last executing test programs: 7.594857456s ago: executing program 2 (id=1314): r0 = memfd_secret(0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x12, 0xb, &(0x7f0000000340)=ANY=[@ANYRES64=r0], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x0, 0x0, 0xfffffffffffffe12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet6(0xa, 0x3, 0x7) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x26e1, 0x0) syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r2, 0x5, 0x4, 0x800}, 0x48) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xa, &(0x7f0000000380)={0xd, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2) r3 = getpgid(0xffffffffffffffff) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) shutdown(r2, 0x2) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r6, 0x0) r7 = openat$6lowpan_control(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$6lowpan_control(r7, &(0x7f0000000080)='connect aa:aa:aa:aa:aa:11 0', 0x1b) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYRES64=r5, @ANYRES8=r1, @ANYRESHEX=r7], 0x22) r8 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f0000000140)={0x0, 0xa, 0x2}) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, 0x0, 0x0) sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000003e40)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3f305067}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "9c"}]}, @NFT_MSG_DELFLOWTABLE={0x48, 0x18, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xfb41}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0xd62}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0xe0}}, 0x0) socket(0x0, 0x0, 0x0) ptrace$getenv(0x4201, r3, 0x4, &(0x7f0000000180)) 6.454603791s ago: executing program 2 (id=1318): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socket(0x200000100000011, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), 0x0, &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"]) chdir(&(0x7f0000000280)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x420001, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0) pwritev2(r3, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) writev(r5, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240e00005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484e240003000000f7c08bfcd111fbdf23ea32db0e8f21d5bc27bd8063067a0689fff2a41cfbf0e9", 0x2a}], 0x2) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000a58000/0x2000)=nil}) ioctl$KVM_KVMCLOCK_CTRL(r7, 0xaead) ioctl$KVM_RUN(r7, 0xae80, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000140)) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0) 5.791684077s ago: executing program 0 (id=1322): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(0x0, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0) splice(r3, 0x0, r1, 0x0, 0xf3a, 0x0) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) vmsplice(r0, &(0x7f0000000840)=[{&(0x7f00000004c0)="cf", 0x1}], 0x1, 0x0) write$binfmt_elf64(r2, &(0x7f0000000380)=ANY=[], 0x18c6) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket(0x0, 0x800, 0x0) 5.612788158s ago: executing program 0 (id=1323): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socket(0x200000100000011, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"]) chdir(&(0x7f0000000280)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x420001, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0) pwritev2(r3, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) writev(r5, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240e00005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484e240003000000f7c08bfcd111fbdf23ea32db0e8f21d5bc27bd8063067a0689fff2a41cfbf0e9", 0x2a}], 0x2) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000a58000/0x2000)=nil}) ioctl$KVM_KVMCLOCK_CTRL(r7, 0xaead) ioctl$KVM_RUN(r7, 0xae80, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000140)) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0) 5.225964876s ago: executing program 2 (id=1325): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1, 0x1}, 0x48) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @none}, 0xe) setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000005e00), 0x4) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@mpls_newroute={0xa0, 0x18, 0x601, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}, [@RTA_NEWDST={0x84}]}, 0xa0}}, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r0, 0x58, &(0x7f0000000a00)={0x0, 0x0}}, 0x10) ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f0000000280)=@add_del={0x2, &(0x7f0000000240)='syzkaller1\x00'}) prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000a80)={r3}, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0x6, 0x1, 0x0, 0x0, @str='\x17\x00'}]}, 0x1c}}, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000000), r5) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) 4.870132288s ago: executing program 3 (id=1327): openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) epoll_create1(0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) ftruncate(0xffffffffffffffff, 0x0) r2 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x404401c}, 0x4048c40) sendmmsg$inet(0xffffffffffffffff, &(0x7f000000be00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000000000002a981e730beeb73a860000000007400000ff2400973341f8378d4470251516a6ac3e578d9d2e60f512c76b6c23d9458579f9000000000000000000ff698a12c130dfbff89415ee90c62e2efe83fb39f86d1db2ff222b164dedfddf2490382cbff47fd9933defa0e9a7a4d76cdda2ee38c37ebf1fbd11f908ae2a64d186ab3471b38575af5ce5c9e9159327e3afdf56239b32775b6b9cb185e6492f6e86b64244bd0000000000000000000000002e26c99c44c09c19bda6"], 0x10}}], 0x1, 0x81) r3 = socket(0x840000000002, 0x3, 0x100) connect$inet(r3, &(0x7f00000005c0)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0]}) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x4000) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x7]}) 4.750145873s ago: executing program 0 (id=1328): openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0), 0x0, 0x0) syz_open_procfs(0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) r2 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x404401c}, 0x4048c40) sendmmsg$inet(0xffffffffffffffff, &(0x7f000000be00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000000000002a981e730beeb73a860000000007400000ff2400973341f8378d4470251516a6ac3e578d9d2e60f512c76b6c23d9458579f9000000000000000000ff698a12c130dfbff89415ee90c62e2efe83fb39f86d1db2ff222b164dedfddf2490382cbff47fd9933defa0e9a7a4d76cdda2ee38c37ebf1fbd11f908ae2a64d186ab3471b38575af5ce5c9e9159327e3afdf56239b32775b6b9cb185e6492f6e86b64244bd0000000000000000000000002e26c99c44c09c19bda6"], 0x10}}], 0x1, 0x81) r3 = socket(0x840000000002, 0x3, 0x100) connect$inet(r3, &(0x7f00000005c0)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0]}) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x4000) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x7]}) 3.91653262s ago: executing program 2 (id=1330): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361636865"]) chdir(&(0x7f0000000280)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x420001, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0) pwritev2(r3, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) writev(r5, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240e00005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484e240003000000f7c08bfcd111fbdf23ea32db0e8f21d5bc27bd8063067a0689fff2a41cfbf0e9", 0x2a}], 0x2) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000a58000/0x2000)=nil}) ioctl$KVM_KVMCLOCK_CTRL(r7, 0xaead) ioctl$KVM_RUN(r7, 0xae80, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000140)) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0) 3.771667047s ago: executing program 3 (id=1331): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(0x0, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0) splice(r3, 0x0, r1, 0x0, 0xf3a, 0x0) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) vmsplice(r0, &(0x7f0000000840)=[{&(0x7f00000004c0)="cf", 0x1}], 0x1, 0x0) write$binfmt_elf64(r2, &(0x7f0000000380)=ANY=[], 0x18c6) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket(0x2c, 0x0, 0x0) 3.608081454s ago: executing program 3 (id=1332): openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) r2 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x404401c}, 0x4048c40) sendmmsg$inet(0xffffffffffffffff, &(0x7f000000be00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000000000002a981e730beeb73a860000000007400000ff2400973341f8378d4470251516a6ac3e578d9d2e60f512c76b6c23d9458579f9000000000000000000ff698a12c130dfbff89415ee90c62e2efe83fb39f86d1db2ff222b164dedfddf2490382cbff47fd9933defa0e9a7a4d76cdda2ee38c37ebf1fbd11f908ae2a64d186ab3471b38575af5ce5c9e9159327e3afdf56239b32775b6b9cb185e6492f6e86b64244bd0000000000000000000000002e26c99c44c09c19bda6"], 0x10}}], 0x1, 0x81) r3 = socket(0x840000000002, 0x3, 0x100) connect$inet(r3, &(0x7f00000005c0)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0]}) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x4000) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x7]}) 3.595244935s ago: executing program 0 (id=1333): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(0x0, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0) splice(r3, 0x0, r1, 0x0, 0xf3a, 0x0) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) vmsplice(r0, &(0x7f0000000840)=[{&(0x7f00000004c0)="cf", 0x1}], 0x1, 0x0) write$binfmt_elf64(r2, 0x0, 0x18c6) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x1, 0x0, 0x8, 0x39, 0xffffffffffffffff, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x0, 0xa}, 0x48) socket(0x2c, 0x800, 0x0) 3.491860482s ago: executing program 1 (id=1334): openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) epoll_create1(0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) ftruncate(0xffffffffffffffff, 0x0) r2 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x4048c40) sendmmsg$inet(0xffffffffffffffff, &(0x7f000000be00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000000000002a981e730beeb73a860000000007400000ff2400973341f8378d4470251516a6ac3e578d9d2e60f512c76b6c23d9458579f9000000000000000000ff698a12c130dfbff89415ee90c62e2efe83fb39f86d1db2ff222b164dedfddf2490382cbff47fd9933defa0e9a7a4d76cdda2ee38c37ebf1fbd11f908ae2a64d186ab3471b38575af5ce5c9e9159327e3afdf56239b32775b6b9cb185e6492f6e86b64244bd0000000000000000000000002e26c99c44c09c19bda6"], 0x10}}], 0x1, 0x81) r3 = socket(0x840000000002, 0x3, 0x100) connect$inet(r3, &(0x7f00000005c0)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0]}) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x4000) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x7]}) 3.072290183s ago: executing program 3 (id=1335): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = getpid() r2 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r2, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) ioctl$BTRFS_IOC_ADD_DEV(r2, 0x5000940a, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet(0x2, 0x2, 0x1) setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0) sendmsg$inet(r3, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="08001efb3e6f0000", 0x8}], 0x1, 0x0, 0x0, 0xe0000000}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0c", 0x44, 0x20000000, 0x0, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90b, 0xf4c, '\x00', @p_u16=&(0x7f00000000c0)}}) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1000}, 0x4) r5 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x5865}, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00') fchdir(r6) socket$tipc(0x1e, 0x2, 0x0) 2.923432917s ago: executing program 1 (id=1336): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x18}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bond0\x00'}) socket$nl_route(0x10, 0x3, 0x0) r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) getpeername(0xffffffffffffffff, 0x0, &(0x7f00000002c0)) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000200)=ANY=[@ANYBLOB="000a01000000"], 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r4, 0x80015b12, 0x0) read$char_usb(r3, 0x0, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) socket(0x1e, 0x5, 0x0) 2.696235706s ago: executing program 0 (id=1337): ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x0, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x18}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond0\x00'}) r2 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r2, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000200)=ANY=[@ANYBLOB="000a01000000"], 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGMASK(r3, 0x80015b12, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_control_io$uac1(r2, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) 2.636835882s ago: executing program 2 (id=1338): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socket(0x200000100000011, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d"]) chdir(&(0x7f0000000280)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x420001, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0) pwritev2(r3, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) writev(r5, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240e00005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484e240003000000f7c08bfcd111fbdf23ea32db0e8f21d5bc27bd8063067a0689fff2a41cfbf0e9", 0x2a}], 0x2) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000a58000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000000000014d564b00000000af"]) ioctl$KVM_KVMCLOCK_CTRL(r7, 0xaead) ioctl$KVM_RUN(r7, 0xae80, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000140)) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0) 2.380197875s ago: executing program 1 (id=1339): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = getpid() r2 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r2, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) ioctl$BTRFS_IOC_ADD_DEV(r2, 0x5000940a, &(0x7f0000000300)={{}, "61fcc0d029bb3f7143155aa66c4690d2f5bb102883b7510cdb61103e04cf30bc7f624e2c1ba531204309fd1dd125ae72bad3feebaed5e8f2625de0ad9529e3e37e1e574b2e1c5904311259864ebb1d2ecd4a240b9b87c1fe6583d52a64e95d7d85775e2ad1386a66dcfa592939753fa9c2bc3343718cb3df357f3c1df41713a3c39ecce6237a39a6638bba5efcceabb2fc9ccb84b257d058cdfbcf288a2c2b142bc998cc148e34f1d5893e95423b9af95e5d841b0b75ead35165f1e0d72a68e08fd21478a10264c3737879a92de5832b4f2af73be0b2a0a07e75432f3a1bdc7d4dac6638f021f7d30a0b16298971026331fa412b4e339b2bd84921f6ab77a81d0eb5c424f6ed0ea72248ad2b49d1bc08519a055a80ef6e643880efaa2f892bbf8c94ccf90a6594356db4adb28c18fa82db3ec98b346fe448a237fd642257fd374e5b0c700a4f5445d1c96b67cb1f1e66f444d39f344dac58bb2a7e0f054d7ed56dd9a7ea8785494af6bf6d486390e6fbd2670ea6f7669bf7ee435c2e80a2b1c157e5c243046a6e4292b0c57f692b91dcddcd64f92136a96c32e9130abd594ec50c18f9df0a43add62622d85f0ab07f3aae8a4e96a3fef31648306c220519e3cb6b3865a7c88ce0fcc9e240324d2aa9a3d651b5ba5350feb91a1f1aa5b297f1f24c6c5ac72772bb6e8826d201f0c820896d7aeba95115166fef927863d11da1c8115c3de777fed87e80747b89008da724ac85fa674302bc19fd49fc7de8fe9b6998b5498b57e9d29520887a8d598b008275062a450a4b0830f58d022bd9be6c7747120b567af7ae4080fd42f9ba75368872df576d3cbd081e093ee0fc1957747f63b514fd5b73beef6d16d0ea56961f73917d012ba2d99225ab07fd7217944d665e21932a4c2886de00ec602e532e156c9555d07019ed5dd1a0735d5ba94c0e0ffb351993157b3bda7e8b6f62c5db871b0f31239467cc41125afc4d3c49682d05b10cb51fcf0d64cf11a159a59844c3a5879e7cd7347c6b157c0600344a60cd6c41a338d8358df76245d57e17745d49ed8e17f00c1ef8ca8969584f5d2e1bdc4b530546ff378506ebf92e27bb9f6b1600269577495c62d229e3715553b3696d36f7c1fd9b69a7c6309276f22a636b29eb938ff0293ef889510a63b8b4a936084d2edc3e1a67011f133c0cb78c9cdb219d72883d5a8915228689a2f3ee706392443d36044e5b4b652b67b76a29ced560c61a681095edc9d8f7705dc000738156ac085d770c90370fffd959b98a8a121629a427adc89a30702816fd508385506563c7a1c6dbc06e322e9a0bdb287ac7b30354ced54de0c2d3f604fd9a75af43b1f4f5b71cab1ab11638d1c844b0cd3063ff6cc0b3ac866b0453136ecfd94849061a8b4ae28142a2befec641866960db3dab39a59d5a0fdef9294c59df3b70c223560688f7fa50cccef1ac41b7590dae568bd6a19beafe2a9c4e1b65502cd4833781398c3d40d53d5f9c0c23a4a37d5c0c4488ac7c51ec6860e150ad1ca4c1555d7657ed56189bfa661278dd65a97dcac075c71a868f307d710fa5b46f88a93ea332f9af70b5596194a2fb052bf37b18873fc9389d47511864637463355227693ef87b63f4677ebf5ff980eaeb198b7404ccb332a381589968048ddc849349f68a5e3bb07e27bf4870f02558f70bf8bcd9d7431f0f0299c98c3b6c7a08f480ee4716b969cb30c19fb1410dd5e7f00ccfb74272f6e2be84acd6c23fcf3a5b441a96c22100ebffd50c4a043f749c23085db69b6f5bbbfb6e9f735f72249c2fb66feb38e05339b2d64ab978b4bcbba417f7de33872a1c5ec792de28edf97e01c23bb308978cc16bf763faadf0750ae8719828be1fb66471bc4152dba20c58ef044ac94de8c184b1dfe4cba5b6cec490010b42ec8d47fa75106683cf6ac73a93c55915137b0e1abd1536696a3dcd6f0ff4bf3fcac871f8cc182c8b77145159de5de94f7e00c7d407ee1748f7d9668d99bd5155d2876c8d32600810695c389f945094c133a8f24d0a8378aca4104568216e6a94fce6790b073de2cff9921947686e8b00170e476d6a4dfef4f4f3d7a4d6cae0b4617fc9feb8fa9996229fcdd65b72627bc09fe90373f594acb01bf95ac46e5b433ae9cec9852f463560028ff722746dc07d3d36377c69a0cd0e6a4d4d17f769723f07b5a01975a941bd754f316ae8c8ecd3eaa3d53710decab0f031a94b31263b20c94b3947d6fcb60d1bbf4f533278b3b3090237a6147b40191d2976b8ca41f603f3851c9490d90e17ff950a35532561497585424a41de572f11222148421be5ecb517f818e8b18585cf8efa44922b41785606b1ce0977c8979ab8f4d63b692ed82b7c19c1704ff898a4f60a4fee1bc7acc0de84292dc61b8947c2e21c5e100a894e2e827d88f487525880ce1160129d8eac572f6469d185cbffbe0dc380f5caca50ab8fbe83b26169582829cb4009d830c573317d785992170d8ae761cf772e2ff3436b5c0c5e983a8ca08ca3bbf8b97feb67f589cd9f365bb8fa9af0de4e45049c4c38d045f6dc3a897242cd053e7f2ca8d3e661b927eb4e925d403e3aa00a5ecacd625ae3e6a00a7f2b8dee65c7e85c21b44a0e542001f682b8e357b0e814230fc4fda54588dab23eb9592c27b57ad6562c38f2de4951c3d4ba3a212d3158e87392e309dc200745288f23e383f5247c787782f07be25e75fada776bdcbbea612eba776e0f5c526ba4f2a7f82105b7169ab02df8a63cf5ae6669860c5a310854f3ba54948fb19585508156a7767424859768ec97b4f15ec520c790c2d1a0dd66ffa4234790f448991c589c6aacd074cb9124b37ed5cba93bcfe6c2e71c95db609d53a6918689c3ef50ac1e37f691abd721414eeed4b902a97ff4c2fb0e4ff4a0f9f66f326b9d99c9740062087bde65534c0ab685ce3aeacf112d480daeba9ffef5a78ce0fa50498a1b69b8b3a0b560aa48ce4058ee9096bc04daf0fb49a802d12aeb3a7a548a80048679da57c57166515946416645139644ff8bd050969af5818cf646ad9c1f06c712052522ea1904438c49c9f4e7a7d0f876d2db550abf16edc8b2bf58ec32f07a35492da9e48f6ff46365618ce94f756f941aab723a1708aa9bb644bed1b454f444709eda31bb7a7dd936049673e7e0a7a871c998c35b61da9c9080d44839762e531a0b23ee1318336cb1732cbe598be252112ed8d4daa89f48aae624cdcd634d31da35b002e3419b3f217cd357a1120ab132c97d48001af906a3bed6e35b0b5a2a4d06230eacdda0f7285bd803f168988781c3e3fe46a8b5ffdbc8393830a442f83af9881687eb65722725043a8d67561403ca882bcfe454eeb42a4cb687ca235d917dabf30327ed391f74081a8be539fe2169b8a50a75039d9117875c214d20b74259d68e15c69d547358ffd4876e992453445fc3f478cf10efa4adda88b1502403c1411df21b37a212c11379ed29723318a0de92f8b27fb9600ba614c302b329ed47d228b4ee5ed7d3a82207237728ae7e92cc0b8aa4ed0fbd3fe1b67b2c0936cc554c8de7d8da511f80fcb7a7ae7109ca86e8dfd97447eee41f838911c430d5fa0a50dd8bf1424f76a38c60c27ccab6b8e790e20b38355693b60b84ed27628b07d940f16d85b261f33a73c841212c22bb10d7c3eb12dd451a70eccc4c8a85f124ec6fb372123adab3599e05e16c7428bb22151ef2e788b819b9ab8dfd7cb703333bc119d6a706953ca2fe05b8314a181f8d8cfae8a320e4a852e0a5b4555a39612ae5970b5ec10d5417e6c147f15f4e004f07912e14bc45e153524f1d128a02dc07e515239fc19d5147933d7144b62a14ff0bea1fc44522dc8d159efaf2b0ec0d70664ff9490bc6fac750baab08023ffa3ddd6d1d367b551e8045420dea8a2ed4a17ce510cd3137d9b127888674a2dc1221600ca3d5a18c10786d2fa722e4bb36746a774ecdd8ad507008d3fe81594b806c4468e6368cf994347440b5b7c03b5592194b5c89126b5b292af36594d0d4559f9c9c52472242e2c783ac3f6f74462ddeffebdc1f7f8eb9472f45582fdd9620fdc04a5b125ae5c1d7276c692e9e4e5e6b24f95f8e26aa34ed104d9f082de9ccb083c134d0ada95413855a11135b981e439b38d8899b493f8155d10e4cdddcfc44282b40c15e9dd68e4f166589ea9a4788668f7d9387e46ae58de0b774268dcd6532b4fa788d75c79efd1b0894a247a8bff20e110dfe6597e5a7a18433f0d155c61570c5fce79ddd81247207ccbf4498d1ccf334bb8beead1e55ccb0a70ede723364715edfde20db868caf39d698a69d533e5227db78b34d24f15b581a55fc5c1407622ace8739b8f684ccd5b2aa47925395f956450d60a2b73b97b8dd663fcd219ea3f04a99d0ab3cdfa61f6fcb9c2aa22d84752d9841c3de7e2a5bb0783fcc15bed860230e63ad3cd0400a8804d7a070db4b3b9e62d0884d38eae833e55635ee4d303194e4ba604072fe75029335c30da1f047e631a0e4c7dbc77b3d3516a8f606874bb5cfb6ba2b4ea25c933e02c86cf79b3e7a9c12f775933082d9b2a5bc5da75877054ca09d16738b5c6e7759c88e7e095b000dca18c6a4b64c52acc1d434badbb232f1a7b7778a5bf7de6d51fc3a5e21cf860a3bb5c3436b64661abf94a063fa07f1016c41006d72df3ba9ebe557498810207d30686ec4fdf4ef00aca5a83d5e176dfd554163c2eb4d0806626cc26400ac3694810109b02fd4d7f1a48570c1b330d29b2be1e7f94882430b3ae14907ae7122817282d2c4661ac24cddbe8aaed15a16b9a8b9310d264c3f6bafb4368d0ca638d15ed3b50fcfc164d38543e5d9c182c897f604fd8eeda1a96f3be94f3aaab944003fe38b33d89245d7e8d460a9f4386929146867741b37f08463f5a7e1e3a6ca4488fde971a7d1392a5eff88b753ad98605de91ee1fd5f20281111e15606e69db0818dad6413938a58440a4c50b3d909a962de9e20b6c9a8eacb05706c92644d7c31280d4998a8d4ba6a9525669ee22d24e1ca04daa9f54e006248fa2fe08e8ed56b52cfe125e705c87750170c43019e9545ce6589cc929637a96c98b74f6b15d3943ae805461f3dda5b29823229fd93d47103257cb8fb941c8a765163f56ebbc0484936b4aaf090217e6e46ba668e50435df80e82fe3db368e931fcddd5acd2ca07cdab8c6640a13cc7c4bc99b8db2d728a545782e4826cab66d9d8df30068f2939ad3f9547cb07e93c5c87f32bf55214ab7bc33152475de2018a02e41e22d0abedf2e792d0cbb0305079b3804106b42df1c4ce2a7b2fd510cbcfdad4f3f10f68e8ab2208ca3145775eff5f11889bca5811c1ffabd91526bf1b52ac3d97990baa8e29ba669bf3ffbe93c20cf7b7483303365d76afa52ce6d783d68dc0a4197e3f1b575e355d83a8f3bcbff052a6e6da2f7282c55a3e935f5f9106cf2168430e69ae0b721cd61f3f580bdd267369825dbc8b0cc444fc258d8fd79688a302b008ce89354791e01f1654b02ad94c6be66f280249b7a993e59a7b06d6b7cfcb860b80abcbbc0c76ee3e600e926e5bf443aa270b6a8f96d96f4604a98a28bc45ee6faf7394058756bc741131d79a8b0f02a1bb0b20a788178ad742cb866436644d76c5967d402a4c14933ba08c39d33f34db79641e000dde0f3760e48707c0277ad81200a7d49decdf035b54b0a89c56bc88066de63910aa74a08161ad3a09cbcd9b0a3c9cf5d73e1fec0f947bfba07501c31f12f59ed59d8b7863"}) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) r3 = socket$inet(0x2, 0x2, 0x1) setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0) sendmsg$inet(r3, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="08001efb3e6f0000", 0x8}], 0x1, 0x0, 0x0, 0xe0000000}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0c", 0x44, 0x20000000, 0x0, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90b, 0xf4c, '\x00', @p_u16=&(0x7f00000000c0)}}) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1000}, 0x4) r5 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x5865}, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00') fchdir(r6) socket$tipc(0x1e, 0x2, 0x0) 1.730692352s ago: executing program 3 (id=1340): openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) epoll_create1(0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) syz_open_dev$tty1(0xc, 0x4, 0x1) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) ftruncate(0xffffffffffffffff, 0x0) r2 = getpid() bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x404401c}, 0x4048c40) sendmmsg$inet(0xffffffffffffffff, &(0x7f000000be00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000000000002a981e730beeb73a860000000007400000ff2400973341f8378d4470251516a6ac3e578d9d2e60f512c76b6c23d9458579f9000000000000000000ff698a12c130dfbff89415ee90c62e2efe83fb39f86d1db2ff222b164dedfddf2490382cbff47fd9933defa0e9a7a4d76cdda2ee38c37ebf1fbd11f908ae2a64d186ab3471b38575af5ce5c9e9159327e3afdf56239b32775b6b9cb185e6492f6e86b64244bd0000000000000000000000002e26c99c44c09c19bda6"], 0x10}}], 0x1, 0x81) r3 = socket(0x840000000002, 0x3, 0x100) connect$inet(r3, &(0x7f00000005c0)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0]}) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x4000) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x7]}) 1.081045286s ago: executing program 1 (id=1341): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(0x0, 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0) splice(r3, 0x0, r1, 0x0, 0xf3a, 0x0) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) vmsplice(r0, &(0x7f0000000840)=[{&(0x7f00000004c0)="cf", 0x1}], 0x1, 0x0) write$binfmt_elf64(r2, &(0x7f0000000380)=ANY=[], 0x18c6) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket(0x2c, 0x0, 0x0) 1.027505955s ago: executing program 2 (id=1342): syz_open_dev$media(0x0, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c672217010000000000", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) read$FUSE(r0, 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001240)=[{&(0x7f00000000c0)='\x00\x00', 0x2}], 0x1, 0x0, 0x0, 0x40001}, 0x1) recvmsg(r2, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x2) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) getdents64(r4, 0x0, 0x0) write$FUSE_NOTIFY_DELETE(r0, 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) openat(r4, &(0x7f0000000100)='./file0\x00', 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe) add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) 934.627246ms ago: executing program 1 (id=1343): r0 = gettid() socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000000c0)=0x4, 0x4) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() socket$nl_route(0x10, 0x3, 0x0) process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) r4 = syz_io_uring_setup(0x182e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r4, 0x16, &(0x7f0000000000)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c707fe81436b024c2574980397bc49d70c060d57bc88fbe3bbaa058b040362ab926150763fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f91b18725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982"], 0x0}, 0x90) r7 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x0, r7, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}}) io_uring_enter(r4, 0x5b43, 0x0, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x10012, r1, 0x0) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000000)={0x9, 0x30, 0x5, 0x8000, 0x4, 0x1}) recvmmsg(r8, &(0x7f0000004400), 0x0, 0x160, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = socket$kcm(0x29, 0x5, 0x0) splice(r10, 0x0, r9, 0x0, 0x20000004, 0x0) tkill(r0, 0x7) 654.03787ms ago: executing program 3 (id=1344): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) getpid() r1 = socket$inet_sctp(0x2, 0x1, 0x84) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r1, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10) ioctl$BTRFS_IOC_ADD_DEV(r1, 0x5000940a, &(0x7f0000000300)={{r0}, "61fcc0d029bb3f7143155aa66c4690d2f5bb102883b7510cdb61103e04cf30bc7f624e2c1ba531204309fd1dd125ae72bad3feebaed5e8f2625de0ad9529e3e37e1e574b2e1c5904311259864ebb1d2ecd4a240b9b87c1fe6583d52a64e95d7d85775e2ad1386a66dcfa592939753fa9c2bc3343718cb3df357f3c1df41713a3c39ecce6237a39a6638bba5efcceabb2fc9ccb84b257d058cdfbcf288a2c2b142bc998cc148e34f1d5893e95423b9af95e5d841b0b75ead35165f1e0d72a68e08fd21478a10264c3737879a92de5832b4f2af73be0b2a0a07e75432f3a1bdc7d4dac6638f021f7d30a0b16298971026331fa412b4e339b2bd84921f6ab77a81d0eb5c424f6ed0ea72248ad2b49d1bc08519a055a80ef6e643880efaa2f892bbf8c94ccf90a6594356db4adb28c18fa82db3ec98b346fe448a237fd642257fd374e5b0c700a4f5445d1c96b67cb1f1e66f444d39f344dac58bb2a7e0f054d7ed56dd9a7ea8785494af6bf6d486390e6fbd2670ea6f7669bf7ee435c2e80a2b1c157e5c243046a6e4292b0c57f692b91dcddcd64f92136a96c32e9130abd594ec50c18f9df0a43add62622d85f0ab07f3aae8a4e96a3fef31648306c220519e3cb6b3865a7c88ce0fcc9e240324d2aa9a3d651b5ba5350feb91a1f1aa5b297f1f24c6c5ac72772bb6e8826d201f0c820896d7aeba95115166fef927863d11da1c8115c3de777fed87e80747b89008da724ac85fa674302bc19fd49fc7de8fe9b6998b5498b57e9d29520887a8d598b008275062a450a4b0830f58d022bd9be6c7747120b567af7ae4080fd42f9ba75368872df576d3cbd081e093ee0fc1957747f63b514fd5b73beef6d16d0ea56961f73917d012ba2d99225ab07fd7217944d665e21932a4c2886de00ec602e532e156c9555d07019ed5dd1a0735d5ba94c0e0ffb351993157b3bda7e8b6f62c5db871b0f31239467cc41125afc4d3c49682d05b10cb51fcf0d64cf11a159a59844c3a5879e7cd7347c6b157c0600344a60cd6c41a338d8358df76245d57e17745d49ed8e17f00c1ef8ca8969584f5d2e1bdc4b530546ff378506ebf92e27bb9f6b1600269577495c62d229e3715553b3696d36f7c1fd9b69a7c6309276f22a636b29eb938ff0293ef889510a63b8b4a936084d2edc3e1a67011f133c0cb78c9cdb219d72883d5a8915228689a2f3ee706392443d36044e5b4b652b67b76a29ced560c61a681095edc9d8f7705dc000738156ac085d770c90370fffd959b98a8a121629a427adc89a30702816fd508385506563c7a1c6dbc06e322e9a0bdb287ac7b30354ced54de0c2d3f604fd9a75af43b1f4f5b71cab1ab11638d1c844b0cd3063ff6cc0b3ac866b0453136ecfd94849061a8b4ae28142a2befec641866960db3dab39a59d5a0fdef9294c59df3b70c223560688f7fa50cccef1ac41b7590dae568bd6a19beafe2a9c4e1b65502cd4833781398c3d40d53d5f9c0c23a4a37d5c0c4488ac7c51ec6860e150ad1ca4c1555d7657ed56189bfa661278dd65a97dcac075c71a868f307d710fa5b46f88a93ea332f9af70b5596194a2fb052bf37b18873fc9389d47511864637463355227693ef87b63f4677ebf5ff980eaeb198b7404ccb332a381589968048ddc849349f68a5e3bb07e27bf4870f02558f70bf8bcd9d7431f0f0299c98c3b6c7a08f480ee4716b969cb30c19fb1410dd5e7f00ccfb74272f6e2be84acd6c23fcf3a5b441a96c22100ebffd50c4a043f749c23085db69b6f5bbbfb6e9f735f72249c2fb66feb38e05339b2d64ab978b4bcbba417f7de33872a1c5ec792de28edf97e01c23bb308978cc16bf763faadf0750ae8719828be1fb66471bc4152dba20c58ef044ac94de8c184b1dfe4cba5b6cec490010b42ec8d47fa75106683cf6ac73a93c55915137b0e1abd1536696a3dcd6f0ff4bf3fcac871f8cc182c8b77145159de5de94f7e00c7d407ee1748f7d9668d99bd5155d2876c8d32600810695c389f945094c133a8f24d0a8378aca4104568216e6a94fce6790b073de2cff9921947686e8b00170e476d6a4dfef4f4f3d7a4d6cae0b4617fc9feb8fa9996229fcdd65b72627bc09fe90373f594acb01bf95ac46e5b433ae9cec9852f463560028ff722746dc07d3d36377c69a0cd0e6a4d4d17f769723f07b5a01975a941bd754f316ae8c8ecd3eaa3d53710decab0f031a94b31263b20c94b3947d6fcb60d1bbf4f533278b3b3090237a6147b40191d2976b8ca41f603f3851c9490d90e17ff950a35532561497585424a41de572f11222148421be5ecb517f818e8b18585cf8efa44922b41785606b1ce0977c8979ab8f4d63b692ed82b7c19c1704ff898a4f60a4fee1bc7acc0de84292dc61b8947c2e21c5e100a894e2e827d88f487525880ce1160129d8eac572f6469d185cbffbe0dc380f5caca50ab8fbe83b26169582829cb4009d830c573317d785992170d8ae761cf772e2ff3436b5c0c5e983a8ca08ca3bbf8b97feb67f589cd9f365bb8fa9af0de4e45049c4c38d045f6dc3a897242cd053e7f2ca8d3e661b927eb4e925d403e3aa00a5ecacd625ae3e6a00a7f2b8dee65c7e85c21b44a0e542001f682b8e357b0e814230fc4fda54588dab23eb9592c27b57ad6562c38f2de4951c3d4ba3a212d3158e87392e309dc200745288f23e383f5247c787782f07be25e75fada776bdcbbea612eba776e0f5c526ba4f2a7f82105b7169ab02df8a63cf5ae6669860c5a310854f3ba54948fb19585508156a7767424859768ec97b4f15ec520c790c2d1a0dd66ffa4234790f448991c589c6aacd074cb9124b37ed5cba93bcfe6c2e71c95db609d53a6918689c3ef50ac1e37f691abd721414eeed4b902a97ff4c2fb0e4ff4a0f9f66f326b9d99c9740062087bde65534c0ab685ce3aeacf112d480daeba9ffef5a78ce0fa50498a1b69b8b3a0b560aa48ce4058ee9096bc04daf0fb49a802d12aeb3a7a548a80048679da57c57166515946416645139644ff8bd050969af5818cf646ad9c1f06c712052522ea1904438c49c9f4e7a7d0f876d2db550abf16edc8b2bf58ec32f07a35492da9e48f6ff46365618ce94f756f941aab723a1708aa9bb644bed1b454f444709eda31bb7a7dd936049673e7e0a7a871c998c35b61da9c9080d44839762e531a0b23ee1318336cb1732cbe598be252112ed8d4daa89f48aae624cdcd634d31da35b002e3419b3f217cd357a1120ab132c97d48001af906a3bed6e35b0b5a2a4d06230eacdda0f7285bd803f168988781c3e3fe46a8b5ffdbc8393830a442f83af9881687eb65722725043a8d67561403ca882bcfe454eeb42a4cb687ca235d917dabf30327ed391f74081a8be539fe2169b8a50a75039d9117875c214d20b74259d68e15c69d547358ffd4876e992453445fc3f478cf10efa4adda88b1502403c1411df21b37a212c11379ed29723318a0de92f8b27fb9600ba614c302b329ed47d228b4ee5ed7d3a82207237728ae7e92cc0b8aa4ed0fbd3fe1b67b2c0936cc554c8de7d8da511f80fcb7a7ae7109ca86e8dfd97447eee41f838911c430d5fa0a50dd8bf1424f76a38c60c27ccab6b8e790e20b38355693b60b84ed27628b07d940f16d85b261f33a73c841212c22bb10d7c3eb12dd451a70eccc4c8a85f124ec6fb372123adab3599e05e16c7428bb22151ef2e788b819b9ab8dfd7cb703333bc119d6a706953ca2fe05b8314a181f8d8cfae8a320e4a852e0a5b4555a39612ae5970b5ec10d5417e6c147f15f4e004f07912e14bc45e153524f1d128a02dc07e515239fc19d5147933d7144b62a14ff0bea1fc44522dc8d159efaf2b0ec0d70664ff9490bc6fac750baab08023ffa3ddd6d1d367b551e8045420dea8a2ed4a17ce510cd3137d9b127888674a2dc1221600ca3d5a18c10786d2fa722e4bb36746a774ecdd8ad507008d3fe81594b806c4468e6368cf994347440b5b7c03b5592194b5c89126b5b292af36594d0d4559f9c9c52472242e2c783ac3f6f74462ddeffebdc1f7f8eb9472f45582fdd9620fdc04a5b125ae5c1d7276c692e9e4e5e6b24f95f8e26aa34ed104d9f082de9ccb083c134d0ada95413855a11135b981e439b38d8899b493f8155d10e4cdddcfc44282b40c15e9dd68e4f166589ea9a4788668f7d9387e46ae58de0b774268dcd6532b4fa788d75c79efd1b0894a247a8bff20e110dfe6597e5a7a18433f0d155c61570c5fce79ddd81247207ccbf4498d1ccf334bb8beead1e55ccb0a70ede723364715edfde20db868caf39d698a69d533e5227db78b34d24f15b581a55fc5c1407622ace8739b8f684ccd5b2aa47925395f956450d60a2b73b97b8dd663fcd219ea3f04a99d0ab3cdfa61f6fcb9c2aa22d84752d9841c3de7e2a5bb0783fcc15bed860230e63ad3cd0400a8804d7a070db4b3b9e62d0884d38eae833e55635ee4d303194e4ba604072fe75029335c30da1f047e631a0e4c7dbc77b3d3516a8f606874bb5cfb6ba2b4ea25c933e02c86cf79b3e7a9c12f775933082d9b2a5bc5da75877054ca09d16738b5c6e7759c88e7e095b000dca18c6a4b64c52acc1d434badbb232f1a7b7778a5bf7de6d51fc3a5e21cf860a3bb5c3436b64661abf94a063fa07f1016c41006d72df3ba9ebe557498810207d30686ec4fdf4ef00aca5a83d5e176dfd554163c2eb4d0806626cc26400ac3694810109b02fd4d7f1a48570c1b330d29b2be1e7f94882430b3ae14907ae7122817282d2c4661ac24cddbe8aaed15a16b9a8b9310d264c3f6bafb4368d0ca638d15ed3b50fcfc164d38543e5d9c182c897f604fd8eeda1a96f3be94f3aaab944003fe38b33d89245d7e8d460a9f4386929146867741b37f08463f5a7e1e3a6ca4488fde971a7d1392a5eff88b753ad98605de91ee1fd5f20281111e15606e69db0818dad6413938a58440a4c50b3d909a962de9e20b6c9a8eacb05706c92644d7c31280d4998a8d4ba6a9525669ee22d24e1ca04daa9f54e006248fa2fe08e8ed56b52cfe125e705c87750170c43019e9545ce6589cc929637a96c98b74f6b15d3943ae805461f3dda5b29823229fd93d47103257cb8fb941c8a765163f56ebbc0484936b4aaf090217e6e46ba668e50435df80e82fe3db368e931fcddd5acd2ca07cdab8c6640a13cc7c4bc99b8db2d728a545782e4826cab66d9d8df30068f2939ad3f9547cb07e93c5c87f32bf55214ab7bc33152475de2018a02e41e22d0abedf2e792d0cbb0305079b3804106b42df1c4ce2a7b2fd510cbcfdad4f3f10f68e8ab2208ca3145775eff5f11889bca5811c1ffabd91526bf1b52ac3d97990baa8e29ba669bf3ffbe93c20cf7b7483303365d76afa52ce6d783d68dc0a4197e3f1b575e355d83a8f3bcbff052a6e6da2f7282c55a3e935f5f9106cf2168430e69ae0b721cd61f3f580bdd267369825dbc8b0cc444fc258d8fd79688a302b008ce89354791e01f1654b02ad94c6be66f280249b7a993e59a7b06d6b7cfcb860b80abcbbc0c76ee3e600e926e5bf443aa270b6a8f96d96f4604a98a28bc45ee6faf7394058756bc741131d79a8b0f02a1bb0b20a788178ad742cb866436644d76c5967d402a4c14933ba08c39d33f34db79641e000dde0f3760e48707c0277ad81200a7d49decdf035b54b0a89c56bc88066de63910aa74a08161ad3a09cbcd9b0a3c9cf5d73e1fec0f947bfba07501c31f12f59ed59d8b7863"}) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$inet(0x2, 0x2, 0x1) setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) sendmsg$inet(r2, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000100)=[{0x0}], 0x1, 0x0, 0x0, 0xe0000000}, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad9", 0x33, 0x20000000, 0x0, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90b, 0xf4c, '\x00', @p_u16=&(0x7f00000000c0)}}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000001300)=ANY=[@ANYBLOB="180000000000000000000000feffffff18010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000500000085000000710000009500000000000000e5b541e7d710e42548414f85e499a6a48015bcc2bc01203b15eb1f166eeb68bf17810b826b383c5e7163de481e2a21aabaacd31fbf1f2451dff45c817a64829713f8d95fd384dc52e14de9364ed376e196226c7aac7f1fb5644db8468ee437b221074989587df9adecb6c234f4b0a664912cb7d4d9d14bb3b0bf78dbfc07d1bd1e43bf3a44d659774212af6ed16a4c8f7aceb622bc545693247fcdc720d0f6a6ab8d24d53c473be816df9a12314c75d1ff77f669c775bf67a4aca794c40e20ad483c"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1000}, 0x4) r5 = socket$kcm(0x10, 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x5865}, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00') fchdir(r6) socket$tipc(0x1e, 0x2, 0x0) 499.458357ms ago: executing program 0 (id=1345): r0 = socket(0x2, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x44000) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000d40), 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = getpid() process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0xfff, 0x9}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='xdp_devmap_xmit\x00', r2}, 0xfffffffffffffe13) ioctl$SNDCTL_DSP_GETISPACE(0xffffffffffffffff, 0x8010500d, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000700)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @mcast2={0xff, 0x5}}, r7}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000340)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @remote}, {0xa, 0x0, 0x0, @local}, r7}}, 0x48) close_range(r5, 0xffffffffffffffff, 0x0) creat(&(0x7f00000002c0)='./bus\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000040)='{}//#\x00', &(0x7f0000000080)=')*!-}).\x00', 0x0) setxattr$security_ima(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000000), &(0x7f0000000380)=ANY=[@ANYBLOB="06"], 0x2, 0x0) 0s ago: executing program 1 (id=1346): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socket(0x200000100000011, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"]) chdir(&(0x7f0000000280)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x420001, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0) pwritev2(r3, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5) writev(r5, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240e00005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484e240003000000f7c08bfcd111fbdf23ea32db0e8f21d5bc27bd8063067a0689fff2a41cfbf0e9", 0x2a}], 0x2) r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000a58000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000000000014d564b00000000af"]) ioctl$KVM_KVMCLOCK_CTRL(r7, 0xaead) ioctl$KVM_RUN(r7, 0xae80, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000140)) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0) kernel console output (not intermixed with test programs): stb usb_control_msg returned -110 [ 153.283629][ T6795] usbtmc 8-1:16.0: send_request_dev_dep_msg_in returned -90 [ 153.310272][ T25] usb 8-1: USB disconnect, device number 5 [ 153.317785][ T1165] usb 5-1: USB disconnect, device number 3 [ 153.499379][ T6872] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 153.719246][ T6876] fuse: Unknown parameter 'g"' [ 155.176831][ T5340] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 155.360384][ T5340] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 155.364684][ T5340] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 155.369051][ T5340] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253 [ 155.377133][ T5340] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 155.380980][ T5340] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 155.384426][ T5340] usb 7-1: Manufacturer: syz [ 155.391436][ T5340] usb 7-1: config 0 descriptor?? [ 155.395626][ T5340] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 156.435678][ T6912] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 156.475901][ T39] audit: type=1400 audit(1722636317.044:332): avc: denied { nlmsg_write } for pid=6913 comm="syz.1.394" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 156.628932][ T6917] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 157.946254][ T30] usb 7-1: USB disconnect, device number 8 [ 158.026813][ T5377] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 158.046366][ T6945] fuse: Unknown parameter 'g"' [ 158.207051][ T5377] usb 8-1: Using ep0 maxpacket: 8 [ 158.212810][ T5377] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 158.217286][ T5377] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 158.221589][ T5377] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 158.225832][ T5377] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 158.230548][ T5377] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 158.236412][ T5377] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 158.242691][ T5377] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.456726][ T5377] usb 8-1: GET_CAPABILITIES returned 0 [ 158.459857][ T5377] usbtmc 8-1:16.0: can't read capabilities [ 158.786739][ T1165] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 158.834664][ T6940] usbtmc 8-1:16.0: stb usb_control_msg returned -32 [ 158.839084][ T6951] usbtmc 8-1:16.0: send_request_dev_dep_msg_in returned -90 [ 158.844592][ T58] usb 8-1: USB disconnect, device number 6 [ 158.996819][ T1165] usb 6-1: Using ep0 maxpacket: 8 [ 159.003845][ T1165] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 159.007712][ T1165] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 159.012076][ T1165] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 159.017727][ T1165] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 159.017750][ T1165] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 159.017787][ T1165] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 159.017807][ T1165] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.114856][ T6955] raw_sendmsg: syz.2.406 forgot to set AF_INET. Fix it! [ 159.226143][ T1165] usb 6-1: GET_CAPABILITIES returned 0 [ 159.229873][ T1165] usbtmc 6-1:16.0: can't read capabilities [ 159.422236][ T39] audit: type=1326 audit(1722636319.994:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6960 comm="syz.3.409" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3678b779f9 code=0x0 [ 159.534913][ T39] audit: type=1400 audit(1722636320.104:334): avc: denied { ioctl } for pid=6960 comm="syz.3.409" path="socket:[14100]" dev="sockfs" ino=14100 ioctlcmd=0x4b6a scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 159.592049][ T6949] usbtmc 6-1:16.0: stb usb_control_msg returned -32 [ 159.595424][ T6964] usbtmc 6-1:16.0: send_request_dev_dep_msg_in returned -90 [ 159.604622][ T5340] usb 6-1: USB disconnect, device number 4 [ 159.635483][ T5377] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 159.816748][ T5377] usb 5-1: Using ep0 maxpacket: 8 [ 159.835266][ T5377] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 159.839566][ T5377] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 159.843780][ T5377] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 159.849973][ T5377] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 159.854333][ T5377] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 159.859866][ T5377] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 159.863445][ T5377] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.110360][ T5377] usb 5-1: GET_CAPABILITIES returned 0 [ 160.112804][ T5377] usbtmc 5-1:16.0: can't read capabilities [ 160.539307][ T6959] usbtmc 5-1:16.0: stb usb_control_msg returned -32 [ 160.550528][ T6980] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -90 [ 160.617649][ T5398] usb 5-1: USB disconnect, device number 4 [ 161.506884][ T1165] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 161.526736][ T25] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 161.708175][ T25] usb 8-1: Using ep0 maxpacket: 8 [ 161.709441][ T1165] usb 5-1: Using ep0 maxpacket: 8 [ 161.731988][ T25] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 161.735416][ T1165] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 161.737875][ T25] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 161.740631][ T1165] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 161.744541][ T25] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 161.749005][ T1165] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 161.754837][ T25] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 161.755942][ T1165] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 161.760697][ T25] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 161.760737][ T25] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 161.760757][ T25] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.779307][ T1165] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 161.784388][ T1165] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 161.788544][ T1165] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 161.990281][ T25] usb 8-1: GET_CAPABILITIES returned 0 [ 161.992813][ T25] usbtmc 8-1:16.0: can't read capabilities [ 161.999694][ T1165] usb 5-1: GET_CAPABILITIES returned 0 [ 162.002202][ T1165] usbtmc 5-1:16.0: can't read capabilities [ 162.377145][ T6996] usbtmc 8-1:16.0: stb usb_control_msg returned -32 [ 162.382071][ T7003] usbtmc 8-1:16.0: send_request_dev_dep_msg_in returned -90 [ 162.385125][ T7004] usbtmc 8-1:16.0: send_request_dev_dep_msg_in returned -90 [ 162.392452][ T5398] usb 8-1: USB disconnect, device number 7 [ 163.135115][ T7016] random: crng reseeded on system resumption [ 164.246076][ T1165] usb 5-1: USB disconnect, device number 5 [ 165.108176][ T7040] random: crng reseeded on system resumption [ 165.121394][ T39] audit: type=1400 audit(1722636325.694:335): avc: denied { rename } for pid=4805 comm="syslogd" name="messages" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 165.159989][ T39] audit: type=1400 audit(1722636325.694:336): avc: denied { unlink } for pid=4805 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 165.174145][ T39] audit: type=1400 audit(1722636325.744:337): avc: denied { create } for pid=4805 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 166.066997][ T7060] 9pnet_virtio: no channels available for device syz [ 166.219829][ T7060] random: crng reseeded on system resumption [ 167.039978][ T7073] ieee802154 phy0 wpan0: encryption failed: -22 [ 167.605879][ T7092] ieee802154 phy0 wpan0: encryption failed: -22 [ 168.048529][ T7107] ieee802154 phy0 wpan0: encryption failed: -22 [ 168.906863][ T57] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 169.086715][ T57] usb 7-1: Using ep0 maxpacket: 8 [ 169.091648][ T57] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 169.096232][ T57] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 169.100603][ T57] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 169.105593][ T57] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 169.112017][ T57] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 169.118277][ T57] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 169.122574][ T57] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.412518][ T57] usb 7-1: GET_CAPABILITIES returned 0 [ 169.414956][ T57] usbtmc 7-1:16.0: can't read capabilities [ 169.578898][ T7127] ieee802154 phy0 wpan0: encryption failed: -22 [ 169.790695][ T7120] usbtmc 7-1:16.0: stb usb_control_msg returned -32 [ 169.794135][ T7142] usbtmc 7-1:16.0: send_request_dev_dep_msg_in returned -90 [ 169.813262][ T984] usb 7-1: USB disconnect, device number 9 [ 170.672131][ T7153] netlink: 8 bytes leftover after parsing attributes in process `syz.0.457'. [ 171.022863][ T39] audit: type=1400 audit(1722636331.594:338): avc: denied { mounton } for pid=7160 comm="syz.3.460" path="/103/file0" dev="tmpfs" ino=587 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 171.126766][ T10] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 171.202218][ C2] vkms_vblank_simulate: vblank timer overrun [ 171.235115][ C2] vkms_vblank_simulate: vblank timer overrun [ 171.306793][ T10] usb 6-1: device descriptor read/64, error -71 [ 171.606783][ T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 171.765935][ T10] usb 6-1: device descriptor read/64, error -71 [ 171.887195][ T10] usb usb6-port1: attempt power cycle [ 171.989053][ T7168] fuse: Unknown parameter 'g"' [ 172.297599][ T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 172.327989][ T10] usb 6-1: device descriptor read/8, error -71 [ 172.450000][ T7172] random: crng reseeded on system resumption [ 172.608439][ T10] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 172.658016][ T10] usb 6-1: device descriptor read/8, error -71 [ 172.780036][ T10] usb usb6-port1: unable to enumerate USB device [ 173.197058][ T5378] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 173.376756][ T5378] usb 5-1: Using ep0 maxpacket: 8 [ 173.381076][ T5378] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 173.384593][ T5378] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 173.388972][ T5378] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 173.393022][ T5378] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 173.397268][ T5378] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 173.402574][ T5378] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 173.406181][ T5378] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.444477][ T7172] syz.2.463 (7172) used greatest stack depth: 20200 bytes left [ 173.625477][ T5378] usb 5-1: GET_CAPABILITIES returned 0 [ 173.628444][ T5378] usbtmc 5-1:16.0: can't read capabilities [ 173.770077][ T7183] random: crng reseeded on system resumption [ 173.887358][ T7188] 9pnet_virtio: no channels available for device syz [ 173.989024][ T7177] usbtmc 5-1:16.0: stb usb_control_msg returned -32 [ 173.992121][ T7189] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -90 [ 173.998334][ T5378] usb 5-1: USB disconnect, device number 6 [ 174.335416][ T7195] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 175.071163][ T7210] FAULT_INJECTION: forcing a failure. [ 175.071163][ T7210] name failslab, interval 1, probability 0, space 0, times 0 [ 175.084524][ T7210] CPU: 3 UID: 0 PID: 7210 Comm: syz.2.472 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 175.089055][ T7210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 175.093550][ T7210] Call Trace: [ 175.095036][ T7210] [ 175.096538][ T7210] dump_stack_lvl+0x16c/0x1f0 [ 175.098534][ T7210] should_fail_ex+0x497/0x5b0 [ 175.100274][ T7210] ? fs_reclaim_acquire+0xae/0x160 [ 175.102337][ T7210] should_failslab+0xc2/0x120 [ 175.104311][ T7210] __kmalloc_cache_noprof+0x6b/0x300 [ 175.106509][ T7210] ? nf_nat_masq_schedule.part.0+0x294/0x620 [ 175.108751][ T7210] ? nf_flow_table_cleanup+0x323/0x3d0 [ 175.110720][ T7210] nf_nat_masq_schedule.part.0+0x294/0x620 [ 175.113621][ T7210] ? __pfx_device_cmp+0x10/0x10 [ 175.115750][ T7210] ? __pfx_nf_nat_masq_schedule.part.0+0x10/0x10 [ 175.118839][ T7210] ? nf_tables_flowtable_event+0x35/0x480 [ 175.121373][ T7210] masq_device_event+0xf7/0x120 [ 175.123527][ T7210] notifier_call_chain+0xb9/0x410 [ 175.126307][ T7210] ? __pfx_masq_device_event+0x10/0x10 [ 175.128913][ T7210] call_netdevice_notifiers_info+0xbe/0x140 [ 175.131494][ T7210] dev_close_many+0x333/0x6a0 [ 175.133611][ T7210] ? preempt_schedule_thunk+0x1a/0x30 [ 175.135954][ T7210] ? __pfx_dev_close_many+0x10/0x10 [ 175.138260][ T7210] ? preempt_schedule_thunk+0x1a/0x30 [ 175.142447][ T7210] dev_close+0x181/0x230 [ 175.144702][ T7210] ? __pfx_dev_close+0x10/0x10 [ 175.146795][ T7210] ? __pfx_dev_index_reserve+0x10/0x10 [ 175.149486][ T7210] __dev_change_net_namespace+0x3e8/0x1360 [ 175.152306][ T7210] ? rcu_preempt_deferred_qs_irqrestore+0x505/0xb80 [ 175.154945][ T7210] ? __pfx_lock_release+0x10/0x10 [ 175.156989][ T7210] ? __pfx___dev_change_net_namespace+0x10/0x10 [ 175.159510][ T7210] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 175.161885][ T7210] ? lockdep_hardirqs_on+0x7c/0x110 [ 175.164106][ T7210] ? rcu_preempt_deferred_qs_irqrestore+0x505/0xb80 [ 175.166705][ T7210] ? rcu_is_watching+0x12/0xc0 [ 175.168416][ T7210] cfg802154_switch_netns+0xbf/0x450 [ 175.170798][ T7210] nl802154_wpan_phy_netns+0x134/0x2d0 [ 175.173090][ T7210] genl_family_rcv_msg_doit+0x202/0x2f0 [ 175.175143][ T7210] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 175.177768][ T7210] ? security_capable+0x98/0xd0 [ 175.179929][ T7210] genl_rcv_msg+0x565/0x800 [ 175.181742][ T7210] ? __pfx_genl_rcv_msg+0x10/0x10 [ 175.183675][ T7210] ? __pfx___lock_acquire+0x10/0x10 [ 175.185679][ T7210] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 175.187779][ T7210] ? __pfx_nl802154_wpan_phy_netns+0x10/0x10 [ 175.190035][ T7210] ? __pfx_nl802154_post_doit+0x10/0x10 [ 175.192356][ T7210] ? __pfx___lock_acquire+0x10/0x10 [ 175.194688][ T7210] netlink_rcv_skb+0x16b/0x440 [ 175.197214][ T7210] ? __pfx_genl_rcv_msg+0x10/0x10 [ 175.199653][ T7210] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 175.201961][ T7210] ? down_read+0xc9/0x330 [ 175.204332][ T7210] ? __pfx_down_read+0x10/0x10 [ 175.207018][ T7210] ? netlink_deliver_tap+0x1ae/0xd90 [ 175.209374][ T7210] genl_rcv+0x28/0x40 [ 175.211211][ T7210] netlink_unicast+0x544/0x830 [ 175.213360][ T7210] ? __pfx_netlink_unicast+0x10/0x10 [ 175.215647][ T7210] netlink_sendmsg+0x8b8/0xd70 [ 175.217724][ T7210] ? __pfx_netlink_sendmsg+0x10/0x10 [ 175.220043][ T7210] ? __import_iovec+0x1fd/0x6e0 [ 175.222120][ T7210] ____sys_sendmsg+0xab5/0xc90 [ 175.224033][ T7210] ? copy_msghdr_from_user+0x10b/0x160 [ 175.226081][ T7210] ? __pfx_____sys_sendmsg+0x10/0x10 [ 175.228251][ T7210] ? __pfx___lock_acquire+0x10/0x10 [ 175.230512][ T7210] ___sys_sendmsg+0x135/0x1e0 [ 175.232586][ T7210] ? __pfx____sys_sendmsg+0x10/0x10 [ 175.234816][ T7210] ? __fget_light+0x173/0x210 [ 175.236741][ T7210] __sys_sendmsg+0x117/0x1f0 [ 175.238462][ T7210] ? __pfx___sys_sendmsg+0x10/0x10 [ 175.240438][ T7210] do_syscall_64+0xcd/0x250 [ 175.242476][ T7210] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.244700][ T7210] RIP: 0033:0x7f0f1e3779f9 [ 175.246192][ T7210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.254350][ T7210] RSP: 002b:00007f0f1f220048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 175.258033][ T7210] RAX: ffffffffffffffda RBX: 00007f0f1e505f80 RCX: 00007f0f1e3779f9 [ 175.261346][ T7210] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 000000000000000b [ 175.264761][ T7210] RBP: 00007f0f1f2200a0 R08: 0000000000000000 R09: 0000000000000000 [ 175.268039][ T7210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 175.271408][ T7210] R13: 000000000000000b R14: 00007f0f1e505f80 R15: 00007fffcb8bd9b8 [ 175.274880][ T7210] [ 175.619562][ T39] audit: type=1400 audit(1722636336.194:339): avc: denied { read write } for pid=7218 comm="syz.0.475" name="mice" dev="devtmpfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 175.637375][ T39] audit: type=1400 audit(1722636336.204:340): avc: denied { open } for pid=7218 comm="syz.0.475" path="/dev/input/mice" dev="devtmpfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 175.756110][ T7227] fuse: Unknown parameter 'g"' [ 175.860591][ T7230] random: crng reseeded on system resumption [ 175.927063][ T5377] usb 8-1: new full-speed USB device number 8 using dummy_hcd [ 176.121153][ T5377] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 176.126090][ T5377] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 176.130990][ T5377] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.136058][ T5377] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 176.140625][ T5377] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.154567][ T5377] hub 8-1:1.0: bad descriptor, ignoring hub [ 176.157597][ T5377] hub 8-1:1.0: probe with driver hub failed with error -5 [ 176.163485][ T5377] cdc_wdm 8-1:1.0: skipping garbage [ 176.165858][ T5377] cdc_wdm 8-1:1.0: skipping garbage [ 176.169505][ T5377] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 176.495563][ T10] usb 8-1: USB disconnect, device number 8 [ 176.581144][ T7221] netlink: 8 bytes leftover after parsing attributes in process `syz.3.476'. [ 176.626970][ T7221] hsr_slave_0: left promiscuous mode [ 176.630810][ T7221] hsr_slave_1: left promiscuous mode [ 176.819228][ T39] audit: type=1400 audit(1722636337.394:341): avc: denied { execute } for pid=7238 comm="syz.0.480" path="/114/cpu.stat" dev="tmpfs" ino=645 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 176.835422][ T39] audit: type=1400 audit(1722636337.394:342): avc: denied { cmd } for pid=7238 comm="syz.0.480" path="socket:[18034]" dev="sockfs" ino=18034 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 176.980328][ T25] usb 8-1: new full-speed USB device number 9 using dummy_hcd [ 177.146690][ T25] usb 8-1: device descriptor read/64, error -71 [ 177.426846][ T25] usb 8-1: new full-speed USB device number 10 using dummy_hcd [ 177.606697][ T25] usb 8-1: device descriptor read/64, error -71 [ 177.726910][ T25] usb usb8-port1: attempt power cycle [ 178.146811][ T25] usb 8-1: new full-speed USB device number 11 using dummy_hcd [ 178.178658][ T25] usb 8-1: device descriptor read/8, error -71 [ 178.276934][ T1165] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 178.446965][ T25] usb 8-1: new full-speed USB device number 12 using dummy_hcd [ 178.478764][ T25] usb 8-1: device descriptor read/8, error -71 [ 178.483470][ T1165] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 178.488027][ T1165] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.492524][ T1165] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.497187][ T1165] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 178.505372][ T1165] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 178.509976][ T1165] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 178.513770][ T1165] usb 5-1: Manufacturer: syz [ 178.524612][ T1165] usb 5-1: config 0 descriptor?? [ 178.599551][ T25] usb usb8-port1: unable to enumerate USB device [ 178.730689][ T7267] fuse: Unknown parameter 'g"' [ 178.965689][ T1165] usbhid 5-1:0.0: can't add hid device: -71 [ 178.969060][ T1165] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 178.979651][ T1165] usb 5-1: USB disconnect, device number 7 [ 179.185161][ T7271] ieee802154 phy0 wpan0: encryption failed: -22 [ 179.354746][ T7279] overlayfs: failed to resolve './file0/file0': -2 [ 179.679181][ T25] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 179.866709][ T25] usb 7-1: Using ep0 maxpacket: 32 [ 179.871199][ T25] usb 7-1: config index 0 descriptor too short (expected 156, got 27) [ 179.874701][ T25] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 179.879884][ T25] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 179.884844][ T25] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 179.890890][ T25] usb 7-1: config 0 interface 0 has no altsetting 0 [ 179.901769][ T25] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 179.907056][ T25] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 179.912230][ T25] usb 7-1: Product: syz [ 179.915159][ T25] usb 7-1: Manufacturer: syz [ 179.919852][ T25] usb 7-1: SerialNumber: syz [ 179.927115][ T25] usb 7-1: config 0 descriptor?? [ 179.939176][ T25] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 179.947207][ T25] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 180.169128][ T830] usb 7-1: USB disconnect, device number 10 [ 180.169343][ C3] ldusb 7-1:0.0: usb_submit_urb failed (-19) [ 180.176271][ T830] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 181.108399][ T5339] Bluetooth: hci0: command 0x0406 tx timeout [ 181.108450][ T5345] Bluetooth: hci1: command 0x0406 tx timeout [ 181.109602][ T5348] Bluetooth: hci3: command 0x0405 tx timeout [ 181.706299][ T7316] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 182.283502][ T7328] fuse: Unknown parameter 'g"' [ 182.503862][ T7334] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 182.782532][ T7333] random: crng reseeded on system resumption [ 183.546741][ T57] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 183.726882][ T57] usb 5-1: Using ep0 maxpacket: 8 [ 183.735211][ T57] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 183.740069][ T57] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 183.744374][ T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 183.748943][ T57] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 183.753391][ T57] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 183.759037][ T57] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 183.763115][ T57] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.984400][ T57] usb 5-1: GET_CAPABILITIES returned 0 [ 183.986811][ T57] usbtmc 5-1:16.0: can't read capabilities [ 184.360317][ T7345] usbtmc 5-1:16.0: stb usb_control_msg returned -32 [ 184.367750][ T7359] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -90 [ 184.374213][ T25] usb 5-1: USB disconnect, device number 8 [ 184.886665][ T39] audit: type=1400 audit(1722636345.454:343): avc: denied { read append } for pid=7367 comm="syz.1.511" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 184.949994][ T39] audit: type=1400 audit(1722636345.464:344): avc: denied { open } for pid=7367 comm="syz.1.511" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 185.166044][ T7373] random: crng reseeded on system resumption [ 185.564951][ T7385] 9pnet_virtio: no channels available for device syz [ 186.294322][ T39] audit: type=1400 audit(1722636346.864:345): avc: denied { create } for pid=7393 comm="syz.0.517" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 188.083992][ T7424] random: crng reseeded on system resumption [ 189.156734][ T57] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 189.339916][ T57] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 189.345902][ T57] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 189.352217][ T57] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 189.356434][ T57] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 189.367872][ T57] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 189.374494][ T57] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 189.383574][ T57] usb 7-1: Manufacturer: syz [ 189.397078][ T57] usb 7-1: config 0 descriptor?? [ 189.819342][ T57] usbhid 7-1:0.0: can't add hid device: -71 [ 189.825724][ T57] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 189.835806][ T57] usb 7-1: USB disconnect, device number 11 [ 190.026988][ T7446] netlink: 64 bytes leftover after parsing attributes in process `syz.0.531'. [ 191.311626][ T7471] random: crng reseeded on system resumption [ 192.093377][ T7481] netlink: 64 bytes leftover after parsing attributes in process `syz.2.540'. [ 192.517354][ T7488] 9pnet_virtio: no channels available for device syz [ 192.646097][ T7488] random: crng reseeded on system resumption [ 192.867063][ T57] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 193.064665][ T57] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 193.075653][ T57] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 193.086686][ T57] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 193.091048][ T57] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 193.111547][ T57] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 193.115136][ T57] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 193.122058][ T57] usb 7-1: Manufacturer: syz [ 193.126726][ T57] usb 7-1: config 0 descriptor?? [ 193.546088][ T57] usbhid 7-1:0.0: can't add hid device: -71 [ 193.550193][ T57] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 193.561022][ T57] usb 7-1: USB disconnect, device number 12 [ 194.390329][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.466690][ T57] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 194.544355][ T7518] netlink: 64 bytes leftover after parsing attributes in process `syz.0.550'. [ 194.656854][ T57] usb 6-1: Using ep0 maxpacket: 8 [ 194.662251][ T57] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 194.666346][ T57] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 194.670928][ T57] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 194.675392][ T57] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 194.679879][ T57] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 194.685566][ T57] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 194.689552][ T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.903155][ T57] usb 6-1: GET_CAPABILITIES returned 0 [ 194.905907][ T57] usbtmc 6-1:16.0: can't read capabilities [ 195.269131][ T7513] usbtmc 6-1:16.0: stb usb_control_msg returned -32 [ 195.272880][ T7527] usbtmc 6-1:16.0: send_request_dev_dep_msg_in returned -90 [ 195.286390][ T57] usb 6-1: USB disconnect, device number 9 [ 196.186892][ T57] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 196.389919][ T57] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 196.394719][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 196.399651][ T57] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 196.416805][ T57] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 196.423940][ T57] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 196.427950][ T57] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 196.431391][ T57] usb 6-1: Manufacturer: syz [ 196.436507][ T57] usb 6-1: config 0 descriptor?? [ 196.869561][ T57] usbhid 6-1:0.0: can't add hid device: -71 [ 196.872434][ T57] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 196.901405][ T57] usb 6-1: USB disconnect, device number 10 [ 197.428546][ T39] audit: type=1400 audit(1722636358.004:346): avc: denied { read } for pid=7557 comm="syz.1.562" name="sg1" dev="devtmpfs" ino=713 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1 [ 197.506367][ T39] audit: type=1400 audit(1722636358.074:347): avc: denied { view } for pid=7557 comm="syz.1.562" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 198.444420][ T39] audit: type=1400 audit(1722636359.014:348): avc: denied { bind } for pid=7592 comm="syz.1.567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 198.469073][ T39] audit: type=1400 audit(1722636359.024:349): avc: denied { setopt } for pid=7592 comm="syz.1.567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 198.480506][ T39] audit: type=1400 audit(1722636359.034:350): avc: denied { mount } for pid=7592 comm="syz.1.567" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 198.818722][ T7595] netlink: 'syz.1.567': attribute type 4 has an invalid length. [ 199.573203][ T7613] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 200.307130][ T7620] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 200.311246][ T7619] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 200.741016][ T7628] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 200.831286][ T7630] fuse: Unknown parameter 'g"' [ 201.082036][ T7632] ieee802154 phy0 wpan0: encryption failed: -22 [ 202.073091][ T5377] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 202.124310][ T7667] fuse: Unknown parameter 'g"' [ 202.266708][ T5377] usb 6-1: Using ep0 maxpacket: 8 [ 202.270992][ T5377] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 202.275023][ T5377] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 202.284448][ T5377] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 202.288696][ T5377] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 202.292726][ T5377] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 202.298340][ T5377] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 202.302389][ T5377] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.534409][ T5377] usb 6-1: GET_CAPABILITIES returned 0 [ 202.536858][ T5377] usbtmc 6-1:16.0: can't read capabilities [ 202.802955][ T7674] ieee802154 phy0 wpan0: encryption failed: -22 [ 202.912139][ T7663] usbtmc 6-1:16.0: stb usb_control_msg returned -32 [ 202.916893][ T7680] usbtmc 6-1:16.0: send_request_dev_dep_msg_in returned -90 [ 202.927138][ T830] usb 6-1: USB disconnect, device number 11 [ 203.366803][ T5377] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 203.658814][ T5377] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 203.662837][ T5377] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 203.667286][ T5377] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 203.671228][ T5377] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 203.678410][ T5377] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 203.683550][ T5377] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 203.687181][ T5377] usb 8-1: Manufacturer: syz [ 203.690944][ T5377] usb 8-1: config 0 descriptor?? [ 204.123934][ T5377] usbhid 8-1:0.0: can't add hid device: -71 [ 204.130287][ T5377] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 204.140722][ T5377] usb 8-1: USB disconnect, device number 13 [ 204.751230][ T7711] ieee802154 phy0 wpan0: encryption failed: -22 [ 205.042421][ T7725] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 205.086783][ T7726] can: request_module (can-proto-0) failed. [ 206.030093][ T7740] random: crng reseeded on system resumption [ 206.033961][ T39] audit: type=1400 audit(1722636366.604:351): avc: denied { ioctl } for pid=7744 comm="syz.2.607" path="socket:[21035]" dev="sockfs" ino=21035 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 206.035112][ T7745] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=18296 sclass=netlink_route_socket pid=7745 comm=syz.2.607 [ 206.050296][ T830] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 206.054419][ T39] audit: type=1400 audit(1722636366.624:352): avc: denied { read } for pid=7744 comm="syz.2.607" name="nvram" dev="devtmpfs" ino=633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 206.065817][ T39] audit: type=1400 audit(1722636366.624:353): avc: denied { open } for pid=7744 comm="syz.2.607" path="/dev/nvram" dev="devtmpfs" ino=633 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1 [ 206.238684][ T830] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 206.243224][ T830] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.248632][ T830] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 206.252997][ T830] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 206.260713][ T830] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 206.264864][ T830] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 206.272612][ T830] usb 6-1: Manufacturer: syz [ 206.277457][ T830] usb 6-1: config 0 descriptor?? [ 206.510644][ T7752] FAULT_INJECTION: forcing a failure. [ 206.510644][ T7752] name failslab, interval 1, probability 0, space 0, times 0 [ 206.515861][ T7752] CPU: 2 UID: 0 PID: 7752 Comm: syz.2.609 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 206.520325][ T7752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 206.524859][ T7752] Call Trace: [ 206.526309][ T7752] [ 206.527610][ T7752] dump_stack_lvl+0x16c/0x1f0 [ 206.529675][ T7752] should_fail_ex+0x497/0x5b0 [ 206.531733][ T7752] should_failslab+0xc2/0x120 [ 206.533533][ T7752] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 206.535752][ T7752] ? __build_skb+0x3f/0x90 [ 206.537678][ T7752] __build_skb+0x3f/0x90 [ 206.539504][ T7752] netlink_alloc_large_skb+0xb5/0x130 [ 206.541747][ T7752] netlink_sendmsg+0x689/0xd70 [ 206.543788][ T7752] ? __pfx_netlink_sendmsg+0x10/0x10 [ 206.546015][ T7752] sock_sendmsg+0x3cb/0x470 [ 206.547979][ T7752] ? __pfx_sock_sendmsg+0x10/0x10 [ 206.550140][ T7752] ? find_held_lock+0x2d/0x110 [ 206.552208][ T7752] ? const_folio_flags.constprop.0+0x56/0x150 [ 206.554766][ T7752] splice_to_socket+0xab2/0x1040 [ 206.556746][ T7752] ? __pfx_splice_to_socket+0x10/0x10 [ 206.559001][ T7752] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 206.561533][ T7752] ? __pfx_shmem_file_splice_read+0x10/0x10 [ 206.564047][ T7752] ? __pfx_splice_to_socket+0x10/0x10 [ 206.566227][ T7752] direct_splice_actor+0x19b/0x6d0 [ 206.568427][ T7752] splice_direct_to_actor+0x346/0xa40 [ 206.570714][ T7752] ? __pfx_direct_splice_actor+0x10/0x10 [ 206.573075][ T7752] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 206.575371][ T7752] ? __pfx_file_has_perm+0x10/0x10 [ 206.577551][ T7752] do_splice_direct+0x17e/0x250 [ 206.579618][ T7752] ? __pfx_do_splice_direct+0x10/0x10 [ 206.581644][ T7752] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 206.583890][ T7752] ? security_file_permission+0x98/0xc0 [ 206.585950][ T7752] do_sendfile+0xb1e/0xe50 [ 206.587639][ T7752] ? __pfx_do_sendfile+0x10/0x10 [ 206.589506][ T7752] __x64_sys_sendfile64+0x1da/0x220 [ 206.589644][ T7736] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 206.591501][ T7752] ? ksys_write+0x1ab/0x260 [ 206.591521][ T7752] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 206.591543][ T7752] do_syscall_64+0xcd/0x250 [ 206.591566][ T7752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.591591][ T7752] RIP: 0033:0x7f0f1e3779f9 [ 206.591606][ T7752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 206.594833][ T7736] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512) [ 206.596334][ T7752] RSP: 002b:00007f0f1f1ff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 206.596354][ T7752] RAX: ffffffffffffffda RBX: 00007f0f1e506058 RCX: 00007f0f1e3779f9 [ 206.596366][ T7752] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000006 [ 206.596376][ T7752] RBP: 00007f0f1f1ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 206.596388][ T7752] R10: 000000010000a007 R11: 0000000000000246 R12: 0000000000000001 [ 206.632227][ T7752] R13: 000000000000006e R14: 00007f0f1e506058 R15: 00007fffcb8bd9b8 [ 206.634942][ T7752] [ 206.794132][ T830] usbhid 6-1:0.0: can't add hid device: -71 [ 206.918400][ T7757] ieee802154 phy0 wpan0: encryption failed: -22 [ 207.047365][ T830] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 207.058302][ T830] usb 6-1: USB disconnect, device number 12 [ 208.385515][ T39] audit: type=1400 audit(1722636368.944:354): avc: denied { create } for pid=7785 comm="syz.2.617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 208.565418][ T39] audit: type=1400 audit(1722636369.134:355): avc: denied { write } for pid=7785 comm="syz.2.617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 209.173602][ T39] audit: type=1400 audit(1722636369.744:356): avc: denied { read } for pid=7793 comm="syz.1.619" path="socket:[22167]" dev="sockfs" ino=22167 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1 [ 209.536842][ T830] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 209.752618][ T830] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 209.761571][ T830] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 209.766390][ T830] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 209.771023][ T830] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 209.778291][ T830] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 209.782359][ T830] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 209.786074][ T830] usb 7-1: Manufacturer: syz [ 209.791712][ T830] usb 7-1: config 0 descriptor?? [ 210.217023][ T830] usbhid 7-1:0.0: can't add hid device: -71 [ 210.219837][ T830] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 210.231155][ T830] usb 7-1: USB disconnect, device number 13 [ 212.987553][ T7855] fuse: Unknown parameter 'g"' [ 213.963663][ T7863] fuse: Unknown parameter 'g"' [ 214.347256][ T7868] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 215.743201][ T7885] ieee802154 phy0 wpan0: encryption failed: -22 [ 215.848105][ T7891] random: crng reseeded on system resumption [ 217.849531][ T7933] fuse: Unknown parameter 'g"' [ 218.404032][ T7937] random: crng reseeded on system resumption [ 218.440074][ T7941] 9pnet_virtio: no channels available for device syz [ 219.246901][ T7956] 9pnet_virtio: no channels available for device syz [ 219.332391][ T7956] random: crng reseeded on system resumption [ 220.039735][ T5378] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 220.216749][ T5378] usb 5-1: Using ep0 maxpacket: 8 [ 220.221024][ T5378] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 220.226199][ T5378] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 220.231902][ T5378] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 220.238022][ T5378] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 220.242371][ T5378] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 220.251212][ T5378] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 220.255448][ T5378] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.473528][ T5378] usb 5-1: GET_CAPABILITIES returned 0 [ 220.476566][ T5378] usbtmc 5-1:16.0: can't read capabilities [ 220.791293][ T7976] random: crng reseeded on system resumption [ 220.809416][ T7972] ieee802154 phy0 wpan0: encryption failed: -22 [ 222.276712][ T5377] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 222.460481][ T5377] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 222.465663][ T5377] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 222.470517][ T5377] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 222.474479][ T5377] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 222.489965][ T5377] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 222.493808][ T5377] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 222.514855][ T5377] usb 8-1: Manufacturer: syz [ 222.519501][ T5377] usb 8-1: config 0 descriptor?? [ 222.950236][ T5377] usbhid 8-1:0.0: can't add hid device: -71 [ 222.965017][ T5377] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 222.977576][ T5377] usb 8-1: USB disconnect, device number 14 [ 223.741511][ T8025] ieee802154 phy0 wpan0: encryption failed: -22 [ 223.796779][ T5340] usb 8-1: new high-speed USB device number 15 using dummy_hcd [ 223.978716][ T5340] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 223.983672][ T5340] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 223.987845][ T5340] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 223.991465][ T5340] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 223.998343][ T5340] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 224.001384][ T5340] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 224.004179][ T5340] usb 8-1: Manufacturer: syz [ 224.007565][ T5340] usb 8-1: config 0 descriptor?? [ 224.434513][ T5340] usbhid 8-1:0.0: can't add hid device: -71 [ 224.437530][ T5340] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 224.442256][ T5340] usb 8-1: USB disconnect, device number 15 [ 225.747683][ T7960] usbtmc 5-1:16.0: stb usb_control_msg returned -110 [ 225.751623][ T7983] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -90 [ 225.772499][ T5340] usb 5-1: USB disconnect, device number 9 [ 225.984009][ T8063] netlink: 20 bytes leftover after parsing attributes in process `syz.3.684'. [ 226.206750][ T5340] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 226.400535][ T5340] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 226.405513][ T5340] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 226.410951][ T5340] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 226.415210][ T5340] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 226.426068][ T5340] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 226.430753][ T5340] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 226.435558][ T5340] usb 5-1: Manufacturer: syz [ 226.440901][ T5340] usb 5-1: config 0 descriptor?? [ 226.889837][ T5340] usbhid 5-1:0.0: can't add hid device: -71 [ 226.892771][ T5340] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 226.912765][ T5340] usb 5-1: USB disconnect, device number 10 [ 227.568816][ T8086] random: crng reseeded on system resumption [ 228.006912][ T8094] netlink: 'syz.1.693': attribute type 10 has an invalid length. [ 228.062785][ T39] audit: type=1400 audit(1722636388.634:357): avc: denied { write } for pid=8096 comm="syz.1.694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 228.074652][ T39] audit: type=1400 audit(1722636388.634:358): avc: denied { read } for pid=8096 comm="syz.1.694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 228.537655][ T39] audit: type=1400 audit(1722636389.114:359): avc: denied { execute } for pid=8099 comm="syz.2.695" path="/dev/audio1" dev="devtmpfs" ino=1133 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1 [ 228.924611][ T8102] ieee802154 phy0 wpan0: encryption failed: -22 [ 228.951472][ T8112] netlink: 'syz.3.698': attribute type 11 has an invalid length. [ 229.192880][ T8125] fuse: Unknown parameter 'g"' [ 229.256808][ T5340] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 229.458067][ T5340] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 229.462985][ T5340] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 229.468118][ T5340] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 229.472656][ T5340] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 229.483785][ T5340] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 229.488297][ T5340] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 229.492331][ T5340] usb 6-1: Manufacturer: syz [ 229.507133][ T5340] usb 6-1: config 0 descriptor?? [ 229.959822][ T5340] usbhid 6-1:0.0: can't add hid device: -71 [ 229.964469][ T5340] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 229.983267][ T5340] usb 6-1: USB disconnect, device number 13 [ 230.239766][ T8129] random: crng reseeded on system resumption [ 230.551677][ T8145] 9pnet_virtio: no channels available for device syz [ 230.663764][ T8145] random: crng reseeded on system resumption [ 232.702219][ T8179] fuse: Unknown parameter 'g"' [ 233.916759][ T5340] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 234.096806][ T5340] usb 8-1: Using ep0 maxpacket: 8 [ 234.108991][ T5340] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 234.113373][ T5340] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 234.117256][ T5340] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 234.120892][ T5340] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 234.124611][ T5340] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 234.129432][ T5340] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 234.132732][ T5340] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.341430][ T5340] usb 8-1: GET_CAPABILITIES returned 0 [ 234.343527][ T5340] usbtmc 8-1:16.0: can't read capabilities [ 234.543018][ T8193] usbtmc 8-1:16.0: send_request_dev_dep_msg_in returned -90 [ 234.596729][ T1165] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 234.787017][ T1165] usb 7-1: Using ep0 maxpacket: 8 [ 234.792128][ T1165] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 234.795531][ T1165] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 234.799689][ T1165] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 234.803826][ T1165] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 234.809168][ T1165] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 234.815527][ T1165] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 234.819066][ T1165] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.039640][ T1165] usb 7-1: GET_CAPABILITIES returned 0 [ 235.042140][ T1165] usbtmc 7-1:16.0: can't read capabilities [ 235.248407][ T8198] usbtmc 8-1:16.0: send_request_dev_dep_msg_in returned -90 [ 235.844665][ T8215] random: crng reseeded on system resumption [ 236.056368][ T8220] 9pnet_virtio: no channels available for device syz [ 236.160327][ T8220] random: crng reseeded on system resumption [ 236.657511][ T984] usb 8-1: USB disconnect, device number 16 [ 236.779575][ T8227] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 237.313816][ T8199] usb 7-1: USB disconnect, device number 14 [ 238.723514][ T39] audit: type=1400 audit(1722636399.294:360): avc: denied { unlink } for pid=8254 comm="syz.2.738" name="#1" dev="tmpfs" ino=1028 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 238.729536][ T8255] FAULT_INJECTION: forcing a failure. [ 238.729536][ T8255] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 238.733347][ T39] audit: type=1400 audit(1722636399.294:361): avc: denied { mount } for pid=8254 comm="syz.2.738" name="/" dev="overlay" ino=1022 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 238.738432][ T8255] CPU: 3 UID: 0 PID: 8255 Comm: syz.2.738 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 238.751789][ T8255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 238.756345][ T8255] Call Trace: [ 238.757850][ T8255] [ 238.759134][ T8255] dump_stack_lvl+0x16c/0x1f0 [ 238.761375][ T8255] should_fail_ex+0x497/0x5b0 [ 238.763430][ T8255] strncpy_from_user+0x38/0x320 [ 238.765529][ T8255] getname_flags.part.0+0x8f/0x550 [ 238.767797][ T8255] getname+0x8d/0xe0 [ 238.769479][ T8255] do_sys_openat2+0x104/0x1e0 [ 238.771521][ T8255] ? __pfx_do_sys_openat2+0x10/0x10 [ 238.773877][ T8255] __x64_sys_creat+0xcd/0x120 [ 238.775928][ T8255] ? __pfx___x64_sys_creat+0x10/0x10 [ 238.778152][ T8255] ? __pfx_ksys_write+0x10/0x10 [ 238.780284][ T8255] ? do_syscall_64+0x91/0x250 [ 238.782207][ T8255] do_syscall_64+0xcd/0x250 [ 238.784028][ T8255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.786065][ T8255] RIP: 0033:0x7f0f1e3779f9 [ 238.787845][ T8255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.795227][ T8255] RSP: 002b:00007f0f1f220048 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 238.798848][ T8255] RAX: ffffffffffffffda RBX: 00007f0f1e505f80 RCX: 00007f0f1e3779f9 [ 238.802486][ T8255] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 238.805718][ T8255] RBP: 00007f0f1f2200a0 R08: 0000000000000000 R09: 0000000000000000 [ 238.809026][ T8255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 238.811918][ T8255] R13: 000000000000000b R14: 00007f0f1e505f80 R15: 00007fffcb8bd9b8 [ 238.815169][ T8255] [ 238.905914][ T8253] ieee802154 phy0 wpan0: encryption failed: -22 [ 238.968381][ T39] audit: type=1400 audit(1722636399.544:362): avc: denied { create } for pid=8260 comm="syz.2.739" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1 [ 240.466895][ T1165] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 240.658773][ T1165] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 240.663508][ T1165] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 240.668783][ T1165] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 240.673408][ T1165] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 240.682943][ T1165] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 240.686091][ T1165] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 240.689920][ T1165] usb 5-1: Manufacturer: syz [ 240.694784][ T1165] usb 5-1: config 0 descriptor?? [ 240.952623][ T8299] ieee802154 phy0 wpan0: encryption failed: -22 [ 241.133585][ T1165] usbhid 5-1:0.0: can't add hid device: -71 [ 241.136127][ T1165] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 241.142191][ T1165] usb 5-1: USB disconnect, device number 11 [ 241.736889][ T39] audit: type=1400 audit(1722636402.304:363): avc: denied { setopt } for pid=8317 comm="syz.2.754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 241.746186][ T39] audit: type=1400 audit(1722636402.314:364): avc: denied { create } for pid=8317 comm="syz.2.754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 241.757452][ T39] audit: type=1400 audit(1722636402.314:365): avc: denied { connect } for pid=8317 comm="syz.2.754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 241.765679][ T39] audit: type=1400 audit(1722636402.314:366): avc: denied { setopt } for pid=8317 comm="syz.2.754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 241.776078][ T39] audit: type=1400 audit(1722636402.314:367): avc: denied { write } for pid=8317 comm="syz.2.754" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 241.876701][ T1165] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 242.058669][ T1165] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 242.062642][ T1165] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 242.067478][ T1165] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 242.071845][ T1165] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 242.078651][ T1165] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 242.082582][ T1165] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 242.086033][ T1165] usb 6-1: Manufacturer: syz [ 242.101018][ T1165] usb 6-1: config 0 descriptor?? [ 242.731889][ T1165] usbhid 6-1:0.0: can't add hid device: -71 [ 242.735081][ T1165] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 242.762185][ T39] audit: type=1400 audit(1722636403.324:368): avc: denied { connect } for pid=8331 comm="syz.0.757" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 242.776727][ T1165] usb 6-1: USB disconnect, device number 14 [ 242.862797][ T39] audit: type=1400 audit(1722636403.434:369): avc: denied { search } for pid=5043 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 245.165008][ T39] kauditd_printk_skb: 3 callbacks suppressed [ 245.165025][ T39] audit: type=1400 audit(1722636405.734:373): avc: denied { mount } for pid=8365 comm="syz.1.766" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 245.966917][ T39] audit: type=1400 audit(1722636406.534:374): avc: denied { unmount } for pid=5335 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 246.236791][ T8199] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 246.419415][ T8199] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 246.424457][ T8199] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.438293][ T8199] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 246.446874][ T8199] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 246.458541][ T8199] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 246.467085][ T8199] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 246.476541][ T8199] usb 7-1: Manufacturer: syz [ 246.503691][ T8199] usb 7-1: config 0 descriptor?? [ 246.566763][ T830] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 246.778221][ T830] usb 8-1: Using ep0 maxpacket: 8 [ 246.785799][ T830] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 246.789698][ T830] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 246.794046][ T830] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 246.801796][ T830] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 246.806249][ T830] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 246.813094][ T830] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 246.818908][ T830] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.954389][ T8388] ieee802154 phy0 wpan0: encryption failed: -22 [ 247.030582][ T830] usb 8-1: GET_CAPABILITIES returned 0 [ 247.033181][ T830] usbtmc 8-1:16.0: can't read capabilities [ 247.131901][ T8199] usbhid 7-1:0.0: can't add hid device: -71 [ 247.135483][ T8199] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 247.141281][ T8199] usb 7-1: USB disconnect, device number 15 [ 247.233439][ T8380] usbtmc 8-1:16.0: send_request_dev_dep_msg_in returned -90 [ 247.757604][ T39] audit: type=1400 audit(1722636408.334:375): avc: denied { create } for pid=8395 comm="syz.2.774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 247.773484][ T39] audit: type=1400 audit(1722636408.344:376): avc: denied { ioctl } for pid=8395 comm="syz.2.774" path="socket:[24139]" dev="sockfs" ino=24139 ioctlcmd=0x89e9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 247.799003][ T39] audit: type=1400 audit(1722636408.374:377): avc: denied { create } for pid=8395 comm="syz.2.774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 248.623965][ T8409] FAULT_INJECTION: forcing a failure. [ 248.623965][ T8409] name failslab, interval 1, probability 0, space 0, times 0 [ 248.629333][ T8409] CPU: 2 UID: 3327 PID: 8409 Comm: syz.1.779 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 248.634342][ T8409] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 248.639491][ T8409] Call Trace: [ 248.641418][ T8409] [ 248.642997][ T8409] dump_stack_lvl+0x16c/0x1f0 [ 248.645081][ T8409] should_fail_ex+0x497/0x5b0 [ 248.647555][ T8409] ? fs_reclaim_acquire+0xae/0x160 [ 248.650625][ T8409] should_failslab+0xc2/0x120 [ 248.653189][ T8409] __kmalloc_noprof+0xcb/0x400 [ 248.655253][ T8409] security_prepare_creds+0x22b/0x2e0 [ 248.657498][ T8409] prepare_creds+0x540/0x750 [ 248.659032][ T8409] do_faccessat+0x4a8/0xae0 [ 248.660949][ T8409] ? __pfx_do_faccessat+0x10/0x10 [ 248.663231][ T8409] do_syscall_64+0xcd/0x250 [ 248.665377][ T8409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 248.668321][ T8409] RIP: 0033:0x7f25849779f9 [ 248.670390][ T8409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 248.678931][ T8409] RSP: 002b:00007f2585731048 EFLAGS: 00000246 ORIG_RAX: 00000000000001b7 [ 248.682686][ T8409] RAX: ffffffffffffffda RBX: 00007f2584b05f80 RCX: 00007f25849779f9 [ 248.686240][ T8409] RDX: 0000000000000000 RSI: 0000000020000080 RDI: ffffffffffffff9c [ 248.689637][ T8409] RBP: 00007f25857310a0 R08: 0000000000000000 R09: 0000000000000000 [ 248.693045][ T8409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 248.696265][ T8409] R13: 000000000000000b R14: 00007f2584b05f80 R15: 00007ffde5b52958 [ 248.699875][ T8409] [ 249.276213][ T10] usb 8-1: USB disconnect, device number 17 [ 249.700280][ T10] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 249.929082][ T10] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 250.034170][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 250.040432][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 250.046906][ T10] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 250.074501][ T10] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 250.078850][ T10] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 250.082597][ T10] usb 8-1: Manufacturer: syz [ 250.677250][ T10] usb 8-1: config 0 descriptor?? [ 251.574718][ T10] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 251.588714][ T10] appleir 0003:05AC:8243.0003: No inputs registered, leaving [ 251.606182][ T10] appleir 0003:05AC:8243.0003: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 251.684373][ T39] audit: type=1400 audit(1722636412.254:378): avc: denied { bind } for pid=8442 comm="syz.2.787" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 251.751287][ T8445] netlink: 28 bytes leftover after parsing attributes in process `syz.2.787'. [ 251.775849][ T5378] usb 8-1: USB disconnect, device number 18 [ 253.080853][ T39] audit: type=1400 audit(1722636413.654:379): avc: denied { create } for pid=8460 comm="syz.0.792" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 253.240581][ T8465] 9pnet_virtio: no channels available for device syz [ 253.855582][ T8469] fuse: Unknown parameter 'g"' [ 254.444807][ T8475] fuse: Unknown parameter 'g"' [ 255.196868][ T5378] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 255.388611][ T5378] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 255.393188][ T5378] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 255.401130][ T5378] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 255.406753][ T5378] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 255.413991][ T5378] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 255.418133][ T5378] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 255.421701][ T5378] usb 6-1: Manufacturer: syz [ 255.426008][ T5378] usb 6-1: config 0 descriptor?? [ 255.831077][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.878817][ T5378] appleir 0003:05AC:8243.0004: unknown main item tag 0x0 [ 255.880505][ C0] vkms_vblank_simulate: vblank timer overrun [ 255.882932][ T5378] appleir 0003:05AC:8243.0004: No inputs registered, leaving [ 255.893195][ T5378] appleir 0003:05AC:8243.0004: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 255.897800][ T8498] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.080610][ T984] usb 6-1: USB disconnect, device number 15 [ 256.676815][ T8501] random: crng reseeded on system resumption [ 256.816831][ T8512] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 257.739154][ T8522] fuse: Unknown parameter 'g"' [ 259.052094][ T39] audit: type=1326 audit(1722636419.624:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8536 comm="syz.0.813" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f16f71779f9 code=0x0 [ 259.130084][ T39] audit: type=1400 audit(1722636419.704:381): avc: denied { create } for pid=8542 comm="syz.3.815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 259.139337][ T39] audit: type=1400 audit(1722636419.714:382): avc: denied { setopt } for pid=8542 comm="syz.3.815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 259.234346][ T39] audit: type=1400 audit(1722636419.804:383): avc: denied { bind } for pid=8542 comm="syz.3.815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 259.379732][ T8554] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 259.861943][ T8558] random: crng reseeded on system resumption [ 260.463595][ T8574] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 261.174786][ T8577] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 261.491052][ T39] audit: type=1400 audit(1722636422.064:384): avc: denied { read } for pid=8583 comm="syz.2.826" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 261.493223][ T5344] Bluetooth: hci1: Received unexpected HCI Event 0x00 [ 261.519328][ T8584] netlink: 'syz.2.826': attribute type 5 has an invalid length. [ 262.116738][ T10] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 262.212913][ T8608] random: crng reseeded on system resumption [ 262.315346][ T10] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 262.321477][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 262.329750][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 262.337471][ T10] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 262.358558][ T10] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 262.366778][ T10] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 262.373614][ T10] usb 8-1: Manufacturer: syz [ 262.383885][ T10] usb 8-1: config 0 descriptor?? [ 262.669675][ T8613] 9pnet_virtio: no channels available for device syz [ 262.823907][ T10] appleir 0003:05AC:8243.0005: unknown main item tag 0x0 [ 262.831662][ T10] appleir 0003:05AC:8243.0005: No inputs registered, leaving [ 262.834764][ T8613] random: crng reseeded on system resumption [ 262.852811][ T10] appleir 0003:05AC:8243.0005: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 263.093557][ T10] usb 8-1: USB disconnect, device number 19 [ 263.327037][ T8618] random: crng reseeded on system resumption [ 263.933091][ T8633] IPVS: Error joining to the multicast group [ 264.026805][ T5378] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 264.265806][ T5378] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 264.270962][ T5378] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 264.276347][ T5378] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 264.284232][ T5378] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 264.293358][ T5378] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 264.297583][ T5378] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 264.306907][ T5378] usb 6-1: Manufacturer: syz [ 264.320959][ T5378] usb 6-1: config 0 descriptor?? [ 264.470144][ T8640] FAULT_INJECTION: forcing a failure. [ 264.470144][ T8640] name failslab, interval 1, probability 0, space 0, times 0 [ 264.475737][ T8640] CPU: 2 UID: 0 PID: 8640 Comm: syz.0.841 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 264.480142][ T8640] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 264.484842][ T8640] Call Trace: [ 264.486373][ T8640] [ 264.487539][ T8640] dump_stack_lvl+0x16c/0x1f0 [ 264.489499][ T8640] should_fail_ex+0x497/0x5b0 [ 264.491439][ T8640] ? fs_reclaim_acquire+0xae/0x160 [ 264.493561][ T8640] should_failslab+0xc2/0x120 [ 264.495627][ T8640] __kmalloc_noprof+0xcb/0x400 [ 264.497714][ T8640] ? __pfx_lock_acquire+0x10/0x10 [ 264.499914][ T8640] tomoyo_realpath_from_path+0xb9/0x720 [ 264.502352][ T8640] ? tomoyo_profile+0x47/0x60 [ 264.504212][ T8640] tomoyo_path_number_perm+0x245/0x590 [ 264.506587][ T8640] ? tomoyo_path_number_perm+0x232/0x590 [ 264.509162][ T8640] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 264.511848][ T8640] ? __switch_to+0x749/0x1180 [ 264.515878][ T8640] ? __pfx___schedule+0x10/0x10 [ 264.518087][ T8640] ? __fget_files+0x256/0x400 [ 264.520207][ T8640] security_file_ioctl+0x75/0xc0 [ 264.522508][ T8640] __x64_sys_ioctl+0xbb/0x220 [ 264.524504][ T8640] do_syscall_64+0xcd/0x250 [ 264.526559][ T8640] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.529175][ T8640] RIP: 0033:0x7f16f71779f9 [ 264.531169][ T8640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.538934][ T8640] RSP: 002b:00007f16f7e6a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 264.542085][ T8640] RAX: ffffffffffffffda RBX: 00007f16f7305f80 RCX: 00007f16f71779f9 [ 264.544787][ T8640] RDX: 00000000200002c0 RSI: 0000000000004c0a RDI: 0000000000000003 [ 264.547507][ T8640] RBP: 00007f16f7e6a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 264.550439][ T8640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 264.553658][ T8640] R13: 000000000000000b R14: 00007f16f7305f80 R15: 00007ffebef30438 [ 264.556909][ T8640] [ 264.565762][ T8640] ERROR: Out of memory at tomoyo_realpath_from_path. [ 264.568905][ T8640] loop0: detected capacity change from 0 to 7 [ 264.576429][ T8640] Dev loop0: unable to read RDB block 7 [ 264.581081][ T8640] loop0: unable to read partition table [ 264.584279][ T8640] loop0: partition table beyond EOD, truncated [ 264.588010][ T8640] loop_reread_partitions: partition scan of loop0 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨â·û [ 264.588010][ T8640] ) failed (rc=-5) [ 264.782843][ T5378] usbhid 6-1:0.0: can't add hid device: -71 [ 264.785201][ T5378] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 264.792669][ T5378] usb 6-1: USB disconnect, device number 16 [ 265.586802][ T8199] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 265.741343][ T8662] ieee802154 phy0 wpan0: encryption failed: -22 [ 265.772085][ T8199] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 265.776886][ T8199] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 265.781534][ T8199] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 265.785550][ T8199] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 265.792752][ T8199] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 265.796715][ T8199] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 265.800056][ T8199] usb 6-1: Manufacturer: syz [ 265.804205][ T8199] usb 6-1: config 0 descriptor?? [ 265.891015][ T8665] ieee802154 phy0 wpan0: encryption failed: -22 [ 266.221066][ T8199] appleir 0003:05AC:8243.0006: unknown main item tag 0x0 [ 266.225115][ T8199] appleir 0003:05AC:8243.0006: No inputs registered, leaving [ 266.232830][ T8199] appleir 0003:05AC:8243.0006: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 266.515311][ T8199] usb 6-1: USB disconnect, device number 17 [ 268.022727][ T8695] netlink: 28 bytes leftover after parsing attributes in process `syz.3.855'. [ 268.624884][ T8702] ieee802154 phy0 wpan0: encryption failed: -22 [ 269.526871][ T5378] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 269.716747][ T5378] usb 5-1: Using ep0 maxpacket: 8 [ 269.734149][ T5378] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 269.738155][ T5378] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 269.742771][ T5378] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 269.747657][ T5378] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 269.751687][ T5378] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 269.757833][ T5378] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 269.761899][ T5378] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.951096][ T8717] fuse: Unknown parameter 'g"' [ 270.007434][ T5378] usb 5-1: usb_control_msg returned -32 [ 270.011040][ T5378] usbtmc 5-1:16.0: can't read capabilities [ 270.027093][ T5378] usb 5-1: USB disconnect, device number 12 [ 271.129587][ T8731] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 271.281414][ T8738] random: crng reseeded on system resumption [ 271.497710][ T39] audit: type=1400 audit(1722636432.074:385): avc: denied { create } for pid=8743 comm="syz.3.870" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 271.521704][ T39] audit: type=1400 audit(1722636432.074:386): avc: denied { write } for pid=8743 comm="syz.3.870" name="file0" dev="tmpfs" ino=1123 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 271.531303][ T39] audit: type=1400 audit(1722636432.074:387): avc: denied { open } for pid=8743 comm="syz.3.870" path="/201/file0" dev="tmpfs" ino=1123 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 271.541127][ T39] audit: type=1400 audit(1722636432.084:388): avc: denied { ioctl } for pid=8743 comm="syz.3.870" path="/201/file0" dev="tmpfs" ino=1123 ioctlcmd=0x1275 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 271.828898][ T39] audit: type=1400 audit(1722636432.404:389): avc: denied { unlink } for pid=5332 comm="syz-executor" name="file0" dev="tmpfs" ino=1123 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 272.187759][ T830] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 272.397334][ T830] usb 8-1: Using ep0 maxpacket: 8 [ 272.434473][ T830] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 272.440460][ T830] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 272.444394][ T8759] fuse: Unknown parameter 'g"' [ 272.445824][ T830] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 272.456750][ T830] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 272.473739][ T830] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 272.480769][ T830] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 272.485075][ T830] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.764302][ T830] usb 8-1: usb_control_msg returned -32 [ 272.769626][ T830] usbtmc 8-1:16.0: can't read capabilities [ 272.786966][ T830] usb 8-1: USB disconnect, device number 20 [ 273.007060][ T8767] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 274.395836][ T8789] netlink: 134744 bytes leftover after parsing attributes in process `syz.0.884'. [ 274.477507][ T39] audit: type=1400 audit(1722636435.054:390): avc: denied { read write } for pid=8791 comm="syz.3.885" name="vhost-vsock" dev="devtmpfs" ino=1118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 274.487560][ T39] audit: type=1400 audit(1722636435.054:391): avc: denied { open } for pid=8791 comm="syz.3.885" path="/dev/vhost-vsock" dev="devtmpfs" ino=1118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 274.503222][ T39] audit: type=1400 audit(1722636435.074:392): avc: denied { ioctl } for pid=8791 comm="syz.3.885" path="/dev/vhost-vsock" dev="devtmpfs" ino=1118 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 274.921375][ T8793] random: crng reseeded on system resumption [ 275.548643][ T8806] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 275.594674][ T8808] fuse: Unknown parameter 'g"' [ 275.746279][ T8798] 9pnet_fd: p9_fd_create_tcp (8798): problem connecting socket to 127.0.0.1 [ 276.062492][ T8814] block nbd0: shutting down sockets [ 276.096722][ T984] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 276.306925][ T984] usb 6-1: Using ep0 maxpacket: 8 [ 276.311097][ T984] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 276.314747][ T984] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 276.319237][ T984] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 276.323274][ T984] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 276.330376][ T984] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 276.336948][ T984] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 276.341988][ T984] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.506772][ T39] audit: type=1400 audit(1722636437.074:393): avc: denied { mount } for pid=8819 comm="syz.2.892" name="/" dev="configfs" ino=2148 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 276.563191][ T984] usb 6-1: usb_control_msg returned -32 [ 276.565405][ T984] usbtmc 6-1:16.0: can't read capabilities [ 276.571343][ T8821] overlayfs: missing 'lowerdir' [ 276.572254][ T39] audit: type=1400 audit(1722636437.144:394): avc: denied { mounton } for pid=8819 comm="syz.2.892" path="/220/file0" dev="configfs" ino=2148 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 276.577516][ T984] usb 6-1: USB disconnect, device number 18 [ 276.607334][ T8821] syz.2.892 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 277.494584][ T39] audit: type=1400 audit(1722636438.064:395): avc: denied { unmount } for pid=5333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 277.686912][ T8835] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 278.000930][ T8840] random: crng reseeded on system resumption [ 278.292515][ T8847] fuse: Bad value for 'fd' [ 279.106905][ T8199] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 279.298538][ T8199] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 279.303026][ T8199] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.311857][ T8199] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 279.316123][ T8199] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 279.324345][ T8199] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 279.328320][ T8199] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 279.332221][ T8199] usb 7-1: Manufacturer: syz [ 279.375616][ T8199] usb 7-1: config 0 descriptor?? [ 280.010186][ T8199] usbhid 7-1:0.0: can't add hid device: -71 [ 280.013197][ T8199] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 280.019637][ T8199] usb 7-1: USB disconnect, device number 16 [ 280.200072][ T8872] ieee802154 phy0 wpan0: encryption failed: -22 [ 282.944787][ T8918] random: crng reseeded on system resumption [ 283.025039][ T39] audit: type=1400 audit(1722636443.594:396): avc: denied { getopt } for pid=8925 comm="syz.2.918" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1 [ 283.236797][ T830] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 283.441985][ T830] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 283.446765][ T830] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 283.451650][ T830] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 283.455568][ T830] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 283.462576][ T830] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 283.466586][ T830] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 283.469541][ T830] usb 5-1: Manufacturer: syz [ 283.472904][ T830] usb 5-1: config 0 descriptor?? [ 283.888686][ T830] appleir 0003:05AC:8243.0007: unknown main item tag 0x0 [ 283.895764][ T830] appleir 0003:05AC:8243.0007: No inputs registered, leaving [ 283.905082][ T830] appleir 0003:05AC:8243.0007: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 284.103511][ T984] usb 5-1: USB disconnect, device number 13 [ 284.139475][ T8942] fuse: Unknown parameter 'g"' [ 284.679166][ T8954] FAULT_INJECTION: forcing a failure. [ 284.679166][ T8954] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 284.685047][ T8954] CPU: 0 UID: 0 PID: 8954 Comm: syz.0.927 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 284.689531][ T8954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 284.694099][ T8954] Call Trace: [ 284.695543][ T8954] [ 284.696826][ T8954] dump_stack_lvl+0x16c/0x1f0 [ 284.698964][ T8954] should_fail_ex+0x497/0x5b0 [ 284.700981][ T8954] _copy_from_user+0x30/0xf0 [ 284.703029][ T8954] add_rule_path_beneath+0xad/0x510 [ 284.705174][ T8954] ? __fget_files+0x256/0x400 [ 284.707455][ T8954] ? __pfx_add_rule_path_beneath+0x10/0x10 [ 284.709954][ T8954] ? fput+0x32/0x390 [ 284.711649][ T8954] __x64_sys_landlock_add_rule+0x19f/0x230 [ 284.714128][ T8954] do_syscall_64+0xcd/0x250 [ 284.715974][ T8954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 284.718515][ T8954] RIP: 0033:0x7f16f71779f9 [ 284.720328][ T8954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 284.727406][ T8954] RSP: 002b:00007f16f7e6a048 EFLAGS: 00000246 ORIG_RAX: 00000000000001bd [ 284.730077][ T8954] RAX: ffffffffffffffda RBX: 00007f16f7305f80 RCX: 00007f16f71779f9 [ 284.733450][ T8954] RDX: 0000000020000140 RSI: 0000000000000001 RDI: 0000000000000003 [ 284.736607][ T8954] RBP: 00007f16f7e6a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 284.739804][ T8954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 284.743189][ T8954] R13: 000000000000000b R14: 00007f16f7305f80 R15: 00007ffebef30438 [ 284.746567][ T8954] [ 286.028081][ T8966] random: crng reseeded on system resumption [ 286.966861][ T830] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 287.151422][ T830] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 287.156312][ T830] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 287.162979][ T830] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 287.176956][ T830] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 287.183636][ T830] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 287.187741][ T830] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 287.191129][ T830] usb 7-1: Manufacturer: syz [ 287.201021][ T830] usb 7-1: config 0 descriptor?? [ 287.504212][ T8992] ieee802154 phy0 wpan0: encryption failed: -22 [ 287.508042][ T39] audit: type=1400 audit(1722636448.074:397): avc: denied { ioctl } for pid=8987 comm="syz.1.937" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=28314 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 287.634869][ T830] appleir 0003:05AC:8243.0008: unknown main item tag 0x0 [ 287.640072][ T830] appleir 0003:05AC:8243.0008: No inputs registered, leaving [ 287.647286][ T830] appleir 0003:05AC:8243.0008: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 287.738518][ T9006] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 287.831290][ T830] usb 7-1: USB disconnect, device number 17 [ 287.837347][ T9007] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 289.588997][ T9030] random: crng reseeded on system resumption [ 290.049530][ T9046] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 290.919277][ T9060] block nbd3: shutting down sockets [ 291.121775][ T9058] random: crng reseeded on system resumption [ 292.528471][ T9089] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 294.430667][ T9118] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode [ 294.446494][ T9118] netlink: 'syz.1.971': attribute type 10 has an invalid length. [ 294.449911][ T9118] mac80211_hwsim hwsim8 wlan1: left allmulticast mode [ 294.460649][ T9118] team0: Port device wlan1 added [ 295.229010][ T9128] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 295.426747][ T39] audit: type=1400 audit(1722636455.994:398): avc: denied { read write } for pid=9131 comm="syz.1.976" name="btrfs-control" dev="devtmpfs" ino=1152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 295.449405][ T39] audit: type=1400 audit(1722636455.994:399): avc: denied { open } for pid=9131 comm="syz.1.976" path="/dev/btrfs-control" dev="devtmpfs" ino=1152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 295.480921][ T39] audit: type=1400 audit(1722636456.054:400): avc: denied { ioctl } for pid=9131 comm="syz.1.976" path="/dev/btrfs-control" dev="devtmpfs" ino=1152 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1 [ 296.482872][ T9151] random: crng reseeded on system resumption [ 297.064053][ T9165] block nbd2: shutting down sockets [ 297.284905][ T9167] fuse: Unknown parameter 'g"' [ 297.816686][ T8199] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 297.860802][ T39] audit: type=1400 audit(1722636458.434:401): avc: denied { read } for pid=9177 comm="syz.3.989" name="binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 297.873354][ T39] audit: type=1400 audit(1722636458.434:402): avc: denied { open } for pid=9177 comm="syz.3.989" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 297.894386][ T39] audit: type=1400 audit(1722636458.464:403): avc: denied { ioctl } for pid=9177 comm="syz.3.989" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 297.986248][ T39] audit: type=1400 audit(1722636458.554:404): avc: denied { ioctl } for pid=9177 comm="syz.3.989" path="/231/file0/GPL" dev="9p" ino=36320794 ioctlcmd=0x3b85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 298.016677][ T39] audit: type=1400 audit(1722636458.574:405): avc: denied { append } for pid=9177 comm="syz.3.989" name="file0" dev="9p" ino=36320791 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 298.022802][ T9179] Process accounting resumed [ 298.031735][ T8199] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 298.031777][ T8199] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 298.031799][ T8199] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 298.031817][ T8199] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 298.033171][ T8199] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 298.047890][ T39] audit: type=1400 audit(1722636458.594:406): avc: denied { getattr } for pid=9177 comm="syz.3.989" name="/" dev="9p" ino=36320790 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 298.061549][ T8199] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 298.093260][ T8199] usb 7-1: Manufacturer: syz [ 298.097615][ T8199] usb 7-1: config 0 descriptor?? [ 298.516966][ T8199] appleir 0003:05AC:8243.0009: unknown main item tag 0x0 [ 298.520987][ T8199] appleir 0003:05AC:8243.0009: No inputs registered, leaving [ 298.529882][ T8199] appleir 0003:05AC:8243.0009: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 298.779974][ T30] usb 7-1: USB disconnect, device number 18 [ 298.816716][ T10] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 298.997759][ T10] usb 8-1: Using ep0 maxpacket: 8 [ 299.002948][ T9195] random: crng reseeded on system resumption [ 299.005326][ T10] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 299.009810][ T10] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 299.014084][ T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 299.014109][ T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 299.014129][ T10] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 299.014201][ T10] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 299.014223][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.233457][ T10] usb 8-1: GET_CAPABILITIES returned 0 [ 299.236014][ T10] usbtmc 8-1:16.0: can't read capabilities [ 299.560823][ T9189] usbtmc 8-1:16.0: stb usb_control_msg returned -32 [ 299.565637][ T10] usb 8-1: USB disconnect, device number 21 [ 299.984287][ T9213] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 300.056770][ T8199] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 300.246821][ T8199] usb 5-1: Using ep0 maxpacket: 8 [ 300.251677][ T8199] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 300.255253][ T8199] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 300.259287][ T8199] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 300.263235][ T8199] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 300.267343][ T8199] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 300.273011][ T8199] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 300.276966][ T8199] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.508966][ T8199] usb 5-1: GET_CAPABILITIES returned 0 [ 300.511918][ T8199] usbtmc 5-1:16.0: can't read capabilities [ 300.822114][ T9207] usbtmc 5-1:16.0: stb usb_control_msg returned -32 [ 300.834950][ T1165] usb 5-1: USB disconnect, device number 14 [ 301.685395][ T9238] random: crng reseeded on system resumption [ 302.736876][ T10] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 302.956748][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 302.962413][ T10] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 302.965968][ T10] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 302.970449][ T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 302.974066][ T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 302.978650][ T10] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 302.984104][ T10] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 302.989128][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.036159][ T9257] ieee802154 phy0 wpan0: encryption failed: -22 [ 303.213480][ T10] usb 6-1: GET_CAPABILITIES returned 0 [ 303.216045][ T10] usbtmc 6-1:16.0: can't read capabilities [ 303.436837][ T1165] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 303.523228][ T9254] usbtmc 6-1:16.0: stb usb_control_msg returned -32 [ 303.530302][ T8199] usb 6-1: USB disconnect, device number 19 [ 303.636853][ T1165] usb 8-1: Using ep0 maxpacket: 8 [ 303.642926][ T1165] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 303.647430][ T1165] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 303.651896][ T1165] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 303.655954][ T1165] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 303.660176][ T1165] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 303.665603][ T1165] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 303.669539][ T1165] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.901001][ T1165] usb 8-1: GET_CAPABILITIES returned 0 [ 303.903528][ T1165] usbtmc 8-1:16.0: can't read capabilities [ 304.210596][ T9273] usbtmc 8-1:16.0: stb usb_control_msg returned -32 [ 304.239172][ T8199] usb 8-1: USB disconnect, device number 22 [ 305.593608][ C0] vkms_vblank_simulate: vblank timer overrun [ 305.659707][ C0] vkms_vblank_simulate: vblank timer overrun [ 306.271334][ T9313] random: crng reseeded on system resumption [ 306.877844][ T8199] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 307.076781][ T8199] usb 7-1: Using ep0 maxpacket: 8 [ 307.081930][ T8199] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 307.085484][ T8199] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 307.089764][ T8199] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 307.093889][ T8199] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 307.098250][ T8199] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 307.103304][ T8199] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 307.107483][ T8199] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.300902][ T9324] random: crng reseeded on system resumption [ 307.331541][ T8199] usb 7-1: GET_CAPABILITIES returned 0 [ 307.334240][ T8199] usbtmc 7-1:16.0: can't read capabilities [ 307.646407][ T9318] usbtmc 7-1:16.0: stb usb_control_msg returned -32 [ 307.655749][ T30] usb 7-1: USB disconnect, device number 19 [ 310.083872][ T9367] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 310.133388][ T9369] input: syz0 as /devices/virtual/input/input81 [ 310.994538][ T9375] block nbd1: shutting down sockets [ 312.507238][ T9395] random: crng reseeded on system resumption [ 313.316368][ T9406] fuse: Unknown parameter 'g"' [ 313.375323][ T5349] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 313.381213][ T5349] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 313.385679][ T5349] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 313.393285][ T5349] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 313.400354][ T5349] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 313.405847][ T5349] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 313.416555][ T39] audit: type=1400 audit(1722636473.984:407): avc: denied { mounton } for pid=9408 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 313.695824][ T9408] chnl_net:caif_netlink_parms(): no params data found [ 313.856733][ T8199] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 313.866364][ T9408] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.870729][ T9408] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.874066][ T9408] bridge_slave_0: entered allmulticast mode [ 313.878897][ T9408] bridge_slave_0: entered promiscuous mode [ 313.886515][ T9408] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.891432][ T9408] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.894882][ T9408] bridge_slave_1: entered allmulticast mode [ 313.901799][ T9408] bridge_slave_1: entered promiscuous mode [ 313.996396][ T9408] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 314.006155][ T9408] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 314.058567][ T8199] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 314.064303][ T8199] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 314.069114][ T8199] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 314.073176][ T8199] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 314.080070][ T8199] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 314.083857][ T8199] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 314.086784][ T9408] team0: Port device team_slave_0 added [ 314.087843][ T8199] usb 8-1: Manufacturer: syz [ 314.094278][ T8199] usb 8-1: config 0 descriptor?? [ 314.099459][ T9408] team0: Port device team_slave_1 added [ 314.169242][ T9408] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 314.172021][ T9408] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.184436][ T9408] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 314.192009][ T9408] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 314.195019][ T9408] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.206976][ T9408] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 314.293302][ T9408] hsr_slave_0: entered promiscuous mode [ 314.298859][ T9408] hsr_slave_1: entered promiscuous mode [ 314.529701][ T8199] appleir 0003:05AC:8243.000A: unknown main item tag 0x0 [ 314.530254][ T9408] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.533037][ T8199] appleir 0003:05AC:8243.000A: No inputs registered, leaving [ 314.545593][ T8199] appleir 0003:05AC:8243.000A: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 314.635144][ T9408] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.763513][ T9408] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.806576][ T8199] usb 8-1: USB disconnect, device number 23 [ 314.853121][ T9408] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.979443][ T9408] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 314.989596][ T9408] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 314.999249][ T9408] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 315.008273][ T9408] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 315.098851][ T9408] 8021q: adding VLAN 0 to HW filter on device bond0 [ 315.117957][ T9408] 8021q: adding VLAN 0 to HW filter on device team0 [ 315.126562][ T5378] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.129849][ T5378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 315.149270][ T5378] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.152550][ T5378] bridge0: port 2(bridge_slave_1) entered forwarding state [ 315.225309][ T39] audit: type=1400 audit(1722636475.794:408): avc: denied { sys_module } for pid=9408 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 315.308163][ T9408] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 315.347964][ T9408] veth0_vlan: entered promiscuous mode [ 315.355502][ T9408] veth1_vlan: entered promiscuous mode [ 315.382367][ T9408] veth0_macvtap: entered promiscuous mode [ 315.394653][ T9408] veth1_macvtap: entered promiscuous mode [ 315.409273][ T9408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.414293][ T9408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.417404][ T9426] ieee802154 phy0 wpan0: encryption failed: -22 [ 315.418651][ T9408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.425717][ T9408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.426854][ T5349] Bluetooth: hci4: command tx timeout [ 315.432174][ T9408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.436427][ T9408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.440274][ T9408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 315.444309][ T9408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.451972][ T9408] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 315.461579][ T9408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.465775][ T9408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.473680][ T9408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.479469][ T9408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.483618][ T9408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.488475][ T9408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.492820][ T9408] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 315.496026][ T9408] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 315.503025][ T9408] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 315.513161][ T9408] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.518018][ T9408] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.521607][ T9408] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.525429][ T9408] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 315.622824][ T1022] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.626082][ T1022] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.657275][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 315.661982][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 315.670832][ T39] audit: type=1400 audit(1722636476.244:409): avc: denied { mounton } for pid=9408 comm="syz-executor" path="/syzkaller.RMUHSu/syz-tmp" dev="sda1" ino=1942 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 315.841419][ T9453] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.202144][ T9476] random: crng reseeded on system resumption [ 317.272088][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.506721][ T5344] Bluetooth: hci4: command tx timeout [ 317.523317][ T9489] block nbd1: shutting down sockets [ 319.010430][ T9515] block nbd1: shutting down sockets [ 319.596935][ T5344] Bluetooth: hci4: command 0x040f tx timeout [ 321.632491][ T9555] block nbd2: shutting down sockets [ 321.668001][ T5344] Bluetooth: hci4: command 0x040f tx timeout [ 322.225470][ C2] vkms_vblank_simulate: vblank timer overrun [ 322.386284][ T9567] ieee802154 phy0 wpan0: encryption failed: -22 [ 323.034309][ T9585] ieee802154 phy0 wpan0: encryption failed: -22 [ 323.296871][ T10] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 323.491554][ T10] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 323.496083][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 323.502457][ T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 323.511746][ T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 323.529501][ T10] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 323.537526][ T10] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 323.541249][ T10] usb 6-1: Manufacturer: syz [ 323.566323][ T10] usb 6-1: config 0 descriptor?? [ 323.747874][ T5349] Bluetooth: hci4: command 0x040f tx timeout [ 324.189749][ T10] appleir 0003:05AC:8243.000B: unknown main item tag 0x0 [ 324.193871][ T10] appleir 0003:05AC:8243.000B: No inputs registered, leaving [ 324.289695][ T10] appleir 0003:05AC:8243.000B: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 324.295862][ T10] usb 6-1: USB disconnect, device number 20 [ 324.603032][ T9617] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 325.176751][ T5340] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 325.386728][ T5340] usb 6-1: Using ep0 maxpacket: 8 [ 325.398336][ T5340] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 325.402527][ T5340] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 325.410220][ T5340] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 325.414208][ T5340] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 325.419041][ T5340] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 325.432570][ T5340] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 325.437493][ T5340] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.687763][ T5340] usb 6-1: GET_CAPABILITIES returned 0 [ 325.690472][ T5340] usbtmc 6-1:16.0: can't read capabilities [ 325.827233][ T5349] Bluetooth: hci4: command 0x040f tx timeout [ 326.001651][ T9620] usbtmc 6-1:16.0: stb usb_control_msg returned -32 [ 326.006088][ T10] usb 6-1: USB disconnect, device number 21 [ 326.266885][ T1165] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 326.456761][ T1165] usb 7-1: Using ep0 maxpacket: 8 [ 326.460919][ T1165] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 326.464125][ T1165] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 326.469100][ T1165] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 326.473299][ T1165] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 326.478180][ T1165] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 326.483982][ T1165] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 326.488336][ T1165] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.734297][ T1165] usb 7-1: GET_CAPABILITIES returned 0 [ 326.736756][ T1165] usbtmc 7-1:16.0: can't read capabilities [ 326.942427][ C2] vkms_vblank_simulate: vblank timer overrun [ 327.049552][ T9642] usbtmc 7-1:16.0: stb usb_control_msg returned -32 [ 327.054941][ T5340] usb 7-1: USB disconnect, device number 20 [ 328.837932][ T9677] random: crng reseeded on system resumption [ 329.676982][ T5378] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 329.876726][ T5378] usb 6-1: Using ep0 maxpacket: 8 [ 329.884741][ T5378] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 329.888769][ T5378] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 329.895295][ T5378] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 329.902051][ T5378] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 329.922535][ T5378] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 329.936830][ T5378] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 329.942272][ T5378] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.201387][ T9684] fuse: Unknown parameter 'g"' [ 330.204055][ T5378] usb 6-1: GET_CAPABILITIES returned 0 [ 330.206382][ T5378] usbtmc 6-1:16.0: can't read capabilities [ 330.242924][ T9686] fuse: Unknown parameter 'g"' [ 330.518773][ T9678] usbtmc 6-1:16.0: stb usb_control_msg returned -32 [ 330.526327][ T5340] usb 6-1: USB disconnect, device number 22 [ 332.390415][ T9725] ieee802154 phy0 wpan0: encryption failed: -22 [ 332.926697][ T30] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 333.089319][ T9734] fuse: Unknown parameter 'g"' [ 333.136699][ T30] usb 6-1: Using ep0 maxpacket: 8 [ 333.156814][ T30] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 333.160374][ T30] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 333.165215][ T30] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 333.173131][ T30] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 333.196715][ T30] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 333.206736][ T30] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 333.216958][ T30] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.432965][ T30] usb 6-1: GET_CAPABILITIES returned 0 [ 333.435634][ T30] usbtmc 6-1:16.0: can't read capabilities [ 333.746162][ T9732] usbtmc 6-1:16.0: stb usb_control_msg returned -32 [ 333.768612][ T30] usb 6-1: USB disconnect, device number 23 [ 333.886690][ T9738] ieee802154 phy0 wpan0: encryption failed: -22 [ 335.114689][ T9764] ieee802154 phy0 wpan0: encryption failed: -22 [ 336.946049][ T9794] block nbd0: shutting down sockets [ 337.098691][ T9797] fuse: Unknown parameter 'g"' [ 337.690258][ T9801] random: crng reseeded on system resumption [ 338.369610][ T9811] ieee802154 phy0 wpan0: encryption failed: -22 [ 338.581601][ T9822] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 339.849045][ T9838] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 340.462684][ T9847] block nbd0: shutting down sockets [ 340.598769][ T9845] random: crng reseeded on system resumption [ 341.339403][ T9854] 9pnet_virtio: no channels available for device syz [ 341.486198][ T9854] random: crng reseeded on system resumption [ 342.078650][ T9867] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 342.798889][ T9873] random: crng reseeded on system resumption [ 343.323226][ T9887] block nbd3: shutting down sockets [ 345.129747][ T5340] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 345.326688][ T5340] usb 7-1: Using ep0 maxpacket: 8 [ 345.330822][ T5340] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 345.334233][ T5340] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 345.338619][ T5340] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 345.343093][ T5340] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 345.350046][ T5340] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 345.356446][ T5340] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 345.361970][ T5340] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.415471][ T9906] random: crng reseeded on system resumption [ 345.571263][ T5340] usb 7-1: GET_CAPABILITIES returned 0 [ 345.573686][ T5340] usbtmc 7-1:16.0: can't read capabilities [ 345.891491][ T9903] usbtmc 7-1:16.0: stb usb_control_msg returned -32 [ 345.896284][ T30] usb 7-1: USB disconnect, device number 21 [ 346.607049][ T9927] block nbd2: shutting down sockets [ 347.092534][ T9936] fuse: Unknown parameter 'g"' [ 347.307337][ T9940] block nbd3: shutting down sockets [ 348.477300][ T9954] random: crng reseeded on system resumption [ 349.034297][ T9960] ieee802154 phy0 wpan0: encryption failed: -22 [ 352.398790][T10014] random: crng reseeded on system resumption [ 354.522879][T10049] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 355.643100][T10067] block nbd3: shutting down sockets [ 355.747996][T10061] ieee802154 phy0 wpan0: encryption failed: -22 [ 355.888920][T10066] ieee802154 phy0 wpan0: encryption failed: -22 [ 356.136389][T10084] block nbd0: shutting down sockets [ 357.174159][T10093] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 359.218088][T10119] block nbd0: shutting down sockets [ 362.112871][T10155] ieee802154 phy0 wpan0: encryption failed: -22 [ 362.593642][T10166] random: crng reseeded on system resumption [ 363.459870][T10182] block nbd3: shutting down sockets [ 363.624582][T10183] block nbd0: shutting down sockets [ 363.649351][T10186] random: crng reseeded on system resumption [ 364.384879][T10198] block nbd0: shutting down sockets [ 365.056758][ T984] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 365.256730][ T984] usb 7-1: Using ep0 maxpacket: 8 [ 365.265867][ T984] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 365.272614][ T984] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 365.277361][ T984] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 365.282427][ T984] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 365.286928][ T984] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 365.293644][ T984] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 365.298905][ T984] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.425102][ C2] vkms_vblank_simulate: vblank timer overrun [ 365.548922][ T984] usb 7-1: GET_CAPABILITIES returned 0 [ 365.551432][ T984] usbtmc 7-1:16.0: can't read capabilities [ 365.874099][T10204] usbtmc 7-1:16.0: stb usb_control_msg returned -32 [ 365.887489][ T5378] usb 7-1: USB disconnect, device number 22 [ 366.101065][T10220] block nbd3: shutting down sockets [ 366.862663][T10232] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 366.893401][T10234] fuse: Bad value for 'fd' [ 367.279307][T10237] random: crng reseeded on system resumption [ 369.096976][ T30] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 369.418731][ T30] usb 6-1: Using ep0 maxpacket: 8 [ 369.427235][ T30] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 369.857474][T10270] ieee802154 phy0 wpan0: encryption failed: -22 [ 370.007208][ T30] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 370.011687][ T30] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 370.016116][ T30] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 370.026674][ T30] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 370.033107][ T30] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 370.037590][ T30] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 370.268727][ T30] usb 6-1: GET_CAPABILITIES returned 0 [ 370.271341][ T30] usbtmc 6-1:16.0: can't read capabilities [ 370.397636][T10283] block nbd3: shutting down sockets [ 370.613148][T10258] usbtmc 6-1:16.0: stb usb_control_msg returned -32 [ 370.619514][ T30] usb 6-1: USB disconnect, device number 24 [ 371.700295][T10291] random: crng reseeded on system resumption [ 372.242919][T10302] ieee802154 phy0 wpan0: encryption failed: -22 [ 373.619273][ T5378] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 373.756131][T10332] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 373.816866][ T5378] usb 5-1: Using ep0 maxpacket: 8 [ 373.821160][ T5378] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 373.825476][ T5378] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 373.836812][ T5378] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 373.841234][ T5378] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 373.845446][ T5378] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 373.856672][ T5378] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 373.860643][ T5378] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.899887][T10335] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 374.087159][ T5378] usb 5-1: GET_CAPABILITIES returned 0 [ 374.089617][ T5378] usbtmc 5-1:16.0: can't read capabilities [ 374.420898][T10328] usbtmc 5-1:16.0: stb usb_control_msg returned -32 [ 374.425130][ T30] usb 5-1: USB disconnect, device number 15 [ 374.620462][T10337] ieee802154 phy0 wpan0: encryption failed: -22 [ 375.854525][T10360] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.235816][T10385] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.056887][T10403] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.719836][ T1380] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.868866][ C2] vkms_vblank_simulate: vblank timer overrun [ 379.939527][T10431] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.972516][ C2] vkms_vblank_simulate: vblank timer overrun [ 380.934841][T10454] block nbd2: shutting down sockets [ 381.724768][T10465] random: crng reseeded on system resumption [ 382.650223][T10479] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.065010][T10486] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 383.937365][T10497] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 384.231593][T10503] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 385.285357][T10518] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes [ 386.137394][T10529] 9p: Unknown Cache mode or invalid value fsca [ 386.251438][T10535] random: crng reseeded on system resumption [ 386.978500][T10549] random: crng reseeded on system resumption [ 387.214266][T10554] block nbd3: shutting down sockets [ 388.876952][T10573] random: crng reseeded on system resumption [ 388.915209][T10575] ieee802154 phy0 wpan0: encryption failed: -22 [ 389.472440][ C2] vkms_vblank_simulate: vblank timer overrun [ 390.226225][T10607] random: crng reseeded on system resumption [ 390.307456][ T8] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 390.637027][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 390.876154][ T8] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 390.884411][ T8] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 390.889611][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 390.905450][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 390.911978][ T8] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 390.918594][ T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 390.923052][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.194572][ T8] usb 5-1: GET_CAPABILITIES returned 0 [ 391.197807][ T8] usbtmc 5-1:16.0: can't read capabilities [ 391.511151][T10604] usbtmc 5-1:16.0: stb usb_control_msg returned -32 [ 391.517439][ T8] usb 5-1: USB disconnect, device number 16 [ 391.533994][T10624] fuse: Unknown parameter 'g"' [ 392.403790][T10639] block nbd0: shutting down sockets [ 392.662507][T10641] 9p: Unknown Cache mode or invalid value fsca [ 392.665310][T10641] 9pnet: Tag 65535 still in use [ 392.667742][T10641] ------------[ cut here ]------------ [ 392.671109][T10641] refcount_t: underflow; use-after-free. [ 392.675067][T10641] WARNING: CPU: 1 PID: 10641 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210 [ 392.680834][T10641] Modules linked in: [ 392.682717][T10641] CPU: 1 UID: 0 PID: 10641 Comm: syz.1.1346 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 392.689456][T10641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 392.694959][T10641] RIP: 0010:refcount_warn_saturate+0x14a/0x210 [ 392.700406][T10641] Code: ff 89 de e8 b8 f0 07 fd 84 db 0f 85 66 ff ff ff e8 0b f6 07 fd c6 05 2c 0b 79 0b 01 90 48 c7 c7 40 21 b0 8b e8 a7 3c ca fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 e8 f5 07 fd 0f b6 1d 07 0b 79 0b 31 [ 392.710953][T10641] RSP: 0018:ffffc9000375f9d0 EFLAGS: 00010282 [ 392.715136][T10641] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc90003ba2000 [ 392.718674][T10641] RDX: 0000000000040000 RSI: ffffffff814cc386 RDI: 0000000000000001 [ 392.722777][T10641] RBP: ffff888020507a98 R08: 0000000000000001 R09: 0000000000000000 [ 392.726495][T10641] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc9000375fa68 [ 392.730294][T10641] R13: ffff888020507a98 R14: ffff88802f936400 R15: 1ffff920006ebf45 [ 392.733748][T10641] FS: 00007f25857316c0(0000) GS:ffff88806b100000(0000) knlGS:0000000000000000 [ 392.738629][T10641] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 392.744198][T10641] CR2: 0000000020001000 CR3: 0000000018eb2000 CR4: 0000000000350ef0 [ 392.749766][T10641] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 392.753199][T10641] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 392.756886][T10641] Call Trace: [ 392.758338][T10641] [ 392.759615][T10641] ? show_regs+0x8c/0xa0 [ 392.761426][T10641] ? __warn+0xe5/0x3c0 [ 392.763120][T10641] ? refcount_warn_saturate+0x14a/0x210 [ 392.765457][T10641] ? report_bug+0x3c0/0x580 [ 392.767360][T10641] ? handle_bug+0x3d/0x70 [ 392.768930][T10641] ? exc_invalid_op+0x17/0x50 [ 392.770987][T10641] ? asm_exc_invalid_op+0x1a/0x20 [ 392.773104][T10641] ? __warn_printk+0x1a6/0x350 [ 392.775125][T10641] ? refcount_warn_saturate+0x14a/0x210 [ 392.777970][T10641] p9_req_put+0x1f4/0x250 [ 392.779636][T10641] p9_client_destroy+0x22c/0x480 [ 392.781779][T10641] ? __pfx_p9_client_destroy+0x10/0x10 [ 392.784158][T10641] ? rcu_is_watching+0x12/0xc0 [ 392.786332][T10641] ? kfree+0x245/0x3b0 [ 392.788704][T10641] ? v9fs_session_init+0xd29/0x1a80 [ 392.790851][T10641] v9fs_session_init+0xba3/0x1a80 [ 392.793025][T10641] ? __pfx_v9fs_session_init+0x10/0x10 [ 392.795401][T10641] ? kasan_save_track+0x14/0x30 [ 392.797839][T10641] v9fs_mount+0xc6/0xaa0 [ 392.799519][T10641] ? __pfx_v9fs_mount+0x10/0x10 [ 392.801302][T10641] ? selinux_sb_eat_lsm_opts+0x594/0x700 [ 392.803635][T10641] ? cap_capable+0x1cf/0x240 [ 392.805579][T10641] ? __pfx_v9fs_mount+0x10/0x10 [ 392.807750][T10641] legacy_get_tree+0x109/0x220 [ 392.809826][T10641] vfs_get_tree+0x8f/0x380 [ 392.811790][T10641] path_mount+0x14e6/0x1f20 [ 392.813696][T10641] ? __pfx_path_mount+0x10/0x10 [ 392.815514][T10641] ? putname+0x12e/0x170 [ 392.817473][T10641] ? putname+0x12e/0x170 [ 392.819173][T10641] __x64_sys_mount+0x294/0x320 [ 392.820891][T10641] ? __pfx___x64_sys_mount+0x10/0x10 [ 392.822755][T10641] do_syscall_64+0xcd/0x250 [ 392.824525][T10641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.826916][T10641] RIP: 0033:0x7f25849779f9 [ 392.828782][T10641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.839187][T10641] RSP: 002b:00007f2585731048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 392.839632][T10644] random: crng reseeded on system resumption [ 392.842981][T10641] RAX: ffffffffffffffda RBX: 00007f2584b05f80 RCX: 00007f25849779f9 [ 392.849253][T10641] RDX: 00000000200004c0 RSI: 0000000020000480 RDI: 00000000200001c0 [ 392.852546][T10641] RBP: 00007f25849e58ee R08: 0000000020000840 R09: 0000000000000000 [ 392.856143][T10641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.859791][T10641] R13: 000000000000000b R14: 00007f2584b05f80 R15: 00007ffde5b52958 [ 392.863704][T10641] [ 392.865052][T10641] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 392.869396][T10641] CPU: 1 UID: 0 PID: 10641 Comm: syz.1.1346 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 392.875411][T10641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 392.880065][T10641] Call Trace: [ 392.881482][T10641] [ 392.882763][T10641] dump_stack_lvl+0x3d/0x1f0 [ 392.884921][T10641] panic+0x6f5/0x7a0 [ 392.886708][T10641] ? __pfx_panic+0x10/0x10 [ 392.888712][T10641] ? show_trace_log_lvl+0x363/0x500 [ 392.890929][T10641] ? refcount_warn_saturate+0x14a/0x210 [ 392.893727][T10641] check_panic_on_warn+0xab/0xb0 [ 392.896600][T10641] __warn+0xf1/0x3c0 [ 392.898570][T10641] ? refcount_warn_saturate+0x14a/0x210 [ 392.901478][T10641] report_bug+0x3c0/0x580 [ 392.903676][T10641] handle_bug+0x3d/0x70 [ 392.905526][T10641] exc_invalid_op+0x17/0x50 [ 392.907872][T10641] asm_exc_invalid_op+0x1a/0x20 [ 392.910847][T10641] RIP: 0010:refcount_warn_saturate+0x14a/0x210 [ 392.914212][T10641] Code: ff 89 de e8 b8 f0 07 fd 84 db 0f 85 66 ff ff ff e8 0b f6 07 fd c6 05 2c 0b 79 0b 01 90 48 c7 c7 40 21 b0 8b e8 a7 3c ca fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 e8 f5 07 fd 0f b6 1d 07 0b 79 0b 31 [ 392.923486][T10641] RSP: 0018:ffffc9000375f9d0 EFLAGS: 00010282 [ 392.925837][T10641] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc90003ba2000 [ 392.929071][T10641] RDX: 0000000000040000 RSI: ffffffff814cc386 RDI: 0000000000000001 [ 392.932270][T10641] RBP: ffff888020507a98 R08: 0000000000000001 R09: 0000000000000000 [ 392.936209][T10641] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc9000375fa68 [ 392.939537][T10641] R13: ffff888020507a98 R14: ffff88802f936400 R15: 1ffff920006ebf45 [ 392.944262][T10641] ? __warn_printk+0x1a6/0x350 [ 392.946786][T10641] p9_req_put+0x1f4/0x250 [ 392.948968][T10641] p9_client_destroy+0x22c/0x480 [ 392.951075][T10641] ? __pfx_p9_client_destroy+0x10/0x10 [ 392.953367][T10641] ? rcu_is_watching+0x12/0xc0 [ 392.955856][T10641] ? kfree+0x245/0x3b0 [ 392.957696][T10641] ? v9fs_session_init+0xd29/0x1a80 [ 392.960027][T10641] v9fs_session_init+0xba3/0x1a80 [ 392.962257][T10641] ? __pfx_v9fs_session_init+0x10/0x10 [ 392.964707][T10641] ? kasan_save_track+0x14/0x30 [ 392.966777][T10641] v9fs_mount+0xc6/0xaa0 [ 392.968879][T10641] ? __pfx_v9fs_mount+0x10/0x10 [ 392.971443][T10641] ? selinux_sb_eat_lsm_opts+0x594/0x700 [ 392.974377][T10641] ? cap_capable+0x1cf/0x240 [ 392.976456][T10641] ? __pfx_v9fs_mount+0x10/0x10 [ 392.978424][T10641] legacy_get_tree+0x109/0x220 [ 392.980500][T10641] vfs_get_tree+0x8f/0x380 [ 392.982183][T10641] path_mount+0x14e6/0x1f20 [ 392.984065][T10641] ? __pfx_path_mount+0x10/0x10 [ 392.986098][T10641] ? putname+0x12e/0x170 [ 392.987668][T10641] ? putname+0x12e/0x170 [ 392.989568][T10641] __x64_sys_mount+0x294/0x320 [ 392.991670][T10641] ? __pfx___x64_sys_mount+0x10/0x10 [ 392.994275][T10641] do_syscall_64+0xcd/0x250 [ 392.996994][T10641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.000516][T10641] RIP: 0033:0x7f25849779f9 [ 393.003173][T10641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 393.015056][T10641] RSP: 002b:00007f2585731048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 393.019877][T10641] RAX: ffffffffffffffda RBX: 00007f2584b05f80 RCX: 00007f25849779f9 [ 393.023817][T10641] RDX: 00000000200004c0 RSI: 0000000020000480 RDI: 00000000200001c0 [ 393.027603][T10641] RBP: 00007f25849e58ee R08: 0000000020000840 R09: 0000000000000000 [ 393.031725][T10641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 393.035637][T10641] R13: 000000000000000b R14: 00007f2584b05f80 R15: 00007ffde5b52958 [ 393.038861][T10641] [ 393.040828][T10641] Kernel Offset: disabled [ 393.042888][T10641] Rebooting in 86400 seconds.. VM DIAGNOSIS: 22:09:13 Registers: info registers vcpu 0 CPU#0 RAX=0000000000d4ac2b RBX=0000000000000000 RCX=ffffffff8b11c529 RDX=0000000000000000 RSI=ffffffff8b4cc500 RDI=ffffffff8bb08400 RBP=fffffbfff1b52af8 RSP=ffffffff8da07e20 R8 =0000000000000001 R9 =ffffed100d606fd9 R10=ffff88806b037ecb R11=0000000000000000 R12=0000000000000000 R13=ffffffff8da957c0 R14=ffffffff9012b958 R15=0000000000000000 RIP=ffffffff8b11d91f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b000000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000001b31502ff8 CR3=0000000051c68000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff813075ef ffffffff813075ef ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff813075ef ffffffff813075ef ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff813075ef ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3678be66e4 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3678be66f1 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3678be66eb ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3678be66ff ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3678be6785 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f3678be6863 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000008000002b7 fffffff800000107 000000000000a1bf 00000000fff81a7b ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 25e410d7e741b5e5 0000000000000095 0000007100040008 0000000f0010000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 5e3c386b820b8117 bf68eb6e161feb15 3b2001bcc2bc1580 a4a699e4854f4148 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 52dc84d35fd9f813 9782647a815cf4df 51241fbf1fd3acba aa212a1e48de6371 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3c48ad200ec494a7 aca467bf75c769f6 77ffd1754c31129a df16e83b473cd524 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 8daba6f6d020c7cd 7f24935654bc22b6 ce7a8f4c6ad16eaf 12427759d6443abf ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 431ebdd107fcdb78 bfb0b34bd1d9d4b7 2c9164a6b0f434c2 b6ecadf97d588949 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0721b237e48e46b8 4d64b51f7fac7a6c 2296e176d34e36e9 4de152dc84d35fd9 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=000000000002d14a RBX=ffffffff94ec8eb4 RCX=ffffc90003ba2000 RDX=0000000000040000 RSI=ffffffff84ff3eaf RDI=ffffffff9519d720 RBP=0000000000000072 RSP=ffffc9000375f3c0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000003 R13=0000000000000010 R14=ffffffff84fe2700 R15=0000000000000000 RIP=ffffffff818a7b88 RFL=00000083 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f25857316c0 ffffffff 00c00000 GS =0000 ffff88806b100000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020001000 CR3=0000000018eb2000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000001 Opmask01=0000000000000001 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fffcb8bdd40 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0f1e3e66e4 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0f1e3e66f1 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0f1e3e66eb ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0f1e3e66ff ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0f1e3e6785 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f0f1e3e6863 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000fc ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000fc ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=ffffffff9462d4a8 RBX=03cabf6b45581c0c RCX=1ffffffff28c5a9d RDX=dffffc0000000000 RSI=0000000000000008 RDI=ffffffff9462d4e8 RBP=ffffffff94641e58 RSP=ffffc900037ff360 R8 =0000000000000000 R9 =fffffbfff28c56d8 R10=ffffffff9462b6c7 R11=0000000000000000 R12=dffffc0000000000 R13=ffff88802ad90b08 R14=0000000000000003 R15=ffff88802ad90000 RIP=ffffffff81683051 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c01300 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c01300 FS =0000 00007f782d3896c0 ffffffff 00c00000 GS =0000 ffff88806b200000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000020bff000 CR3=0000000052f14000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000080040001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffde5b52ce0 0000003000000018 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f25849e66e4 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f25849e66f1 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f25849e66eb ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f25849e66ff ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f25849e6785 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f25849e6863 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0063696e61703d73 726f727265006f72 2d746e756f6d6572 3d73726f72726500 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00464c4b44551856 574a575740004a57 08514b504a484057 1856574a57574000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000003 RBX=1ffff92000607ee1 RCX=ffffffff81686689 RDX=1ffffffff1bb6a74 RSI=ffffffff8b4cc7c0 RDI=ffffffff8bb08400 RBP=ffffffff9012ea38 RSP=ffffc9000303f6e8 R8 =0000000000000000 R9 =fffffbfff202572b R10=ffffffff9012b95f R11=0000000000000000 R12=ffffffff8ddb53a0 R13=0000000000000001 R14=ffff8880228e4880 R15=dffffc0000000000 RIP=ffffffff8b11ccd5 RFL=00000086 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88806b300000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007f2585710d58 CR3=0000000052f14000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8100a0d8 ffffffff8130760b ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff8130760b ffffffff8100a0d8 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff8100a0d8 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f782c5e66e4 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f782c5e66f1 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f782c5e66eb ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f782c5e66ff ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f782c5e6785 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f782c5e6863 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff82002d41 ffffffff82002d0e ffffffff82002cf1 ffffffff82002b66 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff820031cc ffffffff8200313b ffffffff00040008 0000000f0010000c ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff82002dc1 ffffffff82002d41 ffffffff82002d0e ffffffff82002cf1 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000003 0000000000000000 0000000000000000 00000000000000f0 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000