 171.576115][ T831] usb 5-1: config 0 interface 0 has no altsetting 0 [ 171.579777][ T831] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 171.582289][ T831] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 171.584456][ T831] usb 5-1: Product: syz [ 171.585558][ T831] usb 5-1: Manufacturer: syz [ 171.586773][ T831] usb 5-1: SerialNumber: syz [ 171.589864][ T831] usb 5-1: config 0 descriptor?? [ 171.593403][ T831] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 171.800161][ T831] usb 5-1: USB disconnect, device number 8 [ 171.804820][ T831] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 172.410478][ T8724] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 172.412500][ T8724] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 172.415511][ T8724] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 172.499514][ T5345] Bluetooth: hci1: unexpected event for opcode 0x0c46 [ 172.710249][ T64] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 172.859971][ T64] usb 7-1: Using ep0 maxpacket: 8 [ 172.863076][ T64] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 172.865741][ T64] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 172.868415][ T64] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 172.871102][ T64] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 172.875496][ T64] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 172.878839][ T64] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.091216][ T64] usb 7-1: GET_CAPABILITIES returned 0 [ 173.093556][ T64] usbtmc 7-1:16.0: can't read capabilities [ 173.298406][ T831] usb 7-1: USB disconnect, device number 10 [ 173.720591][ T8758] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 173.723099][ T8758] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 173.724817][ T8758] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 174.270048][ T829] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 174.450053][ T829] usb 7-1: Using ep0 maxpacket: 8 [ 174.453142][ T829] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 174.455854][ T829] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 174.458482][ T829] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 174.461213][ T829] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 174.464814][ T829] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 174.467238][ T829] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.540050][ T64] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 174.640028][ T5345] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 174.640114][ T5340] Bluetooth: hci4: command 0x1003 tx timeout [ 174.674186][ T829] usb 7-1: GET_CAPABILITIES returned 0 [ 174.675664][ T829] usbtmc 7-1:16.0: can't read capabilities [ 174.700452][ T64] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 174.703500][ T64] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.705887][ T64] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.708800][ T64] usb 8-1: config 0 interface 0 has no altsetting 0 [ 174.711566][ T64] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.714068][ T64] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.716878][ T64] usb 8-1: config 0 interface 0 has no altsetting 0 [ 174.719365][ T64] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.722050][ T64] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.725085][ T64] usb 8-1: config 0 interface 0 has no altsetting 0 [ 174.727561][ T64] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.730086][ T64] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.732923][ T64] usb 8-1: config 0 interface 0 has no altsetting 0 [ 174.735718][ T64] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.738189][ T64] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.741524][ T64] usb 8-1: config 0 interface 0 has no altsetting 0 [ 174.743972][ T64] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.746511][ T64] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.749420][ T64] usb 8-1: config 0 interface 0 has no altsetting 0 [ 174.752124][ T64] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.754669][ T64] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.757701][ T64] usb 8-1: config 0 interface 0 has no altsetting 0 [ 174.760314][ T64] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 174.762734][ T64] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 174.765829][ T64] usb 8-1: config 0 interface 0 has no altsetting 0 [ 174.769230][ T64] usb 8-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 174.772146][ T64] usb 8-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 174.774337][ T64] usb 8-1: Product: syz [ 174.775608][ T64] usb 8-1: Manufacturer: syz [ 174.776872][ T64] usb 8-1: SerialNumber: syz [ 174.779693][ T64] usb 8-1: config 0 descriptor?? [ 174.783077][ T64] yurex 8-1:0.0: USB YUREX device now attached to Yurex #1 [ 174.935773][ T829] usb 7-1: USB disconnect, device number 11 [ 174.991608][ T64] usb 8-1: USB disconnect, device number 17 [ 174.994148][ T64] yurex 8-1:0.0: USB YUREX #1 now disconnected [ 175.761008][ T5345] Bluetooth: hci2: command 0x0c1a tx timeout [ 175.761094][ T5340] Bluetooth: hci1: command 0x0c1a tx timeout [ 175.763063][ T5345] Bluetooth: hci0: command 0x0419 tx timeout [ 176.182252][ T39] kauditd_printk_skb: 4 callbacks suppressed [ 176.182263][ T39] audit: type=1326 audit(1727898477.784:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8804 comm="syz.1.1219" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3c8857dff9 code=0x0 [ 176.254937][ T1112] Bluetooth: hci4: Frame reassembly failed (-84) [ 176.411829][ T5350] Bluetooth: hci1: unexpected event for opcode 0x2029 [ 176.439019][ T39] audit: type=1400 audit(1727898478.034:435): avc: denied { write } for pid=8819 comm="syz.2.1223" path="socket:[21848]" dev="sockfs" ino=21848 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 176.445546][ T8820] IPv4: Oversized IP packet from 172.20.20.11 [ 176.452603][ T8820] IPv4: Oversized IP packet from 172.20.20.11 [ 176.456498][ T8820] IPv4: Oversized IP packet from 172.20.20.11 [ 176.460713][ T8820] IPv4: Oversized IP packet from 172.20.20.11 [ 176.466904][ T8820] IPv4: Oversized IP packet from 172.20.20.11 [ 176.471489][ T8820] IPv4: Oversized IP packet from 172.20.20.11 [ 176.475073][ T8820] IPv4: Oversized IP packet from 172.20.20.11 [ 176.478713][ T8820] IPv4: Oversized IP packet from 172.20.20.11 [ 176.482403][ T8820] IPv4: Oversized IP packet from 172.20.20.11 [ 176.486374][ T8820] IPv4: Oversized IP packet from 172.20.20.11 [ 178.053949][ T5350] Bluetooth: hci1: unexpected event for opcode 0x0c46 [ 178.123735][ T5340] Bluetooth: hci5: sending frame failed (-49) [ 178.126091][ T5350] Bluetooth: hci5: Opcode 0x1003 failed: -49 [ 178.320021][ T5350] Bluetooth: hci4: command 0x1003 tx timeout [ 178.320063][ T5345] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 178.971056][ T8865] netlink: 'syz.0.1239': attribute type 4 has an invalid length. [ 178.973178][ T8869] libceph: resolve '40.' (ret=-3): failed [ 178.996370][ T39] audit: type=1400 audit(1727898480.594:436): avc: denied { open } for pid=8873 comm="syz.0.1242" path="/dev/ptyq5" dev="devtmpfs" ino=132 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 179.058148][ T39] audit: type=1400 audit(1727898480.654:437): avc: denied { read write } for pid=8874 comm="syz.2.1243" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 179.068995][ T8880] 9pnet_fd: Insufficient options for proto=fd [ 179.070018][ T39] audit: type=1400 audit(1727898480.664:438): avc: denied { open } for pid=8874 comm="syz.2.1243" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 179.122430][ T8880] xt_CT: No such helper "snmp_trap" [ 179.908198][ T5345] Bluetooth: hci2: unexpected event for opcode 0x0c46 [ 179.987307][ T78] Bluetooth: hci4: Frame reassembly failed (-84) [ 179.989552][ T217] Bluetooth: hci4: Frame reassembly failed (-84) [ 180.199378][ T39] audit: type=1400 audit(1727898481.794:439): avc: denied { write } for pid=8913 comm="syz.0.1254" name="card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 180.199519][ T8914] 9pnet_fd: Insufficient options for proto=fd [ 180.289038][ T8921] 9pnet_fd: Insufficient options for proto=fd [ 180.329618][ T8921] xt_CT: No such helper "snmp_trap" [ 181.106132][ T39] audit: type=1400 audit(1727898482.704:440): avc: denied { create } for pid=8928 comm="syz.0.1260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 181.111601][ T39] audit: type=1400 audit(1727898482.714:441): avc: denied { bind } for pid=8928 comm="syz.0.1260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 181.225467][ T39] audit: type=1400 audit(1727898482.824:442): avc: denied { setopt } for pid=8941 comm="syz.1.1265" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 182.000107][ T5350] Bluetooth: hci4: command 0x1003 tx timeout [ 182.000199][ T5345] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 182.067419][ T8952] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1267'. [ 182.213665][ T8959] 9pnet_fd: Insufficient options for proto=fd [ 182.240443][ T8959] xt_CT: No such helper "snmp_trap" [ 182.310053][ T64] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 182.461983][ T64] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 182.464254][ T64] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 182.466906][ T64] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 182.469219][ T64] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.474242][ T64] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 182.476917][ T64] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 182.478959][ T64] usb 8-1: Product: syz [ 182.480437][ T64] usb 8-1: Manufacturer: syz [ 182.484447][ T64] cdc_wdm 8-1:1.0: skipping garbage [ 182.485844][ T64] cdc_wdm 8-1:1.0: skipping garbage [ 182.487846][ T64] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 182.489436][ T64] cdc_wdm 8-1:1.0: Unknown control protocol [ 182.730664][ T8968] FAULT_INJECTION: forcing a failure. [ 182.730664][ T8968] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 182.734288][ T8968] CPU: 2 UID: 0 PID: 8968 Comm: syz.2.1272 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 182.737174][ T8968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 182.740110][ T8968] Call Trace: [ 182.740999][ T8968] [ 182.741803][ T8968] dump_stack_lvl+0x16c/0x1f0 [ 182.743079][ T8968] should_fail_ex+0x497/0x5b0 [ 182.744336][ T8968] _copy_from_user+0x30/0xf0 [ 182.745576][ T8968] restore_altstack+0x94/0x170 [ 182.746849][ T8968] ? __pfx_restore_altstack+0x10/0x10 [ 182.748269][ T8968] ? _raw_spin_unlock_irq+0x23/0x50 [ 182.749663][ T8968] ? lockdep_hardirqs_on+0x7c/0x110 [ 182.751060][ T8968] ? _raw_spin_unlock_irq+0x2e/0x50 [ 182.752488][ T8968] ? set_current_blocked+0xdd/0x120 [ 182.753961][ T8968] __do_sys_rt_sigreturn+0x132/0x230 [ 182.755431][ T8968] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 182.757055][ T8968] ? rcu_is_watching+0x12/0xc0 [ 182.758403][ T8968] do_syscall_64+0xcd/0x250 [ 182.759689][ T8968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.761258][ T8968] RIP: 0033:0x7ff33df19959 [ 182.762452][ T8968] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 182.767459][ T8968] RSP: 002b:00007ff33ed87340 EFLAGS: 00000246 ORIG_RAX: 000000000000000f [ 182.769667][ T8968] RAX: ffffffffffffffda RBX: 00007ff33e135f80 RCX: 00007ff33df19959 [ 182.771904][ T8968] RDX: 00007ff33ed87340 RSI: 00007ff33ed87470 RDI: 0000000000000011 [ 182.774150][ T8968] RBP: 00007ff33ed88090 R08: 0000000000000000 R09: 0000000000000000 [ 182.776346][ T8968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 182.778690][ T8968] R13: 0000000000000000 R14: 00007ff33e135f80 R15: 00007ffd92aa9738 [ 182.780828][ T8968] [ 182.871888][ T64] usb 8-1: USB disconnect, device number 18 [ 183.223765][ T8980] SELinux: Context system_u:object_r:hald_keymap_exec_t:s0 is not valid (left unmapped). [ 183.227311][ T39] audit: type=1400 audit(1727898484.824:443): avc: denied { relabelto } for pid=8978 comm="syz.2.1275" name="file1" dev="tmpfs" ino=1851 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:hald_keymap_exec_t:s0" [ 183.234597][ T39] audit: type=1400 audit(1727898484.834:444): avc: denied { associate } for pid=8978 comm="syz.2.1275" name="file1" dev="tmpfs" ino=1851 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:hald_keymap_exec_t:s0" [ 183.285935][ T39] audit: type=1400 audit(1727898484.884:445): avc: denied { watch watch_reads } for pid=8978 comm="syz.2.1275" path="/proc/877/task" dev="proc" ino=21997 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 183.453952][ T8983] lo speed is unknown, defaulting to 1000 [ 183.455758][ T8983] lo speed is unknown, defaulting to 1000 [ 183.458988][ T8983] lo speed is unknown, defaulting to 1000 [ 183.464210][ T8983] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 183.469623][ T8983] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 183.484704][ T8983] lo speed is unknown, defaulting to 1000 [ 183.486936][ T8983] lo speed is unknown, defaulting to 1000 [ 183.489469][ T8983] lo speed is unknown, defaulting to 1000 [ 183.493874][ T8983] lo speed is unknown, defaulting to 1000 [ 183.495836][ T8983] lo speed is unknown, defaulting to 1000 [ 183.865416][ T39] audit: type=1400 audit(1727898485.464:446): avc: denied { unlink } for pid=5343 comm="syz-executor" name="file1" dev="tmpfs" ino=1851 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:hald_keymap_exec_t:s0" [ 184.438741][ T5345] Bluetooth: hci0: unexpected event for opcode 0x0c46 [ 184.509980][ T71] Bluetooth: hci4: Frame reassembly failed (-84) [ 184.623225][ T9000] FAULT_INJECTION: forcing a failure. [ 184.623225][ T9000] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 184.627072][ T9000] CPU: 3 UID: 0 PID: 9000 Comm: syz.1.1282 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 184.630009][ T9000] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 184.633196][ T9000] Call Trace: [ 184.634156][ T9000] [ 184.635050][ T9000] dump_stack_lvl+0x16c/0x1f0 [ 184.636376][ T9000] should_fail_ex+0x497/0x5b0 [ 184.637719][ T9000] _copy_from_iter+0x2a1/0x1540 [ 184.639068][ T9000] ? __pfx__copy_from_iter+0x10/0x10 [ 184.640555][ T9000] ? __virt_addr_valid+0x1a4/0x590 [ 184.642090][ T9000] ? __virt_addr_valid+0x5e/0x590 [ 184.643514][ T9000] ? __phys_addr_symbol+0x30/0x80 [ 184.644980][ T9000] ? __check_object_size+0x488/0x710 [ 184.646528][ T9000] netlink_sendmsg+0x813/0xd70 [ 184.647987][ T9000] ? __pfx_netlink_sendmsg+0x10/0x10 [ 184.649514][ T9000] ? __import_iovec+0x1fd/0x6e0 [ 184.650927][ T9000] ____sys_sendmsg+0xaaf/0xc90 [ 184.652395][ T9000] ? copy_msghdr_from_user+0x10b/0x160 [ 184.653944][ T9000] ? __pfx_____sys_sendmsg+0x10/0x10 [ 184.655461][ T9000] ? __pfx___lock_acquire+0x10/0x10 [ 184.656898][ T9000] ___sys_sendmsg+0x135/0x1e0 [ 184.658281][ T9000] ? __pfx____sys_sendmsg+0x10/0x10 [ 184.659783][ T9000] ? lock_acquire+0x2f/0xb0 [ 184.661058][ T9000] ? __fget_files+0x40/0x3f0 [ 184.662417][ T9000] ? fdget+0x176/0x210 [ 184.663572][ T9000] __sys_sendmsg+0x117/0x1f0 [ 184.664869][ T9000] ? __pfx___sys_sendmsg+0x10/0x10 [ 184.666273][ T9000] ? __fget_files+0x244/0x3f0 [ 184.667592][ T9000] do_syscall_64+0xcd/0x250 [ 184.668828][ T9000] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.670531][ T9000] RIP: 0033:0x7f3c8857dff9 [ 184.671760][ T9000] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 184.676906][ T9000] RSP: 002b:00007f3c893b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 184.679210][ T9000] RAX: ffffffffffffffda RBX: 00007f3c88735f80 RCX: 00007f3c8857dff9 [ 184.681342][ T9000] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000004 [ 184.683894][ T9000] RBP: 00007f3c893b7090 R08: 0000000000000000 R09: 0000000000000000 [ 184.686720][ T9000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 184.689545][ T9000] R13: 0000000000000000 R14: 00007f3c88735f80 R15: 00007ffdc0933a98 [ 184.692387][ T9000] [ 185.018774][ T5350] Bluetooth: hci2: unexpected event for opcode 0x0c46 [ 185.470841][ T9015] netlink: 'syz.0.1288': attribute type 4 has an invalid length. [ 185.472899][ T9015] netlink: 164 bytes leftover after parsing attributes in process `syz.0.1288'. [ 185.786299][ T9023] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1290'. [ 186.040064][ T831] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 186.192205][ T831] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 186.194651][ T831] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 186.197599][ T831] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 186.200181][ T831] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 186.204863][ T831] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 186.207419][ T831] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 186.209749][ T831] usb 5-1: Product: syz [ 186.210985][ T831] usb 5-1: Manufacturer: syz [ 186.214548][ T831] cdc_wdm 5-1:1.0: skipping garbage [ 186.215978][ T831] cdc_wdm 5-1:1.0: skipping garbage [ 186.218015][ T831] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 186.219594][ T831] cdc_wdm 5-1:1.0: Unknown control protocol [ 186.417554][ T30] usb 5-1: USB disconnect, device number 9 [ 186.560095][ T5340] Bluetooth: hci4: command 0x1003 tx timeout [ 186.560170][ T5345] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 186.711775][ T9034] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1294'. [ 187.120097][ T5345] Bluetooth: hci5: command 0x1003 tx timeout [ 187.120146][ T5350] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 187.187859][ T39] audit: type=1400 audit(1727898488.784:447): avc: denied { read write } for pid=9045 comm="syz.3.1299" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 187.193927][ T39] audit: type=1400 audit(1727898488.784:448): avc: denied { open } for pid=9045 comm="syz.3.1299" path="/308/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 187.776272][ T5350] Bluetooth: hci2: unexpected event for opcode 0x0c46 [ 187.818143][ T5350] Bluetooth: hci1: unexpected event for opcode 0x0c46 [ 188.078897][ T9068] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1306'. [ 188.082060][ T9068] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1306'. [ 188.993521][ T5340] Bluetooth: hci0: unexpected event for opcode 0x0c46 [ 189.920090][ T5345] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 189.920101][ T5350] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 189.921146][ T5350] Bluetooth: hci5: command 0x1003 tx timeout [ 190.367999][ T39] audit: type=1400 audit(1727898491.964:449): avc: denied { mount } for pid=9098 comm="syz.0.1316" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 190.472651][ T39] audit: type=1400 audit(1727898492.074:450): avc: denied { create } for pid=9103 comm="syz.2.1318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 190.478441][ T39] audit: type=1400 audit(1727898492.074:451): avc: denied { bind } for pid=9103 comm="syz.2.1318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 190.553159][ T9109] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1318'. [ 190.909226][ T39] audit: type=1400 audit(1727898492.504:452): avc: denied { unmount } for pid=5346 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 191.053146][ T39] audit: type=1400 audit(1727898492.654:453): avc: denied { mount } for pid=9123 comm="syz.2.1323" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 191.120321][ T5340] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 191.180915][ T5340] Bluetooth: hci1: unexpected event for opcode 0x0c46 [ 191.264485][ T39] audit: type=1400 audit(1727898492.864:454): avc: denied { bind } for pid=9137 comm="syz.0.1326" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 191.804085][ T39] audit: type=1400 audit(1727898493.404:455): avc: denied { connect } for pid=9144 comm="syz.2.1329" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 191.812282][ T39] audit: type=1400 audit(1727898493.414:456): avc: denied { setopt } for pid=9144 comm="syz.2.1329" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 192.269814][ T39] audit: type=1400 audit(1727898493.864:457): avc: denied { getopt } for pid=9169 comm="syz.2.1337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 192.292518][ T39] audit: type=1400 audit(1727898493.894:458): avc: denied { ioctl } for pid=9169 comm="syz.2.1337" path="socket:[24612]" dev="sockfs" ino=24612 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 192.320102][ T831] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 192.470410][ T831] usb 5-1: Using ep0 maxpacket: 16 [ 192.476411][ T831] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.479161][ T831] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 192.482112][ T831] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.485697][ T831] usb 5-1: config 0 descriptor?? [ 192.489248][ T831] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input7 [ 192.495816][ T39] audit: type=1400 audit(1727898494.094:459): avc: denied { read } for pid=4819 comm="acpid" name="mouse2" dev="devtmpfs" ino=2570 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 192.503071][ T39] audit: type=1400 audit(1727898494.094:460): avc: denied { open } for pid=4819 comm="acpid" path="/dev/input/mouse2" dev="devtmpfs" ino=2570 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 192.662313][ T9188] net_ratelimit: 22 callbacks suppressed [ 192.662326][ T9188] openvswitch: netlink: Actions may not be safe on all matching packets [ 192.708123][ T4819] bcm5974 5-1:0.0: could not read from device [ 192.709882][ T39] audit: type=1400 audit(1727898494.304:461): avc: denied { shutdown } for pid=9190 comm="syz.3.1344" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 192.718454][ T4819] bcm5974 5-1:0.0: could not read from device [ 192.721244][ T831] usb 5-1: USB disconnect, device number 10 [ 192.727085][ T4819] bcm5974 5-1:0.0: could not read from device [ 192.781044][ T39] audit: type=1400 audit(1727898494.384:462): avc: denied { getopt } for pid=9192 comm="syz.2.1345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 193.280071][ T5340] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 193.280541][ T5345] Bluetooth: hci4: command 0x1003 tx timeout [ 193.290985][ T9206] input: syz1 as /devices/virtual/input/input8 [ 193.304897][ T39] audit: type=1400 audit(1727898494.904:463): avc: denied { ioctl } for pid=4819 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2577 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 193.610715][ T39] audit: type=1400 audit(1727898495.214:464): avc: denied { read } for pid=9224 comm="syz.3.1355" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 193.616988][ T39] audit: type=1400 audit(1727898495.214:465): avc: denied { open } for pid=9224 comm="syz.3.1355" path="/dev/ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 193.675875][ T39] audit: type=1400 audit(1727898495.274:466): avc: denied { bind } for pid=9226 comm="syz.2.1356" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 193.930009][ T9233] FAULT_INJECTION: forcing a failure. [ 193.930009][ T9233] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 193.934650][ T9233] CPU: 3 UID: 0 PID: 9233 Comm: syz.1.1358 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 193.938527][ T9233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 193.941830][ T9233] Call Trace: [ 193.942710][ T9233] [ 193.943488][ T9233] dump_stack_lvl+0x16c/0x1f0 [ 193.944748][ T9233] should_fail_ex+0x497/0x5b0 [ 193.946012][ T9233] ? fs_reclaim_acquire+0xae/0x160 [ 193.947357][ T9233] should_fail_alloc_page+0xe7/0x130 [ 193.948737][ T9233] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 193.950540][ T9233] __alloc_pages_noprof+0x190/0x25c0 [ 193.952500][ T9233] ? copy_splice_read+0x1a8/0xb90 [ 193.954388][ T9233] ? stack_trace_save+0x95/0xd0 [ 193.956192][ T9233] ? __pfx_stack_trace_save+0x10/0x10 [ 193.958185][ T9233] ? do_sendfile+0xb0c/0xe40 [ 193.959905][ T9233] ? stack_depot_save_flags+0x28/0x8f0 [ 193.961660][ T9233] ? hlock_class+0x4e/0x130 [ 193.962899][ T9233] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 193.964550][ T9233] ? copy_splice_read+0x1a8/0xb90 [ 193.966330][ T9233] ? kasan_save_stack+0x33/0x60 [ 193.968121][ T9233] ? kasan_save_track+0x14/0x30 [ 193.969922][ T9233] ? __kasan_kmalloc+0xaa/0xb0 [ 193.971295][ T9233] ? __kmalloc_noprof+0x1e8/0x400 [ 193.972609][ T9233] ? copy_splice_read+0x1a8/0xb90 [ 193.973945][ T9233] ? do_splice_read+0x2bd/0x370 [ 193.975310][ T9233] ? splice_direct_to_actor+0x2a4/0xa40 [ 193.976765][ T9233] alloc_pages_bulk_noprof+0x77c/0x1110 [ 193.978271][ T9233] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 193.979843][ T9233] ? trace_kmalloc+0x2d/0xe0 [ 193.981206][ T9233] ? __kmalloc_noprof+0x207/0x400 [ 193.983073][ T9233] copy_splice_read+0x1e3/0xb90 [ 193.984880][ T9233] ? __pfx_copy_splice_read+0x10/0x10 [ 193.986761][ T9233] ? find_held_lock+0x2d/0x110 [ 193.988015][ T9233] ? splice_direct_to_actor+0x346/0xa40 [ 193.989772][ T9233] ? __pfx_shmem_file_splice_read+0x10/0x10 [ 193.991511][ T9233] do_splice_read+0x2bd/0x370 [ 193.992738][ T9233] splice_direct_to_actor+0x2a4/0xa40 [ 193.994155][ T9233] ? __pfx_direct_splice_actor+0x10/0x10 [ 193.995613][ T9233] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 193.997145][ T9233] ? __pfx___might_resched+0x10/0x10 [ 193.998529][ T9233] do_splice_direct+0x178/0x250 [ 193.999795][ T9233] ? __pfx_do_splice_direct+0x10/0x10 [ 194.001687][ T9233] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 194.002355][ T1379] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.004010][ T9233] do_sendfile+0xb0c/0xe40 [ 194.007357][ T9233] ? __pfx_do_sendfile+0x10/0x10 [ 194.009223][ T9233] ? __fget_files+0x244/0x3f0 [ 194.010793][ T9233] __x64_sys_sendfile64+0x1da/0x220 [ 194.012352][ T9233] ? ksys_write+0x1ad/0x260 [ 194.014075][ T9233] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 194.015839][ T9233] do_syscall_64+0xcd/0x250 [ 194.017216][ T9233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.019410][ T9233] RIP: 0033:0x7f3c8857dff9 [ 194.020836][ T9233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 194.027741][ T9233] RSP: 002b:00007f3c893b7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 194.030691][ T9233] RAX: ffffffffffffffda RBX: 00007f3c88735f80 RCX: 00007f3c8857dff9 [ 194.032732][ T9233] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 [ 194.034803][ T9233] RBP: 00007f3c893b7090 R08: 0000000000000000 R09: 0000000000000000 [ 194.036853][ T9233] R10: 00000000001000a3 R11: 0000000000000246 R12: 0000000000000002 [ 194.038935][ T9233] R13: 0000000000000000 R14: 00007f3c88735f80 R15: 00007ffdc0933a98 [ 194.041091][ T9233] [ 195.010113][ T5587] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 195.131380][ T9268] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 195.134472][ T9268] overlayfs: failed to set xattr on upper [ 195.136032][ T9268] overlayfs: ...falling back to redirect_dir=nofollow. [ 195.137858][ T9268] overlayfs: ...falling back to index=off. [ 195.139402][ T9268] overlayfs: ...falling back to uuid=null. [ 195.170652][ T5587] usb 7-1: Using ep0 maxpacket: 8 [ 195.173383][ T5587] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 195.175944][ T5587] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 195.178498][ T5587] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 195.182136][ T5587] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 195.185522][ T5587] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 195.187834][ T5587] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.395879][ T5587] usb 7-1: GET_CAPABILITIES returned 0 [ 195.397857][ T5587] usbtmc 7-1:16.0: can't read capabilities [ 195.418117][ T9280] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 195.605537][ T5587] usb 7-1: USB disconnect, device number 12 [ 195.688792][ T9296] kvm: apic: phys broadcast and lowest prio [ 195.698502][ T9300] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 195.700925][ T9300] overlayfs: failed to set xattr on upper [ 195.702546][ T9300] overlayfs: ...falling back to redirect_dir=nofollow. [ 195.704440][ T9300] overlayfs: ...falling back to index=off. [ 195.706017][ T9300] overlayfs: ...falling back to uuid=null. [ 195.712225][ T9300] FAULT_INJECTION: forcing a failure. [ 195.712225][ T9300] name failslab, interval 1, probability 0, space 0, times 0 [ 195.715876][ T9300] CPU: 3 UID: 0 PID: 9300 Comm: syz.0.1380 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 195.718703][ T9300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 195.721556][ T9300] Call Trace: [ 195.722452][ T9300] [ 195.723251][ T9300] dump_stack_lvl+0x16c/0x1f0 [ 195.724516][ T9300] should_fail_ex+0x497/0x5b0 [ 195.725797][ T9300] ? fs_reclaim_acquire+0xae/0x160 [ 195.727170][ T9300] should_failslab+0xc2/0x120 [ 195.728435][ T9300] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 195.729899][ T9300] ? vm_area_alloc+0x134/0x230 [ 195.731202][ T9300] vm_area_alloc+0x134/0x230 [ 195.732455][ T9300] mmap_region+0xf22/0x2a60 [ 195.733699][ T9300] ? __pfx_mmap_region+0x10/0x10 [ 195.735017][ T9300] ? avc_has_perm_noaudit+0x61/0x3a0 [ 195.736451][ T9300] ? bpf_lsm_mmap_addr+0x9/0x10 [ 195.737766][ T9300] ? security_mmap_addr+0x6c/0x1e0 [ 195.739118][ T9300] ? __get_unmapped_area+0x26b/0x3a0 [ 195.740463][ T9300] do_mmap+0xc00/0xfc0 [ 195.741524][ T9300] vm_mmap_pgoff+0x1ba/0x360 [ 195.742749][ T9300] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 195.744107][ T9300] ? __fget_files+0x244/0x3f0 [ 195.745381][ T9300] ksys_mmap_pgoff+0x32c/0x5c0 [ 195.746641][ T9300] ? __pfx_ksys_write+0x10/0x10 [ 195.747945][ T9300] __x64_sys_mmap+0x125/0x190 [ 195.749204][ T9300] do_syscall_64+0xcd/0x250 [ 195.750443][ T9300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.752010][ T9300] RIP: 0033:0x7fc90457dff9 [ 195.753214][ T9300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.758281][ T9300] RSP: 002b:00007fc9052f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 195.760487][ T9300] RAX: ffffffffffffffda RBX: 00007fc904735f80 RCX: 00007fc90457dff9 [ 195.762592][ T9300] RDX: 0000000000000001 RSI: 0000000000004000 RDI: 0000000020000000 [ 195.764687][ T9300] RBP: 00007fc9052f6090 R08: 0000000000000003 R09: 0000000000000000 [ 195.766782][ T9300] R10: 0000000000010012 R11: 0000000000000246 R12: 0000000000000001 [ 195.768867][ T9300] R13: 0000000000000000 R14: 00007fc904735f80 R15: 00007fff579fc568 [ 195.770966][ T9300] [ 195.796206][ T9302] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1381'. [ 195.840514][ T9306] 9pnet_virtio: no channels available for device syz [ 196.147269][ T9323] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1388'. [ 196.217269][ T11] Bluetooth: Error in BCSP hdr checksum [ 197.109071][ T9364] FAULT_INJECTION: forcing a failure. [ 197.109071][ T9364] name failslab, interval 1, probability 0, space 0, times 0 [ 197.112761][ T9364] CPU: 1 UID: 0 PID: 9364 Comm: syz.0.1401 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 197.115619][ T9364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 197.118357][ T9364] Call Trace: [ 197.119485][ T9364] [ 197.120416][ T9364] dump_stack_lvl+0x16c/0x1f0 [ 197.121887][ T9364] should_fail_ex+0x497/0x5b0 [ 197.123418][ T9364] should_failslab+0xc2/0x120 [ 197.124689][ T9364] __kmalloc_noprof+0xcb/0x400 [ 197.126133][ T9364] io_cqring_event_overflow+0xcb/0x6f0 [ 197.127595][ T9364] io_req_cqe_overflow+0x101/0x1e0 [ 197.128973][ T9364] __io_submit_flush_completions+0x8fc/0x1cc0 [ 197.130612][ T9364] io_submit_sqes+0xa76/0x2530 [ 197.131909][ T9364] __do_sys_io_uring_enter+0xc0f/0x1170 [ 197.133418][ T9364] ? __fget_files+0x244/0x3f0 [ 197.134687][ T9364] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 197.136288][ T9364] ? fput+0x30/0x390 [ 197.137351][ T9364] ? ksys_write+0x1ad/0x260 [ 197.138585][ T9364] ? __pfx_ksys_write+0x10/0x10 [ 197.139900][ T9364] do_syscall_64+0xcd/0x250 [ 197.141128][ T9364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.142714][ T9364] RIP: 0033:0x7fc90457dff9 [ 197.143910][ T9364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.148985][ T9364] RSP: 002b:00007fc9052f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 197.151176][ T9364] RAX: ffffffffffffffda RBX: 00007fc904735f80 RCX: 00007fc90457dff9 [ 197.153292][ T9364] RDX: 0000000000000000 RSI: 0000000000004866 RDI: 0000000000000007 [ 197.155401][ T9364] RBP: 00007fc9052f6090 R08: 0000000000000000 R09: 0000000000000000 [ 197.157512][ T9364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 197.159602][ T9364] R13: 0000000000000000 R14: 00007fc904735f80 R15: 00007fff579fc568 [ 197.161708][ T9364] [ 197.164231][ T9370] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1401'. [ 197.203784][ T9372] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1404'. [ 197.280222][ T9368] kvm: emulating exchange as write [ 197.427734][ T9376] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1405'. [ 198.137463][ T39] kauditd_printk_skb: 8 callbacks suppressed [ 198.137475][ T39] audit: type=1400 audit(1727898499.734:475): avc: denied { connect } for pid=9384 comm="syz.0.1408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 198.171919][ T9386] evm: overlay not supported [ 198.183170][ T39] audit: type=1400 audit(1727898499.784:476): avc: denied { write } for pid=9384 comm="syz.0.1408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 198.240222][ T5345] Bluetooth: hci4: command 0x1003 tx timeout [ 198.243730][ T5340] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 198.633584][ T9408] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1415'. [ 198.687852][ T9409] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1416'. [ 198.880037][ T9] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 199.041768][ T9] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 199.044081][ T9] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 199.046734][ T9] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 199.049154][ T9] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 199.053362][ T9] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 199.055731][ T9] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 199.057839][ T9] usb 7-1: Product: syz [ 199.058958][ T9] usb 7-1: Manufacturer: syz [ 199.062618][ T9] cdc_wdm 7-1:1.0: skipping garbage [ 199.064030][ T9] cdc_wdm 7-1:1.0: skipping garbage [ 199.066051][ T9] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 199.068050][ T9] cdc_wdm 7-1:1.0: Unknown control protocol [ 199.170027][ T829] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 199.266422][ T30] usb 7-1: USB disconnect, device number 13 [ 199.300111][ T829] usb 5-1: device descriptor read/64, error -71 [ 199.458096][ T9422] EXT4-fs warning (device sda1): __ext4_ioctl:1257: Setting inode version is not supported with metadata_csum enabled. [ 199.490439][ T9424] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1421'. [ 199.496647][ T9424] FAULT_INJECTION: forcing a failure. [ 199.496647][ T9424] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 199.501278][ T9424] CPU: 0 UID: 0 PID: 9424 Comm: syz.3.1421 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 199.504283][ T9424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 199.507128][ T9424] Call Trace: [ 199.508025][ T9424] [ 199.508816][ T9424] dump_stack_lvl+0x16c/0x1f0 [ 199.510138][ T9424] should_fail_ex+0x497/0x5b0 [ 199.511468][ T9424] _copy_from_user+0x30/0xf0 [ 199.512693][ T9424] input_event_from_user+0x134/0x3b0 [ 199.514105][ T9424] ? __pfx_input_event_from_user+0x10/0x10 [ 199.515636][ T9424] ? __pfx___might_resched+0x10/0x10 [ 199.517020][ T9424] ? input_inject_event+0x193/0x370 [ 199.518460][ T9424] evdev_write+0x377/0x750 [ 199.519710][ T9424] ? __pfx_evdev_write+0x10/0x10 [ 199.521124][ T9424] ? bpf_lsm_file_permission+0x9/0x10 [ 199.522562][ T9424] ? security_file_permission+0x71/0x210 [ 199.524092][ T9424] ? __pfx_evdev_write+0x10/0x10 [ 199.525419][ T9424] vfs_write+0x28e/0x1140 [ 199.526572][ T9424] ? __fget_files+0x23a/0x3f0 [ 199.527822][ T9424] ? __pfx_lock_release+0x10/0x10 [ 199.529143][ T9424] ? trace_lock_acquire+0x14a/0x1d0 [ 199.530618][ T9424] ? __pfx_vfs_write+0x10/0x10 [ 199.531882][ T9424] ? lock_acquire+0x2f/0xb0 [ 199.533082][ T9424] ? __fget_files+0x40/0x3f0 [ 199.534254][ T9424] ? __fget_files+0x244/0x3f0 [ 199.535501][ T9424] ksys_write+0x1fa/0x260 [ 199.536642][ T9424] ? __pfx_ksys_write+0x10/0x10 [ 199.537953][ T9424] do_syscall_64+0xcd/0x250 [ 199.539157][ T9424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.540910][ T9424] RIP: 0033:0x7f241a37dff9 [ 199.542104][ T9424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.547099][ T9424] RSP: 002b:00007f241b09b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 199.549285][ T9424] RAX: ffffffffffffffda RBX: 00007f241a535f80 RCX: 00007f241a37dff9 [ 199.551427][ T9424] RDX: 00000000000012d8 RSI: 0000000020000040 RDI: 000000000000000d [ 199.553506][ T9424] RBP: 00007f241b09b090 R08: 0000000000000000 R09: 0000000000000000 [ 199.555573][ T9424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 199.557640][ T9424] R13: 0000000000000000 R14: 00007f241a535f80 R15: 00007ffcafb07638 [ 199.559707][ T9424] [ 199.561615][ T829] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 199.690100][ T829] usb 5-1: device descriptor read/64, error -71 [ 199.800378][ T829] usb usb5-port1: attempt power cycle [ 200.140024][ T829] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 200.160424][ T829] usb 5-1: device descriptor read/8, error -71 [ 200.404322][ T829] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 200.420812][ T829] usb 5-1: device descriptor read/8, error -71 [ 200.532381][ T829] usb usb5-port1: unable to enumerate USB device [ 201.539145][ T39] audit: type=1400 audit(1727898503.134:477): avc: denied { connect } for pid=9440 comm="syz.2.1428" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 201.634842][ T9447] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 201.639843][ T39] audit: type=1400 audit(1727898503.234:478): avc: denied { write } for pid=9446 comm="syz.1.1431" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 201.958681][ T9465] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1434'. [ 201.961576][ T9463] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.1434'. [ 202.050209][ T39] audit: type=1400 audit(1727898503.644:479): avc: denied { read } for pid=9466 comm="syz.0.1436" name="usbmon7" dev="devtmpfs" ino=743 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 202.056154][ T39] audit: type=1400 audit(1727898503.654:480): avc: denied { open } for pid=9466 comm="syz.0.1436" path="/dev/usbmon7" dev="devtmpfs" ino=743 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 202.065324][ T39] audit: type=1400 audit(1727898503.664:481): avc: denied { ioctl } for pid=9466 comm="syz.0.1436" path="/dev/usbmon7" dev="devtmpfs" ino=743 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 202.335984][ T9475] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1437'. [ 202.590109][ T5587] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 202.678316][ T5340] Bluetooth: hci0: unexpected event for opcode 0x0c46 [ 202.678811][ T5345] Bluetooth: hci2: unexpected event for opcode 0x0c46 [ 202.771521][ T5587] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 202.773885][ T5587] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 202.776745][ T5587] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 202.779131][ T5587] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 202.783985][ T5587] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 202.786287][ T5587] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 202.788807][ T5587] usb 5-1: Product: syz [ 202.790065][ T5587] usb 5-1: Manufacturer: syz [ 202.806280][ T5587] cdc_wdm 5-1:1.0: skipping garbage [ 202.807831][ T5587] cdc_wdm 5-1:1.0: skipping garbage [ 202.816916][ T5587] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 202.818602][ T5587] cdc_wdm 5-1:1.0: Unknown control protocol [ 203.008198][ T35] usb 5-1: USB disconnect, device number 15 [ 204.154585][ T39] audit: type=1400 audit(1727898505.754:482): avc: denied { map } for pid=9498 comm="syz.1.1446" path="/dev/usbmon0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 204.163204][ T39] audit: type=1400 audit(1727898505.754:483): avc: denied { execute } for pid=9498 comm="syz.1.1446" path="/dev/usbmon0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 204.800050][ T5345] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 204.800112][ T5340] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 204.800161][ T5350] Bluetooth: hci4: command 0x1003 tx timeout [ 204.810566][ T5345] Bluetooth: hci5: command 0x1003 tx timeout [ 205.362453][ T39] audit: type=1400 audit(1727898506.964:484): avc: denied { append } for pid=9512 comm="syz.1.1452" name="iommu" dev="devtmpfs" ino=632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 205.362985][ T5340] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 205.368316][ T39] audit: type=1400 audit(1727898506.964:485): avc: denied { setattr } for pid=9512 comm="syz.1.1452" name="iommu" dev="devtmpfs" ino=632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 205.371151][ T5340] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 205.380898][ T39] audit: type=1400 audit(1727898506.974:486): avc: denied { ioctl } for pid=9505 comm="syz.0.1449" path="socket:[24456]" dev="sockfs" ino=24456 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 205.387298][ T39] audit: type=1400 audit(1727898506.984:487): avc: denied { getopt } for pid=9505 comm="syz.0.1449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 205.472585][ T39] audit: type=1400 audit(1727898507.074:488): avc: denied { create } for pid=9527 comm="syz.1.1456" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 205.691849][ T39] audit: type=1400 audit(1727898507.294:489): avc: denied { watch watch_reads } for pid=9538 comm="syz.2.1459" path="pipe:[2806]" dev="pipefs" ino=2806 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 205.774358][ T9540] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1458'. [ 205.797721][ T39] audit: type=1400 audit(1727898507.394:490): avc: denied { remount } for pid=9538 comm="syz.2.1459" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 205.804300][ T9541] ======================================================= [ 205.804300][ T9541] WARNING: The mand mount option has been deprecated and [ 205.804300][ T9541] and is ignored by this kernel. Remove the mand [ 205.804300][ T9541] option from the mount to silence this warning. [ 205.804300][ T9541] ======================================================= [ 205.810758][ T39] audit: type=1400 audit(1727898507.414:491): avc: denied { write } for pid=4816 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 206.191610][ T5340] Bluetooth: hci0: unexpected event for opcode 0x0c46 [ 206.253050][ T78] Bluetooth: hci4: Frame reassembly failed (-84) [ 207.408368][ T9580] netlink: 'syz.2.1469': attribute type 1 has an invalid length. [ 207.830043][ T9594] nbd1: detected capacity change from 0 to 12 [ 207.833274][ T9594] block nbd1: NBD_DISCONNECT [ 207.837930][ T5353] block nbd1: Send control failed (result -89) [ 207.839842][ T5353] block nbd1: Request send failed, requeueing [ 207.843310][ T5353] block nbd1: Disconnected due to user request. [ 207.846769][ T9594] block nbd1: Send disconnect failed -89 [ 207.850103][ T70] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 207.852740][ T70] Buffer I/O error on dev nbd1, logical block 0, async page read [ 207.855660][ T5353] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 207.858146][ T5353] Buffer I/O error on dev nbd1, logical block 0, async page read [ 207.860476][ T5353] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 207.862858][ T5353] Buffer I/O error on dev nbd1, logical block 0, async page read [ 207.864937][ T5353] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 207.867235][ T5353] Buffer I/O error on dev nbd1, logical block 0, async page read [ 207.869326][ T5353] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 207.871688][ T5353] Buffer I/O error on dev nbd1, logical block 0, async page read [ 207.873800][ T5353] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 207.876172][ T5353] Buffer I/O error on dev nbd1, logical block 0, async page read [ 207.878287][ T5353] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 207.880728][ T5353] Buffer I/O error on dev nbd1, logical block 0, async page read [ 207.882815][ T5353] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 207.885134][ T5353] Buffer I/O error on dev nbd1, logical block 0, async page read [ 207.887140][ T5353] ldm_validate_partition_table(): Disk read failed. [ 207.889126][ T5353] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 207.892433][ T5353] Buffer I/O error on dev nbd1, logical block 0, async page read [ 207.894546][ T5353] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 207.896781][ T5353] Buffer I/O error on dev nbd1, logical block 0, async page read [ 207.898970][ T5353] Dev nbd1: unable to read RDB block 0 [ 207.900668][ T5353] nbd1: unable to read partition table [ 207.902174][ T5353] nbd1: partition table beyond EOD, truncated [ 207.904764][ T9593] ldm_validate_partition_table(): Disk read failed. [ 207.906825][ T9593] Dev nbd1: unable to read RDB block 0 [ 207.909491][ T9593] nbd1: unable to read partition table [ 207.911426][ T9593] nbd1: partition table beyond EOD, truncated [ 207.913964][ T5353] ldm_validate_partition_table(): Disk read failed. [ 207.915935][ T5353] Dev nbd1: unable to read RDB block 0 [ 207.917504][ T5353] nbd1: unable to read partition table [ 207.918932][ T5353] nbd1: partition table beyond EOD, truncated [ 207.937061][ T9597] FAULT_INJECTION: forcing a failure. [ 207.937061][ T9597] name failslab, interval 1, probability 0, space 0, times 0 [ 207.941254][ T9597] CPU: 2 UID: 0 PID: 9597 Comm: syz.1.1474 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 207.943949][ T9597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 207.946692][ T9597] Call Trace: [ 207.947531][ T9597] [ 207.948307][ T9597] dump_stack_lvl+0x16c/0x1f0 [ 207.949566][ T9597] should_fail_ex+0x497/0x5b0 [ 207.950790][ T9597] ? fs_reclaim_acquire+0xae/0x160 [ 207.952082][ T9597] should_failslab+0xc2/0x120 [ 207.953338][ T9597] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 207.954739][ T9597] ? __kernfs_new_node+0xd3/0x890 [ 207.956009][ T9597] __kernfs_new_node+0xd3/0x890 [ 207.957237][ T9597] ? __pfx___kernfs_new_node+0x10/0x10 [ 207.958609][ T9597] ? __pfx___lock_acquire+0x10/0x10 [ 207.959956][ T9597] ? lock_acquire.part.0+0x11b/0x380 [ 207.961280][ T9597] ? find_held_lock+0x2d/0x110 [ 207.962484][ T9597] kernfs_new_node+0x186/0x240 [ 207.963726][ T9597] kernfs_create_link+0xcc/0x240 [ 207.965034][ T9597] sysfs_do_create_link_sd+0x90/0x140 [ 207.966467][ T9597] sysfs_create_link+0x61/0xc0 [ 207.967678][ T9597] device_add+0x50c/0x1a70 [ 207.968860][ T9597] ? rcu_is_watching+0x12/0xc0 [ 207.970127][ T9597] ? __pfx_device_add+0x10/0x10 [ 207.971413][ T9597] ? kstrdup+0x5c/0x70 [ 207.972662][ T9597] device_create_groups_vargs+0x1f8/0x270 [ 207.974193][ T9597] device_create+0xe9/0x130 [ 207.975400][ T9597] ? __pfx_device_create+0x10/0x10 [ 207.976751][ T9597] ? __pfx_vsnprintf+0x10/0x10 [ 207.978031][ T9597] bdi_register_va+0x116/0x820 [ 207.979293][ T9597] ? __pfx_bdi_register_va+0x10/0x10 [ 207.980773][ T9597] ? do_init_timer+0xc9/0x110 [ 207.982149][ T9597] super_setup_bdi_name+0x100/0x250 [ 207.983524][ T9597] ? __pfx_super_setup_bdi_name+0x10/0x10 [ 207.985028][ T9597] ? shrinker_register+0x1a8/0x260 [ 207.986375][ T9597] afs_get_tree+0xc1f/0x14c0 [ 207.987554][ T9597] ? security_capable+0x7e/0x260 [ 207.988855][ T9597] vfs_get_tree+0x8f/0x380 [ 207.990047][ T9597] path_mount+0x14e6/0x1f20 [ 207.991260][ T9597] ? kmem_cache_free+0x152/0x4b0 [ 207.992567][ T9597] ? __pfx_path_mount+0x10/0x10 [ 207.993894][ T9597] ? putname+0x12e/0x170 [ 207.995016][ T9597] __x64_sys_mount+0x294/0x320 [ 207.996285][ T9597] ? __pfx___x64_sys_mount+0x10/0x10 [ 207.997701][ T9597] do_syscall_64+0xcd/0x250 [ 207.998901][ T9597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.000382][ T9597] RIP: 0033:0x7f3c8857dff9 [ 208.001515][ T9597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 208.006379][ T9597] RSP: 002b:00007f3c893b7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 208.008538][ T9597] RAX: ffffffffffffffda RBX: 00007f3c88735f80 RCX: 00007f3c8857dff9 [ 208.010611][ T9597] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 208.012662][ T9597] RBP: 00007f3c893b7090 R08: 0000000020000400 R09: 0000000000000000 [ 208.014736][ T9597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 208.016798][ T9597] R13: 0000000000000000 R14: 00007f3c88735f80 R15: 00007ffdc0933a98 [ 208.018832][ T9597] [ 208.150007][ T9602] netlink: 184 bytes leftover after parsing attributes in process `syz.0.1476'. [ 208.152522][ T9602] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 208.330111][ T5340] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 208.332426][ T5345] Bluetooth: hci4: command 0x1003 tx timeout [ 209.465575][ T39] kauditd_printk_skb: 20 callbacks suppressed [ 209.465591][ T39] audit: type=1400 audit(1727898511.064:512): avc: denied { read } for pid=9627 comm="syz.2.1486" path="socket:[26739]" dev="sockfs" ino=26739 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 209.612039][ T39] audit: type=1400 audit(1727898511.214:513): avc: denied { execute } for pid=9634 comm="syz.2.1489" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=26753 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1 [ 209.796520][ T9651] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1491'. [ 209.839100][ T5340] Bluetooth: hci0: unexpected event for opcode 0x0c46 [ 209.918277][ T5345] Bluetooth: hci4: sending frame failed (-49) [ 209.922050][ T5340] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 210.040050][ T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 210.201198][ T9] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 210.203958][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 210.207255][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 210.210389][ T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 210.215144][ T9] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 210.217849][ T9] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 210.219861][ T9] usb 5-1: Product: syz [ 210.221192][ T9] usb 5-1: Manufacturer: syz [ 210.224637][ T9] cdc_wdm 5-1:1.0: skipping garbage [ 210.226211][ T9] cdc_wdm 5-1:1.0: skipping garbage [ 210.228528][ T9] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 210.230831][ T9] cdc_wdm 5-1:1.0: Unknown control protocol [ 210.429485][ T56] usb 5-1: USB disconnect, device number 16 [ 210.695826][ T39] audit: type=1400 audit(1727898512.294:514): avc: denied { unmount } for pid=5335 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 210.833378][ T5340] Bluetooth: hci0: ACL packet for unknown connection handle 201 [ 210.835418][ T5340] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 211.681262][ T39] audit: type=1400 audit(1727898513.284:515): avc: denied { append } for pid=9688 comm="syz.1.1504" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 211.681292][ T9689] random: crng reseeded on system resumption [ 211.859627][ T9689] syzkaller0: entered promiscuous mode [ 211.861530][ T9689] syzkaller0: entered allmulticast mode [ 211.917899][ T39] audit: type=1400 audit(1727898513.514:516): avc: denied { ioctl } for pid=9688 comm="syz.1.1504" path="/dev/snapshot" dev="devtmpfs" ino=98 ioctlcmd=0x3309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 212.739805][ T9710] FAULT_INJECTION: forcing a failure. [ 212.739805][ T9710] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 212.744923][ T9710] CPU: 2 UID: 0 PID: 9710 Comm: syz.0.1509 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 212.747702][ T9710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 212.750552][ T9710] Call Trace: [ 212.751432][ T9710] [ 212.752232][ T9710] dump_stack_lvl+0x16c/0x1f0 [ 212.753511][ T9710] should_fail_ex+0x497/0x5b0 [ 212.754775][ T9710] _copy_from_user+0x30/0xf0 [ 212.755973][ T9710] copy_msghdr_from_user+0x99/0x160 [ 212.757380][ T9710] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 212.758923][ T9710] ? hlock_class+0x4e/0x130 [ 212.760143][ T9710] ? __lock_acquire+0x163e/0x3ce0 [ 212.761449][ T9710] ___sys_sendmsg+0xff/0x1e0 [ 212.762691][ T9710] ? __pfx____sys_sendmsg+0x10/0x10 [ 212.764053][ T9710] ? __pfx___lock_acquire+0x10/0x10 [ 212.765435][ T9710] ? __pfx___might_resched+0x10/0x10 [ 212.766817][ T9710] ? __might_fault+0xe3/0x190 [ 212.768093][ T9710] __sys_sendmmsg+0x1a1/0x450 [ 212.769345][ T9710] ? __pfx___sys_sendmmsg+0x10/0x10 [ 212.770693][ T9710] ? vfs_write+0x14d/0x1140 [ 212.771892][ T9710] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 212.773495][ T9710] ? fput+0x30/0x390 [ 212.774416][ T9710] ? ksys_write+0x1ad/0x260 [ 212.775530][ T9710] ? __pfx_ksys_write+0x10/0x10 [ 212.776789][ T9710] __x64_sys_sendmmsg+0x9c/0x100 [ 212.778068][ T9710] ? lockdep_hardirqs_on+0x7c/0x110 [ 212.779396][ T9710] do_syscall_64+0xcd/0x250 [ 212.780567][ T9710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 212.782112][ T9710] RIP: 0033:0x7fc90457dff9 [ 212.783291][ T9710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 212.788034][ T9710] RSP: 002b:00007fc9052f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 212.790113][ T9710] RAX: ffffffffffffffda RBX: 00007fc904735f80 RCX: 00007fc90457dff9 [ 212.792131][ T9710] RDX: 0000000004000095 RSI: 0000000020005240 RDI: 0000000000000003 [ 212.794142][ T9710] RBP: 00007fc9052f6090 R08: 0000000000000000 R09: 0000000000000000 [ 212.796118][ T9710] R10: 000000000401eb94 R11: 0000000000000246 R12: 0000000000000002 [ 212.798187][ T9710] R13: 0000000000000000 R14: 00007fc904735f80 R15: 00007fff579fc568 [ 212.800201][ T9710] [ 212.801123][ C2] vkms_vblank_simulate: vblank timer overrun [ 213.077770][ T9701] netlink: 'syz.2.1507': attribute type 3 has an invalid length. [ 213.241602][ T9724] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1512'. [ 213.704856][ T9732] fuse: Bad value for 'fd' [ 213.997121][ T9724] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 213.999859][ T9724] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 214.001948][ T9724] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 214.123355][ T9745] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1522'. [ 214.177128][ T9756] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1519'. [ 214.360002][ T35] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 214.531173][ T35] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 214.533567][ T35] usb 5-1: config 1 has an invalid descriptor of length 243, skipping remainder of the config [ 214.536131][ T35] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 214.538389][ T35] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 214.543194][ T35] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 214.545600][ T35] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 214.547658][ T35] usb 5-1: Product: syz [ 214.548793][ T35] usb 5-1: Manufacturer: syz [ 214.552469][ T35] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 214.755126][ T35] usb 5-1: USB disconnect, device number 17 [ 215.065413][ T39] audit: type=1326 audit(1727898516.664:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9765 comm="syz.3.1527" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f241a37dff9 code=0x7fc00000 [ 215.121357][ T39] audit: type=1400 audit(1727898516.724:518): avc: denied { ioctl } for pid=9763 comm="syz.2.1526" path="socket:[26448]" dev="sockfs" ino=26448 ioctlcmd=0x89e4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 215.257704][ T9783] FAULT_INJECTION: forcing a failure. [ 215.257704][ T9783] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 215.261203][ T9783] CPU: 3 UID: 0 PID: 9783 Comm: syz.3.1532 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 215.263981][ T9783] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 215.266677][ T9783] Call Trace: [ 215.267522][ T9783] [ 215.268283][ T9783] dump_stack_lvl+0x16c/0x1f0 [ 215.269670][ T9783] should_fail_ex+0x497/0x5b0 [ 215.271080][ T9783] _copy_from_user+0x30/0xf0 [ 215.272443][ T9783] fscrypt_ioctl_get_key_status+0xd1/0x450 [ 215.273946][ T9783] ? __pfx_fscrypt_ioctl_get_key_status+0x10/0x10 [ 215.275662][ T9783] __ext4_ioctl+0x1a00/0x4630 [ 215.276977][ T9783] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 215.278593][ T9783] ? __pfx___ext4_ioctl+0x10/0x10 [ 215.279932][ T9783] ? do_vfs_ioctl+0x513/0x1990 [ 215.281240][ T9783] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 215.282565][ T9783] ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460 [ 215.284271][ T9783] ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460 [ 215.285989][ T9783] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 215.287896][ T9783] ? trace_lock_acquire+0x14a/0x1d0 [ 215.289235][ T9783] ? selinux_file_ioctl+0x180/0x270 [ 215.290733][ T9783] ? selinux_file_ioctl+0xb4/0x270 [ 215.292111][ T9783] ? __pfx_ext4_ioctl+0x10/0x10 [ 215.293364][ T9783] __x64_sys_ioctl+0x18f/0x220 [ 215.294582][ T9783] do_syscall_64+0xcd/0x250 [ 215.295759][ T9783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.297471][ T9783] RIP: 0033:0x7f241a37dff9 [ 215.298659][ T9783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.303852][ T9783] RSP: 002b:00007f241b09b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 215.306127][ T9783] RAX: ffffffffffffffda RBX: 00007f241a535f80 RCX: 00007f241a37dff9 [ 215.308213][ T9783] RDX: 0000000020000180 RSI: 00000000c080661a RDI: 0000000000000008 [ 215.310280][ T9783] RBP: 00007f241b09b090 R08: 0000000000000000 R09: 0000000000000000 [ 215.312240][ T9783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.314224][ T9783] R13: 0000000000000000 R14: 00007f241a535f80 R15: 00007ffcafb07638 [ 215.316232][ T9783] [ 215.369971][ T5340] Bluetooth: hci0: command 0x0419 tx timeout [ 215.957105][ T39] audit: type=1400 audit(1727898517.554:519): avc: denied { write } for pid=9801 comm="syz.2.1538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 216.090119][ T5340] Bluetooth: hci2: command 0x0c1a tx timeout [ 216.090152][ T5345] Bluetooth: hci1: command 0x0c1a tx timeout [ 216.478311][ T5345] Bluetooth: hci0: unexpected event for opcode 0x0c46 [ 216.549044][ T5340] Bluetooth: hci4: sending frame failed (-49) [ 216.551387][ T5345] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 217.163511][ T9832] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1547'. [ 217.185175][ T39] audit: type=1400 audit(1727898518.784:520): avc: denied { write } for pid=9830 comm="syz.1.1547" name="/" dev="9p" ino=35921930 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 217.191005][ T39] audit: type=1400 audit(1727898518.784:521): avc: denied { add_name } for pid=9830 comm="syz.1.1547" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 217.196383][ T39] audit: type=1400 audit(1727898518.794:522): avc: denied { create } for pid=9830 comm="syz.1.1547" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 217.204706][ T39] audit: type=1400 audit(1727898518.794:523): avc: denied { associate } for pid=9830 comm="syz.1.1547" name="bus" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 217.211963][ T39] audit: type=1400 audit(1727898518.804:524): avc: denied { write open } for pid=9830 comm="syz.1.1547" path="/373/file0/bus" dev="9p" ino=35922835 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 217.218482][ T39] audit: type=1400 audit(1727898518.814:525): avc: denied { read } for pid=9830 comm="syz.1.1547" name="bus" dev="9p" ino=35922835 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 217.224777][ T39] audit: type=1804 audit(1727898518.814:526): pid=9832 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.1547" name="/newroot/373/file0/bus" dev="9p" ino=35922835 res=1 errno=0 [ 217.373390][ T9853] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1549'. [ 217.387278][ T9849] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket pid=9849 comm=syz.3.1551 [ 217.580096][ T9860] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 217.581793][ T9860] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 217.583414][ T9860] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 217.624994][ T9870] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1558'. [ 217.630066][ T829] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 217.635281][ T9870] capability: warning: `syz.1.1558' uses deprecated v2 capabilities in a way that may be insecure [ 217.668684][ T9874] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1555'. [ 217.794252][ T829] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 217.796776][ T829] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 217.799404][ T829] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 217.802421][ T829] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.807051][ T829] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 217.809422][ T829] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 217.815641][ T829] usb 7-1: Product: syz [ 217.816764][ T829] usb 7-1: Manufacturer: syz [ 217.820224][ T829] cdc_wdm 7-1:1.0: skipping garbage [ 217.821679][ T829] cdc_wdm 7-1:1.0: skipping garbage [ 217.823665][ T829] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 217.825262][ T829] cdc_wdm 7-1:1.0: Unknown control protocol [ 217.920355][ T35] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 218.026697][ T56] usb 7-1: USB disconnect, device number 14 [ 218.081709][ T35] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 218.084894][ T35] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 218.088552][ T35] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 218.092015][ T35] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.097233][ T35] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 218.100292][ T35] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 218.103167][ T35] usb 5-1: Product: syz [ 218.104572][ T35] usb 5-1: Manufacturer: syz [ 218.110284][ T35] cdc_wdm 5-1:1.0: skipping garbage [ 218.112047][ T35] cdc_wdm 5-1:1.0: skipping garbage [ 218.114877][ T35] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 218.117094][ T35] cdc_wdm 5-1:1.0: Unknown control protocol [ 218.312965][ T829] usb 5-1: USB disconnect, device number 18 [ 218.686883][ T9889] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 218.689430][ T9889] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 218.692119][ T9889] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 218.745895][ T9897] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket pid=9897 comm=syz.3.1568 [ 219.027159][ T9908] binder: 9907:9908 ioctl c0306201 0 returned -14 [ 219.089175][ T9908] binder: 9907:9908 ioctl 50009402 0 returned -22 [ 220.188884][ T9919] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 220.190864][ T9919] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 220.192596][ T9919] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 220.249647][ T9924] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket pid=9924 comm=syz.1.1578 [ 220.628627][ T9937] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 220.659798][ T39] audit: type=1400 audit(1727898522.254:527): avc: denied { execute } for pid=9935 comm="syz.0.1582" path="/dev/audio1" dev="devtmpfs" ino=1130 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 220.930666][ T39] audit: type=1400 audit(1727898522.534:528): avc: denied { 0x1000000 } for pid=9952 comm="syz.3.1588" path="socket:[25405]" dev="sockfs" ino=25405 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 220.938632][ T9953] cifs: Unknown parameter 'usrquota' [ 221.248632][ T9962] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1590'. [ 221.312644][ T9969] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket pid=9969 comm=syz.0.1591 [ 221.450151][ T5340] Bluetooth: hci0: command 0x0419 tx timeout [ 221.490166][ T56] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 221.652196][ T56] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 221.654531][ T56] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 221.657151][ T56] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 221.659476][ T56] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 221.665268][ T56] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 221.667638][ T56] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 221.669739][ T56] usb 8-1: Product: syz [ 221.674150][ T56] usb 8-1: Manufacturer: syz [ 221.710677][ T56] cdc_wdm 8-1:1.0: skipping garbage [ 221.712065][ T56] cdc_wdm 8-1:1.0: skipping garbage [ 221.714058][ T56] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 221.715612][ T56] cdc_wdm 8-1:1.0: Unknown control protocol [ 221.905168][ T56] usb 8-1: USB disconnect, device number 19 [ 222.117711][ T39] audit: type=1400 audit(1727898523.714:529): avc: denied { write } for pid=9993 comm="syz.0.1599" name="ip_vs_stats_percpu" dev="proc" ino=4026533128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 222.136759][ T9995] team0: mtu greater than device maximum [ 222.136927][ T39] audit: type=1400 audit(1727898523.734:530): avc: denied { ioctl } for pid=9993 comm="syz.0.1599" path="socket:[28896]" dev="sockfs" ino=28896 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 222.240033][ T5340] Bluetooth: hci2: command 0x0c1a tx timeout [ 222.240098][ T5345] Bluetooth: hci1: command 0x0c1a tx timeout [ 222.746180][ T9997] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket pid=9997 comm=syz.2.1600 [ 222.914812][T10001] tmpfs: Bad value for 'mpol' [ 223.525929][ T5345] Bluetooth: hci1: unexpected event for opcode 0x0c46 [ 223.580925][ T5340] Bluetooth: hci4: sending frame failed (-49) [ 223.583759][ T5345] Bluetooth: hci4: Opcode 0x1003 failed: -49 [ 223.921603][ T39] audit: type=1400 audit(1727898525.524:531): avc: denied { ioctl } for pid=10029 comm="syz.2.1610" path="/dev/ptyq9" dev="devtmpfs" ino=136 ioctlcmd=0x5420 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 224.238224][T10035] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket pid=10035 comm=syz.3.1611 [ 224.652256][ T35] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 224.800112][ T35] usb 8-1: Using ep0 maxpacket: 32 [ 224.803962][ T35] usb 8-1: config index 0 descriptor too short (expected 156, got 27) [ 224.806738][ T35] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 224.811717][ T35] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 224.815735][ T35] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 224.820776][ T35] usb 8-1: config 0 interface 0 has no altsetting 0 [ 224.826519][ T35] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 224.829565][ T35] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 224.832457][ T35] usb 8-1: Product: syz [ 224.833805][ T35] usb 8-1: Manufacturer: syz [ 224.835364][ T35] usb 8-1: SerialNumber: syz [ 224.838699][ T35] usb 8-1: config 0 descriptor?? [ 224.846661][ T35] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 224.851331][ T35] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 224.931295][T10063] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1620'. [ 225.180087][ T56] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 225.343496][ T56] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 225.345756][ T56] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 225.348330][ T56] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 225.350778][ T56] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 225.363264][ T56] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 225.365547][ T56] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 225.367585][ T56] usb 7-1: Product: syz [ 225.368780][ T56] usb 7-1: Manufacturer: syz [ 225.373900][ T56] cdc_wdm 7-1:1.0: skipping garbage [ 225.375261][ T56] cdc_wdm 7-1:1.0: skipping garbage [ 225.380635][ T56] cdc_wdm 7-1:1.0: cdc-wdm1: USB WDM device [ 225.382254][ T56] cdc_wdm 7-1:1.0: Unknown control protocol [ 225.417999][T10067] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23 sclass=netlink_route_socket pid=10067 comm=syz.0.1621 [ 225.575233][ T9] usb 7-1: USB disconnect, device number 15 [ 226.958155][ C3] [ 226.958966][ C3] ============================================ [ 226.960986][ C3] WARNING: possible recursive locking detected [ 226.962845][ C3] 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 Not tainted [ 226.965608][ C3] -------------------------------------------- [ 226.968449][ C3] swapper/3/0 is trying to acquire lock: [ 226.970323][ C3] ffffc900272810d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x36e/0x4b0 [ 226.973323][ C3] [ 226.973323][ C3] but task is already holding lock: [ 226.975852][ C3] ffffc900036290d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x36e/0x4b0 [ 226.978772][ C3] [ 226.978772][ C3] other info that might help us debug this: [ 226.981704][ C3] Possible unsafe locking scenario: [ 226.981704][ C3] [ 226.984044][ C3] CPU0 [ 226.984952][ C3] ---- [ 226.985932][ C3] lock(&rb->spinlock); [ 226.987282][ C3] lock(&rb->spinlock); [ 226.988655][ C3] [ 226.988655][ C3] *** DEADLOCK *** [ 226.988655][ C3] [ 226.991341][ C3] May be due to missing lock nesting notation [ 226.991341][ C3] [ 226.993907][ C3] 5 locks held by swapper/3/0: [ 226.995375][ C3] #0: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: ieee80211_rx_napi+0xa6/0x400 [ 226.998508][ C3] #1: ffff888049e28168 (&rdev->bss_lock){+.-.}-{2:2}, at: cfg80211_inform_single_bss_data+0x791/0x1de0 [ 227.001929][ C3] #2: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1c2/0x590 [ 227.004510][ C3] #3: ffffc900036290d8 (&rb->spinlock){-.-.}-{2:2}, at: __bpf_ringbuf_reserve+0x36e/0x4b0 [ 227.007328][ C3] #4: ffffffff8e1b8340 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run2+0x1c2/0x590 [ 227.009963][ C3] [ 227.009963][ C3] stack backtrace: [ 227.011612][ C3] CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.12.0-rc1-syzkaller-00031-ge32cde8d2bd7 #0 [ 227.014315][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 227.017196][ C3] Call Trace: [ 227.018091][ C3] [ 227.018862][ C3] dump_stack_lvl+0x116/0x1f0 [ 227.020109][ C3] print_deadlock_bug+0x2e3/0x410 [ 227.021784][ C3] __lock_acquire+0x2185/0x3ce0 [ 227.023104][ C3] ? __pfx___lock_acquire+0x10/0x10 [ 227.024474][ C3] ? hlock_class+0x4e/0x130 [ 227.025631][ C3] ? __lock_acquire+0xbdd/0x3ce0 [ 227.026950][ C3] lock_acquire.part.0+0x11b/0x380 [ 227.028325][ C3] ? __bpf_ringbuf_reserve+0x36e/0x4b0 [ 227.029725][ C3] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 227.031626][ C3] ? rcu_is_watching+0x12/0xc0 [ 227.033156][ C3] ? trace_lock_acquire+0x14a/0x1d0 [ 227.034572][ C3] ? __bpf_ringbuf_reserve+0x36e/0x4b0 [ 227.036030][ C3] ? lock_acquire+0x2f/0xb0 [ 227.037312][ C3] ? __bpf_ringbuf_reserve+0x36e/0x4b0 [ 227.038784][ C3] _raw_spin_lock_irqsave+0x3a/0x60 [ 227.040292][ C3] ? __bpf_ringbuf_reserve+0x36e/0x4b0 [ 227.041746][ C3] __bpf_ringbuf_reserve+0x36e/0x4b0 [ 227.043219][ C3] ? bpf_trace_run2+0x1c2/0x590 [ 227.044545][ C3] bpf_ringbuf_output+0x60/0xd0 [ 227.045901][ C3] bpf_prog_a3e2825f60354855+0x46/0x4a [ 227.047350][ C3] bpf_trace_run2+0x231/0x590 [ 227.048709][ C3] ? __pfx_bpf_trace_run2+0x10/0x10 [ 227.050167][ C3] ? __pfx_mark_lock+0x10/0x10 [ 227.051496][ C3] ? __pfx_stack_trace_save+0x10/0x10 [ 227.053051][ C3] ? stack_depot_save_flags+0x28/0x8f0 [ 227.054556][ C3] ? mark_lock+0xb5/0xc60 [ 227.055731][ C3] ? __pfx___bpf_trace_contention_end+0x10/0x10 [ 227.057464][ C3] __bpf_trace_contention_end+0xca/0x110 [ 227.058999][ C3] ? __pfx___bpf_trace_contention_end+0x10/0x10 [ 227.060706][ C3] ? __kmalloc_noprof+0x1e8/0x400 [ 227.062071][ C3] ? __pfx_mark_lock+0x10/0x10 [ 227.063293][ C3] ? ieee80211_bss_info_update+0x311/0xab0 [ 227.064799][ C3] ? hlock_class+0x4e/0x130 [ 227.065987][ C3] ? __lock_acquire+0x163e/0x3ce0 [ 227.067302][ C3] __traceiter_contention_end+0x5a/0xa0 [ 227.068715][ C3] trace_contention_end.constprop.0+0xea/0x170 [ 227.070332][ C3] __pv_queued_spin_lock_slowpath+0x27e/0xc90 [ 227.071889][ C3] ? __pfx_lockdep_stack_trace_count+0x10/0x10 [ 227.073481][ C3] ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10 [ 227.075149][ C3] do_raw_spin_lock+0x210/0x2c0 [ 227.076397][ C3] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 227.077777][ C3] ? lock_acquire+0x2f/0xb0 [ 227.078946][ C3] ? __bpf_ringbuf_reserve+0x36e/0x4b0 [ 227.080396][ C3] _raw_spin_lock_irqsave+0x42/0x60 [ 227.081785][ C3] ? __bpf_ringbuf_reserve+0x36e/0x4b0 [ 227.083148][ C3] __bpf_ringbuf_reserve+0x36e/0x4b0 [ 227.084500][ C3] bpf_ringbuf_reserve+0x57/0x90 [ 227.085782][ C3] bpf_prog_9efe54833449f08e+0x2e/0x48 [ 227.087169][ C3] bpf_trace_run2+0x231/0x590 [ 227.088355][ C3] ? __pfx_bpf_trace_run2+0x10/0x10 [ 227.089672][ C3] ? ieee80211_inform_bss+0x76e/0x1100 [ 227.091091][ C3] ? cfg80211_update_known_bss+0x3c0/0x11e0 [ 227.092634][ C3] kfree+0x258/0x4b0 [ 227.093680][ C3] ? mark_held_locks+0x9f/0xe0 [ 227.094934][ C3] ieee80211_inform_bss+0x76e/0x1100 [ 227.096310][ C3] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 227.097784][ C3] ? lock_acquire+0x2f/0xb0 [ 227.098976][ C3] ? cfg80211_inform_single_bss_data+0x791/0x1de0 [ 227.100668][ C3] ? __pfx_ieee80211_inform_bss+0x10/0x10 [ 227.102244][ C3] cfg80211_inform_single_bss_data+0x8f6/0x1de0 [ 227.104033][ C3] ? stack_access_ok+0xd9/0x200 [ 227.105548][ C3] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 227.107388][ C3] ? mark_lock+0xb5/0xc60 [ 227.108542][ C3] ? stack_trace_save+0x95/0xd0 [ 227.109860][ C3] ? hlock_class+0x4e/0x130 [ 227.111178][ C3] ? mark_lock+0xb5/0xc60 [ 227.112318][ C3] ? cfg80211_inform_bss_data+0x205/0x3ba0 [ 227.113866][ C3] cfg80211_inform_bss_data+0x205/0x3ba0 [ 227.115332][ C3] ? mark_lock+0xb5/0xc60 [ 227.116461][ C3] ? __pfx_mark_lock+0x10/0x10 [ 227.117719][ C3] ? hlock_class+0x4e/0x130 [ 227.118907][ C3] ? mark_lock+0xb5/0xc60 [ 227.120023][ C3] ? unwind_next_frame+0x38a/0x20c0 [ 227.121402][ C3] ? common_startup_64+0x13e/0x148 [ 227.122736][ C3] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 227.124301][ C3] ? __pfx_mark_lock+0x10/0x10 [ 227.125638][ C3] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 227.127343][ C3] ? hlock_class+0x4e/0x130 [ 227.128522][ C3] ? __lock_acquire+0xbdd/0x3ce0 [ 227.129834][ C3] ? __pfx_mark_lock+0x10/0x10 [ 227.131100][ C3] ? lock_acquire.part.0+0x11b/0x380 [ 227.132475][ C3] ? find_held_lock+0x2d/0x110 [ 227.133769][ C3] ? ieee80211_bss_info_update+0x2cb/0xab0 [ 227.135302][ C3] cfg80211_inform_bss_frame_data+0x271/0x7a0 [ 227.136888][ C3] ieee80211_bss_info_update+0x311/0xab0 [ 227.138371][ C3] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 227.139981][ C3] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 227.141393][ C3] ? lock_acquire+0x2f/0xb0 [ 227.142569][ C3] ? ieee80211_get_channel_khz+0x14d/0x1e0 [ 227.144073][ C3] ieee80211_scan_rx+0x474/0xac0 [ 227.145229][ C3] ieee80211_rx_list+0x1be3/0x2e90 [ 227.146575][ C3] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 227.148017][ C3] ? lock_acquire.part.0+0x11b/0x380 [ 227.149416][ C3] ? lock_acquire+0x2f/0xb0 [ 227.150573][ C3] ? ieee80211_rx_napi+0xa6/0x400 [ 227.151936][ C3] ieee80211_rx_napi+0xdd/0x400 [ 227.153263][ C3] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 227.154637][ C3] ? lockdep_hardirqs_on+0x7c/0x110 [ 227.156005][ C3] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 227.157559][ C3] ieee80211_handle_queued_frames+0xd5/0x130 [ 227.159107][ C3] tasklet_action_common+0x24c/0x3e0 [ 227.160610][ C3] handle_softirqs+0x213/0x8f0 [ 227.161826][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 227.163196][ C3] irq_exit_rcu+0xbb/0x120 [ 227.164510][ C3] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 227.166258][ C3] [ 227.167115][ C3] [ 227.167848][ C3] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 227.169370][ C3] RIP: 0010:default_idle+0xf/0x20 [ 227.170671][ C3] Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 63 ba 44 00 fb f4 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [ 227.175626][ C3] RSP: 0018:ffffc900001a7e08 EFLAGS: 00000206 [ 227.177212][ C3] RAX: 00000000003190c9 RBX: 0000000000000003 RCX: ffffffff8b21cdd9 [ 227.179256][ C3] RDX: 0000000000000000 RSI: ffffffff8b6cd040 RDI: ffffffff8bd19d40 [ 227.181486][ C3] RBP: ffffed1003b5b488 R08: 0000000000000001 R09: ffffed100d527025 [ 227.183465][ C3] R10: ffff88806a93812b R11: 0000000000000000 R12: 0000000000000003 [ 227.185457][ C3] R13: ffff88801dada440 R14: ffffffff905f2b88 R15: 0000000000000000 [ 227.187428][ C3] ? ct_kernel_exit+0x139/0x190 [ 227.188764][ C3] default_idle_call+0x6d/0xb0 [ 227.190118][ C3] do_idle+0x32c/0x3f0 [ 227.191182][ C3] ? __pfx_do_idle+0x10/0x10 [ 227.192480][ C3] cpu_startup_entry+0x4f/0x60 [ 227.193715][ C3] start_secondary+0x222/0x2b0 [ 227.194977][ C3] ? __pfx_start_secondary+0x10/0x10 [ 227.196435][ C3] common_startup_64+0x13e/0x148 [ 227.197812][ C3] [ 227.198691][ C0] vkms_vblank_simulate: vblank timer overrun [ 227.810225][ T35] usb 8-1: USB disconnect, device number 20 [ 227.815303][ T35] ldusb 8-1:0.0: LD USB Device #0 now disconnected VM DIAGNOSIS: 19:44:32 Registers: info registers vcpu 0 CPU#0 RAX=00000000005ef1ac RBX=0000000000000000 RCX=ffffffff8b21cdd9 RDX=ffffed100d4c7026 RSI=ffffffff8bd19cc0 RDI=ffffffff81647efc RBP=fffffbfff1bd2af8 RSP=ffffffff8de07e20 R8 =0000000000000000 R9 =ffffed100d4c7025 R10=ffff88806a63812b R11=ffffffff8b6f86c0 R12=0000000000000000 R13=ffffffff8de957c0 R14=ffffffff905f2b88 R15=0000000000000000 RIP=ffffffff8b21e1bf RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000200ba000 CR3=000000003139a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8200000085000000 02000004b7000000 08000003b7ffffff f800000207000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 9500000001000000 8500000000000004 b700000008000004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 07000000000000a2 bf00000000fff88a 7b00000000000008 b700000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 00000000000000c4 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000003 RCX=ffffffff813ca88e RDX=ffff88801dac4880 RSI=ffffffff813ca8ab RDI=0000000000000000 RBP=ffffc900036290c0 RSP=ffffc900008b06d8 R8 =0000000000000000 R9 =0000000000000003 R10=0000000000000003 R11=ffffffff8b6f76c0 R12=0000000000000003 R13=0000000000000003 R14=ffff88806a73fdc0 R15=fffff520006c5218 RIP=ffffffff813ca8ac RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000021000000 CR3=000000003139a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8200000085000000 02000004b7000000 08000003b7ffffff f800000207000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 9500000001000000 8500000000000004 b700000008000004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 07000000000000a2 bf00000000fff88a 7b00000000000008 b700000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 00000000000000c4 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88806a946a00 RCX=ffffffff8181686c RDX=ffff888020902440 RSI=ffffffff81816846 RDI=0000000000000005 RBP=0000000000000003 RSP=ffffc90000fdf998 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000000 R12=ffffed100d528d41 R13=0000000000000001 R14=ffff88806a946a08 R15=ffff88806a840100 RIP=ffffffff81816848 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fc44c7a9370 CR3=000000000df7c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=00000000000003ff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fc9045f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8200000085000000 02000004b7000000 08000003b7ffffff f800000207000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 9500000001000000 8500000000000004 b700000008000004 0008000f0010000a ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 07000000000000a2 bf00000000fff88a 7b00000000000008 b700000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001 0000000000000000 0000000000000000 00000000000000c4 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff850a6d05 RDI=ffffffff9aae1b80 RBP=ffffffff9aae1b40 RSP=ffffc900009076b0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=000000000000002d R14=ffffffff850a6ca0 R15=0000000000000000 RIP=ffffffff850a6d2f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f6ebe3b2440 CR3=00000000241ca000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=000000007ffbffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc0933e30 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3c885f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3c885f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3c885f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3c885f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3c885f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3c885f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000