last executing test programs: 8.370053925s ago: executing program 0 (id=143): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="400000002000010027bd7000000000000a00204000005dc73369000014000200fe88000000000000000000000000010108000d000800000008000e00f8ffffff"], 0x40}, 0x1, 0x0, 0x0, 0x24048844}, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0) 8.231283352s ago: executing program 0 (id=144): r0 = landlock_create_ruleset(&(0x7f0000000200)={0xe249, 0x1, 0x1}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x7}, 0xf) 8.028258258s ago: executing program 0 (id=145): mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x2010, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffdffffffffff, 0xfa0f, 0xffffffff}, 0x0) mremap(&(0x7f00007f1000/0x4000)=nil, 0x4000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454da, &(0x7f0000000080)={'batadv0\x00'}) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x103442, 0x0) ioctl$TUNSETIFF(r4, 0x400454da, &(0x7f0000000140)={'batadv0\x00'}) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000100)={'pimreg0\x00', 0x1}) 3.903887673s ago: executing program 0 (id=153): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff) r2 = socket$inet6_udp(0xa, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xf318, 0xc000, 0x8, 0x306}) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000005f00)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000006000)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd0600ffdbdb252100000008000300", @ANYRES32=r3, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e"], 0x44}}, 0x28000) 3.230339789s ago: executing program 0 (id=156): bpf$PROG_LOAD(0x5, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x192a, 0x80, 0x0, 0x1f9}, &(0x7f0000000380)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r4 = socket$kcm(0xa, 0x3, 0x73) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r1, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x12345}) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0) syz_open_pts(r0, 0x20000) read$rfkill(r5, &(0x7f0000000040), 0x8) io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.314594503s ago: executing program 1 (id=164): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040882) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_QUANTUM={0x8, 0x2, 0xa406}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) 1.048211787s ago: executing program 1 (id=165): bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e023bd2a9eca19e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd6"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300), 0x111, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffc, 0x4, @empty, 0xa09c}, {0xa, 0x2, 0xfffffffe, @dev={0xfe, 0x80, '\x00', 0x39}}, 0xffffffffffffffff, 0x40099d}}, 0x48) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2) 857.480721ms ago: executing program 1 (id=166): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=@newlink={0x44, 0x10, 0x40d, 0x70bd2f, 0x1ffffffe, {0x0, 0x0, 0x0, r2, 0x40046}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x4}, @IFLA_BOND_XMIT_HASH_POLICY={0x5, 0xe, 0x3}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x40040}, 0x8000) sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200e3}, [@IFLA_MASTER={0x8, 0xa, r2}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 541.152472ms ago: executing program 1 (id=167): r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) 369.251093ms ago: executing program 1 (id=168): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='maps\x00') timer_create(0x3, &(0x7f0000533fa0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f00000001c0)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) setrlimit(0xf, &(0x7f00000000c0)={0x0, 0x3}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 338.94µs ago: executing program 1 (id=169): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000001080)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r2, &(0x7f00000038c0)=[{{0x0, 0x0, 0x0}, 0x356}], 0x3fffffffffffe7d, 0x102, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000340)=ANY=[], 0x8) setsockopt$inet6_int(r2, 0x29, 0x4, &(0x7f0000000000)=0x7f, 0x4) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) 0s ago: executing program 0 (id=170): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4001, 0xfffffffc, @loopback, 0xfffffffa}, 0x1c) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) connect$inet6(r0, &(0x7f0000004a40)={0xa, 0x4e24, 0x80007, @private2, 0x3}, 0x1c) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:28905' (ED25519) to the list of known hosts. syzkaller login: [ 84.991853][ T3312] cgroup: Unknown subsys name 'net' [ 85.274581][ T3312] cgroup: Unknown subsys name 'cpuset' [ 85.303211][ T3312] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.698019][ T3312] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 94.100529][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.116661][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.476819][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.494249][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.307476][ T3317] hsr_slave_0: entered promiscuous mode [ 95.316198][ T3317] hsr_slave_1: entered promiscuous mode [ 95.567126][ T3318] hsr_slave_0: entered promiscuous mode [ 95.574802][ T3318] hsr_slave_1: entered promiscuous mode [ 95.580260][ T3318] debugfs: 'hsr0' already exists in 'hsr' [ 95.582419][ T3318] Cannot create hsr debugfs directory [ 96.475267][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.534781][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.554149][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.596916][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.738398][ T3318] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.762132][ T3318] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.783905][ T3318] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.820478][ T3318] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 97.775205][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.853334][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.992744][ T3318] veth0_vlan: entered promiscuous mode [ 101.046451][ T3318] veth1_vlan: entered promiscuous mode [ 101.215106][ T3317] veth0_vlan: entered promiscuous mode [ 101.294873][ T3318] veth0_macvtap: entered promiscuous mode [ 101.323590][ T3317] veth1_vlan: entered promiscuous mode [ 101.355206][ T3318] veth1_macvtap: entered promiscuous mode [ 101.496888][ T3317] veth0_macvtap: entered promiscuous mode [ 101.522406][ T3317] veth1_macvtap: entered promiscuous mode [ 101.673027][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.683754][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.684439][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.684638][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.878553][ T995] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.882877][ T995] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.884380][ T995] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.885913][ T995] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.322781][ T3318] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 103.495484][ T3479] input: syz0 as /devices/virtual/input/input1 [ 104.812901][ T3487] fuse: Unknown parameter '00000000000000000000' [ 111.108831][ T3509] fuse: Unknown parameter '00000000000000000000' [ 119.356280][ T3545] input: syz0 as /devices/virtual/input/input2 [ 119.950602][ T3546] FAULT_INJECTION: forcing a failure. [ 119.950602][ T3546] name failslab, interval 1, probability 0, space 0, times 1 [ 119.952147][ T3546] CPU: 1 UID: 0 PID: 3546 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT [ 119.952533][ T3546] Hardware name: linux,dummy-virt (DT) [ 119.953591][ T3546] Call trace: [ 119.954128][ T3546] show_stack+0x18/0x24 (C) [ 119.955158][ T3546] dump_stack_lvl+0x78/0x90 [ 119.955269][ T3546] dump_stack+0x18/0x24 [ 119.955339][ T3546] should_fail_ex+0x1dc/0x234 [ 119.955407][ T3546] should_failslab+0x54/0x80 [ 119.955498][ T3546] __kmalloc_noprof+0xa8/0x5f4 [ 119.955579][ T3546] tomoyo_realpath_from_path+0x44/0x1b4 [ 119.955656][ T3546] tomoyo_path_number_perm+0xd8/0x20c [ 119.955732][ T3546] tomoyo_file_ioctl+0x1c/0x28 [ 119.955843][ T3546] security_file_ioctl+0x8c/0x19c [ 119.955949][ T3546] __arm64_sys_ioctl+0x48/0x104 [ 119.956144][ T3546] invoke_syscall+0x48/0x110 [ 119.956232][ T3546] el0_svc_common.constprop.0+0x40/0xe0 [ 119.956338][ T3546] do_el0_svc+0x1c/0x28 [ 119.956692][ T3546] el0_svc+0x34/0x128 [ 119.956802][ T3546] el0t_64_sync_handler+0xa0/0xe4 [ 119.956881][ T3546] el0t_64_sync+0x1a4/0x1a8 [ 119.958006][ T3546] ERROR: Out of memory at tomoyo_realpath_from_path. [ 121.177098][ T3548] input: syz0 as /devices/virtual/input/input3 [ 121.757549][ T3549] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.772717][ T3549] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 126.539556][ C0] hrtimer: interrupt took 365330 ns [ 129.647539][ T3564] input: syz0 as /devices/virtual/input/input4 [ 130.732330][ T3570] input: syz0 as /devices/virtual/input/input5 [ 138.101237][ T3583] TCP: TCP_TX_DELAY enabled [ 141.384041][ T3604] input: syz0 as /devices/virtual/input/input8 [ 143.306030][ T3615] input: syz0 as /devices/virtual/input/input9 [ 144.747307][ T3628] input: syz0 as /devices/virtual/input/input10 [ 146.440338][ T3641] input: syz0 as /devices/virtual/input/input11 [ 147.118565][ T3644] FAULT_INJECTION: forcing a failure. [ 147.118565][ T3644] name failslab, interval 1, probability 0, space 0, times 0 [ 147.118945][ T3644] CPU: 1 UID: 0 PID: 3644 Comm: syz.1.54 Not tainted syzkaller #0 PREEMPT [ 147.119039][ T3644] Hardware name: linux,dummy-virt (DT) [ 147.119080][ T3644] Call trace: [ 147.119150][ T3644] show_stack+0x18/0x24 (C) [ 147.119287][ T3644] dump_stack_lvl+0x78/0x90 [ 147.119368][ T3644] dump_stack+0x18/0x24 [ 147.119436][ T3644] should_fail_ex+0x1dc/0x234 [ 147.119505][ T3644] should_failslab+0x54/0x80 [ 147.119578][ T3644] __kmalloc_noprof+0xa8/0x5f4 [ 147.119650][ T3644] tomoyo_realpath_from_path+0x44/0x1b4 [ 147.119733][ T3644] tomoyo_path_number_perm+0xd8/0x20c [ 147.119803][ T3644] tomoyo_file_ioctl+0x1c/0x28 [ 147.119875][ T3644] security_file_ioctl+0x8c/0x19c [ 147.119941][ T3644] __arm64_sys_ioctl+0x48/0x104 [ 147.120009][ T3644] invoke_syscall+0x48/0x110 [ 147.120080][ T3644] el0_svc_common.constprop.0+0x40/0xe0 [ 147.120151][ T3644] do_el0_svc+0x1c/0x28 [ 147.120220][ T3644] el0_svc+0x34/0x128 [ 147.120287][ T3644] el0t_64_sync_handler+0xa0/0xe4 [ 147.120355][ T3644] el0t_64_sync+0x1a4/0x1a8 [ 147.167593][ T3644] ERROR: Out of memory at tomoyo_realpath_from_path. [ 153.298614][ T3658] input: syz0 as /devices/virtual/input/input13 [ 154.221153][ T3664] fuse: Unknown parameter '00000000000000000000' [ 161.075569][ T3695] nftables ruleset with unbound chain [ 162.161959][ T3700] netlink: 8 bytes leftover after parsing attributes in process `syz.1.72'. [ 165.456971][ T3720] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 169.181422][ T3387] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 169.401213][ T3387] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 169.401697][ T3387] usb 1-1: config 0 has no interface number 0 [ 169.404340][ T3387] usb 1-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 169.404640][ T3387] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 169.404801][ T3387] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 169.457830][ T3387] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 169.458109][ T3387] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 169.460121][ T3387] usb 1-1: Product: syz [ 169.460318][ T3387] usb 1-1: SerialNumber: syz [ 169.483289][ T3387] usb 1-1: config 0 descriptor?? [ 169.834828][ T3387] cm109 1-1:0.8: invalid payload size 0, expected 4 [ 169.847146][ T3387] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input14 [ 170.075107][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 170.675242][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 170.676361][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 170.676955][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 170.677379][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 170.677813][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 170.677901][ T3395] usb 1-1: USB disconnect, device number 2 [ 170.677944][ C1] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 170.682177][ T3395] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 171.223228][ T3395] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 171.380523][ T3395] usb 1-1: Using ep0 maxpacket: 16 [ 171.423049][ T3395] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.423408][ T3395] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.424253][ T3395] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 171.424416][ T3395] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 171.424494][ T3395] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.448859][ T3395] usb 1-1: config 0 descriptor?? [ 172.001390][ T3395] hid-generic 0003:045E:07DA.0001: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 172.154869][ T3387] usb 1-1: USB disconnect, device number 3 [ 172.355212][ T30] audit: type=1326 audit(172.180:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3756 comm="syz.1.94" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8075c3e8 code=0x7ffc0000 [ 172.355919][ T30] audit: type=1326 audit(172.190:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3756 comm="syz.1.94" exe="/syz-executor" sig=0 arch=c00000b7 syscall=167 compat=0 ip=0xffff8075c3e8 code=0x7ffc0000 [ 172.356087][ T30] audit: type=1326 audit(172.190:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3756 comm="syz.1.94" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8075c3e8 code=0x7ffc0000 [ 172.356275][ T30] audit: type=1326 audit(172.190:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3756 comm="syz.1.94" exe="/syz-executor" sig=0 arch=c00000b7 syscall=107 compat=0 ip=0xffff8075c3e8 code=0x7ffc0000 [ 172.356459][ T30] audit: type=1326 audit(172.190:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3756 comm="syz.1.94" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8075c3e8 code=0x7ffc0000 [ 172.377931][ T30] audit: type=1326 audit(172.210:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3756 comm="syz.1.94" exe="/syz-executor" sig=0 arch=c00000b7 syscall=110 compat=0 ip=0xffff8075c3e8 code=0x7ffc0000 [ 172.439985][ T30] audit: type=1326 audit(172.260:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3756 comm="syz.1.94" exe="/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff8158d8f8 code=0x7ffc0000 [ 172.440761][ T30] audit: type=1326 audit(172.260:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3756 comm="syz.1.94" exe="/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff8158d8f8 code=0x7ffc0000 [ 172.440924][ T30] audit: type=1326 audit(172.260:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3756 comm="syz.1.94" exe="/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff8158d8f8 code=0x7ffc0000 [ 172.441062][ T30] audit: type=1326 audit(172.260:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3756 comm="syz.1.94" exe="/syz-executor" sig=0 arch=c00000b7 syscall=139 compat=0 ip=0xffff8158d8f8 code=0x7ffc0000 [ 172.536824][ T3755] fido_id[3755]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 176.524253][ T3787] netlink: 32 bytes leftover after parsing attributes in process `syz.1.104'. [ 176.704958][ T3789] binder: 3788:3789 tried to acquire reference to desc 0, got 1 instead [ 176.723038][ T3789] binder_alloc: 3788: pid 3788 spamming oneway? 1 buffers allocated for a total size of 4096 [ 176.725477][ T3789] binder_alloc: 3788: pid 3788 spamming oneway? 2 buffers allocated for a total size of 5120 [ 176.766437][ T3789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.767238][ T3789] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.774549][ T3463] binder: undelivered transaction 6, process died. [ 176.774934][ T3463] binder: undelivered transaction 7, process died. [ 176.775076][ T3463] binder: undelivered transaction 5, process died. [ 176.776132][ T3463] binder: undelivered TRANSACTION_COMPLETE [ 176.776236][ T3463] binder: undelivered TRANSACTION_COMPLETE [ 176.776279][ T3463] binder: undelivered TRANSACTION_COMPLETE [ 176.895451][ T3795] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.900937][ T3795] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.954996][ T3792] Zero length message leads to an empty skb [ 177.209160][ T3800] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 177.430865][ T3803] syz.0.110 uses obsolete (PF_INET,SOCK_PACKET) [ 177.434442][ T3803] syzkaller1: entered promiscuous mode [ 177.435030][ T3803] syzkaller1: entered allmulticast mode [ 177.729831][ T3809] netlink: 16 bytes leftover after parsing attributes in process `syz.1.113'. [ 184.910790][ T3863] wlan0: renamed from batadv_slave_0 (while UP) [ 184.933537][ T3863] wlan0: entered promiscuous mode [ 184.934514][ T3863] wlan0: entered allmulticast mode [ 185.468455][ T3867] xt_bpf: check failed: parse error [ 186.034809][ T3875] netlink: 8 bytes leftover after parsing attributes in process `syz.1.135'. [ 186.624943][ T30] kauditd_printk_skb: 81 callbacks suppressed [ 186.626479][ T30] audit: type=1326 audit(186.460:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3878 comm="syz.0.137" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb8b5c3e8 code=0x7ffc0000 [ 186.631552][ T30] audit: type=1326 audit(186.460:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3878 comm="syz.0.137" exe="/syz-executor" sig=0 arch=c00000b7 syscall=180 compat=0 ip=0xffffb8b5c3e8 code=0x7ffc0000 [ 186.635998][ T30] audit: type=1326 audit(186.470:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3878 comm="syz.0.137" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb8b5c3e8 code=0x7ffc0000 [ 186.642984][ T30] audit: type=1326 audit(186.480:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3878 comm="syz.0.137" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb8b5c3e8 code=0x7ffc0000 [ 186.653363][ T30] audit: type=1326 audit(186.490:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3878 comm="syz.0.137" exe="/syz-executor" sig=0 arch=c00000b7 syscall=182 compat=0 ip=0xffffb8b5c3e8 code=0x7ffc0000 [ 186.656700][ T30] audit: type=1326 audit(186.490:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3878 comm="syz.0.137" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb8b5c3e8 code=0x7ffc0000 [ 187.584967][ T3893] netlink: 28 bytes leftover after parsing attributes in process `syz.0.143'. [ 190.978667][ T3909] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.992804][ T3909] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 192.013868][ T3918] netlink: 12 bytes leftover after parsing attributes in process `syz.1.152'. [ 192.014861][ T3918] netlink: 20 bytes leftover after parsing attributes in process `syz.1.152'. [ 192.921042][ T3934] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 192.922551][ T3934] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.193745][ T3955] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 195.228408][ T3955] bond1: (slave lo): Enslaving as a backup interface with an up link [ 195.254801][ T3955] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 196.009170][ C0] ------------[ cut here ]------------ [ 196.012852][ C0] WARNING: net/mptcp/subflow.c:1527 at subflow_data_ready+0xa0/0x124, CPU#0: kworker/u8:3/61 [ 196.021291][ C0] Modules linked in: [ 196.023922][ C0] CPU: 0 UID: 0 PID: 61 Comm: kworker/u8:3 Tainted: G L syzkaller #0 PREEMPT [ 196.024946][ C0] Tainted: [L]=SOFTLOCKUP [ 196.025191][ C0] Hardware name: linux,dummy-virt (DT) [ 196.025875][ C0] Workqueue: krdsd rds_tcp_accept_worker [ 196.026727][ C0] pstate: 20402009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 196.027190][ C0] pc : subflow_data_ready+0xa0/0x124 [ 196.027470][ C0] lr : tcp_data_ready+0x40/0x10c [ 196.027764][ C0] sp : ffff800082deb940 [ 196.028013][ C0] x29: ffff800082deb940 x28: f2f00000088116e8 x27: fbf000000bb90000 [ 196.028546][ C0] x26: f1f00000065d6e00 x25: 0000000000000000 x24: f6f0000008884ab8 [ 196.028983][ C0] x23: f2f00000088116e8 x22: 0000000000000000 x21: f2f0000008811710 [ 196.029377][ C0] x20: faf000000cad0000 x19: f1f00000065d6e00 x18: 0000000000000000 [ 196.030012][ C0] x17: fff07ffffcef4000 x16: ffff800082de8000 x15: 0000000000000004 [ 196.030765][ C0] x14: 0000000000000000 x13: 0000000000000028 x12: fbf000000bb90000 [ 196.031261][ C0] x11: 00000000c63e8fcd x10: 0000000000000009 x9 : 0000000000000000 [ 196.031790][ C0] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000001000000 [ 196.032189][ C0] x5 : ffff800082a045b0 x4 : f6f0000008884b60 x3 : f6f0000008884a00 [ 196.032600][ C0] x2 : 0000000000000000 x1 : 0000000000040041 x0 : 000000000000000b [ 196.033248][ C0] Call trace: [ 196.033773][ C0] subflow_data_ready+0xa0/0x124 (P) [ 196.034442][ C0] tcp_data_ready+0x40/0x10c [ 196.034811][ C0] tcp_data_queue+0x8c0/0xed8 [ 196.035082][ C0] tcp_rcv_state_process+0x3e4/0x13d4 [ 196.035351][ C0] tcp_v6_do_rcv+0x284/0x524 [ 196.035602][ C0] tcp_v6_rcv+0xc64/0x1204 [ 196.035862][ C0] ip6_protocol_deliver_rcu+0xa0/0x558 [ 196.036136][ C0] ip6_input_finish+0x68/0x104 [ 196.036371][ C0] ip6_input+0x48/0xdc [ 196.036586][ C0] ipv6_rcv+0x140/0x14c [ 196.036818][ C0] __netif_receive_skb_one_core+0x58/0x84 [ 196.037084][ C0] __netif_receive_skb+0x18/0x60 [ 196.037326][ C0] process_backlog+0x8c/0x150 [ 196.037558][ C0] __napi_poll+0x38/0x1a8 [ 196.037799][ C0] net_rx_action+0x31c/0x388 [ 196.038029][ C0] handle_softirqs+0x108/0x240 [ 196.038259][ C0] __do_softirq+0x14/0x20 [ 196.038584][ C0] ____do_softirq+0x10/0x1c [ 196.038836][ C0] call_on_irq_stack+0x30/0x48 [ 196.039103][ C0] do_softirq_own_stack+0x1c/0x2c [ 196.039605][ C0] do_softirq+0x54/0x6c [ 196.040032][ C0] __local_bh_enable_ip+0x8c/0x98 [ 196.040276][ C0] __dev_queue_xmit+0x1f4/0x1010 [ 196.040516][ C0] ip6_finish_output2+0x394/0x904 [ 196.040789][ C0] ip6_finish_output+0x23c/0x39c [ 196.041037][ C0] ip6_output+0x7c/0x1d8 [ 196.041253][ C0] ip6_xmit+0x2f4/0x6d4 [ 196.041468][ C0] inet6_csk_xmit+0xd8/0x13c [ 196.041677][ C0] __tcp_transmit_skb+0x524/0xe98 [ 196.041892][ C0] tcp_write_xmit+0x6e8/0x1548 [ 196.042094][ C0] __tcp_push_pending_frames+0x3c/0xcc [ 196.042353][ C0] tcp_send_fin+0x68/0x2b0 [ 196.042576][ C0] __tcp_close+0x464/0x540 [ 196.042824][ C0] tcp_close+0x2c/0xd0 [ 196.043066][ C0] inet_release+0x50/0xa4 [ 196.043294][ C0] inet6_release+0x34/0x4c [ 196.043521][ C0] sock_release+0x24/0x78 [ 196.043766][ C0] rds_tcp_accept_one+0x1d4/0x35c [ 196.044019][ C0] rds_tcp_accept_worker+0x20/0x34 [ 196.044271][ C0] process_one_work+0x178/0x2cc [ 196.044752][ C0] worker_thread+0x24c/0x354 [ 196.045107][ C0] kthread+0x130/0x1fc [ 196.045332][ C0] ret_from_fork+0x10/0x20 [ 196.045915][ C0] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 196.687691][ T61] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.797511][ T61] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.872285][ T61] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.943006][ T61] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.632528][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 197.677948][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 197.738744][ T61] bond0 (unregistering): Released all slaves [ 197.761133][ T61] bond1 (unregistering): (slave lo): Releasing backup interface [ 197.798742][ T61] bond1 (unregistering): (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 197.806201][ T61] bond1 (unregistering): Released all slaves [ 197.933105][ T61] hsr_slave_0: left promiscuous mode [ 197.937233][ T61] hsr_slave_1: left promiscuous mode [ 197.957007][ T61] veth1_macvtap: left promiscuous mode [ 197.958806][ T61] veth0_macvtap: left promiscuous mode [ 197.961038][ T61] veth1_vlan: left promiscuous mode [ 197.964291][ T61] veth0_vlan: left promiscuous mode [ 199.304554][ T61] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.397101][ T61] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.467028][ T61] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 199.563168][ T61] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 200.261858][ T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 200.294827][ T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 200.336428][ T61] bond0 (unregistering): Released all slaves [ 200.446992][ T61] hsr_slave_0: left promiscuous mode [ 200.456163][ T61] hsr_slave_1: left promiscuous mode [ 200.471822][ T61] veth1_macvtap: left promiscuous mode [ 200.473222][ T61] veth0_macvtap: left promiscuous mode [ 200.474680][ T61] veth1_vlan: left promiscuous mode [ 200.475713][ T61] veth0_vlan: left promiscuous mode