last executing test programs: 8.970247687s ago: executing program 2 (id=1060): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xaa00, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) io_uring_setup(0x10004c2d, &(0x7f00000005c0)={0x0, 0x6e21, 0x10, 0x6, 0x2ec}) 8.84709318s ago: executing program 2 (id=1061): r0 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace(0xffffffffffffffff, r0) syz_pidfd_open(r0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="200c00002a00090000000000000000000400002c4d7896e24d0c00180008ac0f"], 0x20}, 0x1, 0x3000000}, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) listen(r3, 0x0) connect$rose(r3, &(0x7f0000000080)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, 0x0, [@null, @bcast, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default]}, 0x40) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$I2C(&(0x7f0000000000), 0x4, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000140), 0x4) bind$inet(0xffffffffffffffff, 0x0, 0x0) open(0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socket(0x40000000015, 0x5, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240), 0x208e24b) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e24, @remote}, 0x10) 8.207067662s ago: executing program 2 (id=1063): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0) io_setup(0x0, &(0x7f0000001380)) syz_open_procfs(0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) close(0xffffffffffffffff) io_submit(0x0, 0x0, &(0x7f00000000c0)) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x0, "449bab59"}, @global=@item_4={0x3, 0x1, 0x0, "a0e90dbe"}, @local=@item_4={0x3, 0x2, 0x0, "0f4399cb"}]}}, 0x0}, 0x0) r2 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) preadv(r2, &(0x7f0000002ac0)=[{&(0x7f00000025c0)=""/113, 0x71}], 0x1, 0x0, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4, 0xffffffffffffffff}, 0x4) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b704000008000000850000004900000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001c00)={r6, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76389e6a65585578f830e9000000", 0x0, 0x80000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_usb_control_io(r1, &(0x7f0000000280)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="0c00784f93addc59"], 0x0, 0x0, 0x0, 0x0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) close(0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@ipv4_newroute={0x34, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x2}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @RPL_IPTUNNEL_SRH={0xc, 0x1, {0x0, 0x8}}}]}, 0x34}}, 0x0) 6.904010514s ago: executing program 0 (id=1068): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) dup(r0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') creat(&(0x7f0000000240)='./bus\x00', 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10) r2 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, &(0x7f0000000040)=0xb, 0xffffffffffffffff, 0x0, 0x0, 0xe) r3 = userfaultfd(0x80801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x15d}) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0x48) prlimit64(0x0, 0x0, 0x0, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000340)={@private1}, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000100)={'syzkaller0\x00', 0x7101}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close(r3) bpf$PROG_LOAD(0x5, 0x0, 0x0) 5.42168932s ago: executing program 0 (id=1073): syz_open_procfs(0x0, 0x0) socket$unix(0x1, 0x5, 0x0) connect$nfc_raw(0xffffffffffffffff, 0x0, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth1\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000001c00010c000000000000000007000000", @ANYRES32=r2, @ANYBLOB="8000a2000a000200aaaaaaaaaabb000008000f"], 0x30}}, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) r5 = syz_io_uring_setup(0x10d, &(0x7f00000003c0), &(0x7f0000000380)=0x0, &(0x7f0000000180)=0x0) r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r8}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000000)=@framed={{}, [@printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}]}, &(0x7f0000000100)='GPL\x00'}, 0x90) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f00000001c0)={0x0, @initdev, @broadcast}, &(0x7f0000000280)=0xc) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r5, 0x3f70, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x0, 0x0, &(0x7f00000000c0)={0x0, 0x989680}, 0x0) socket$inet6(0xa, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) getpid() openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 5.147781028s ago: executing program 1 (id=1074): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[], 0x28}, 0x1, 0x8}, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e) socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r4 = getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) ioctl$SG_IO(r3, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @buffer={0x2, 0x40002, &(0x7f00000000c0)=""/81}, &(0x7f0000000380)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0) r7 = creat(&(0x7f0000000140)='./file0\x00', 0x0) close(r0) r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000200)=0xb0000) r9 = syz_open_dev$sg(&(0x7f00000000c0), 0x2, 0x0) ioctl$SG_IO(r9, 0x541b, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000280)={@local}) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000001200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB="2c3e72de0f1fe256476d45d4258936f800432cb0bef55cc88d1a439f7966030a370da8f3363dedffb8da3c4b63715266f564205b0762d0d78058109725c496e3aba5505538b0"]) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x0, 0x0, @ioapic={0x0, 0x0, 0xffffffff, 0x0, 0x0, [{}, {}, {0x0, 0x0, 0xfc}, {}, {}, {}, {}, {}, {0x0, 0x40}, {}, {}, {0x0, 0x2}]}}) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) 4.451652018s ago: executing program 0 (id=1075): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kvm_userspace_exit\x00', r2}, 0x10) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_VLAN(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001100000008000300", @ANYRES32=r6, @ANYBLOB="060028"], 0x24}}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kvm_userspace_exit\x00', r7}, 0x10) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) dup(r9) r10 = socket$alg(0x26, 0x5, 0x0) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180100000000000000000000bb810000850000006d00000085000000d000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='hrtimer_start\x00', r11}, 0x10) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x0) bind$alg(r10, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r12 = accept4(r10, 0x0, 0x0, 0x80800) r13 = accept4(r12, 0x0, 0x0, 0x0) sendmmsg$inet6(r13, &(0x7f0000003b80)=[{{0x0, 0xd, &(0x7f00000003c0)=[{&(0x7f00000000c0)="e6", 0x1}], 0x1, 0x0, 0x0, 0x7000000}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000440)='&', 0x23fff}], 0x1}, 0xff03}], 0x4000070, 0x8000) 3.51767723s ago: executing program 2 (id=1077): socket$netlink(0x10, 0x3, 0x0) r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x7fff, 0x2) r1 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0) r2 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r2, 0xc0305710, &(0x7f0000000040)={0x1, 0xff, 0x1f}) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) read$midi(r2, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a050600000000000000000100000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001405000d404600000014000000110001000000000084000a0000000000"], 0x6c}}, 0x0) sendmsg$NFT_MSG_GETSET(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x14, 0xa, 0xa, 0x101}, 0x14}}, 0x0) ioctl$SNDCTL_SEQ_PANIC(r3, 0x5100) ioctl$SNDCTL_SEQ_RESET(0xffffffffffffffff, 0x5100) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDCTL_SEQ_RESET(r5, 0x5100) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000640)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58) sendmsg$IPSET_CMD_GET_BYNAME(r4, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, 0xe, 0x6, 0x3, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20048001}, 0x24000000) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32", 0x8) r7 = accept$alg(r6, 0x0, 0x0) sendmsg$alg(r7, 0x0, 0x0) recvmsg(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000002540)=[{&(0x7f0000000080)=""/101, 0x65}], 0x1}, 0x0) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/ip_tables_names\x00') write$tun(r8, &(0x7f0000000100)={@void, @void, @x25={0x1, 0x0, 0xf3}}, 0x3) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r1, 0xc1004111, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x2c, 0x3b, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@typed={0x4}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x88G'}, @typed={0x8, 0xf, 0x0, 0x0, @pid}]}]}, 0x2c}}, 0x0) 3.170904745s ago: executing program 3 (id=1079): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xaa00, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f0000001980)={{'\x00', 0x3}, {0x7}, 0x1de, 0x0, 0x0, &(0x7f0000001900)='./file1/file4/file7\x00', 0x0, &(0x7f0000000640)="c7d6d416541c380d4d2dbb9bb1c39df1114ecbdc9792e3a688c89c778112cf4a553478124e80c86d0f365157b44965dde1a14d22c0346581333da3d28b8c824f479055384e883dce863329dae8ebb96c382deb9f69653ad20eec7a1569ec97d8f972f0cd22dfc2cb7cd7d6033cfd3c1865d45358132860fd42498ff3a73a7999f8ace22802000292b6e419a6018508d840db35328bf5dae244e2028cdb0f2ab834dfa2dd22ab20fcef80e894c9310fb6f7e74c25c2d9526bffe5beff62e89d67be99ee1c2f2fc9b42f1562d5d8146dd981468f1815c3fb27fe2ef0ea22084490c87b898533ce7e6fddd3218d6a396fc47fec", 0xf2, 0x0, &(0x7f0000002c00)=ANY=[@ANYRES64=r1], 0x10f2}) chdir(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) io_uring_setup(0x10004c2d, &(0x7f00000005c0)={0x0, 0x6e21, 0x10, 0x6, 0x2ec}) socket$nl_netfilter(0x10, 0x3, 0xc) open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x100) r4 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setsig(r4, 0xa, 0x21) fcntl$setlease(r4, 0x400, 0x1) acct(&(0x7f0000000040)='./file0\x00') r5 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000000), 0x2503, 0x0) r6 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) ioctl$CEC_ADAP_G_CONNECTOR_INFO(r6, 0x8044610a, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(r5, 0xc008640a, &(0x7f0000000140)) 2.935987772s ago: executing program 1 (id=1080): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_80211_inject_frame(0x0, 0x0, 0x33) r0 = socket$packet(0x11, 0x0, 0x300) r1 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, 0x0, 0x0) r2 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$inet_int(r2, 0x0, 0x13, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x40000, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0) r4 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x0) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x0) ioctl$UI_DEV_CREATE(r4, 0x5501) preadv(r3, &(0x7f0000003780)=[{&(0x7f0000001300)=""/170, 0xaa}], 0x1, 0xffff, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x1) ioctl$UI_SET_KEYBIT(r5, 0x40045565, 0xee) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="02030e00d3fc02000000ab5d71acedd7c9560385dcb1080084d7dc039806112405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @broadcast}, 0x14) 2.305875845s ago: executing program 1 (id=1081): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xaa00, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f0000001980)={{'\x00', 0x3}, {0x7}, 0x1de, 0x0, 0x0, &(0x7f0000001900)='./file1/file4/file7\x00', 0x0, &(0x7f0000000640)="c7d6d416541c380d4d2dbb9bb1c39df1114ecbdc9792e3a688c89c778112cf4a553478124e80c86d0f365157b44965dde1a14d22c0346581333da3d28b8c824f479055384e883dce863329dae8ebb96c382deb9f69653ad20eec7a1569ec97d8f972f0cd22dfc2cb7cd7d6033cfd3c1865d45358132860fd42498ff3a73a7999f8ace22802000292b6e419a6018508d840db35328bf5dae244e2028cdb0f2ab834dfa2dd22ab20fcef80e894c9310fb6f7e74c25c2d9526bffe5beff62e89d67be99ee1c2f2fc9b42f1562d5d8146dd981468f1815c3fb27fe2ef0ea22084490c87b898533ce7e6fddd3218d6a396fc47fec", 0xf2, 0x0, &(0x7f0000002c00)=ANY=[@ANYRES64=r1], 0x10f2}) chdir(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) r4 = io_uring_setup(0x10004c2d, &(0x7f00000005c0)={0x0, 0x6e21, 0x10, 0x6, 0x2ec}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x100) r5 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setsig(r5, 0xa, 0x21) fcntl$setlease(r5, 0x400, 0x1) acct(&(0x7f0000000040)='./file0\x00') r6 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000000), 0x2503, 0x0) r7 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) ioctl$CEC_ADAP_G_CONNECTOR_INFO(r7, 0x8044610a, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(r6, 0xc008640a, &(0x7f0000000140)) 2.305201832s ago: executing program 0 (id=1082): r0 = socket$packet(0x11, 0x0, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000050000000c00018008000100", @ANYRES32=r3, @ANYBLOB="c29569c1f28728fef4f2459e38521391445ea26a96bc5a7c9dc30e310c687d42b7194624f9289c9ff3c2632992ec766bea1b55608baa235a1c558cf234c3b1a0fbf6f187ae22589c5c77e00322b9b6d131bfde305afa070000003ae64015c19b3228e21c1f21010db1986326c32b3a5fee10c4661fe75ece21785df7782777c18386bb77c2a4fe1cac0530a775ea23e50b7bd664e1e644e896ce3f95b52aeba96cc51d4cc2cf29430c4f2a933c7858e89c4cdf33924da876b4b74bacb334554849c22c352233346811"], 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x6, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0xfffffffc}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000100)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioprio_set$pid(0x1, 0x0, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/fib_triestat\x00') preadv(r6, &(0x7f00000001c0), 0x0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@cgroup, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x25}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, 0xd}, 0x90) writev(r0, &(0x7f0000000280)=[{&(0x7f00000001c0)="00a4b6ff20b707b432667f94092b65d834f036927945d2858cedb02e0efe5ab00eda52f3fd84e0d0d3132fc81aec8c8ef74489e36cd414929c9e56d8034e16f3bf47", 0x42}], 0x1) 2.177646353s ago: executing program 3 (id=1083): r0 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace(0xffffffffffffffff, r0) syz_pidfd_open(r0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="200c00002a00090000000000000000000400002c4d7896e24d0c00180008ac0f"], 0x20}, 0x1, 0x3000000}, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) listen(r3, 0x0) connect$rose(r3, &(0x7f0000000080)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, 0x0, [@null, @bcast, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default]}, 0x40) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_open_dev$I2C(&(0x7f0000000000), 0x4, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000140), 0x4) bind$inet(0xffffffffffffffff, 0x0, 0x0) open(0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) socket(0x40000000015, 0x5, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e24, @remote}, 0x10) 1.909163967s ago: executing program 2 (id=1084): write$binfmt_aout(0xffffffffffffffff, 0x0, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) clock_nanosleep(0xfffffffa, 0x0, &(0x7f0000000080)={0x77359400}, &(0x7f0000000000)) socket$kcm(0x11, 0x5, 0x300) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)="11acbde55bda41fb1ddf074b11407ef543", 0x11}}, 0x0) recvmmsg(r3, &(0x7f0000000580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40010163, 0x0) 1.778954195s ago: executing program 2 (id=1085): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES64], 0x0) io_setup(0x0, &(0x7f0000001380)) syz_open_procfs(0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) close(0xffffffffffffffff) io_submit(0x0, 0x0, &(0x7f00000000c0)) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x0, "449bab59"}, @global=@item_4={0x3, 0x1, 0x0, "a0e90dbe"}, @local=@item_4={0x3, 0x2, 0x0, "0f4399cb"}]}}, 0x0}, 0x0) r2 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) preadv(r2, &(0x7f0000002ac0)=[{&(0x7f00000025c0)=""/113, 0x71}], 0x1, 0x0, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r4, 0xffffffffffffffff}, 0x4) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b704000008000000850000004900000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001c00)={r6, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76389e6a65585578f830e9000000", 0x0, 0x80000, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) syz_usb_control_io(r1, &(0x7f0000000280)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="0c00784f93addc59"], 0x0, 0x0, 0x0, 0x0}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) close(0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@ipv4_newroute={0x34, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x2}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @RPL_IPTUNNEL_SRH={0xc, 0x1, {0x0, 0x8}}}]}, 0x34}}, 0x0) 1.288110272s ago: executing program 0 (id=1086): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r3 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000080)={0x1d, r4, 0x2}, 0x18) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), r3) close_range(r3, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000040)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x12, r6, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x12, r6, 0x2000) 1.00899796s ago: executing program 1 (id=1087): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) io_uring_setup(0x10004c2d, &(0x7f00000005c0)={0x0, 0x6e21, 0x10, 0x6, 0x2ec}) 718.949124ms ago: executing program 1 (id=1088): write$binfmt_aout(0xffffffffffffffff, 0x0, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmsg$802154_raw(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)="11acbde55bda41fb1ddf074b11407ef543", 0x11}}, 0x0) recvmmsg(r3, &(0x7f0000000580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40010163, 0x0) 325.148426ms ago: executing program 3 (id=1089): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$sock(r0, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000004c0)="53fb7ce9bca5b4c6c82fb997acc6b0361e5c15be43144f1d9cb2f738c0dcd881c2bd734b3a0d3258", 0x28}, {&(0x7f0000001e40)}], 0x2}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000003c0)={@in={{0x2, 0x0, @local}}, 0x0, 0x0, 0x23, 0x0, "093f38050b94725997f7ff898a3f9ab16a8731bf2ce9e46bca4cef5a7c35015b7a97f697e89d86377518bf274943a186c89a051c531b5ad251ff1e26b7fe42b3eb4ddd4dc049ad87c56cd0c3628976cc"}, 0xd8) sendto$inet(r0, &(0x7f00000012c0)='\t', 0x100000, 0x11, 0x0, 0x0) 237.662571ms ago: executing program 0 (id=1090): madvise(&(0x7f000068f000/0x4000)=nil, 0x4000, 0x3) io_uring_setup(0x168e, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0), 0x0) mremap(&(0x7f0000241000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) mremap(&(0x7f000064e000/0x2000)=nil, 0x2000, 0x4000, 0x4, &(0x7f0000e07000/0x4000)=nil) move_pages(0x0, 0x1, &(0x7f0000000180)=[&(0x7f0000a7a000/0x3000)=nil], &(0x7f00000001c0)=[0x1], 0x0, 0x0) r0 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'pim6reg0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="580000001000010400"/20, @ANYRESOCT=r0, @ANYRESOCT], 0x58}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r1 = creat(&(0x7f00000002c0)='./file0\x00', 0xbc) r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) writev(r2, &(0x7f0000000140)=[{&(0x7f0000000000)="aa9ab403857461044dd84356f4ba577421ac54e2dc9965213b6309ab0c5aebe997d14b969dc9a9be3a02f6a729f4b4bfd489801c1e6688153703eb860e8d8d54b44169a4b4cb2a580307230a4e0ed419715f22b754b2df1157b522748cef4868b9ba2a22c4cbc6beb0efbf7fc13caff0ac290a04af60cd6d6324f121ec3840d06404e8a10652d4354bc11a533d935f84208aa036e7a84efa0daf4e56e817bfcaa8245f5fe26ee42ec21b17e67776f4f86fe3bd8c1e7914225f130983e628e1d0e4ab386ae879c5935f616e9361491b5c5c2c3d45e9050edbd54b73ea70b2700f9de295bd3487f9fa854748470cb4a82f75687177fe21e15f", 0xf8}], 0x1) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) mkdirat(r1, &(0x7f0000000200)='./file1\x00', 0x20) sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000b00)=ANY=[@ANYBLOB="140100002b00b99f000000000000000001"], 0x114}], 0x1}, 0x0) recvmsg(r3, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) write$binfmt_script(r1, &(0x7f0000000180), 0xb) setxattr$security_ima(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), &(0x7f0000000040)=@sha1={0x1, "ec322332d5e70f3a2311c5e605a0965a93ee8ad7"}, 0x15, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, &(0x7f0000000140)) ioctl$KVM_GET_PIT2(0xffffffffffffffff, 0x8070ae9f, &(0x7f0000000500)) 237.130765ms ago: executing program 1 (id=1091): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xaa00, 0x0) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) r1 = memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f0000001980)={{'\x00', 0x3}, {0x7}, 0x1de, 0x0, 0x0, &(0x7f0000001900)='./file1/file4/file7\x00', 0x0, &(0x7f0000000640)="c7d6d416541c380d4d2dbb9bb1c39df1114ecbdc9792e3a688c89c778112cf4a553478124e80c86d0f365157b44965dde1a14d22c0346581333da3d28b8c824f479055384e883dce863329dae8ebb96c382deb9f69653ad20eec7a1569ec97d8f972f0cd22dfc2cb7cd7d6033cfd3c1865d45358132860fd42498ff3a73a7999f8ace22802000292b6e419a6018508d840db35328bf5dae244e2028cdb0f2ab834dfa2dd22ab20fcef80e894c9310fb6f7e74c25c2d9526bffe5beff62e89d67be99ee1c2f2fc9b42f1562d5d8146dd981468f1815c3fb27fe2ef0ea22084490c87b898533ce7e6fddd3218d6a396fc47fec", 0xf2, 0x0, &(0x7f0000002c00)=ANY=[@ANYRES64=r1], 0x10f2}) chdir(0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) r4 = io_uring_setup(0x10004c2d, &(0x7f00000005c0)={0x0, 0x6e21, 0x10, 0x6, 0x2ec}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, 0x0, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x100) r5 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fcntl$setsig(r5, 0xa, 0x21) fcntl$setlease(r5, 0x400, 0x1) acct(&(0x7f0000000040)='./file0\x00') r6 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000000), 0x2503, 0x0) r7 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) ioctl$CEC_ADAP_G_CONNECTOR_INFO(r7, 0x8044610a, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(r6, 0xc008640a, &(0x7f0000000140)) 167.527872ms ago: executing program 3 (id=1092): bpf$BPF_PROG_TEST_RUN(0x10, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x3, 0x0, &(0x7f0000000300)="00ae00", 0x0, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffe}, 0x4c) r0 = mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000500)=ANY=[@ANYRES8, @ANYBLOB="336d1c1ae06eac1ea4f92cb3ce6a57a150fd6c52d94533b99983b0add54dfc2942d286ca087cd8bcce04fdbe69c52b4a69cb0c3b9c6a24f6e2c3b03c0cd066e7ef5cb2fd458be17e2673c154a99dce53922855b4430a32b2778bec27d602c6c582aa16fa40beb35085e1d41d43293e2af0de9f2e8ed33040", @ANYRES64=r0], 0x50}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r4, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8fcffffb702000005000000b70300000000000085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='rcu_utilization\x00'}, 0x10) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) r6 = eventfd(0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB, @ANYBLOB="000000000000000000001000000018000180140002006e657464657673696d3000000000000000000f"], 0x34}}, 0x0) ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f00000001c0)) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x2, 0x1, 0x0, &(0x7f0000000440)=""/92, &(0x7f0000000880)=""/67}) 145.265368ms ago: executing program 3 (id=1093): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) fsopen(&(0x7f00000001c0)='erofs\x00', 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x18}}, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040090}, 0x4000) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x14, 0x19, 0x0, 0x801}, 0x14}}, 0x0) 0s ago: executing program 3 (id=1094): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kvm_userspace_exit\x00', r2}, 0x10) r3 = socket$can_j1939(0x1d, 0x2, 0x7) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_SET_VLAN(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001100000008000300", @ANYRES32=r6, @ANYBLOB="060028"], 0x24}}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kvm_userspace_exit\x00', r7}, 0x10) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) dup(r9) r10 = socket$alg(0x26, 0x5, 0x0) r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180100000000000000000000bb810000850000006d00000085000000d000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='hrtimer_start\x00', r11}, 0x10) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x0) bind$alg(r10, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000000440)='\x00'/16, 0x10) r12 = accept4(r10, 0x0, 0x0, 0x80800) r13 = accept4(r12, 0x0, 0x0, 0x0) sendmmsg$inet6(r13, &(0x7f0000003b80)=[{{0x0, 0xd, &(0x7f00000003c0)=[{&(0x7f00000000c0)="e6", 0x1}], 0x1, 0x0, 0x0, 0x7000000}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000440)='&', 0x23fff}], 0x1}, 0xff03}], 0x4000070, 0x8000) kernel console output (not intermixed with test programs): f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 203.675549][ T7530] RSP: 002b:00007f7116ca4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 203.682873][ T7530] RAX: ffffffffffffffda RBX: 00007f7116106058 RCX: 00007f7115f779f9 [ 203.686453][ T7530] RDX: 00000000200006c0 RSI: 00000000c04064a0 RDI: 0000000000000006 [ 203.690445][ T7530] RBP: 00007f7116ca40a0 R08: 0000000000000000 R09: 0000000000000000 [ 203.693808][ T7530] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 203.697579][ T7530] R13: 000000000000006e R14: 00007f7116106058 R15: 00007ffedac30298 [ 203.701396][ T7530] [ 203.829413][ T5834] usb 5-1: USB disconnect, device number 16 [ 203.847872][ T7535] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 203.847872][ T7535] program syz.3.570 not setting count and/or reply_len properly [ 204.055856][ T39] audit: type=1400 audit(1722687474.082:539): avc: denied { read } for pid=7543 comm="syz.0.571" laddr=127.0.0.1 lport=41588 faddr=127.0.0.1 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 204.221465][ T7552] netlink: 24 bytes leftover after parsing attributes in process `syz.3.573'. [ 204.334004][ T7556] syz_tun: tun_net_xmit 86 [ 204.356265][ T39] audit: type=1400 audit(1722687474.382:540): avc: denied { write } for pid=7555 comm="syz.1.575" name="nvram" dev="devtmpfs" ino=633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 204.523502][ T10] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 204.718084][ T10] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 204.732604][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 204.739383][ T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 204.744565][ T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 204.750617][ T10] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 204.758180][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.764817][ T10] usb 7-1: config 0 descriptor?? [ 204.773673][ T7550] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 204.818986][ T39] audit: type=1400 audit(1722687474.842:541): avc: denied { getopt } for pid=7577 comm="syz.1.581" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 204.831310][ T7580] netlink: 24 bytes leftover after parsing attributes in process `syz.0.582'. [ 205.051776][ T7585] could not allocate digest TFM handle xcbc-aes-ce [ 205.129605][ T7595] openvswitch: netlink: Missing key (keys=20040, expected=100) [ 205.133122][ T7595] FAULT_INJECTION: forcing a failure. [ 205.133122][ T7595] name failslab, interval 1, probability 0, space 0, times 0 [ 205.153845][ T7595] CPU: 2 UID: 0 PID: 7595 Comm: syz.0.585 Not tainted 6.11.0-rc1-syzkaller-00272-g17712b7ea075 #0 [ 205.157913][ T7595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 205.161687][ T7595] Call Trace: [ 205.163039][ T7595] [ 205.164210][ T7595] dump_stack_lvl+0x16c/0x1f0 [ 205.174100][ T7595] should_fail_ex+0x497/0x5b0 [ 205.175949][ T7595] ? fs_reclaim_acquire+0xae/0x160 [ 205.177965][ T7595] should_failslab+0xc2/0x120 [ 205.179803][ T7595] kmem_cache_alloc_node_noprof+0x71/0x310 [ 205.182033][ T7595] ? __alloc_skb+0x2b1/0x380 [ 205.183842][ T7595] __alloc_skb+0x2b1/0x380 [ 205.185553][ T7595] ? __pfx___alloc_skb+0x10/0x10 [ 205.187471][ T7595] ? genl_rcv_msg+0x490/0x800 [ 205.189593][ T7595] ? genl_rcv_msg+0x4bd/0x800 [ 205.191543][ T7595] netlink_ack+0x164/0xb90 [ 205.193275][ T7595] netlink_rcv_skb+0x348/0x440 [ 205.195124][ T7595] ? __pfx_genl_rcv_msg+0x10/0x10 [ 205.197012][ T7595] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 205.199006][ T7595] ? down_read+0xc9/0x330 [ 205.200671][ T7595] ? __pfx_down_read+0x10/0x10 [ 205.202511][ T7595] ? netlink_deliver_tap+0x1ae/0xd90 [ 205.204615][ T7595] genl_rcv+0x28/0x40 [ 205.206149][ T7595] netlink_unicast+0x544/0x830 [ 205.207938][ T7595] ? __pfx_netlink_unicast+0x10/0x10 [ 205.209942][ T7595] netlink_sendmsg+0x8b8/0xd70 [ 205.211813][ T7595] ? __pfx_netlink_sendmsg+0x10/0x10 [ 205.213831][ T7595] ? __import_iovec+0x1fd/0x6e0 [ 205.215718][ T7595] ____sys_sendmsg+0xab5/0xc90 [ 205.217588][ T7595] ? copy_msghdr_from_user+0x10b/0x160 [ 205.219578][ T7595] ? __pfx_____sys_sendmsg+0x10/0x10 [ 205.221607][ T7595] ? find_held_lock+0x2d/0x110 [ 205.223506][ T7595] ? __pfx___lock_acquire+0x10/0x10 [ 205.225734][ T7595] ___sys_sendmsg+0x135/0x1e0 [ 205.227927][ T7595] ? __pfx____sys_sendmsg+0x10/0x10 [ 205.229993][ T7595] ? ksys_write+0x21c/0x260 [ 205.231705][ T7595] ? __fget_light+0x173/0x210 [ 205.233583][ T7595] __sys_sendmsg+0x117/0x1f0 [ 205.235372][ T7595] ? __pfx___sys_sendmsg+0x10/0x10 [ 205.237351][ T7595] do_syscall_64+0xcd/0x250 [ 205.239540][ T7595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.243836][ T7595] RIP: 0033:0x7f75ce1779f9 [ 205.247359][ T7595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.259958][ T7595] RSP: 002b:00007f75cef3b048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 205.263483][ T7595] RAX: ffffffffffffffda RBX: 00007f75ce305f80 RCX: 00007f75ce1779f9 [ 205.268267][ T7595] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 205.271432][ T7595] RBP: 00007f75cef3b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 205.274626][ T7595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.277686][ T7595] R13: 000000000000000b R14: 00007f75ce305f80 R15: 00007fff38999688 [ 205.280713][ T7595] [ 205.281977][ C2] vkms_vblank_simulate: vblank timer overrun [ 205.335639][ C3] syz_tun: tun_net_xmit 86 [ 205.621120][ C2] vkms_vblank_simulate: vblank timer overrun [ 205.646878][ T10] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving [ 205.682820][ T10] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 206.384147][ C3] syz_tun: tun_net_xmit 86 [ 206.801127][ C2] vkms_vblank_simulate: vblank timer overrun [ 207.011061][ T39] audit: type=1400 audit(1722687477.032:542): avc: denied { create } for pid=7614 comm="syz.1.588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 207.031333][ T39] audit: type=1400 audit(1722687477.032:543): avc: denied { ioctl } for pid=7614 comm="syz.1.588" path="socket:[19073]" dev="sockfs" ino=19073 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 207.324897][ T39] audit: type=1400 audit(1722687477.342:544): avc: denied { name_bind } for pid=7624 comm="syz.0.591" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 207.466772][ T7629] netlink: 24 bytes leftover after parsing attributes in process `syz.1.592'. [ 207.519170][ T7632] FAULT_INJECTION: forcing a failure. [ 207.519170][ T7632] name failslab, interval 1, probability 0, space 0, times 0 [ 207.525726][ T7632] CPU: 2 UID: 0 PID: 7632 Comm: syz.3.594 Not tainted 6.11.0-rc1-syzkaller-00272-g17712b7ea075 #0 [ 207.530090][ T7632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 207.535639][ T7632] Call Trace: [ 207.537082][ T7632] [ 207.538454][ T7632] dump_stack_lvl+0x16c/0x1f0 [ 207.540360][ T7632] should_fail_ex+0x497/0x5b0 [ 207.542265][ T7632] ? fs_reclaim_acquire+0xae/0x160 [ 207.544134][ T7632] should_failslab+0xc2/0x120 [ 207.546497][ T7632] __kmalloc_cache_noprof+0x6b/0x300 [ 207.548680][ T7632] ? copy_mount_options+0x55/0x190 [ 207.550658][ T7632] copy_mount_options+0x55/0x190 [ 207.552310][ T7632] __x64_sys_mount+0x1ad/0x320 [ 207.554313][ T7632] ? __pfx___x64_sys_mount+0x10/0x10 [ 207.556972][ T7632] do_syscall_64+0xcd/0x250 [ 207.559305][ T7632] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 207.562397][ T7632] RIP: 0033:0x7fe3bad779f9 [ 207.564608][ T7632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 207.575123][ T7632] RSP: 002b:00007fe3bbc2b048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 207.580141][ T7632] RAX: ffffffffffffffda RBX: 00007fe3baf05f80 RCX: 00007fe3bad779f9 [ 207.584092][ T7634] input: syz0 as /devices/virtual/input/input36 [ 207.584303][ T7632] RDX: 0000000020000200 RSI: 0000000020000180 RDI: 0000000000000000 [ 207.591342][ T7632] RBP: 00007fe3bbc2b0a0 R08: 0000000020006380 R09: 0000000000000000 [ 207.595359][ T7632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 207.599449][ T7632] R13: 000000000000000b R14: 00007fe3baf05f80 R15: 00007ffed87b6688 [ 207.604535][ T7632] [ 207.606393][ C2] vkms_vblank_simulate: vblank timer overrun [ 207.627630][ T7633] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 207.788902][ T7637] No control pipe specified [ 207.796383][ T7637] netlink: 16 bytes leftover after parsing attributes in process `syz.3.596'. [ 208.175955][ T832] usb 7-1: USB disconnect, device number 12 [ 208.371655][ C2] vkms_vblank_simulate: vblank timer overrun [ 208.553523][ T7656] netlink: 4 bytes leftover after parsing attributes in process `syz.1.603'. [ 208.592979][ T7658] netlink: 24 bytes leftover after parsing attributes in process `syz.3.604'. [ 208.833475][ T832] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 208.860621][ T7666] netlink: 'syz.3.605': attribute type 1 has an invalid length. [ 208.878676][ T7666] netlink: 9 bytes leftover after parsing attributes in process `syz.3.605'. [ 209.041373][ T832] usb 7-1: Using ep0 maxpacket: 8 [ 209.047907][ T832] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 209.051997][ T832] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 209.059910][ T832] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 209.064811][ T832] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 209.069139][ T832] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 209.075938][ T832] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 209.079485][ T832] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.129925][ T7668] input: syz0 as /devices/virtual/input/input38 [ 209.169783][ T7667] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 209.317895][ T832] usb 7-1: usb_control_msg returned -32 [ 209.320608][ T832] usbtmc 7-1:16.0: can't read capabilities [ 209.714417][ T7680] netlink: 4 bytes leftover after parsing attributes in process `syz.0.611'. [ 209.926652][ T39] audit: type=1400 audit(1722687479.952:545): avc: denied { read } for pid=7684 comm="syz.0.613" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 209.936490][ T39] audit: type=1400 audit(1722687479.962:546): avc: denied { open } for pid=7684 comm="syz.0.613" path="/159/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 210.395999][ T7694] netlink: 8 bytes leftover after parsing attributes in process `syz.3.614'. [ 210.408004][ T39] audit: type=1400 audit(1722687480.432:547): avc: denied { associate } for pid=7692 comm="syz.3.614" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 210.469216][ T39] audit: type=1400 audit(1722687480.492:548): avc: denied { lock } for pid=7692 comm="syz.3.614" path="/152/file0/file0" dev="9p" ino=36701576 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 210.485280][ T39] audit: type=1400 audit(1722687480.492:549): avc: denied { append } for pid=7692 comm="syz.3.614" name="file0" dev="9p" ino=36701576 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 210.500437][ T39] audit: type=1804 audit(1722687480.502:550): pid=7694 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.614" name="/newroot/152/file0/file0" dev="9p" ino=36701576 res=1 errno=0 [ 210.553585][ T39] audit: type=1400 audit(1722687480.572:551): avc: denied { append } for pid=7692 comm="syz.3.614" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 210.576120][ T39] audit: type=1400 audit(1722687480.572:552): avc: denied { ioctl } for pid=7692 comm="syz.3.614" path="/dev/ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 210.877398][ T7700] syzkaller1: entered promiscuous mode [ 210.879950][ T7700] syzkaller1: entered allmulticast mode [ 210.991681][ T7694] Process accounting resumed [ 210.992088][ T39] audit: type=1400 audit(1722687481.012:553): avc: denied { getattr } for pid=7692 comm="syz.3.614" name="/" dev="9p" ino=36701541 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 211.178534][ T7704] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 211.262072][ T39] audit: type=1400 audit(1722687481.282:554): avc: denied { bind } for pid=7708 comm="syz.3.620" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 211.432049][ T832] usb 7-1: USB disconnect, device number 13 [ 212.231361][ T7718] capability: warning: `syz.0.622' uses 32-bit capabilities (legacy support in use) [ 212.533599][ T5357] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 212.538854][ T5357] Bluetooth: hci0: Injecting HCI hardware error event [ 212.543212][ T5357] Bluetooth: hci0: hardware error 0x00 [ 212.972298][ T7736] netlink: 8 bytes leftover after parsing attributes in process `syz.3.627'. [ 213.581176][ T10] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 213.765532][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 213.777495][ T10] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 213.782725][ T10] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 213.808932][ T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 213.815502][ T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 213.833835][ T10] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 213.844465][ T10] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 213.851593][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.102050][ T10] usb 6-1: usb_control_msg returned -32 [ 214.123663][ T10] usbtmc 6-1:16.0: can't read capabilities [ 214.260906][ T833] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 214.373690][ T5348] Bluetooth: hci3: command 0x0405 tx timeout [ 214.465878][ T833] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 214.473188][ T833] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 214.487251][ T833] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 214.492101][ T833] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 214.499095][ T833] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 214.503361][ T833] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.512084][ T833] usb 8-1: config 0 descriptor?? [ 214.517378][ T7754] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 214.614062][ T5357] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 214.922439][ T7766] syz_tun: tun_net_xmit 62 [ 214.952350][ T833] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 214.960809][ T833] plantronics 0003:047F:FFFF.0013: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 215.551627][ T39] kauditd_printk_skb: 1 callbacks suppressed [ 215.551641][ T39] audit: type=1804 audit(1722687485.572:556): pid=7769 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.638" name="/newroot/110/bus/file0" dev="overlay" ino=659 res=1 errno=0 [ 215.558775][ T7769] FAULT_INJECTION: forcing a failure. [ 215.558775][ T7769] name failslab, interval 1, probability 0, space 0, times 0 [ 215.575528][ T7769] CPU: 3 UID: 0 PID: 7769 Comm: syz.2.638 Not tainted 6.11.0-rc1-syzkaller-00272-g17712b7ea075 #0 [ 215.580234][ T7769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 215.585601][ T7769] Call Trace: [ 215.587481][ T7769] [ 215.589191][ T7769] dump_stack_lvl+0x16c/0x1f0 [ 215.591798][ T7769] should_fail_ex+0x497/0x5b0 [ 215.594392][ T7769] ? fs_reclaim_acquire+0xae/0x160 [ 215.599043][ T7769] should_failslab+0xc2/0x120 [ 215.601732][ T7769] kmem_cache_alloc_node_noprof+0x71/0x310 [ 215.605308][ T7769] ? alloc_workqueue+0xca6/0x1c50 [ 215.607844][ T7769] alloc_workqueue+0xca6/0x1c50 [ 215.610553][ T7769] ? __pfx_alloc_workqueue+0x10/0x10 [ 215.613030][ T7769] ? ovl_path_realdata+0x202/0x290 [ 215.615399][ T7769] ? ovl_real_fdget_meta+0x2b5/0x720 [ 215.618274][ T7769] sb_init_dio_done_wq+0x28/0x80 [ 215.620989][ T7769] backing_file_write_iter+0x578/0x8a0 [ 215.623998][ T7769] ovl_write_iter+0x384/0x470 [ 215.626662][ T7769] ? __pfx_ovl_write_iter+0x10/0x10 [ 215.629955][ T7769] ? aio_write+0x6da/0x8e0 [ 215.632803][ T7769] ? __pfx_lock_release+0x10/0x10 [ 215.635983][ T7769] ? __pfx_ovl_file_modified+0x10/0x10 [ 215.639454][ T7769] aio_write+0x3c1/0x8e0 [ 215.642138][ T7769] ? __pfx_aio_write+0x10/0x10 [ 215.645196][ T7769] ? find_held_lock+0x2d/0x110 [ 215.648231][ T7769] ? __pfx___might_resched+0x10/0x10 [ 215.651581][ T7769] ? io_submit_one+0x11b6/0x1df0 [ 215.654725][ T7769] io_submit_one+0x11b6/0x1df0 [ 215.657795][ T7769] ? __pfx_io_submit_one+0x10/0x10 [ 215.661150][ T7769] ? __might_fault+0x13b/0x190 [ 215.664189][ T7769] ? __pfx_lock_release+0x10/0x10 [ 215.667368][ T7769] ? __might_fault+0xe3/0x190 [ 215.670164][ T7769] ? __x64_sys_io_submit+0x19d/0x330 [ 215.674250][ T7769] __x64_sys_io_submit+0x19d/0x330 [ 215.677664][ T7769] ? __pfx___x64_sys_io_submit+0x10/0x10 [ 215.681242][ T7769] ? xfd_validate_state+0x5d/0x180 [ 215.686293][ T7769] do_syscall_64+0xcd/0x250 [ 215.688958][ T7769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 215.692683][ T7769] RIP: 0033:0x7f7115f779f9 [ 215.695358][ T7769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.704316][ T7769] RSP: 002b:00007f7116cc5048 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 215.708271][ T7769] RAX: ffffffffffffffda RBX: 00007f7116105f80 RCX: 00007f7115f779f9 [ 215.711941][ T7769] RDX: 0000000020000700 RSI: 000000000000140b RDI: 00007f7116c9c000 [ 215.715766][ T7769] RBP: 00007f7116cc50a0 R08: 0000000000000000 R09: 0000000000000000 [ 215.719422][ T7769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 215.723774][ T7769] R13: 000000000000000b R14: 00007f7116105f80 R15: 00007ffedac30298 [ 215.728397][ T7769] [ 216.244679][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.349231][ T30] usb 6-1: USB disconnect, device number 16 [ 216.463971][ T7793] FAULT_INJECTION: forcing a failure. [ 216.463971][ T7793] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 216.470848][ T7793] CPU: 0 UID: 0 PID: 7793 Comm: syz.1.641 Not tainted 6.11.0-rc1-syzkaller-00272-g17712b7ea075 #0 [ 216.476905][ T7793] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 216.484075][ T7793] Call Trace: [ 216.486052][ T7793] [ 216.487683][ T7793] dump_stack_lvl+0x16c/0x1f0 [ 216.490790][ T7793] should_fail_ex+0x497/0x5b0 [ 216.493765][ T7793] _copy_to_user+0x30/0xc0 [ 216.496247][ T7793] simple_read_from_buffer+0xd0/0x160 [ 216.499599][ T7793] proc_fail_nth_read+0x1b0/0x290 [ 216.502968][ T7793] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 216.507923][ T7793] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 216.511918][ T7793] vfs_read+0x1d4/0xbd0 [ 216.514548][ T7793] ? __fdget_pos+0xeb/0x180 [ 216.517104][ T7793] ? __pfx_vfs_read+0x10/0x10 [ 216.519465][ T7793] ? __pfx___mutex_lock+0x10/0x10 [ 216.522500][ T7793] ? __fget_files+0x256/0x400 [ 216.525511][ T7793] ksys_read+0x12f/0x260 [ 216.527558][ T7793] ? __pfx_ksys_read+0x10/0x10 [ 216.529666][ T7793] do_syscall_64+0xcd/0x250 [ 216.531699][ T7793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.534332][ T7793] RIP: 0033:0x7f24a257643c [ 216.536676][ T7793] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 216.546757][ T7793] RSP: 002b:00007f24a1fff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 216.551890][ T7793] RAX: ffffffffffffffda RBX: 00007f24a2705f80 RCX: 00007f24a257643c [ 216.556910][ T7793] RDX: 000000000000000f RSI: 00007f24a1fff0b0 RDI: 0000000000000004 [ 216.561647][ T7793] RBP: 00007f24a1fff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 216.565215][ T7793] R10: 0000000020000200 R11: 0000000000000246 R12: 0000000000000001 [ 216.569293][ T7793] R13: 000000000000000b R14: 00007f24a2705f80 R15: 00007ffc112d0938 [ 216.574139][ T7793] [ 216.575787][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.580483][ T10] syz_tun: tun_net_xmit 106 [ 216.655727][ T8] syz_tun: tun_net_xmit 106 [ 216.985354][ T10] syz_tun: tun_net_xmit 106 [ 217.008422][ T833] usb 8-1: USB disconnect, device number 11 [ 217.688652][ T7809] netlink: 'syz.1.646': attribute type 1 has an invalid length. [ 217.703573][ T7809] netlink: 9 bytes leftover after parsing attributes in process `syz.1.646'. [ 217.999403][ C0] vkms_vblank_simulate: vblank timer overrun [ 218.413737][ T833] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 218.593744][ T833] usb 7-1: Using ep0 maxpacket: 8 [ 218.599076][ T833] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 218.602623][ T833] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 218.607994][ T833] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 218.614287][ T833] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 218.619320][ T833] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 218.630092][ T833] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 218.634673][ T833] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.847054][ T833] usb 7-1: usb_control_msg returned -32 [ 218.850339][ T833] usbtmc 7-1:16.0: can't read capabilities [ 219.216815][ T7828] Bluetooth: hci3: unsupported parameter 255 [ 219.220820][ T7828] Bluetooth: hci3: unsupported parameter 255 [ 219.313858][ T832] syz_tun: tun_net_xmit 90 [ 219.720320][ T7846] netlink: 'syz.3.658': attribute type 1 has an invalid length. [ 219.728051][ T7846] netlink: 9 bytes leftover after parsing attributes in process `syz.3.658'. [ 219.733846][ T833] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 219.918610][ T833] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 219.923681][ T833] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 219.941132][ T833] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 219.945325][ T833] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.973345][ T7834] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 219.984064][ T833] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 220.133760][ T832] syz_tun: tun_net_xmit 90 [ 220.357654][ T39] audit: type=1804 audit(1722687490.392:557): pid=7853 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.660" name="/newroot/170/bus/file0" dev="overlay" ino=992 res=1 errno=0 [ 220.374874][ T10] usb 6-1: USB disconnect, device number 17 [ 220.537004][ T57] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 220.587153][ T30] syz_tun: tun_net_xmit 90 [ 220.643970][ T832] syz_tun: tun_net_xmit 90 [ 220.734339][ T57] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 220.739356][ T57] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 220.744925][ T57] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 220.750679][ T57] usb 5-1: config 0 interface 0 has no altsetting 0 [ 220.755255][ T57] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 220.759469][ T57] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 220.765605][ T57] usb 5-1: config 0 interface 0 has no altsetting 0 [ 220.770377][ T57] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 220.775067][ T57] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 220.780619][ T57] usb 5-1: config 0 interface 0 has no altsetting 0 [ 220.785187][ T57] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 220.790119][ T57] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 220.795442][ T57] usb 5-1: config 0 interface 0 has no altsetting 0 [ 220.799882][ T57] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 220.803648][ T57] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 220.808503][ T57] usb 5-1: config 0 interface 0 has no altsetting 0 [ 220.812613][ T57] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 220.815875][ T57] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 220.820420][ T57] usb 5-1: config 0 interface 0 has no altsetting 0 [ 220.824437][ T57] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 220.828462][ T57] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 220.834183][ T57] usb 5-1: config 0 interface 0 has no altsetting 0 [ 220.839624][ T57] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 220.843668][ T57] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 220.848298][ T57] usb 5-1: config 0 interface 0 has no altsetting 0 [ 220.854916][ T57] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 220.858752][ T57] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 220.863288][ T57] usb 5-1: Product: syz [ 220.865878][ T57] usb 5-1: Manufacturer: syz [ 220.868008][ T57] usb 5-1: SerialNumber: syz [ 220.872298][ T57] usb 5-1: config 0 descriptor?? [ 220.880481][ T57] yurex 5-1:0.0: USB YUREX device now attached to Yurex #1 [ 220.934870][ T8] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 221.096006][ T10] usb 5-1: USB disconnect, device number 17 [ 221.106628][ T10] yurex 5-1:0.0: USB YUREX #1 now disconnected [ 221.121998][ T8] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 221.128489][ T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 221.137642][ T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 221.151418][ T8] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 221.158775][ T8] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 221.162788][ T30] usb 7-1: USB disconnect, device number 14 [ 221.164087][ T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.180832][ T8] usb 8-1: config 0 descriptor?? [ 221.188131][ T7856] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 221.235760][ T7861] kAFS: unable to lookup cell '.,' [ 221.361940][ T7864] Bluetooth: hci3: unsupported parameter 255 [ 221.369734][ T7864] Bluetooth: hci3: unsupported parameter 255 [ 221.651239][ T8] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving [ 221.684531][ T8] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 221.888071][ T39] audit: type=1400 audit(1722687491.912:558): avc: denied { read } for pid=7867 comm="syz.2.666" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 221.998622][ T7871] netlink: 'syz.1.667': attribute type 1 has an invalid length. [ 222.002421][ T7871] netlink: 9 bytes leftover after parsing attributes in process `syz.1.667'. [ 222.037713][ C0] vkms_vblank_simulate: vblank timer overrun [ 222.249086][ C0] vkms_vblank_simulate: vblank timer overrun [ 223.057239][ T7894] syzkaller1: entered promiscuous mode [ 223.059660][ T7894] syzkaller1: entered allmulticast mode [ 223.615240][ T832] usb 8-1: USB disconnect, device number 12 [ 223.970329][ T39] audit: type=1400 audit(1722687493.992:559): avc: denied { append } for pid=7895 comm="syz.2.674" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 224.051247][ T39] audit: type=1400 audit(1722687494.072:560): avc: denied { bind } for pid=7895 comm="syz.2.674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 224.197014][ T39] audit: type=1400 audit(1722687494.222:561): avc: denied { write } for pid=7904 comm="syz.3.678" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 224.303976][ T7906] netlink: 8 bytes leftover after parsing attributes in process `syz.1.676'. [ 224.800991][ C0] vkms_vblank_simulate: vblank timer overrun [ 224.919158][ C0] vkms_vblank_simulate: vblank timer overrun [ 226.435340][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.438683][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.441737][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.444914][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.448465][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.451702][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.455092][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.458672][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.462325][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.466005][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.469716][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.474181][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.478481][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.482073][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.485223][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.488614][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.491143][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.494787][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.499102][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.502805][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.507031][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.510761][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.514073][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.518166][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.522560][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.526058][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.529263][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.531893][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.534938][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.538291][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.541643][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.547130][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.551420][ C2] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 226.746977][ T7931] syzkaller1: entered promiscuous mode [ 226.749673][ T7931] syzkaller1: entered allmulticast mode [ 227.016930][ C0] vkms_vblank_simulate: vblank timer overrun [ 227.332134][ C2] vxcan0: j1939_tp_rxtimer: 0xffff88801e745c00: rx timeout, send abort [ 227.472316][ T7942] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 227.472316][ T7942] program syz.3.688 not setting count and/or reply_len properly [ 227.491216][ T7939] fuse: Bad value for 'fd' [ 227.700944][ T7949] fuse: Bad value for 'fd' [ 227.836023][ C2] vxcan0: j1939_tp_rxtimer: 0xffff88801e745c00: abort rx timeout. Force session deactivation [ 227.922801][ T39] audit: type=1400 audit(1722687497.912:562): avc: denied { write } for pid=7955 comm="syz.3.693" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1 [ 228.054365][ T7958] netlink: 8 bytes leftover after parsing attributes in process `syz.2.692'. [ 228.082821][ T7953] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 228.082821][ T7953] program syz.1.691 not setting count and/or reply_len properly [ 228.726580][ T7974] random: crng reseeded on system resumption [ 228.730564][ T39] audit: type=1400 audit(1722687498.752:563): avc: denied { write } for pid=7973 comm="syz.1.697" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 228.816666][ T7976] netlink: 12 bytes leftover after parsing attributes in process `syz.1.697'. [ 229.310340][ T39] audit: type=1400 audit(1722687499.332:564): avc: denied { getopt } for pid=7982 comm="syz.0.701" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 229.326593][ T7990] netlink: 8 bytes leftover after parsing attributes in process `syz.0.701'. [ 229.343644][ T7990] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 229.344945][ T39] audit: type=1400 audit(1722687499.372:565): avc: denied { accept } for pid=7991 comm="syz.1.703" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 229.365313][ T39] audit: type=1400 audit(1722687499.372:566): avc: denied { open } for pid=7982 comm="syz.0.701" path="/dev/ptyq4" dev="devtmpfs" ino=133 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 229.365352][ T39] audit: type=1400 audit(1722687499.372:567): avc: denied { ioctl } for pid=7982 comm="syz.0.701" path="/dev/ptyq4" dev="devtmpfs" ino=133 ioctlcmd=0x4b66 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1 [ 229.820969][ T30] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 230.006554][ T30] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 230.012386][ T30] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 230.050828][ T30] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 230.057652][ T30] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 230.079144][ T30] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 230.088956][ T30] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.110414][ T30] usb 6-1: config 0 descriptor?? [ 230.115146][ T7994] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 230.555150][ T30] plantronics 0003:047F:FFFF.0015: No inputs registered, leaving [ 230.577276][ T30] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 230.623931][ T8] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 230.763575][ T8008] input: syz0 as /devices/virtual/input/input40 [ 230.825860][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 230.861533][ T8006] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 230.886965][ T8] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 230.890606][ T8] usb 5-1: config 0 has no interface number 0 [ 230.899136][ T8] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 230.904162][ T8] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 230.909355][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.917318][ T8] usb 5-1: config 0 descriptor?? [ 230.925109][ T8] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1 [ 231.081116][ T8012] netlink: 8 bytes leftover after parsing attributes in process `syz.3.708'. [ 231.124022][ T39] audit: type=1804 audit(1722687501.142:568): pid=8012 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.708" name="/newroot/180/file0/file0" dev="9p" ino=36701576 res=1 errno=0 [ 231.286111][ C2] vkms_vblank_simulate: vblank timer overrun [ 231.651949][ T8017] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 232.063610][ T8009] Process accounting resumed [ 232.423515][ T8] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 232.626853][ T8] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 232.634984][ T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 232.652429][ T8] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 232.659726][ T8] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 232.670104][ T8] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 232.677496][ T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.715379][ T8] usb 8-1: config 0 descriptor?? [ 232.719471][ T833] usb 6-1: USB disconnect, device number 18 [ 232.722143][ T8027] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 233.030242][ T8030] 9pnet_fd: Insufficient options for proto=fd [ 233.164614][ T8] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving [ 233.179589][ T8] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 233.346536][ T8] usb 5-1: USB disconnect, device number 18 [ 233.430223][ T8] iowarrior 5-1:0.1: I/O-Warror #1 now disconnected [ 233.650231][ T39] audit: type=1400 audit(1722687503.672:569): avc: denied { connect } for pid=8044 comm="syz.0.718" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 233.952940][ T39] audit: type=1400 audit(1722687503.972:570): avc: denied { read } for pid=8049 comm="syz.2.719" dev="sockfs" ino=20391 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 234.014205][ T8050] 9pnet_fd: Insufficient options for proto=fd [ 234.253166][ T8058] netlink: 8 bytes leftover after parsing attributes in process `syz.0.722'. [ 234.328227][ T39] audit: type=1804 audit(1722687504.352:571): pid=8058 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.0.722" name="/newroot/182/file0/file0" dev="9p" ino=36701576 res=1 errno=0 [ 234.523608][ T1423] usb 8-1: reset high-speed USB device number 13 using dummy_hcd [ 234.613974][ T57] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 234.822166][ T8058] Process accounting resumed [ 234.832928][ T57] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 234.844161][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 234.851187][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 234.863684][ T57] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 234.870826][ T57] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 234.885770][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.907963][ T57] usb 6-1: config 0 descriptor?? [ 234.928476][ T8062] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 235.030692][ T8066] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 235.157482][ T39] audit: type=1326 audit(1722687505.172:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8060 comm="syz.2.723" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7115f779f9 code=0x7fc00000 [ 235.174946][ T39] audit: type=1326 audit(1722687505.182:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8060 comm="syz.2.723" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7115f779f9 code=0x7fc00000 [ 235.186470][ T39] audit: type=1326 audit(1722687505.182:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8060 comm="syz.2.723" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7115f779f9 code=0x7fc00000 [ 235.196853][ T39] audit: type=1326 audit(1722687505.182:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8060 comm="syz.2.723" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7115f779f9 code=0x7fc00000 [ 235.210653][ T39] audit: type=1326 audit(1722687505.182:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8060 comm="syz.2.723" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7115f779f9 code=0x7fc00000 [ 235.239725][ T39] audit: type=1326 audit(1722687505.182:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8060 comm="syz.2.723" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7115f779f9 code=0x7fc00000 [ 235.265758][ T39] audit: type=1326 audit(1722687505.182:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8060 comm="syz.2.723" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7115f779f9 code=0x7fc00000 [ 235.357913][ T57] plantronics 0003:047F:FFFF.0017: No inputs registered, leaving [ 235.369890][ T57] plantronics 0003:047F:FFFF.0017: hiddev1,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 235.436990][ T8071] netlink: 'syz.0.726': attribute type 1 has an invalid length. [ 235.440488][ T8071] netlink: 9 bytes leftover after parsing attributes in process `syz.0.726'. [ 235.587572][ T8074] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 235.851502][ T8081] Bluetooth: hci3: invalid length 0, exp 2 for type 20 [ 236.001581][ T8085] binder: 8084:8085 unknown command 1074029330 [ 236.005684][ T8085] binder: 8084:8085 ioctl c0306201 20000540 returned -22 [ 236.323137][ T8096] netlink: 8 bytes leftover after parsing attributes in process `syz.3.733'. [ 236.397506][ T25] usb 8-1: USB disconnect, device number 13 [ 237.061678][ T8096] Process accounting resumed [ 237.211423][ T8108] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 237.468967][ T25] usb 6-1: USB disconnect, device number 19 [ 237.615045][ T8119] overlayfs: failed to resolve './file0': -2 [ 237.637665][ T8119] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 237.637665][ T8119] program syz.3.739 not setting count and/or reply_len properly [ 238.161799][ T8132] input: syz0 as /devices/virtual/input/input42 [ 238.185159][ T8131] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 238.294078][ T25] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 238.374489][ T5355] Bluetooth: hci2: command 0x0406 tx timeout [ 238.377283][ T5354] Bluetooth: hci3: command 0x0405 tx timeout [ 238.476838][ T25] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 238.481760][ T25] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 238.490168][ T25] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 238.497734][ T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.507821][ T25] usb 7-1: config 0 descriptor?? [ 239.035996][ T8139] overlayfs: failed to resolve './file0': -2 [ 239.063567][ T8139] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 239.063567][ T8139] program syz.3.745 not setting count and/or reply_len properly [ 239.486675][ T25] cm6533_jd 0003:0D8C:0022.0018: unknown main item tag 0x0 [ 239.489985][ T25] cm6533_jd 0003:0D8C:0022.0018: unknown main item tag 0x0 [ 239.504831][ T25] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/0003:0D8C:0022.0018/input/input44 [ 239.522629][ T25] cm6533_jd 0003:0D8C:0022.0018: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 239.698355][ T8150] netlink: 'syz.3.746': attribute type 1 has an invalid length. [ 239.701780][ T8150] netlink: 9 bytes leftover after parsing attributes in process `syz.3.746'. [ 239.711826][ T833] usb 7-1: USB disconnect, device number 15 [ 239.770415][ T39] kauditd_printk_skb: 63 callbacks suppressed [ 239.770432][ T39] audit: type=1400 audit(1722687509.792:642): avc: denied { mount } for pid=8155 comm="syz.0.749" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 239.858792][ T8157] netlink: 16 bytes leftover after parsing attributes in process `syz.0.749'. [ 240.201218][ T39] audit: type=1400 audit(1722687510.222:643): avc: denied { unmount } for pid=5352 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 240.240811][ T8163] netlink: 32 bytes leftover after parsing attributes in process `syz.0.751'. [ 240.244336][ T8163] FAULT_INJECTION: forcing a failure. [ 240.244336][ T8163] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 240.255566][ T8163] CPU: 2 UID: 0 PID: 8163 Comm: syz.0.751 Not tainted 6.11.0-rc1-syzkaller-00272-g17712b7ea075 #0 [ 240.261062][ T8163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 240.266079][ T8163] Call Trace: [ 240.267594][ T8163] [ 240.269119][ T8163] dump_stack_lvl+0x16c/0x1f0 [ 240.271301][ T8163] should_fail_ex+0x497/0x5b0 [ 240.273465][ T8163] _copy_to_user+0x30/0xc0 [ 240.275597][ T8163] simple_read_from_buffer+0xd0/0x160 [ 240.278063][ T8163] proc_fail_nth_read+0x1b0/0x290 [ 240.280340][ T8163] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 240.282858][ T8163] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 240.285032][ T8163] vfs_read+0x1d4/0xbd0 [ 240.286600][ T8163] ? __fdget_pos+0xeb/0x180 [ 240.288133][ T8163] ? __pfx_vfs_read+0x10/0x10 [ 240.290150][ T8163] ? __pfx___mutex_lock+0x10/0x10 [ 240.292078][ T8163] ? __fget_files+0x256/0x400 [ 240.294252][ T8163] ksys_read+0x12f/0x260 [ 240.296041][ T8163] ? __pfx_ksys_read+0x10/0x10 [ 240.298138][ T8163] do_syscall_64+0xcd/0x250 [ 240.300146][ T8163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.302534][ T8163] RIP: 0033:0x7f75ce17643c [ 240.304213][ T8163] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 240.311888][ T8163] RSP: 002b:00007f75cef3b040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 240.315386][ T8163] RAX: ffffffffffffffda RBX: 00007f75ce305f80 RCX: 00007f75ce17643c [ 240.318420][ T8163] RDX: 000000000000000f RSI: 00007f75cef3b0b0 RDI: 0000000000000004 [ 240.321342][ T8163] RBP: 00007f75cef3b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 240.324550][ T8163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 240.327856][ T8163] R13: 000000000000000b R14: 00007f75ce305f80 R15: 00007fff38999688 [ 240.331125][ T8163] [ 240.457449][ T8173] syzkaller1: entered promiscuous mode [ 240.460147][ T8173] syzkaller1: entered allmulticast mode [ 240.777109][ T39] audit: type=1400 audit(1722687510.802:644): avc: denied { module_request } for pid=8168 comm="syz.0.754" kmod="netdev-vcan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 241.525806][ T39] audit: type=1400 audit(1722687511.552:645): avc: denied { write } for pid=8201 comm="syz.1.761" name="card0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 241.646498][ T8206] overlayfs: failed to resolve './file1': -2 [ 241.659728][ T8206] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 241.659728][ T8206] program syz.0.760 not setting count and/or reply_len properly [ 241.782246][ T8211] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 241.806835][ T8215] FAULT_INJECTION: forcing a failure. [ 241.806835][ T8215] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 241.812951][ T8215] CPU: 0 UID: 0 PID: 8215 Comm: syz.1.764 Not tainted 6.11.0-rc1-syzkaller-00272-g17712b7ea075 #0 [ 241.817573][ T8215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 241.822145][ T8215] Call Trace: [ 241.823625][ T8215] [ 241.824933][ T8215] dump_stack_lvl+0x16c/0x1f0 [ 241.827030][ T8215] should_fail_ex+0x497/0x5b0 [ 241.829135][ T8215] _copy_to_user+0x30/0xc0 [ 241.831117][ T8215] simple_read_from_buffer+0xd0/0x160 [ 241.833507][ T8215] proc_fail_nth_read+0x1b0/0x290 [ 241.836089][ T8215] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 241.838786][ T8215] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 241.840971][ T8215] vfs_read+0x1d4/0xbd0 [ 241.842622][ T8215] ? __fdget_pos+0xeb/0x180 [ 241.844395][ T8215] ? __pfx_vfs_read+0x10/0x10 [ 241.846230][ T8215] ? __pfx___mutex_lock+0x10/0x10 [ 241.848411][ T8215] ? __fget_files+0x256/0x400 [ 241.850391][ T8215] ksys_read+0x12f/0x260 [ 241.852321][ T8215] ? __pfx_ksys_read+0x10/0x10 [ 241.854493][ T8215] do_syscall_64+0xcd/0x250 [ 241.856794][ T8215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.859571][ T8215] RIP: 0033:0x7f24a257643c [ 241.861786][ T8215] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 241.871143][ T8215] RSP: 002b:00007f24a1fff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 241.875119][ T8215] RAX: ffffffffffffffda RBX: 00007f24a2705f80 RCX: 00007f24a257643c [ 241.878788][ T8215] RDX: 000000000000000f RSI: 00007f24a1fff0b0 RDI: 0000000000000004 [ 241.882116][ T8215] RBP: 00007f24a1fff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 241.885600][ T8215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 241.889319][ T8215] R13: 000000000000000b R14: 00007f24a2705f80 R15: 00007ffc112d0938 [ 241.892915][ T8215] [ 241.970559][ T8220] syzkaller1: entered promiscuous mode [ 241.983535][ T8220] syzkaller1: entered allmulticast mode [ 242.267318][ T8227] input: syz0 as /devices/virtual/input/input45 [ 242.300274][ T8226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 242.806730][ T39] audit: type=1400 audit(1722687512.822:646): avc: denied { write } for pid=8242 comm="syz.1.772" name="task" dev="proc" ino=23778 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 242.829354][ T39] audit: type=1400 audit(1722687512.842:647): avc: denied { add_name } for pid=8242 comm="syz.1.772" name="cpuset.effective_cpus" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 242.845133][ T39] audit: type=1400 audit(1722687512.842:648): avc: denied { create } for pid=8242 comm="syz.1.772" name="cpuset.effective_cpus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1 [ 242.860088][ T39] audit: type=1400 audit(1722687512.842:649): avc: denied { associate } for pid=8242 comm="syz.1.772" name="cpuset.effective_cpus" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 242.919417][ C1] vkms_vblank_simulate: vblank timer overrun [ 243.132433][ T8250] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 243.132433][ T8250] program syz.3.773 not setting count and/or reply_len properly [ 243.627537][ T8280] 9pnet_virtio: no channels available for device syz [ 243.700044][ T8282] syzkaller1: entered promiscuous mode [ 243.702711][ T8282] syzkaller1: entered allmulticast mode [ 243.738967][ T8284] netlink: 8 bytes leftover after parsing attributes in process `syz.2.781'. [ 243.774129][ T8285] netlink: 8 bytes leftover after parsing attributes in process `syz.1.783'. [ 243.776984][ T39] audit: type=1804 audit(1722687513.802:650): pid=8284 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.2.781" name="/newroot/143/file0/file0" dev="9p" ino=36701576 res=1 errno=0 [ 244.003496][ T8] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 244.188516][ T8] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 244.193833][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 244.198591][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 244.203604][ T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 244.210123][ T8] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 244.214300][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.220556][ T8] usb 5-1: config 0 descriptor?? [ 244.225249][ T8283] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 244.227496][ T8284] Process accounting resumed [ 244.447093][ T8290] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 244.447093][ T8290] program syz.2.786 not setting count and/or reply_len properly [ 244.603305][ T8280] Process accounting resumed [ 244.659264][ T8] plantronics 0003:047F:FFFF.0019: No inputs registered, leaving [ 244.665925][ T8] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 244.759889][ T8297] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 244.803563][ T5834] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 244.993722][ T8] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 245.003484][ T5834] usb 8-1: Using ep0 maxpacket: 8 [ 245.015562][ T5834] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 245.019998][ T5834] usb 8-1: config 0 has no interface number 0 [ 245.022851][ T5834] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 245.028721][ T5834] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 245.032913][ T5834] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.046460][ T5834] usb 8-1: config 0 descriptor?? [ 245.054812][ T5834] iowarrior 8-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1 [ 245.149546][ T10] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 245.191191][ T8] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 245.197013][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 245.202489][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 245.207469][ T8] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 245.217654][ T8] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 245.221287][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.227325][ T8] usb 7-1: config 0 descriptor?? [ 245.229691][ T8299] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 245.346897][ T10] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 245.352663][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 245.359187][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 245.365240][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 245.371453][ T10] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 245.379138][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.401598][ T10] usb 6-1: config 0 descriptor?? [ 245.408313][ T8302] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 245.647251][ T8] plantronics 0003:047F:FFFF.001A: No inputs registered, leaving [ 245.656090][ T8] plantronics 0003:047F:FFFF.001A: hiddev2,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 245.842020][ T10] plantronics 0003:047F:FFFF.001B: No inputs registered, leaving [ 245.868300][ T10] plantronics 0003:047F:FFFF.001B: hiddev3,hidraw3: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 246.143514][ T10] usb 5-1: reset high-speed USB device number 19 using dummy_hcd [ 247.157094][ T8315] FAULT_INJECTION: forcing a failure. [ 247.157094][ T8315] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 247.163530][ T8315] CPU: 0 UID: 0 PID: 8315 Comm: syz.0.791 Not tainted 6.11.0-rc1-syzkaller-00272-g17712b7ea075 #0 [ 247.168025][ T8315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 247.173878][ T8315] Call Trace: [ 247.175617][ T8315] [ 247.177111][ T8315] dump_stack_lvl+0x16c/0x1f0 [ 247.179471][ T8315] should_fail_ex+0x497/0x5b0 [ 247.181485][ T8315] ? fs_reclaim_acquire+0xae/0x160 [ 247.183728][ T8315] should_fail_alloc_page+0xe7/0x130 [ 247.186190][ T8315] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 247.188658][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.189025][ T8315] __alloc_pages_noprof+0x194/0x2460 [ 247.193846][ T8315] ? hlock_class+0x4e/0x130 [ 247.195821][ T8315] ? __lock_acquire+0x1620/0x3cb0 [ 247.198082][ T8315] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 247.200711][ T8315] ? __lock_acquire+0x1620/0x3cb0 [ 247.202799][ T8315] ? __pfx___lock_acquire+0x10/0x10 [ 247.205014][ T8315] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 247.207621][ T8315] ? policy_nodemask+0xea/0x4e0 [ 247.209885][ T8315] alloc_pages_mpol_noprof+0x275/0x610 [ 247.212636][ T8315] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 247.216078][ T8315] ? __pfx_lock_release+0x10/0x10 [ 247.218413][ T8315] ? __pfx_lock_release+0x10/0x10 [ 247.220582][ T8315] ? do_raw_spin_lock+0x12d/0x2c0 [ 247.222762][ T8315] folio_alloc_mpol_noprof+0x36/0xd0 [ 247.229658][ T8315] vma_alloc_folio_noprof+0xee/0x1b0 [ 247.231878][ T8315] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 247.234725][ T8315] ? __anon_vma_prepare+0x2e2/0x5e0 [ 247.237168][ T8315] __handle_mm_fault+0x2e35/0x5660 [ 247.239444][ T8315] ? __pfx_mt_find+0x10/0x10 [ 247.241452][ T8315] ? mark_lock+0xb5/0xc60 [ 247.243308][ T8315] ? __pfx___handle_mm_fault+0x10/0x10 [ 247.245698][ T8315] ? find_vma+0xc0/0x140 [ 247.247621][ T8315] ? __pfx_find_vma+0x10/0x10 [ 247.249843][ T8315] handle_mm_fault+0x44e/0x7b0 [ 247.252144][ T8315] ? __pkru_allows_pkey+0x52/0xb0 [ 247.254576][ T8315] do_user_addr_fault+0x7a3/0x13f0 [ 247.257672][ T8315] exc_page_fault+0x5c/0xc0 [ 247.260517][ T8315] asm_exc_page_fault+0x26/0x30 [ 247.263282][ T8315] RIP: 0010:__put_user_4+0x11/0x20 [ 247.265737][ T8315] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 [ 247.275703][ T8315] RSP: 0018:ffffc90003b27cc0 EFLAGS: 00050206 [ 247.278565][ T8315] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000200003c0 [ 247.284839][ T8315] RDX: dffffc0000000000 RSI: ffffffff81fcf5cb RDI: ffff88802e8477f0 [ 247.288677][ T8315] RBP: 1ffff92000764f9b R08: 0000000000000000 R09: fffffbfff202574b [ 247.291801][ T8315] R10: ffffffff9012ba5f R11: 0000000000000000 R12: 00000000200003c0 [ 247.296394][ T8315] R13: ffff8880486f69a8 R14: 0000000000008000 R15: 000000000000541b [ 247.299699][ T8315] ? do_vfs_ioctl+0x155b/0x1ad0 [ 247.301909][ T8315] do_vfs_ioctl+0x15ae/0x1ad0 [ 247.305014][ T8315] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 247.307271][ T8315] ? inode_has_perm+0x183/0x1d0 [ 247.309605][ T8315] ? file_has_perm+0x286/0x360 [ 247.311774][ T8315] ? __pfx_file_has_perm+0x10/0x10 [ 247.314292][ T8315] ? selinux_file_ioctl+0xb4/0x270 [ 247.316630][ T8315] __x64_sys_ioctl+0x116/0x220 [ 247.320592][ T8315] do_syscall_64+0xcd/0x250 [ 247.322708][ T8315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.325275][ T8315] RIP: 0033:0x7f75ce1779f9 [ 247.327059][ T8315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.335485][ T8315] RSP: 002b:00007f75cef3b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 247.339478][ T8315] RAX: ffffffffffffffda RBX: 00007f75ce305f80 RCX: 00007f75ce1779f9 [ 247.344547][ T8315] RDX: 00000000200003c0 RSI: 000000000000541b RDI: 0000000000000003 [ 247.348326][ T8315] RBP: 00007f75cef3b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 247.351971][ T8315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 247.355534][ T8315] R13: 000000000000000b R14: 00007f75ce305f80 R15: 00007fff38999688 [ 247.359147][ T8315] [ 247.556830][ T1423] usb 8-1: USB disconnect, device number 14 [ 247.565851][ T1423] iowarrior 8-1:0.1: I/O-Warror #1 now disconnected [ 247.712771][ T25] usb 7-1: USB disconnect, device number 16 [ 247.874453][ T1423] usb 6-1: USB disconnect, device number 20 [ 248.006307][ T8329] netlink: 8 bytes leftover after parsing attributes in process `syz.2.796'. [ 248.011383][ T8329] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 248.057002][ T8327] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 248.057002][ T8327] program syz.3.797 not setting count and/or reply_len properly [ 248.115286][ T8] usb 5-1: USB disconnect, device number 19 [ 248.533704][ T8] syz_tun: tun_net_xmit 90 [ 248.871420][ T8355] netlink: 24 bytes leftover after parsing attributes in process `syz.2.804'. [ 249.084001][ T10] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 249.283563][ T833] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 249.283719][ T10] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 249.294169][ T10] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 249.298748][ T10] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 249.305135][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.312135][ T8350] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 249.320065][ T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 249.422356][ T10] syz_tun: tun_net_xmit 90 [ 249.494508][ T833] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 249.502397][ T833] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 249.520652][ T833] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 249.527260][ T833] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 249.533614][ T833] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 249.539387][ T833] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.568241][ T833] usb 7-1: config 0 descriptor?? [ 249.580669][ T8358] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 249.632903][ T10] usb 5-1: USB disconnect, device number 20 [ 249.773967][ T8] syz_tun: tun_net_xmit 90 [ 250.043260][ T833] plantronics 0003:047F:FFFF.001C: No inputs registered, leaving [ 250.064720][ T833] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 250.399695][ T8386] netlink: 8 bytes leftover after parsing attributes in process `syz.3.812'. [ 250.410630][ T8386] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 250.453835][ T10] syz_tun: tun_net_xmit 90 [ 251.040660][ C0] vkms_vblank_simulate: vblank timer overrun [ 251.089207][ C0] vkms_vblank_simulate: vblank timer overrun [ 251.150681][ T8398] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 251.482196][ T8405] netlink: 'syz.0.818': attribute type 1 has an invalid length. [ 251.486711][ T8405] netlink: 'syz.0.818': attribute type 3 has an invalid length. [ 251.490191][ T8405] netlink: 224 bytes leftover after parsing attributes in process `syz.0.818'. [ 251.576356][ T8408] FAULT_INJECTION: forcing a failure. [ 251.576356][ T8408] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 251.593461][ T8408] CPU: 0 UID: 0 PID: 8408 Comm: syz.0.819 Not tainted 6.11.0-rc1-syzkaller-00272-g17712b7ea075 #0 [ 251.596619][ T8409] netlink: 8 bytes leftover after parsing attributes in process `syz.3.817'. [ 251.598335][ T8408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 251.598381][ T8408] Call Trace: [ 251.612215][ T8408] [ 251.613724][ T8408] dump_stack_lvl+0x16c/0x1f0 [ 251.615914][ T8408] should_fail_ex+0x497/0x5b0 [ 251.618098][ T8408] ? fs_reclaim_acquire+0xae/0x160 [ 251.620443][ T8408] should_fail_alloc_page+0xe7/0x130 [ 251.622593][ T8408] prepare_alloc_pages.constprop.0+0x16f/0x560 [ 251.625054][ T8408] __alloc_pages_noprof+0x194/0x2460 [ 251.627190][ T8408] ? mark_held_locks+0x9f/0xe0 [ 251.629145][ T8408] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 251.631509][ T8408] ? _copy_from_iter+0x379/0x1150 [ 251.633927][ T8408] ? _copy_from_iter+0x15e/0x1150 [ 251.636817][ T8408] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 251.640146][ T8408] ? policy_nodemask+0xea/0x4e0 [ 251.642468][ T8408] alloc_pages_mpol_noprof+0x275/0x610 [ 251.645577][ T8408] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 251.649326][ T8408] ? copy_page_from_iter+0x108/0x120 [ 251.653342][ T8408] pipe_write+0xe4a/0x1b50 [ 251.658017][ T8408] ? __pfx_pipe_write+0x10/0x10 [ 251.660237][ T8408] ? selinux_file_permission+0x125/0x590 [ 251.662920][ T8408] ? security_file_permission+0x98/0xc0 [ 251.666526][ T8408] vfs_write+0x6b6/0x1140 [ 251.669309][ T8408] ? __pfx_pipe_write+0x10/0x10 [ 251.671959][ T8408] ? __pfx_vfs_write+0x10/0x10 [ 251.674303][ T8408] ? __fget_files+0x256/0x400 [ 251.676221][ T8408] ? __fget_light+0x173/0x210 [ 251.678245][ T8408] ksys_write+0x1f8/0x260 [ 251.680715][ T8408] ? __pfx_ksys_write+0x10/0x10 [ 251.683533][ T8408] do_syscall_64+0xcd/0x250 [ 251.685762][ T8408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.688468][ T8408] RIP: 0033:0x7f75ce1779f9 [ 251.690633][ T8408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.701134][ T8408] RSP: 002b:00007f75cef3b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 251.705172][ T8408] RAX: ffffffffffffffda RBX: 00007f75ce305f80 RCX: 00007f75ce1779f9 [ 251.709333][ T8408] RDX: 000000000001001c RSI: 0000000020000100 RDI: 0000000000000004 [ 251.713435][ T8408] RBP: 00007f75cef3b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 251.716968][ T39] audit: type=1804 audit(1722687521.732:651): pid=8409 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.817" name="/newroot/210/file0/file0" dev="9p" ino=36701576 res=1 errno=0 [ 251.717875][ T8408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 251.717891][ T8408] R13: 000000000000000b R14: 00007f75ce305f80 R15: 00007fff38999688 [ 251.717907][ T8408] [ 251.717980][ C0] vkms_vblank_simulate: vblank timer overrun [ 251.953016][ T39] audit: type=1400 audit(1722687521.972:652): avc: denied { create } for pid=8412 comm="syz.0.820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 251.966619][ T39] audit: type=1400 audit(1722687521.982:653): avc: denied { getopt } for pid=8412 comm="syz.0.820" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 251.977075][ T39] audit: type=1400 audit(1722687521.982:654): avc: denied { write } for pid=8412 comm="syz.0.820" path="socket:[25116]" dev="sockfs" ino=25116 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 252.167511][ T8] usb 7-1: USB disconnect, device number 17 [ 252.294395][ T832] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 252.407985][ T8403] Process accounting resumed [ 252.424748][ T8425] 9pnet_virtio: no channels available for device syz [ 252.499026][ T832] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 252.505033][ T832] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 252.509871][ T832] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 252.518599][ T832] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 252.535686][ T832] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 252.539257][ T832] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.545038][ T832] usb 6-1: config 0 descriptor?? [ 252.548245][ T8419] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 252.631242][ T8430] netlink: 8 bytes leftover after parsing attributes in process `syz.0.824'. [ 252.662832][ T8431] netlink: 8 bytes leftover after parsing attributes in process `syz.3.825'. [ 252.680663][ T8431] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 252.994501][ T832] plantronics 0003:047F:FFFF.001D: No inputs registered, leaving [ 253.005283][ T832] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 253.399047][ T8430] Process accounting resumed [ 253.662727][ T8445] netlink: 'syz.0.827': attribute type 1 has an invalid length. [ 253.667833][ T8445] netlink: 9 bytes leftover after parsing attributes in process `syz.0.827'. [ 253.887418][ T8452] 9pnet_virtio: no channels available for device syz [ 253.944522][ T8453] netlink: 8 bytes leftover after parsing attributes in process `syz.3.829'. [ 253.979453][ T39] audit: type=1804 audit(1722687524.002:655): pid=8453 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.829" name="/newroot/212/file0/file0" dev="9p" ino=36701576 res=1 errno=0 [ 253.994097][ T8454] netlink: 8 bytes leftover after parsing attributes in process `syz.2.830'. [ 254.364620][ C0] vkms_vblank_simulate: vblank timer overrun [ 254.463584][ T8462] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 254.467024][ T8462] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 254.470451][ T8462] vhci_hcd vhci_hcd.0: Device attached [ 254.500748][ T8462] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(8) [ 254.504783][ T8462] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 254.509295][ T8462] vhci_hcd vhci_hcd.0: Device attached [ 254.515315][ T8462] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 254.525443][ T5348] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 254.684450][ T25] vhci_hcd: vhci_device speed not set [ 254.768801][ T25] usb 13-1: new full-speed USB device number 2 using vhci_hcd [ 254.891069][ T8453] Process accounting resumed [ 254.939802][ T8455] Process accounting resumed [ 255.150429][ T57] usb 6-1: USB disconnect, device number 21 [ 255.184404][ T39] audit: type=1400 audit(1722687525.212:656): avc: denied { read write } for pid=8473 comm="syz.1.836" name="nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 255.203499][ T39] audit: type=1400 audit(1722687525.212:657): avc: denied { open } for pid=8473 comm="syz.1.836" path="/dev/nullb0" dev="devtmpfs" ino=693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 255.219076][ T8465] vhci_hcd: connection closed [ 255.219441][ T45] vhci_hcd: stop threads [ 255.221215][ T8463] vhci_hcd: connection reset by peer [ 255.253318][ T45] vhci_hcd: release socket [ 255.255580][ T45] vhci_hcd: disconnect device [ 255.267211][ T45] vhci_hcd: stop threads [ 255.284970][ T45] vhci_hcd: release socket [ 255.286996][ T45] vhci_hcd: disconnect device [ 255.294426][ T8475] netlink: 'syz.2.835': attribute type 1 has an invalid length. [ 255.297790][ T8475] netlink: 9 bytes leftover after parsing attributes in process `syz.2.835'. [ 255.328734][ T1423] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 255.380260][ T8479] netlink: 8 bytes leftover after parsing attributes in process `syz.1.837'. [ 255.383953][ T8479] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 255.516411][ T1423] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 255.521937][ T1423] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 255.527693][ T1423] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 255.532911][ T1423] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 255.543012][ T1423] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 255.547664][ T1423] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.557572][ T1423] usb 8-1: config 0 descriptor?? [ 255.562639][ T8469] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 255.998562][ T1423] plantronics 0003:047F:FFFF.001E: No inputs registered, leaving [ 256.008386][ T1423] plantronics 0003:047F:FFFF.001E: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 256.016436][ T8485] fuse: Unknown parameter 'gn|ÆÐw500000000000000000000' [ 256.077600][ T8486] syzkaller1: entered promiscuous mode [ 256.080194][ T8486] syzkaller1: entered allmulticast mode [ 256.617019][ T8495] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 256.617019][ T8495] program syz.1.842 not setting count and/or reply_len properly [ 257.087543][ T39] audit: type=1400 audit(1722687527.112:658): avc: denied { read } for pid=8506 comm="syz.0.847" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 257.298523][ T39] audit: type=1400 audit(1722687527.322:659): avc: denied { append } for pid=8506 comm="syz.0.847" name="hiddev0" dev="devtmpfs" ino=2827 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 257.439684][ T39] audit: type=1400 audit(1722687527.462:660): avc: denied { bind } for pid=8510 comm="syz.1.849" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 257.453908][ T39] audit: type=1400 audit(1722687527.462:661): avc: denied { node_bind } for pid=8510 comm="syz.1.849" saddr=fe88::2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 257.476285][ T39] audit: type=1400 audit(1722687527.502:662): avc: denied { connect } for pid=8510 comm="syz.1.849" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 257.763829][ T5226] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 257.966687][ T5226] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 257.971193][ T5226] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 257.976527][ T5226] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 257.989548][ T5226] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 257.994847][ T5226] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 258.009902][ T5226] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.025022][ T5226] usb 7-1: config 0 descriptor?? [ 258.028069][ T8501] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 258.139109][ T1423] usb 8-1: USB disconnect, device number 15 [ 258.359981][ T8525] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 258.359981][ T8525] program syz.0.854 not setting count and/or reply_len properly [ 258.844127][ T8534] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 259.090082][ T5226] usbhid 7-1:0.0: can't add hid device: -71 [ 259.101859][ T5226] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 259.113330][ T5226] usb 7-1: USB disconnect, device number 18 [ 259.243904][ T57] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 259.437536][ T57] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 259.451082][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 259.457710][ T57] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 259.463131][ T57] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 259.470515][ T57] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 259.478117][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.488012][ T57] usb 5-1: config 0 descriptor?? [ 259.493949][ T8543] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 259.904422][ T25] vhci_hcd: vhci_device speed not set [ 259.932838][ T57] plantronics 0003:047F:FFFF.001F: No inputs registered, leaving [ 259.948707][ T57] plantronics 0003:047F:FFFF.001F: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 259.999171][ T39] audit: type=1400 audit(1722687530.022:663): avc: denied { read } for pid=8550 comm="syz.2.860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 260.363455][ T39] audit: type=1400 audit(1722687530.372:664): avc: denied { listen } for pid=8564 comm="syz.3.863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 260.388144][ T39] audit: type=1400 audit(1722687530.372:665): avc: denied { connect } for pid=8564 comm="syz.3.863" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1 [ 261.187708][ T8573] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 261.187708][ T8573] program syz.1.864 not setting count and/or reply_len properly [ 261.398222][ T39] audit: type=1400 audit(1722687531.422:666): avc: denied { write } for pid=8577 comm="syz.2.865" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 261.435377][ T39] audit: type=1400 audit(1722687531.422:667): avc: denied { read } for pid=8577 comm="syz.2.865" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 261.560915][ T8590] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 261.874896][ T8599] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 261.913575][ T1382] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.920302][ T1382] ieee802154 phy1 wpan1: encryption failed: -22 [ 261.943969][ T833] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 262.023630][ T25] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 262.085828][ T57] usb 5-1: USB disconnect, device number 21 [ 262.146490][ T833] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 262.152280][ T833] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 262.159386][ T833] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 262.183309][ T833] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 262.231194][ T833] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 262.237500][ T833] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.246469][ T8611] FAULT_INJECTION: forcing a failure. [ 262.246469][ T8611] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 262.250342][ T833] usb 8-1: config 0 descriptor?? [ 262.274269][ T8611] CPU: 2 UID: 0 PID: 8611 Comm: syz.2.873 Not tainted 6.11.0-rc1-syzkaller-00272-g17712b7ea075 #0 [ 262.274361][ T8611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 262.274373][ T8611] Call Trace: [ 262.274380][ T8611] [ 262.274388][ T8611] dump_stack_lvl+0x16c/0x1f0 [ 262.274418][ T8611] should_fail_ex+0x497/0x5b0 [ 262.274445][ T8611] _copy_from_user+0x30/0xf0 [ 262.274469][ T8611] sctp_getsockopt+0x2828/0x74a0 [ 262.274492][ T8611] ? avc_has_perm_noaudit+0x119/0x3a0 [ 262.274510][ T8611] ? __pfx_lock_release+0x10/0x10 [ 262.274532][ T8611] ? __pfx_mark_lock+0x10/0x10 [ 262.274552][ T8611] ? __lock_acquire+0xbdd/0x3cb0 [ 262.274573][ T8611] ? __pfx_sctp_getsockopt+0x10/0x10 [ 262.274594][ T8611] ? avc_has_perm_noaudit+0x143/0x3a0 [ 262.274613][ T8611] ? avc_has_perm+0x11b/0x1c0 [ 262.274630][ T8611] ? __pfx_avc_has_perm+0x10/0x10 [ 262.274647][ T8611] ? __lock_acquire+0xbdd/0x3cb0 [ 262.274669][ T8611] ? sock_has_perm+0x25a/0x2f0 [ 262.274689][ T8611] ? __pfx_sock_has_perm+0x10/0x10 [ 262.274711][ T8611] ? find_held_lock+0x2d/0x110 [ 262.274738][ T8611] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 262.274758][ T8611] ? do_sock_getsockopt+0x2e5/0x760 [ 262.274783][ T8611] do_sock_getsockopt+0x2e5/0x760 [ 262.274804][ T8611] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 262.274823][ T8611] ? __fget_files+0x256/0x400 [ 262.274851][ T8611] ? __fget_light+0x173/0x210 [ 262.274877][ T8611] __sys_getsockopt+0x1a1/0x270 [ 262.274903][ T8611] ? __pfx___sys_getsockopt+0x10/0x10 [ 262.274928][ T8611] ? fput+0x32/0x390 [ 262.274948][ T8611] ? ksys_write+0x1ab/0x260 [ 262.274964][ T8611] ? __pfx_ksys_write+0x10/0x10 [ 262.274982][ T8611] __x64_sys_getsockopt+0xbd/0x160 [ 262.275008][ T8611] ? do_syscall_64+0x91/0x250 [ 262.275027][ T8611] ? lockdep_hardirqs_on+0x7c/0x110 [ 262.275045][ T8611] do_syscall_64+0xcd/0x250 [ 262.275066][ T8611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 262.275091][ T8611] RIP: 0033:0x7f7115f779f9 [ 262.275105][ T8611] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 262.275122][ T8611] RSP: 002b:00007f7116cc5048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 262.275141][ T8611] RAX: ffffffffffffffda RBX: 00007f7116105f80 RCX: 00007f7115f779f9 [ 262.275154][ T8611] RDX: 0000000000000001 RSI: 0000000000000084 RDI: 0000000000000003 [ 262.275165][ T8611] RBP: 00007f7116cc50a0 R08: 0000000020000340 R09: 0000000000000000 [ 262.275177][ T8611] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000001 [ 262.275189][ T8611] R13: 000000000000000b R14: 00007f7116105f80 R15: 00007ffedac30298 [ 262.275203][ T8611] [ 262.275346][ T25] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 262.275368][ T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.277541][ T25] usb 6-1: config 0 descriptor?? [ 262.567909][ T8595] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 262.753553][ T39] audit: type=1400 audit(1722687532.772:668): avc: denied { getopt } for pid=8596 comm="syz.1.867" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 262.796894][ T8614] can0: slcan on ptm0. [ 262.927830][ T8618] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 262.948569][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.958934][ T8622] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 262.958934][ T8622] program syz.2.875 not setting count and/or reply_len properly [ 263.098513][ T25] usb 6-1: string descriptor 0 read error: -71 [ 263.106695][ T25] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 263.110833][ T25] gspca_cpia1: usb_control_msg 05, error -71 [ 263.118487][ T25] gspca_cpia1: usb_control_msg 01, error -71 [ 263.122862][ T25] cpia1 6-1:0.0: only firmware version 1 is supported (got: 0) [ 263.129121][ T25] usb 6-1: USB disconnect, device number 22 [ 263.175837][ T8608] can0 (unregistered): slcan off ptm0. [ 263.621925][ T8639] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 263.631335][ T833] usbhid 8-1:0.0: can't add hid device: -71 [ 263.637745][ T833] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 263.657934][ T833] usb 8-1: USB disconnect, device number 16 [ 263.769619][ T8643] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 263.913600][ T8] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 264.123492][ T8] usb 6-1: Using ep0 maxpacket: 8 [ 264.129051][ T8] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 264.134088][ T8] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 264.140105][ T8] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 264.145319][ T8] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 264.150116][ T8] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 264.169706][ T8] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 264.192585][ T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.437648][ T8] usb 6-1: usb_control_msg returned -32 [ 264.440754][ T8] usbtmc 6-1:16.0: can't read capabilities [ 264.446775][ T39] audit: type=1400 audit(1722687534.462:669): avc: denied { create } for pid=8655 comm="syz.3.881" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 264.463606][ T39] audit: type=1400 audit(1722687534.462:670): avc: denied { write } for pid=8655 comm="syz.3.881" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1 [ 264.564983][ T8662] netlink: 8 bytes leftover after parsing attributes in process `syz.2.883'. [ 265.028932][ T8665] Bluetooth: hci3: unsupported parameter 255 [ 265.053497][ T8665] Bluetooth: hci3: unsupported parameter 255 [ 265.182791][ T8673] netlink: 'syz.3.885': attribute type 1 has an invalid length. [ 265.193455][ T8673] netlink: 9 bytes leftover after parsing attributes in process `syz.3.885'. [ 265.295885][ T8674] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 265.295885][ T8674] program syz.2.886 not setting count and/or reply_len properly [ 265.369857][ T8676] fuse: Unknown parameter '184467440737095516150x000000000000000a' [ 265.973239][ T8696] netlink: 8 bytes leftover after parsing attributes in process `syz.2.890'. [ 265.980175][ T8696] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 266.599706][ T25] usb 6-1: USB disconnect, device number 23 [ 267.219138][ T8722] netlink: 'syz.1.896': attribute type 1 has an invalid length. [ 267.222733][ T8722] netlink: 9 bytes leftover after parsing attributes in process `syz.1.896'. [ 267.452848][ T8727] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 267.452848][ T8727] program syz.0.897 not setting count and/or reply_len properly [ 267.886598][ T39] audit: type=1400 audit(1722687537.912:671): avc: denied { create } for pid=8754 comm="syz.3.905" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 267.953580][ T25] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 267.970134][ T39] audit: type=1400 audit(1722687537.982:672): avc: denied { wake_alarm } for pid=8756 comm="syz.1.906" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 268.079445][ T8761] netlink: 8 bytes leftover after parsing attributes in process `syz.2.904'. [ 268.164689][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 268.169783][ T25] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 268.173033][ T25] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 268.177787][ T25] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 268.182119][ T25] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 268.186504][ T25] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 268.191860][ T25] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 268.198283][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.247129][ T39] audit: type=1400 audit(1722687538.272:673): avc: denied { execute } for pid=8762 comm="syz.1.908" path="/syzcgroup/unified/file0/cgroup.freeze" dev="cgroup2" ino=205 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1 [ 268.441596][ T25] usb 5-1: usb_control_msg returned -32 [ 268.451142][ T25] usbtmc 5-1:16.0: can't read capabilities [ 269.230281][ T8780] netlink: 'syz.2.913': attribute type 1 has an invalid length. [ 269.234221][ T8780] netlink: 9 bytes leftover after parsing attributes in process `syz.2.913'. [ 269.283063][ T8782] input: syz0 as /devices/virtual/input/input47 [ 269.324316][ T8781] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.799352][ T8784] binder: BC_ATTEMPT_ACQUIRE not supported [ 269.802083][ T8784] binder: 8783:8784 ioctl c0306201 20000040 returned -22 [ 270.078007][ T8793] netlink: 8 bytes leftover after parsing attributes in process `syz.1.917'. [ 270.124301][ T39] audit: type=1804 audit(1722687540.152:674): pid=8793 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.1.917" name="/newroot/238/file0/file0" dev="9p" ino=36701576 res=1 errno=0 [ 270.483568][ T8] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 270.511506][ T8791] Process accounting resumed [ 270.675405][ T8] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 270.680361][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 270.688435][ T8] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 270.693099][ T8] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 270.697390][ T833] usb 5-1: USB disconnect, device number 22 [ 270.703548][ T8] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 270.703573][ T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.721611][ T8] usb 7-1: config 0 descriptor?? [ 270.724779][ T8795] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 270.741407][ T8800] netlink: 24 bytes leftover after parsing attributes in process `syz.0.920'. [ 271.024057][ T8806] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 271.096541][ T8810] netlink: 'syz.3.923': attribute type 1 has an invalid length. [ 271.099869][ T8810] netlink: 9 bytes leftover after parsing attributes in process `syz.3.923'. [ 271.601465][ T8] usbhid 7-1:0.0: can't add hid device: -71 [ 271.604028][ T8] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 271.609036][ T8] usb 7-1: USB disconnect, device number 19 [ 271.723503][ T5388] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 271.883880][ T5226] syz_tun: tun_net_xmit 90 [ 271.932717][ T5388] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 271.937585][ T5388] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 271.946266][ T5388] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 271.950685][ T5388] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 271.957928][ T5388] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 271.962083][ T5388] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.967985][ T5388] usb 8-1: config 0 descriptor?? [ 271.970946][ T8818] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 272.239605][ T5226] syz_tun: tun_net_xmit 90 [ 272.383054][ T5388] plantronics 0003:047F:FFFF.0020: No inputs registered, leaving [ 272.392065][ T5388] plantronics 0003:047F:FFFF.0020: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 272.400797][ T8] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 272.625123][ T8] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 272.629582][ T8] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 272.633172][ T8] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 272.637559][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.646931][ T8820] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 272.653109][ T8] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 272.668543][ T833] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 272.853548][ T833] usb 6-1: Using ep0 maxpacket: 32 [ 272.858319][ T833] usb 6-1: config 0 has no interfaces? [ 272.864842][ T833] usb 6-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 272.868856][ T833] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.871171][ T8] usb 5-1: USB disconnect, device number 23 [ 272.883145][ T833] usb 6-1: Product: syz [ 272.886182][ T833] usb 6-1: Manufacturer: syz [ 272.888538][ T833] usb 6-1: SerialNumber: syz [ 272.890848][ T5395] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 272.936502][ T833] usb 6-1: config 0 descriptor?? [ 273.093477][ T5395] usb 7-1: Using ep0 maxpacket: 32 [ 273.102261][ T5395] usb 7-1: config 0 has no interfaces? [ 273.104094][ T5388] syz_tun: tun_net_xmit 90 [ 273.111741][ T5395] usb 7-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 273.121510][ T5395] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.125541][ T5395] usb 7-1: Product: syz [ 273.127621][ T5395] usb 7-1: Manufacturer: syz [ 273.141709][ T5395] usb 7-1: SerialNumber: syz [ 273.146404][ T5395] usb 7-1: config 0 descriptor?? [ 273.383878][ T8] syz_tun: tun_net_xmit 90 [ 273.843618][ T5226] usb 8-1: reset high-speed USB device number 17 using dummy_hcd [ 275.287652][ T8845] syzkaller1: entered promiscuous mode [ 275.290005][ T8845] syzkaller1: entered allmulticast mode [ 275.357756][ T832] usb 7-1: USB disconnect, device number 20 [ 275.421354][ T833] usb 6-1: USB disconnect, device number 24 [ 275.630693][ T8855] netlink: 'syz.1.932': attribute type 1 has an invalid length. [ 275.641629][ T8855] netlink: 9 bytes leftover after parsing attributes in process `syz.1.932'. [ 275.674699][ T30] usb 8-1: USB disconnect, device number 17 [ 275.833649][ T832] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 276.027400][ T832] usb 7-1: Using ep0 maxpacket: 32 [ 276.063490][ T832] usb 7-1: config 0 has no interfaces? [ 276.087201][ T832] usb 7-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 276.097269][ T832] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.101198][ T832] usb 7-1: Product: syz [ 276.104749][ T832] usb 7-1: Manufacturer: syz [ 276.107168][ T832] usb 7-1: SerialNumber: syz [ 276.117838][ T832] usb 7-1: config 0 descriptor?? [ 276.280724][ T39] audit: type=1400 audit(1722687546.292:675): avc: denied { write } for pid=8861 comm="syz.1.933" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 276.293480][ T8862] random: crng reseeded on system resumption [ 276.304872][ T39] audit: type=1400 audit(1722687546.312:676): avc: denied { read } for pid=8861 comm="syz.1.933" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 276.370093][ T8866] netlink: 8 bytes leftover after parsing attributes in process `syz.3.934'. [ 276.415024][ T39] audit: type=1804 audit(1722687546.432:677): pid=8866 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.934" name="/newroot/232/file0/file0" dev="9p" ino=36701576 res=1 errno=0 [ 276.422192][ T25] usb 7-1: USB disconnect, device number 21 [ 276.897462][ T8874] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 276.897462][ T8874] program syz.0.936 not setting count and/or reply_len properly [ 277.170164][ T8866] Process accounting resumed [ 277.290153][ T39] audit: type=1400 audit(1722687547.312:678): avc: denied { setattr } for pid=8884 comm="syz.3.939" path="/proc/723/net/packet" dev="proc" ino=4026533457 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 277.305876][ T25] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 277.326786][ T8887] ALSA: seq fatal error: cannot create timer (-22) [ 277.535943][ T25] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 277.552724][ T25] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 277.559670][ T25] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 277.578101][ T25] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 277.584373][ T25] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 277.588308][ T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.601778][ T25] usb 7-1: config 0 descriptor?? [ 277.609293][ T8881] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 277.789452][ T8903] netlink: 28 bytes leftover after parsing attributes in process `syz.0.943'. [ 277.796728][ T39] audit: type=1400 audit(1722687547.822:679): avc: denied { map } for pid=8902 comm="syz.0.943" path="socket:[26239]" dev="sockfs" ino=26239 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 278.044986][ T25] plantronics 0003:047F:FFFF.0021: No inputs registered, leaving [ 278.056188][ T25] plantronics 0003:047F:FFFF.0021: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 278.060223][ T39] audit: type=1400 audit(1722687548.082:680): avc: denied { append } for pid=8902 comm="syz.0.943" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 278.614307][ T8915] netlink: 4 bytes leftover after parsing attributes in process `syz.1.945'. [ 278.867510][ T8918] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 278.867510][ T8918] program syz.0.946 not setting count and/or reply_len properly [ 278.925335][ T8920] netlink: 8 bytes leftover after parsing attributes in process `syz.1.947'. [ 278.935948][ T8920] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 279.037497][ T8930] netlink: 8 bytes leftover after parsing attributes in process `syz.3.948'. [ 279.093527][ T39] audit: type=1804 audit(1722687549.122:681): pid=8930 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.948" name="/newroot/235/file0/file0" dev="9p" ino=36701576 res=1 errno=0 [ 279.265776][ T8933] netlink: 24 bytes leftover after parsing attributes in process `syz.0.949'. [ 279.444368][ T833] usb 7-1: reset high-speed USB device number 22 using dummy_hcd [ 279.723694][ T5834] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 279.767438][ T8930] Process accounting resumed [ 279.909792][ T5834] usb 5-1: Using ep0 maxpacket: 32 [ 279.918482][ T5834] usb 5-1: config 0 has no interfaces? [ 279.928948][ T5834] usb 5-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 279.937222][ T5834] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.942918][ T5834] usb 5-1: Product: syz [ 279.945483][ T5834] usb 5-1: Manufacturer: syz [ 279.948383][ T5834] usb 5-1: SerialNumber: syz [ 279.956446][ T5834] usb 5-1: config 0 descriptor?? [ 280.023597][ T35] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 280.213466][ T35] usb 6-1: Using ep0 maxpacket: 8 [ 280.218177][ T35] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 280.222869][ T35] usb 6-1: config 0 has no interface number 0 [ 280.230471][ T35] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 280.235449][ T35] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 280.239492][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.247994][ T35] usb 6-1: config 0 descriptor?? [ 280.258736][ T35] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior1 [ 280.533877][ T8950] netlink: 'syz.2.954': attribute type 1 has an invalid length. [ 280.537497][ T8950] netlink: 9 bytes leftover after parsing attributes in process `syz.2.954'. [ 281.025145][ T8961] netlink: 24 bytes leftover after parsing attributes in process `syz.3.958'. [ 281.269511][ T5395] usb 7-1: USB disconnect, device number 22 [ 282.119140][ T8978] FAULT_INJECTION: forcing a failure. [ 282.119140][ T8978] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 282.126678][ T8978] CPU: 2 UID: 0 PID: 8978 Comm: syz.3.963 Not tainted 6.11.0-rc1-syzkaller-00272-g17712b7ea075 #0 [ 282.131461][ T8978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 282.135963][ T8978] Call Trace: [ 282.137599][ T8978] [ 282.139104][ T8978] dump_stack_lvl+0x16c/0x1f0 [ 282.141972][ T8978] should_fail_ex+0x497/0x5b0 [ 282.144659][ T8978] _copy_from_user+0x30/0xf0 [ 282.146722][ T8978] copy_msghdr_from_user+0x99/0x160 [ 282.149000][ T8978] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 282.152010][ T8978] ? find_held_lock+0x2d/0x110 [ 282.154674][ T8978] ? __pfx___lock_acquire+0x10/0x10 [ 282.157788][ T8978] ___sys_sendmsg+0xff/0x1e0 [ 282.160197][ T8978] ? __pfx____sys_sendmsg+0x10/0x10 [ 282.162896][ T8978] ? ksys_write+0x21c/0x260 [ 282.165077][ T8978] ? __fget_light+0x173/0x210 [ 282.167520][ T8978] __sys_sendmsg+0x117/0x1f0 [ 282.170000][ T8978] ? __pfx___sys_sendmsg+0x10/0x10 [ 282.172644][ T8978] do_syscall_64+0xcd/0x250 [ 282.174397][ T8978] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.177530][ T8978] RIP: 0033:0x7fe3bad779f9 [ 282.179481][ T8978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.188763][ T8978] RSP: 002b:00007fe3bbc2b048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 282.193100][ T8978] RAX: ffffffffffffffda RBX: 00007fe3baf05f80 RCX: 00007fe3bad779f9 [ 282.196734][ T8978] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000004 [ 282.200195][ T8978] RBP: 00007fe3bbc2b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 282.203973][ T8978] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 282.208181][ T8978] R13: 000000000000000b R14: 00007fe3baf05f80 R15: 00007ffed87b6688 [ 282.212135][ T8978] [ 282.343583][ T833] usb 7-1: new high-speed USB device number 23 using dummy_hcd [ 282.370493][ T5395] usb 5-1: USB disconnect, device number 24 [ 282.546809][ T833] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 282.553078][ T833] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 282.582020][ T833] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 282.591141][ T833] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 282.599101][ T833] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 282.604868][ T833] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.620119][ T833] usb 7-1: config 0 descriptor?? [ 282.628518][ T8976] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 282.782381][ T25] usb 6-1: USB disconnect, device number 25 [ 282.800823][ T25] iowarrior 6-1:0.1: I/O-Warror #1 now disconnected [ 283.042470][ T833] plantronics 0003:047F:FFFF.0022: No inputs registered, leaving [ 283.051865][ T833] plantronics 0003:047F:FFFF.0022: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 283.168772][ T8996] netlink: 24 bytes leftover after parsing attributes in process `syz.3.967'. [ 283.280466][ C0] vkms_vblank_simulate: vblank timer overrun [ 283.486249][ T9001] netlink: 8 bytes leftover after parsing attributes in process `syz.0.969'. [ 283.491623][ T9001] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 283.992333][ T9009] netlink: 48 bytes leftover after parsing attributes in process `syz.1.970'. [ 284.025574][ T9009] netlink: 108 bytes leftover after parsing attributes in process `syz.1.970'. [ 284.034949][ T9009] netlink: 168 bytes leftover after parsing attributes in process `syz.1.970'. [ 284.039465][ T9009] netlink: 'syz.1.970': attribute type 2 has an invalid length. [ 284.042818][ T9009] netlink: 60 bytes leftover after parsing attributes in process `syz.1.970'. [ 284.256311][ T9013] netlink: 8 bytes leftover after parsing attributes in process `syz.1.971'. [ 284.260527][ T9013] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 285.064306][ T57] usb 7-1: USB disconnect, device number 23 [ 285.332301][ T9028] netlink: 24 bytes leftover after parsing attributes in process `syz.3.976'. [ 285.394642][ T9026] netlink: 'syz.1.974': attribute type 1 has an invalid length. [ 285.402243][ T9026] netlink: 9 bytes leftover after parsing attributes in process `syz.1.974'. [ 285.580246][ T9035] syzkaller1: entered promiscuous mode [ 285.583802][ T9035] syzkaller1: entered allmulticast mode [ 285.896804][ T9042] netlink: 'syz.1.981': attribute type 11 has an invalid length. [ 286.024846][ T39] audit: type=1400 audit(1722687556.052:682): avc: denied { bind } for pid=9041 comm="syz.1.981" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 286.588296][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.727908][ T9049] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 286.763826][ T9051] 9pnet_virtio: no channels available for device syz [ 286.924433][ T9054] __nla_validate_parse: 1 callbacks suppressed [ 286.924448][ T9054] netlink: 4 bytes leftover after parsing attributes in process `syz.1.984'. [ 286.952866][ T9053] netlink: 8 bytes leftover after parsing attributes in process `syz.0.983'. [ 286.971422][ T9057] fuse: Bad value for 'fd' [ 287.026039][ T9059] netlink: 24 bytes leftover after parsing attributes in process `syz.2.986'. [ 287.389914][ T9066] syz_tun: tun_net_xmit 86 [ 287.463083][ T9066] kvm: kvm [9065]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x1dce00000080 [ 287.514044][ T9066] kvm: kvm [9065]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x3dce00000080 [ 287.768047][ T9053] Process accounting resumed [ 288.173535][ T5388] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 288.173538][ T832] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 288.375742][ T832] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 288.381976][ T5388] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 288.390865][ T5388] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 288.403531][ T832] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 288.404194][ T5388] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 288.438396][ T5388] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 288.443330][ T5388] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 288.453698][ C1] syz_tun: tun_net_xmit 86 [ 288.462638][ T5388] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.470531][ T832] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 288.473100][ T5388] usb 8-1: config 0 descriptor?? [ 288.513879][ T9080] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 288.529852][ T832] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 288.603660][ T832] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 288.608063][ T832] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.613989][ T832] usb 6-1: config 0 descriptor?? [ 288.619633][ T9082] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 288.977211][ T5388] plantronics 0003:047F:FFFF.0023: No inputs registered, leaving [ 289.017034][ T5388] plantronics 0003:047F:FFFF.0023: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 289.077714][ T832] plantronics 0003:047F:FFFF.0024: No inputs registered, leaving [ 289.096992][ T832] plantronics 0003:047F:FFFF.0024: hiddev1,hidraw2: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 289.157223][ T9092] fuse: Bad value for 'fd' [ 289.495268][ C1] syz_tun: tun_net_xmit 86 [ 289.553530][ T5388] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 289.743503][ T5388] usb 5-1: Using ep0 maxpacket: 8 [ 289.751530][ T5388] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 289.755559][ T5388] usb 5-1: config 0 has no interface number 0 [ 289.758388][ T5388] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 289.763365][ T5388] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 289.773485][ T5388] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.783853][ T5388] usb 5-1: config 0 descriptor?? [ 289.791362][ T5388] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior2 [ 290.163514][ T833] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 290.353532][ T833] usb 7-1: Using ep0 maxpacket: 8 [ 290.361062][ T833] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 290.369380][ T833] usb 7-1: config 0 has no interface number 0 [ 290.372611][ T833] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 290.380411][ T833] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 290.386787][ T833] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.404287][ T833] usb 7-1: config 0 descriptor?? [ 290.413076][ T833] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior3 [ 290.413561][ T57] usb 8-1: reset high-speed USB device number 18 using dummy_hcd [ 291.310169][ T833] usb 6-1: USB disconnect, device number 26 [ 292.278650][ T833] usb 5-1: USB disconnect, device number 25 [ 292.283368][ T833] iowarrior 5-1:0.1: I/O-Warror #2 now disconnected [ 292.343682][ T25] usb 8-1: USB disconnect, device number 18 [ 292.895018][ T5388] usb 7-1: USB disconnect, device number 24 [ 292.951525][ T5388] iowarrior 7-1:0.1: I/O-Warror #3 now disconnected [ 293.020501][ T9134] syz_tun: tun_net_xmit 42 [ 293.336217][ C2] vkms_vblank_simulate: vblank timer overrun [ 293.825428][ T9151] netlink: 'syz.1.1009': attribute type 1 has an invalid length. [ 293.829173][ T9151] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1009'. [ 294.053674][ C1] syz_tun: tun_net_xmit 42 [ 295.057422][ T9167] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1014'. [ 295.093544][ C1] syz_tun: tun_net_xmit 42 [ 295.955068][ T9188] EXT4-fs (sda1): resizing filesystem from 262144 to 2 blocks [ 295.969122][ T9188] EXT4-fs warning (device sda1): ext4_resize_fs:2041: can't shrink FS - resize aborted [ 296.048217][ C2] vkms_vblank_simulate: vblank timer overrun [ 296.121088][ T39] audit: type=1400 audit(1722687566.132:683): avc: denied { create } for pid=9187 comm="syz.1.1020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 296.161640][ T39] audit: type=1400 audit(1722687566.182:684): avc: denied { setopt } for pid=9187 comm="syz.1.1020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 296.535464][ T9196] binder: 9195:9196 ioctl 4018620d 0 returned -22 [ 299.633482][ T9252] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 299.633482][ T9252] program syz.0.1035 not setting count and/or reply_len properly [ 299.666136][ T57] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 299.875889][ T57] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 299.880680][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 299.885130][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 299.890318][ T57] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 299.898507][ T57] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 299.902732][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.910559][ T57] usb 6-1: config 0 descriptor?? [ 299.913748][ T9248] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 300.368021][ T57] plantronics 0003:047F:FFFF.0025: No inputs registered, leaving [ 300.384061][ T57] plantronics 0003:047F:FFFF.0025: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 300.443500][ T9268] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1039'. [ 300.559045][ T9266] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1037'. [ 300.592776][ T39] audit: type=1804 audit(1722687570.612:685): pid=9266 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.1037" name="/newroot/260/file0/file0" dev="9p" ino=36701576 res=1 errno=0 [ 300.595576][ T9275] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1041'. [ 301.134504][ T9266] Process accounting resumed [ 301.697610][ T9298] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 301.973366][ T9299] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 301.973366][ T9299] program syz.2.1046 not setting count and/or reply_len properly [ 302.086322][ T9306] fuse: Invalid rootmode [ 302.404029][ T25] usb 6-1: USB disconnect, device number 27 [ 302.586764][ T9316] overlayfs: workdir and upperdir must be separate subtrees [ 302.590436][ T39] audit: type=1400 audit(1722687572.612:686): avc: denied { write } for pid=9315 comm="syz.1.1051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 302.953503][ T57] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 303.078882][ T39] audit: type=1804 audit(1722687573.102:687): pid=9321 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.1053" name="/newroot/266/file0/file0" dev="9p" ino=36701576 res=1 errno=0 [ 303.320235][ T57] usb 6-1: Using ep0 maxpacket: 8 [ 303.327647][ T9327] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 303.327647][ T9327] The task syz.2.1055 (9327) triggered the difference, watch for misbehavior. [ 303.327715][ T57] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 303.337276][ T57] usb 6-1: config 0 has no interface number 0 [ 303.413684][ T57] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 303.419227][ T57] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 303.425513][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.440339][ T57] usb 6-1: config 0 descriptor?? [ 303.468264][ T57] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 304.068457][ T9320] Process accounting resumed [ 304.212568][ T9340] fuse: Invalid rootmode [ 304.340049][ T9341] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 305.433520][ T832] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 305.747329][ T832] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 305.752451][ T832] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 305.772698][ T832] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 305.777843][ T832] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 305.784474][ T832] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 305.801664][ T832] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.833039][ T832] usb 7-1: config 0 descriptor?? [ 305.837653][ T9356] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 305.838417][ T833] usb 6-1: USB disconnect, device number 28 [ 305.892051][ C2] vkms_vblank_simulate: vblank timer overrun [ 305.907578][ T833] iowarrior 6-1:0.1: I/O-Warror #0 now disconnected [ 306.148044][ T39] audit: type=1804 audit(1722687576.172:688): pid=9370 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.1.1066" name="/newroot/274/file0/file0" dev="9p" ino=36701576 res=1 errno=0 [ 306.304471][ T832] plantronics 0003:047F:FFFF.0026: No inputs registered, leaving [ 306.312094][ T832] plantronics 0003:047F:FFFF.0026: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 306.414302][ T39] audit: type=1804 audit(1722687576.432:689): pid=9372 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.0.1068" name="/newroot/279/bus/bus" dev="overlay" ino=1622 res=1 errno=0 [ 306.626435][ T9379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 306.859201][ T9370] Process accounting resumed [ 307.604233][ T39] audit: type=1400 audit(1722687577.622:690): avc: denied { accept } for pid=9390 comm="syz.3.1072" lport=50013 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 307.623696][ T9391] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1072'. [ 307.773809][ T5388] usb 7-1: reset high-speed USB device number 25 using dummy_hcd [ 307.985296][ T9401] veth1: invalid flags given to default FDB implementation [ 308.951345][ T833] syz_tun: tun_net_xmit 90 [ 309.380338][ T8] usb 7-1: USB disconnect, device number 25 [ 309.753536][ T57] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 309.935603][ T57] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 309.940977][ T57] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 309.973944][ T57] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 309.977494][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.983676][ T833] syz_tun: tun_net_xmit 90 [ 310.008355][ T9424] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 310.015830][ T57] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 310.034571][ T9433] openvswitch: netlink: Missing key (keys=8040, expected=200000) [ 310.312196][ T833] usb 5-1: USB disconnect, device number 26 [ 310.390690][ T39] audit: type=1804 audit(1722687580.412:691): pid=9436 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.3.1079" name="/newroot/277/file0/file0" dev="9p" ino=36701576 res=1 errno=0 [ 310.402807][ T9437] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 310.464369][ T57] syz_tun: tun_net_xmit 90 [ 310.999163][ T9442] 9pnet_virtio: no channels available for device syz [ 311.070995][ T9436] Process accounting resumed [ 311.185998][ T57] syz_tun: tun_net_xmit 90 [ 311.823554][ T833] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 312.075541][ T833] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 312.081510][ T833] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 312.087686][ T833] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 312.092566][ T833] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 312.112059][ T833] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 312.116416][ T833] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.123719][ T833] usb 7-1: config 0 descriptor?? [ 312.141089][ T9456] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 312.260947][ T9440] Process accounting resumed [ 312.882130][ T833] plantronics 0003:047F:FFFF.0027: No inputs registered, leaving [ 312.956406][ T833] plantronics 0003:047F:FFFF.0027: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 313.110119][ T9477] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1092'. [ 313.306094][ T9473] sg_write: data in/out 73495649/196 bytes for SCSI command 0x9d-- guessing data in; [ 313.306094][ T9473] program syz.0.1090 not setting count and/or reply_len properly [ 313.428603][ T39] audit: type=1804 audit(1722687583.452:692): pid=9489 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.1.1091" name="/newroot/281/file0/file0" dev="9p" ino=36701576 res=1 errno=0 [ 313.516250][ T9472] jump_label: Fatal kernel bug, unexpected op at preempt_notifier_register+0xd/0xf0 [ffffffff815967ed] (eb 12 90 48 c7 != 66 90 0f 1f 00)) size:2 type:1 [ 313.524088][ T9472] ------------[ cut here ]------------ [ 313.526623][ T9472] kernel BUG at arch/x86/kernel/jump_label.c:73! [ 313.529742][ T9472] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 313.534829][ T9472] CPU: 1 UID: 0 PID: 9472 Comm: syz.0.1090 Not tainted 6.11.0-rc1-syzkaller-00272-g17712b7ea075 #0 [ 313.539504][ T9472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 313.544277][ T9472] RIP: 0010:__jump_label_patch+0x378/0x400 [ 313.547086][ T9472] Code: 48 c7 c3 60 40 24 93 e8 c6 7c 59 00 45 89 e1 49 89 d8 4c 89 f1 41 55 4c 89 f2 4c 89 f6 48 c7 c7 20 38 46 8b e8 f9 ef 39 00 90 <0f> 0b e8 a1 7c 59 00 90 0f 0b e8 99 7c 59 00 90 0f 0b 48 c7 c7 30 [ 313.557191][ T9472] RSP: 0000:ffffc90003ae7c38 EFLAGS: 00010286 [ 313.559916][ T9472] RAX: 0000000000000096 RBX: ffffffff8b466ea1 RCX: ffffffff816b0039 [ 313.563456][ T9472] RDX: 0000000000000000 RSI: ffffffff816b9416 RDI: 0000000000000005 [ 313.566982][ T9472] RBP: ffffc90003ae7c80 R08: 0000000000000005 R09: 0000000000000000 [ 313.570502][ T9472] R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000002 [ 313.574041][ T9472] R13: 0000000000000001 R14: ffffffff815967ed R15: 0000000000000085 [ 313.577588][ T9472] FS: 000055556979c500(0000) GS:ffff88806b100000(0000) knlGS:0000000000000000 [ 313.581326][ T9472] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 313.583939][ T9472] CR2: 0000001b321ffff8 CR3: 000000001c398000 CR4: 0000000000352ef0 [ 313.587065][ T9472] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 313.590916][ T9472] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 313.595462][ T9472] Call Trace: [ 313.597322][ T9472] [ 313.598727][ T9472] ? show_regs+0x8c/0xa0 [ 313.600807][ T9472] ? die+0x36/0xa0 [ 313.602565][ T9472] ? do_trap+0x232/0x430 [ 313.604605][ T9472] ? __jump_label_patch+0x378/0x400 [ 313.606995][ T9472] ? __jump_label_patch+0x378/0x400 [ 313.609599][ T9472] ? do_error_trap+0xf4/0x230 [ 313.612040][ T9472] ? __jump_label_patch+0x378/0x400 [ 313.614454][ T9472] ? handle_invalid_op+0x34/0x40 [ 313.616791][ T9472] ? __jump_label_patch+0x378/0x400 [ 313.619200][ T9472] ? exc_invalid_op+0x2e/0x50 [ 313.621345][ T9472] ? asm_exc_invalid_op+0x1a/0x20 [ 313.623694][ T9472] ? preempt_notifier_register+0xd/0xf0 [ 313.626454][ T9472] ? __wake_up_klogd.part.0+0x99/0xf0 [ 313.628868][ T9472] ? vprintk+0x86/0xa0 [ 313.630710][ T9472] ? __jump_label_patch+0x378/0x400 [ 313.633054][ T9472] ? __jump_label_patch+0x377/0x400 [ 313.635388][ T9472] arch_jump_label_transform_queue+0x7e/0x120 [ 313.638087][ T9472] __jump_label_update+0x125/0x420 [ 313.640353][ T9472] jump_label_update+0x1d7/0x400 [ 313.642345][ T9472] __static_key_slow_dec_cpuslocked.part.0+0x4e/0x90 [ 313.644963][ T9472] static_key_slow_dec+0x7c/0xc0 [ 313.646928][ T9472] kvm_put_kvm+0x8f8/0xb80 [ 313.648718][ T9472] ? __pfx_kvm_vm_release+0x10/0x10 [ 313.650772][ T9472] kvm_vm_release+0x42/0x60 [ 313.652768][ T9472] __fput+0x408/0xbb0 [ 313.654602][ T9472] ? _raw_spin_unlock_irq+0x23/0x50 [ 313.657254][ T9472] task_work_run+0x14e/0x250 [ 313.659449][ T9472] ? __pfx_task_work_run+0x10/0x10 [ 313.661839][ T9472] ? __pkru_allows_pkey+0x52/0xb0 [ 313.664108][ T9472] syscall_exit_to_user_mode+0x27b/0x2a0 [ 313.666645][ T9472] do_syscall_64+0xda/0x250 [ 313.668770][ T9472] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.671466][ T9472] RIP: 0033:0x7f75ce1779f9 [ 313.673553][ T9472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 313.682949][ T9472] RSP: 002b:00007fff389997e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 313.686810][ T9472] RAX: 0000000000000000 RBX: 000000000004c616 RCX: 00007f75ce1779f9 [ 313.690341][ T9472] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 313.693866][ T9472] RBP: 00007fff389998c0 R08: 0000000000000001 R09: 00007fff38999acf [ 313.697536][ T9472] R10: 00007f75ce000000 R11: 0000000000000246 R12: 0000000000000032 [ 313.701136][ T9472] R13: 00007fff389998e0 R14: 00007fff38999900 R15: ffffffffffffffff [ 313.704892][ T9472] [ 313.706333][ T9472] Modules linked in: [ 313.713437][ T9472] ---[ end trace 0000000000000000 ]--- [ 313.716204][ T9472] RIP: 0010:__jump_label_patch+0x378/0x400 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 313.718728][ T9472] Code: 48 c7 c3 60 40 24 93 e8 c6 7c 59 00 45 89 e1 49 89 d8 4c 89 f1 41 55 4c 89 f2 4c 89 f6 48 c7 c7 20 38 46 8b e8 f9 ef 39 00 90 <0f> 0b e8 a1 7c 59 00 90 0f 0b e8 99 7c 59 00 90 0f 0b 48 c7 c7 30 [ 313.727842][ T9472] RSP: 0000:ffffc90003ae7c38 EFLAGS: 00010286 [ 313.730655][ T9472] RAX: 0000000000000096 RBX: ffffffff8b466ea1 RCX: ffffffff816b0039 [ 313.734977][ T9472] RDX: 0000000000000000 RSI: ffffffff816b9416 RDI: 0000000000000005 [ 313.739084][ T9472] RBP: ffffc90003ae7c80 R08: 0000000000000005 R09: 0000000000000000 [ 313.742690][ T9472] R10: 0000000080000000 R11: 0000000000000000 R12: 0000000000000002 [ 313.746974][ T9472] R13: 0000000000000001 R14: ffffffff815967ed R15: 0000000000000085 [ 313.750506][ T9472] FS: 000055556979c500(0000) GS:ffff88806b100000(0000) knlGS:0000000000000000 [ 313.755057][ T9472] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 313.758289][ T9472] CR2: 00007ffda0b2bb78 CR3: 000000001c398000 CR4: 0000000000352ef0 [ 313.761942][ T9472] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 313.765710][ T9472] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 313.769354][ T9472] Kernel panic - not syncing: Fatal exception [ 313.773297][ T9472] Kernel Offset: disabled [ 313.775224][ T9472] Rebooting in 86400 seconds.. VM DIAGNOSIS: 12:19:44 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000002 RBX=ffffc90003a46cc0 RCX=ffffffff813cf0d7 RDX=ffff888048d30000 RSI=ffffc90003a47000 RDI=0000000000000006 RBP=ffffc90003a47158 RSP=ffffc90003a46c38 R8 =0000000000000006 R9 =ffffc90003a47000 R10=ffffc90003a47158 R11=dffffc0000000000 R12=ffffc90003a40000 R13=ffffc90003a48000 R14=ffffc90003a47160 R15=ffffc90003a47000 RIP=ffffffff818a7b30 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f7116cc56c0 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000207c7000 CR3=00000000499e6000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000100001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffedac30620 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7115fe66e4 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7115fe66f1 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7115fe66eb ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7115fe66ff ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7115fe6785 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f7115fe6863 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000000004e RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff84fe2865 RDI=ffffffff9519d720 RBP=ffffffff9519d6e0 RSP=ffffc90003ae7610 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6e69203a73706f4f R12=0000000000000000 R13=000000000000004e R14=ffffffff84fe2800 R15=0000000000000000 RIP=ffffffff84fe288f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 000055556979c500 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b321ffff8 CR3=000000001c398000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff81fe5d82 ffffffff82080d3a ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff82080d3a ffffffff81fe5d82 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff81fe5d82 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe3bade66e4 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe3bade66f1 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe3bade66eb ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe3bade66ff ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe3bade6785 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fe3bade6863 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff82006ca2 ffffffff82002dc1 ffffffff82002d41 ffffffff82002d0e ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff82006d97 ffffffff82006ca2 ffffffff00040008 0000000f0010000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff82002d0e ffffffff82002cf1 ffffffff82002b66 ffffffff82002b35 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=00000000004bcee4 RBX=0000000000000002 RCX=ffffffff8b11c619 RDX=ffffed100d646fda RSI=ffffffff8bb08480 RDI=ffffffff816260ac RBP=ffffed10030d3000 RSP=ffffc90000197e08 R8 =0000000000000000 R9 =ffffed100d646fd9 R10=ffff88806b237ecb R11=ffff8880298b8800 R12=0000000000000002 R13=ffff888018698000 R14=ffffffff9012ba58 R15=0000000000000000 RIP=ffffffff8b11da0f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b31fe5ff8 CR3=0000000047608000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8100a0d8 ffffffff8100a0af ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8100a0af ffffffff8100a0d8 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff8100a0d8 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a25e66e4 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a25e66f1 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a25e66eb ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a25e66ff ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a25e6785 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f24a25e6863 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff81fc9b43 ffffffff81fc9b28 ffffffff81fc9b13 ffffffff81fc9a0a ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff81fc9b52 ffffffff81fc9b4b ffffffff00040008 000c00130014000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff81fc9b13 ffffffff81fc9a0a ffffffff81fc8d04 ffffffff81fc8ce5 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ec7fc46f396a8d21 d3dd6f7ece338589 7bc890440822eaf0 2efe27fbc315188f ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4681d96d14d8d562 152fb4c92f2f1cee 99be679de862ffbe e5ff6b52d9c2254c ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 e7f7b60f31c994e8 80effc20ab22dda2 df34b82a0fdb8c02 e244e2daf58b3235 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 db40d8088501a619 e4b69202000228e2 acf899793aa7f38f 4942fd6028135853 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d00a1e8d2f65c21f 0c9f07d589e56f7e 4e9aac9c267671e4 078501b32af8cee5 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=00000000001b9c94 RBX=0000000000000003 RCX=ffffffff8b11c619 RDX=ffffed100d666fda RSI=ffffffff8bb08480 RDI=ffffffff816260ac RBP=ffffed10030d3488 RSP=ffffc900001a7e08 R8 =0000000000000000 R9 =ffffed100d666fd9 R10=ffff88806b337ecb R11=ffff8880298bb000 R12=0000000000000003 R13=ffff88801869a440 R14=ffffffff9012ba58 R15=0000000000000000 RIP=ffffffff8b11da0f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020460000 CR3=000000001ddd4000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000100001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fff38999a10 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75ce1e66e4 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75ce1e66f1 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75ce1e66eb ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75ce1e66ff ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75ce1e6785 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f75ce1e6863 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000