last executing test programs: 3.736758997s ago: executing program 3 (id=766): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) close(0xffffffffffffffff) syz_open_dev$ptys(0xc, 0x3, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e23}, 0x1c) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) mount(0x0, &(0x7f0000c7f000)='./file0\x00', &(0x7f0000df9000)='nfs4\x00', 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@ipmr_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0x80, 0x20, 0x0, 0x0, 0x0, 0x5, 0x0, 0x5}}, 0x1c}}, 0x40010) io_uring_setup(0x19e8, &(0x7f0000000240)={0x0, 0xd394, 0x2}) 3.565680667s ago: executing program 3 (id=770): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) syz_open_dev$ptys(0xc, 0x3, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e23}, 0x1c) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) mount(0x0, &(0x7f0000c7f000)='./file0\x00', &(0x7f0000df9000)='nfs4\x00', 0x0, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@ipmr_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0x80, 0x20, 0x0, 0x0, 0x0, 0x5, 0x0, 0x5}}, 0x1c}}, 0x40010) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) sync() prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) io_uring_setup(0x19e8, &(0x7f0000000240)={0x0, 0xd394, 0x2}) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='task\x00') fchdir(r4) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r5 = inotify_init1(0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/4\x00') ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r6, 0x40286608, &(0x7f0000000180)={@id={0x400fb, 0x0, @b}}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) 3.394371704s ago: executing program 3 (id=771): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b0000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000340)='ufshcd_uic_command\x00', r0}, 0x18) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x132, &(0x7f0000000900)=ANY=[@ANYBLOB], 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000140)={0x0, r3}, 0x8) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x4, &(0x7f0000000240)=@framed={{}, [@generic={0x1, 0xa, 0x0, 0x2, 0xc00}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r4}, 0x10) r5 = dup(r3) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, 0x0}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"]) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x5, 0x0, @dev, @private=0xa010100}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.975634347s ago: executing program 3 (id=775): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f00000004c0)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) sched_getaffinity(0xffffffffffffffff, 0x8, &(0x7f0000000400)) 2.906423862s ago: executing program 0 (id=777): openat$fb0(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x5, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x27, &(0x7f0000000640)=ANY=[@ANYBLOB="180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018580000080000000000000000000000185600000a000000000000000000000018220000", @ANYRES32=r0, @ANYBLOB="000000000300000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000018450000fdffffff000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000cffe100b700000000000000184a0000020000000000000000000000186b0000fa0fdab41ed7ce35cddde229a605f0dd7ce6552d6efb92694aa4d6165cc29df2a2856d42180a2ed7470640bff9f6a6a8d3adc5699e0f6ee5513f6acbaf1da2aa3629b79a9de445ca8fa7c0adae70d03904aacd6913603200e7be7f6782e62d01c93f3c957583fa168fb9b26ef7ada15d9ceb7546612b06ac9c967f7140b40477a5f2cbf5e77a449759c1f1dd7e0c2582177d5da65cc810117a364ac399d8b885a188e175c4473258f9ba62300a1428dfed2574af17fb4eecae8b0023c192e495e97e8200", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000018170000", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x0}) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_inet6_SIOCSIFADDR(r5, 0x8916, &(0x7f0000000100)={@local, 0x0, r4}) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCADDRT(r6, 0x890b, &(0x7f0000000140)={@mcast2, @mcast1, @private2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0022}) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000540)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r4}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00'}) socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$nl_route(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@mpls_getnetconf={0x2c, 0x52, 0x10, 0x70bd28, 0x25dfdbfb, {}, [@IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x7}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x3fb}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0x8}]}, 0x2c}}, 0x0) syz_emit_ethernet(0x39, &(0x7f00000004c0)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @multicast, @val={@void, {0x8100, 0x1, 0x1, 0x2}}, {@mpls_mc={0x8848, {[{0x6cb, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x800}, {0x6}], @generic="f77d0c3c3e7fe65ef1edad7f3693ef9f87ced5a4998641"}}}}, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x65, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r7, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r8 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000500)='./binderfs2/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r8, 0x4018620d, &(0x7f0000000100)) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r10 = dup3(r9, r8, 0x0) r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r11, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r11, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f00000001c0)={0x1c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder, @flat=@weak_binder}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000440)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0xfeffffffffffff, &(0x7f0000000600)=','}) 2.906219495s ago: executing program 3 (id=778): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) close(0xffffffffffffffff) syz_open_dev$ptys(0xc, 0x3, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e23}, 0x1c) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) mount(0x0, &(0x7f0000c7f000)='./file0\x00', &(0x7f0000df9000)='nfs4\x00', 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@ipmr_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0x80, 0x20, 0x0, 0x0, 0x0, 0x5, 0x0, 0x5}}, 0x1c}}, 0x40010) io_uring_setup(0x19e8, &(0x7f0000000240)={0x0, 0xd394, 0x2}) 2.905639611s ago: executing program 0 (id=779): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) syz_open_dev$ptys(0xc, 0x3, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e23}, 0x1c) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) mount(0x0, &(0x7f0000c7f000)='./file0\x00', &(0x7f0000df9000)='nfs4\x00', 0x0, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@ipmr_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0x80, 0x20, 0x0, 0x0, 0x0, 0x5, 0x0, 0x5}}, 0x1c}}, 0x40010) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) sync() prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) io_uring_setup(0x19e8, &(0x7f0000000240)={0x0, 0xd394, 0x2}) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='task\x00') fchdir(r4) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r5 = inotify_init1(0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) r6 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/4\x00') ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r6, 0x40286608, &(0x7f0000000180)={@id={0x400fb, 0x0, @b}}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) 2.75564543s ago: executing program 3 (id=781): syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r0, &(0x7f0000000140)='0', 0x1) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="84010000100013070000000000000000ffffffff000000000000000000000000fe8000000000000000000000000000bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe800000000000000000003f000000aa0000000033000000fe80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000004c001400636d61632861657329000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000480003006c7a7300"/316], 0x184}, 0x1, 0x0, 0x0, 0x4000040}, 0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000021000000000000000000000085"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r3 = fsopen(&(0x7f0000000000)='proc\x00', 0x0) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x4, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="0000000004000000b705000008000000850000006a00000095", @ANYRESHEX], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x90) sysfs$1(0x3, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @empty}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f7, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000540)={'gre0\x00', r7, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14}}}}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffcf5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fsmount(r3, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='mmap_lock_acquire_returned\x00', r2}, 0x10) write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0x138) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660ed17a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857c059aaf5c1adb36b7346f56349e4216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e2c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc407ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c495460400a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b7301000000010000006834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000000000000000000000000000000000000000000058204068fff0cfae0a3c743b192d482477f117fbb3ee2895eda7fb197080a2aed037dec64d69e54dc57271cd425a1218f214dbd72f8d659386b2e281a72c64738a7910c264c83383654c8a42fb2d7b427abde8647a34515ae1df52c73eda5e05b20e9754c3efd7320e8d8dbb7a5cee34ec93d7dd323a1ecee0ecb1dae9b3eac270d674fca39e79f40b8da3379369a41f0283dfb6f2b2127705f02dbaf231eadcea7b838c3d9754216c9c1ff9a1450c888d0aa230e15c74622974dc6cd1412244f8b8df98b9cca9fdd146e978b89e9f98552c2147812181a02ac1ac76867b"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=ANY=[@ANYBLOB="14000000150003031f0000000000000001000000"], 0x14}, 0x1, 0x0, 0x0, 0x8080}, 0x0) syz_usb_connect(0x1, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a86200000904000002ca744d07090503020000ff99090805848f"], &(0x7f00000007c0)={0x1a, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r9 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) writev(r9, &(0x7f0000000540)=[{0x0}, {&(0x7f00000006c0)='{', 0x1}], 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f00000000c0)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_open_dev$ptys(0xc, 0x3, 0x0) 2.66149999s ago: executing program 0 (id=782): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b7020000910c0000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d640500000000006504040001000101040400000d000000b7030000010000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb4500639100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd015c7bd3f15aa6aadbeab2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f1c6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d817b324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e26032176066599783568628f0309c3a01716d3706e1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca78a00000000000000"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000100), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x14) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map, 0xffffffffffffffff, 0x13, 0x0, 0x0, @void, @value}, 0x20) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000002880)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x40, 0x0, 0x2, 0x6, 0x0, @empty, @empty, {[@rr={0x7, 0x23, 0xe2}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10}}}}}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x3, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x2}, 0x3c) setsockopt$MRT_ADD_MFC(r2, 0x0, 0xcc, &(0x7f0000000280)={@multicast2, @multicast1, 0x0, "7ea97ddb2ac127ffa5b7216fe75ebaa2855a422a8bf8ec7caf003751804500"}, 0x3c) prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000fff000/0x1000)=nil) setsockopt$MRT_ADD_MFC(r2, 0x0, 0xcc, &(0x7f0000000200)={@empty, @private, 0x0, "606b177019716ea6ac38f5bd6e0630e369c7b35d21ff1f4d7ed79c31e2b0f1da"}, 0x3c) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r3, 0x0, 0xcc, &(0x7f0000000180)={@private, @multicast2, 0x0, "941621a61c5815f4678d8fd4a8e14b0447113c694d1fd55708018620fd419884"}, 0x3c) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(0xffffffffffffffff, 0x40405515, &(0x7f0000000180)=ANY=[]) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0xb05, 0x18c6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x4, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r4, 0x0, 0x0) 2.361666714s ago: executing program 2 (id=787): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f00000004c0)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) sched_getaffinity(0xffffffffffffffff, 0x0, 0x0) 2.285493897s ago: executing program 2 (id=788): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, 0x0, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000fe05000000000000000000009500"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_switch\x00', r4, 0x0, 0x3}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) r8 = gettid() fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r9 = fsmount(r7, 0x0, 0x0) tkill(r8, 0xb) write$vga_arbiter(0xffffffffffffffff, 0x0, 0xc) close_range(r6, r9, 0x0) symlink(&(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='./file0\x00') open$dir(&(0x7f0000000040)='./file0\x00', 0x80080, 0x4) 1.443191314s ago: executing program 2 (id=793): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x2, 0x250, [0x0, 0x20000100, 0x20000130, 0x20000280, 0xfffffffffffffffe, 0xffffffffffffffff], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000000000000000000000000100000000000000000000000000000002000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0100000003000000000000000000697036677265300000000000000000007465616d30000000000000000000000076657468305f746f5f626f6e6400000076657468305f746f5f626f6e64000000aaaaaaaaaa0000000000000024ffffffffff0000000000000000f0000000f0000000200100006c696d697400000000000000000000000000000000000000000000000000000020000000000000000000f4bd5979a5172e0700000000000000000000000000000000000000000000636c757374657200006db693c555d12b0101000000000000000000000000000010000000000000000000000000000000000000000000000041554449540000000000000000000000000000000000000000000000000000000800000000000000004493000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0100000011000000000000000000766c616e3000000000000000000000006c6f0000000000000000000000000000726f736530000000000000000000000062726964676530000000000000000000ffffffffffff000000000000aaaaaaaaaa0000000000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000000000000800"/592]}, 0x2c8) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000005c0)='syz_tun\x00', 0x10) sendto$inet(r1, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000800)={'bridge0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@bridge_newvlan={0x24, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r5}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_INFO={0x8, 0x1, {0xde}}}]}, 0x24}}, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x3f, 0x0, 0x0) unshare(0x20020000) open_tree(0xffffffffffffff9c, &(0x7f0000000500)='./file1\x00', 0x89901) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) renameat(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, &(0x7f0000000140)='./file1\x00') r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r8, 0x0) preadv(r8, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1b8, 0x0, 0x3) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) 1.04294918s ago: executing program 0 (id=794): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) (async) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901) move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) (async, rerun: 32) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000100)) (async, rerun: 32) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) (async, rerun: 32) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) (rerun: 32) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) (async) r2 = syz_open_dev$vbi(&(0x7f0000000280), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r2, 0xc0945662, &(0x7f00000005c0)={0x4, 0x0, '\x00', {0x0, @bt={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}}) socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 64) r3 = socket$kcm(0x10, 0x3, 0x10) (rerun: 64) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xfffffffffffffed2, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b03d25a806c8c6f94f90624fc601000127a0a000600093582c137153e37080c188001ac0f000300", 0x33fe0}], 0x1}, 0x0) (async, rerun: 32) r4 = socket$kcm(0x10, 0x3, 0x10) (rerun: 32) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b05d25a806c8c6f94f90424fc601000127a0a000600073582c137153e37080c188001ac0f000300", 0x33fe0}], 0x1, 0x0, 0x0, 0x8100000}, 0x0) recvmsg$kcm(r3, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=""/25, 0x19}, 0xfffffffa}], 0x1, 0x40002000, 0x0) (async, rerun: 64) syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="ffffffffffff0180c200007800000000000000004404c60000004e2000109078020000000000000000000000000000000000f7ff0000cd88d9fa48900a0a6c3656a61235a0937e564849e8e14c693087074e7508b5be5b4911eb"], 0x0) (async, rerun: 64) syz_emit_ethernet(0x2e, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000dc2b0900000800450000140000000000119078000000000000000000000000000c907801000000"], 0x0) setpriority(0x2, 0x0, 0x0) mount_setattr(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000080)={0x0, 0x0, 0x100000}, 0x20) (async) r5 = open_tree(0xffffffffffffff9c, 0x0, 0x89901) move_mount(r5, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async) r6 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x89901) move_mount(r6, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x220) 686.182755ms ago: executing program 1 (id=796): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x4, @broadcast, 'wlan1\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000003280)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000940)='!', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000003200)=[{&(0x7f0000002f80)="ccf812e2fe", 0x5}], 0x1}}], 0x2, 0x0) 685.840228ms ago: executing program 1 (id=797): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x3, &(0x7f00000004c0)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) sched_getaffinity(0xffffffffffffffff, 0x0, 0x0) 605.667217ms ago: executing program 1 (id=798): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSCTTY(r0, 0x540e, 0x80) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xe) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000180)={{0x1, 0x1, 0x18}, '\x00'}) r1 = open(&(0x7f0000000080)='./file0\x00', 0x408180, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)={@map, 0xffffffffffffffff, 0x7, 0x0, 0x0, @void, @value}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') io_setup(0xbf5, &(0x7f0000000600)) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0x0, 0x0) mknodat(r1, &(0x7f0000000000)='./file3\x00', 0x0, 0x200) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x16b601, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000580)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x389c41, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40800000000000073113100000000008510000002000000b7000000000000009500c200000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x2, 0x1, 0x4, 0x73, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0)) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r3}, 0xfffffffffffffda7) ioctl$SIOCSIFHWADDR(r2, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) 424.969154ms ago: executing program 2 (id=799): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) syz_open_dev$ptys(0xc, 0x3, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e23}, 0x1c) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) mount(0x0, &(0x7f0000c7f000)='./file0\x00', &(0x7f0000df9000)='nfs4\x00', 0x0, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@ipmr_newroute={0x1c, 0x18, 0x1, 0x0, 0x0, {0x80, 0x20, 0x0, 0x0, 0x0, 0x5, 0x0, 0x5}}, 0x1c}}, 0x40010) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57) setsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc) sync() prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) io_uring_setup(0x19e8, &(0x7f0000000240)={0x0, 0xd394, 0x2}) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='task\x00') fchdir(r4) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r5 = inotify_init1(0x0) fcntl$getownex(r5, 0x10, &(0x7f0000000140)={0x0, 0x0}) r7 = syz_open_procfs(r6, &(0x7f0000000040)='fd/4\x00') ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r7, 0x40286608, &(0x7f0000000180)={@id={0x400fb, 0x0, @b}}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) 424.513693ms ago: executing program 1 (id=800): openat$vmci(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) syz_open_procfs(0x0, &(0x7f00000020c0)='net/wireless\x00') r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f1, 0x0) r4 = socket$pptp(0x18, 0x1, 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x0, @loopback}], 0x1c) listen(r5, 0xfffffffc) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r7 = open(&(0x7f00000005c0)='./bus\x00', 0x145842, 0x0) pwritev2(r7, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0, 0xb) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000240)=[@in6={0xa, 0x4e20, 0x0, @loopback}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0x1e, 0x0, &(0x7f00000061c0)) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r8, 0x0) ioctl$KVM_SET_PIT(r2, 0x4048aec9, &(0x7f0000000180)={[{0x3, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}], 0x1}) 186.477635ms ago: executing program 2 (id=801): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSCTTY(r0, 0x540e, 0x80) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xe) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000180)={{0x1, 0x1, 0x18}, '\x00'}) r1 = open(&(0x7f0000000080)='./file0\x00', 0x408180, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)={@map, 0xffffffffffffffff, 0x7, 0x0, 0x0, @void, @value}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') io_setup(0xbf5, &(0x7f0000000600)) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0x0, 0x0) mknodat(r1, &(0x7f0000000000)='./file3\x00', 0x0, 0x200) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000580)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x389c41, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40800000000000073113100000000008510000002000000b7000000000000009500c200000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x2, 0x1, 0x4, 0x73, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0)) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r3}, 0xfffffffffffffda7) ioctl$SIOCSIFHWADDR(r2, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) 116.517238ms ago: executing program 1 (id=802): r0 = syz_io_uring_setup(0x75d5, &(0x7f0000000080)={0x0, 0xfffffffd, 0x0, 0x4}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) quotactl_fd$Q_SYNC(r0, 0xffffffff80000101, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) r3 = openat$tun(0xffffff9c, &(0x7f0000000000), 0x115502, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'netpci0\x00', 0x1000}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) 116.20378ms ago: executing program 1 (id=803): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$qrtr(0x2a, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="2000000012008f35"], 0x20}, 0x1, 0x0, 0x0, 0x4081}, 0x4040800) recvmmsg(r0, &(0x7f0000005840), 0x0, 0x2000, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) r1 = openat$vcsa(0xffffffffffffff9c, 0x0, 0x842, 0x0) writev(r1, 0x0, 0x0) io_uring_setup(0x1de0, &(0x7f0000000440)) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) preadv(r3, &(0x7f0000000100), 0x0, 0x0, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x0, 0xfff3}}}, 0x24}}, 0x0) 115.963183ms ago: executing program 0 (id=804): creat(&(0x7f0000000100)='./file0\x00', 0x0) mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x801080, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, "7f12ddc1517600000000000000000000eaff00"}) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r0 = syz_open_pts(0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r0, 0x0) mount(0x0, &(0x7f0000001080)='./file0\x00', 0x0, 0x22140b1, 0x0) mount$cgroup2(0x0, 0x0, 0x0, 0x810007, 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f00000004c0)="b4bd341bda39df5b73e5216a512495f0aacf10118714ac219ff8cd3e96f539b39dfd7b1dd4d401cbc0faf2af22402b63540d8bd0eb80969b763b4cb24d9caf33d9f699816662765bfb5ef7d4aa00de3736131006ab970aef154739e5c5c56997e87d69240f7871a35cb575a30a823dbc5a1fa66b84d51a7d69da8a2a0c94106e89a3c3865d82d2077ab719958e2dc8e1761e5d2cb2db6dad49f3c76b6a2be6f17a3bd47e8f0fc23c73c5bce4560a0a3b759b22062ef6755288497ed82570f3229d3223b5a9c821e6bc9ac67d9ecd9c01e23fa51c93e4ad990e2bd2e1ffcd89633c27f86bf3ab0216ecb79ed0df1ebd4b9a87a9624440a6ed47641fa0e2ceb47a42874cb9d470344853fbc64b1b98da02c5ba97759d2cc4870f8f23897de9a63fcae824a33983bead92d831c9144ebea92117a324be6d97f87becbe38295703c2924e624baaf09e07ce7c6fab801e211acdb0b73e01acaed8462f8cc4d61c608196cc70fc3c5bd98ae50f758cfb10d1b9e88528f032f0a163bc63f65052f76726bb1ef9eb2570fff42eddf3ce631498a4d1cff3488da8ac87165e2260a6eaaf7201", 0x1a1) r1 = timerfd_create(0x0, 0x80800) timerfd_settime(r1, 0x2, &(0x7f0000000040)={{0x0, 0x3938700}, {0x77359400}}, &(0x7f0000000080)) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000000)="eb07b3e6d23591d807bfdcd7b40b64f02b02573b789bfe83df3e4ef346ab5a898c2d4d242ad4", 0x26) 114.382087ms ago: executing program 0 (id=805): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x2000000, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = openat$cgroup_procs(r0, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000280), 0xb) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) (async) r6 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=@deltaction={0x14}, 0x14}}, 0x0) (async) getsockname$packet(r6, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000580)=ANY=[@ANYBLOB="4000000010003904000000000400000000000000", @ANYRES32=r7, @ANYRESOCT=r7, @ANYRES32], 0x40}}, 0x24000001) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=@bridge_newneigh={0x48, 0x1c, 0x8, 0x70bd27, 0x25dfdbfd, {0x7, 0x0, 0x0, r4, 0x2, 0x80, 0x2}, [@NDA_LINK_NETNSID={0x8, 0xa, 0xfffffffc}, @NDA_IFINDEX={0x8, 0x8, r7}, @NDA_DST_MAC={0xa, 0x1, @broadcast}, @NDA_VLAN={0x6, 0x5, 0x4}, @NDA_LINK_NETNSID={0x8, 0xa, 0xb}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async) capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000040)={0x200000, 0x200002}) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) r8 = getpid() sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x4) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) r11 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCETHTOOL(r11, 0x8946, &(0x7f0000000100)={'lo\x00', &(0x7f0000000000)=@ethtool_drvinfo={0x3, "3a9a0776000000a807000000000000000043e546e2a10623a160582b8e188537", "665859255eb415c5d7fc9358bde6aad0c732fc0da70b2c739d7ae7b27138321b", "cee02dfab7706502033b6659d60d02aacf7df23ae2e157ee2732fe2ecc4ff2db", "5e46bbbff12e9792e15d323a8b29c38d6d2eee75849677983d1590f423f83489", "bfbf225fe83b5d0f4862bd61b8ae16e312911fa3a6c9ccd5720e46868c2ed2a0", "04aa000000032d4d28f700"}}) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1000, 0x89, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000003c0)="0fbbf9f115dfff3b6c876778dae4466f729795f497ca500b1acc44b1884c76807f3ff1d187e11f78cb62f1551eb0b210228478fcfbb0333eae88d2eab133d5227da86dd11ab342e87987889166356cbb926f265f2d378ad9c48b2c215a7b2a7ccb8d844013df3bf64a070600231f345a27df594a0943ac25c65a538ef144546d7fec2736b190c1f7b2022892e36b43f6da478614a894650a0c3abc9d94991d445f07471f073a3d45d6d61bcaa4aa952e530b189e834c87a86eea9ee3e1b6a8d36b4b8ed7488d81aad52060bf867cb0b70826fe6c355446496b99023091dc929d56d38c76f448c5f67dbca3be56fc56d68e9e3bea5729fc9f0233651b82777e5a76274f90755b6656b7385e4483b080a0d6804d774e7b44b0235f7459ce18ba40af26e20300000000000000304324e46444eaa1e656d493768217b6f8406fdd9d40e5cd17e888ec86ff506571a337ba71d91256dd334e7dde376de98476b199f5674d67", 0x0, 0xd, r9, 0x0, 0x7}, 0x38) sendfile(r1, r1, 0x0, 0x401) 0s ago: executing program 2 (id=806): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x4, @broadcast, 'wlan1\x00'}}, 0x1e) sendmmsg(r0, &(0x7f0000003280)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000940)='!', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000003200)=[{&(0x7f0000002f80)="ccf812e2fe", 0x5}], 0x1}}], 0x2, 0x0) 0s ago: executing program 1 (id=808): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSCTTY(r0, 0x540e, 0x80) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xe) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000180)={{0x1, 0x1, 0x18}, '\x00'}) r1 = open(&(0x7f0000000080)='./file0\x00', 0x408180, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)={@map, 0xffffffffffffffff, 0x7, 0x0, 0x0, @void, @value}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') io_setup(0xbf5, &(0x7f0000000600)) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0x0, 0x0) mknodat(r1, &(0x7f0000000000)='./file3\x00', 0x0, 0x200) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x16b601, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000580)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x389c41, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40800000000000073113100000000008510000002000000b7000000000000009500c200000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x2, 0x1, 0x4, 0x73, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0)) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000000)={r3}, 0xfffffffffffffda7) ioctl$SIOCSIFHWADDR(r2, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'}) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) kernel console output (not intermixed with test programs): speed USB device number 3 using dummy_hcd [ 85.490880][ T5376] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 85.493737][ T5376] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.496101][ T5376] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.498955][ T5376] usb 5-1: config 0 interface 0 has no altsetting 0 [ 85.502208][ T5376] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.504522][ T5376] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.507377][ T5376] usb 5-1: config 0 interface 0 has no altsetting 0 [ 85.511541][ T5376] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.513871][ T5376] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.516660][ T5376] usb 5-1: config 0 interface 0 has no altsetting 0 [ 85.519099][ T5376] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.521526][ T5376] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.524329][ T5376] usb 5-1: config 0 interface 0 has no altsetting 0 [ 85.526754][ T5376] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.529069][ T5376] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.538252][ T5376] usb 5-1: config 0 interface 0 has no altsetting 0 [ 85.541144][ T5376] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.543610][ T5376] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.546515][ T5376] usb 5-1: config 0 interface 0 has no altsetting 0 [ 85.549396][ T5376] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.551920][ T5376] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.554675][ T5376] usb 5-1: config 0 interface 0 has no altsetting 0 [ 85.557096][ T5376] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 85.559419][ T5376] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 85.562351][ T5376] usb 5-1: config 0 interface 0 has no altsetting 0 [ 85.565701][ T5376] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 85.568089][ T5376] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 85.570794][ T5376] usb 5-1: Product: syz [ 85.571997][ T5376] usb 5-1: Manufacturer: syz [ 85.573216][ T5376] usb 5-1: SerialNumber: syz [ 85.575929][ T5376] usb 5-1: config 0 descriptor?? [ 85.581238][ T5376] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 85.652041][ T39] audit: type=1400 audit(85.541:415): avc: denied { read write } for pid=6415 comm="syz.1.285" name="uhid" dev="devtmpfs" ino=1110 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 85.657924][ T39] audit: type=1400 audit(85.541:416): avc: denied { open } for pid=6415 comm="syz.1.285" path="/dev/uhid" dev="devtmpfs" ino=1110 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 85.857650][ T6420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 85.869917][ T6420] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 86.068495][ T6394] kexec: Could not allocate control_code_buffer [ 86.186640][ T6424] xt_TCPMSS: Only works on TCP SYN packets [ 86.197276][ T6424] rdma_op ffff88802967c9f0 conn xmit_rdma 0000000000000000 [ 86.202371][ T6424] netlink: 92 bytes leftover after parsing attributes in process `syz.2.287'. [ 86.215482][ T6424] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 86.722804][ T6418] dccp_close: ABORT with 32 bytes unread [ 86.929598][ T5349] Bluetooth: hci2: command tx timeout [ 86.999729][ T35] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 87.149542][ T35] usb 6-1: Using ep0 maxpacket: 8 [ 87.152663][ T35] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 87.155420][ T35] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 87.158730][ T35] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 87.161432][ T35] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 87.164848][ T35] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 87.167144][ T35] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.375889][ T35] usb 6-1: usb_control_msg returned -32 [ 87.391193][ T35] usbtmc 6-1:16.0: can't read capabilities [ 87.518208][ T39] audit: type=1400 audit(87.401:417): avc: denied { ioctl } for pid=6445 comm="syz.2.293" path="socket:[17227]" dev="sockfs" ino=17227 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 87.568061][ T6450] netlink: 'syz.2.294': attribute type 27 has an invalid length. [ 87.570842][ T6450] vlan0: left promiscuous mode [ 87.595823][ T6450] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.598138][ T6450] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.604423][ T6450] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 87.809969][ C0] usb 5-1: yurex_control_callback - control failed: -2 [ 87.821177][ T5397] usb 5-1: USB disconnect, device number 3 [ 87.832993][ T5397] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 88.036969][ T6465] mkiss: ax0: crc mode is auto. [ 88.040136][ T6464] tipc: Cannot configure node identity twice [ 88.372663][ T6468] netlink: 104 bytes leftover after parsing attributes in process `syz.0.300'. [ 88.483463][ T6469] netlink: 'syz.0.300': attribute type 26 has an invalid length. [ 88.487737][ T39] kauditd_printk_skb: 6 callbacks suppressed [ 88.487750][ T39] audit: type=1326 audit(88.371:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6467 comm="syz.0.300" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0423b7dff9 code=0x7fc00000 [ 88.501501][ T39] audit: type=1400 audit(88.391:425): avc: denied { read write } for pid=6467 comm="syz.0.300" path="socket:[16302]" dev="sockfs" ino=16302 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 88.508676][ T39] audit: type=1326 audit(88.391:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6467 comm="syz.0.300" exe="/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f0423b7dff9 code=0x7fc00000 [ 89.009730][ T5349] Bluetooth: hci2: command tx timeout [ 89.191337][ T39] audit: type=1326 audit(89.081:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6467 comm="syz.0.300" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0423b7dff9 code=0x7fc00000 [ 89.207405][ T39] audit: type=1326 audit(89.081:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6467 comm="syz.0.300" exe="/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f0423b7dff9 code=0x7fc00000 [ 89.219562][ T39] audit: type=1326 audit(89.081:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6467 comm="syz.0.300" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0423b7dff9 code=0x7fc00000 [ 89.227277][ T39] audit: type=1326 audit(89.081:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6467 comm="syz.0.300" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0423b7dff9 code=0x7fc00000 [ 89.296118][ T39] audit: type=1400 audit(89.181:431): avc: denied { bind } for pid=6473 comm="syz.0.302" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 89.302693][ T39] audit: type=1400 audit(89.181:432): avc: denied { write } for pid=6473 comm="syz.0.302" path="socket:[17672]" dev="sockfs" ino=17672 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 89.322509][ T39] audit: type=1400 audit(89.211:433): avc: denied { bind } for pid=6476 comm="syz.2.303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 89.348049][ T6474] netlink: 'syz.0.302': attribute type 1 has an invalid length. [ 89.351415][ T6474] netlink: 9116 bytes leftover after parsing attributes in process `syz.0.302'. [ 89.354674][ T6474] netlink: 'syz.0.302': attribute type 2 has an invalid length. [ 89.357357][ T6474] netlink: 185 bytes leftover after parsing attributes in process `syz.0.302'. [ 89.569312][ T6493] IPVS: Error joining to the multicast group [ 89.575414][ T6493] overlayfs: failed to resolve './file0': -2 [ 89.611874][ T6493] trusted_key: syz.0.307 sent an empty control message without MSG_MORE. [ 89.780220][ T982] usb 6-1: USB disconnect, device number 4 [ 90.119612][ T982] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 90.264647][ T6506] netlink: 4 bytes leftover after parsing attributes in process `syz.2.311'. [ 90.267467][ T6506] netlink: 'syz.2.311': attribute type 7 has an invalid length. [ 90.269436][ T6506] netlink: 'syz.2.311': attribute type 7 has an invalid length. [ 90.270136][ T982] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 90.276683][ T6506] vxlan0: entered promiscuous mode [ 90.277289][ T982] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 90.281500][ T982] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 90.285102][ T982] usb 6-1: config 0 interface 0 has no altsetting 0 [ 90.288399][ T982] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 90.290752][ T982] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 90.293348][ T982] usb 6-1: config 0 interface 0 has no altsetting 0 [ 90.296095][ T982] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 90.298326][ T982] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 90.301218][ T982] usb 6-1: config 0 interface 0 has no altsetting 0 [ 90.303889][ T982] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 90.306170][ T982] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 90.310240][ T982] usb 6-1: config 0 interface 0 has no altsetting 0 [ 90.312759][ T982] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 90.315541][ T982] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 90.318985][ T982] usb 6-1: config 0 interface 0 has no altsetting 0 [ 90.322533][ T982] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 90.325325][ T982] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 90.329020][ T982] usb 6-1: config 0 interface 0 has no altsetting 0 [ 90.332654][ T982] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 90.335596][ T982] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 90.339127][ T982] usb 6-1: config 0 interface 0 has no altsetting 0 [ 90.342351][ T982] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 90.344897][ T982] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 90.348263][ T982] usb 6-1: config 0 interface 0 has no altsetting 0 [ 90.352504][ T982] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 90.355258][ T982] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 90.357694][ T982] usb 6-1: Product: syz [ 90.358798][ T982] usb 6-1: Manufacturer: syz [ 90.360733][ T982] usb 6-1: SerialNumber: syz [ 90.364174][ T982] usb 6-1: config 0 descriptor?? [ 90.369065][ T982] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 90.634542][ T6509] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 90.641542][ T6509] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 91.115463][ T6512] warning: `syz.3.312' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 91.159717][ T6515] cgroup: subsys name conflicts with all [ 91.171785][ T6512] kvm: emulating exchange as write [ 91.218268][ T6516] dlm: plock device version mismatch: kernel (1.2.0), user (1.768.128) [ 91.765265][ T6499] kexec: Could not allocate control_code_buffer [ 92.610036][ C3] usb 6-1: yurex_control_callback - control failed: -2 [ 92.616713][ T982] usb 6-1: USB disconnect, device number 5 [ 92.627438][ T982] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 93.074297][ T6543] EXT4-fs warning (device sda1): verify_group_input:136: Cannot add at group 262395 (only 8 groups) [ 93.172614][ T6554] mac80211_hwsim hwsim5 wlan0: entered promiscuous mode [ 93.174771][ T6554] macsec1: entered allmulticast mode [ 93.176264][ T6554] mac80211_hwsim hwsim5 wlan0: entered allmulticast mode [ 93.181233][ T6554] mac80211_hwsim hwsim5 wlan0: left allmulticast mode [ 93.183114][ T6554] mac80211_hwsim hwsim5 wlan0: left promiscuous mode [ 94.766555][ T6547] kexec: Could not allocate control_code_buffer [ 94.797326][ T6594] ntfs3: nullb0: Primary boot signature is not NTFS. [ 94.799838][ T6594] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 95.054871][ T39] kauditd_printk_skb: 92 callbacks suppressed [ 95.054883][ T39] audit: type=1400 audit(94.941:526): avc: denied { write } for pid=6605 comm="syz.1.337" name="snmp" dev="proc" ino=4026533053 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 95.346172][ T6614] netlink: 14 bytes leftover after parsing attributes in process `syz.1.342'. [ 95.354356][ T6612] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 95.414510][ T6621] netlink: 24 bytes leftover after parsing attributes in process `syz.0.343'. [ 96.083808][ T39] audit: type=1400 audit(95.971:527): avc: denied { getopt } for pid=6641 comm="syz.1.350" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 97.034247][ T39] audit: type=1400 audit(96.911:528): avc: denied { block_suspend } for pid=6656 comm="syz.2.356" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 97.036683][ T6627] kexec: Could not allocate control_code_buffer [ 97.267675][ T39] audit: type=1400 audit(97.151:529): avc: denied { read } for pid=6669 comm="syz.0.360" laddr=fe80::13 lport=53597 faddr=fe80::bb scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 97.904568][ T6687] SELinux: policydb string length 65288 does not match expected length 8 [ 97.907143][ T6687] SELinux: failed to load policy [ 97.911864][ T39] audit: type=1400 audit(97.791:530): avc: denied { load_policy } for pid=6686 comm="syz.2.366" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 98.099418][ T6692] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 98.837241][ T39] audit: type=1400 audit(98.721:531): avc: denied { map } for pid=6706 comm="syz.2.372" path="pipe:[20231]" dev="pipefs" ino=20231 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 99.266178][ T6684] kexec: Could not allocate control_code_buffer [ 99.386021][ T6718] netlink: 92 bytes leftover after parsing attributes in process `syz.1.375'. [ 99.766443][ T39] audit: type=1400 audit(99.651:532): avc: denied { write } for pid=6726 comm="syz.2.377" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 99.787536][ T39] audit: type=1400 audit(99.671:533): avc: denied { shutdown } for pid=6722 comm="syz.3.378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 99.874998][ T39] audit: type=1400 audit(99.761:534): avc: denied { read } for pid=6726 comm="syz.2.377" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 99.913002][ T39] audit: type=1400 audit(99.801:535): avc: denied { nlmsg_read } for pid=6722 comm="syz.3.378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 100.611535][ T39] audit: type=1326 audit(100.501:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6740 comm="syz.1.382" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f120357dff9 code=0x0 [ 100.720472][ T6745] FAULT_INJECTION: forcing a failure. [ 100.720472][ T6745] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 100.725174][ T6745] CPU: 2 UID: 0 PID: 6745 Comm: syz.1.382 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 100.728852][ T6745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 100.732777][ T6745] Call Trace: [ 100.734009][ T6745] [ 100.735096][ T6745] dump_stack_lvl+0x16c/0x1f0 [ 100.736844][ T6745] should_fail_ex+0x497/0x5b0 [ 100.738160][ T6745] _copy_from_user+0x30/0xf0 [ 100.739379][ T6745] core_sys_select+0x2cf/0xb80 [ 100.740637][ T6745] ? __pfx_core_sys_select+0x10/0x10 [ 100.741943][ T6745] ? get_pid_task+0xfc/0x250 [ 100.743598][ T6745] ? set_user_sigmask+0x217/0x2a0 [ 100.745433][ T6745] ? __pfx_set_user_sigmask+0x10/0x10 [ 100.747388][ T6745] do_pselect.constprop.0+0x1a0/0x1f0 [ 100.749344][ T6745] ? __pfx_do_pselect.constprop.0+0x10/0x10 [ 100.751514][ T6745] __x64_sys_pselect6+0x183/0x240 [ 100.753108][ T6745] ? __pfx___x64_sys_pselect6+0x10/0x10 [ 100.754571][ T6745] do_syscall_64+0xcd/0x250 [ 100.755825][ T6745] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.757695][ T6745] RIP: 0033:0x7f120357dff9 [ 100.758822][ T6745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.765299][ T6745] RSP: 002b:00007f12043f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 100.768160][ T6745] RAX: ffffffffffffffda RBX: 00007f1203736058 RCX: 00007f120357dff9 [ 100.771028][ T6745] RDX: 0000000000000000 RSI: 0000000020000600 RDI: 0000000000000040 [ 100.773892][ T6745] RBP: 00007f12043f7090 R08: 0000000000000000 R09: 0000000000000000 [ 100.776695][ T6745] R10: 0000000020000680 R11: 0000000000000246 R12: 0000000000000001 [ 100.779527][ T6745] R13: 0000000000000000 R14: 00007f1203736058 R15: 00007ffff4264098 [ 100.782349][ T6745] [ 100.837453][ T39] audit: type=1400 audit(100.721:537): avc: denied { append } for pid=6740 comm="syz.1.382" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 101.289800][ T5376] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 101.567124][ T39] audit: type=1400 audit(101.451:538): avc: denied { getopt } for pid=6750 comm="syz.2.384" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 101.575422][ T5376] usb 5-1: config 0 has an invalid interface number: 248 but max is 0 [ 101.577893][ T5376] usb 5-1: config 0 has no interface number 0 [ 101.580091][ T5376] usb 5-1: config 0 interface 248 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 101.583685][ T5376] usb 5-1: New USB device found, idVendor=1b3d, idProduct=9316, bcdDevice= 4.3d [ 101.586704][ T5376] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.601397][ T5376] usb 5-1: config 0 descriptor?? [ 101.620051][ T5376] ftdi_sio 5-1:0.248: FTDI USB Serial Device converter detected [ 101.633821][ T5376] ftdi_sio ttyUSB0: unknown device type: 0x43d [ 101.703219][ T6765] mkiss: ax0: crc mode is auto. [ 101.732802][ T39] audit: type=1400 audit(101.621:539): avc: denied { mount } for pid=6766 comm="syz.1.389" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 101.779378][ T39] audit: type=1400 audit(101.661:540): avc: denied { unmount } for pid=5339 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 101.809790][ T57] usb 5-1: USB disconnect, device number 4 [ 101.812869][ T57] ftdi_sio 5-1:0.248: device disconnected [ 101.900592][ T39] audit: type=1400 audit(101.791:541): avc: denied { remount } for pid=6769 comm="syz.1.390" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 102.490938][ T39] audit: type=1400 audit(102.381:542): avc: denied { write } for pid=6781 comm="syz.0.393" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1 [ 102.499987][ T6782] FAULT_INJECTION: forcing a failure. [ 102.499987][ T6782] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 102.506320][ T6782] CPU: 3 UID: 0 PID: 6782 Comm: syz.0.393 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 102.510029][ T6782] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 102.513893][ T6782] Call Trace: [ 102.515064][ T6782] [ 102.516111][ T6782] dump_stack_lvl+0x16c/0x1f0 [ 102.517790][ T6782] should_fail_ex+0x497/0x5b0 [ 102.519471][ T6782] _copy_from_user+0x30/0xf0 [ 102.521179][ T6782] input_event_from_user+0x134/0x3b0 [ 102.523073][ T6782] ? __pfx_input_event_from_user+0x10/0x10 [ 102.525166][ T6782] ? __pfx___might_resched+0x10/0x10 [ 102.527223][ T6782] ? input_inject_event+0x193/0x370 [ 102.529141][ T6782] evdev_write+0x377/0x750 [ 102.530852][ T6782] ? __pfx_evdev_write+0x10/0x10 [ 102.532722][ T6782] ? bpf_lsm_file_permission+0x9/0x10 [ 102.534726][ T6782] ? security_file_permission+0x71/0x210 [ 102.536914][ T6782] ? __pfx_evdev_write+0x10/0x10 [ 102.538822][ T6782] vfs_write+0x28e/0x1140 [ 102.540459][ T6782] ? __fget_files+0x23a/0x3f0 [ 102.542222][ T6782] ? __pfx_lock_release+0x10/0x10 [ 102.544081][ T6782] ? trace_lock_acquire+0x14a/0x1d0 [ 102.546064][ T6782] ? __pfx_vfs_write+0x10/0x10 [ 102.547862][ T6782] ? lock_acquire+0x2f/0xb0 [ 102.549504][ T6782] ? __fget_files+0x40/0x3f0 [ 102.551199][ T6782] ? __fget_files+0x244/0x3f0 [ 102.553044][ T6782] ksys_write+0x1fa/0x260 [ 102.554705][ T6782] ? __pfx_ksys_write+0x10/0x10 [ 102.556533][ T6782] do_syscall_64+0xcd/0x250 [ 102.558255][ T6782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.560452][ T6782] RIP: 0033:0x7f0423b7dff9 [ 102.562163][ T6782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.568143][ T6782] RSP: 002b:00007f0424898038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 102.570351][ T6782] RAX: ffffffffffffffda RBX: 00007f0423d35f80 RCX: 00007f0423b7dff9 [ 102.572441][ T6782] RDX: 0000000000002778 RSI: 0000000020000040 RDI: 000000000000000a [ 102.574539][ T6782] RBP: 00007f0424898090 R08: 0000000000000000 R09: 0000000000000000 [ 102.576605][ T6782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 102.578611][ T6782] R13: 0000000000000000 R14: 00007f0423d35f80 R15: 00007fffd9885c38 [ 102.580909][ T6782] [ 102.702967][ T6804] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 102.860850][ T39] audit: type=1400 audit(102.751:543): avc: denied { getopt } for pid=6803 comm="syz.0.402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 103.398311][ T6816] netlink: 20 bytes leftover after parsing attributes in process `syz.1.404'. [ 103.400732][ T6816] netlink: 68 bytes leftover after parsing attributes in process `syz.1.404'. [ 103.583093][ T39] audit: type=1400 audit(103.471:544): avc: denied { write } for pid=6819 comm="syz.3.407" name="mouse0" dev="devtmpfs" ino=868 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 103.750593][ T39] audit: type=1400 audit(103.631:545): avc: denied { mount } for pid=6827 comm="syz.2.408" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 104.071335][ T6831] misc userio: Invalid payload size [ 104.073512][ T6831] misc userio: Invalid payload size [ 104.134626][ T6834] netlink: 52 bytes leftover after parsing attributes in process `syz.2.410'. [ 104.611306][ T5349] Bluetooth: Unexpected continuation frame (len 24) [ 104.612302][ T6842] netlink: 56 bytes leftover after parsing attributes in process `syz.1.413'. [ 104.619711][ T6842] netlink: 12 bytes leftover after parsing attributes in process `syz.1.413'. [ 104.622457][ T6842] netlink: 43 bytes leftover after parsing attributes in process `syz.1.413'. [ 104.624743][ T6842] netlink: 'syz.1.413': attribute type 2 has an invalid length. [ 104.626910][ T6842] netlink: 43 bytes leftover after parsing attributes in process `syz.1.413'. [ 104.908262][ T45] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.982234][ T45] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.058216][ T45] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.118763][ T5348] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 105.122410][ T5348] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 105.126627][ T5348] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 105.130406][ T5348] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 105.143214][ T5348] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 105.145432][ T5348] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 105.151906][ T45] netdevsim netdevsim0  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.272505][ T45] bridge_slave_1: left allmulticast mode [ 105.274045][ T45] bridge_slave_1: left promiscuous mode [ 105.277257][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.289959][ T45] bridge_slave_0: left allmulticast mode [ 105.291492][ T45] bridge_slave_0: left promiscuous mode [ 105.293023][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.653534][ T6866] FAULT_INJECTION: forcing a failure. [ 105.653534][ T6866] name failslab, interval 1, probability 0, space 0, times 1 [ 105.669562][ T6866] CPU: 1 UID: 0 PID: 6866 Comm: syz.3.423 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 105.669591][ T6866] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 105.669598][ T6866] Call Trace: [ 105.669603][ T6866] [ 105.669608][ T6866] dump_stack_lvl+0x16c/0x1f0 [ 105.669627][ T6866] should_fail_ex+0x497/0x5b0 [ 105.669642][ T6866] ? fs_reclaim_acquire+0xae/0x160 [ 105.669654][ T6866] should_failslab+0xc2/0x120 [ 105.669667][ T6866] __kmalloc_noprof+0xcb/0x400 [ 105.669678][ T6866] ? d_absolute_path+0x137/0x1b0 [ 105.669691][ T6866] tomoyo_encode2+0x100/0x3e0 [ 105.669703][ T6866] tomoyo_encode+0x29/0x50 [ 105.669712][ T6866] tomoyo_realpath_from_path+0x19d/0x720 [ 105.669725][ T6866] tomoyo_path_number_perm+0x245/0x590 [ 105.669738][ T6866] ? tomoyo_path_number_perm+0x232/0x590 [ 105.669752][ T6866] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 105.669776][ T6866] ? trace_lock_acquire+0x14a/0x1d0 [ 105.669792][ T6866] ? lock_acquire+0x2f/0xb0 [ 105.669801][ T6866] ? __fget_files+0x40/0x3f0 [ 105.669817][ T6866] ? __fget_files+0x244/0x3f0 [ 105.669832][ T6866] security_file_ioctl+0x9b/0x240 [ 105.669848][ T6866] __x64_sys_ioctl+0xbb/0x220 [ 105.669862][ T6866] do_syscall_64+0xcd/0x250 [ 105.669876][ T6866] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 105.669889][ T6866] RIP: 0033:0x7fd417d7dff9 [ 105.669898][ T6866] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.669908][ T6866] RSP: 002b:00007fd418b5a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 105.669919][ T6866] RAX: ffffffffffffffda RBX: 00007fd417f35f80 RCX: 00007fd417d7dff9 [ 105.669926][ T6866] RDX: 0000000020000000 RSI: 000000000000541c RDI: 0000000000000009 [ 105.669932][ T6866] RBP: 00007fd418b5a090 R08: 0000000000000000 R09: 0000000000000000 [ 105.669938][ T6866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 105.669944][ T6866] R13: 0000000000000000 R14: 00007fd417f35f80 R15: 00007fff1312b988 [ 105.669957][ T6866] [ 105.669977][ T6866] ERROR: Out of memory at tomoyo_realpath_from_path. [ 105.849525][ T57] kernel write not supported for file /input/event0 (pid: 57 comm: kworker/1:1) [ 105.870193][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 105.882964][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 105.886862][ T45] bond0 (unregistering): Released all slaves [ 105.894701][ T6877] netlink: set zone limit has 4 unknown bytes [ 105.995858][ T6853] chnl_net:caif_netlink_parms(): no params data found [ 106.030221][ T39] kauditd_printk_skb: 7 callbacks suppressed [ 106.030236][ T39] audit: type=1400 audit(105.921:553): avc: denied { listen } for pid=6869 comm="syz.3.424" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 106.109274][ T6892] FAULT_INJECTION: forcing a failure. [ 106.109274][ T6892] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 106.115152][ T6892] CPU: 2 UID: 0 PID: 6892 Comm: syz.1.429 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 106.118956][ T6892] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 106.122742][ T6892] Call Trace: [ 106.123976][ T6892] [ 106.125044][ T6892] dump_stack_lvl+0x16c/0x1f0 [ 106.126778][ T6892] should_fail_ex+0x497/0x5b0 [ 106.128528][ T6892] _copy_from_user+0x30/0xf0 [ 106.130234][ T6892] copy_msghdr_from_user+0x99/0x160 [ 106.132158][ T6892] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 106.134306][ T6892] ? __pfx___lock_acquire+0x10/0x10 [ 106.136206][ T6892] ___sys_sendmsg+0xff/0x1e0 [ 106.137929][ T6892] ? __pfx____sys_sendmsg+0x10/0x10 [ 106.139946][ T6892] ? lock_acquire+0x2f/0xb0 [ 106.141788][ T6892] ? __fget_files+0x40/0x3f0 [ 106.143600][ T6892] ? fdget+0x176/0x210 [ 106.145130][ T6892] __sys_sendmsg+0x117/0x1f0 [ 106.146860][ T6892] ? __pfx___sys_sendmsg+0x10/0x10 [ 106.148755][ T6892] ? __fget_files+0x244/0x3f0 [ 106.150531][ T6892] do_syscall_64+0xcd/0x250 [ 106.152216][ T6892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 106.154422][ T6892] RIP: 0033:0x7f120357dff9 [ 106.156064][ T6892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 106.163025][ T6892] RSP: 002b:00007f1204418038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 106.165440][ T6892] RAX: ffffffffffffffda RBX: 00007f1203735f80 RCX: 00007f120357dff9 [ 106.167487][ T6892] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004 [ 106.169559][ T6892] RBP: 00007f1204418090 R08: 0000000000000000 R09: 0000000000000000 [ 106.171638][ T6892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 106.174444][ T6892] R13: 0000000000000000 R14: 00007f1203735f80 R15: 00007ffff4264098 [ 106.177200][ T6892] [ 106.193919][ T39] audit: type=1400 audit(106.081:554): avc: denied { mount } for pid=6893 comm="syz.3.430" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 106.208477][ T39] audit: type=1400 audit(106.091:555): avc: denied { mounton } for pid=6893 comm="syz.3.430" path="/31/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1 [ 106.504947][ T6853] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.506984][ T6853] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.509079][ T6853] bridge_slave_0: entered allmulticast mode [ 106.516407][ T6853] bridge_slave_0: entered promiscuous mode [ 106.524088][ T6905] netlink: 44 bytes leftover after parsing attributes in process `syz.1.431'. [ 106.555549][ T6853] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.558444][ T6853] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.569851][ T6853] bridge_slave_1: entered allmulticast mode [ 106.582447][ T6853] bridge_slave_1: entered promiscuous mode [ 106.728688][ T6853] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 106.751829][ T45] hsr_slave_0: left promiscuous mode [ 106.753888][ T45] hsr_slave_1: left promiscuous mode [ 106.755826][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 106.757850][ T45] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 106.760458][ T45] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 106.762474][ T45] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 106.781545][ T45] veth1_macvtap: left promiscuous mode [ 106.783081][ T45] veth0_macvtap: left promiscuous mode [ 106.784602][ T45] veth1_vlan: left promiscuous mode [ 106.786063][ T45] veth0_vlan: left promiscuous mode [ 107.260782][ T5349] Bluetooth: hci3: command tx timeout [ 107.652092][ T45] team0 (unregistering): Port device team_slave_1 removed [ 107.753886][ T45] team0 (unregistering): Port device team_slave_0 removed [ 108.315958][ T6853] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 108.412116][ T6919] FAULT_INJECTION: forcing a failure. [ 108.412116][ T6919] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 108.416728][ T6919] CPU: 3 UID: 0 PID: 6919 Comm: syz.1.434 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 108.417481][ T6853] team0: Port device team_slave_0 added [ 108.420320][ T6919] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 108.420337][ T6919] Call Trace: [ 108.420344][ T6919] [ 108.420351][ T6919] dump_stack_lvl+0x16c/0x1f0 [ 108.420379][ T6919] should_fail_ex+0x497/0x5b0 [ 108.420411][ T6919] _copy_from_user+0x30/0xf0 [ 108.432848][ T6919] bpf_test_init.isra.0+0xf1/0x150 [ 108.434675][ T6919] bpf_prog_test_run_xdp+0x4f0/0x1580 [ 108.436564][ T6919] ? lock_acquire+0x2f/0xb0 [ 108.438147][ T6919] ? __fget_files+0x40/0x3f0 [ 108.439751][ T6919] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 108.441817][ T6919] ? fput+0x30/0x390 [ 108.443078][ T6919] ? __bpf_prog_get+0xa0/0x290 [ 108.444572][ T6919] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 108.446612][ T6919] __sys_bpf+0xfc6/0x49a0 [ 108.448122][ T6919] ? ksys_write+0x21e/0x260 [ 108.449705][ T6919] ? reacquire_held_locks+0x440/0x4c0 [ 108.451565][ T6919] ? __pfx___sys_bpf+0x10/0x10 [ 108.453236][ T6919] ? vfs_write+0x14d/0x1140 [ 108.454824][ T6919] ? __mutex_unlock_slowpath+0x164/0x650 [ 108.456819][ T6919] ? fput+0x30/0x390 [ 108.458182][ T6919] ? ksys_write+0x1ad/0x260 [ 108.459778][ T6919] ? __pfx_ksys_write+0x10/0x10 [ 108.461497][ T6919] __x64_sys_bpf+0x78/0xc0 [ 108.463045][ T6919] ? lockdep_hardirqs_on+0x7c/0x110 [ 108.464803][ T6919] do_syscall_64+0xcd/0x250 [ 108.466384][ T6919] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.468431][ T6919] RIP: 0033:0x7f120357dff9 [ 108.469976][ T6919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.475253][ T6919] RSP: 002b:00007f1204418038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 108.478087][ T6919] RAX: ffffffffffffffda RBX: 00007f1203735f80 RCX: 00007f120357dff9 [ 108.480184][ T6919] RDX: 000000000000000c RSI: 0000000020000500 RDI: 000000000000000a [ 108.482281][ T6919] RBP: 00007f1204418090 R08: 0000000000000000 R09: 0000000000000000 [ 108.484866][ T6919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.487597][ T6919] R13: 0000000000000000 R14: 00007f1203735f80 R15: 00007ffff4264098 [ 108.490241][ T6919] [ 108.527287][ T6853] team0: Port device team_slave_1 added [ 108.571559][ T6853] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 108.574310][ T6853] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.586880][ T6853] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 108.591043][ T6853] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 108.593539][ T6853] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 108.600868][ T6853] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 108.649684][ T6927] FAULT_INJECTION: forcing a failure. [ 108.649684][ T6927] name failslab, interval 1, probability 0, space 0, times 0 [ 108.654027][ T6927] CPU: 3 UID: 0 PID: 6927 Comm: syz.2.436 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 108.657686][ T6927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 108.661397][ T6927] Call Trace: [ 108.662557][ T6927] [ 108.663631][ T6927] dump_stack_lvl+0x16c/0x1f0 [ 108.665373][ T6927] should_fail_ex+0x497/0x5b0 [ 108.667028][ T6927] ? fs_reclaim_acquire+0xae/0x160 [ 108.668814][ T6927] should_failslab+0xc2/0x120 [ 108.670468][ T6927] kmem_cache_alloc_node_noprof+0x71/0x310 [ 108.672517][ T6927] ? __alloc_skb+0x2b1/0x380 [ 108.674145][ T6927] __alloc_skb+0x2b1/0x380 [ 108.675709][ T6927] ? __pfx___alloc_skb+0x10/0x10 [ 108.677467][ T6927] ? rtnetlink_rcv_msg+0x3e6/0xea0 [ 108.679254][ T6927] netlink_ack+0x164/0xb90 [ 108.680819][ T6927] netlink_rcv_skb+0x348/0x440 [ 108.682495][ T6927] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 108.684382][ T6927] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 108.686292][ T6927] ? netlink_deliver_tap+0x1ae/0xd90 [ 108.688216][ T6927] netlink_unicast+0x53c/0x7f0 [ 108.689981][ T6927] ? __pfx_netlink_unicast+0x10/0x10 [ 108.691820][ T6927] netlink_sendmsg+0x8b8/0xd70 [ 108.693492][ T6927] ? __pfx_netlink_sendmsg+0x10/0x10 [ 108.695318][ T6927] ? __import_iovec+0x1fd/0x6e0 [ 108.697030][ T6927] ____sys_sendmsg+0xaaf/0xc90 [ 108.698727][ T6927] ? copy_msghdr_from_user+0x10b/0x160 [ 108.700679][ T6927] ? __pfx_____sys_sendmsg+0x10/0x10 [ 108.702593][ T6927] ? __pfx___lock_acquire+0x10/0x10 [ 108.704446][ T6927] ___sys_sendmsg+0x135/0x1e0 [ 108.706104][ T6927] ? __pfx____sys_sendmsg+0x10/0x10 [ 108.707909][ T6927] ? lock_acquire+0x2f/0xb0 [ 108.709495][ T6927] ? __fget_files+0x40/0x3f0 [ 108.711235][ T6927] ? fdget+0x176/0x210 [ 108.712688][ T6927] __sys_sendmmsg+0x1a1/0x450 [ 108.714376][ T6927] ? __pfx___sys_sendmmsg+0x10/0x10 [ 108.716226][ T6927] ? vfs_write+0x14d/0x1140 [ 108.717864][ T6927] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 108.719840][ T6927] ? fput+0x30/0x390 [ 108.721257][ T6927] ? ksys_write+0x1ad/0x260 [ 108.722904][ T6927] ? __pfx_ksys_write+0x10/0x10 [ 108.724631][ T6927] __x64_sys_sendmmsg+0x9c/0x100 [ 108.726394][ T6927] ? lockdep_hardirqs_on+0x7c/0x110 [ 108.728193][ T6927] do_syscall_64+0xcd/0x250 [ 108.729793][ T6927] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.731856][ T6927] RIP: 0033:0x7f656137dff9 [ 108.733446][ T6927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.740228][ T6927] RSP: 002b:00007f65620c6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 108.743208][ T6927] RAX: ffffffffffffffda RBX: 00007f6561535f80 RCX: 00007f656137dff9 [ 108.745945][ T6927] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000005 [ 108.748666][ T6927] RBP: 00007f65620c6090 R08: 0000000000000000 R09: 0000000000000000 [ 108.751408][ T6927] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.754158][ T6927] R13: 0000000000000000 R14: 00007f6561535f80 R15: 00007ffd77e76ed8 [ 108.757022][ T6927] [ 108.842000][ T6853] hsr_slave_0: entered promiscuous mode [ 108.854941][ T6853] hsr_slave_1: entered promiscuous mode [ 109.189666][ T39] audit: type=1400 audit(109.061:556): avc: denied { unmount } for pid=6317 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 109.339606][ T5349] Bluetooth: hci3: command tx timeout [ 109.564344][ T39] audit: type=1400 audit(109.451:557): avc: denied { associate } for pid=6954 comm="syz.2.440" name="memory.events" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 109.738570][ T6853] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 109.750037][ T6853] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 109.756501][ T6853] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 109.764369][ T6853] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 109.823824][ T6853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 109.851085][ T6853] 8021q: adding VLAN 0 to HW filter on device team0 [ 109.858780][ T1194] bridge0: port 1(bridge_slave_0) entered blocking state [ 109.861308][ T1194] bridge0: port 1(bridge_slave_0) entered forwarding state [ 109.888213][ T1194] bridge0: port 2(bridge_slave_1) entered blocking state [ 109.890777][ T1194] bridge0: port 2(bridge_slave_1) entered forwarding state [ 109.895361][ T39] audit: type=1400 audit(109.781:558): avc: denied { lock } for pid=6967 comm="syz.2.441" path="socket:[22041]" dev="sockfs" ino=22041 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 109.920535][ T6853] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 109.924663][ T6853] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 109.935505][ T39] audit: type=1400 audit(109.821:559): avc: denied { module_request } for pid=6853 comm="syz-executor" kmod="netdev-nicvf0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 110.078211][ T6853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 110.141948][ T6853] veth0_vlan: entered promiscuous mode [ 110.149050][ T6853] veth1_vlan: entered promiscuous mode [ 110.171273][ T6853] veth0_macvtap: entered promiscuous mode [ 110.177493][ T6853] veth1_macvtap: entered promiscuous mode [ 110.189357][ T6853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 110.193292][ T6853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.196925][ T6853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 110.201257][ T6853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.207065][ T6853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 110.218318][ T6853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 110.224372][ T6853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.230056][ T6853] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 110.233632][ T6853] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 110.238538][ T6853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 110.248756][ T6853] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.253734][ T6853] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.256961][ T6853] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.260926][ T6853] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.298170][ T45] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.304422][ T45] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.317572][ T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 110.320026][ T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 110.358314][ T39] audit: type=1400 audit(110.241:560): avc: denied { create } for pid=6997 comm="syz.0.418" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 110.631979][ T39] audit: type=1400 audit(110.521:561): avc: denied { write } for pid=7000 comm="syz.1.444" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 110.632994][ T7002] netlink: 44 bytes leftover after parsing attributes in process `syz.1.444'. [ 110.639298][ T7002] netlink: 43 bytes leftover after parsing attributes in process `syz.1.444'. [ 110.641812][ T7002] netlink: 'syz.1.444': attribute type 6 has an invalid length. [ 110.644561][ T7002] netlink: 'syz.1.444': attribute type 5 has an invalid length. [ 110.647357][ T7002] netlink: 43 bytes leftover after parsing attributes in process `syz.1.444'. [ 110.966959][ T39] audit: type=1400 audit(110.851:562): avc: denied { mount } for pid=6997 comm="syz.0.418" name="/" dev="gadgetfs" ino=22745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1 [ 111.409681][ T5349] Bluetooth: hci3: command tx timeout [ 111.562121][ T39] audit: type=1326 audit(111.451:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7014 comm="syz.3.449" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd417d7dff9 code=0x0 [ 111.594933][ T6985] kexec: Could not allocate control_code_buffer [ 111.996050][ T39] audit: type=1326 audit(111.881:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7032 comm="syz.2.454" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656137dff9 code=0x7ffc0000 [ 112.004998][ T39] audit: type=1326 audit(111.881:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7032 comm="syz.2.454" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656137dff9 code=0x7ffc0000 [ 112.014988][ T39] audit: type=1326 audit(111.881:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7032 comm="syz.2.454" exe="/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f656137dff9 code=0x7ffc0000 [ 112.022279][ T39] audit: type=1326 audit(111.881:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7032 comm="syz.2.454" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656137dff9 code=0x7ffc0000 [ 112.030431][ T39] audit: type=1326 audit(111.881:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7032 comm="syz.2.454" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656137dff9 code=0x7ffc0000 [ 112.036688][ T39] audit: type=1326 audit(111.881:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7032 comm="syz.2.454" exe="/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f656137dff9 code=0x7ffc0000 [ 112.043906][ T39] audit: type=1326 audit(111.881:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7032 comm="syz.2.454" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656137dff9 code=0x7ffc0000 [ 112.051780][ T39] audit: type=1326 audit(111.881:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7032 comm="syz.2.454" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f656137dff9 code=0x7ffc0000 [ 112.057930][ T39] audit: type=1326 audit(111.881:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7032 comm="syz.2.454" exe="/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f656137dff9 code=0x7ffc0000 [ 112.459798][ T7024] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 112.928940][ T7051] netlink: 44 bytes leftover after parsing attributes in process `syz.0.461'. [ 112.932049][ T7051] netlink: 43 bytes leftover after parsing attributes in process `syz.0.461'. [ 112.935005][ T7051] netlink: 'syz.0.461': attribute type 6 has an invalid length. [ 112.937602][ T7051] netlink: 'syz.0.461': attribute type 5 has an invalid length. [ 112.939562][ T5336] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 112.940279][ T7051] netlink: 43 bytes leftover after parsing attributes in process `syz.0.461'. [ 113.121545][ T5336] usb 7-1: config index 0 descriptor too short (expected 23569, got 27) [ 113.124591][ T5336] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.129012][ T5336] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 113.132803][ T5336] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 113.135330][ T5336] usb 7-1: Manufacturer: syz [ 113.139250][ T5336] usb 7-1: config 0 descriptor?? [ 113.189550][ T5336] rc_core: IR keymap rc-hauppauge not found [ 113.191324][ T5336] Registered IR keymap rc-empty [ 113.196555][ T5336] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0 [ 113.203274][ T5336] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input10 [ 113.489566][ T5349] Bluetooth: hci3: command tx timeout [ 113.659653][ T5349] Bluetooth: hci0: command 0x0401 tx timeout [ 113.666724][ T7061] FAULT_INJECTION: forcing a failure. [ 113.666724][ T7061] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 113.670613][ T7061] CPU: 2 UID: 0 PID: 7061 Comm: syz.0.463 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 113.673368][ T7061] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 113.676140][ T7061] Call Trace: [ 113.677020][ T7061] [ 113.677813][ T7061] dump_stack_lvl+0x16c/0x1f0 [ 113.679060][ T7061] should_fail_ex+0x497/0x5b0 [ 113.680313][ T7061] _copy_from_iter+0x2a1/0x1540 [ 113.681575][ T7061] ? __pfx__copy_from_iter+0x10/0x10 [ 113.682917][ T7061] ? __virt_addr_valid+0x1a4/0x590 [ 113.684431][ T7061] ? __virt_addr_valid+0x5e/0x590 [ 113.685740][ T7061] ? __phys_addr_symbol+0x30/0x80 [ 113.686978][ T7061] ? __check_object_size+0x488/0x710 [ 113.688273][ T7061] netlink_sendmsg+0x813/0xd70 [ 113.689519][ T7061] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.690853][ T7061] ? __import_iovec+0x1fd/0x6e0 [ 113.692091][ T7061] ____sys_sendmsg+0xaaf/0xc90 [ 113.693313][ T7061] ? copy_msghdr_from_user+0x10b/0x160 [ 113.694741][ T7061] ? __pfx_____sys_sendmsg+0x10/0x10 [ 113.696113][ T7061] ? __pfx___lock_acquire+0x10/0x10 [ 113.697430][ T7061] ___sys_sendmsg+0x135/0x1e0 [ 113.698646][ T7061] ? __pfx____sys_sendmsg+0x10/0x10 [ 113.700025][ T7061] ? lock_acquire+0x2f/0xb0 [ 113.701241][ T7061] ? __fget_files+0x40/0x3f0 [ 113.702502][ T7061] ? fdget+0x176/0x210 [ 113.703586][ T7061] __sys_sendmsg+0x117/0x1f0 [ 113.704808][ T7061] ? __pfx___sys_sendmsg+0x10/0x10 [ 113.706122][ T7061] ? __fget_files+0x244/0x3f0 [ 113.707331][ T7061] do_syscall_64+0xcd/0x250 [ 113.708479][ T7061] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.709958][ T7061] RIP: 0033:0x7ffbcb17dff9 [ 113.711091][ T7061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.715856][ T7061] RSP: 002b:00007ffbcbfbe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 113.717918][ T7061] RAX: ffffffffffffffda RBX: 00007ffbcb335f80 RCX: 00007ffbcb17dff9 [ 113.719917][ T7061] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 113.721880][ T7061] RBP: 00007ffbcbfbe090 R08: 0000000000000000 R09: 0000000000000000 [ 113.723840][ T7061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.725792][ T7061] R13: 0000000000000000 R14: 00007ffbcb335f80 R15: 00007fff10303a48 [ 113.727739][ T7061] [ 114.071365][ T5336] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 114.074094][ T7065] FAULT_INJECTION: forcing a failure. [ 114.074094][ T7065] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 114.077422][ T7065] CPU: 1 UID: 0 PID: 7065 Comm: syz.1.465 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 114.080027][ T7065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 114.083049][ T7065] Call Trace: [ 114.084243][ T7065] [ 114.085313][ T7065] dump_stack_lvl+0x16c/0x1f0 [ 114.086963][ T7065] should_fail_ex+0x497/0x5b0 [ 114.088637][ T7065] _copy_from_user+0x30/0xf0 [ 114.090271][ T7065] copy_msghdr_from_user+0x99/0x160 [ 114.092121][ T7065] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 114.093815][ T7065] ? hlock_class+0x4e/0x130 [ 114.095140][ T7065] ? __lock_acquire+0x163e/0x3ce0 [ 114.096958][ T7065] ___sys_sendmsg+0xff/0x1e0 [ 114.098329][ T7065] ? __pfx____sys_sendmsg+0x10/0x10 [ 114.099602][ T7065] ? __pfx___lock_acquire+0x10/0x10 [ 114.100894][ T7065] ? __pfx___might_resched+0x10/0x10 [ 114.102217][ T7065] ? __might_fault+0xe3/0x190 [ 114.103782][ T7065] __sys_sendmmsg+0x1a1/0x450 [ 114.105500][ T7065] ? __pfx___sys_sendmmsg+0x10/0x10 [ 114.107385][ T7065] ? vfs_write+0x14d/0x1140 [ 114.109041][ T7065] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 114.111203][ T7065] ? fput+0x30/0x390 [ 114.112231][ T7065] ? ksys_write+0x1ad/0x260 [ 114.113747][ T7065] ? __pfx_ksys_write+0x10/0x10 [ 114.115051][ T7065] __x64_sys_sendmmsg+0x9c/0x100 [ 114.116346][ T7065] ? lockdep_hardirqs_on+0x7c/0x110 [ 114.117714][ T7065] do_syscall_64+0xcd/0x250 [ 114.118907][ T7065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.120373][ T7065] RIP: 0033:0x7f120357dff9 [ 114.121585][ T7065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.128472][ T7065] RSP: 002b:00007f1204418038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 114.130787][ T7065] RAX: ffffffffffffffda RBX: 00007f1203735f80 RCX: 00007f120357dff9 [ 114.133532][ T7065] RDX: 0000000000000318 RSI: 00000000200bd000 RDI: 0000000000000006 [ 114.135749][ T7065] RBP: 00007f1204418090 R08: 0000000000000000 R09: 0000000000000000 [ 114.137938][ T7065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.140791][ T7065] R13: 0000000000000000 R14: 00007f1203735f80 R15: 00007ffff4264098 [ 114.143657][ T7065] [ 114.178385][ T7065] netlink: 44 bytes leftover after parsing attributes in process `syz.1.465'. [ 114.180958][ T7065] netlink: 43 bytes leftover after parsing attributes in process `syz.1.465'. [ 114.183580][ T7065] netlink: 'syz.1.465': attribute type 6 has an invalid length. [ 114.186291][ T7065] netlink: 'syz.1.465': attribute type 5 has an invalid length. [ 114.188413][ T7065] netlink: 43 bytes leftover after parsing attributes in process `syz.1.465'. [ 114.230221][ T5336] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 114.233179][ T5336] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 114.235566][ T5336] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 114.238360][ T5336] usb 5-1: config 0 interface 0 has no altsetting 0 [ 114.241184][ T5336] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 114.243610][ T5336] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 114.246363][ T5336] usb 5-1: config 0 interface 0 has no altsetting 0 [ 114.248827][ T5336] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 114.251528][ T5336] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 114.254271][ T5336] usb 5-1: config 0 interface 0 has no altsetting 0 [ 114.256752][ T5336] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 114.259069][ T5336] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 114.262418][ T5336] usb 5-1: config 0 interface 0 has no altsetting 0 [ 114.265852][ T5336] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 114.268079][ T5336] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 114.271154][ T5336] usb 5-1: config 0 interface 0 has no altsetting 0 [ 114.273845][ T5336] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 114.276218][ T5336] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 114.279031][ T5336] usb 5-1: config 0 interface 0 has no altsetting 0 [ 114.281529][ T5336] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 114.283743][ T5336] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 114.286544][ T5336] usb 5-1: config 0 interface 0 has no altsetting 0 [ 114.289045][ T5336] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 114.291393][ T5336] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 114.294115][ T5336] usb 5-1: config 0 interface 0 has no altsetting 0 [ 114.297325][ T5336] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 114.299629][ T5336] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 114.301673][ T5336] usb 5-1: Product: syz [ 114.302702][ T5336] usb 5-1: Manufacturer: syz [ 114.303904][ T5336] usb 5-1: SerialNumber: syz [ 114.306433][ T5336] usb 5-1: config 0 descriptor?? [ 114.310312][ T5336] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 114.588444][ T7067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 114.591398][ T7067] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 115.727085][ T5376] usb 7-1: USB disconnect, device number 6 [ 116.539984][ C2] usb 5-1: yurex_control_callback - control failed: -2 [ 116.547804][ T57] usb 5-1: USB disconnect, device number 5 [ 116.556357][ T57] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 117.369584][ T828] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 117.525377][ T828] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 117.529330][ T828] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.534395][ T828] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.537319][ T828] usb 5-1: config 0 interface 0 has no altsetting 0 [ 117.542984][ T828] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.545335][ T828] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.548113][ T828] usb 5-1: config 0 interface 0 has no altsetting 0 [ 117.551557][ T828] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.554163][ T828] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.556950][ T828] usb 5-1: config 0 interface 0 has no altsetting 0 [ 117.560473][ T828] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.563274][ T828] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.566186][ T828] usb 5-1: config 0 interface 0 has no altsetting 0 [ 117.568763][ T828] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.571412][ T828] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.574362][ T828] usb 5-1: config 0 interface 0 has no altsetting 0 [ 117.577915][ T828] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.581782][ T828] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.584932][ T828] usb 5-1: config 0 interface 0 has no altsetting 0 [ 117.589442][ T828] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.592083][ T828] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.595333][ T828] usb 5-1: config 0 interface 0 has no altsetting 0 [ 117.599037][ T828] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 117.601694][ T828] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 117.604637][ T828] usb 5-1: config 0 interface 0 has no altsetting 0 [ 117.608370][ T828] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 117.610840][ T828] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 117.613028][ T828] usb 5-1: Product: syz [ 117.614322][ T828] usb 5-1: Manufacturer: syz [ 117.615597][ T828] usb 5-1: SerialNumber: syz [ 117.618601][ T828] usb 5-1: config 0 descriptor?? [ 117.629641][ T828] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 117.881004][ T7112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.883574][ T7112] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 118.077851][ T7091] kexec: Could not allocate control_code_buffer [ 119.910002][ C0] usb 5-1: yurex_control_callback - control failed: -2 [ 120.128873][ T57] usb 5-1: USB disconnect, device number 6 [ 120.138577][ T57] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 120.389547][ T7162] FAULT_INJECTION: forcing a failure. [ 120.389547][ T7162] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 120.392708][ T7162] CPU: 1 UID: 0 PID: 7162 Comm: syz.3.495 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 120.395615][ T7162] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 120.398660][ T7162] Call Trace: [ 120.399490][ T7162] [ 120.400216][ T7162] dump_stack_lvl+0x16c/0x1f0 [ 120.401430][ T7162] should_fail_ex+0x497/0x5b0 [ 120.402630][ T7162] _copy_from_iter+0x2a1/0x1540 [ 120.403845][ T7162] ? __pfx__copy_from_iter+0x10/0x10 [ 120.405179][ T7162] ? __virt_addr_valid+0x1a4/0x590 [ 120.406414][ T7162] ? __virt_addr_valid+0x5e/0x590 [ 120.407642][ T7162] ? __phys_addr_symbol+0x30/0x80 [ 120.408877][ T7162] ? __check_object_size+0x488/0x710 [ 120.410252][ T7162] netlink_sendmsg+0x813/0xd70 [ 120.411455][ T7162] ? __pfx_netlink_sendmsg+0x10/0x10 [ 120.412769][ T7162] ? __import_iovec+0x1fd/0x6e0 [ 120.413958][ T7162] ____sys_sendmsg+0xaaf/0xc90 [ 120.415120][ T7162] ? copy_msghdr_from_user+0x10b/0x160 [ 120.416493][ T7162] ? __pfx_____sys_sendmsg+0x10/0x10 [ 120.417792][ T7162] ? __pfx___lock_acquire+0x10/0x10 [ 120.419094][ T7162] ___sys_sendmsg+0x135/0x1e0 [ 120.420278][ T7162] ? __pfx____sys_sendmsg+0x10/0x10 [ 120.421562][ T7162] ? lock_acquire+0x2f/0xb0 [ 120.422675][ T7162] ? __fget_files+0x40/0x3f0 [ 120.423813][ T7162] ? fdget+0x176/0x210 [ 120.424819][ T7162] __sys_sendmsg+0x117/0x1f0 [ 120.425994][ T7162] ? __pfx___sys_sendmsg+0x10/0x10 [ 120.427268][ T7162] ? __fget_files+0x244/0x3f0 [ 120.428422][ T7162] do_syscall_64+0xcd/0x250 [ 120.429583][ T7162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.431040][ T7162] RIP: 0033:0x7fd417d7dff9 [ 120.432122][ T7162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.436781][ T7162] RSP: 002b:00007fd418b5a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 120.438803][ T7162] RAX: ffffffffffffffda RBX: 00007fd417f35f80 RCX: 00007fd417d7dff9 [ 120.440755][ T7162] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 120.442709][ T7162] RBP: 00007fd418b5a090 R08: 0000000000000000 R09: 0000000000000000 [ 120.444633][ T7162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.446542][ T7162] R13: 0000000000000000 R14: 00007fd417f35f80 R15: 00007fff1312b988 [ 120.448477][ T7162] [ 120.672918][ T39] kauditd_printk_skb: 10 callbacks suppressed [ 120.672934][ T39] audit: type=1400 audit(120.561:583): avc: denied { ioctl } for pid=7166 comm="syz.2.497" path="/dev/usbmon0" dev="devtmpfs" ino=721 ioctlcmd=0x9204 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 120.760656][ T7143] kexec: Could not allocate control_code_buffer [ 120.862555][ T7189] FAULT_INJECTION: forcing a failure. [ 120.862555][ T7189] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 120.865771][ T7189] CPU: 2 UID: 0 PID: 7189 Comm: syz.1.504 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 120.868431][ T7189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 120.871036][ T7189] Call Trace: [ 120.872162][ T7189] [ 120.873082][ T7189] dump_stack_lvl+0x16c/0x1f0 [ 120.874308][ T7189] should_fail_ex+0x497/0x5b0 [ 120.875516][ T7189] _copy_from_user+0x30/0xf0 [ 120.876671][ T7189] copy_msghdr_from_user+0x99/0x160 [ 120.877919][ T7189] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 120.879378][ T7189] ? __pfx___lock_acquire+0x10/0x10 [ 120.880695][ T7189] ___sys_sendmsg+0xff/0x1e0 [ 120.881858][ T7189] ? __pfx____sys_sendmsg+0x10/0x10 [ 120.883163][ T7189] ? lock_acquire+0x2f/0xb0 [ 120.884275][ T7189] ? __fget_files+0x40/0x3f0 [ 120.885414][ T7189] ? fdget+0x176/0x210 [ 120.886425][ T7189] __sys_sendmmsg+0x1a1/0x450 [ 120.887574][ T7189] ? __pfx___sys_sendmmsg+0x10/0x10 [ 120.888817][ T7189] ? vfs_write+0x14d/0x1140 [ 120.889973][ T7189] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 120.891487][ T7189] ? fput+0x30/0x390 [ 120.892473][ T7189] ? ksys_write+0x1ad/0x260 [ 120.893602][ T7189] ? __pfx_ksys_write+0x10/0x10 [ 120.894812][ T7189] __x64_sys_sendmmsg+0x9c/0x100 [ 120.896014][ T7189] ? lockdep_hardirqs_on+0x7c/0x110 [ 120.897283][ T7189] do_syscall_64+0xcd/0x250 [ 120.898394][ T7189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.899851][ T7189] RIP: 0033:0x7f120357dff9 [ 120.900964][ T7189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.905657][ T7189] RSP: 002b:00007f1204418038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 120.907711][ T7189] RAX: ffffffffffffffda RBX: 00007f1203735f80 RCX: 00007f120357dff9 [ 120.909652][ T7189] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 120.911620][ T7189] RBP: 00007f1204418090 R08: 0000000000000000 R09: 0000000000000000 [ 120.913663][ T7189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.915620][ T7189] R13: 0000000000000000 R14: 00007f1203735f80 R15: 00007ffff4264098 [ 120.917809][ T7189] [ 121.536704][ T7197] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7197 comm=syz.3.506 [ 121.540350][ T39] audit: type=1400 audit(121.431:584): avc: denied { read } for pid=7196 comm="syz.3.506" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 121.555175][ T39] audit: type=1400 audit(121.441:585): avc: denied { read } for pid=7196 comm="syz.3.506" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 122.771011][ T7222] netlink: 32 bytes leftover after parsing attributes in process `syz.0.515'. [ 122.776756][ T7222] netlink: 24 bytes leftover after parsing attributes in process `syz.0.515'. [ 122.781299][ T7222] netlink: 12 bytes leftover after parsing attributes in process `syz.0.515'. [ 123.089574][ T5336] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 123.239882][ T5336] usb 5-1: Using ep0 maxpacket: 8 [ 123.244295][ T5336] usb 5-1: New USB device found, idVendor=2001, idProduct=3c1a, bcdDevice=62.2f [ 123.246595][ T5336] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.248550][ T5336] usb 5-1: Product: syz [ 123.249857][ T5336] usb 5-1: Manufacturer: syz [ 123.251084][ T5336] usb 5-1: SerialNumber: syz [ 123.254835][ T5336] usb 5-1: config 0 descriptor?? [ 123.308637][ T7201] kexec: Could not allocate control_code_buffer [ 123.469061][ T5336] usb 5-1: USB disconnect, device number 7 [ 123.984506][ T7233] FAULT_INJECTION: forcing a failure. [ 123.984506][ T7233] name failslab, interval 1, probability 0, space 0, times 0 [ 123.987688][ T7233] CPU: 1 UID: 0 PID: 7233 Comm: syz.1.518 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 123.990329][ T7233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 123.993022][ T7233] Call Trace: [ 123.993876][ T7233] [ 123.994646][ T7233] dump_stack_lvl+0x16c/0x1f0 [ 123.995868][ T7233] should_fail_ex+0x497/0x5b0 [ 123.997071][ T7233] ? fs_reclaim_acquire+0xae/0x160 [ 123.998378][ T7233] should_failslab+0xc2/0x120 [ 123.999565][ T7233] __kmalloc_cache_noprof+0x6b/0x300 [ 124.000930][ T7233] ? bpf_prog_alloc_no_stats+0x54/0x5d0 [ 124.002325][ T7233] ? bpf_prog_alloc_no_stats+0x107/0x5d0 [ 124.003743][ T7233] ? __vmalloc_noprof+0x6d/0x90 [ 124.004970][ T7233] bpf_prog_alloc_no_stats+0x107/0x5d0 [ 124.006345][ T7233] bpf_prog_alloc+0x3b/0x230 [ 124.007532][ T7233] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 124.009030][ T7233] bpf_prog_load+0x1b3f/0x2660 [ 124.010269][ T7233] ? __pfx_bpf_prog_load+0x10/0x10 [ 124.011572][ T7233] ? avc_has_perm_noaudit+0x143/0x3a0 [ 124.012939][ T7233] ? selinux_bpf+0xde/0x130 [ 124.014099][ T7233] __sys_bpf+0x402b/0x49a0 [ 124.015233][ T7233] ? ksys_write+0x21e/0x260 [ 124.016388][ T7233] ? reacquire_held_locks+0x440/0x4c0 [ 124.017760][ T7233] ? __pfx___sys_bpf+0x10/0x10 [ 124.018985][ T7233] ? vfs_write+0x14d/0x1140 [ 124.020130][ T7233] ? __mutex_unlock_slowpath+0x164/0x650 [ 124.021585][ T7233] ? fput+0x30/0x390 [ 124.022638][ T7233] ? ksys_write+0x1ad/0x260 [ 124.023799][ T7233] ? __pfx_ksys_write+0x10/0x10 [ 124.025040][ T7233] __x64_sys_bpf+0x78/0xc0 [ 124.026191][ T7233] ? lockdep_hardirqs_on+0x7c/0x110 [ 124.027502][ T7233] do_syscall_64+0xcd/0x250 [ 124.028697][ T7233] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.030318][ T7233] RIP: 0033:0x7f120357dff9 [ 124.031487][ T7233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.036314][ T7233] RSP: 002b:00007f1204418038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 124.038396][ T7233] RAX: ffffffffffffffda RBX: 00007f1203735f80 RCX: 00007f120357dff9 [ 124.040388][ T7233] RDX: 0000000000000090 RSI: 0000000020000880 RDI: 0000000000000005 [ 124.042396][ T7233] RBP: 00007f1204418090 R08: 0000000000000000 R09: 0000000000000000 [ 124.044379][ T7233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 124.046414][ T7233] R13: 0000000000000000 R14: 00007f1203735f80 R15: 00007ffff4264098 [ 124.048515][ T7233] [ 126.109959][ T7253] kexec: Could not allocate control_code_buffer [ 126.909213][ T7295] netlink: 40 bytes leftover after parsing attributes in process `syz.1.539'. [ 126.914891][ T39] audit: type=1400 audit(126.801:586): avc: denied { map } for pid=7294 comm="syz.1.539" path="socket:[27829]" dev="sockfs" ino=27829 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 127.026377][ T7282] dccp_close: ABORT with 32 bytes unread [ 127.250891][ T7305] ALSA: mixer_oss: invalid index 100000 [ 128.417289][ T7297] kexec: Could not allocate control_code_buffer [ 128.543707][ T7327] input: syz1 as /devices/virtual/input/input11 [ 130.379597][ T982] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 130.531200][ T982] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 130.534871][ T982] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 130.538023][ T982] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 130.543176][ T982] usb 7-1: config 0 interface 0 has no altsetting 0 [ 130.547112][ T982] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 130.550353][ T982] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 130.553875][ T982] usb 7-1: config 0 interface 0 has no altsetting 0 [ 130.556206][ T982] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 130.558461][ T982] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 130.561291][ T982] usb 7-1: config 0 interface 0 has no altsetting 0 [ 130.563706][ T982] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 130.566016][ T982] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 130.568795][ T982] usb 7-1: config 0 interface 0 has no altsetting 0 [ 130.571354][ T982] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 130.573664][ T982] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 130.576453][ T982] usb 7-1: config 0 interface 0 has no altsetting 0 [ 130.579762][ T982] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 130.582179][ T982] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 130.584956][ T982] usb 7-1: config 0 interface 0 has no altsetting 0 [ 130.587383][ T982] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 130.589952][ T982] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 130.592749][ T982] usb 7-1: config 0 interface 0 has no altsetting 0 [ 130.596033][ T982] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 130.598378][ T982] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 130.601253][ T982] usb 7-1: config 0 interface 0 has no altsetting 0 [ 130.605435][ T982] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 130.607776][ T982] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 130.611190][ T982] usb 7-1: Product: syz [ 130.612288][ T982] usb 7-1: Manufacturer: syz [ 130.613469][ T982] usb 7-1: SerialNumber: syz [ 130.615874][ T982] usb 7-1: config 0 descriptor?? [ 130.622125][ T982] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 130.855779][ T7349] kexec: Could not allocate control_code_buffer [ 130.884307][ T7378] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 130.888086][ T7378] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 130.915235][ T7380] FAULT_INJECTION: forcing a failure. [ 130.915235][ T7380] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 130.919586][ T7380] CPU: 2 UID: 0 PID: 7380 Comm: syz.0.566 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 130.922352][ T7380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 130.925126][ T7380] Call Trace: [ 130.926004][ T7380] [ 130.926828][ T7380] dump_stack_lvl+0x16c/0x1f0 [ 130.928097][ T7380] should_fail_ex+0x497/0x5b0 [ 130.929358][ T7380] _copy_from_iter+0x2a1/0x1540 [ 130.930682][ T7380] ? __pfx__copy_from_iter+0x10/0x10 [ 130.932087][ T7380] ? __virt_addr_valid+0x1a4/0x590 [ 130.933449][ T7380] ? __virt_addr_valid+0x5e/0x590 [ 130.934769][ T7380] ? __phys_addr_symbol+0x30/0x80 [ 130.936085][ T7380] ? __check_object_size+0x488/0x710 [ 130.937472][ T7380] kernfs_fop_write_iter+0x19d/0x500 [ 130.938856][ T7380] vfs_write+0x6b5/0x1140 [ 130.940014][ T7380] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 130.941559][ T7380] ? trace_lock_acquire+0x14a/0x1d0 [ 130.942910][ T7380] ? __pfx_vfs_write+0x10/0x10 [ 130.944162][ T7380] ? __pfx___mutex_lock+0x10/0x10 [ 130.945488][ T7380] ksys_write+0x12f/0x260 [ 130.946618][ T7380] ? __pfx_ksys_write+0x10/0x10 [ 130.947896][ T7380] do_syscall_64+0xcd/0x250 [ 130.949094][ T7380] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.950622][ T7380] RIP: 0033:0x7ffbcb17dff9 [ 130.951785][ T7380] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.956719][ T7380] RSP: 002b:00007ffbcbfbe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 130.958873][ T7380] RAX: ffffffffffffffda RBX: 00007ffbcb335f80 RCX: 00007ffbcb17dff9 [ 130.960934][ T7380] RDX: 0000000000000012 RSI: 0000000020000200 RDI: 0000000000000009 [ 130.963011][ T7380] RBP: 00007ffbcbfbe090 R08: 0000000000000000 R09: 0000000000000000 [ 130.965064][ T7380] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 130.967121][ T7380] R13: 0000000000000000 R14: 00007ffbcb335f80 R15: 00007fff10303a48 [ 130.969246][ T7380] [ 131.329631][ T7395] EXT4-fs warning (device sda1): verify_group_input:136: Cannot add at group 262395 (only 8 groups) [ 132.620699][ T1379] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.622580][ T1379] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.849665][ C3] usb 7-1: yurex_control_callback - control failed: -2 [ 132.890796][ T73] usb 7-1: USB disconnect, device number 7 [ 132.893704][ T7406] kexec: Could not allocate control_code_buffer [ 132.894843][ T73] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 133.032388][ T7431] EXT4-fs warning (device sda1): verify_group_input:136: Cannot add at group 262395 (only 8 groups) [ 133.699576][ T73] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 133.859561][ T73] usb 7-1: Using ep0 maxpacket: 8 [ 133.862669][ T73] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 133.866401][ T73] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 133.870034][ T73] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 133.873290][ T73] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 133.877607][ T73] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 133.881683][ T73] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.969557][ T982] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 134.090589][ T73] usb 7-1: usb_control_msg returned -71 [ 134.092457][ T73] usbtmc 7-1:16.0: can't read capabilities [ 134.097572][ T73] usb 7-1: USB disconnect, device number 8 [ 134.121260][ T982] usb 5-1: Using ep0 maxpacket: 8 [ 134.124312][ T982] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 134.127983][ T982] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 134.132118][ T982] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 134.135405][ T982] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 134.140120][ T982] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 134.143280][ T982] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.349929][ T982] usb 5-1: usb_control_msg returned -71 [ 134.351966][ T982] usbtmc 5-1:16.0: can't read capabilities [ 134.356338][ T982] usb 5-1: USB disconnect, device number 8 [ 134.800457][ T39] audit: type=1400 audit(134.691:587): avc: denied { read write } for pid=7483 comm="syz.2.597" name="nullb0" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 134.806110][ T39] audit: type=1400 audit(134.691:588): avc: denied { open } for pid=7483 comm="syz.2.597" path="/143/bus" dev="devtmpfs" ino=691 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 135.209638][ T982] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 135.361024][ T982] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 135.365535][ T982] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 135.368702][ T982] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 135.372935][ T982] usb 5-1: config 0 interface 0 has no altsetting 0 [ 135.376896][ T982] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 135.379992][ T982] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 135.383759][ T982] usb 5-1: config 0 interface 0 has no altsetting 0 [ 135.387961][ T982] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 135.390973][ T982] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 135.394628][ T982] usb 5-1: config 0 interface 0 has no altsetting 0 [ 135.398641][ T982] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 135.401993][ T982] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 135.405736][ T982] usb 5-1: config 0 interface 0 has no altsetting 0 [ 135.409438][ T982] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 135.412637][ T982] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 135.416365][ T982] usb 5-1: config 0 interface 0 has no altsetting 0 [ 135.422862][ T982] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 135.425484][ T982] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 135.429104][ T982] usb 5-1: config 0 interface 0 has no altsetting 0 [ 135.432663][ T982] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 135.435183][ T982] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 135.438141][ T982] usb 5-1: config 0 interface 0 has no altsetting 0 [ 135.440995][ T982] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 135.443473][ T982] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 135.446439][ T982] usb 5-1: config 0 interface 0 has no altsetting 0 [ 135.449645][ T982] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 135.452029][ T982] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 135.454309][ T982] usb 5-1: Product: syz [ 135.455415][ T982] usb 5-1: Manufacturer: syz [ 135.456633][ T982] usb 5-1: SerialNumber: syz [ 135.461015][ T982] usb 5-1: config 0 descriptor?? [ 135.464388][ T982] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 135.732000][ T7501] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.734576][ T7501] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.985252][ T39] audit: type=1400 audit(135.871:589): avc: denied { sqpoll } for pid=7502 comm="syz.1.603" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 135.988638][ T7503] EXT4-fs warning (device sda1): verify_group_input:136: Cannot add at group 262395 (only 8 groups) [ 137.246912][ T7496] kexec: Could not allocate control_code_buffer [ 137.839618][ C3] usb 5-1: yurex_control_callback - control failed: -2 [ 137.879301][ T4518] usb 5-1: USB disconnect, device number 9 [ 137.882147][ T4518] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 139.886174][ T7552] kexec: Could not allocate control_code_buffer [ 140.159745][ T5336] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 140.320180][ T5336] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 140.329948][ T5336] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 140.332295][ T5336] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 140.335117][ T5336] usb 7-1: config 0 interface 0 has no altsetting 0 [ 140.337538][ T5336] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 140.340314][ T5336] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 140.343170][ T5336] usb 7-1: config 0 interface 0 has no altsetting 0 [ 140.347593][ T5336] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 140.350170][ T5336] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 140.352991][ T5336] usb 7-1: config 0 interface 0 has no altsetting 0 [ 140.355566][ T5336] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 140.357923][ T5336] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 140.360933][ T5336] usb 7-1: config 0 interface 0 has no altsetting 0 [ 140.363363][ T5336] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 140.365685][ T5336] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 140.368494][ T5336] usb 7-1: config 0 interface 0 has no altsetting 0 [ 140.371099][ T5336] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 140.373323][ T5336] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 140.376113][ T5336] usb 7-1: config 0 interface 0 has no altsetting 0 [ 140.378524][ T5336] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 140.381072][ T5336] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 140.383887][ T5336] usb 7-1: config 0 interface 0 has no altsetting 0 [ 140.386476][ T5336] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 140.388795][ T5336] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 140.391711][ T5336] usb 7-1: config 0 interface 0 has no altsetting 0 [ 140.395245][ T5336] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 140.397647][ T5336] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 140.400161][ T5336] usb 7-1: Product: syz [ 140.401299][ T5336] usb 7-1: Manufacturer: syz [ 140.402533][ T5336] usb 7-1: SerialNumber: syz [ 140.404946][ T5336] usb 7-1: config 0 descriptor?? [ 140.410652][ T5336] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 140.670448][ T7599] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 140.676372][ T7599] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 142.689776][ C2] usb 7-1: yurex_control_callback - control failed: -2 [ 142.695787][ T5336] usb 7-1: USB disconnect, device number 9 [ 142.709889][ T5336] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 143.060686][ T7617] kexec: Could not allocate control_code_buffer [ 145.781126][ T7655] kexec: Could not allocate control_code_buffer [ 146.087602][ T7679] netlink: 'syz.2.657': attribute type 4 has an invalid length. [ 149.145800][ T7700] kexec: Could not allocate control_code_buffer [ 149.299440][ T93] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.354033][ T5348] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 149.358489][ T5348] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 149.361072][ T5348] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 149.363589][ T5348] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 149.365779][ T5348] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 149.368273][ T5348] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 149.441934][ T39] audit: type=1400 audit(149.331:590): avc: denied { getopt } for pid=7725 comm="syz.2.672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 149.444389][ T93] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.455029][ T39] audit: type=1400 audit(149.341:591): avc: denied { create } for pid=7725 comm="syz.2.672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 149.660043][ T93] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.670825][ T7723] chnl_net:caif_netlink_parms(): no params data found [ 149.771212][ T93] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.778723][ T7723] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.782839][ T7723] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.785282][ T7723] bridge_slave_0: entered allmulticast mode [ 149.789449][ T7723] bridge_slave_0: entered promiscuous mode [ 149.792635][ T7723] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.795073][ T7723] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.797505][ T7723] bridge_slave_1: entered allmulticast mode [ 149.800618][ T7723] bridge_slave_1: entered promiscuous mode [ 149.827637][ T7723] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 149.837134][ T7723] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 149.883969][ T7723] team0: Port device team_slave_0 added [ 149.887279][ T7723] team0: Port device team_slave_1 added [ 149.891007][ T73] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 149.931831][ T93] bridge_slave_1: left allmulticast mode [ 149.933738][ T93] bridge_slave_1: left promiscuous mode [ 149.935723][ T93] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.940316][ T93] bridge_slave_0: left allmulticast mode [ 149.942235][ T93] bridge_slave_0: left promiscuous mode [ 149.944222][ T93] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.040158][ T73] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 150.043925][ T73] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 150.050485][ T73] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 150.053330][ T73] usb 5-1: config 0 interface 0 has no altsetting 0 [ 150.055802][ T73] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 150.058125][ T73] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 150.061250][ T73] usb 5-1: config 0 interface 0 has no altsetting 0 [ 150.065768][ T73] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 150.070432][ T73] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 150.073279][ T73] usb 5-1: config 0 interface 0 has no altsetting 0 [ 150.075712][ T73] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 150.078039][ T73] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 150.087698][ T73] usb 5-1: config 0 interface 0 has no altsetting 0 [ 150.100084][ T73] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 150.102461][ T73] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 150.105268][ T73] usb 5-1: config 0 interface 0 has no altsetting 0 [ 150.108922][ T73] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 150.113694][ T73] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 150.116556][ T73] usb 5-1: config 0 interface 0 has no altsetting 0 [ 150.120269][ T73] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 150.122621][ T73] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 150.125426][ T73] usb 5-1: config 0 interface 0 has no altsetting 0 [ 150.128010][ T73] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 150.131117][ T73] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 150.140475][ T73] usb 5-1: config 0 interface 0 has no altsetting 0 [ 150.153639][ T73] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 150.155996][ T73] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 150.158163][ T73] usb 5-1: Product: syz [ 150.159270][ T73] usb 5-1: Manufacturer: syz [ 150.161336][ T73] usb 5-1: SerialNumber: syz [ 150.163520][ T73] usb 5-1: config 0 descriptor?? [ 150.166660][ T73] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 150.305153][ T93] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 150.311363][ T93] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 150.315194][ T93] bond0 (unregistering): Released all slaves [ 150.345748][ T7723] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 150.348084][ T7723] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.354881][ T7723] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 150.358603][ T7723] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 150.360534][ T7723] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 150.367403][ T7723] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 150.413440][ T7723] hsr_slave_0: entered promiscuous mode [ 150.417136][ T7723] hsr_slave_1: entered promiscuous mode [ 150.419058][ T7723] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 150.421830][ T7723] Cannot create hsr debugfs directory [ 150.442732][ T93] tipc: Left network mode [ 150.445495][ T7748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.451706][ T7748] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 150.716082][ T93] hsr_slave_0: left promiscuous mode [ 150.718146][ T93] hsr_slave_1: left promiscuous mode [ 150.720973][ T93] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 150.724138][ T93] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 150.729723][ T93] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.731927][ T93] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.748973][ T93] veth1_macvtap: left promiscuous mode [ 150.751049][ T93] veth0_macvtap: left promiscuous mode [ 150.752502][ T93] veth1_vlan: left promiscuous mode [ 150.753877][ T93] veth0_vlan: left promiscuous mode [ 150.951211][ T7746] dccp_close: ABORT with 32 bytes unread [ 151.409773][ T5349] Bluetooth: hci1: command tx timeout [ 151.478449][ T93] team0 (unregistering): Port device team_slave_1 removed [ 151.561205][ T93] team0 (unregistering): Port device team_slave_0 removed [ 152.449864][ C3] usb 5-1: yurex_control_callback - control failed: -2 [ 152.472934][ T57] usb 5-1: USB disconnect, device number 10 [ 152.475279][ T57] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 152.535510][ T7723] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 152.559032][ T7723] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 152.568829][ T7723] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 152.578173][ T7723] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 152.628352][ T7723] 8021q: adding VLAN 0 to HW filter on device bond0 [ 152.643752][ T7723] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.646941][ T93] IPVS: stop unused estimator thread 0... [ 152.661143][ T1108] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.663568][ T1108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 152.684150][ T1108] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.686591][ T1108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 152.708542][ T7723] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 152.713502][ T7723] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 152.857793][ T7723] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.877872][ T7723] veth0_vlan: entered promiscuous mode [ 152.884099][ T7723] veth1_vlan: entered promiscuous mode [ 152.901633][ T7723] veth0_macvtap: entered promiscuous mode [ 152.905069][ T7723] veth1_macvtap: entered promiscuous mode [ 152.915375][ T7723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.918703][ T7723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.922297][ T7723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 152.925615][ T7723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.929909][ T7723] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 152.933541][ T7723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 152.936981][ T7723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.941884][ T7723] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 152.945325][ T7723] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 152.949301][ T7723] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 152.955897][ T7723] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.958808][ T7723] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.961887][ T7723] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.964731][ T7723] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.005177][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.009574][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.040374][ T425] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 153.042468][ T425] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 153.391650][ T7768] kexec: Could not allocate control_code_buffer [ 153.499597][ T5349] Bluetooth: hci1: command tx timeout [ 154.108406][ T7823] netlink: 'syz.3.690': attribute type 11 has an invalid length. [ 154.111210][ T7823] netlink: 211132 bytes leftover after parsing attributes in process `syz.3.690'. [ 154.613605][ T39] audit: type=1400 audit(154.501:592): avc: denied { bind } for pid=7840 comm="syz.1.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 155.569579][ T5349] Bluetooth: hci1: command tx timeout [ 155.666251][ T39] audit: type=1400 audit(155.551:593): avc: denied { write } for pid=7858 comm="syz.1.701" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 155.689415][ T39] audit: type=1400 audit(155.571:594): avc: denied { connect } for pid=7858 comm="syz.1.701" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 155.699446][ T39] audit: type=1400 audit(155.581:595): avc: denied { read } for pid=7858 comm="syz.1.701" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 155.771345][ T39] audit: type=1326 audit(155.651:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7865 comm="syz.3.703" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd417d7dff9 code=0x0 [ 155.787124][ T7845] kexec: Could not allocate control_code_buffer [ 156.626037][ T7883] FAULT_INJECTION: forcing a failure. [ 156.626037][ T7883] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 156.633463][ T7883] CPU: 3 UID: 0 PID: 7883 Comm: syz.3.709 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 156.636242][ T7883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 156.639037][ T7883] Call Trace: [ 156.639917][ T7883] [ 156.640714][ T7883] dump_stack_lvl+0x16c/0x1f0 [ 156.641975][ T7883] should_fail_ex+0x497/0x5b0 [ 156.643223][ T7883] _copy_from_user+0x30/0xf0 [ 156.644437][ T7883] move_addr_to_kernel+0x68/0x160 [ 156.645776][ T7883] __sys_connect+0xb4/0x180 [ 156.646969][ T7883] ? __pfx___sys_connect+0x10/0x10 [ 156.648315][ T7883] ? __pfx_ksys_write+0x10/0x10 [ 156.649614][ T7883] __x64_sys_connect+0x72/0xb0 [ 156.650878][ T7883] ? lockdep_hardirqs_on+0x7c/0x110 [ 156.652243][ T7883] do_syscall_64+0xcd/0x250 [ 156.653449][ T7883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.654991][ T7883] RIP: 0033:0x7fd417d7dff9 [ 156.656163][ T7883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.661181][ T7883] RSP: 002b:00007fd418b5a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 156.663350][ T7883] RAX: ffffffffffffffda RBX: 00007fd417f35f80 RCX: 00007fd417d7dff9 [ 156.665413][ T7883] RDX: 000000000000001e RSI: 0000000020000140 RDI: 0000000000000005 [ 156.667521][ T7883] RBP: 00007fd418b5a090 R08: 0000000000000000 R09: 0000000000000000 [ 156.669845][ T7883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 156.672653][ T7883] R13: 0000000000000000 R14: 00007fd417f35f80 R15: 00007fff1312b988 [ 156.675519][ T7883] [ 157.649604][ T5349] Bluetooth: hci1: command tx timeout [ 157.819873][ T39] audit: type=1400 audit(157.711:597): avc: denied { setopt } for pid=7897 comm="syz.2.714" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 159.053327][ T39] audit: type=1400 audit(158.941:598): avc: denied { create } for pid=7918 comm="syz.3.721" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 159.716805][ T7894] kexec: Could not allocate control_code_buffer [ 160.088745][ T7936] EXT4-fs warning (device sda1): verify_group_input:136: Cannot add at group 262395 (only 8 groups) [ 160.291814][ T5348] Bluetooth: hci0: command 0x0401 tx timeout [ 160.323903][ T39] audit: type=1400 audit(160.211:599): avc: denied { map } for pid=7948 comm="syz.3.729" path="socket:[34166]" dev="sockfs" ino=34166 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 160.330337][ T39] audit: type=1400 audit(160.211:600): avc: denied { read } for pid=7948 comm="syz.3.729" path="socket:[34166]" dev="sockfs" ino=34166 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 160.812091][ T39] audit: type=1400 audit(160.701:601): avc: denied { connect } for pid=7960 comm="syz.0.733" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 160.850549][ T5349] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 160.854023][ T5349] CPU: 2 UID: 0 PID: 5349 Comm: kworker/u33:7 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 160.854517][ T39] audit: type=1400 audit(160.741:602): avc: denied { write } for pid=7964 comm="syz.0.734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 160.856888][ T5349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 160.864550][ T5349] Workqueue: hci3 hci_rx_work [ 160.865819][ T5349] Call Trace: [ 160.866696][ T5349] [ 160.867476][ T5349] dump_stack_lvl+0x16c/0x1f0 [ 160.868728][ T5349] sysfs_warn_dup+0x7f/0xa0 [ 160.869924][ T5349] sysfs_create_dir_ns+0x24d/0x2b0 [ 160.871257][ T5349] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 160.872728][ T5349] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 160.874130][ T5349] ? kobject_add_internal+0x12d/0x990 [ 160.875582][ T5349] ? do_raw_spin_unlock+0x172/0x230 [ 160.876970][ T5349] kobject_add_internal+0x2c8/0x990 [ 160.878327][ T5349] kobject_add+0x16f/0x240 [ 160.879504][ T5349] ? __pfx_kobject_add+0x10/0x10 [ 160.880818][ T5349] ? class_to_subsys+0x3e/0x160 [ 160.882105][ T5349] ? do_raw_spin_unlock+0x172/0x230 [ 160.883462][ T5349] ? kobject_put+0xab/0x5a0 [ 160.884661][ T5349] device_add+0x289/0x1a70 [ 160.885842][ T5349] ? __pfx_dev_set_name+0x10/0x10 [ 160.887156][ T5349] ? __pfx_device_add+0x10/0x10 [ 160.888435][ T5349] ? mgmt_send_event_skb+0x2f2/0x460 [ 160.889835][ T5349] hci_conn_add_sysfs+0x17e/0x230 [ 160.891153][ T5349] le_conn_complete_evt+0x1078/0x1d80 [ 160.892557][ T5349] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 160.894043][ T5349] ? trace_contention_end+0xea/0x140 [ 160.895464][ T5349] hci_le_enh_conn_complete_evt+0x23d/0x380 [ 160.897017][ T5349] ? skb_pull_data+0x166/0x210 [ 160.898286][ T5349] hci_le_meta_evt+0x2e2/0x5d0 [ 160.899690][ T5349] ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10 [ 160.901432][ T5349] hci_event_packet+0x666/0x1180 [ 160.902729][ T5349] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 160.904101][ T5349] ? __pfx_hci_event_packet+0x10/0x10 [ 160.905506][ T5349] ? mark_held_locks+0x9f/0xe0 [ 160.906764][ T5349] ? kcov_remote_start+0x3cf/0x6e0 [ 160.908122][ T5349] ? lockdep_hardirqs_on+0x7c/0x110 [ 160.909500][ T5349] hci_rx_work+0x2c6/0x16c0 [ 160.910685][ T5349] ? lock_acquire+0x2f/0xb0 [ 160.911863][ T5349] ? process_one_work+0x921/0x1ba0 [ 160.913198][ T5349] process_one_work+0x9c5/0x1ba0 [ 160.914484][ T5349] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 160.915976][ T5349] ? __pfx_process_one_work+0x10/0x10 [ 160.917371][ T5349] ? assign_work+0x1a0/0x250 [ 160.918575][ T5349] worker_thread+0x6c8/0xf00 [ 160.919781][ T5349] ? __pfx_worker_thread+0x10/0x10 [ 160.921133][ T5349] kthread+0x2c1/0x3a0 [ 160.922204][ T5349] ? _raw_spin_unlock_irq+0x23/0x50 [ 160.923558][ T5349] ? __pfx_kthread+0x10/0x10 [ 160.924770][ T5349] ret_from_fork+0x45/0x80 [ 160.925987][ T5349] ? __pfx_kthread+0x10/0x10 [ 160.927192][ T5349] ret_from_fork_asm+0x1a/0x30 [ 160.928488][ T5349] [ 160.929683][ T5349] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 160.933795][ T5349] Bluetooth: hci3: failed to register connection device [ 161.302462][ T7959] Bluetooth: hci2: Opcode 0x0401 failed: -4 [ 161.353463][ T7975] Illegal XDP return value 4294967262 on prog (id 285) dev N/A, expect packet loss! [ 161.359257][ T39] audit: type=1400 audit(161.241:603): avc: denied { setopt } for pid=7974 comm="syz.3.737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1 [ 161.496691][ T7977] program syz.3.738 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 161.618333][ T7981] nvme_fabrics: missing parameter 'transport=%s' [ 161.620268][ T7981] nvme_fabrics: missing parameter 'nqn=%s' [ 161.778240][ T5348] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 162.379769][ T5397] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 162.534312][ T5349] Bluetooth: hci2: command 0x0401 tx timeout [ 162.560059][ T5397] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 162.562969][ T5397] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.565315][ T5397] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.570463][ T5397] usb 7-1: config 0 interface 0 has no altsetting 0 [ 162.575271][ T5397] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.577608][ T5397] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.582735][ T5397] usb 7-1: config 0 interface 0 has no altsetting 0 [ 162.585539][ T5397] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.587919][ T5397] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.592484][ T5397] usb 7-1: config 0 interface 0 has no altsetting 0 [ 162.594941][ T5397] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.597262][ T5397] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.602137][ T5397] usb 7-1: config 0 interface 0 has no altsetting 0 [ 162.605919][ T5397] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.608320][ T5397] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.611506][ T5397] usb 7-1: config 0 interface 0 has no altsetting 0 [ 162.615061][ T5397] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.617428][ T5397] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.621274][ T5397] usb 7-1: config 0 interface 0 has no altsetting 0 [ 162.623865][ T5397] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.626228][ T5397] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.629105][ T5397] usb 7-1: config 0 interface 0 has no altsetting 0 [ 162.631736][ T5397] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 162.634092][ T5397] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 162.636967][ T5397] usb 7-1: config 0 interface 0 has no altsetting 0 [ 162.641602][ T5397] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 162.644071][ T5397] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 162.646255][ T5397] usb 7-1: Product: syz [ 162.647367][ T5397] usb 7-1: Manufacturer: syz [ 162.648594][ T5397] usb 7-1: SerialNumber: syz [ 162.650820][ T5397] usb 7-1: config 0 descriptor?? [ 162.656340][ T5397] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 162.887536][ T8003] FAULT_INJECTION: forcing a failure. [ 162.887536][ T8003] name failslab, interval 1, probability 0, space 0, times 0 [ 162.891424][ T8003] CPU: 3 UID: 0 PID: 8003 Comm: syz.3.747 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 162.894543][ T8003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 162.897735][ T8003] Call Trace: [ 162.898755][ T8003] [ 162.899660][ T8003] dump_stack_lvl+0x16c/0x1f0 [ 162.901321][ T8003] should_fail_ex+0x497/0x5b0 [ 162.902747][ T8003] ? fs_reclaim_acquire+0xae/0x160 [ 162.904299][ T8003] should_failslab+0xc2/0x120 [ 162.905735][ T8003] __kmalloc_noprof+0xcb/0x400 [ 162.907188][ T8003] ? __pfx_perf_event_init_task+0x10/0x10 [ 162.908909][ T8003] ? audit_alloc+0xa3/0x7b0 [ 162.910281][ T8003] ? __pfx_audit_alloc+0x10/0x10 [ 162.911780][ T8003] lsm_blob_alloc+0x68/0x90 [ 162.913169][ T8003] security_task_alloc+0x2d/0x260 [ 162.914700][ T8003] copy_process+0x24cf/0x8db0 [ 162.916145][ T8003] ? __pfx___lock_acquire+0x10/0x10 [ 162.917734][ T8003] ? __pfx_copy_process+0x10/0x10 [ 162.919259][ T8003] ? get_pid_task+0xfc/0x250 [ 162.920674][ T8003] ? __pfx_lock_release+0x10/0x10 [ 162.922204][ T8003] ? trace_lock_acquire+0x14a/0x1d0 [ 162.923778][ T8003] ? find_held_lock+0x2d/0x110 [ 162.925243][ T8003] ? find_held_lock+0x2d/0x110 [ 162.926692][ T8003] kernel_clone+0xfd/0x960 [ 162.928054][ T8003] ? __pfx_kernel_clone+0x10/0x10 [ 162.929601][ T8003] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 162.931488][ T8003] __do_sys_clone+0xba/0x100 [ 162.932901][ T8003] ? __pfx___do_sys_clone+0x10/0x10 [ 162.934522][ T8003] do_syscall_64+0xcd/0x250 [ 162.935909][ T8003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.937709][ T8003] RIP: 0033:0x7fd417d7dff9 [ 162.939032][ T8004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.941551][ T8003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.947312][ T8003] RSP: 002b:00007fd418b59fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 162.949855][ T8003] RAX: ffffffffffffffda RBX: 00007fd417f35f80 RCX: 00007fd417d7dff9 [ 162.952218][ T8003] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001000 [ 162.954602][ T8003] RBP: 00007fd418b5a090 R08: 0000000000000000 R09: 0000000000000000 [ 162.956987][ T8003] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 162.959395][ T8003] R13: 0000000000000000 R14: 00007fd417f35f80 R15: 00007fff1312b988 [ 162.961809][ T8003] [ 162.963522][ T8004] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.009685][ T5349] Bluetooth: hci3: command tx timeout [ 163.011964][ T39] audit: type=1400 audit(162.901:604): avc: denied { write } for pid=8005 comm="syz.3.748" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 163.016965][ T39] audit: type=1400 audit(162.901:605): avc: denied { accept } for pid=8005 comm="syz.3.748" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 163.211916][ T7993] dccp_close: ABORT with 32 bytes unread [ 163.220349][ T8013] netlink: 'syz.3.750': attribute type 2 has an invalid length. [ 163.222260][ T8013] netlink: 'syz.3.750': attribute type 7 has an invalid length. [ 163.225146][ T8013] netlink: 8 bytes leftover after parsing attributes in process `syz.3.750'. [ 163.227369][ T8013] FAULT_INJECTION: forcing a failure. [ 163.227369][ T8013] name failslab, interval 1, probability 0, space 0, times 0 [ 163.230546][ T8013] CPU: 0 UID: 0 PID: 8013 Comm: syz.3.750 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 163.233033][ T8013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 163.235547][ T8013] Call Trace: [ 163.236359][ T8013] [ 163.237077][ T8013] dump_stack_lvl+0x16c/0x1f0 [ 163.238213][ T8013] should_fail_ex+0x497/0x5b0 [ 163.239345][ T8013] ? fs_reclaim_acquire+0xae/0x160 [ 163.240678][ T8013] should_failslab+0xc2/0x120 [ 163.241938][ T8013] __kmalloc_cache_noprof+0x6b/0x300 [ 163.243333][ T8013] ? ovs_flow_tbl_init+0x8b/0x600 [ 163.244669][ T8013] ovs_flow_tbl_init+0x8b/0x600 [ 163.245965][ T8013] ovs_dp_cmd_new+0x252/0xe50 [ 163.247217][ T8013] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 163.248598][ T8013] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 163.250893][ T8013] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 163.252921][ T8013] genl_family_rcv_msg_doit+0x202/0x2f0 [ 163.254368][ T8013] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 163.255971][ T8013] ? bpf_lsm_capable+0x9/0x10 [ 163.257218][ T8013] ? security_capable+0x7e/0x260 [ 163.258534][ T8013] ? ns_capable+0xd7/0x110 [ 163.259717][ T8013] genl_rcv_msg+0x565/0x800 [ 163.260932][ T8013] ? __pfx_genl_rcv_msg+0x10/0x10 [ 163.262257][ T8013] ? __pfx_ovs_dp_cmd_new+0x10/0x10 [ 163.263632][ T8013] netlink_rcv_skb+0x16b/0x440 [ 163.264898][ T8013] ? __pfx_genl_rcv_msg+0x10/0x10 [ 163.266219][ T8013] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 163.267610][ T8013] ? down_read+0xc9/0x330 [ 163.268760][ T8013] ? __pfx_down_read+0x10/0x10 [ 163.270043][ T8013] ? netlink_deliver_tap+0x1ae/0xd90 [ 163.271427][ T8013] genl_rcv+0x28/0x40 [ 163.272484][ T8013] netlink_unicast+0x53c/0x7f0 [ 163.273751][ T8013] ? __pfx_netlink_unicast+0x10/0x10 [ 163.275134][ T8013] netlink_sendmsg+0x8b8/0xd70 [ 163.276393][ T8013] ? __pfx_netlink_sendmsg+0x10/0x10 [ 163.277780][ T8013] ? __import_iovec+0x1fd/0x6e0 [ 163.279061][ T8013] ____sys_sendmsg+0xaaf/0xc90 [ 163.280320][ T8013] ? copy_msghdr_from_user+0x10b/0x160 [ 163.281765][ T8013] ? __pfx_____sys_sendmsg+0x10/0x10 [ 163.283149][ T8013] ? __pfx___lock_acquire+0x10/0x10 [ 163.284510][ T8013] ___sys_sendmsg+0x135/0x1e0 [ 163.285770][ T8013] ? __pfx____sys_sendmsg+0x10/0x10 [ 163.287148][ T8013] ? lock_acquire+0x2f/0xb0 [ 163.288344][ T8013] ? __fget_files+0x40/0x3f0 [ 163.289579][ T8013] ? fdget+0x176/0x210 [ 163.290672][ T8013] __sys_sendmsg+0x117/0x1f0 [ 163.291893][ T8013] ? __pfx___sys_sendmsg+0x10/0x10 [ 163.293276][ T8013] ? __fget_files+0x244/0x3f0 [ 163.294532][ T8013] do_syscall_64+0xcd/0x250 [ 163.295739][ T8013] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.297301][ T8013] RIP: 0033:0x7fd417d7dff9 [ 163.298484][ T8013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.303571][ T8013] RSP: 002b:00007fd418b5a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 163.305762][ T8013] RAX: ffffffffffffffda RBX: 00007fd417f35f80 RCX: 00007fd417d7dff9 [ 163.307827][ T8013] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000005 [ 163.309898][ T8013] RBP: 00007fd418b5a090 R08: 0000000000000000 R09: 0000000000000000 [ 163.311957][ T8013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 163.314018][ T8013] R13: 0000000000000000 R14: 00007fd417f35f80 R15: 00007fff1312b988 [ 163.316080][ T8013] [ 163.613249][ T39] audit: type=1400 audit(163.501:606): avc: denied { append } for pid=8026 comm="syz.3.755" name="nbd3" dev="devtmpfs" ino=677 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 163.829534][ T8033] nbd3: detected capacity change from 0 to 12 [ 163.835136][ T8036] block nbd3: Send control failed (result -89) [ 163.837136][ T8036] block nbd3: Request send failed, requeueing [ 163.839836][ T8034] block nbd3: NBD_DISCONNECT [ 163.840906][ T5349] block nbd3: Receive control failed (result -32) [ 163.843493][ T8034] block nbd3: Send disconnect failed -89 [ 163.845456][ T51] block nbd3: Dead connection, failed to find a fallback [ 163.847652][ T51] block nbd3: shutting down sockets [ 163.849672][ T51] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 163.852355][ T51] Buffer I/O error on dev nbd3, logical block 0, async page read [ 163.854728][ T8036] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 163.857478][ T8036] Buffer I/O error on dev nbd3, logical block 0, async page read [ 163.860514][ T8036] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 163.862900][ T8036] Buffer I/O error on dev nbd3, logical block 0, async page read [ 163.864986][ T8036] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 163.867335][ T8036] Buffer I/O error on dev nbd3, logical block 0, async page read [ 163.869595][ T8036] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 163.872084][ T8036] Buffer I/O error on dev nbd3, logical block 0, async page read [ 163.879323][ T8036] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 163.881870][ T8036] Buffer I/O error on dev nbd3, logical block 0, async page read [ 163.884016][ T8036] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 163.886457][ T8036] Buffer I/O error on dev nbd3, logical block 0, async page read [ 163.888628][ T8036] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 163.891215][ T8036] Buffer I/O error on dev nbd3, logical block 0, async page read [ 163.893204][ T8036] ldm_validate_partition_table(): Disk read failed. [ 163.895071][ T8036] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 163.897515][ T8036] Buffer I/O error on dev nbd3, logical block 0, async page read [ 163.899895][ T8036] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 163.902301][ T8036] Buffer I/O error on dev nbd3, logical block 0, async page read [ 163.904871][ T8036] Dev nbd3: unable to read RDB block 0 [ 163.906461][ T8036] nbd3: unable to read partition table [ 163.908015][ T8036] nbd3: partition table beyond EOD, truncated [ 164.672661][ T39] audit: type=1400 audit(164.561:607): avc: denied { create } for pid=8049 comm="syz.0.761" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 164.678154][ T39] audit: type=1400 audit(164.561:608): avc: denied { connect } for pid=8049 comm="syz.0.761" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 164.692173][ T8050] netlink: 104 bytes leftover after parsing attributes in process `syz.0.761'. [ 164.929679][ C1] usb 7-1: yurex_control_callback - control failed: -2 [ 164.933407][ T57] usb 7-1: USB disconnect, device number 10 [ 164.935913][ T57] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 165.636980][ T39] kauditd_printk_skb: 4 callbacks suppressed [ 165.636994][ T39] audit: type=1400 audit(165.521:613): avc: denied { ioctl } for pid=8083 comm="syz.2.772" path="socket:[38021]" dev="sockfs" ino=38021 ioctlcmd=0x89e5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 165.773404][ T9] IPVS: starting estimator thread 0... [ 165.775286][ T39] audit: type=1400 audit(165.661:614): avc: denied { write } for pid=8083 comm="syz.2.772" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 165.859573][ T8088] IPVS: using max 35 ests per chain, 84000 per kthread [ 165.877020][ T39] audit: type=1400 audit(165.761:615): avc: denied { bind } for pid=8089 comm="syz.0.774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 165.882015][ T39] audit: type=1400 audit(165.761:616): avc: denied { listen } for pid=8089 comm="syz.0.774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 165.890341][ T39] audit: type=1400 audit(165.771:617): avc: denied { read } for pid=8089 comm="syz.0.774" path="socket:[34610]" dev="sockfs" ino=34610 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 166.486056][ T39] audit: type=1400 audit(166.371:618): avc: denied { read } for pid=8117 comm="syz.1.783" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 166.495957][ T39] audit: type=1400 audit(166.371:619): avc: denied { open } for pid=8117 comm="syz.1.783" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 166.496255][ T8118] autofs4:pid:8118:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(120.1), cmd(0xc018937e) [ 166.502051][ T39] audit: type=1400 audit(166.381:620): avc: denied { ioctl } for pid=8117 comm="syz.1.783" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 166.505625][ T8118] autofs4:pid:8118:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e) [ 166.549676][ T73] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 166.699679][ T73] usb 5-1: Using ep0 maxpacket: 8 [ 166.703563][ T73] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.707802][ T73] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.715512][ T73] usb 5-1: New USB device found, idVendor=0b05, idProduct=18c6, bcdDevice= 0.00 [ 166.722477][ T73] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.923765][ T73] usb 5-1: config 0 descriptor?? [ 167.370959][ T73] usbhid 5-1:0.0: can't add hid device: -71 [ 167.373412][ T73] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 167.376192][ T73] usb 5-1: USB disconnect, device number 11 [ 167.623878][ T39] audit: type=1400 audit(167.511:621): avc: denied { ioctl } for pid=8145 comm="syz.2.793" path="socket:[38091]" dev="sockfs" ino=38091 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 167.981117][ T8153] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.794'. [ 167.998524][ T8155] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.794'. [ 168.015787][ T8153] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.794'. [ 168.025674][ T8153] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.794'. [ 168.164313][ T8158] netlink: 32 bytes leftover after parsing attributes in process `syz.1.795'. [ 168.170384][ T73] IPVS: starting estimator thread 0... [ 168.269687][ T8159] IPVS: using max 34 ests per chain, 81600 per kthread [ 168.818605][ T8178] netlink: 4 bytes leftover after parsing attributes in process `syz.1.803'. [ 168.905640][ T8178] team0 (unregistering): Port device team_slave_0 removed [ 168.910726][ T8178] team0 (unregistering): Port device team_slave_1 removed [ 169.061206][ T8189] ------------[ cut here ]------------ [ 169.063150][ T8189] kmem_cache of name '9p-fcall-cache' already exists [ 169.065003][ T8189] WARNING: CPU: 2 PID: 8189 at mm/slab_common.c:107 __kmem_cache_create_args+0xb0/0x3c0 [ 169.067516][ T8189] Modules linked in: [ 169.068882][ T8189] CPU: 2 UID: 0 PID: 8189 Comm: syz.1.808 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 169.073173][ T8189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 169.075937][ T8189] RIP: 0010:__kmem_cache_create_args+0xb0/0x3c0 [ 169.077583][ T8189] Code: 98 48 3d f0 d5 31 8e 74 25 48 8b 7b 60 48 89 ee e8 85 5c 42 09 85 c0 75 e0 90 48 c7 c7 20 0c 7b 8d 48 89 ee e8 11 18 7e ff 90 <0f> 0b 90 90 be 20 00 00 00 48 89 ef e8 0f 5e 42 09 48 85 c0 0f 85 [ 169.083183][ T8189] RSP: 0018:ffffc9000497f900 EFLAGS: 00010282 [ 169.084780][ T8189] RAX: 0000000000000000 RBX: ffff88802c777680 RCX: ffffc900271c8000 [ 169.086818][ T8189] RDX: 0000000000040000 RSI: ffffffff814e71b6 RDI: 0000000000000001 [ 169.088870][ T8189] RBP: ffffffff8cc38fa0 R08: 0000000000000001 R09: 0000000000000000 [ 169.091332][ T8189] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 169.093420][ T8189] R13: 0000000000020018 R14: ffffc9000497f9f0 R15: 0000000000020018 [ 169.095476][ T8189] FS: 00007f06a63846c0(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000 [ 169.097807][ T8189] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 169.099829][ T8189] CR2: 00007f06a6383f98 CR3: 000000002935e000 CR4: 0000000000352ef0 [ 169.101933][ T8189] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 169.104380][ T8189] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 169.106450][ T8189] Call Trace: [ 169.107328][ T8189] [ 169.108108][ T8189] ? __warn+0xea/0x3d0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 169.109198][ T8189] ? __kmem_cache_create_args+0xb0/0x3c0 [ 169.110918][ T8189] ? report_bug+0x3c0/0x580 [ 169.112146][ T8189] ? handle_bug+0x54/0xa0 [ 169.113308][ T8189] ? exc_invalid_op+0x17/0x50 [ 169.114561][ T8189] ? asm_exc_invalid_op+0x1a/0x20 [ 169.116001][ T8189] ? __warn_printk+0x1a6/0x350 [ 169.117390][ T8189] ? __kmem_cache_create_args+0xb0/0x3c0 [ 169.118887][ T8189] p9_client_create+0xebd/0x11b0 [ 169.120405][ T8189] ? __pfx_p9_client_create+0x10/0x10 [ 169.121849][ T8189] ? __raw_spin_lock_init+0x3a/0x110 [ 169.123255][ T8189] v9fs_session_init+0x1f8/0x1a80 [ 169.124598][ T8189] ? __pfx_v9fs_session_init+0x10/0x10 [ 169.126046][ T8189] ? kasan_save_track+0x14/0x30 [ 169.127338][ T8189] v9fs_mount+0xc6/0xa50 [ 169.128469][ T8189] ? __pfx_v9fs_mount+0x10/0x10 [ 169.129846][ T8189] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 169.131336][ T8189] ? kasan_save_track+0x14/0x30 [ 169.132631][ T8189] ? cap_capable+0x1cf/0x240 [ 169.133882][ T8189] ? __pfx_v9fs_mount+0x10/0x10 [ 169.135173][ T8189] legacy_get_tree+0x109/0x220 [ 169.136449][ T8189] vfs_get_tree+0x8f/0x380 [ 169.137676][ T8189] path_mount+0x14e6/0x1f20 [ 169.138897][ T8189] ? kmem_cache_free+0x152/0x4b0 [ 169.140278][ T8189] ? __pfx_path_mount+0x10/0x10 [ 169.141613][ T8189] ? putname+0x12e/0x170 [ 169.142773][ T8189] __x64_sys_mount+0x294/0x320 [ 169.144059][ T8189] ? __pfx___x64_sys_mount+0x10/0x10 [ 169.145489][ T8189] do_syscall_64+0xcd/0x250 [ 169.146704][ T8189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.148267][ T8189] RIP: 0033:0x7f06a557dff9 [ 169.149538][ T8189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.154558][ T8189] RSP: 002b:00007f06a6384038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 169.156751][ T8189] RAX: ffffffffffffffda RBX: 00007f06a5735f80 RCX: 00007f06a557dff9 [ 169.158842][ T8189] RDX: 00000000200004c0 RSI: 0000000020000480 RDI: 00000000200001c0 [ 169.161057][ T8189] RBP: 00007f06a55f0296 R08: 0000000000000000 R09: 0000000000000000 [ 169.163138][ T8189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 169.165222][ T8189] R13: 0000000000000000 R14: 00007f06a5735f80 R15: 00007ffcbf76fdd8 [ 169.167308][ T8189] [ 169.168139][ T8189] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 169.170067][ T8189] CPU: 2 UID: 0 PID: 8189 Comm: syz.1.808 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 169.172827][ T8189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 169.175635][ T8189] Call Trace: [ 169.176532][ T8189] [ 169.177330][ T8189] dump_stack_lvl+0x3d/0x1f0 [ 169.178572][ T8189] panic+0x71d/0x800 [ 169.179629][ T8189] ? __pfx_panic+0x10/0x10 [ 169.180898][ T8189] ? show_trace_log_lvl+0x29d/0x3d0 [ 169.182268][ T8189] ? __kmem_cache_create_args+0xb0/0x3c0 [ 169.183743][ T8189] check_panic_on_warn+0xab/0xb0 [ 169.185106][ T8189] __warn+0xf6/0x3d0 [ 169.186149][ T8189] ? __kmem_cache_create_args+0xb0/0x3c0 [ 169.187638][ T8189] report_bug+0x3c0/0x580 [ 169.188789][ T8189] handle_bug+0x54/0xa0 [ 169.189895][ T8189] exc_invalid_op+0x17/0x50 [ 169.191097][ T8189] asm_exc_invalid_op+0x1a/0x20 [ 169.192383][ T8189] RIP: 0010:__kmem_cache_create_args+0xb0/0x3c0 [ 169.194028][ T8189] Code: 98 48 3d f0 d5 31 8e 74 25 48 8b 7b 60 48 89 ee e8 85 5c 42 09 85 c0 75 e0 90 48 c7 c7 20 0c 7b 8d 48 89 ee e8 11 18 7e ff 90 <0f> 0b 90 90 be 20 00 00 00 48 89 ef e8 0f 5e 42 09 48 85 c0 0f 85 [ 169.199007][ T8189] RSP: 0018:ffffc9000497f900 EFLAGS: 00010282 [ 169.200604][ T8189] RAX: 0000000000000000 RBX: ffff88802c777680 RCX: ffffc900271c8000 [ 169.202664][ T8189] RDX: 0000000000040000 RSI: ffffffff814e71b6 RDI: 0000000000000001 [ 169.204720][ T8189] RBP: ffffffff8cc38fa0 R08: 0000000000000001 R09: 0000000000000000 [ 169.206797][ T8189] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 169.208859][ T8189] R13: 0000000000020018 R14: ffffc9000497f9f0 R15: 0000000000020018 [ 169.210910][ T8189] ? __warn_printk+0x1a6/0x350 [ 169.212168][ T8189] p9_client_create+0xebd/0x11b0 [ 169.213480][ T8189] ? __pfx_p9_client_create+0x10/0x10 [ 169.214894][ T8189] ? __raw_spin_lock_init+0x3a/0x110 [ 169.216279][ T8189] v9fs_session_init+0x1f8/0x1a80 [ 169.217637][ T8189] ? __pfx_v9fs_session_init+0x10/0x10 [ 169.219061][ T8189] ? kasan_save_track+0x14/0x30 [ 169.220349][ T8189] v9fs_mount+0xc6/0xa50 [ 169.221474][ T8189] ? __pfx_v9fs_mount+0x10/0x10 [ 169.222756][ T8189] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 169.224219][ T8189] ? kasan_save_track+0x14/0x30 [ 169.225480][ T8189] ? cap_capable+0x1cf/0x240 [ 169.226681][ T8189] ? __pfx_v9fs_mount+0x10/0x10 [ 169.227970][ T8189] legacy_get_tree+0x109/0x220 [ 169.229248][ T8189] vfs_get_tree+0x8f/0x380 [ 169.230436][ T8189] path_mount+0x14e6/0x1f20 [ 169.231644][ T8189] ? kmem_cache_free+0x152/0x4b0 [ 169.232960][ T8189] ? __pfx_path_mount+0x10/0x10 [ 169.234250][ T8189] ? putname+0x12e/0x170 [ 169.235375][ T8189] __x64_sys_mount+0x294/0x320 [ 169.236655][ T8189] ? __pfx___x64_sys_mount+0x10/0x10 [ 169.238055][ T8189] do_syscall_64+0xcd/0x250 [ 169.239266][ T8189] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.240840][ T8189] RIP: 0033:0x7f06a557dff9 [ 169.242027][ T8189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.247019][ T8189] RSP: 002b:00007f06a6384038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 169.249209][ T8189] RAX: ffffffffffffffda RBX: 00007f06a5735f80 RCX: 00007f06a557dff9 [ 169.251334][ T8189] RDX: 00000000200004c0 RSI: 0000000020000480 RDI: 00000000200001c0 [ 169.253490][ T8189] RBP: 00007f06a55f0296 R08: 0000000000000000 R09: 0000000000000000 [ 169.255553][ T8189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 169.257621][ T8189] R13: 0000000000000000 R14: 00007f06a5735f80 R15: 00007ffcbf76fdd8 [ 169.259687][ T8189] [ 169.260946][ T8189] Kernel Offset: disabled [ 169.262165][ T8189] Rebooting in 86400 seconds.. VM DIAGNOSIS: 05:41:45 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000001 RBX=1ffff920008dbe81 RCX=ffffffff816aa439 RDX=fffffbfff20be682 RSI=0000000000000008 RDI=ffffffff905f3408 RBP=0000000000000000 RSP=ffffc900046df3f8 R8 =0000000000000000 R9 =fffffbfff20be681 R10=ffffffff905f340f R11=0000000000000000 R12=ffffe8fefc666608 R13=fffffbfff1b4c370 R14=000000000003dbcc R15=dffffc0000000000 RIP=ffffffff816aa439 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007ffbcbf7c6c0 ffffffff 00c00000 GS =0000 ffff88806a600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000563e8573f000 CR3=00000000555fe000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=60d7ffb060d7ffb0 60d7ffb060d7ffb0 60d7ffb060d7ffb0 60d7ffb060d7ffb0 60d7ffb060d7ffb0 60d7ffb060d7ffb0 60d7ffb060d7ffb0 60d7ffb060d7ffb0 ZMM22=138b01a9138b01a9 138b01a9138b01a9 138b01a9138b01a9 138b01a9138b01a9 138b01a9138b01a9 138b01a9138b01a9 138b01a9138b01a9 138b01a9138b01a9 ZMM23=0ba512eb0ba512eb 0ba512eb0ba512eb 0ba512eb0ba512eb 0ba512eb0ba512eb 0ba512eb0ba512eb 0ba512eb0ba512eb 0ba512eb0ba512eb 0ba512eb0ba512eb ZMM24=dc2c9b73dc2c9b73 dc2c9b73dc2c9b73 dc2c9b73dc2c9b73 dc2c9b73dc2c9b73 dc2c9b73dc2c9b73 dc2c9b73dc2c9b73 dc2c9b73dc2c9b73 dc2c9b73dc2c9b73 ZMM25=bc818832bc818832 bc818832bc818832 bc818832bc818832 bc818832bc818832 bc818832bc818832 bc818832bc818832 bc818832bc818832 bc818832bc818832 ZMM26=4129307641293076 4129307641293076 4129307641293076 4129307641293076 4129307641293076 4129307641293076 4129307641293076 4129307641293076 ZMM27=c0c2f786c0c2f786 c0c2f786c0c2f786 c0c2f786c0c2f786 c0c2f786c0c2f786 c0c2f786c0c2f786 c0c2f786c0c2f786 c0c2f786c0c2f786 c0c2f786c0c2f786 ZMM28=000000500000004f 0000004e0000004d 0000004c0000004b 0000004a00000049 0000004800000047 0000004600000045 0000004400000043 0000004200000041 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=7f0a00007f0a0000 7f0a00007f0a0000 7f0a00007f0a0000 7f0a00007f0a0000 7f0a00007f0a0000 7f0a00007f0a0000 7f0a00007f0a0000 7f0a00007f0a0000 info registers vcpu 1 CPU#1 RAX=0000000000943639 RBX=0000000000000001 RCX=ffffffff8b21cd99 RDX=0000000000000000 RSI=ffffffff8b6cd040 RDI=ffffffff8bd19e40 RBP=ffffed1003b58910 RSP=ffffc90000187e08 R8 =0000000000000001 R9 =ffffed100d4e7025 R10=ffff88806a73812b R11=0000000000000000 R12=0000000000000001 R13=ffff88801dac4880 R14=ffffffff905f3408 R15=0000000000000000 RIP=ffffffff8b21e17f RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806a700000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000563e8573d000 CR3=00000000555fe000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000400001 Opmask01=0000000000000000 Opmask02=000000000000003f Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcb1f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcb1f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcb1f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcb1f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcb1f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcb1f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d3a8b6e1e39eea6e a8874c839e180b53 2e95aaa4ca1bd6d6 453d3a071f47075f ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 9d92dc913002996b 494654356cfe2608 b7b07c86bf6020d5 0004000700080006 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5a7e77821b653302 9ffc2957ea3b9e8e d656fc56bea3bc7d f6c548f4768cd356 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 40ba18ce59745f23 b0447b4e774d80d6 a080b083445e38b7 56665b75904f2776 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 674d67f599b17684 e96d37de7d4e33dd 5612d971ba37a371 6550ff86ec88e817 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 cde5409ddd6f40f8 b617827693d456e6 a1ea4464e4244330 0000000000000003 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 e226af40ba18ce59 745f23b0447b4e77 4d80d6a080b08344 5e38b756665b7590 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4f27765a7e77821b 6533029ffc2957ea 3b9e8ed656fc56be a3bc7df6c548f476 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000072 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff850a60f5 RDI=ffffffff9aae1b40 RBP=ffffffff9aae1b00 RSP=ffffc9000497f268 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000072 R14=ffffffff850a6090 R15=0000000000000000 RIP=ffffffff850a611f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f06a63846c0 ffffffff 00c00000 GS =0000 ffff88806a800000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f06a6383f98 CR3=000000002935e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=000000007ffbffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7dd8c7af6ef0fe66 a9d451acec31edb3 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5395091d0ab1b60f d1fa1ce682207869 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1aa5b1220a6037d1 96bed6b5907016a9 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f50e400a15c3aa73 7bc6227b2cd25a11 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000003dc0 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000006781 4bd84300f96cc600 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000678000000000 0000678500006783 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000c8cd7600 58953d0036c08e00 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 84e53400bc86f000 000067824f81a800 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4aef401e2a27c920 4346a4bf9cb83a8a ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 8ddb3a950dc52f97 3a364387485d1889 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f06a570b488 00007f06a570b480 00007f06a570b478 00007f06a570b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f06a626d100 00007f06a570b440 00007f06a570b458 00007f06a570b4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f06a570b498 00007f06a570b490 00007f06a570b488 00007f06a570b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000080000000 RBX=ffff88805a784f00 RCX=ffffffff89c15223 RDX=ffff888028dc4880 RSI=ffffffff89c15231 RDI=0000000000000001 RBP=ffff8880318ad280 RSP=ffffc90004787808 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000000 R12=0000000000000002 R13=0000000000000000 R14=0000000000000000 R15=ffff8880318ad7e8 RIP=ffffffff818d818b RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007ffbcbfbe6c0 ffffffff 00c00000 GS =0000 ffff88806a900000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007ffbcbf9cf98 CR3=00000000555fe000 CR4=00352ef0 DR0=fffffffffffffffc DR1=0000000000000000 DR2=0000000000000002 DR3=0000000000000800 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000208001 Opmask01=0000000000000000 Opmask02=000000007ffbffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcb1f1133 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcb1f1140 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcb1f113a ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcb1f114e ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcb1f11d4 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcb1f12b2 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcb30b488 00007ffbcb30b480 00007ffbcb30b478 00007ffbcb30b450 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcbe6d100 00007ffbcb30b440 00007ffbcb30b458 00007ffbcb30b4a0 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffbcb30b498 00007ffbcb30b490 00007ffbcb30b488 00007ffbcb30b480 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000