last executing test programs: 6.896572798s ago: executing program 2 (id=3155): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x74) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r6, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) 6.831810437s ago: executing program 2 (id=3158): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xc1b}, 0x28) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x6, 0xe, 0x4, 0x4, 0x2, 0x1000, 0xf1, 0x0, 0x7fffffffffff9, 0x10000000005, 0x0, 0x1, 0x0, 0x5, 0x0, 0xbde], 0x1000, 0x3c4210}) ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000040)={0x10200, 0x80, 0xc0, &(0x7f0000000340)=[0x5, 0x0, 0xe, 0x80, 0xe6b4, 0x101, 0xfffffffffffffffa, 0x2, 0xa, 0x2, 0x2, 0x700000000000000, 0xb, 0xffff, 0xfffffffffffffffe, 0x7, 0x7fffffff, 0x5, 0x26, 0x9880, 0x5, 0x6, 0x8, 0x2, 0xfff, 0x20000000009, 0x9, 0x1fd, 0x8, 0x0, 0x7, 0x5, 0x20005, 0x2, 0x4ff, 0x40, 0xfffffffffffffff5, 0x4, 0x7fffffff, 0x7d, 0x0, 0x6, 0x20008, 0x2e2, 0x101, 0x8, 0x8000000000000001, 0xfffffffffffffff9, 0x4100000000, 0xfffffffffffffffd, 0x8, 0x9, 0x7fff, 0xec, 0x8000000000000000, 0x2, 0x94f, 0x150b0000, 0x7fffffffffffffff, 0x6, 0xffffffffffffffff, 0xd, 0x11, 0xa, 0xe, 0xa8, 0x1, 0x2000000000000007, 0x7fffffffffffffff, 0x38c, 0x7, 0xdc8c, 0xae8f, 0x100001e30fa4c, 0xa, 0x0, 0x4000008, 0xdac, 0xe94, 0x7, 0xfffffffffffffffc, 0xa8, 0xba00, 0x4, 0x9, 0x0, 0x1, 0x100, 0x7fffffffffffffff, 0xe, 0xfffffffffffffff9, 0x3, 0x5, 0x21, 0x5, 0xfffffffffffffffe, 0x401, 0x9, 0x1e4b, 0x2, 0x79, 0xf, 0x10000, 0xe, 0x2, 0x3, 0x3, 0xfffffffffffffff9, 0x0, 0x4, 0xa, 0x40000001, 0x9, 0x2, 0xffe, 0x80, 0x10000003, 0xd, 0x44, 0x6, 0xffff, 0x1, 0x401, 0x4, 0x2, 0x8000000007, 0xea7, 0x1]}) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x408d6}, 0x24000010) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc3400000000001090224"], 0x0) 3.740219496s ago: executing program 2 (id=3172): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0x1}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) socket$unix(0x1, 0x1, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x3c8, 0x0, 0xa, 0x148, 0x0, 0x10, 0x330, 0x2a8, 0x2a8, 0x330, 0x2a8, 0x3, 0x0, {[{{@ip={@rand_addr, @multicast1, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x70, 0xe0, 0x0, {0x200003ae, 0x7f00}}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b90ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc0d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @local, 0x0, 0x0, 'ip6erspan0\x00', 'veth0_to_team\x00'}, 0x0, 0x1f0, 0x250, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'wg2\x00', {0xffffffffffffffff, 0xff, 0x0, 0x0, 0x0, 0x7fff, 0x200}}}, @inet=@rpfilter={{0x28}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @multicast, 0x2, 0x7, [0x0, 0x10, 0x1b, 0x2b, 0x37, 0x2e, 0x2b, 0x18, 0x2b, 0x34, 0xd, 0x0, 0x3d, 0x1, 0x32, 0x37], 0x1, 0x6, 0x1570000000000}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x428) socket$kcm(0x11, 0x3, 0x0) r5 = socket(0x400000000010, 0x3, 0x8) r6 = fsopen(&(0x7f0000000180)='ntfs3\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) r7 = socket$unix(0x1, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x5c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x9, 0x6}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x3cb, 0x1, 0x401}, {0x2, 0x49a, 0x109, 0x4, 0x6, 0x1, 0x2}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8}, 0x8000) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) timer_create(0x1, &(0x7f0000000800)={0x0, 0x21, 0x4}, 0x0) bind$can_raw(0xffffffffffffffff, 0x0, 0x0) openat$selinux_access(0xffffffffffffff9c, 0x0, 0x2, 0x0) r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0) syz_usb_ep_write(r10, 0x81, 0x84, &(0x7f0000000180)="b942bbce96c65657b1d9897f845c70d6861217c42aaa8cce8600c815d07eeb538b3d2a0f0afceae8db87f7653d5cbc39625ddf4e3e") timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000bbdffc)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x3fd4, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r11, 0x1, &(0x7f0000000040), 0x0) r12 = socket$nl_route(0x10, 0x3, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000b80)={0x30000012}) socket$nl_netfilter(0x10, 0x3, 0xc) 1.511566085s ago: executing program 3 (id=3230): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_PHY={0x8}]}, 0x1c}, 0x1, 0x0, 0x1000000, 0x4008081}, 0x810) 1.506433771s ago: executing program 1 (id=3232): socket$netlink(0x10, 0x3, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000140)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c0d23266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)={0x4}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, {0xeda7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xf8}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x2710, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x20000000, 0x3, 0x41, 0x0, 0x60000000000000, 0x2004cb, 0x3, 0x0, 0xfffffffffffffff8, 0x0, 0x9, 0x2000000000003ff, 0x2], 0x2000, 0x200202}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) (fail_nth: 5) 1.443488482s ago: executing program 3 (id=3233): r0 = socket(0x2, 0x3, 0xff) sendmmsg$inet(r0, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001300)="0000000135fdca249bf6ffffffffffffff", 0x11}, {&(0x7f0000000180)="51c176", 0x3}], 0x2, &(0x7f0000000340)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x37}, @local}}}], 0x20}}, {{&(0x7f0000000000)={0x2, 0x4e24, @private=0xa010101}, 0x10, 0x0, 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32, @ANYBLOB="ac1414bbac1e010100000000140000000000000000000000020000000600000000000000d000000000000000000000000700000007"], 0x1c8}}], 0x2, 0x4800) 1.44309075s ago: executing program 3 (id=3234): r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x180, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0x2c0, 0x60, 0xd0e0000, 0x2c0, 0x100, 0x390, 0x1d8, 0x1d8, 0x390, 0x1d8, 0x7fffffe, 0x0, {[{{@uncond, 0xee02, 0x2a0, 0x2c0, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{0x3, 0x77, 0x7, 0x2}, {0x6, 0x5d, 0x8, 0xf}, {0x0, 0x7, 0x4, 0x5}, {0x200, 0x10, 0x4, 0x401}, {0x2, 0x7, 0x9, 0x7}, {0x8, 0x2, 0x40, 0x80}, {0x7, 0x10, 0x4, 0xc27e}, {0x0, 0x8, 0x1, 0x9}, {0xa66, 0xf9, 0x2, 0x40}, {0xf207, 0x18, 0x1, 0x6}, {0x2, 0x8, 0x6, 0xb6}, {0x0, 0x5, 0x5, 0x4}, {0x9, 0x7f, 0x5, 0x2}, {0x5, 0x2, 0xf, 0xc00}, {0x1, 0x9, 0x2, 0x54}, {0x3, 0x2b, 0x2, 0x3}, {0xffff, 0x5, 0x6d, 0x7}, {0x6, 0xa, 0x5, 0x51d8}, {0x8, 0xe, 0x5}, {0x0, 0x40, 0x7, 0x88}, {0x7, 0x2, 0x6, 0x3}, {0x98d, 0x2, 0xff, 0x5}, {0x81, 0x1, 0x3, 0x7f}, {0x1, 0x2, 0xc0, 0x86f}, {0x8, 0x2, 0x9, 0x6}, {0x7, 0x75, 0x7, 0xd}, {0x6, 0x6, 0x6, 0x8001}, {0x120, 0x5, 0x2, 0x3dbd}, {0x5, 0x8, 0x9, 0x1}, {0x0, 0x3, 0x9, 0xff}, {0x0, 0x4, 0x0, 0xfffffff8}, {0x7, 0x1, 0x9, 0xd}, {0xfff, 0x7, 0x0, 0xbc}, {0x0, 0x4c, 0x8, 0xff}, {0x8, 0xc0, 0x80, 0x4}, {0x1, 0x1, 0x0, 0x508d}, {0x1ff, 0x5, 0x81, 0xd}, {0x0, 0x0, 0x2, 0x5}, {0x401, 0x3, 0x80, 0x9}, {0x9, 0x2, 0x0, 0x8}, {0x0, 0x1, 0xfb, 0x7}, {0xa, 0xff, 0x1, 0x7fffffff}, {0x7, 0x4, 0x7, 0x40}, {0xa, 0xc, 0x6, 0x5}, {0x9, 0x8, 0x7, 0x10000}, {0xe9, 0x6, 0x3, 0x3}, {0xb, 0x7, 0x7, 0x200}, {0xe, 0x5, 0x6, 0x2}, {0x9, 0x5, 0x0, 0x1}, {0x9, 0x1, 0x7, 0x1}, {0x1c0, 0x5, 0x2, 0x8e1}, {0x0, 0x5, 0x0, 0x7f07}, {0x6, 0x0, 0x1, 0x1ff}, {0x2, 0x28, 0xfc, 0x8}, {0x6, 0x3, 0x7, 0x2}, {0xa, 0xc5, 0x4, 0x3}, {0x3, 0x71, 0x8, 0x7}, {0x6e, 0x2, 0x0, 0x8}, {0x0, 0x7, 0x7, 0x10000}, {0x9, 0x7, 0x5, 0x7}, {0x100, 0x8, 0x3}, {0xd34, 0x7, 0x8}, {0x9, 0x9, 0x1, 0x80000001}, {0x6, 0xfe, 0x3, 0x3}], {0x1}}}]}, @unspec=@TRACE={0x20}}, {{@ip={@multicast2, @empty, 0xffffffff, 0xffffff00, 'veth1_virt_wifi\x00', 'xfrm0\x00', {}, {}, 0x1, 0x1, 0x6c}, 0x9400, 0x70, 0xd0, 0x94}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x5, 0x0, 0x6, 0x4, 0x6], 0x0, 0x3}, {0x0, [0x5, 0x1, 0x6, 0x0, 0x3, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x488) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40488c1}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x7fffe, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {0xb, 0xb}, {0x0, 0x1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x1, 0x9, 0x1, 0x8}, 0xb, 0x1, 0x32, 0x5, 0x9, 0x7, 0x2, 0x1d, 0x21, 0xffffff5c, {0xffff1c72, 0x23, 0x3, 0x1008, 0xfffffffe, 0x7583}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x404c800}, 0x400c000) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="05031620d3fc140000004788031c", 0xe, 0x4, &(0x7f0000000140)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) 863.34522ms ago: executing program 3 (id=3239): ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000240)={0x52, 0xd8, 0xfffc, {0x20, 0x1}, {0x45, 0x2}, @cond=[{0x1ff, 0x5, 0x9, 0x8, 0x1, 0x71}, {0x8, 0xffff, 0xffe0, 0x0, 0x101, 0x3800}]}) r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01) r1 = syz_open_dev$dri(&(0x7f0000000040), 0x20, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000140)={0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000001c0)={&(0x7f0000000440)=[r2], 0x0, 0x1}) ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r1, 0xc01864c1, &(0x7f0000000100)={r2, 0x1, 0xffffffffffffffff}) ioctl$SYNC_IOC_FILE_INFO(r3, 0xc0383e04, &(0x7f0000000640)={""/32, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000340)=[{}]}) write$char_usb(r0, 0x0, 0x0) mount(&(0x7f00000001c0)=@nullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='btrfs\x00', 0x4418, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_PIT(r5, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x3, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xff, 0x1f}, {0x3, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_MEMORY_ENCRYPT_REG_REGION(r5, 0x8010aebb, &(0x7f0000000040)={0x25000, 0x16000}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 862.854328ms ago: executing program 1 (id=3241): syz_emit_ethernet(0xbe, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000500)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x700, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe10804000000af8e0e3dc11d875397bdb22d0000b420a1a93e527d3d458d080000000000000000000000000000000000000000004300", "f4bd00000080190000efffca0000000000001a000000ff00", [0x2]}}) (fail_nth: 4) 771.430628ms ago: executing program 0 (id=3244): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x6, 0x3, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}, &(0x7f0000000bc0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x10, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x50) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$sock_ifreq(r5, 0x8942, &(0x7f00000014c0)={'ip6tnl0\x00', @ifru_names='vlan0\x00'}) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r1, 0x800442d3, &(0x7f0000000180)={0x1000000, 0x4, 0x6, @local, 'veth1_macvtap\x00'}) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000000c0)={r4, &(0x7f0000000300), &(0x7f0000000000)=""/10, 0x2}, 0x20) r6 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000800)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x4c, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r7, {0x4, 0xa}, {}, {0xffff, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x9}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0xfff2, 0x6}}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) 640.4471ms ago: executing program 3 (id=3245): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'seqiv(rfc4106(gcm(aes)))\x00'}, 0x58) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000140)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c0d23266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000040)={0x4}) syz_open_procfs(0x0, &(0x7f00000002c0)='net/ip6_mr_vif\x00') r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc}, {0xeda7, 0x4, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xf8}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x2710, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x20000000, 0x3, 0x41, 0x0, 0x60000000000000, 0x2004cb, 0x3, 0x0, 0xfffffffffffffff8, 0x0, 0x9, 0x2000000000003ff, 0x2], 0x2000, 0x200202}) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000009c0)="ad56b6c5820fae9d6dcd3292ea54c7be8bbdadbb1632ea5704cae881ef915d374c90c200", 0x24) r4 = accept4(r0, 0x0, 0x0, 0x800) r5 = fsopen(&(0x7f0000000200)='udf\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r7, &(0x7f0000000000)={0x1f, 0xffff, 0x2}, 0x6) close_range(r6, 0xffffffffffffffff, 0x0) sendmmsg$alg(r4, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x40040}], 0x1, 0x8040) sendmsg$RDMA_NLDEV_CMD_GET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[], 0x38}}, 0x0) recvmsg(r4, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000680)=""/23, 0x17}], 0x1}, 0x142) 640.252421ms ago: executing program 1 (id=3246): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee3, 0x40010, 0xffffffffffffffff, 0x6c5bf000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_int(r0, &(0x7f0000000540), 0xfffffdd8) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) 484.526823ms ago: executing program 0 (id=3247): r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x180, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0x2c0, 0x60, 0xd0e0000, 0x2c0, 0x100, 0x390, 0x1d8, 0x1d8, 0x390, 0x1d8, 0x7fffffe, 0x0, {[{{@uncond, 0xee02, 0x2a0, 0x2c0, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{0x3, 0x77, 0x7, 0x2}, {0x6, 0x5d, 0x8, 0xf}, {0x0, 0x7, 0x4, 0x5}, {0x200, 0x10, 0x4, 0x401}, {0x2, 0x7, 0x9, 0x7}, {0x8, 0x2, 0x40, 0x80}, {0x7, 0x10, 0x4, 0xc27e}, {0x0, 0x8, 0x1, 0x9}, {0xa66, 0xf9, 0x2, 0x40}, {0xf207, 0x18, 0x1, 0x6}, {0x2, 0x8, 0x6, 0xb6}, {0x0, 0x5, 0x5, 0x4}, {0x9, 0x7f, 0x5, 0x2}, {0x5, 0x2, 0xf, 0xc00}, {0x1, 0x9, 0x2, 0x54}, {0x3, 0x2b, 0x2, 0x3}, {0xffff, 0x5, 0x6d, 0x7}, {0x6, 0xa, 0x5, 0x51d8}, {0x8, 0xe, 0x5}, {0x0, 0x40, 0x7, 0x88}, {0x7, 0x2, 0x6, 0x3}, {0x98d, 0x2, 0xff, 0x5}, {0x81, 0x1, 0x3, 0x7f}, {0x1, 0x2, 0xc0, 0x86f}, {0x8, 0x2, 0x9, 0x6}, {0x7, 0x75, 0x7, 0xd}, {0x6, 0x6, 0x6, 0x8001}, {0x120, 0x5, 0x2, 0x3dbd}, {0x5, 0x8, 0x9, 0x1}, {0x0, 0x3, 0x9, 0xff}, {0x0, 0x4, 0x0, 0xfffffff8}, {0x7, 0x1, 0x9, 0xd}, {0xfff, 0x7, 0x0, 0xbc}, {0x0, 0x4c, 0x8, 0xff}, {0x8, 0xc0, 0x80, 0x4}, {0x1, 0x1, 0x0, 0x508d}, {0x1ff, 0x5, 0x81, 0xd}, {0x0, 0x0, 0x2, 0x5}, {0x401, 0x3, 0x80, 0x9}, {0x9, 0x2, 0x0, 0x8}, {0x0, 0x1, 0xfb, 0x7}, {0xa, 0xff, 0x1, 0x7fffffff}, {0x7, 0x4, 0x7, 0x40}, {0xa, 0xc, 0x6, 0x5}, {0x9, 0x8, 0x7, 0x10000}, {0xe9, 0x6, 0x3, 0x3}, {0xb, 0x7, 0x7, 0x200}, {0xe, 0x5, 0x6, 0x2}, {0x9, 0x5, 0x0, 0x1}, {0x9, 0x1, 0x7, 0x1}, {0x1c0, 0x5, 0x2, 0x8e1}, {0x0, 0x5, 0x0, 0x7f07}, {0x6, 0x0, 0x1, 0x1ff}, {0x2, 0x28, 0xfc, 0x8}, {0x6, 0x3, 0x7, 0x2}, {0xa, 0xc5, 0x4, 0x3}, {0x3, 0x71, 0x8, 0x7}, {0x6e, 0x2, 0x0, 0x8}, {0x0, 0x7, 0x7, 0x10000}, {0x9, 0x7, 0x5, 0x7}, {0x100, 0x8, 0x3}, {0xd34, 0x7, 0x8}, {0x9, 0x9, 0x1, 0x80000001}, {0x6, 0xfe, 0x3, 0x3}], {0x1}}}]}, @unspec=@TRACE={0x20}}, {{@ip={@multicast2, @empty, 0xffffffff, 0xffffff00, 'veth1_virt_wifi\x00', 'xfrm0\x00', {}, {}, 0x1, 0x1, 0x6c}, 0x9400, 0x70, 0xd0, 0x94}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x0, 0x5, 0x0, 0x6, 0x4, 0x6], 0x0, 0x3}, {0x0, [0x5, 0x1, 0x6, 0x0, 0x3, 0x1]}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x488) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40488c1}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x7fffe, {0x0, 0x0, 0x0, r4, {0x0, 0xffe0}, {0xb, 0xb}, {0x0, 0x1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x6, 0x1, 0x9, 0x1, 0x8}, 0xb, 0x1, 0x32, 0x5, 0x9, 0x7, 0x2, 0x1d, 0x21, 0xffffff5c, {0xffff1c72, 0x23, 0x3, 0x1008, 0xfffffffe, 0x7583}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x404c800}, 0x400c000) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) sendto$packet(r0, &(0x7f00000002c0)="05031620d3fc140000004788031c", 0xe, 0x4, &(0x7f0000000140)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) 483.026246ms ago: executing program 2 (id=3248): syslog(0xa, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x1d7) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000080)='./file1/file0\x00', 0x0, 0x1085408, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x40, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000002280), 0x68c01, 0x0) write$binfmt_format(r0, &(0x7f0000006240)='-1\x00', 0x3) unlink(&(0x7f0000000140)='./cgroup\x00') 411.220595ms ago: executing program 3 (id=3249): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee3, 0x8032, 0xffffffffffffffff, 0x28f41000) syz_open_procfs(0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) write$cgroup_int(r0, &(0x7f0000000540), 0xfffffdd8) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x3280f4, 0x1000}, 0x1c) 410.822569ms ago: executing program 1 (id=3250): r0 = socket$nl_generic(0x11, 0x3, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x3a, 0x1c, 0x7ffd, 0x0, 0x0, 0x2, 0x0, @broadcast, @loopback}, {0x17, 0x74, 0x0, @rand_addr=0x64010100}}}}}, 0x0) sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) (fail_nth: 7) 410.586529ms ago: executing program 2 (id=3251): r0 = socket(0x2, 0x3, 0xff) sendmmsg$inet(r0, &(0x7f0000000b80)=[{{&(0x7f0000000280)={0x2, 0x4e22, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000340)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x37}, @local}}}], 0x20}}, {{&(0x7f0000000000)={0x2, 0x4e24, @private=0xa010101}, 0x10, 0x0, 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32, @ANYBLOB="ac1414bbac1e010100000000140000000000000000000000020000000600000000000000d000000000000000000000000700000007"], 0x1c8}}], 0x2, 0x4800) 317.630031ms ago: executing program 0 (id=3252): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x77359400}}, 0x0) sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, 0x0, 0x8000) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) r3 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r4, 0xc020aa07, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0) 315.947146ms ago: executing program 0 (id=3253): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000000c0), &(0x7f0000000100)=0x8) 310.465538ms ago: executing program 1 (id=3254): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) writev(0xffffffffffffffff, &(0x7f0000002200)=[{&(0x7f0000000280)="d42586a0d8db", 0x6}], 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x0, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x8, 0x0, 0x91, 0x4, 0x4, 0x16, 0x8, 0x5, 0x401, 0xfffffff5, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0xfffffffc, 0x2, 0x2, 0x2, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400080, 0x1, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0xc7c, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x1, 0x3ff, 0x1ff, 0x1, 0x80000001, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x7], [0x2, 0xfffffffe, 0xffff, 0xc, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x9, 0x8, 0x3fc, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x4e, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x2, 0x400, 0x3e55, 0x4005, 0xd3, 0x8, 0x97f7, 0x3, 0xd, 0x7, 0x601, 0x101, 0x1, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x8922, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x6, 0x10000, 0xfffffffd, 0x5, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1d, 0x9, 0x81, 0x3, 0x9d82, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x0, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x100009, 0xc, 0xfffffffe, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x7fff, 0x3, 0x6, 0xf, 0xe, 0x1, 0x26d, 0x6, 0xfffffff9, 0x5, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x6, 0x8, 0x14000, 0x1, 0x109]}, 0x45c) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000006119a400000000009500000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0xfffffffffffffffe, 0x40000000000180, 0x2, 0x6, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x4, 0x5, 0x4, 0x8], 0x25000, 0x304}) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x31}}, 0x2, 0x0, 0x4}}, 0x2e) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x50, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION2(r6, 0x40a0ae49, &(0x7f00000003c0)={0x10003, 0x1, 0xeeef0000, 0x1000, &(0x7f0000008000/0x1000)=nil, 0xd15, r6}) ioctl$KVM_RUN(r7, 0xae80, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a70000000060a0b160000000000000000020000084481000000000000000001006f7366000c000280080001400000000428000180080001006e6174001c0002800800014000000000080003400000001408000240000000020900010073797a30000000000900020073797a320000000014000000110f0100dd000000000000000000000ae9d4ec5f7ebd79fafdfdcb7e1cab7461111fdaa93fbbb9f97c1b7957b9884545c5886fc5ba922937f0448499ba48192359c95ad917eecd667af638b02a006f"], 0x98}, 0x1, 0x0, 0x0, 0x850}, 0x4040080) 220.636948ms ago: executing program 1 (id=3255): r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) mknodat(0xffffffffffffff9c, 0x0, 0x11c0, 0x0) syz_open_dev$loop(0x0, 0x2, 0x8000) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) r1 = socket(0xa, 0x1, 0x0) getsockopt$inet_int(r1, 0x0, 0x22, 0x0, &(0x7f0000000200)) syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000080)={0x40, 0xc, 0xb2, {0xb2, 0x3, "44a689f7b513c3098c80680d72169f50c835a1f6c75c98945a24c82cc45ad43066b1522cbf59a88c6cf977fd496537f49c7ae0eb7d72f33794d6bad6e623d1351cf790d2d0bcc20832c6f9037fefc0758aecf98652127d1cb7c5f6d44e7cb9c2e958b989497dba6739656366256e8dac20d476cec9926e65dd1770b94fe09ae96006b04db1505169bc896c0cca32ad60771424dc349ef4a15dd3964a8f8d37a6fa63f54df80f87484a81efbd41a27ddd"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x455}}, &(0x7f0000000180)={0x0, 0xf, 0x2f, {0x5, 0xf, 0x2f, 0x2, [@ssp_cap={0x20, 0x10, 0xa, 0x9, 0x5, 0xd00000, 0xf000, 0x3, [0xff3fc0, 0xc000, 0xff0030, 0xffc030, 0xc000]}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x0, 0x92, 0x9f}]}}, &(0x7f00000001c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x1, 0x18, 0x7, 0x5, "483bfbe6", "6382cf08"}}, &(0x7f0000000200)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x4, 0x2, 0x86, 0xb, 0x5, 0x5, 0x8}}}, &(0x7f0000000680)={0x84, &(0x7f0000000740)=ANY=[@ANYBLOB="5151ff979b03179001879fa415e09b045e6dafe9501690ada9805eed23189dd10803399b61a13d81692bc20b7d72f3993f8ca4c7ee7745d894e80aef014ba1325df600000000000000"], &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x7}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000340)={0x20, 0x0, 0x4, {0x0, 0x3}}, &(0x7f0000000380)={0x20, 0x0, 0x4, {0x20, 0x2}}, &(0x7f00000003c0)={0x40, 0x7, 0x2, 0x2}, &(0x7f0000000400)={0x40, 0x9, 0x1, 0x2b}, &(0x7f0000000440)={0x40, 0xb, 0x2, "41e3"}, &(0x7f0000000480)={0x40, 0xf, 0x2, 0x4}, &(0x7f00000004c0)={0x40, 0x13, 0x6, @random="09c750ab033b"}, &(0x7f0000000500)={0x40, 0x17, 0x6, @random="30bd7ecf0723"}, &(0x7f0000000540)={0x40, 0x19, 0x2, "e9e2"}, &(0x7f0000000580)={0x40, 0x1a, 0x2, 0x3}, &(0x7f00000005c0)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000000600)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000000640)={0x40, 0x21, 0x1, 0x9}}) r2 = accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000280)=0x10, 0x80800) r3 = accept(r2, &(0x7f0000000940)=@nfc_llcp, &(0x7f0000000880)=0xfffffffffffffea4) setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, &(0x7f00000008c0)=[{0x1, 0x0, {0x0, 0x1}, {0x0, 0x0, 0x5}, 0x1, 0xff}, {0x1, 0x3, {0x2, 0x0, 0x3}, {0x1, 0xf, 0x6}, 0x1, 0xfe}, {0x1, 0x2, {0x0, 0xff}, {0x1}, 0xff, 0xfd}, {0x1, 0x3, {0x2, 0xf0, 0x3}, {0x2, 0xff, 0x2}, 0xfd, 0x1}], 0x80) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$SOUND_MIXER_WRITE_VOLUME(0xffffffffffffffff, 0xc0040d07, 0x0) ioctl$FS_IOC_GETVERSION(r4, 0xc0105b08, &(0x7f0000000040)) 219.980943ms ago: executing program 0 (id=3256): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xe}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x5c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x9, 0x6}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x3cb, 0x1, 0x401}, {0x2, 0x49a, 0x109, 0x4, 0x6, 0x1, 0x2}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8}, 0x8000) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000280)=@xdp={0x2c, 0x7, r10, 0x2c}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000000)='|', 0x5dc}], 0x1}, 0x4) (fail_nth: 6) 101.691744ms ago: executing program 0 (id=3257): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan0\x00', 0x0}) unshare(0x24020400) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a78000000060a030400000000000000000a0000010900010073797a31000000004c000480480001800b000100746172676574000038000280240003007339f2f10455afb9fdd672bad09dfb78c7699c74e891a0c700000000000000000800024000000000080001004c4f47000900020073797a32"], 0xa0}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000300)={&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, &(0x7f00000001c0)=""/34, 0x22, 0x1, &(0x7f0000000200)=""/135, 0x87}, &(0x7f0000000340)=0x40) r5 = socket$pppl2tp(0x18, 0x1, 0x1) r6 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r5, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f00000005c0), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x50, r7, 0x1, 0x9070bd0c, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0xaa8}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x7}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x80}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'ip6tnl0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000811}, 0x20) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newtaction={0x70, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_ctinfo={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x3f00}, @TCA_CTINFO_ACT={0x18, 0x3, {0x0, 0x1, 0xffffffffffffffff}}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0xda32}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0) syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x2, 0x6, 0x801}, 0x0, 0x0, &(0x7f0000000000)) r9 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4000000000000007910900000000000620000000000000095000000000000009e574bffff1729aba9b39a58e3cd8757e44cf3611b8e327a0279acba1f7791408d1efa421239728e2e5cc319b58520609dfd4a1a021d000000000000efffff75c3d894d99aef659f8b0000c515d8c219fbd9da31fc3ce3e9a2653000aec385a84a3d3f466bba30ac1486a70037fb03adef1a427fb0f4cb3072182da7c30000000000000000000000000000000000000000000000000000297e9fed660213ecb576987ad0972f18fbb7c9ecc03901f028b15b30ecf3205f90c9684ddc80d13bf37afc00e5efd686e6fb5ef4ee00b66126f773434a5c0d2ad3526bc484a6b94396117615f78f97637d8f8838aa75efb657ddafb15b88d97e47731cc3f55ce4e6a42562e6fb1f0000003030249c350044b09c36d10549a5949ff21418f1517508fb13540a82b5030cd9bb1bb066ca833c1fef6cefa28543ee520e46a3e96aca0d5a5f8cb34ad9c54c3a9a698f835bb83bcfd81ac5cfa18ce0740717994b5152cd0fa735433e50dccee16a208245b4366d44bb7ebd169b9e3a66d0cb29291a50f642ae4cb007540c806cd1cf88fdcaa393d1e1a697649401a802b474e374c767cb1ce52fd917d6af3de547be8429540de37f868a7f25d47c4b710836436008d4e8c8b42aeee84629d06d75ef09e0260b41de1f750480e492b6822d6275b7ccda1141707069cdb21de7a98dc37efdd806cc3619ad0659998bdd90b008c1aed04ee682b8ffd25741abbd9c6482ca45b82b6b7f25f71280cd6ba8bbb1e32dfe84831d1fc132755ce9aaf1952cb6829e9d6f4cbd8a07dc0cebcad512b3e0f2daa622bc805d2e152e0765b20cd6c8e2f4fff81e1458a43f35d36b25225dc0fbaf3b8131f5a8ae73e8badc519350edf048d5f56617"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x48) unshare(0x100) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x1c, r9, 0x1, 0x70bd2a, 0x25dfdbfa, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008081}, 0x810) 101.431633ms ago: executing program 2 (id=3258): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xe}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x5c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x9, 0x6}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x3cb, 0x1, 0x401}, {0x2, 0x49a, 0x109, 0x4, 0x6, 0x1, 0x2}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8}, 0x8000) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000280)=@xdp={0x2c, 0x7, r10, 0x2c, 0x500}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000000)='|', 0x5dc}], 0x1}, 0x4) 0s ago: executing program 32 (id=3258): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xe}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = socket$kcm(0x11, 0x3, 0x0) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x5c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x9, 0x6}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x3cb, 0x1, 0x401}, {0x2, 0x49a, 0x109, 0x4, 0x6, 0x1, 0x2}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8}, 0x8000) r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r9) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$SIOCSIFHWADDR(r9, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000280)=@xdp={0x2c, 0x7, r10, 0x2c, 0x500}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000000)='|', 0x5dc}], 0x1}, 0x4) kernel console output (not intermixed with test programs): : 002b:00007ffbc6b8a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 282.055688][T13036] RAX: ffffffffffffffda RBX: 00007ffbc6015fa0 RCX: 00007ffbc5d9ce59 [ 282.055695][T13036] RDX: 000000000000271e RSI: 0000200000000114 RDI: 0000000000000004 [ 282.055701][T13036] RBP: 00007ffbc6b8a090 R08: 0000200000000040 R09: 0000000000000000 [ 282.055707][T13036] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001 [ 282.055713][T13036] R13: 00007ffbc6016038 R14: 00007ffbc6015fa0 R15: 00007ffde168fb98 [ 282.055727][T13036] [ 282.236432][T13046] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2558'. [ 282.563540][ T5093] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 282.570643][ T5093] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 282.577478][ T5093] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 282.585780][ T5093] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 282.593744][ T5093] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 282.783236][ T5935] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 282.934296][ T5935] usb 8-1: Using ep0 maxpacket: 8 [ 282.938368][ T5935] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 282.942378][ T5935] usb 8-1: config 0 has no interfaces? [ 282.947141][ T5935] usb 8-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 282.951266][ T5935] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.963260][ T5935] usb 8-1: config 0 descriptor?? [ 282.974857][T13088] loop2: detected capacity change from 0 to 3 [ 282.983938][T13088] Dev loop2: unable to read RDB block 3 [ 282.988089][T13088] loop2: unable to read partition table [ 282.990044][T13088] loop2: partition table beyond EOD, truncated [ 282.995337][T13088] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 283.132021][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 283.132039][ T40] audit: type=1400 audit(1778628181.767:556): avc: denied { mount } for pid=13095 comm="syz.1.2573" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 283.219797][ T1168] bridge_slave_1: left allmulticast mode [ 283.222565][ T1168] bridge_slave_1: left promiscuous mode [ 283.225339][ T1168] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.231120][ T1168] bridge_slave_0: left allmulticast mode [ 283.233972][ T1168] bridge_slave_0: left promiscuous mode [ 283.236519][ T1168] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.268449][ T40] audit: type=1400 audit(1778628181.907:557): avc: denied { write } for pid=13104 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 283.332002][ T40] audit: type=1400 audit(1778628181.967:558): avc: denied { write } for pid=13108 comm="rm" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 283.581304][ T1168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 283.588392][ T1168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.593740][ T1168] bond0 (unregistering): Released all slaves [ 283.607998][ T5447] 8021q: adding VLAN 0 to HW filter on device eth2 [ 283.654216][ T1168] tipc: Left network mode [ 283.657332][T13067] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.661283][T13067] bridge0: port 1(bridge_slave_0) entered disabled state [ 283.673386][T13067] bridge_slave_0: entered allmulticast mode [ 283.676904][T13067] bridge_slave_0: entered promiscuous mode [ 283.684334][T13067] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.688132][T13067] bridge0: port 2(bridge_slave_1) entered disabled state [ 283.691754][T13067] bridge_slave_1: entered allmulticast mode [ 283.696744][T13067] bridge_slave_1: entered promiscuous mode [ 283.768031][T13067] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 283.775932][T13067] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 283.793656][ T40] audit: type=1400 audit(1778628182.437:559): avc: denied { write } for pid=13114 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 283.817119][T13067] team0: Port device team_slave_0 added [ 283.848044][T13067] team0: Port device team_slave_1 added [ 283.866491][T13067] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 283.869081][T13067] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 283.877778][ T40] audit: type=1400 audit(1778628182.517:560): avc: denied { write } for pid=13119 comm="rm" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 283.887372][T13067] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 283.901405][T13067] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 283.905929][T13067] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 283.915772][T13067] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 283.955425][ T5447] 8021q: adding VLAN 0 to HW filter on device eth3 [ 283.998168][T13067] hsr_slave_0: entered promiscuous mode [ 284.003894][T13067] hsr_slave_1: entered promiscuous mode [ 284.007558][T13067] debugfs: 'hsr0' already exists in 'hsr' [ 284.009974][T13067] Cannot create hsr debugfs directory [ 284.014757][ T5847] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 284.180170][ T40] audit: type=1400 audit(1778628182.817:561): avc: denied { write } for pid=13124 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 284.184071][ T5847] usb 6-1: Using ep0 maxpacket: 8 [ 284.198681][ T5847] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 284.203834][ T5847] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 284.208203][ T5847] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 284.214910][ T5847] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 284.221169][ T5847] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 284.235562][ T5847] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.289738][ T1168] hsr_slave_0: left promiscuous mode [ 284.297993][ T1168] hsr_slave_1: left promiscuous mode [ 284.303312][ T40] audit: type=1400 audit(1778628182.947:562): avc: denied { write } for pid=13131 comm="rm" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 284.329773][ T1168] team0 (unregistering): Port device batadv0 removed [ 284.443987][ T1168] team0 (unregistering): Port device team_slave_1 removed [ 284.452740][ T5847] usb 6-1: GET_CAPABILITIES returned 0 [ 284.454580][ T5847] usbtmc 6-1:16.0: can't read capabilities [ 284.456944][ T1168] team0 (unregistering): Port device team_slave_0 removed [ 284.543992][T13130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2578'. [ 284.551755][ T5447] 8021q: adding VLAN 0 to HW filter on device eth4 [ 284.663794][ C1] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 284.667636][ T5847] usb 6-1: USB disconnect, device number 18 [ 284.703494][ T5741] Bluetooth: hci0: command tx timeout [ 284.704517][ T40] audit: type=1400 audit(1778628183.347:563): avc: denied { write } for pid=13135 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 284.776206][ T40] audit: type=1400 audit(1778628183.417:564): avc: denied { write } for pid=13138 comm="rm" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 284.941199][ T40] audit: type=1400 audit(1778628183.577:565): avc: denied { write } for pid=13145 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 285.079376][T13067] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 285.084207][T13067] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 285.087176][T13067] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 285.092054][T13067] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 285.097141][T13067] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 285.103928][T13067] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 285.107845][T13067] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 285.118789][T13067] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 285.125767][ T1168] IPVS: stop unused estimator thread 0... [ 285.176263][T13067] 8021q: adding VLAN 0 to HW filter on device bond0 [ 285.188108][T13067] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.195641][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.199799][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.210058][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.213444][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 285.522762][T13067] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 285.562932][ T5440] usb 8-1: USB disconnect, device number 16 [ 285.564805][T13067] veth0_vlan: entered promiscuous mode [ 285.574087][T13067] veth1_vlan: entered promiscuous mode [ 285.615455][T13067] veth0_macvtap: entered promiscuous mode [ 285.620782][T13067] veth1_macvtap: entered promiscuous mode [ 285.643469][T13067] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 285.654609][T13067] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 285.867841][T13178] Invalid option length (1048180) for dns_resolver key [ 285.902323][T13178] use of bytesused == 0 is deprecated and will be removed in the future, [ 285.906348][T13178] use the actual size instead. [ 285.955223][ T1162] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.959976][ T1162] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.796331][ T5741] Bluetooth: hci0: command tx timeout [ 286.870121][ T1162] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.874757][ T1162] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.105926][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.120773][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.163067][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.172384][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.204287][T13191] syzkaller0: entered promiscuous mode [ 287.206982][T13191] syzkaller0: entered allmulticast mode [ 287.442558][ T5850] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 287.469826][T13199] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 287.472375][T13199] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 287.476589][T13199] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 287.479963][T13199] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 287.614056][ T5850] usb 6-1: Using ep0 maxpacket: 8 [ 287.618472][ T5850] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 287.622317][ T5850] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 287.627597][ T5850] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 287.631555][ T5850] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 287.637533][ T5850] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 287.641397][ T5850] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.701166][T13208] tmpfs: Bad value for 'mpol' [ 287.705654][T13208] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2593'. [ 287.710779][T13208] warning: `syz.0.2593' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 287.848765][ T844] IPVS: starting estimator thread 0... [ 287.861055][ T5850] usb 6-1: GET_CAPABILITIES returned 0 [ 287.863655][ T5850] usbtmc 6-1:16.0: can't read capabilities [ 287.943198][T13215] IPVS: using max 45 ests per chain, 108000 per kthread [ 287.954267][T13223] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2599'. [ 287.988808][T13225] netlink: 277 bytes leftover after parsing attributes in process `syz.2.2600'. [ 288.070379][ C2] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 288.074604][ T5850] usb 6-1: USB disconnect, device number 19 [ 288.492611][ T5847] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 288.645358][ T5847] usb 8-1: device descriptor read/64, error -71 [ 288.743383][T13246] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2610'. [ 288.852678][ T5741] Bluetooth: hci0: command tx timeout [ 288.892775][ T5847] usb 8-1: new high-speed USB device number 18 using dummy_hcd [ 289.042703][ T5847] usb 8-1: device descriptor read/64, error -71 [ 289.142764][ T5935] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 289.154636][ T5847] usb usb8-port1: attempt power cycle [ 289.302646][ T5935] usb 6-1: Using ep0 maxpacket: 32 [ 289.306720][ T5935] usb 6-1: config index 0 descriptor too short (expected 18468, got 36) [ 289.310233][ T5935] usb 6-1: config 194 has too many interfaces: 199, using maximum allowed: 32 [ 289.313502][ T5935] usb 6-1: config 194 has an invalid descriptor of length 0, skipping remainder of the config [ 289.317244][ T5935] usb 6-1: config 194 has 0 interfaces, different from the descriptor's value: 199 [ 289.321191][ T5935] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 289.324894][ T5935] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.492724][ T5847] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 289.523433][ T5847] usb 8-1: device descriptor read/8, error -71 [ 289.530272][T13261] loop2: detected capacity change from 0 to 3 [ 289.535066][T13261] Dev loop2: unable to read RDB block 3 [ 289.537030][T13261] loop2: unable to read partition table [ 289.538857][T13261] loop2: partition table beyond EOD, truncated [ 289.540865][T13261] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 289.772577][ T5847] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 289.793169][ T5847] usb 8-1: device descriptor read/8, error -71 [ 289.903851][ T5847] usb usb8-port1: unable to enumerate USB device [ 290.053205][T13284] syzkaller0: entered promiscuous mode [ 290.056247][T13284] syzkaller0: entered allmulticast mode [ 290.727266][T13289] syzkaller0: entered promiscuous mode [ 290.729472][T13289] syzkaller0: entered allmulticast mode [ 290.993038][ T5741] Bluetooth: hci0: command tx timeout [ 291.152847][T12252] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 291.312580][T12252] usb 5-1: Using ep0 maxpacket: 16 [ 291.316887][T12252] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 291.334938][T12252] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 291.338984][T12252] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.347095][T12252] usb 5-1: Product: syz [ 291.351425][T12252] usb 5-1: Manufacturer: syz [ 291.355974][T12252] usb 5-1: SerialNumber: syz [ 291.368268][T12252] usb 5-1: config 0 descriptor?? [ 291.392071][T12252] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 291.398229][T12252] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 291.442673][T13311] syzkaller0: entered promiscuous mode [ 291.445412][T13311] syzkaller0: entered allmulticast mode [ 291.675511][ T1162] bridge_slave_1: left allmulticast mode [ 291.678008][ T1162] bridge_slave_1: left promiscuous mode [ 291.680468][ T1162] bridge0: port 2(bridge_slave_1) entered disabled state [ 291.684617][ T1162] bridge_slave_0: left allmulticast mode [ 291.686530][ T1162] bridge_slave_0: left promiscuous mode [ 291.688665][ T1162] bridge0: port 1(bridge_slave_0) entered disabled state [ 291.697179][ T1162] lo: left allmulticast mode [ 291.730058][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 291.730072][ T40] audit: type=1400 audit(1778628190.367:574): avc: denied { write } for pid=13319 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 291.782662][ T34] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 291.824989][ T40] audit: type=1400 audit(1778628190.467:575): avc: denied { write } for pid=13322 comm="rm" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 291.849192][ T5935] usb 6-1: string descriptor 0 read error: -71 [ 291.876344][ T5935] usb 6-1: USB disconnect, device number 20 [ 291.942609][ T34] usb 8-1: Using ep0 maxpacket: 16 [ 291.949213][ T34] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 291.958274][ T34] usb 8-1: config 0 interface 0 has no altsetting 0 [ 291.965220][ T34] usb 8-1: New USB device found, idVendor=15c2, idProduct=0045, bcdDevice=1f.20 [ 291.971685][ T34] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.975616][ T34] usb 8-1: Product: syz [ 291.977366][ T34] usb 8-1: Manufacturer: syz [ 291.979311][ T34] usb 8-1: SerialNumber: syz [ 291.986320][ T34] usb 8-1: config 0 descriptor?? [ 291.993674][T12252] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 292.096531][ T1162] team0: Port device bridge1 removed [ 292.194753][T13313] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.199759][T13313] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.210011][ T34] input: iMON Panel, Knob and Mouse(15c2:0045) as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input22 [ 292.252533][ T40] audit: type=1400 audit(1778628190.887:576): avc: denied { write } for pid=13339 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 292.272220][T13342] loop9: detected capacity change from 0 to 7 [ 292.280169][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 292.283250][ C1] buffer_io_error: 13 callbacks suppressed [ 292.283260][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.296117][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 292.299514][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.302795][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 292.306316][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.313065][ T1162] tipc: Left network mode [ 292.324774][ T40] audit: type=1400 audit(1778628190.967:577): avc: denied { write } for pid=13344 comm="rm" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 292.324913][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 292.336612][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.354383][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 292.371761][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 292.374971][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.389522][ C2] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 292.393500][ C2] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.397152][ C3] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 292.401494][ C3] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.402519][ T1162] IPVS: stopping backup sync thread 6563 ... [ 292.405613][T13342] ldm_validate_partition_table(): Disk read failed. [ 292.405970][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 292.406000][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.407039][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 292.407093][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.407312][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 292.407576][T13342] Dev loop9: unable to read RDB block 0 [ 292.425393][T13342] loop9: unable to read partition table [ 292.425585][T13342] loop9: partition table beyond EOD, truncated [ 292.448857][T13342] loop_reread_partitions: partition scan of loop9 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 292.467060][ T40] audit: type=1400 audit(1778628191.107:578): avc: denied { write } for pid=13347 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 292.492507][ T34] rc_core: IR keymap rc-imon-pad not found [ 292.494408][ T34] Registered IR keymap rc-empty [ 292.496057][ T34] imon 8-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 292.500565][ T34] imon 8-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 292.528934][ T40] audit: type=1400 audit(1778628191.167:579): avc: denied { write } for pid=13354 comm="rm" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 292.551141][T13353] syzkaller0: entered promiscuous mode [ 292.553989][T13353] syzkaller0: entered allmulticast mode [ 292.623903][ T40] audit: type=1400 audit(1778628191.267:580): avc: denied { write } for pid=13357 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 292.623936][ C3] imon 8-1:0.0: imon usb_rx_callback_intf0: status(-71) [ 292.626328][ T34] imon:send_packet: packet tx failed (-71) [ 292.652890][ T34] imon 8-1:0.0: remote input dev register failed [ 292.656625][ T34] imon 8-1:0.0: imon_init_intf0: rc device setup failed [ 292.661291][ T1162] hsr_slave_0: left promiscuous mode [ 292.665982][ T1162] hsr_slave_1: left promiscuous mode [ 292.669507][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 292.671296][ T34] imon 8-1:0.0: unable to initialize intf0, err 0 [ 292.675149][ T34] imon:imon_probe: failed to initialize context! [ 292.677463][ T34] imon 8-1:0.0: unable to register, err -19 [ 292.678657][ T1162] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 292.682256][ T34] usb 8-1: USB disconnect, device number 21 [ 292.720593][ T40] audit: type=1400 audit(1778628191.357:581): avc: denied { write } for pid=13360 comm="rm" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 292.932250][ T1162] team0 (unregistering): Port device team_slave_1 removed [ 292.946211][ T1162] team0 (unregistering): Port device team_slave_0 removed [ 292.977040][T13188] smbdirect: ib_dev[syz0] removed [ 293.095801][ T40] audit: type=1400 audit(1778628191.737:582): avc: denied { write } for pid=13371 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 293.165305][ T40] audit: type=1400 audit(1778628191.797:583): avc: denied { write } for pid=13376 comm="rm" name="hook-state" dev="tmpfs" ino=1841 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 293.391483][T13389] syzkaller0: entered promiscuous mode [ 293.395675][T13389] syzkaller0: entered allmulticast mode [ 293.412719][ T34] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 293.446806][ T1162] IPVS: stop unused estimator thread 0... [ 293.504410][T13292] em28xx 5-1:0.0: failed to get i2c transfer status from bridge register (error=-5) [ 293.510885][T12252] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 293.517260][T12252] em28xx 5-1:0.0: board has no eeprom [ 293.563051][ T34] usb 6-1: Using ep0 maxpacket: 32 [ 293.568991][ T34] usb 6-1: config index 0 descriptor too short (expected 18468, got 36) [ 293.573773][ T34] usb 6-1: config 194 has too many interfaces: 199, using maximum allowed: 32 [ 293.577031][ T34] usb 6-1: config 194 has an invalid descriptor of length 0, skipping remainder of the config [ 293.580453][ T34] usb 6-1: config 194 has 0 interfaces, different from the descriptor's value: 199 [ 293.584104][ T34] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 293.587203][ T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.592888][T12252] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 293.597221][T12252] em28xx 5-1:0.0: dvb set to bulk mode. [ 293.599573][ T5836] em28xx 5-1:0.0: Binding DVB extension [ 293.618248][T12252] usb 5-1: USB disconnect, device number 19 [ 293.628509][T12252] em28xx 5-1:0.0: Disconnecting em28xx [ 293.663945][ T5836] em28xx 5-1:0.0: Registering input extension [ 293.667180][T12252] em28xx 5-1:0.0: Closing input extension [ 293.689354][T12252] em28xx 5-1:0.0: Freeing device [ 293.801087][ T34] usb 6-1: string descriptor 0 read error: -71 [ 293.808543][ T34] usb 6-1: USB disconnect, device number 21 [ 293.872601][ T5440] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 294.022569][ T5440] usb 8-1: Using ep0 maxpacket: 8 [ 294.025922][ T5440] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 294.029227][ T5440] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 294.032895][ T5440] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 294.036912][ T5440] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 294.041989][ T5440] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 294.045753][ T5440] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.255817][ T5440] usb 8-1: GET_CAPABILITIES returned 0 [ 294.257732][ T5440] usbtmc 8-1:16.0: can't read capabilities [ 294.478504][ C3] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 294.483684][ T5935] usb 8-1: USB disconnect, device number 22 [ 294.879559][T13428] syzkaller0: entered promiscuous mode [ 294.882161][T13428] syzkaller0: entered allmulticast mode [ 294.995381][T13434] FAULT_INJECTION: forcing a failure. [ 294.995381][T13434] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 295.002880][T13434] CPU: 1 UID: 0 PID: 13434 Comm: syz.2.2664 Not tainted syzkaller #0 PREEMPT(full) [ 295.002897][T13434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 295.002904][T13434] Call Trace: [ 295.002908][T13434] [ 295.002913][T13434] dump_stack_lvl+0x100/0x190 [ 295.002980][T13434] should_fail_ex.cold+0x5/0xa [ 295.003004][T13434] _copy_from_iter+0x1f4/0x1690 [ 295.003034][T13434] ? __asan_memset+0x23/0x50 [ 295.003060][T13434] ? __pfx__copy_from_iter+0x10/0x10 [ 295.003075][T13434] ? __pfx___alloc_skb+0x10/0x10 [ 295.003125][T13434] netlink_sendmsg+0x808/0xda0 [ 295.003151][T13434] ? __pfx_netlink_sendmsg+0x10/0x10 [ 295.003164][T13434] ? __might_fault+0x50/0x140 [ 295.003186][T13434] ____sys_sendmsg+0x9e1/0xb70 [ 295.003199][T13434] ? __pfx_netlink_sendmsg+0x10/0x10 [ 295.003214][T13434] ? __pfx_____sys_sendmsg+0x10/0x10 [ 295.003233][T13434] ___sys_sendmsg+0x190/0x1e0 [ 295.003248][T13434] ? __pfx____sys_sendmsg+0x10/0x10 [ 295.003277][T13434] __sys_sendmsg+0x170/0x220 [ 295.003290][T13434] ? __pfx___sys_sendmsg+0x10/0x10 [ 295.003305][T13434] ? rcu_is_watching+0x12/0xc0 [ 295.003332][T13434] do_syscall_64+0x10b/0xf80 [ 295.003380][T13434] ? clear_bhb_loop+0x40/0x90 [ 295.003392][T13434] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.003403][T13434] RIP: 0033:0x7ffbc5d9ce59 [ 295.003414][T13434] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 295.003424][T13434] RSP: 002b:00007ffbc6b8a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 295.003435][T13434] RAX: ffffffffffffffda RBX: 00007ffbc6015fa0 RCX: 00007ffbc5d9ce59 [ 295.003442][T13434] RDX: 0000000000000810 RSI: 00002000000005c0 RDI: 0000000000000004 [ 295.003448][T13434] RBP: 00007ffbc6b8a090 R08: 0000000000000000 R09: 0000000000000000 [ 295.003454][T13434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 295.003460][T13434] R13: 00007ffbc6016038 R14: 00007ffbc6015fa0 R15: 00007ffde168fb98 [ 295.003472][T13434] [ 295.149656][T13450] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2669'. [ 295.390009][T13463] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 295.392627][T13463] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 295.395441][T13463] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 295.398742][T13463] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 295.452508][ T5837] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 295.602629][ T5837] usb 5-1: Using ep0 maxpacket: 8 [ 295.606287][ T5837] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 295.609948][T13471] syzkaller0: entered promiscuous mode [ 295.610521][ T5837] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 295.612372][T13471] syzkaller0: entered allmulticast mode [ 295.616412][ T5837] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.619129][T13471] FAULT_INJECTION: forcing a failure. [ 295.619129][T13471] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 295.625352][ T5837] usb 5-1: config 0 descriptor?? [ 295.625859][T13471] CPU: 2 UID: 0 PID: 13471 Comm: syz.3.2678 Not tainted syzkaller #0 PREEMPT(full) [ 295.625874][T13471] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 295.625880][T13471] Call Trace: [ 295.625884][T13471] [ 295.625889][T13471] dump_stack_lvl+0x100/0x190 [ 295.625908][T13471] should_fail_ex.cold+0x5/0xa [ 295.625923][T13471] _copy_from_user+0x2e/0xd0 [ 295.625940][T13471] move_addr_to_kernel+0x65/0x170 [ 295.625962][T13471] copy_msghdr_from_user+0x417/0x4f0 [ 295.625982][T13471] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 295.626011][T13471] ___sys_sendmsg+0x106/0x1e0 [ 295.626033][T13471] ? __pfx____sys_sendmsg+0x10/0x10 [ 295.626077][T13471] __sys_sendmsg+0x170/0x220 [ 295.626094][T13471] ? __pfx___sys_sendmsg+0x10/0x10 [ 295.626116][T13471] ? rcu_is_watching+0x12/0xc0 [ 295.626145][T13471] do_syscall_64+0x10b/0xf80 [ 295.626167][T13471] ? clear_bhb_loop+0x40/0x90 [ 295.626188][T13471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 295.626204][T13471] RIP: 0033:0x7fb8cf59ce59 [ 295.626229][T13471] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 295.626244][T13471] RSP: 002b:00007fb8d041a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 295.626257][T13471] RAX: ffffffffffffffda RBX: 00007fb8cf815fa0 RCX: 00007fb8cf59ce59 [ 295.626263][T13471] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 0000000000000007 [ 295.626269][T13471] RBP: 00007fb8d041a090 R08: 0000000000000000 R09: 0000000000000000 [ 295.626276][T13471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 295.626282][T13471] R13: 00007fb8cf816038 R14: 00007fb8cf815fa0 R15: 00007ffeeeea98e8 [ 295.626295][T13471] [ 295.715838][ T5837] iowarrior 5-1:0.0: no interrupt-in endpoint found [ 295.832277][T13481] syzkaller0: entered promiscuous mode [ 295.834314][T13481] syzkaller0: entered allmulticast mode [ 296.760175][ T40] kauditd_printk_skb: 8 callbacks suppressed [ 296.760191][ T40] audit: type=1400 audit(1778628195.397:592): avc: denied { append } for pid=13512 comm="syz.3.2697" name="001" dev="devtmpfs" ino=761 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 296.766842][T13513] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2697'. [ 298.229608][ T5847] usb 5-1: USB disconnect, device number 20 [ 298.278698][T13524] syzkaller0: entered promiscuous mode [ 298.281155][T13524] syzkaller0: entered allmulticast mode [ 298.352229][ T40] audit: type=1400 audit(1778628196.987:593): avc: denied { lock } for pid=13521 comm="syz.0.2701" path="socket:[43894]" dev="sockfs" ino=43894 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 298.662513][ T5440] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 298.822726][ T5440] usb 6-1: Using ep0 maxpacket: 8 [ 298.826546][ T5440] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 298.829727][ T5440] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 298.833670][ T5440] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 298.837783][ T5440] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 298.843316][ T5440] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 298.846323][ T5440] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 299.055771][ T5440] usb 6-1: GET_CAPABILITIES returned 0 [ 299.057646][ T5440] usbtmc 6-1:16.0: can't read capabilities [ 299.269100][ C3] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 299.273892][ T58] usb 6-1: USB disconnect, device number 22 [ 299.415924][T13550] FAULT_INJECTION: forcing a failure. [ 299.415924][T13550] name failslab, interval 1, probability 0, space 0, times 0 [ 299.422545][T13550] CPU: 3 UID: 0 PID: 13550 Comm: syz.0.2712 Not tainted syzkaller #0 PREEMPT(full) [ 299.422567][T13550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 299.422575][T13550] Call Trace: [ 299.422581][T13550] [ 299.422587][T13550] dump_stack_lvl+0x100/0x190 [ 299.422619][T13550] should_fail_ex.cold+0x5/0xa [ 299.422637][T13550] ? tomoyo_encode2+0xfb/0x3c0 [ 299.422661][T13550] should_failslab+0xc2/0x120 [ 299.422676][T13550] __kmalloc_noprof+0xe0/0x850 [ 299.422695][T13550] ? d_absolute_path+0x136/0x1b0 [ 299.422713][T13550] tomoyo_encode2+0xfb/0x3c0 [ 299.422760][T13550] tomoyo_encode+0x29/0x50 [ 299.422780][T13550] tomoyo_realpath_from_path+0x18c/0x690 [ 299.422803][T13550] tomoyo_path_number_perm+0x23c/0x580 [ 299.422819][T13550] ? tomoyo_path_number_perm+0x22e/0x580 [ 299.422838][T13550] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 299.422871][T13550] ? find_held_lock+0x2b/0x80 [ 299.422885][T13550] ? __fget_files+0x215/0x3d0 [ 299.422901][T13550] ? hook_file_ioctl_common+0x149/0x410 [ 299.422920][T13550] ? __fget_files+0x215/0x3d0 [ 299.422939][T13550] ? __fget_files+0x21f/0x3d0 [ 299.422958][T13550] security_file_ioctl+0xd3/0x230 [ 299.422975][T13550] __x64_sys_ioctl+0xb7/0x210 [ 299.422989][T13550] do_syscall_64+0x10b/0xf80 [ 299.423027][T13550] ? clear_bhb_loop+0x40/0x90 [ 299.423049][T13550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.423064][T13550] RIP: 0033:0x7f879879ce59 [ 299.423078][T13550] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 299.423095][T13550] RSP: 002b:00007f87996de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 299.423112][T13550] RAX: ffffffffffffffda RBX: 00007f8798a15fa0 RCX: 00007f879879ce59 [ 299.423123][T13550] RDX: 0000000000000000 RSI: 0000000040047452 RDI: 0000000000000004 [ 299.423132][T13550] RBP: 00007f87996de090 R08: 0000000000000000 R09: 0000000000000000 [ 299.423144][T13550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 299.423154][T13550] R13: 00007f8798a16038 R14: 00007f8798a15fa0 R15: 00007ffd06604128 [ 299.423178][T13550] [ 299.423201][T13550] ERROR: Out of memory at tomoyo_realpath_from_path. [ 299.453721][T13558] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2715'. [ 299.505651][T13559] FAULT_INJECTION: forcing a failure. [ 299.505651][T13559] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 299.525047][T13559] CPU: 0 UID: 0 PID: 13559 Comm: syz.3.2715 Not tainted syzkaller #0 PREEMPT(full) [ 299.525075][T13559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 299.525087][T13559] Call Trace: [ 299.525095][T13559] [ 299.525103][T13559] dump_stack_lvl+0x100/0x190 [ 299.525134][T13559] should_fail_ex.cold+0x5/0xa [ 299.525163][T13559] _copy_to_user+0x32/0xd0 [ 299.525215][T13559] simple_read_from_buffer+0xcb/0x170 [ 299.525260][T13559] proc_fail_nth_read+0x1af/0x230 [ 299.525299][T13559] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 299.525322][T13559] ? rw_verify_area+0xce/0x6d0 [ 299.525341][T13559] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 299.525362][T13559] vfs_read+0x1e4/0xb30 [ 299.525387][T13559] ? __pfx_vfs_read+0x10/0x10 [ 299.525423][T13559] ? __fget_files+0x215/0x3d0 [ 299.525455][T13559] ? __fget_files+0x21f/0x3d0 [ 299.525487][T13559] ksys_read+0x12a/0x250 [ 299.525508][T13559] ? __pfx_ksys_read+0x10/0x10 [ 299.525529][T13559] ? rcu_is_watching+0x12/0xc0 [ 299.525565][T13559] do_syscall_64+0x10b/0xf80 [ 299.525609][T13559] ? clear_bhb_loop+0x40/0x90 [ 299.525635][T13559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.525654][T13559] RIP: 0033:0x7fb8cf55d68e [ 299.525673][T13559] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 299.525690][T13559] RSP: 002b:00007fb8d03f8fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 299.525709][T13559] RAX: ffffffffffffffda RBX: 00007fb8d03f96c0 RCX: 00007fb8cf55d68e [ 299.525722][T13559] RDX: 000000000000000f RSI: 00007fb8d03f90a0 RDI: 0000000000000007 [ 299.525732][T13559] RBP: 00007fb8d03f9090 R08: 0000000000000000 R09: 0000000000000000 [ 299.525745][T13559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 299.525755][T13559] R13: 00007fb8cf816128 R14: 00007fb8cf816090 R15: 00007ffeeeea98e8 [ 299.525782][T13559] [ 299.610920][T13561] syzkaller0: entered promiscuous mode [ 299.613936][T13561] syzkaller0: entered allmulticast mode [ 299.760785][T13569] FAULT_INJECTION: forcing a failure. [ 299.760785][T13569] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 299.767496][T13569] CPU: 3 UID: 0 PID: 13569 Comm: syz.0.2720 Not tainted syzkaller #0 PREEMPT(full) [ 299.767513][T13569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 299.767522][T13569] Call Trace: [ 299.767529][T13569] [ 299.767537][T13569] dump_stack_lvl+0x100/0x190 [ 299.767565][T13569] should_fail_ex.cold+0x5/0xa [ 299.767585][T13569] ? prepare_alloc_pages+0x16d/0x5f0 [ 299.767606][T13569] should_fail_alloc_page+0xeb/0x140 [ 299.767629][T13569] prepare_alloc_pages+0x1f0/0x5f0 [ 299.767655][T13569] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 299.767678][T13569] ? find_held_lock+0x2b/0x80 [ 299.767694][T13569] ? is_bpf_text_address+0x8a/0x1a0 [ 299.767718][T13569] ? is_bpf_text_address+0x8a/0x1a0 [ 299.767742][T13569] ? bpf_ksym_find+0x128/0x1c0 [ 299.767772][T13569] ? __lock_acquire+0x4a5/0x2630 [ 299.767789][T13569] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 299.767807][T13569] ? __lock_acquire+0x4a5/0x2630 [ 299.767828][T13569] ? __lock_acquire+0x4a5/0x2630 [ 299.767841][T13569] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 299.767856][T13569] ? policy_nodemask+0xed/0x4f0 [ 299.767876][T13569] alloc_pages_mpol+0x1fb/0x540 [ 299.767889][T13569] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 299.767902][T13569] ? __lock_acquire+0x4a5/0x2630 [ 299.767918][T13569] folio_alloc_mpol_noprof+0x36/0x260 [ 299.767936][T13569] vma_alloc_folio_noprof+0xed/0x1d0 [ 299.767956][T13569] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 299.767984][T13569] do_anonymous_page+0xb46/0x2050 [ 299.768011][T13569] ? rcu_read_unlock+0x2d/0xb0 [ 299.768043][T13569] __handle_mm_fault+0x1d2c/0x2a00 [ 299.768071][T13569] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 299.768098][T13569] ? __pfx___handle_mm_fault+0x10/0x10 [ 299.768122][T13569] ? pte_offset_map_lock+0x174/0x320 [ 299.768142][T13569] ? find_held_lock+0x2b/0x80 [ 299.768169][T13569] ? follow_page_pte+0x4d0/0x13f0 [ 299.768191][T13569] handle_mm_fault+0x36d/0xa20 [ 299.768239][T13569] __get_user_pages+0x1178/0x32a0 [ 299.768268][T13569] ? down_read_killable+0x307/0x4b0 [ 299.768317][T13569] ? __pfx___get_user_pages+0x10/0x10 [ 299.768337][T13569] ? __kernel_text_address+0xd/0x30 [ 299.768368][T13569] __gup_longterm_locked+0x87d/0x16f0 [ 299.768395][T13569] ? __pfx___gup_longterm_locked+0x10/0x10 [ 299.768410][T13569] ? lock_acquire+0x1b1/0x370 [ 299.768424][T13569] ? find_held_lock+0x2b/0x80 [ 299.768435][T13569] ? sanity_check_pinned_pages+0x4f2/0x8b0 [ 299.768450][T13569] gup_fast_fallback+0x16dc/0x2790 [ 299.768473][T13569] ? __pfx_gup_fast_fallback+0x10/0x10 [ 299.768493][T13569] pin_user_pages_fast+0xa7/0xf0 [ 299.768506][T13569] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 299.768520][T13569] ? __kmalloc_noprof+0x320/0x850 [ 299.768545][T13569] rds_info_getsockopt+0x196/0x4e0 [ 299.768593][T13569] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 299.768609][T13569] ? find_held_lock+0x2b/0x80 [ 299.768632][T13569] rds_getsockopt+0x177/0x2e0 [ 299.768653][T13569] ? __pfx_rds_getsockopt+0x10/0x10 [ 299.768678][T13569] do_sock_getsockopt+0x50a/0x6e0 [ 299.768709][T13569] ? __lock_acquire+0x4a5/0x2630 [ 299.768733][T13569] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 299.768747][T13569] ? find_held_lock+0x2b/0x80 [ 299.768757][T13569] ? ksys_write+0x190/0x250 [ 299.768773][T13569] ? find_held_lock+0x2b/0x80 [ 299.768788][T13569] ? __fget_files+0x21f/0x3d0 [ 299.768805][T13569] __sys_getsockopt+0x148/0x260 [ 299.768827][T13569] ? __x64_sys_getsockopt+0xbd/0x160 [ 299.768843][T13569] __x64_sys_getsockopt+0xbd/0x160 [ 299.768880][T13569] ? do_syscall_64+0x90/0xf80 [ 299.768897][T13569] ? lockdep_hardirqs_on+0x78/0x100 [ 299.768912][T13569] do_syscall_64+0x10b/0xf80 [ 299.768926][T13569] ? clear_bhb_loop+0x40/0x90 [ 299.768940][T13569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.768952][T13569] RIP: 0033:0x7f879879ce59 [ 299.768963][T13569] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 299.768974][T13569] RSP: 002b:00007f87996de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 299.768986][T13569] RAX: ffffffffffffffda RBX: 00007f8798a15fa0 RCX: 00007f879879ce59 [ 299.768993][T13569] RDX: 000000000000271e RSI: 0000200000000114 RDI: 0000000000000004 [ 299.769000][T13569] RBP: 00007f87996de090 R08: 0000200000000040 R09: 0000000000000000 [ 299.769006][T13569] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001 [ 299.769013][T13569] R13: 00007f8798a16038 R14: 00007f8798a15fa0 R15: 00007ffd06604128 [ 299.769027][T13569] [ 300.006271][T13582] FAULT_INJECTION: forcing a failure. [ 300.006271][T13582] name failslab, interval 1, probability 0, space 0, times 0 [ 300.010647][T13582] CPU: 2 UID: 0 PID: 13582 Comm: syz.1.2726 Not tainted syzkaller #0 PREEMPT(full) [ 300.010665][T13582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 300.010672][T13582] Call Trace: [ 300.010682][T13582] [ 300.010688][T13582] dump_stack_lvl+0x100/0x190 [ 300.010708][T13582] should_fail_ex.cold+0x5/0xa [ 300.010824][T13582] ? tomoyo_encode2+0xfb/0x3c0 [ 300.010854][T13582] should_failslab+0xc2/0x120 [ 300.010870][T13582] __kmalloc_noprof+0xe0/0x850 [ 300.010888][T13582] ? d_absolute_path+0x136/0x1b0 [ 300.010904][T13582] tomoyo_encode2+0xfb/0x3c0 [ 300.010922][T13582] tomoyo_encode+0x29/0x50 [ 300.010936][T13582] tomoyo_realpath_from_path+0x18c/0x690 [ 300.010956][T13582] tomoyo_path_number_perm+0x23c/0x580 [ 300.010969][T13582] ? tomoyo_path_number_perm+0x22e/0x580 [ 300.010983][T13582] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 300.011011][T13582] ? find_held_lock+0x2b/0x80 [ 300.011023][T13582] ? __fget_files+0x215/0x3d0 [ 300.011036][T13582] ? hook_file_ioctl_common+0x149/0x410 [ 300.011053][T13582] ? __fget_files+0x215/0x3d0 [ 300.011069][T13582] ? __fget_files+0x21f/0x3d0 [ 300.011086][T13582] security_file_ioctl+0xd3/0x230 [ 300.011101][T13582] __x64_sys_ioctl+0xb7/0x210 [ 300.011115][T13582] do_syscall_64+0x10b/0xf80 [ 300.011133][T13582] ? clear_bhb_loop+0x40/0x90 [ 300.011149][T13582] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.011161][T13582] RIP: 0033:0x7f1b82d9ce59 [ 300.011173][T13582] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 300.011184][T13582] RSP: 002b:00007f1b83bfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 300.011195][T13582] RAX: ffffffffffffffda RBX: 00007f1b83015fa0 RCX: 00007f1b82d9ce59 [ 300.011202][T13582] RDX: 00002000000012c0 RSI: 000000008050640a RDI: 0000000000000003 [ 300.011209][T13582] RBP: 00007f1b83bfa090 R08: 0000000000000000 R09: 0000000000000000 [ 300.011215][T13582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 300.011222][T13582] R13: 00007f1b83016038 R14: 00007f1b83015fa0 R15: 00007ffdb53e8928 [ 300.011239][T13582] [ 300.011254][T13582] ERROR: Out of memory at tomoyo_realpath_from_path. [ 300.062545][ T5837] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 300.096218][T13577] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 300.099633][T13577] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 300.103524][T13577] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 300.106851][T13577] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 300.147471][T13587] syzkaller0: entered promiscuous mode [ 300.149380][T13587] syzkaller0: entered allmulticast mode [ 300.244852][ T5837] usb 8-1: device descriptor read/64, error -71 [ 300.502757][ T5837] usb 8-1: new high-speed USB device number 24 using dummy_hcd [ 300.634785][ T5837] usb 8-1: device descriptor read/64, error -71 [ 300.670794][T13607] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 300.673467][T13607] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock [ 300.676550][T13607] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 300.679757][T13607] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock [ 300.761984][ T5837] usb usb8-port1: attempt power cycle [ 300.766444][T13611] ªªªªªª: renamed from vlan0 (while UP) [ 300.779362][ T40] audit: type=1400 audit(1778628199.417:594): avc: denied { append } for pid=13610 comm="syz.1.2739" name="fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 301.132547][ T5837] usb 8-1: new high-speed USB device number 25 using dummy_hcd [ 301.153243][ T5837] usb 8-1: device descriptor read/8, error -71 [ 301.226362][T13623] binder: 13622:13623 ioctl c0046209 0 returned -22 [ 301.229929][T13623] netlink: 'syz.1.2744': attribute type 9 has an invalid length. [ 301.392605][ T5837] usb 8-1: new high-speed USB device number 26 using dummy_hcd [ 301.413108][ T5837] usb 8-1: device descriptor read/8, error -71 [ 301.455464][T13636] netlink: 10 bytes leftover after parsing attributes in process `syz.1.2750'. [ 301.489983][T13638] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2751'. [ 301.523409][ T5837] usb usb8-port1: unable to enumerate USB device [ 301.527907][T13642] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2753'. [ 301.530949][T13642] netlink: 'syz.2.2753': attribute type 14 has an invalid length. [ 301.535538][T13645] FAULT_INJECTION: forcing a failure. [ 301.535538][T13645] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 301.538528][ T46] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.538539][T13642] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2753'. [ 301.538564][T13642] netlink: 'syz.2.2753': attribute type 14 has an invalid length. [ 301.539633][T13645] CPU: 1 UID: 0 PID: 13645 Comm: syz.1.2754 Not tainted syzkaller #0 PREEMPT(full) [ 301.539647][T13645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 301.539654][T13645] Call Trace: [ 301.539658][T13645] [ 301.539663][T13645] dump_stack_lvl+0x100/0x190 [ 301.539681][T13645] should_fail_ex.cold+0x5/0xa [ 301.539697][T13645] _copy_from_user+0x2e/0xd0 [ 301.539713][T13645] ____sys_sendmsg+0x1d1/0xb70 [ 301.539730][T13645] ? __pfx_____sys_sendmsg+0x10/0x10 [ 301.539748][T13645] ___sys_sendmsg+0x190/0x1e0 [ 301.539766][T13645] ? __pfx____sys_sendmsg+0x10/0x10 [ 301.539796][T13645] __sys_sendmsg+0x170/0x220 [ 301.539807][T13645] ? __pfx___sys_sendmsg+0x10/0x10 [ 301.539823][T13645] ? rcu_is_watching+0x12/0xc0 [ 301.539842][T13645] do_syscall_64+0x10b/0xf80 [ 301.539856][T13645] ? clear_bhb_loop+0x40/0x90 [ 301.539869][T13645] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.539880][T13645] RIP: 0033:0x7f1b82d9ce59 [ 301.539890][T13645] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 301.539900][T13645] RSP: 002b:00007f1b83bfa028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 301.539910][T13645] RAX: ffffffffffffffda RBX: 00007f1b83015fa0 RCX: 00007f1b82d9ce59 [ 301.539917][T13645] RDX: 0000000028008841 RSI: 0000200000001640 RDI: 0000000000000003 [ 301.539923][T13645] RBP: 00007f1b83bfa090 R08: 0000000000000000 R09: 0000000000000000 [ 301.539929][T13645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 301.539935][T13645] R13: 00007f1b83016038 R14: 00007f1b83015fa0 R15: 00007ffdb53e8928 [ 301.539948][T13645] [ 301.564607][ T40] audit: type=1400 audit(1778628200.207:595): avc: denied { create } for pid=13647 comm="syz.1.2756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 301.565782][ T46] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.568075][T13648] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2756'. [ 301.568741][ T46] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.570445][T13648] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2756'. [ 301.571884][ T46] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 301.573707][T13648] netlink: 'syz.1.2756': attribute type 15 has an invalid length. [ 301.639477][ T40] audit: type=1400 audit(1778628200.277:596): avc: denied { read } for pid=13647 comm="syz.1.2756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 301.681838][T13658] FAULT_INJECTION: forcing a failure. [ 301.681838][T13658] name failslab, interval 1, probability 0, space 0, times 0 [ 301.687367][T13658] CPU: 0 UID: 0 PID: 13658 Comm: syz.2.2758 Not tainted syzkaller #0 PREEMPT(full) [ 301.687387][T13658] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 301.687394][T13658] Call Trace: [ 301.687399][T13658] [ 301.687404][T13658] dump_stack_lvl+0x100/0x190 [ 301.687423][T13658] should_fail_ex.cold+0x5/0xa [ 301.687439][T13658] should_failslab+0xc2/0x120 [ 301.687452][T13658] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 301.687470][T13658] ? __alloc_skb+0x140/0x710 [ 301.687488][T13658] ? __alloc_skb+0x5b7/0x710 [ 301.687506][T13658] __alloc_skb+0x140/0x710 [ 301.687522][T13658] ? __alloc_skb+0x5b7/0x710 [ 301.687538][T13658] ? __pfx___alloc_skb+0x10/0x10 [ 301.687555][T13658] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 301.687570][T13658] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 301.687608][T13658] nfc_genl_device_removed+0x7e/0x300 [ 301.687633][T13658] ? __pfx_nfc_genl_device_removed+0x10/0x10 [ 301.687644][T13658] ? __pfx___fsnotify_parent+0x10/0x10 [ 301.687662][T13658] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 301.687677][T13658] nfc_unregister_rfkill+0x22/0x2b0 [ 301.687692][T13658] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 301.687706][T13658] nci_unregister_device+0x3e/0x330 [ 301.687717][T13658] ? ima_file_free+0xc6/0x340 [ 301.687732][T13658] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 301.687753][T13658] virtual_ncidev_close+0x4b/0xa0 [ 301.687767][T13658] __fput+0x3ff/0xb50 [ 301.687786][T13658] fput_close_sync+0x118/0x250 [ 301.687802][T13658] ? __pfx_fput_close_sync+0x10/0x10 [ 301.687822][T13658] __x64_sys_close+0x8b/0x120 [ 301.687839][T13658] do_syscall_64+0x10b/0xf80 [ 301.687854][T13658] ? clear_bhb_loop+0x40/0x90 [ 301.687868][T13658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.687879][T13658] RIP: 0033:0x7ffbc5d9ce59 [ 301.687890][T13658] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 301.687901][T13658] RSP: 002b:00007ffbc3ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 301.687912][T13658] RAX: ffffffffffffffda RBX: 00007ffbc6016090 RCX: 00007ffbc5d9ce59 [ 301.687919][T13658] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 301.687926][T13658] RBP: 00007ffbc3ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 301.687932][T13658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 301.687938][T13658] R13: 00007ffbc6016128 R14: 00007ffbc6016090 R15: 00007ffde168fb98 [ 301.687952][T13658] [ 301.774316][ T40] audit: type=1400 audit(1778628200.417:597): avc: denied { write } for pid=13647 comm="syz.1.2756" path="socket:[47023]" dev="sockfs" ino=47023 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1 [ 302.455576][T13654] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 302.520945][T13663] overlay: ./file0 is not a directory [ 302.637271][T13672] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2764'. [ 302.653564][T13673] process 'syz.1.2760' launched './file0' with NULL argv: empty string added [ 302.832619][T12165] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 302.962602][T12165] usb 5-1: device descriptor read/64, error -71 [ 303.202593][T12165] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 303.332726][T12165] usb 5-1: device descriptor read/64, error -71 [ 303.445471][T12165] usb usb5-port1: attempt power cycle [ 303.503009][T13675] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 303.562317][T13690] syzkaller0: entered promiscuous mode [ 303.564661][T13690] syzkaller0: entered allmulticast mode [ 303.744890][T13701] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2774'. [ 303.748245][T13701] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2774'. [ 303.782900][T12165] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 303.804687][T12165] usb 5-1: device descriptor read/8, error -71 [ 303.825907][ T5850] IPVS: starting estimator thread 0... [ 303.936943][T13708] IPVS: using max 45 ests per chain, 108000 per kthread [ 304.006876][T13723] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2784'. [ 304.043487][T12165] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 304.063008][T12165] usb 5-1: device descriptor read/8, error -71 [ 304.173792][T12165] usb usb5-port1: unable to enumerate USB device [ 304.447178][ T40] audit: type=1400 audit(1778628203.087:598): avc: denied { getopt } for pid=13752 comm="syz.3.2798" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 304.454838][ T40] audit: type=1400 audit(1778628203.097:599): avc: denied { map } for pid=13752 comm="syz.3.2798" path="socket:[47312]" dev="sockfs" ino=47312 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 304.525128][T13759] FAULT_INJECTION: forcing a failure. [ 304.525128][T13759] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 304.529328][T13759] CPU: 2 UID: 0 PID: 13759 Comm: syz.3.2800 Not tainted syzkaller #0 PREEMPT(full) [ 304.529344][T13759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 304.529351][T13759] Call Trace: [ 304.529356][T13759] [ 304.529362][T13759] dump_stack_lvl+0x100/0x190 [ 304.529381][T13759] should_fail_ex.cold+0x5/0xa [ 304.529412][T13759] _copy_from_user+0x2e/0xd0 [ 304.529431][T13759] map_delete_elem+0x9bd/0xe80 [ 304.529445][T13759] ? find_held_lock+0x2b/0x80 [ 304.529457][T13759] ? __pfx_map_delete_elem+0x10/0x10 [ 304.529470][T13759] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 304.529484][T13759] ? selinux_bpf+0x11a/0x150 [ 304.529498][T13759] __sys_bpf+0x20b3/0x4b90 [ 304.529509][T13759] ? __pfx___sys_bpf+0x10/0x10 [ 304.529518][T13759] ? proc_fail_nth_write+0x9f/0x220 [ 304.529530][T13759] ? find_held_lock+0x2b/0x80 [ 304.529542][T13759] ? find_held_lock+0x2b/0x80 [ 304.529551][T13759] ? ksys_write+0x190/0x250 [ 304.529563][T13759] ? ksys_write+0x190/0x250 [ 304.529576][T13759] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 304.529592][T13759] ? vfs_write+0x3/0x1070 [ 304.529602][T13759] ? __fget_files+0x215/0x3d0 [ 304.529622][T13759] ? fput+0x79/0x100 [ 304.529636][T13759] ? ksys_write+0x1ac/0x250 [ 304.529647][T13759] ? __pfx_ksys_write+0x10/0x10 [ 304.529660][T13759] __x64_sys_bpf+0x7b/0xc0 [ 304.529670][T13759] ? lockdep_hardirqs_on+0x78/0x100 [ 304.529684][T13759] do_syscall_64+0x10b/0xf80 [ 304.529699][T13759] ? clear_bhb_loop+0x40/0x90 [ 304.529716][T13759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.529727][T13759] RIP: 0033:0x7fb8cf59ce59 [ 304.529738][T13759] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 304.529749][T13759] RSP: 002b:00007fb8d041a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 304.529760][T13759] RAX: ffffffffffffffda RBX: 00007fb8cf815fa0 RCX: 00007fb8cf59ce59 [ 304.529767][T13759] RDX: 0000000000000020 RSI: 0000200000000900 RDI: 0000000000000003 [ 304.529773][T13759] RBP: 00007fb8d041a090 R08: 0000000000000000 R09: 0000000000000000 [ 304.529779][T13759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 304.529785][T13759] R13: 00007fb8cf816038 R14: 00007fb8cf815fa0 R15: 00007ffeeeea98e8 [ 304.529798][T13759] [ 304.642598][ T5935] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 304.812611][ T5935] usb 6-1: Using ep0 maxpacket: 8 [ 304.816662][ T5935] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 304.820955][ T5935] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 304.825798][ T5935] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 304.830039][ T5935] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 304.835436][ T5935] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 304.839144][ T5935] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.050289][ T5935] usb 6-1: GET_CAPABILITIES returned 0 [ 305.052228][ T5935] usbtmc 6-1:16.0: can't read capabilities [ 305.131455][T13770] /dev/sg0: Can't lookup blockdev [ 305.138324][T13770] binder: 13769:13770 ioctl c0385720 200000000180 returned -22 [ 305.253377][ C2] usbtmc 6-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 305.256820][ T844] usb 6-1: USB disconnect, device number 23 [ 305.624315][ T1351] usb 8-1: new high-speed USB device number 27 using dummy_hcd [ 305.634948][T13785] syzkaller0: entered promiscuous mode [ 305.636962][T13785] syzkaller0: entered allmulticast mode [ 305.772503][ T1351] usb 8-1: Using ep0 maxpacket: 32 [ 305.776425][ T1351] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 305.780986][ T1351] usb 8-1: config 0 has no interfaces? [ 305.783480][ T1351] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 305.787394][ T1351] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.797879][ T1351] usb 8-1: config 0 descriptor?? [ 305.855175][T13796] fuse: Bad value for 'user_id' [ 305.856870][T13796] fuse: Bad value for 'user_id' [ 305.929882][T13801] befs: (nbd1): unable to read superblock [ 306.004288][T12252] usb 8-1: USB disconnect, device number 27 [ 306.242701][ T58] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 306.404021][ T58] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 306.406892][ T58] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 306.410506][ T58] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 306.413942][ T58] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 306.417544][ T58] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 306.422208][ T58] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 306.425281][ T58] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 306.427854][ T58] usb 6-1: Product: syz [ 306.429216][ T58] usb 6-1: Manufacturer: syz [ 306.434847][ T58] cdc_wdm 6-1:1.0: skipping garbage [ 306.437213][ T58] cdc_wdm 6-1:1.0: skipping garbage [ 306.441291][ T58] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 306.443279][ T58] cdc_wdm 6-1:1.0: Unknown control protocol [ 306.713396][T13813] kvm: user requested TSC rate below hardware speed [ 306.719283][T13813] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 307.132560][ T844] usb 8-1: new high-speed USB device number 28 using dummy_hcd [ 307.162670][ T5440] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 307.282661][ T844] usb 8-1: Using ep0 maxpacket: 32 [ 307.290702][ T844] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 307.295291][ T844] usb 8-1: config 0 has no interfaces? [ 307.297836][ T844] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 307.301645][ T844] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.310508][ T844] usb 8-1: config 0 descriptor?? [ 307.322723][ T5440] usb 5-1: Using ep0 maxpacket: 16 [ 307.327398][ T5440] usb 5-1: no configurations [ 307.330190][ T5440] usb 5-1: can't read configurations, error -22 [ 307.389702][ T58] usb 6-1: USB disconnect, device number 24 [ 307.402232][T13845] syzkaller0: entered promiscuous mode [ 307.404582][T13845] syzkaller0: entered allmulticast mode [ 307.411839][T13845] simple: basic_1 [ 307.415061][T13845] simple: basic_2 [ 307.416667][T13845] simple: basic_3 [ 307.418153][T13845] simple: basic_4 [ 307.419455][T13845] simple: basic_5 [ 307.420699][T13845] simple: basic_6 [ 307.421971][T13845] simple: basic_7 [ 307.423299][T13845] simple: basic_8 [ 307.424485][T13845] simple: basic_9 [ 307.425726][T13845] simple: basic_10 [ 307.426980][T13845] simple: basic_11 [ 307.428203][T13845] simple: basic_12 [ 307.429431][T13845] simple: basic_13 [ 307.430711][T13845] simple: basic_14 [ 307.431961][T13845] simple: basic_15 [ 307.433240][T13845] simple: basic_16 [ 307.434473][T13845] simple: basic_17 [ 307.435790][T13845] 0: reclassify loop, rule prio 0, protocol 800 [ 307.472577][ T5440] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 307.518701][T12165] usb 8-1: USB disconnect, device number 28 [ 307.632556][ T5440] usb 5-1: Using ep0 maxpacket: 16 [ 307.636745][ T5440] usb 5-1: no configurations [ 307.639233][ T5440] usb 5-1: can't read configurations, error -22 [ 307.641715][ T5440] usb usb5-port1: attempt power cycle [ 307.651404][ T40] audit: type=1400 audit(1778628206.287:600): avc: denied { setopt } for pid=13848 comm="syz.2.2833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 307.659097][ T40] audit: type=1400 audit(1778628206.287:601): avc: denied { getopt } for pid=13848 comm="syz.2.2833" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 307.982712][ T5440] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 308.003349][ T5440] usb 5-1: Using ep0 maxpacket: 16 [ 308.006500][ T5440] usb 5-1: no configurations [ 308.008832][ T5440] usb 5-1: can't read configurations, error -22 [ 308.142763][ T5440] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 308.163042][ T5440] usb 5-1: Using ep0 maxpacket: 16 [ 308.165239][ T5440] usb 5-1: no configurations [ 308.166934][ T5440] usb 5-1: can't read configurations, error -22 [ 308.171328][ T5440] usb usb5-port1: unable to enumerate USB device [ 309.157654][ T40] audit: type=1400 audit(1778628207.797:602): avc: denied { mount } for pid=13872 comm="syz.1.2843" name="/" dev="overlay" ino=861 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 309.332581][T12165] usb 8-1: new high-speed USB device number 29 using dummy_hcd [ 309.504515][T12165] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 309.507267][T12165] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 309.510211][T12165] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 309.513204][T12165] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 309.516481][T12165] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 309.520856][T12165] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 309.523854][T12165] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 309.526250][T12165] usb 8-1: Product: syz [ 309.527511][T12165] usb 8-1: Manufacturer: syz [ 309.534123][T12165] cdc_wdm 8-1:1.0: skipping garbage [ 309.535706][T12165] cdc_wdm 8-1:1.0: skipping garbage [ 309.540509][T12165] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 309.542479][T12165] cdc_wdm 8-1:1.0: Unknown control protocol [ 309.999064][T13879] __nla_validate_parse: 4 callbacks suppressed [ 309.999077][T13879] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2845'. [ 310.033582][T13881] FAULT_INJECTION: forcing a failure. [ 310.033582][T13881] name failslab, interval 1, probability 0, space 0, times 0 [ 310.037538][T13881] CPU: 1 UID: 0 PID: 13881 Comm: syz.0.2847 Not tainted syzkaller #0 PREEMPT(full) [ 310.037553][T13881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 310.037560][T13881] Call Trace: [ 310.037564][T13881] [ 310.037569][T13881] dump_stack_lvl+0x100/0x190 [ 310.037586][T13881] should_fail_ex.cold+0x5/0xa [ 310.037601][T13881] ? genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0 [ 310.037631][T13881] should_failslab+0xc2/0x120 [ 310.037644][T13881] __kmalloc_noprof+0xe0/0x850 [ 310.037662][T13881] genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0 [ 310.037682][T13881] genl_family_rcv_msg_doit+0xc7/0x300 [ 310.037699][T13881] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 310.037715][T13881] ? genl_get_cmd+0x3e7/0x760 [ 310.037737][T13881] ? __alloc_skb+0x185/0x710 [ 310.037754][T13881] ? netlink_alloc_large_skb+0x69/0x150 [ 310.037767][T13881] ? __radix_tree_lookup+0x217/0x2b0 [ 310.037783][T13881] genl_rcv_msg+0x560/0x800 [ 310.037800][T13881] ? __pfx_genl_rcv_msg+0x10/0x10 [ 310.037815][T13881] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 310.037840][T13881] ? __pfx_nl802154_get_wpan_phy+0x10/0x10 [ 310.037852][T13881] ? __pfx_nl802154_post_doit+0x10/0x10 [ 310.037863][T13881] ? __lock_acquire+0x4a5/0x2630 [ 310.037879][T13881] netlink_rcv_skb+0x159/0x420 [ 310.037893][T13881] ? __pfx_genl_rcv_msg+0x10/0x10 [ 310.037909][T13881] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 310.037928][T13881] ? netlink_deliver_tap+0x1ae/0xcc0 [ 310.037943][T13881] genl_rcv+0x28/0x40 [ 310.037957][T13881] netlink_unicast+0x585/0x850 [ 310.037972][T13881] ? __pfx_netlink_unicast+0x10/0x10 [ 310.037990][T13881] netlink_sendmsg+0x8b0/0xda0 [ 310.038006][T13881] ? __pfx_netlink_sendmsg+0x10/0x10 [ 310.038019][T13881] ? __might_fault+0x50/0x140 [ 310.038039][T13881] ____sys_sendmsg+0x9e1/0xb70 [ 310.038052][T13881] ? __pfx_netlink_sendmsg+0x10/0x10 [ 310.038067][T13881] ? __pfx_____sys_sendmsg+0x10/0x10 [ 310.038086][T13881] ___sys_sendmsg+0x190/0x1e0 [ 310.038101][T13881] ? __pfx____sys_sendmsg+0x10/0x10 [ 310.038130][T13881] __sys_sendmsg+0x170/0x220 [ 310.038141][T13881] ? __pfx___sys_sendmsg+0x10/0x10 [ 310.038157][T13881] ? rcu_is_watching+0x12/0xc0 [ 310.038174][T13881] do_syscall_64+0x10b/0xf80 [ 310.038190][T13881] ? clear_bhb_loop+0x40/0x90 [ 310.038203][T13881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.038214][T13881] RIP: 0033:0x7f879879ce59 [ 310.038224][T13881] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 310.038234][T13881] RSP: 002b:00007f87996de028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 310.038244][T13881] RAX: ffffffffffffffda RBX: 00007f8798a15fa0 RCX: 00007f879879ce59 [ 310.038251][T13881] RDX: 0000000000000810 RSI: 00002000000005c0 RDI: 0000000000000004 [ 310.038257][T13881] RBP: 00007f87996de090 R08: 0000000000000000 R09: 0000000000000000 [ 310.038262][T13881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 310.038268][T13881] R13: 00007f8798a16038 R14: 00007f8798a15fa0 R15: 00007ffd06604128 [ 310.038282][T13881] [ 310.236735][T13888] FAULT_INJECTION: forcing a failure. [ 310.236735][T13888] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 310.240802][T13888] CPU: 1 UID: 0 PID: 13888 Comm: syz.1.2849 Not tainted syzkaller #0 PREEMPT(full) [ 310.240818][T13888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 310.240825][T13888] Call Trace: [ 310.240842][T13888] [ 310.240847][T13888] dump_stack_lvl+0x100/0x190 [ 310.240904][T13888] should_fail_ex.cold+0x5/0xa [ 310.240931][T13888] _copy_from_iter+0x1f4/0x1690 [ 310.240959][T13888] ? __asan_memset+0x23/0x50 [ 310.240985][T13888] ? __pfx__copy_from_iter+0x10/0x10 [ 310.241001][T13888] ? __pfx___alloc_skb+0x10/0x10 [ 310.241037][T13888] netlink_sendmsg+0x808/0xda0 [ 310.241056][T13888] ? __pfx_netlink_sendmsg+0x10/0x10 [ 310.241069][T13888] ? __might_fault+0x50/0x140 [ 310.241089][T13888] ____sys_sendmsg+0x9e1/0xb70 [ 310.241103][T13888] ? __pfx_netlink_sendmsg+0x10/0x10 [ 310.241118][T13888] ? __pfx_____sys_sendmsg+0x10/0x10 [ 310.241137][T13888] ___sys_sendmsg+0x190/0x1e0 [ 310.241152][T13888] ? __pfx____sys_sendmsg+0x10/0x10 [ 310.241181][T13888] __sys_sendmsg+0x170/0x220 [ 310.241192][T13888] ? __pfx___sys_sendmsg+0x10/0x10 [ 310.241208][T13888] ? rcu_is_watching+0x12/0xc0 [ 310.241234][T13888] do_syscall_64+0x10b/0xf80 [ 310.241273][T13888] ? clear_bhb_loop+0x40/0x90 [ 310.241287][T13888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 310.241298][T13888] RIP: 0033:0x7f1b82d9ce59 [ 310.241310][T13888] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 310.241321][T13888] RSP: 002b:00007f1b83bfa028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 310.241332][T13888] RAX: ffffffffffffffda RBX: 00007f1b83015fa0 RCX: 00007f1b82d9ce59 [ 310.241339][T13888] RDX: 0000000000000010 RSI: 0000200000000180 RDI: 0000000000000003 [ 310.241346][T13888] RBP: 00007f1b83bfa090 R08: 0000000000000000 R09: 0000000000000000 [ 310.241352][T13888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 310.241358][T13888] R13: 00007f1b83016038 R14: 00007f1b83015fa0 R15: 00007ffdb53e8928 [ 310.241371][T13888] [ 310.514285][T12252] usb 8-1: USB disconnect, device number 29 [ 310.664644][T13912] syzkaller0: entered promiscuous mode [ 310.667007][T13912] syzkaller0: entered allmulticast mode [ 310.875994][T13919] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2862'. [ 310.999351][T13929] FAULT_INJECTION: forcing a failure. [ 310.999351][T13929] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 311.006007][T13929] CPU: 0 UID: 0 PID: 13929 Comm: syz.0.2865 Not tainted syzkaller #0 PREEMPT(full) [ 311.006034][T13929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 311.006045][T13929] Call Trace: [ 311.006053][T13929] [ 311.006060][T13929] dump_stack_lvl+0x100/0x190 [ 311.006089][T13929] should_fail_ex.cold+0x5/0xa [ 311.006120][T13929] _copy_to_user+0x32/0xd0 [ 311.006149][T13929] simple_read_from_buffer+0xcb/0x170 [ 311.006176][T13929] proc_fail_nth_read+0x1af/0x230 [ 311.006215][T13929] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 311.006236][T13929] ? rw_verify_area+0xce/0x6d0 [ 311.006252][T13929] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 311.006271][T13929] vfs_read+0x1e4/0xb30 [ 311.006291][T13929] ? __pfx_vfs_read+0x10/0x10 [ 311.006306][T13929] ? __fget_files+0x215/0x3d0 [ 311.006329][T13929] ? __fget_files+0x21f/0x3d0 [ 311.006357][T13929] ksys_read+0x12a/0x250 [ 311.006375][T13929] ? __pfx_ksys_read+0x10/0x10 [ 311.006395][T13929] ? rcu_is_watching+0x12/0xc0 [ 311.006424][T13929] do_syscall_64+0x10b/0xf80 [ 311.006449][T13929] ? clear_bhb_loop+0x40/0x90 [ 311.006472][T13929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.006490][T13929] RIP: 0033:0x7f879875d68e [ 311.006507][T13929] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 311.006524][T13929] RSP: 002b:00007f87996ddfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 311.006543][T13929] RAX: ffffffffffffffda RBX: 00007f87996de6c0 RCX: 00007f879875d68e [ 311.006554][T13929] RDX: 000000000000000f RSI: 00007f87996de0a0 RDI: 0000000000000005 [ 311.006600][T13929] RBP: 00007f87996de090 R08: 0000000000000000 R09: 0000000000000000 [ 311.006611][T13929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.006622][T13929] R13: 00007f8798a16038 R14: 00007f8798a15fa0 R15: 00007ffd06604128 [ 311.006647][T13929] [ 311.163548][ T40] audit: type=1400 audit(1778628209.807:603): avc: denied { unmount } for pid=13067 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 311.194500][T13935] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 311.199490][T13935] [U] J"—e:ÀÆ" [ 311.203072][T13935] netlink: 'syz.3.2868': attribute type 1 has an invalid length. [ 311.206981][T13935] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2868'. [ 311.370063][T13942] FAULT_INJECTION: forcing a failure. [ 311.370063][T13942] name failslab, interval 1, probability 0, space 0, times 0 [ 311.377839][T13942] CPU: 1 UID: 0 PID: 13942 Comm: syz.0.2869 Not tainted syzkaller #0 PREEMPT(full) [ 311.377858][T13942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 311.377865][T13942] Call Trace: [ 311.377871][T13942] [ 311.377878][T13942] dump_stack_lvl+0x100/0x190 [ 311.377901][T13942] should_fail_ex.cold+0x5/0xa [ 311.377920][T13942] should_failslab+0xc2/0x120 [ 311.377936][T13942] __kmalloc_cache_noprof+0x7a/0x6f0 [ 311.377952][T13942] ? vhost_task_create+0xee/0x370 [ 311.377968][T13942] ? trace_contention_end+0x122/0x170 [ 311.377986][T13942] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 311.378007][T13942] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 311.378027][T13942] vhost_task_create+0xee/0x370 [ 311.378043][T13942] ? __pfx_vhost_task_create+0x10/0x10 [ 311.378059][T13942] ? register_lock_class+0x40/0x560 [ 311.378079][T13942] ? __pfx_vhost_task_fn+0x10/0x10 [ 311.378096][T13942] ? __pfx___mutex_lock+0x10/0x10 [ 311.378114][T13942] ? kasan_quarantine_put+0x104/0x240 [ 311.378136][T13942] kvm_mmu_post_init_vm+0x1b3/0x370 [ 311.378155][T13942] kvm_arch_vcpu_ioctl_run+0x66/0x1890 [ 311.378173][T13942] ? kvm_vcpu_ioctl+0x1546/0x1720 [ 311.378190][T13942] kvm_vcpu_ioctl+0x730/0x1720 [ 311.378204][T13942] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 311.378218][T13942] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 311.378234][T13942] ? do_vfs_ioctl+0x226/0x13e0 [ 311.378249][T13942] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 311.378264][T13942] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 311.378286][T13942] ? __fget_files+0x215/0x3d0 [ 311.378301][T13942] ? hook_file_ioctl_common+0x149/0x410 [ 311.378324][T13942] ? selinux_file_ioctl+0x13b/0x290 [ 311.378339][T13942] ? selinux_file_ioctl+0xb6/0x290 [ 311.378355][T13942] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 311.378369][T13942] __x64_sys_ioctl+0x18e/0x210 [ 311.378382][T13942] do_syscall_64+0x10b/0xf80 [ 311.378398][T13942] ? clear_bhb_loop+0x40/0x90 [ 311.378413][T13942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.378425][T13942] RIP: 0033:0x7f879879ce59 [ 311.378438][T13942] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 311.378449][T13942] RSP: 002b:00007f87996de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 311.378461][T13942] RAX: ffffffffffffffda RBX: 00007f8798a15fa0 RCX: 00007f879879ce59 [ 311.378469][T13942] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 311.378475][T13942] RBP: 00007f87996de090 R08: 0000000000000000 R09: 0000000000000000 [ 311.378482][T13942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 311.378488][T13942] R13: 00007f8798a16038 R14: 00007f8798a15fa0 R15: 00007ffd06604128 [ 311.378503][T13942] [ 311.552673][ T1351] usb 8-1: new high-speed USB device number 30 using dummy_hcd [ 311.552991][T12165] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 311.585292][ T40] audit: type=1400 audit(1778628210.227:604): avc: denied { read write } for pid=13943 comm="syz.0.2872" name="uhid" dev="devtmpfs" ino=1295 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 311.593011][ T40] audit: type=1400 audit(1778628210.227:605): avc: denied { open } for pid=13943 comm="syz.0.2872" path="/dev/uhid" dev="devtmpfs" ino=1295 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1 [ 311.600585][ T40] audit: type=1400 audit(1778628210.237:606): avc: denied { ioctl } for pid=13943 comm="syz.0.2872" path="socket:[47657]" dev="sockfs" ino=47657 ioctlcmd=0x89a0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 311.682884][T12165] usb 6-1: device descriptor read/64, error -71 [ 311.702698][ T1351] usb 8-1: Using ep0 maxpacket: 8 [ 311.706542][ T1351] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 311.710871][ T1351] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 311.716534][ T1351] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 311.720626][ T1351] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 311.726735][ T1351] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 311.730383][ T1351] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 311.741675][T13953] Cannot find set identified by id 65534 to match [ 311.749339][T13953] usb usb7: usbfs: process 13953 (syz.2.2875) did not claim interface 0 before use [ 311.853492][T13957] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2877'. [ 311.932640][T12165] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 311.940824][ T1351] usb 8-1: GET_CAPABILITIES returned 0 [ 311.943030][ T1351] usbtmc 8-1:16.0: can't read capabilities [ 312.062673][T12165] usb 6-1: device descriptor read/64, error -71 [ 312.148068][ C0] usbtmc 8-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 312.153493][T12252] usb 8-1: USB disconnect, device number 30 [ 312.173121][T12165] usb usb6-port1: attempt power cycle [ 312.522614][T12165] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 312.543479][T12165] usb 6-1: device descriptor read/8, error -71 [ 312.690134][T13963] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2879'. [ 312.693371][T13963] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2879'. [ 312.696887][T13963] netlink: 6 bytes leftover after parsing attributes in process `syz.3.2879'. [ 312.701268][T13963] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2879'. [ 312.704418][T13963] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2879'. [ 312.707401][T13963] netlink: 6 bytes leftover after parsing attributes in process `syz.3.2879'. [ 312.782648][T12165] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 312.803179][T12165] usb 6-1: device descriptor read/8, error -71 [ 312.805775][T13969] vlan2: entered allmulticast mode [ 312.807653][T13969] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 312.916642][T12165] usb usb6-port1: unable to enumerate USB device [ 313.895550][T13990] FAULT_INJECTION: forcing a failure. [ 313.895550][T13990] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 313.900030][T13990] CPU: 0 UID: 0 PID: 13990 Comm: syz.0.2892 Not tainted syzkaller #0 PREEMPT(full) [ 313.900048][T13990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 313.900055][T13990] Call Trace: [ 313.900063][T13990] [ 313.900069][T13990] dump_stack_lvl+0x100/0x190 [ 313.900092][T13990] should_fail_ex.cold+0x5/0xa [ 313.900110][T13990] _copy_from_iter+0x1f4/0x1690 [ 313.900131][T13990] ? __asan_memset+0x23/0x50 [ 313.900149][T13990] ? __pfx__copy_from_iter+0x10/0x10 [ 313.900164][T13990] ? __pfx___alloc_skb+0x10/0x10 [ 313.900188][T13990] netlink_sendmsg+0x808/0xda0 [ 313.900206][T13990] ? __pfx_netlink_sendmsg+0x10/0x10 [ 313.900219][T13990] ? __might_fault+0x50/0x140 [ 313.900240][T13990] ____sys_sendmsg+0x9e1/0xb70 [ 313.900254][T13990] ? __pfx_netlink_sendmsg+0x10/0x10 [ 313.900269][T13990] ? __pfx_____sys_sendmsg+0x10/0x10 [ 313.900287][T13990] ___sys_sendmsg+0x190/0x1e0 [ 313.900306][T13990] ? __pfx____sys_sendmsg+0x10/0x10 [ 313.900334][T13990] __sys_sendmsg+0x170/0x220 [ 313.900345][T13990] ? __pfx___sys_sendmsg+0x10/0x10 [ 313.900361][T13990] ? rcu_is_watching+0x12/0xc0 [ 313.900380][T13990] do_syscall_64+0x10b/0xf80 [ 313.900398][T13990] ? clear_bhb_loop+0x40/0x90 [ 313.900411][T13990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.900423][T13990] RIP: 0033:0x7f879879ce59 [ 313.900435][T13990] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 313.900445][T13990] RSP: 002b:00007f87996de028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 313.900457][T13990] RAX: ffffffffffffffda RBX: 00007f8798a15fa0 RCX: 00007f879879ce59 [ 313.900464][T13990] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003 [ 313.900470][T13990] RBP: 00007f87996de090 R08: 0000000000000000 R09: 0000000000000000 [ 313.900477][T13990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 313.900483][T13990] R13: 00007f8798a16038 R14: 00007f8798a15fa0 R15: 00007ffd06604128 [ 313.900496][T13990] [ 313.987199][T13995] FAULT_INJECTION: forcing a failure. [ 313.987199][T13995] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 313.993050][T13995] CPU: 1 UID: 0 PID: 13995 Comm: syz.0.2894 Not tainted syzkaller #0 PREEMPT(full) [ 313.993068][T13995] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 313.993076][T13995] Call Trace: [ 313.993082][T13995] [ 313.993087][T13995] dump_stack_lvl+0x100/0x190 [ 313.993111][T13995] should_fail_ex.cold+0x5/0xa [ 313.993125][T13995] ? prepare_alloc_pages+0x16d/0x5f0 [ 313.993139][T13995] should_fail_alloc_page+0xeb/0x140 [ 313.993153][T13995] prepare_alloc_pages+0x1f0/0x5f0 [ 313.993167][T13995] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 313.993190][T13995] ? __lock_acquire+0x4a5/0x2630 [ 313.993205][T13995] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 313.993224][T13995] ? __lock_acquire+0x4a5/0x2630 [ 313.993236][T13995] ? __lock_acquire+0x4a5/0x2630 [ 313.993249][T13995] ? css_rstat_updated+0x1ce/0x5a0 [ 313.993268][T13995] ? lock_acquire+0x1b1/0x370 [ 313.993283][T13995] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 313.993297][T13995] ? policy_nodemask+0xed/0x4f0 [ 313.993311][T13995] alloc_pages_mpol+0x1fb/0x540 [ 313.993323][T13995] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 313.993336][T13995] ? __lock_acquire+0x4a5/0x2630 [ 313.993350][T13995] folio_alloc_mpol_noprof+0x36/0x260 [ 313.993365][T13995] vma_alloc_folio_noprof+0xed/0x1d0 [ 313.993378][T13995] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 313.993396][T13995] do_anonymous_page+0xb46/0x2050 [ 313.993411][T13995] ? rcu_read_unlock+0x2d/0xb0 [ 313.993430][T13995] __handle_mm_fault+0x1d2c/0x2a00 [ 313.993446][T13995] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 313.993462][T13995] ? __pfx___handle_mm_fault+0x10/0x10 [ 313.993478][T13995] ? pte_offset_map_lock+0x174/0x320 [ 313.993489][T13995] ? find_held_lock+0x2b/0x80 [ 313.993503][T13995] ? follow_page_pte+0x4d0/0x13f0 [ 313.993518][T13995] handle_mm_fault+0x36d/0xa20 [ 313.993535][T13995] __get_user_pages+0x1178/0x32a0 [ 313.993550][T13995] ? down_read_killable+0x307/0x4b0 [ 313.993568][T13995] ? __pfx___get_user_pages+0x10/0x10 [ 313.993580][T13995] ? __kernel_text_address+0xd/0x30 [ 313.993598][T13995] __gup_longterm_locked+0x87d/0x16f0 [ 313.993617][T13995] ? __pfx___gup_longterm_locked+0x10/0x10 [ 313.993630][T13995] ? lock_acquire+0x1b1/0x370 [ 313.993643][T13995] ? find_held_lock+0x2b/0x80 [ 313.993653][T13995] ? sanity_check_pinned_pages+0x4f2/0x8b0 [ 313.993667][T13995] gup_fast_fallback+0x16dc/0x2790 [ 313.993688][T13995] ? __pfx_gup_fast_fallback+0x10/0x10 [ 313.993707][T13995] pin_user_pages_fast+0xa7/0xf0 [ 313.993720][T13995] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 313.993732][T13995] ? __kmalloc_noprof+0x320/0x850 [ 313.993751][T13995] rds_info_getsockopt+0x196/0x4e0 [ 313.993777][T13995] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 313.993787][T13995] ? find_held_lock+0x2b/0x80 [ 313.993802][T13995] rds_getsockopt+0x177/0x2e0 [ 313.993817][T13995] ? __pfx_rds_getsockopt+0x10/0x10 [ 313.993831][T13995] do_sock_getsockopt+0x50a/0x6e0 [ 313.993845][T13995] ? __lock_acquire+0x4a5/0x2630 [ 313.993860][T13995] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 313.993871][T13995] ? find_held_lock+0x2b/0x80 [ 313.993881][T13995] ? ksys_write+0x190/0x250 [ 313.993896][T13995] ? find_held_lock+0x2b/0x80 [ 313.993909][T13995] ? __fget_files+0x21f/0x3d0 [ 313.993926][T13995] __sys_getsockopt+0x148/0x260 [ 313.993946][T13995] ? __x64_sys_getsockopt+0xbd/0x160 [ 313.993962][T13995] __x64_sys_getsockopt+0xbd/0x160 [ 313.993977][T13995] ? do_syscall_64+0x90/0xf80 [ 313.993993][T13995] ? lockdep_hardirqs_on+0x78/0x100 [ 313.994007][T13995] do_syscall_64+0x10b/0xf80 [ 313.994021][T13995] ? clear_bhb_loop+0x40/0x90 [ 313.994034][T13995] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.994045][T13995] RIP: 0033:0x7f879879ce59 [ 313.994055][T13995] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 313.994065][T13995] RSP: 002b:00007f87996de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 313.994076][T13995] RAX: ffffffffffffffda RBX: 00007f8798a15fa0 RCX: 00007f879879ce59 [ 313.994083][T13995] RDX: 000000000000271e RSI: 0000200000000114 RDI: 0000000000000004 [ 313.994089][T13995] RBP: 00007f87996de090 R08: 0000200000000040 R09: 0000000000000000 [ 313.994095][T13995] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001 [ 313.994102][T13995] R13: 00007f8798a16038 R14: 00007f8798a15fa0 R15: 00007ffd06604128 [ 313.994120][T13995] [ 314.208353][T14006] FAULT_INJECTION: forcing a failure. [ 314.208353][T14006] name failslab, interval 1, probability 0, space 0, times 0 [ 314.212691][T14006] CPU: 1 UID: 0 PID: 14006 Comm: syz.0.2897 Not tainted syzkaller #0 PREEMPT(full) [ 314.212706][T14006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 314.212713][T14006] Call Trace: [ 314.212717][T14006] [ 314.212721][T14006] dump_stack_lvl+0x100/0x190 [ 314.212739][T14006] should_fail_ex.cold+0x5/0xa [ 314.212755][T14006] should_failslab+0xc2/0x120 [ 314.212767][T14006] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 314.212783][T14006] ? skb_clone+0x190/0x400 [ 314.212796][T14006] skb_clone+0x190/0x400 [ 314.212806][T14006] netlink_deliver_tap+0xaed/0xcc0 [ 314.212823][T14006] netlink_unicast+0x62b/0x850 [ 314.212838][T14006] ? __pfx_netlink_unicast+0x10/0x10 [ 314.212856][T14006] netlink_sendmsg+0x8b0/0xda0 [ 314.212872][T14006] ? __pfx_netlink_sendmsg+0x10/0x10 [ 314.212884][T14006] ? __might_fault+0x50/0x140 [ 314.212905][T14006] ____sys_sendmsg+0x9e1/0xb70 [ 314.212917][T14006] ? __pfx_netlink_sendmsg+0x10/0x10 [ 314.212932][T14006] ? __pfx_____sys_sendmsg+0x10/0x10 [ 314.212951][T14006] ___sys_sendmsg+0x190/0x1e0 [ 314.212965][T14006] ? __pfx____sys_sendmsg+0x10/0x10 [ 314.212994][T14006] __sys_sendmsg+0x170/0x220 [ 314.213004][T14006] ? __pfx___sys_sendmsg+0x10/0x10 [ 314.213019][T14006] ? rcu_is_watching+0x12/0xc0 [ 314.213039][T14006] do_syscall_64+0x10b/0xf80 [ 314.213058][T14006] ? clear_bhb_loop+0x40/0x90 [ 314.213076][T14006] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.213090][T14006] RIP: 0033:0x7f879879ce59 [ 314.213104][T14006] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 314.213117][T14006] RSP: 002b:00007f87996de028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 314.213128][T14006] RAX: ffffffffffffffda RBX: 00007f8798a15fa0 RCX: 00007f879879ce59 [ 314.213134][T14006] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 314.213141][T14006] RBP: 00007f87996de090 R08: 0000000000000000 R09: 0000000000000000 [ 314.213146][T14006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 314.213152][T14006] R13: 00007f8798a16038 R14: 00007f8798a15fa0 R15: 00007ffd06604128 [ 314.213165][T14006] [ 314.302794][T14016] FAULT_INJECTION: forcing a failure. [ 314.302794][T14016] name failslab, interval 1, probability 0, space 0, times 0 [ 314.308519][T14016] CPU: 2 UID: 0 PID: 14016 Comm: syz.0.2900 Not tainted syzkaller #0 PREEMPT(full) [ 314.308543][T14016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 314.308553][T14016] Call Trace: [ 314.308561][T14016] [ 314.308568][T14016] dump_stack_lvl+0x100/0x190 [ 314.308593][T14016] should_fail_ex.cold+0x5/0xa [ 314.308618][T14016] should_failslab+0xc2/0x120 [ 314.308654][T14016] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 314.308679][T14016] ? sctp_get_port_local+0x828/0x1630 [ 314.308700][T14016] sctp_get_port_local+0x828/0x1630 [ 314.308720][T14016] ? __pfx_sctp_get_port_local+0x10/0x10 [ 314.308742][T14016] ? sctp_bind_addr_match+0x19d/0x300 [ 314.308770][T14016] sctp_do_bind+0x2b9/0x760 [ 314.308794][T14016] sctp_connect_new_asoc+0x5e7/0x770 [ 314.308817][T14016] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 314.308842][T14016] sctp_sendmsg+0x171a/0x22b0 [ 314.308867][T14016] ? __pfx_sctp_sendmsg+0x10/0x10 [ 314.308893][T14016] ? __pfx_sock_has_perm+0x10/0x10 [ 314.308925][T14016] ? __pfx_sctp_sendmsg+0x10/0x10 [ 314.308946][T14016] inet_sendmsg+0x11c/0x140 [ 314.308985][T14016] ____sys_sendmsg+0x98d/0xb70 [ 314.309010][T14016] ? __pfx_inet_sendmsg+0x10/0x10 [ 314.309037][T14016] ? __pfx_____sys_sendmsg+0x10/0x10 [ 314.309068][T14016] ___sys_sendmsg+0x190/0x1e0 [ 314.309092][T14016] ? __pfx____sys_sendmsg+0x10/0x10 [ 314.309136][T14016] __sys_sendmsg+0x170/0x220 [ 314.309153][T14016] ? __pfx___sys_sendmsg+0x10/0x10 [ 314.309180][T14016] ? rcu_is_watching+0x12/0xc0 [ 314.309211][T14016] do_syscall_64+0x10b/0xf80 [ 314.309235][T14016] ? clear_bhb_loop+0x40/0x90 [ 314.309252][T14016] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 314.309269][T14016] RIP: 0033:0x7f879879ce59 [ 314.309286][T14016] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 314.309302][T14016] RSP: 002b:00007f87996de028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 314.309319][T14016] RAX: ffffffffffffffda RBX: 00007f8798a15fa0 RCX: 00007f879879ce59 [ 314.309327][T14016] RDX: 0000000028008841 RSI: 0000200000001640 RDI: 0000000000000003 [ 314.309337][T14016] RBP: 00007f87996de090 R08: 0000000000000000 R09: 0000000000000000 [ 314.309347][T14016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 314.309357][T14016] R13: 00007f8798a16038 R14: 00007f8798a15fa0 R15: 00007ffd06604128 [ 314.309381][T14016] [ 314.403491][T14018] netlink: 'syz.1.2901': attribute type 14 has an invalid length. [ 314.407710][T14018] netlink: 'syz.1.2901': attribute type 14 has an invalid length. [ 314.785609][T14058] syzkaller0: entered promiscuous mode [ 314.787425][T14058] syzkaller0: entered allmulticast mode [ 314.812389][T14056] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60 sclass=netlink_route_socket pid=14056 comm=syz.0.2917 [ 314.821331][T14056] No source specified [ 315.062921][ T1351] usb 8-1: new high-speed USB device number 31 using dummy_hcd [ 315.210849][T14097] __nla_validate_parse: 6 callbacks suppressed [ 315.210863][T14097] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2932'. [ 315.247094][T14099] syzkaller0: entered promiscuous mode [ 315.248902][T14099] syzkaller0: entered allmulticast mode [ 315.254321][ T1351] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 315.258642][ T1351] usb 8-1: config 0 has no interfaces? [ 315.263827][ T1351] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 315.267996][ T1351] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.271574][ T1351] usb 8-1: Product: syz [ 315.274275][ T1351] usb 8-1: Manufacturer: syz [ 315.276381][ T1351] usb 8-1: SerialNumber: syz [ 315.281047][ T1351] usb 8-1: config 0 descriptor?? [ 315.292593][ T844] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 315.447731][ T844] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 315.451786][ T844] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 315.456633][ T844] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 315.459925][ T844] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 315.466669][ T844] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 315.471881][ T844] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 315.475853][ T844] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 315.478777][ T844] usb 5-1: Product: syz [ 315.480133][ T844] usb 5-1: Manufacturer: syz [ 315.486126][ T844] cdc_wdm 5-1:1.0: skipping garbage [ 315.488543][ T844] cdc_wdm 5-1:1.0: skipping garbage [ 315.493594][ T844] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 315.495272][ T1351] usb 8-1: USB disconnect, device number 31 [ 315.496135][ T844] cdc_wdm 5-1:1.0: Unknown control protocol [ 315.937926][T14089] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 316.013515][T14107] FAULT_INJECTION: forcing a failure. [ 316.013515][T14107] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 316.019829][T14107] CPU: 0 UID: 0 PID: 14107 Comm: syz.1.2937 Not tainted syzkaller #0 PREEMPT(full) [ 316.019855][T14107] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 316.019866][T14107] Call Trace: [ 316.019875][T14107] [ 316.019883][T14107] dump_stack_lvl+0x100/0x190 [ 316.019961][T14107] should_fail_ex.cold+0x5/0xa [ 316.019998][T14107] _copy_from_iter+0x1f4/0x1690 [ 316.020039][T14107] ? __asan_memset+0x23/0x50 [ 316.020077][T14107] ? __pfx__copy_from_iter+0x10/0x10 [ 316.020102][T14107] ? __pfx___alloc_skb+0x10/0x10 [ 316.020147][T14107] ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10 [ 316.020181][T14107] netlink_sendmsg+0x808/0xda0 [ 316.020209][T14107] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.020231][T14107] ? __might_fault+0x50/0x140 [ 316.020266][T14107] ____sys_sendmsg+0x9e1/0xb70 [ 316.020288][T14107] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.020312][T14107] ? __pfx_____sys_sendmsg+0x10/0x10 [ 316.020344][T14107] ___sys_sendmsg+0x190/0x1e0 [ 316.020366][T14107] ? __pfx____sys_sendmsg+0x10/0x10 [ 316.020414][T14107] __sys_sendmsg+0x170/0x220 [ 316.020431][T14107] ? __pfx___sys_sendmsg+0x10/0x10 [ 316.020457][T14107] ? rcu_is_watching+0x12/0xc0 [ 316.020501][T14107] do_syscall_64+0x10b/0xf80 [ 316.020550][T14107] ? clear_bhb_loop+0x40/0x90 [ 316.020572][T14107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.020590][T14107] RIP: 0033:0x7f1b82d9ce59 [ 316.020605][T14107] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 316.020620][T14107] RSP: 002b:00007f1b83bfa028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 316.020638][T14107] RAX: ffffffffffffffda RBX: 00007f1b83015fa0 RCX: 00007f1b82d9ce59 [ 316.020648][T14107] RDX: 000000000408c0c0 RSI: 0000200000001540 RDI: 0000000000000003 [ 316.020657][T14107] RBP: 00007f1b83bfa090 R08: 0000000000000000 R09: 0000000000000000 [ 316.020667][T14107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 316.020676][T14107] R13: 00007f1b83016038 R14: 00007f1b83015fa0 R15: 00007ffdb53e8928 [ 316.020700][T14107] [ 316.162391][T14117] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2941'. [ 316.175226][T14113] kvm: pic: non byte write [ 316.354176][ T58] IPVS: starting estimator thread 0... [ 316.442786][T14124] IPVS: using max 23 ests per chain, 55200 per kthread [ 316.450142][ T5837] usb 5-1: USB disconnect, device number 29 [ 316.703695][ T58] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 316.710042][ T40] audit: type=1400 audit(1778628215.347:607): avc: denied { getopt } for pid=14135 comm="syz.3.2949" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 316.852576][ T58] usb 6-1: Using ep0 maxpacket: 8 [ 316.856025][ T58] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 316.859476][ T58] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 316.862837][ T58] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 316.865944][ T58] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 316.870067][ T58] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 316.873230][ T58] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.086013][ T58] usb 6-1: usb_control_msg returned -71 [ 317.087866][ T58] usbtmc 6-1:16.0: can't read capabilities [ 317.094409][ T58] usb 6-1: USB disconnect, device number 29 [ 317.181750][ T40] audit: type=1400 audit(1778628215.817:608): avc: denied { create } for pid=14156 comm="syz.3.2959" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 317.419328][ T40] audit: type=1400 audit(1778628216.057:609): avc: denied { bind } for pid=14160 comm="syz.0.2960" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 317.455834][ T1351] hid-generic 0005:000B:0009.0003: unknown main item tag 0x0 [ 317.461527][ T1351] hid-generic 0005:000B:0009.0003: unknown main item tag 0x0 [ 317.465895][ T1351] hid-generic 0005:000B:0009.0003: unknown main item tag 0x0 [ 317.468612][T14173] Bluetooth: MGMT ver 1.23 [ 317.469408][ T1351] hid-generic 0005:000B:0009.0003: unknown main item tag 0x0 [ 317.477158][ T1351] hid-generic 0005:000B:0009.0003: unknown main item tag 0x0 [ 317.480793][ T1351] hid-generic 0005:000B:0009.0003: unknown main item tag 0x0 [ 317.485395][ T1351] hid-generic 0005:000B:0009.0003: unknown main item tag 0x0 [ 317.491618][ T1351] hid-generic 0005:000B:0009.0003: unknown main item tag 0x0 [ 317.494304][ T1351] hid-generic 0005:000B:0009.0003: unknown main item tag 0x0 [ 317.497008][ T1351] hid-generic 0005:000B:0009.0003: unknown main item tag 0x0 [ 317.529056][ T1351] hid-generic 0005:000B:0009.0003: hidraw1: BLUETOOTH HID v0.01 Device [syz0] on syz1 [ 317.562106][T14174] fido_id[14174]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 317.729714][T14182] fuse: Unknown parameter '0x000000000000000e' [ 317.735219][T14184] FAULT_INJECTION: forcing a failure. [ 317.735219][T14184] name failslab, interval 1, probability 0, space 0, times 0 [ 317.740110][T14184] CPU: 2 UID: 0 PID: 14184 Comm: syz.1.2971 Not tainted syzkaller #0 PREEMPT(full) [ 317.740127][T14184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 317.740134][T14184] Call Trace: [ 317.740141][T14184] [ 317.740147][T14184] dump_stack_lvl+0x100/0x190 [ 317.740164][T14184] should_fail_ex.cold+0x5/0xa [ 317.740180][T14184] should_failslab+0xc2/0x120 [ 317.740193][T14184] __kmalloc_cache_noprof+0x7a/0x6f0 [ 317.740208][T14184] ? kobject_uevent_env+0x263/0x18b0 [ 317.740224][T14184] kobject_uevent_env+0x263/0x18b0 [ 317.740237][T14184] ? bus_to_subsys+0x114/0x150 [ 317.740273][T14184] device_del+0x605/0x9b0 [ 317.740291][T14184] ? __pfx_device_del+0x10/0x10 [ 317.740311][T14184] rfkill_unregister+0xde/0x2c0 [ 317.740342][T14184] nfc_unregister_rfkill+0xd0/0x2b0 [ 317.740359][T14184] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 317.740374][T14184] nci_unregister_device+0x3e/0x330 [ 317.740384][T14184] ? ima_file_free+0xc6/0x340 [ 317.740398][T14184] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 317.740413][T14184] virtual_ncidev_close+0x4b/0xa0 [ 317.740442][T14184] __fput+0x3ff/0xb50 [ 317.740461][T14184] fput_close_sync+0x118/0x250 [ 317.740477][T14184] ? __pfx_fput_close_sync+0x10/0x10 [ 317.740497][T14184] __x64_sys_close+0x8b/0x120 [ 317.740514][T14184] do_syscall_64+0x10b/0xf80 [ 317.740531][T14184] ? clear_bhb_loop+0x40/0x90 [ 317.740544][T14184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.740555][T14184] RIP: 0033:0x7f1b82d9ce59 [ 317.740566][T14184] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 317.740576][T14184] RSP: 002b:00007f1b83bfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 317.740587][T14184] RAX: ffffffffffffffda RBX: 00007f1b83015fa0 RCX: 00007f1b82d9ce59 [ 317.740593][T14184] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 317.740599][T14184] RBP: 00007f1b83bfa090 R08: 0000000000000000 R09: 0000000000000000 [ 317.740604][T14184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 317.740610][T14184] R13: 00007f1b83016038 R14: 00007f1b83015fa0 R15: 00007ffdb53e8928 [ 317.740623][T14184] [ 318.097110][T14197] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2975'. [ 318.312028][T14210] usb usb7: usbfs: process 14210 (syz.1.2979) did not claim interface 0 before use [ 318.453943][ T844] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 318.598492][T14219] FAULT_INJECTION: forcing a failure. [ 318.598492][T14219] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 318.602894][T12252] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 318.603959][T14219] CPU: 1 UID: 0 PID: 14219 Comm: syz.2.2982 Not tainted syzkaller #0 PREEMPT(full) [ 318.603988][T14219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 318.604002][T14219] Call Trace: [ 318.604011][T14219] [ 318.604020][T14219] dump_stack_lvl+0x100/0x190 [ 318.604139][T14219] should_fail_ex.cold+0x5/0xa [ 318.604183][T14219] _copy_to_user+0x32/0xd0 [ 318.604236][T14219] simple_read_from_buffer+0xcb/0x170 [ 318.604280][T14219] proc_fail_nth_read+0x1af/0x230 [ 318.604318][T14219] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 318.604344][T14219] ? rw_verify_area+0xce/0x6d0 [ 318.604366][T14219] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 318.604389][T14219] vfs_read+0x1e4/0xb30 [ 318.604420][T14219] ? __pfx_vfs_read+0x10/0x10 [ 318.604443][T14219] ? __fget_files+0x215/0x3d0 [ 318.604478][T14219] ? __fget_files+0x21f/0x3d0 [ 318.604514][T14219] ksys_read+0x12a/0x250 [ 318.604538][T14219] ? __pfx_ksys_read+0x10/0x10 [ 318.604563][T14219] ? rcu_is_watching+0x12/0xc0 [ 318.604612][T14219] do_syscall_64+0x10b/0xf80 [ 318.604693][T14219] ? clear_bhb_loop+0x40/0x90 [ 318.604721][T14219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.604743][T14219] RIP: 0033:0x7ffbc5d5d68e [ 318.604764][T14219] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 318.604784][T14219] RSP: 002b:00007ffbc6b89fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 318.604805][T14219] RAX: ffffffffffffffda RBX: 00007ffbc6b8a6c0 RCX: 00007ffbc5d5d68e [ 318.604819][T14219] RDX: 000000000000000f RSI: 00007ffbc6b8a0a0 RDI: 0000000000000004 [ 318.604832][T14219] RBP: 00007ffbc6b8a090 R08: 0000000000000000 R09: 0000000000000000 [ 318.604844][T14219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 318.604856][T14219] R13: 00007ffbc6016038 R14: 00007ffbc6015fa0 R15: 00007ffde168fb98 [ 318.604887][T14219] [ 318.612705][ T844] usb 5-1: Using ep0 maxpacket: 8 [ 318.706206][ T844] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 318.710557][ T844] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 318.725610][ T844] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 318.732530][ T844] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 318.738133][ T844] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 318.741965][ T844] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.753468][T14223] usb usb7: usbfs: process 14223 (syz.2.2984) did not claim interface 0 before use [ 318.783050][T12252] usb 6-1: Using ep0 maxpacket: 16 [ 318.787872][T12252] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 318.792712][T12252] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 318.807942][T12252] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 318.817705][T12252] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 318.821156][T12252] usb 6-1: Product: syz [ 318.824448][ T40] audit: type=1400 audit(1778628217.457:610): avc: denied { setopt } for pid=14224 comm="syz.2.2985" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1 [ 318.824506][T12252] usb 6-1: Manufacturer: syz [ 318.835738][T12252] usb 6-1: SerialNumber: syz [ 318.854245][T12252] usb 6-1: config 0 descriptor?? [ 318.967781][ T844] usb 5-1: usb_control_msg returned -71 [ 318.969962][ T844] usbtmc 5-1:16.0: can't read capabilities [ 318.987633][ T844] usb 5-1: USB disconnect, device number 30 [ 319.002623][T14230] mmap: syz.2.2988 (14230): VmData 37531648 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 319.072108][ T1351] usb 6-1: USB disconnect, device number 30 [ 319.506580][T14241] FAULT_INJECTION: forcing a failure. [ 319.506580][T14241] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 319.511914][T14241] CPU: 3 UID: 0 PID: 14241 Comm: syz.0.2991 Not tainted syzkaller #0 PREEMPT(full) [ 319.511938][T14241] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 319.511949][T14241] Call Trace: [ 319.511959][T14241] [ 319.511969][T14241] dump_stack_lvl+0x100/0x190 [ 319.512004][T14241] should_fail_ex.cold+0x5/0xa [ 319.512029][T14241] _copy_from_user+0x2e/0xd0 [ 319.512061][T14241] copy_msghdr_from_user+0x9f/0x4f0 [ 319.512124][T14241] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 319.512157][T14241] ___sys_sendmsg+0x106/0x1e0 [ 319.512181][T14241] ? __pfx____sys_sendmsg+0x10/0x10 [ 319.512232][T14241] __sys_sendmsg+0x170/0x220 [ 319.512251][T14241] ? __pfx___sys_sendmsg+0x10/0x10 [ 319.512278][T14241] ? rcu_is_watching+0x12/0xc0 [ 319.512309][T14241] do_syscall_64+0x10b/0xf80 [ 319.512348][T14241] ? clear_bhb_loop+0x40/0x90 [ 319.512370][T14241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.512389][T14241] RIP: 0033:0x7f879879ce59 [ 319.512430][T14241] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 319.512448][T14241] RSP: 002b:00007f87996de028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 319.512465][T14241] RAX: ffffffffffffffda RBX: 00007f8798a15fa0 RCX: 00007f879879ce59 [ 319.512477][T14241] RDX: 0000000004040080 RSI: 0000200000000000 RDI: 0000000000000003 [ 319.512486][T14241] RBP: 00007f87996de090 R08: 0000000000000000 R09: 0000000000000000 [ 319.512495][T14241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 319.512507][T14241] R13: 00007f8798a16038 R14: 00007f8798a15fa0 R15: 00007ffd06604128 [ 319.512530][T14241] [ 319.760116][T14253] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2997'. [ 319.766064][T14257] netlink: 164 bytes leftover after parsing attributes in process `syz.0.2997'. [ 320.012760][ T1351] usb 8-1: new high-speed USB device number 32 using dummy_hcd [ 320.024695][T14264] FAULT_INJECTION: forcing a failure. [ 320.024695][T14264] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 320.031228][T14264] CPU: 3 UID: 0 PID: 14264 Comm: syz.0.3000 Not tainted syzkaller #0 PREEMPT(full) [ 320.031253][T14264] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 320.031263][T14264] Call Trace: [ 320.031269][T14264] [ 320.031277][T14264] dump_stack_lvl+0x100/0x190 [ 320.031305][T14264] should_fail_ex.cold+0x5/0xa [ 320.031332][T14264] _copy_to_user+0x32/0xd0 [ 320.031358][T14264] do_pagemap_scan+0xb23/0xcd0 [ 320.031382][T14264] ? __pfx_do_pagemap_scan+0x10/0x10 [ 320.031402][T14264] ? do_vfs_ioctl+0x226/0x13e0 [ 320.031422][T14264] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 320.031464][T14264] ? selinux_file_ioctl+0x13b/0x290 [ 320.031487][T14264] ? selinux_file_ioctl+0xb6/0x290 [ 320.031512][T14264] do_pagemap_cmd+0x58/0x80 [ 320.031530][T14264] ? __pfx_do_pagemap_cmd+0x10/0x10 [ 320.031548][T14264] __x64_sys_ioctl+0x18e/0x210 [ 320.031568][T14264] do_syscall_64+0x10b/0xf80 [ 320.031597][T14264] ? clear_bhb_loop+0x40/0x90 [ 320.031619][T14264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 320.031636][T14264] RIP: 0033:0x7f879879ce59 [ 320.031652][T14264] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 320.031669][T14264] RSP: 002b:00007f87996de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 320.031687][T14264] RAX: ffffffffffffffda RBX: 00007f8798a15fa0 RCX: 00007f879879ce59 [ 320.031698][T14264] RDX: 00002000000001c0 RSI: 00000000c0606610 RDI: 0000000000000003 [ 320.031708][T14264] RBP: 00007f87996de090 R08: 0000000000000000 R09: 0000000000000000 [ 320.031719][T14264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 320.031729][T14264] R13: 00007f8798a16038 R14: 00007f8798a15fa0 R15: 00007ffd06604128 [ 320.031753][T14264] [ 320.156712][T14266] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3001'. [ 320.163877][ T1351] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 320.167780][ T1351] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 320.172586][ T1351] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 320.178070][ T1351] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.184135][ T1351] usb 8-1: Product: syz [ 320.185945][ T1351] usb 8-1: Manufacturer: syz [ 320.191833][ T1351] usb 8-1: SerialNumber: syz [ 320.200052][ T1351] usb 8-1: config 0 descriptor?? [ 320.407918][ T5837] usb 8-1: USB disconnect, device number 32 [ 320.453106][ T5440] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 320.602813][ T5440] usb 5-1: Using ep0 maxpacket: 16 [ 320.607820][ T5440] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 320.611367][ T5440] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 320.616621][ T5440] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 320.619810][ T5440] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 320.622970][ T5440] usb 5-1: Product: syz [ 320.624546][ T5440] usb 5-1: Manufacturer: syz [ 320.626592][ T5440] usb 5-1: SerialNumber: syz [ 320.631687][ T5440] usb 5-1: config 0 descriptor?? [ 320.842337][ T5837] usb 5-1: USB disconnect, device number 31 [ 321.188762][T14291] FAULT_INJECTION: forcing a failure. [ 321.188762][T14291] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 321.194781][T14291] CPU: 1 UID: 0 PID: 14291 Comm: syz.3.3010 Not tainted syzkaller #0 PREEMPT(full) [ 321.194809][T14291] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 321.194820][T14291] Call Trace: [ 321.194826][T14291] [ 321.194834][T14291] dump_stack_lvl+0x100/0x190 [ 321.194863][T14291] should_fail_ex.cold+0x5/0xa [ 321.194898][T14291] _copy_to_user+0x32/0xd0 [ 321.194929][T14291] simple_read_from_buffer+0xcb/0x170 [ 321.194955][T14291] proc_fail_nth_read+0x1af/0x230 [ 321.194976][T14291] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 321.194999][T14291] ? rw_verify_area+0xce/0x6d0 [ 321.195017][T14291] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 321.195037][T14291] vfs_read+0x1e4/0xb30 [ 321.195061][T14291] ? __pfx_vfs_read+0x10/0x10 [ 321.195080][T14291] ? __fget_files+0x215/0x3d0 [ 321.195110][T14291] ? __fget_files+0x21f/0x3d0 [ 321.195141][T14291] ksys_read+0x12a/0x250 [ 321.195161][T14291] ? __pfx_ksys_read+0x10/0x10 [ 321.195185][T14291] ? rcu_is_watching+0x12/0xc0 [ 321.195219][T14291] do_syscall_64+0x10b/0xf80 [ 321.195247][T14291] ? clear_bhb_loop+0x40/0x90 [ 321.195271][T14291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 321.195291][T14291] RIP: 0033:0x7fb8cf55d68e [ 321.195308][T14291] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 321.195326][T14291] RSP: 002b:00007fb8d0419fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 321.195363][T14291] RAX: ffffffffffffffda RBX: 00007fb8d041a6c0 RCX: 00007fb8cf55d68e [ 321.195376][T14291] RDX: 000000000000000f RSI: 00007fb8d041a0a0 RDI: 0000000000000004 [ 321.195387][T14291] RBP: 00007fb8d041a090 R08: 0000000000000000 R09: 0000000000000000 [ 321.195399][T14291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 321.195410][T14291] R13: 00007fb8cf816038 R14: 00007fb8cf815fa0 R15: 00007ffeeeea98e8 [ 321.195438][T14291] [ 321.329373][ T40] audit: type=1400 audit(1778628219.957:611): avc: denied { write } for pid=14292 comm="syz.3.3011" name="/" dev="9p" ino=81264693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 321.338817][ T40] audit: type=1400 audit(1778628219.967:612): avc: denied { add_name } for pid=14292 comm="syz.3.3011" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 321.347816][ T40] audit: type=1400 audit(1778628219.967:613): avc: denied { create } for pid=14292 comm="syz.3.3011" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 321.355415][ T40] audit: type=1400 audit(1778628219.967:614): avc: denied { associate } for pid=14292 comm="syz.3.3011" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 321.362761][ T40] audit: type=1400 audit(1778628219.977:615): avc: denied { write } for pid=14292 comm="syz.3.3011" name="file0" dev="9p" ino=81264695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 321.371416][ T40] audit: type=1400 audit(1778628219.977:616): avc: denied { open } for pid=14292 comm="syz.3.3011" path="/198/file0/file0" dev="9p" ino=81264695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 321.421963][T14302] loop2: detected capacity change from 0 to 3 [ 321.426593][T14302] ldm_validate_privheads(): Disk read failed. [ 321.428983][T14302] Dev loop2: unable to read RDB block 3 [ 321.431105][T14302] loop2: unable to read partition table [ 321.433114][T14302] loop2: partition table beyond EOD, truncated [ 321.435075][T14302] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 321.536052][ T171] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.622937][ T844] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 321.752687][ T844] usb 6-1: device descriptor read/64, error -71 [ 321.874646][T14311] syzkaller0: entered promiscuous mode [ 321.876661][T14311] syzkaller0: entered allmulticast mode [ 322.002571][ T844] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 322.133467][ T844] usb 6-1: device descriptor read/64, error -71 [ 322.255419][ T844] usb usb6-port1: attempt power cycle [ 322.367636][T14318] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 322.386115][T14318] kvm: pic: level sensitive irq not supported [ 322.387115][T14318] kvm: pic: non byte read [ 322.389641][ T1436] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.390888][T14318] kvm: pic: level sensitive irq not supported [ 322.395030][T14318] kvm: pic: non byte read [ 322.561143][T14330] bond0: (slave sit0): refused to change device type [ 322.566363][T14328] syzkaller0: entered promiscuous mode [ 322.568684][T14328] syzkaller0: entered allmulticast mode [ 322.592604][ T844] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 322.612678][T12252] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 322.614343][ T844] usb 6-1: device descriptor read/8, error -71 [ 322.762597][T12252] usb 5-1: Using ep0 maxpacket: 16 [ 322.768144][T12252] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 322.773267][T12252] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 322.778980][T12252] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 322.781956][T12252] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 322.786001][T12252] usb 5-1: Product: syz [ 322.787688][T12252] usb 5-1: Manufacturer: syz [ 322.789299][T12252] usb 5-1: SerialNumber: syz [ 322.800009][T12252] usb 5-1: config 0 descriptor?? [ 322.853281][ T844] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 322.873569][ T844] usb 6-1: device descriptor read/8, error -71 [ 322.901384][T14350] FAULT_INJECTION: forcing a failure. [ 322.901384][T14350] name failslab, interval 1, probability 0, space 0, times 0 [ 322.905910][T14350] CPU: 0 UID: 0 PID: 14350 Comm: syz.2.3032 Not tainted syzkaller #0 PREEMPT(full) [ 322.905950][T14350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 322.905962][T14350] Call Trace: [ 322.905985][T14350] [ 322.905992][T14350] dump_stack_lvl+0x100/0x190 [ 322.906050][T14350] should_fail_ex.cold+0x5/0xa [ 322.906078][T14350] ? genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0 [ 322.906124][T14350] should_failslab+0xc2/0x120 [ 322.906145][T14350] __kmalloc_noprof+0xe0/0x850 [ 322.906165][T14350] genl_family_rcv_msg_attrs_parse.isra.0+0x100/0x2f0 [ 322.906184][T14350] genl_family_rcv_msg_doit+0xc7/0x300 [ 322.906201][T14350] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 322.906234][T14350] ? bpf_lsm_capable+0x9/0x10 [ 322.906247][T14350] ? security_capable+0x80/0x260 [ 322.906276][T14350] genl_rcv_msg+0x560/0x800 [ 322.906294][T14350] ? __pfx_genl_rcv_msg+0x10/0x10 [ 322.906310][T14350] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 322.906357][T14350] ? __pfx_nl802154_set_llsec_params+0x10/0x10 [ 322.906368][T14350] ? __pfx_nl802154_post_doit+0x10/0x10 [ 322.906379][T14350] ? __lock_acquire+0x4a5/0x2630 [ 322.906430][T14350] netlink_rcv_skb+0x159/0x420 [ 322.906444][T14350] ? __pfx_genl_rcv_msg+0x10/0x10 [ 322.906461][T14350] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 322.906480][T14350] ? netlink_deliver_tap+0x1ae/0xcc0 [ 322.906495][T14350] genl_rcv+0x28/0x40 [ 322.906509][T14350] netlink_unicast+0x585/0x850 [ 322.906527][T14350] ? __pfx_netlink_unicast+0x10/0x10 [ 322.906545][T14350] netlink_sendmsg+0x8b0/0xda0 [ 322.906563][T14350] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.906576][T14350] ? __might_fault+0x50/0x140 [ 322.906596][T14350] ____sys_sendmsg+0x9e1/0xb70 [ 322.906618][T14350] ? __pfx_netlink_sendmsg+0x10/0x10 [ 322.906632][T14350] ? __pfx_____sys_sendmsg+0x10/0x10 [ 322.906651][T14350] ___sys_sendmsg+0x190/0x1e0 [ 322.906666][T14350] ? __pfx____sys_sendmsg+0x10/0x10 [ 322.906696][T14350] __sys_sendmsg+0x170/0x220 [ 322.906706][T14350] ? __pfx___sys_sendmsg+0x10/0x10 [ 322.906722][T14350] ? rcu_is_watching+0x12/0xc0 [ 322.906740][T14350] do_syscall_64+0x10b/0xf80 [ 322.906772][T14350] ? clear_bhb_loop+0x40/0x90 [ 322.906785][T14350] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.906796][T14350] RIP: 0033:0x7ffbc5d9ce59 [ 322.906817][T14350] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 322.906828][T14350] RSP: 002b:00007ffbc6b8a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 322.906838][T14350] RAX: ffffffffffffffda RBX: 00007ffbc6015fa0 RCX: 00007ffbc5d9ce59 [ 322.906845][T14350] RDX: 0000000004000000 RSI: 00002000000005c0 RDI: 0000000000000004 [ 322.906851][T14350] RBP: 00007ffbc6b8a090 R08: 0000000000000000 R09: 0000000000000000 [ 322.906859][T14350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 322.906865][T14350] R13: 00007ffbc6016038 R14: 00007ffbc6015fa0 R15: 00007ffde168fb98 [ 322.906879][T14350] [ 323.016683][ T844] usb usb6-port1: unable to enumerate USB device [ 323.023331][T12252] usb 5-1: USB disconnect, device number 32 [ 323.584827][T14364] ¾x9ÿ: renamed from bridge_slave_0 (while UP) [ 323.587610][T14364] FAULT_INJECTION: forcing a failure. [ 323.587610][T14364] name failslab, interval 1, probability 0, space 0, times 0 [ 323.592901][T14364] CPU: 1 UID: 0 PID: 14364 Comm: syz.0.3037 Not tainted syzkaller #0 PREEMPT(full) [ 323.592919][T14364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 323.592929][T14364] Call Trace: [ 323.592935][T14364] [ 323.592942][T14364] dump_stack_lvl+0x100/0x190 [ 323.592975][T14364] should_fail_ex.cold+0x5/0xa [ 323.593001][T14364] should_failslab+0xc2/0x120 [ 323.593020][T14364] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 323.593037][T14364] ? kstrdup_const+0x63/0x80 [ 323.593048][T14364] ? kernfs_name_hash+0x11e/0x150 [ 323.593077][T14364] kstrdup+0x51/0xe0 [ 323.593088][T14364] kstrdup_const+0x63/0x80 [ 323.593097][T14364] kernfs_rename_ns+0x690/0xb30 [ 323.593117][T14364] sysfs_rename_link_ns+0x186/0x230 [ 323.593132][T14364] device_rename+0x10f/0x250 [ 323.593161][T14364] netif_change_name+0x284/0x830 [ 323.593182][T14364] ? __pfx_netif_change_name+0x10/0x10 [ 323.593200][T14364] ? full_name_hash+0xbc/0x100 [ 323.593217][T14364] dev_change_name+0xb2/0x260 [ 323.593231][T14364] dev_ifsioc+0x16e8/0x1fc0 [ 323.593264][T14364] ? __pfx_dev_ifsioc+0x10/0x10 [ 323.593279][T14364] ? __pfx___mutex_lock+0x10/0x10 [ 323.593309][T14364] ? bpf_lsm_capable+0x9/0x10 [ 323.593324][T14364] dev_ioctl+0x223/0x10e0 [ 323.593342][T14364] sock_do_ioctl+0x1a0/0x280 [ 323.593358][T14364] ? __pfx_sock_do_ioctl+0x10/0x10 [ 323.593374][T14364] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 323.593386][T14364] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 323.593403][T14364] sock_ioctl+0x599/0x6b0 [ 323.593418][T14364] ? __pfx_sock_ioctl+0x10/0x10 [ 323.593433][T14364] ? hook_file_ioctl_common+0x149/0x410 [ 323.593462][T14364] ? selinux_file_ioctl+0x13b/0x290 [ 323.593480][T14364] ? selinux_file_ioctl+0xb6/0x290 [ 323.593498][T14364] ? __pfx_sock_ioctl+0x10/0x10 [ 323.593520][T14364] __x64_sys_ioctl+0x18e/0x210 [ 323.593535][T14364] do_syscall_64+0x10b/0xf80 [ 323.593550][T14364] ? clear_bhb_loop+0x40/0x90 [ 323.593564][T14364] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.593575][T14364] RIP: 0033:0x7f879879ce59 [ 323.593586][T14364] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 323.593596][T14364] RSP: 002b:00007f87996de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 323.593607][T14364] RAX: ffffffffffffffda RBX: 00007f8798a15fa0 RCX: 00007f879879ce59 [ 323.593614][T14364] RDX: 0000200000000080 RSI: 0000000000008923 RDI: 0000000000000004 [ 323.593620][T14364] RBP: 00007f87996de090 R08: 0000000000000000 R09: 0000000000000000 [ 323.593626][T14364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 323.593632][T14364] R13: 00007f8798a16038 R14: 00007f8798a15fa0 R15: 00007ffd06604128 [ 323.593646][T14364] [ 323.622068][T14366] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3038'. [ 323.795195][T14370] ¾x9ÿ: renamed from bridge_slave_0 (while UP) [ 324.139526][T14388] netlink: 'syz.0.3048': attribute type 1 has an invalid length. [ 324.157144][T14388] bond1: entered promiscuous mode [ 324.159280][T14388] 8021q: adding VLAN 0 to HW filter on device bond1 [ 324.167545][T14388] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3048'. [ 324.248093][ T58] usb 8-1: new high-speed USB device number 33 using dummy_hcd [ 324.323298][T14388] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3048'. [ 324.342191][T14388] bond1: (slave bridge2): making interface the new active one [ 324.345336][T14388] bridge2: entered promiscuous mode [ 324.348104][T14388] bond1: (slave bridge2): Enslaving as an active interface with an up link [ 324.412526][ T58] usb 8-1: Using ep0 maxpacket: 16 [ 324.415977][ T58] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 324.420787][ T58] usb 8-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 324.424206][ T58] usb 8-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 324.427128][ T58] usb 8-1: Product: syz [ 324.428592][ T58] usb 8-1: Manufacturer: syz [ 324.430102][ T58] usb 8-1: SerialNumber: syz [ 324.436674][ T58] usb 8-1: config 0 descriptor?? [ 324.648166][ T5837] usb 8-1: USB disconnect, device number 33 [ 326.137226][T14358] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 326.206255][T14411] FAULT_INJECTION: forcing a failure. [ 326.206255][T14411] name failslab, interval 1, probability 0, space 0, times 0 [ 326.210786][T14411] CPU: 2 UID: 0 PID: 14411 Comm: syz.2.3055 Not tainted syzkaller #0 PREEMPT(full) [ 326.210803][T14411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 326.210811][T14411] Call Trace: [ 326.210816][T14411] [ 326.210821][T14411] dump_stack_lvl+0x100/0x190 [ 326.210883][T14411] should_fail_ex.cold+0x5/0xa [ 326.210909][T14411] ? kobject_get_path+0xcf/0x2c0 [ 326.210965][T14411] should_failslab+0xc2/0x120 [ 326.210988][T14411] __kmalloc_noprof+0xe0/0x850 [ 326.211010][T14411] kobject_get_path+0xcf/0x2c0 [ 326.211030][T14411] kobject_uevent_env+0x287/0x18b0 [ 326.211045][T14411] ? bus_to_subsys+0x114/0x150 [ 326.211084][T14411] device_del+0x605/0x9b0 [ 326.211104][T14411] ? __pfx_device_del+0x10/0x10 [ 326.211126][T14411] rfkill_unregister+0xde/0x2c0 [ 326.211156][T14411] nfc_unregister_rfkill+0xd0/0x2b0 [ 326.211184][T14411] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 326.211200][T14411] nci_unregister_device+0x3e/0x330 [ 326.211212][T14411] ? ima_file_free+0xc6/0x340 [ 326.211237][T14411] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 326.211253][T14411] virtual_ncidev_close+0x4b/0xa0 [ 326.211268][T14411] __fput+0x3ff/0xb50 [ 326.211289][T14411] fput_close_sync+0x118/0x250 [ 326.211307][T14411] ? __pfx_fput_close_sync+0x10/0x10 [ 326.211328][T14411] __x64_sys_close+0x8b/0x120 [ 326.211347][T14411] do_syscall_64+0x10b/0xf80 [ 326.211363][T14411] ? clear_bhb_loop+0x40/0x90 [ 326.211378][T14411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.211392][T14411] RIP: 0033:0x7ffbc5d9ce59 [ 326.211406][T14411] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 326.211417][T14411] RSP: 002b:00007ffbc6b8a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 326.211435][T14411] RAX: ffffffffffffffda RBX: 00007ffbc6015fa0 RCX: 00007ffbc5d9ce59 [ 326.211443][T14411] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 326.211450][T14411] RBP: 00007ffbc6b8a090 R08: 0000000000000000 R09: 0000000000000000 [ 326.211457][T14411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 326.211463][T14411] R13: 00007ffbc6016038 R14: 00007ffbc6015fa0 R15: 00007ffde168fb98 [ 326.211478][T14411] [ 326.328641][ T40] kauditd_printk_skb: 2 callbacks suppressed [ 326.328659][ T40] audit: type=1400 audit(1778628224.967:619): avc: denied { read write } for pid=14421 comm="syz.2.3058" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 326.341362][ T40] audit: type=1400 audit(1778628224.967:620): avc: denied { open } for pid=14421 comm="syz.2.3058" path="/dev/snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 326.380740][T14420] syzkaller0: entered promiscuous mode [ 326.383346][T14420] syzkaller0: entered allmulticast mode [ 326.507543][T14429] FAULT_INJECTION: forcing a failure. [ 326.507543][T14429] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 326.511579][T14429] CPU: 3 UID: 0 PID: 14429 Comm: syz.2.3061 Not tainted syzkaller #0 PREEMPT(full) [ 326.511594][T14429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 326.511601][T14429] Call Trace: [ 326.511606][T14429] [ 326.511611][T14429] dump_stack_lvl+0x100/0x190 [ 326.511629][T14429] should_fail_ex.cold+0x5/0xa [ 326.511643][T14429] ? prepare_alloc_pages+0x16d/0x5f0 [ 326.511657][T14429] should_fail_alloc_page+0xeb/0x140 [ 326.511671][T14429] prepare_alloc_pages+0x1f0/0x5f0 [ 326.511686][T14429] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 326.511708][T14429] ? __lock_acquire+0x4a5/0x2630 [ 326.511735][T14429] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 326.511753][T14429] ? __lock_acquire+0x4a5/0x2630 [ 326.511766][T14429] ? __lock_acquire+0x4a5/0x2630 [ 326.511778][T14429] ? css_rstat_updated+0x1ce/0x5a0 [ 326.511797][T14429] ? lock_acquire+0x1b1/0x370 [ 326.511809][T14429] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 326.511823][T14429] ? policy_nodemask+0xed/0x4f0 [ 326.511836][T14429] alloc_pages_mpol+0x1fb/0x540 [ 326.511848][T14429] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 326.511860][T14429] ? __lock_acquire+0x4a5/0x2630 [ 326.511875][T14429] folio_alloc_mpol_noprof+0x36/0x260 [ 326.511889][T14429] vma_alloc_folio_noprof+0xed/0x1d0 [ 326.511902][T14429] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 326.511919][T14429] do_anonymous_page+0xb46/0x2050 [ 326.511934][T14429] ? rcu_read_unlock+0x2d/0xb0 [ 326.511953][T14429] __handle_mm_fault+0x1d2c/0x2a00 [ 326.511969][T14429] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 326.511986][T14429] ? __pfx___handle_mm_fault+0x10/0x10 [ 326.512001][T14429] ? pte_offset_map_lock+0x174/0x320 [ 326.512013][T14429] ? find_held_lock+0x2b/0x80 [ 326.512028][T14429] ? follow_page_pte+0x4d0/0x13f0 [ 326.512042][T14429] handle_mm_fault+0x36d/0xa20 [ 326.512059][T14429] __get_user_pages+0x1178/0x32a0 [ 326.512075][T14429] ? down_read_killable+0x307/0x4b0 [ 326.512118][T14429] ? __pfx___get_user_pages+0x10/0x10 [ 326.512129][T14429] ? __kernel_text_address+0xd/0x30 [ 326.512148][T14429] __gup_longterm_locked+0x87d/0x16f0 [ 326.512164][T14429] ? __pfx___gup_longterm_locked+0x10/0x10 [ 326.512177][T14429] ? lock_acquire+0x1b1/0x370 [ 326.512190][T14429] ? find_held_lock+0x2b/0x80 [ 326.512200][T14429] ? sanity_check_pinned_pages+0x4f2/0x8b0 [ 326.512214][T14429] gup_fast_fallback+0x16dc/0x2790 [ 326.512236][T14429] ? __pfx_gup_fast_fallback+0x10/0x10 [ 326.512254][T14429] pin_user_pages_fast+0xa7/0xf0 [ 326.512267][T14429] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 326.512279][T14429] ? __kmalloc_noprof+0x320/0x850 [ 326.512298][T14429] rds_info_getsockopt+0x196/0x4e0 [ 326.512318][T14429] ? __pfx_rds_info_getsockopt+0x10/0x10 [ 326.512329][T14429] ? find_held_lock+0x2b/0x80 [ 326.512344][T14429] rds_getsockopt+0x177/0x2e0 [ 326.512358][T14429] ? __pfx_rds_getsockopt+0x10/0x10 [ 326.512372][T14429] do_sock_getsockopt+0x50a/0x6e0 [ 326.512413][T14429] ? __lock_acquire+0x4a5/0x2630 [ 326.512431][T14429] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 326.512443][T14429] ? find_held_lock+0x2b/0x80 [ 326.512452][T14429] ? ksys_write+0x190/0x250 [ 326.512470][T14429] ? find_held_lock+0x2b/0x80 [ 326.512484][T14429] ? __fget_files+0x21f/0x3d0 [ 326.512500][T14429] __sys_getsockopt+0x148/0x260 [ 326.512521][T14429] ? __x64_sys_getsockopt+0xbd/0x160 [ 326.512537][T14429] __x64_sys_getsockopt+0xbd/0x160 [ 326.512552][T14429] ? do_syscall_64+0x90/0xf80 [ 326.512567][T14429] ? lockdep_hardirqs_on+0x78/0x100 [ 326.512581][T14429] do_syscall_64+0x10b/0xf80 [ 326.512594][T14429] ? clear_bhb_loop+0x40/0x90 [ 326.512607][T14429] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.512618][T14429] RIP: 0033:0x7ffbc5d9ce59 [ 326.512630][T14429] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 326.512640][T14429] RSP: 002b:00007ffbc6b8a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 326.512651][T14429] RAX: ffffffffffffffda RBX: 00007ffbc6015fa0 RCX: 00007ffbc5d9ce59 [ 326.512657][T14429] RDX: 000000000000271e RSI: 0000200000000114 RDI: 0000000000000004 [ 326.512663][T14429] RBP: 00007ffbc6b8a090 R08: 0000200000000040 R09: 0000000000000000 [ 326.512669][T14429] R10: 0000200000000580 R11: 0000000000000246 R12: 0000000000000001 [ 326.512675][T14429] R13: 00007ffbc6016038 R14: 00007ffbc6015fa0 R15: 00007ffde168fb98 [ 326.512688][T14429] [ 326.612657][ T5837] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 326.701106][T14437] netlink: 10 bytes leftover after parsing attributes in process `syz.2.3064'. [ 326.705756][T14437] FAULT_INJECTION: forcing a failure. [ 326.705756][T14437] name failslab, interval 1, probability 0, space 0, times 0 [ 326.712474][T14437] CPU: 2 UID: 0 PID: 14437 Comm: syz.2.3064 Not tainted syzkaller #0 PREEMPT(full) [ 326.712490][T14437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 326.712497][T14437] Call Trace: [ 326.712501][T14437] [ 326.712506][T14437] dump_stack_lvl+0x100/0x190 [ 326.712524][T14437] should_fail_ex.cold+0x5/0xa [ 326.712540][T14437] ? fib_nl2rule.constprop.0+0x315/0x1c50 [ 326.712568][T14437] should_failslab+0xc2/0x120 [ 326.712595][T14437] __kmalloc_noprof+0xe0/0x850 [ 326.712617][T14437] fib_nl2rule.constprop.0+0x315/0x1c50 [ 326.712632][T14437] ? __pfx_fib_nl2rule.constprop.0+0x10/0x10 [ 326.712646][T14437] ? __nla_parse+0x40/0x60 [ 326.712675][T14437] fib_delrule+0x21d/0x1c40 [ 326.712689][T14437] ? find_held_lock+0x2b/0x80 [ 326.712703][T14437] ? __pfx_fib_delrule+0x10/0x10 [ 326.712716][T14437] ? avc_has_perm_noaudit+0x120/0x3b0 [ 326.712747][T14437] ? find_held_lock+0x2b/0x80 [ 326.712756][T14437] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 326.712769][T14437] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 326.712783][T14437] ? __pfx_fib_nl_delrule+0x10/0x10 [ 326.712797][T14437] rtnetlink_rcv_msg+0x95e/0xe90 [ 326.712810][T14437] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 326.712827][T14437] netlink_rcv_skb+0x159/0x420 [ 326.712851][T14437] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 326.712864][T14437] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 326.712887][T14437] netlink_unicast+0x585/0x850 [ 326.712903][T14437] ? __pfx_netlink_unicast+0x10/0x10 [ 326.712916][T14437] ? __build_skb_around+0x278/0x390 [ 326.712936][T14437] netlink_sendmsg+0x8b0/0xda0 [ 326.712953][T14437] ? __pfx_netlink_sendmsg+0x10/0x10 [ 326.712972][T14437] __sys_sendto+0x468/0x4b0 [ 326.712988][T14437] ? __pfx_netlink_sendmsg+0x10/0x10 [ 326.713007][T14437] ? __pfx___sys_sendto+0x10/0x10 [ 326.713048][T14437] ? ksys_write+0x1ac/0x250 [ 326.713070][T14437] ? __pfx_ksys_write+0x10/0x10 [ 326.713092][T14437] __x64_sys_sendto+0xe0/0x1c0 [ 326.713116][T14437] ? do_syscall_64+0x90/0xf80 [ 326.713135][T14437] ? lockdep_hardirqs_on+0x78/0x100 [ 326.713150][T14437] do_syscall_64+0x10b/0xf80 [ 326.713164][T14437] ? clear_bhb_loop+0x40/0x90 [ 326.713177][T14437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.713189][T14437] RIP: 0033:0x7ffbc5d9ce59 [ 326.713200][T14437] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 326.713212][T14437] RSP: 002b:00007ffbc6b8a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 326.713223][T14437] RAX: ffffffffffffffda RBX: 00007ffbc6015fa0 RCX: 00007ffbc5d9ce59 [ 326.713230][T14437] RDX: 0000000000010a73 RSI: 0000200000000000 RDI: 0000000000000003 [ 326.713236][T14437] RBP: 00007ffbc6b8a090 R08: 0000000000000000 R09: 4b6ae4f95a5de35b [ 326.713243][T14437] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001 [ 326.713249][T14437] R13: 00007ffbc6016038 R14: 00007ffbc6015fa0 R15: 00007ffde168fb98 [ 326.713263][T14437] [ 326.773363][T14439] FAULT_INJECTION: forcing a failure. [ 326.773363][T14439] name failslab, interval 1, probability 0, space 0, times 0 [ 326.827932][ T40] audit: type=1400 audit(1778628225.467:621): avc: denied { setopt } for pid=14442 comm="syz.2.3067" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 326.829082][T14439] CPU: 3 UID: 0 PID: 14439 Comm: syz.1.3065 Not tainted syzkaller #0 PREEMPT(full) [ 326.829098][T14439] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 326.829105][T14439] Call Trace: [ 326.829111][T14439] [ 326.829116][T14439] dump_stack_lvl+0x100/0x190 [ 326.829134][T14439] should_fail_ex.cold+0x5/0xa [ 326.829151][T14439] should_failslab+0xc2/0x120 [ 326.829163][T14439] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 326.829180][T14439] ? skb_clone+0x190/0x400 [ 326.829194][T14439] skb_clone+0x190/0x400 [ 326.829205][T14439] netlink_deliver_tap+0xaed/0xcc0 [ 326.829223][T14439] netlink_unicast+0x62b/0x850 [ 326.829240][T14439] ? __pfx_netlink_unicast+0x10/0x10 [ 326.829258][T14439] netlink_sendmsg+0x8b0/0xda0 [ 326.829281][T14439] ? __pfx_netlink_sendmsg+0x10/0x10 [ 326.829295][T14439] ? __might_fault+0x50/0x140 [ 326.829316][T14439] ____sys_sendmsg+0x9e1/0xb70 [ 326.829330][T14439] ? __pfx_netlink_sendmsg+0x10/0x10 [ 326.829345][T14439] ? __pfx_____sys_sendmsg+0x10/0x10 [ 326.829365][T14439] ___sys_sendmsg+0x190/0x1e0 [ 326.829380][T14439] ? __pfx____sys_sendmsg+0x10/0x10 [ 326.829411][T14439] __sys_sendmsg+0x170/0x220 [ 326.829422][T14439] ? __pfx___sys_sendmsg+0x10/0x10 [ 326.829438][T14439] ? rcu_is_watching+0x12/0xc0 [ 326.829458][T14439] do_syscall_64+0x10b/0xf80 [ 326.829474][T14439] ? clear_bhb_loop+0x40/0x90 [ 326.829488][T14439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.829499][T14439] RIP: 0033:0x7f1b82d9ce59 [ 326.829509][T14439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 326.829520][T14439] RSP: 002b:00007f1b83bfa028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 326.829531][T14439] RAX: ffffffffffffffda RBX: 00007f1b83015fa0 RCX: 00007f1b82d9ce59 [ 326.829538][T14439] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 326.829545][T14439] RBP: 00007f1b83bfa090 R08: 0000000000000000 R09: 0000000000000000 [ 326.829551][T14439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 326.829557][T14439] R13: 00007f1b83016038 R14: 00007f1b83015fa0 R15: 00007ffdb53e8928 [ 326.829571][T14439] [ 326.838609][T14443] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3067'. [ 326.840705][ T5837] usb 5-1: Using ep0 maxpacket: 16 [ 326.926058][ T5837] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 326.930150][T14443] kvm: kvm [14442]: vcpu6, guest rIP: 0x9139 Unhandled WRMSR(0xc1) = 0xe50000000000 [ 326.933976][ T5837] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 326.938487][ T5837] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 326.942146][ T5837] usb 5-1: Product: syz [ 326.944527][T14443] kvm: kvm [14442]: vcpu6, guest rIP: 0x9139 Unhandled WRMSR(0xc2) = 0xe50000000000 [ 326.950661][ T5837] usb 5-1: Manufacturer: syz [ 326.952209][ T5837] usb 5-1: SerialNumber: syz [ 326.955270][ T5837] usb 5-1: config 0 descriptor?? [ 326.955463][T14448] syzkaller0: entered promiscuous mode [ 326.961661][T14448] syzkaller0: entered allmulticast mode [ 326.963295][T14443] kvm: kvm [14442]: vcpu6, guest rIP: 0x9139 Unhandled WRMSR(0x11e) = 0xe500be702111 [ 326.990225][T14443] kvm: kvm [14442]: vcpu6, guest rIP: 0x9139 Unhandled WRMSR(0x186) = 0xe50000000000 [ 326.995412][T14443] kvm: kvm [14442]: vcpu6, guest rIP: 0x9139 Unhandled WRMSR(0x187) = 0xe50000000000 [ 327.171925][ T5440] usb 5-1: USB disconnect, device number 33 [ 327.175757][ T40] audit: type=1400 audit(1778628225.807:622): avc: denied { write } for pid=14459 comm="syz.3.3073" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1 [ 327.208856][T14463] FAULT_INJECTION: forcing a failure. [ 327.208856][T14463] name failslab, interval 1, probability 0, space 0, times 0 [ 327.216647][T14463] CPU: 2 UID: 0 PID: 14463 Comm: syz.2.3074 Not tainted syzkaller #0 PREEMPT(full) [ 327.216671][T14463] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 327.216682][T14463] Call Trace: [ 327.216689][T14463] [ 327.216696][T14463] dump_stack_lvl+0x100/0x190 [ 327.216726][T14463] should_fail_ex.cold+0x5/0xa [ 327.216751][T14463] should_failslab+0xc2/0x120 [ 327.216772][T14463] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 327.216797][T14463] ? skb_clone+0x190/0x400 [ 327.216827][T14463] skb_clone+0x190/0x400 [ 327.216845][T14463] netlink_deliver_tap+0xaed/0xcc0 [ 327.216875][T14463] netlink_unicast+0x62b/0x850 [ 327.216902][T14463] ? __pfx_netlink_unicast+0x10/0x10 [ 327.216933][T14463] netlink_sendmsg+0x8b0/0xda0 [ 327.216960][T14463] ? __pfx_netlink_sendmsg+0x10/0x10 [ 327.216982][T14463] ? __might_fault+0x50/0x140 [ 327.217014][T14463] ____sys_sendmsg+0x9e1/0xb70 [ 327.217034][T14463] ? __pfx_netlink_sendmsg+0x10/0x10 [ 327.217059][T14463] ? __pfx_____sys_sendmsg+0x10/0x10 [ 327.217091][T14463] ___sys_sendmsg+0x190/0x1e0 [ 327.217115][T14463] ? __pfx____sys_sendmsg+0x10/0x10 [ 327.217167][T14463] __sys_sendmsg+0x170/0x220 [ 327.217184][T14463] ? __pfx___sys_sendmsg+0x10/0x10 [ 327.217213][T14463] ? rcu_is_watching+0x12/0xc0 [ 327.217245][T14463] do_syscall_64+0x10b/0xf80 [ 327.217271][T14463] ? clear_bhb_loop+0x40/0x90 [ 327.217293][T14463] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.217311][T14463] RIP: 0033:0x7ffbc5d9ce59 [ 327.217327][T14463] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 327.217344][T14463] RSP: 002b:00007ffbc6b8a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 327.217361][T14463] RAX: ffffffffffffffda RBX: 00007ffbc6015fa0 RCX: 00007ffbc5d9ce59 [ 327.217372][T14463] RDX: 00000000040040c4 RSI: 0000200000000200 RDI: 0000000000000003 [ 327.217383][T14463] RBP: 00007ffbc6b8a090 R08: 0000000000000000 R09: 0000000000000000 [ 327.217393][T14463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 327.217403][T14463] R13: 00007ffbc6016038 R14: 00007ffbc6015fa0 R15: 00007ffde168fb98 [ 327.217427][T14463] [ 327.400213][T14472] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 327.421389][T14474] sch_tbf: burst 0 is lower than device veth0_virt_wifi mtu (1514) ! [ 327.455350][T14476] syzkaller0: entered promiscuous mode [ 327.458452][T14476] syzkaller0: entered allmulticast mode [ 327.650980][ T40] audit: type=1400 audit(1778628226.287:623): avc: denied { read } for pid=14480 comm="syz.1.3080" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 327.663694][ T40] audit: type=1400 audit(1778628226.287:624): avc: denied { open } for pid=14480 comm="syz.1.3080" path="/211/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1 [ 327.742361][ T40] audit: type=1400 audit(1778628226.377:625): avc: denied { wake_alarm } for pid=14480 comm="syz.1.3080" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 327.750503][T14481] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 327.905606][T14503] syzkaller0: entered promiscuous mode [ 327.907201][T14501] binder: 14500:14501 ioctl 4068aea3 200000000080 returned -22 [ 327.907616][T14503] syzkaller0: entered allmulticast mode [ 328.034877][T14507] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=14507 comm=syz.0.3091 [ 328.089078][T14507] IPVS: set_ctl: invalid protocol: 59 172.20.20.187:0 [ 328.093747][T12252] IPVS: starting estimator thread 0... [ 328.192674][T14513] IPVS: using max 45 ests per chain, 108000 per kthread [ 328.222704][ T1351] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 328.228722][T14520] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3095'. [ 328.352253][T14531] syzkaller0: entered promiscuous mode [ 328.355281][T14531] syzkaller0: entered allmulticast mode [ 328.362591][ T1351] usb 6-1: device descriptor read/64, error -71 [ 328.575654][ T12] nci: nci_rx_work: unknown MT 0x1 [ 328.622525][ T1351] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 328.652782][ T5850] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 328.762539][ T1351] usb 6-1: device descriptor read/64, error -71 [ 328.802577][ T5850] usb 5-1: Using ep0 maxpacket: 8 [ 328.806904][ T5850] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 328.811418][ T5850] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 328.815674][ T5850] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 328.819951][ T5850] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 328.825360][ T5850] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 328.828201][ T5850] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 328.872941][ T1351] usb usb6-port1: attempt power cycle [ 329.036723][ T5850] usb 5-1: GET_CAPABILITIES returned 0 [ 329.038624][ T5850] usbtmc 5-1:16.0: can't read capabilities [ 329.212608][ T1351] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 329.233257][ T1351] usb 6-1: device descriptor read/8, error -71 [ 329.246390][ C0] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 329.250049][T12252] usb 5-1: USB disconnect, device number 34 [ 329.482614][ T1351] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 329.503386][ T1351] usb 6-1: device descriptor read/8, error -71 [ 329.614109][ T1351] usb usb6-port1: unable to enumerate USB device [ 330.625338][ T844] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 330.686433][T14570] FAULT_INJECTION: forcing a failure. [ 330.686433][T14570] name failslab, interval 1, probability 0, space 0, times 0 [ 330.690967][T14570] CPU: 2 UID: 0 PID: 14570 Comm: syz.2.3113 Not tainted syzkaller #0 PREEMPT(full) [ 330.690984][T14570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 330.690991][T14570] Call Trace: [ 330.690998][T14570] [ 330.691004][T14570] dump_stack_lvl+0x100/0x190 [ 330.691024][T14570] should_fail_ex.cold+0x5/0xa [ 330.691041][T14570] should_failslab+0xc2/0x120 [ 330.691054][T14570] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 330.691072][T14570] ? __alloc_skb+0x140/0x710 [ 330.691087][T14570] ? __alloc_skb+0x5b7/0x710 [ 330.691104][T14570] __alloc_skb+0x140/0x710 [ 330.691120][T14570] ? __alloc_skb+0x5b7/0x710 [ 330.691134][T14570] ? __pfx___alloc_skb+0x10/0x10 [ 330.691149][T14570] ? __pfx_inet_diag_handler_cmd+0x10/0x10 [ 330.691187][T14570] ? find_held_lock+0x2b/0x80 [ 330.691200][T14570] netlink_ack+0x117/0xb80 [ 330.691219][T14570] netlink_rcv_skb+0x333/0x420 [ 330.691232][T14570] ? __pfx_sock_diag_rcv_msg+0x10/0x10 [ 330.691250][T14570] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 330.691269][T14570] ? netlink_deliver_tap+0x1ae/0xcc0 [ 330.691284][T14570] netlink_unicast+0x585/0x850 [ 330.691299][T14570] ? __pfx_netlink_unicast+0x10/0x10 [ 330.691316][T14570] netlink_sendmsg+0x8b0/0xda0 [ 330.691331][T14570] ? __pfx_netlink_sendmsg+0x10/0x10 [ 330.691350][T14570] sock_write_iter+0x524/0x5a0 [ 330.691364][T14570] ? __pfx_netlink_sendmsg+0x10/0x10 [ 330.691377][T14570] ? __pfx_sock_write_iter+0x10/0x10 [ 330.691389][T14570] ? _kstrtoull+0x13c/0x1f0 [ 330.691406][T14570] ? __pfx___file_has_perm+0x10/0x10 [ 330.691423][T14570] do_iter_readv_writev+0x6ee/0x920 [ 330.691436][T14570] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 330.691446][T14570] ? selinux_file_permission+0x8f/0x6d0 [ 330.691462][T14570] ? bpf_lsm_file_permission+0x9/0x10 [ 330.691480][T14570] ? security_file_permission+0x76/0x210 [ 330.691495][T14570] ? rw_verify_area+0xce/0x6d0 [ 330.691506][T14570] vfs_writev+0x360/0xe10 [ 330.691521][T14570] ? __pfx_vfs_writev+0x10/0x10 [ 330.691531][T14570] ? find_held_lock+0x2b/0x80 [ 330.691541][T14570] ? ksys_write+0x190/0x250 [ 330.691559][T14570] ? __fget_files+0x21f/0x3d0 [ 330.691576][T14570] ? do_writev+0x28a/0x340 [ 330.691585][T14570] do_writev+0x28a/0x340 [ 330.691596][T14570] ? __pfx_do_writev+0x10/0x10 [ 330.691607][T14570] ? rcu_is_watching+0x12/0xc0 [ 330.691634][T14570] do_syscall_64+0x10b/0xf80 [ 330.691657][T14570] ? clear_bhb_loop+0x40/0x90 [ 330.691676][T14570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.691692][T14570] RIP: 0033:0x7ffbc5d9ce59 [ 330.691706][T14570] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 330.691721][T14570] RSP: 002b:00007ffbc6b8a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 330.691737][T14570] RAX: ffffffffffffffda RBX: 00007ffbc6015fa0 RCX: 00007ffbc5d9ce59 [ 330.691746][T14570] RDX: 0000000000000001 RSI: 0000200000000680 RDI: 0000000000000004 [ 330.691757][T14570] RBP: 00007ffbc6b8a090 R08: 0000000000000000 R09: 0000000000000000 [ 330.691766][T14570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 330.691777][T14570] R13: 00007ffbc6016038 R14: 00007ffbc6015fa0 R15: 00007ffde168fb98 [ 330.691796][T14570] [ 330.838813][T14572] vlan0: entered promiscuous mode [ 330.893743][ T844] usb 5-1: Using ep0 maxpacket: 8 [ 330.897365][ T844] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 330.901473][ T844] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 330.906056][ T844] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 330.910215][ T844] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 330.915182][ T844] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 330.918785][ T844] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.097098][T14581] syzkaller0: entered promiscuous mode [ 331.099452][T14581] syzkaller0: entered allmulticast mode [ 331.117122][T14581] simple: basic_1 [ 331.119125][T14581] simple: basic_2 [ 331.120893][T14581] simple: basic_3 [ 331.124118][T14581] simple: basic_4 [ 331.124756][ T40] audit: type=1400 audit(1778628229.767:626): avc: denied { write } for pid=14582 comm="syz.2.3118" name="/" dev="9p" ino=81264693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 331.125835][T14581] simple: basic_5 [ 331.125869][T14581] simple: basic_6 [ 331.125881][T14581] simple: basic_7 [ 331.133303][ T40] audit: type=1400 audit(1778628229.767:627): avc: denied { read append } for pid=14582 comm="syz.2.3118" path="/120/file0/cpuacct.usage_sys" dev="9p" ino=81264747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 331.133336][ T40] audit: type=1400 audit(1778628229.767:628): avc: denied { lock } for pid=14582 comm="syz.2.3118" path="/120/file0/cpuacct.usage_sys" dev="9p" ino=81264747 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 331.154470][ T844] usb 5-1: GET_CAPABILITIES returned 0 [ 331.159620][T14581] simple: basic_8 [ 331.159640][T14581] simple: basic_9 [ 331.159649][T14581] simple: basic_10 [ 331.159659][T14581] simple: basic_11 [ 331.159669][T14581] simple: basic_12 [ 331.159678][T14581] simple: basic_13 [ 331.159687][T14581] simple: basic_14 [ 331.159696][T14581] simple: basic_15 [ 331.165082][ T844] usbtmc 5-1:16.0: can't read capabilities [ 331.165746][T14581] simple: basic_16 [ 331.179762][T14581] simple: basic_17 [ 331.181277][T14581] 0: reclassify loop, rule prio 0, protocol 800 [ 331.359132][ C3] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 331.365229][ T844] usb 5-1: USB disconnect, device number 35 [ 331.451067][T14589] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 331.464333][T14589] FAULT_INJECTION: forcing a failure. [ 331.464333][T14589] name failslab, interval 1, probability 0, space 0, times 0 [ 331.472512][T14589] CPU: 2 UID: 0 PID: 14589 Comm: syz.2.3121 Not tainted syzkaller #0 PREEMPT(full) [ 331.472540][T14589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 331.472551][T14589] Call Trace: [ 331.472559][T14589] [ 331.472568][T14589] dump_stack_lvl+0x100/0x190 [ 331.472598][T14589] should_fail_ex.cold+0x5/0xa [ 331.472641][T14589] should_failslab+0xc2/0x120 [ 331.472665][T14589] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 331.472697][T14589] ? copy_process+0x69a/0x7ed0 [ 331.472714][T14589] ? mark_held_locks+0x40/0x70 [ 331.472742][T14589] copy_process+0x69a/0x7ed0 [ 331.472775][T14589] ? __pfx_copy_process+0x10/0x10 [ 331.472796][T14589] ? lockdep_init_map_type+0x5c/0x250 [ 331.472829][T14589] ? lockdep_init_map_type+0x5c/0x250 [ 331.472856][T14589] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 331.472878][T14589] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 331.472906][T14589] vhost_task_create+0x1db/0x370 [ 331.472935][T14589] ? __pfx_vhost_task_create+0x10/0x10 [ 331.472959][T14589] ? register_lock_class+0x40/0x560 [ 331.472990][T14589] ? __pfx_vhost_task_fn+0x10/0x10 [ 331.473018][T14589] ? __pfx___mutex_lock+0x10/0x10 [ 331.473044][T14589] ? kasan_quarantine_put+0x104/0x240 [ 331.473079][T14589] kvm_mmu_post_init_vm+0x1b3/0x370 [ 331.473108][T14589] kvm_arch_vcpu_ioctl_run+0x66/0x1890 [ 331.473135][T14589] ? kvm_vcpu_ioctl+0x1546/0x1720 [ 331.473160][T14589] kvm_vcpu_ioctl+0x730/0x1720 [ 331.473183][T14589] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 331.473204][T14589] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 331.473228][T14589] ? do_vfs_ioctl+0x226/0x13e0 [ 331.473247][T14589] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 331.473266][T14589] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 331.473302][T14589] ? __fget_files+0x215/0x3d0 [ 331.473323][T14589] ? hook_file_ioctl_common+0x149/0x410 [ 331.473359][T14589] ? selinux_file_ioctl+0x13b/0x290 [ 331.473383][T14589] ? selinux_file_ioctl+0xb6/0x290 [ 331.473409][T14589] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 331.473430][T14589] __x64_sys_ioctl+0x18e/0x210 [ 331.473450][T14589] do_syscall_64+0x10b/0xf80 [ 331.473476][T14589] ? clear_bhb_loop+0x40/0x90 [ 331.473499][T14589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.473517][T14589] RIP: 0033:0x7ffbc5d9ce59 [ 331.473534][T14589] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 331.473552][T14589] RSP: 002b:00007ffbc6b8a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 331.473570][T14589] RAX: ffffffffffffffda RBX: 00007ffbc6015fa0 RCX: 00007ffbc5d9ce59 [ 331.473581][T14589] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 331.473592][T14589] RBP: 00007ffbc6b8a090 R08: 0000000000000000 R09: 0000000000000000 [ 331.473602][T14589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 331.473613][T14589] R13: 00007ffbc6016038 R14: 00007ffbc6015fa0 R15: 00007ffde168fb98 [ 331.473638][T14589] [ 331.515077][T14537] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 331.668055][ T40] audit: type=1400 audit(1778628230.307:629): avc: denied { write } for pid=14592 comm="syz.1.3122" name="/" dev="9p" ino=81264693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 331.696183][ T40] audit: type=1400 audit(1778628230.307:630): avc: denied { write } for pid=14592 comm="syz.1.3122" name="/" dev="9p" ino=81264693 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 331.709677][ T40] audit: type=1400 audit(1778628230.327:631): avc: denied { read } for pid=14592 comm="syz.1.3122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1 [ 331.757076][T14602] syzkaller0: entered promiscuous mode [ 331.758948][T14602] syzkaller0: entered allmulticast mode [ 331.827230][T14607] loop2: detected capacity change from 0 to 3 [ 331.833479][T14607] ldm_validate_privheads(): Disk read failed. [ 331.836227][T14607] Dev loop2: unable to read RDB block 3 [ 331.838212][T14607] loop2: unable to read partition table [ 331.840217][T14607] loop2: partition table beyond EOD, truncated [ 331.842239][T14607] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 331.976402][T14620] FAULT_INJECTION: forcing a failure. [ 331.976402][T14620] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 331.976602][ T1168] nci: nci_rx_work: unknown MT 0x1 [ 331.983038][T14620] CPU: 1 UID: 0 PID: 14620 Comm: syz.2.3134 Not tainted syzkaller #0 PREEMPT(full) [ 331.983063][T14620] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 331.983074][T14620] Call Trace: [ 331.983081][T14620] [ 331.983087][T14620] dump_stack_lvl+0x100/0x190 [ 331.983114][T14620] should_fail_ex.cold+0x5/0xa [ 331.983135][T14620] _copy_from_user+0x2e/0xd0 [ 331.983159][T14620] lo_ioctl+0xcc7/0x1bc0 [ 331.983186][T14620] ? __pfx_lo_ioctl+0x10/0x10 [ 331.983205][T14620] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 331.983234][T14620] ? kasan_quarantine_put+0x104/0x240 [ 331.983256][T14620] ? blk_get_meta_cap+0xd4/0x6c0 [ 331.983282][T14620] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 331.983311][T14620] ? blkdev_common_ioctl+0x515/0x2b80 [ 331.983352][T14620] ? __fget_files+0x215/0x3d0 [ 331.983372][T14620] ? __pfx_lo_ioctl+0x10/0x10 [ 331.983392][T14620] blkdev_ioctl+0x5ad/0x6f0 [ 331.983407][T14620] ? __pfx_blkdev_ioctl+0x10/0x10 [ 331.983421][T14620] ? selinux_file_ioctl+0x13b/0x290 [ 331.983442][T14620] ? selinux_file_ioctl+0xb6/0x290 [ 331.983462][T14620] ? __pfx_blkdev_ioctl+0x10/0x10 [ 331.983478][T14620] __x64_sys_ioctl+0x18e/0x210 [ 331.983497][T14620] do_syscall_64+0x10b/0xf80 [ 331.983518][T14620] ? clear_bhb_loop+0x40/0x90 [ 331.983537][T14620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.983552][T14620] RIP: 0033:0x7ffbc5d9ce59 [ 331.983567][T14620] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 331.983581][T14620] RSP: 002b:00007ffbc6b8a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 331.983598][T14620] RAX: ffffffffffffffda RBX: 00007ffbc6015fa0 RCX: 00007ffbc5d9ce59 [ 331.983608][T14620] RDX: 0000200000000500 RSI: 0000000000004c0a RDI: 0000000000000003 [ 331.983617][T14620] RBP: 00007ffbc6b8a090 R08: 0000000000000000 R09: 0000000000000000 [ 331.983626][T14620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 331.983635][T14620] R13: 00007ffbc6016038 R14: 00007ffbc6015fa0 R15: 00007ffde168fb98 [ 331.983656][T14620] [ 332.305468][ T40] audit: type=1400 audit(1778628230.947:632): avc: denied { create } for pid=14636 comm="syz.1.3139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 332.321013][ T40] audit: type=1400 audit(1778628230.957:633): avc: denied { sys_admin } for pid=14636 comm="syz.1.3139" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 332.338474][T14637] capability: warning: `syz.1.3139' uses deprecated v2 capabilities in a way that may be insecure [ 332.348122][T14637] VFS: Mount too revealing [ 332.348147][ T40] audit: type=1400 audit(1778628230.987:634): avc: denied { mount } for pid=14636 comm="syz.1.3139" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 333.350538][T14650] program syz.1.3143 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 333.356227][T14650] loop2: detected capacity change from 0 to 7 [ 333.360920][T14650] Dev loop2: unable to read RDB block 7 [ 333.363149][T14650] loop2: unable to read partition table [ 333.365064][T14650] loop2: partition table beyond EOD, truncated [ 333.369230][T14650] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5) [ 334.916247][T14611] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 334.973213][T14658] syzkaller0: entered promiscuous mode [ 334.975129][T14658] syzkaller0: entered allmulticast mode [ 334.980101][T14658] FAULT_INJECTION: forcing a failure. [ 334.980101][T14658] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 334.985972][T14658] CPU: 0 UID: 0 PID: 14658 Comm: syz.3.3148 Not tainted syzkaller #0 PREEMPT(full) [ 334.985988][T14658] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 334.985996][T14658] Call Trace: [ 334.986000][T14658] [ 334.986005][T14658] dump_stack_lvl+0x100/0x190 [ 334.986035][T14658] should_fail_ex.cold+0x5/0xa [ 334.986059][T14658] _copy_from_iter+0x43a/0x1690 [ 334.986096][T14658] ? __pfx__copy_from_iter+0x10/0x10 [ 334.986117][T14658] ? find_held_lock+0x2b/0x80 [ 334.986133][T14658] ? dev_get_by_index+0x180/0x380 [ 334.986174][T14658] ? dev_get_by_index+0x180/0x380 [ 334.986232][T14658] packet_sendmsg+0x1bb3/0x5100 [ 334.986283][T14658] ? avc_has_perm+0x135/0x1e0 [ 334.986299][T14658] ? __pfx_avc_has_perm+0x10/0x10 [ 334.986317][T14658] ? __lock_acquire+0x4a5/0x2630 [ 334.986342][T14658] ? sock_has_perm+0x25a/0x2f0 [ 334.986361][T14658] ? __pfx_sock_has_perm+0x10/0x10 [ 334.986380][T14658] ? __pfx_packet_sendmsg+0x10/0x10 [ 334.986411][T14658] ____sys_sendmsg+0x9e1/0xb70 [ 334.986432][T14658] ? __pfx_packet_sendmsg+0x10/0x10 [ 334.986455][T14658] ? __pfx_____sys_sendmsg+0x10/0x10 [ 334.986483][T14658] ___sys_sendmsg+0x190/0x1e0 [ 334.986503][T14658] ? __pfx____sys_sendmsg+0x10/0x10 [ 334.986592][T14658] __sys_sendmsg+0x170/0x220 [ 334.986624][T14658] ? __pfx___sys_sendmsg+0x10/0x10 [ 334.986649][T14658] ? rcu_is_watching+0x12/0xc0 [ 334.986676][T14658] do_syscall_64+0x10b/0xf80 [ 334.986720][T14658] ? clear_bhb_loop+0x40/0x90 [ 334.986742][T14658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.986758][T14658] RIP: 0033:0x7fb8cf59ce59 [ 334.986775][T14658] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 334.986790][T14658] RSP: 002b:00007fb8d041a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 334.986808][T14658] RAX: ffffffffffffffda RBX: 00007fb8cf815fa0 RCX: 00007fb8cf59ce59 [ 334.986818][T14658] RDX: 0000000000000005 RSI: 0000200000000000 RDI: 0000000000000007 [ 334.986827][T14658] RBP: 00007fb8d041a090 R08: 0000000000000000 R09: 0000000000000000 [ 334.986838][T14658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 334.986847][T14658] R13: 00007fb8cf816038 R14: 00007fb8cf815fa0 R15: 00007ffeeeea98e8 [ 334.986869][T14658] [ 335.002922][T14664] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3149'. [ 335.079478][T14668] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60 sclass=netlink_route_socket pid=14668 comm=syz.0.3149 [ 335.267821][T14695] sit1: entered allmulticast mode [ 335.295741][ T1168] nci: nci_rx_work: unknown MT 0x1 [ 335.585891][T14715] FAULT_INJECTION: forcing a failure. [ 335.585891][T14715] name failslab, interval 1, probability 0, space 0, times 0 [ 335.591313][T14715] CPU: 3 UID: 0 PID: 14715 Comm: syz.1.3166 Not tainted syzkaller #0 PREEMPT(full) [ 335.591333][T14715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 335.591341][T14715] Call Trace: [ 335.591350][T14715] [ 335.591357][T14715] dump_stack_lvl+0x100/0x190 [ 335.591425][T14715] should_fail_ex.cold+0x5/0xa [ 335.591455][T14715] should_failslab+0xc2/0x120 [ 335.591480][T14715] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 335.591502][T14715] ? __alloc_skb+0x140/0x710 [ 335.591545][T14715] __alloc_skb+0x140/0x710 [ 335.591564][T14715] ? __alloc_skb+0x5b7/0x710 [ 335.591583][T14715] ? __pfx___alloc_skb+0x10/0x10 [ 335.591603][T14715] ? netlink_has_listeners+0x21b/0x430 [ 335.591630][T14715] ? netlink_has_listeners+0x21b/0x430 [ 335.591648][T14715] alloc_uevent_skb+0x7d/0x210 [ 335.591689][T14715] kobject_uevent_env+0xd2d/0x18b0 [ 335.591706][T14715] ? bus_to_subsys+0x114/0x150 [ 335.591762][T14715] device_del+0x605/0x9b0 [ 335.591785][T14715] ? __pfx_device_del+0x10/0x10 [ 335.591815][T14715] rfkill_unregister+0xde/0x2c0 [ 335.591848][T14715] nfc_unregister_rfkill+0xd0/0x2b0 [ 335.591877][T14715] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 335.591896][T14715] nci_unregister_device+0x3e/0x330 [ 335.591908][T14715] ? ima_file_free+0xc6/0x340 [ 335.591935][T14715] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 335.591953][T14715] virtual_ncidev_close+0x4b/0xa0 [ 335.591970][T14715] __fput+0x3ff/0xb50 [ 335.591993][T14715] fput_close_sync+0x118/0x250 [ 335.592014][T14715] ? __pfx_fput_close_sync+0x10/0x10 [ 335.592038][T14715] __x64_sys_close+0x8b/0x120 [ 335.592059][T14715] do_syscall_64+0x10b/0xf80 [ 335.592077][T14715] ? clear_bhb_loop+0x40/0x90 [ 335.592094][T14715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.592107][T14715] RIP: 0033:0x7f1b82d9ce59 [ 335.592121][T14715] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 335.592133][T14715] RSP: 002b:00007f1b83bfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 335.592146][T14715] RAX: ffffffffffffffda RBX: 00007f1b83015fa0 RCX: 00007f1b82d9ce59 [ 335.592155][T14715] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 335.592162][T14715] RBP: 00007f1b83bfa090 R08: 0000000000000000 R09: 0000000000000000 [ 335.592169][T14715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 335.592177][T14715] R13: 00007f1b83016038 R14: 00007f1b83015fa0 R15: 00007ffdb53e8928 [ 335.592194][T14715] [ 335.781787][ T40] audit: type=1400 audit(1778628234.417:635): avc: denied { write } for pid=14719 comm="syz.1.3167" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 335.791213][ T40] audit: type=1400 audit(1778628234.417:636): avc: denied { open } for pid=14719 comm="syz.1.3167" path="/240/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 335.800987][ T40] audit: type=1400 audit(1778628234.417:637): avc: denied { ioctl } for pid=14719 comm="syz.1.3167" path="/240/file0/file0" dev="fuse" ino=64 ioctlcmd=0x4d18 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1 [ 338.230452][T14685] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 338.302481][ T40] audit: type=1400 audit(1778628236.937:638): avc: denied { map } for pid=14729 comm="syz.1.3170" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=758 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 338.329376][ T40] audit: type=1400 audit(1778628236.967:639): avc: denied { lock } for pid=14729 comm="syz.1.3170" path="socket:[54953]" dev="sockfs" ino=54953 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 338.330564][T14734] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 338.343149][T14733] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3171'. [ 338.588681][T14759] FAULT_INJECTION: forcing a failure. [ 338.588681][T14759] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 338.595306][T14759] CPU: 2 UID: 0 PID: 14759 Comm: syz.0.3183 Not tainted syzkaller #0 PREEMPT(full) [ 338.595332][T14759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 338.595343][T14759] Call Trace: [ 338.595351][T14759] [ 338.595359][T14759] dump_stack_lvl+0x100/0x190 [ 338.595445][T14759] should_fail_ex.cold+0x5/0xa [ 338.595484][T14759] _copy_to_user+0x32/0xd0 [ 338.595528][T14759] simple_read_from_buffer+0xcb/0x170 [ 338.595566][T14759] proc_fail_nth_read+0x1af/0x230 [ 338.595596][T14759] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 338.595615][T14759] ? rw_verify_area+0xce/0x6d0 [ 338.595632][T14759] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 338.595650][T14759] vfs_read+0x1e4/0xb30 [ 338.595670][T14759] ? __pfx_vfs_read+0x10/0x10 [ 338.595687][T14759] ? __fget_files+0x215/0x3d0 [ 338.595712][T14759] ? __fget_files+0x21f/0x3d0 [ 338.595738][T14759] ksys_read+0x12a/0x250 [ 338.595756][T14759] ? __pfx_ksys_read+0x10/0x10 [ 338.595775][T14759] ? rcu_is_watching+0x12/0xc0 [ 338.595854][T14759] do_syscall_64+0x10b/0xf80 [ 338.595929][T14759] ? clear_bhb_loop+0x40/0x90 [ 338.595951][T14759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.595971][T14759] RIP: 0033:0x7f879875d68e [ 338.595988][T14759] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 338.596006][T14759] RSP: 002b:00007f87996ddfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 338.596026][T14759] RAX: ffffffffffffffda RBX: 00007f87996de6c0 RCX: 00007f879875d68e [ 338.596038][T14759] RDX: 000000000000000f RSI: 00007f87996de0a0 RDI: 0000000000000006 [ 338.596049][T14759] RBP: 00007f87996de090 R08: 0000000000000000 R09: 0000000000000000 [ 338.596060][T14759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 338.596073][T14759] R13: 00007f8798a16038 R14: 00007f8798a15fa0 R15: 00007ffd06604128 [ 338.596097][T14759] [ 338.739172][T14763] netlink: 'syz.3.3185': attribute type 2 has an invalid length. [ 338.742534][T14763] netlink: 151 bytes leftover after parsing attributes in process `syz.3.3185'. [ 338.760495][ T40] audit: type=1400 audit(1778628237.397:640): avc: denied { map } for pid=14762 comm="syz.3.3185" path="/dev/zero" dev="devtmpfs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 338.792622][ T5847] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 338.865214][T14771] FAULT_INJECTION: forcing a failure. [ 338.865214][T14771] name failslab, interval 1, probability 0, space 0, times 0 [ 338.871670][T14771] CPU: 0 UID: 0 PID: 14771 Comm: syz.3.3189 Not tainted syzkaller #0 PREEMPT(full) [ 338.871699][T14771] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 338.871712][T14771] Call Trace: [ 338.871719][T14771] [ 338.871728][T14771] dump_stack_lvl+0x100/0x190 [ 338.871760][T14771] should_fail_ex.cold+0x5/0xa [ 338.871790][T14771] should_failslab+0xc2/0x120 [ 338.871815][T14771] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 338.871847][T14771] ? __alloc_skb+0x140/0x710 [ 338.871924][T14771] __alloc_skb+0x140/0x710 [ 338.871952][T14771] ? __alloc_skb+0x5b7/0x710 [ 338.871981][T14771] ? __pfx___alloc_skb+0x10/0x10 [ 338.872011][T14771] ? netlink_has_listeners+0x21b/0x430 [ 338.872050][T14771] ? netlink_has_listeners+0x21b/0x430 [ 338.872082][T14771] alloc_uevent_skb+0x7d/0x210 [ 338.872133][T14771] kobject_uevent_env+0xd2d/0x18b0 [ 338.872168][T14771] ? bus_to_subsys+0x114/0x150 [ 338.872215][T14771] device_del+0x605/0x9b0 [ 338.872247][T14771] ? __pfx_device_del+0x10/0x10 [ 338.872281][T14771] rfkill_unregister+0xde/0x2c0 [ 338.872324][T14771] nfc_unregister_rfkill+0xd0/0x2b0 [ 338.872359][T14771] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 338.872385][T14771] nci_unregister_device+0x3e/0x330 [ 338.872418][T14771] ? ima_file_free+0xc6/0x340 [ 338.872444][T14771] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 338.872467][T14771] virtual_ncidev_close+0x4b/0xa0 [ 338.872491][T14771] __fput+0x3ff/0xb50 [ 338.872519][T14771] fput_close_sync+0x118/0x250 [ 338.872553][T14771] ? __pfx_fput_close_sync+0x10/0x10 [ 338.872588][T14771] __x64_sys_close+0x8b/0x120 [ 338.872617][T14771] do_syscall_64+0x10b/0xf80 [ 338.872642][T14771] ? clear_bhb_loop+0x40/0x90 [ 338.872665][T14771] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.872684][T14771] RIP: 0033:0x7fb8cf59ce59 [ 338.872701][T14771] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 338.872718][T14771] RSP: 002b:00007fb8d041a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 338.872742][T14771] RAX: ffffffffffffffda RBX: 00007fb8cf815fa0 RCX: 00007fb8cf59ce59 [ 338.872754][T14771] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 338.872763][T14771] RBP: 00007fb8d041a090 R08: 0000000000000000 R09: 0000000000000000 [ 338.872774][T14771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 338.872784][T14771] R13: 00007fb8cf816038 R14: 00007fb8cf815fa0 R15: 00007ffeeeea98e8 [ 338.872811][T14771] [ 338.952703][ T5847] usb 6-1: Using ep0 maxpacket: 32 [ 338.995365][ T5847] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 339.000480][ T5847] usb 6-1: config 0 has no interfaces? [ 339.016883][ T5847] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 339.020186][ T5847] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.026282][ T5847] usb 6-1: config 0 descriptor?? [ 339.231452][ T5847] usb 6-1: USB disconnect, device number 39 [ 339.238640][T14791] netlink: 'syz.3.3196': attribute type 5 has an invalid length. [ 339.285783][T14795] FAULT_INJECTION: forcing a failure. [ 339.285783][T14795] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 339.290710][T14795] CPU: 1 UID: 0 PID: 14795 Comm: syz.3.3198 Not tainted syzkaller #0 PREEMPT(full) [ 339.290726][T14795] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 339.290733][T14795] Call Trace: [ 339.290738][T14795] [ 339.290744][T14795] dump_stack_lvl+0x100/0x190 [ 339.290763][T14795] should_fail_ex.cold+0x5/0xa [ 339.290779][T14795] _copy_from_user+0x2e/0xd0 [ 339.290796][T14795] copy_msghdr_from_user+0x9f/0x4f0 [ 339.290814][T14795] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 339.290834][T14795] ___sys_sendmsg+0x106/0x1e0 [ 339.290849][T14795] ? __pfx____sys_sendmsg+0x10/0x10 [ 339.290890][T14795] __sys_sendmsg+0x170/0x220 [ 339.290907][T14795] ? __pfx___sys_sendmsg+0x10/0x10 [ 339.290929][T14795] ? rcu_is_watching+0x12/0xc0 [ 339.290957][T14795] do_syscall_64+0x10b/0xf80 [ 339.290978][T14795] ? clear_bhb_loop+0x40/0x90 [ 339.290992][T14795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.291004][T14795] RIP: 0033:0x7fb8cf59ce59 [ 339.291014][T14795] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 339.291024][T14795] RSP: 002b:00007fb8d041a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 339.291035][T14795] RAX: ffffffffffffffda RBX: 00007fb8cf815fa0 RCX: 00007fb8cf59ce59 [ 339.291042][T14795] RDX: 0000000000000800 RSI: 0000200000000200 RDI: 0000000000000005 [ 339.291048][T14795] RBP: 00007fb8d041a090 R08: 0000000000000000 R09: 0000000000000000 [ 339.291054][T14795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 339.291060][T14795] R13: 00007fb8cf816038 R14: 00007fb8cf815fa0 R15: 00007ffeeeea98e8 [ 339.291073][T14795] [ 339.555076][ T40] audit: type=1400 audit(1778628238.197:641): avc: denied { mount } for pid=14805 comm="syz.3.3203" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 339.565447][ T40] audit: type=1400 audit(1778628238.197:642): avc: denied { watch } for pid=14805 comm="syz.3.3203" path="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 339.575850][ T40] audit: type=1400 audit(1778628238.197:643): avc: denied { watch_sb watch_reads } for pid=14805 comm="syz.3.3203" path="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 339.689569][T14814] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 339.765003][T14821] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 339.836125][ T40] audit: type=1400 audit(1778628238.477:644): avc: denied { read } for pid=14829 comm="syz.3.3212" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 339.845239][ T40] audit: type=1400 audit(1778628238.477:645): avc: denied { open } for pid=14829 comm="syz.3.3212" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 339.859367][ T40] audit: type=1400 audit(1778628238.477:646): avc: denied { ioctl } for pid=14829 comm="syz.3.3212" path="/dev/autofs" dev="devtmpfs" ino=104 ioctlcmd=0x9373 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1 [ 339.884393][ T40] audit: type=1400 audit(1778628238.527:647): avc: denied { module_request } for pid=14831 comm="syz.3.3214" kmod="netdev-syzkaller0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 340.005199][T14843] FAULT_INJECTION: forcing a failure. [ 340.005199][T14843] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 340.011545][T14843] CPU: 3 UID: 0 PID: 14843 Comm: syz.1.3216 Not tainted syzkaller #0 PREEMPT(full) [ 340.011575][T14843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 340.011585][T14843] Call Trace: [ 340.011607][T14843] [ 340.011614][T14843] dump_stack_lvl+0x100/0x190 [ 340.011691][T14843] should_fail_ex.cold+0x5/0xa [ 340.011725][T14843] _copy_from_user+0x2e/0xd0 [ 340.011762][T14843] copy_msghdr_from_user+0x9f/0x4f0 [ 340.011814][T14843] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 340.011837][T14843] ? __lock_acquire+0x4a5/0x2630 [ 340.011871][T14843] ___sys_recvmsg+0xdd/0x1a0 [ 340.011891][T14843] ? __pfx____sys_recvmsg+0x10/0x10 [ 340.011913][T14843] ? find_held_lock+0x2b/0x80 [ 340.011942][T14843] do_recvmmsg+0x301/0x760 [ 340.011965][T14843] ? __pfx_do_recvmmsg+0x10/0x10 [ 340.011983][T14843] ? ksys_write+0x190/0x250 [ 340.012014][T14843] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 340.012076][T14843] ? vfs_write+0x3/0x1070 [ 340.012098][T14843] ? __fget_files+0x21f/0x3d0 [ 340.012122][T14843] __x64_sys_recvmmsg+0x22a/0x280 [ 340.012140][T14843] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 340.012158][T14843] ? rcu_is_watching+0x12/0xc0 [ 340.012184][T14843] do_syscall_64+0x10b/0xf80 [ 340.012214][T14843] ? clear_bhb_loop+0x40/0x90 [ 340.012233][T14843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.012249][T14843] RIP: 0033:0x7f1b82d9ce59 [ 340.012274][T14843] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 340.012288][T14843] RSP: 002b:00007f1b83bfa028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 340.012305][T14843] RAX: ffffffffffffffda RBX: 00007f1b83015fa0 RCX: 00007f1b82d9ce59 [ 340.012314][T14843] RDX: 0000000000000001 RSI: 0000200000001f00 RDI: 0000000000000004 [ 340.012323][T14843] RBP: 00007f1b83bfa090 R08: 0000000000000000 R09: 0000000000000000 [ 340.012332][T14843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 340.012341][T14843] R13: 00007f1b83016038 R14: 00007f1b83015fa0 R15: 00007ffdb53e8928 [ 340.012363][T14843] [ 340.183606][T14851] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 340.187251][T14851] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 340.228574][T14855] syzkaller0: entered promiscuous mode [ 340.231216][T14855] syzkaller0: entered allmulticast mode [ 340.403392][T14867] ALSA: seq fatal error: cannot create timer (-19) [ 340.412600][T14871] batman_adv: batadv0: Adding interface: dummy0 [ 340.415229][T14871] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 340.424650][T14871] batman_adv: batadv0: Interface activated: dummy0 [ 340.444463][T14871] batadv0: mtu less than device minimum [ 340.448130][T14871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 340.454482][T14871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 340.460164][T14871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 340.464345][T14871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 340.468911][T14871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 340.473326][T14871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 340.477263][T14871] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 340.615848][T14883] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 340.626222][T14883] FAULT_INJECTION: forcing a failure. [ 340.626222][T14883] name failslab, interval 1, probability 0, space 0, times 0 [ 340.633487][T14883] CPU: 0 UID: 0 PID: 14883 Comm: syz.1.3232 Not tainted syzkaller #0 PREEMPT(full) [ 340.633624][T14883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 340.633636][T14883] Call Trace: [ 340.633655][T14883] [ 340.633664][T14883] dump_stack_lvl+0x100/0x190 [ 340.633698][T14883] should_fail_ex.cold+0x5/0xa [ 340.633723][T14883] should_failslab+0xc2/0x120 [ 340.633742][T14883] __kmalloc_cache_node_noprof+0x7d/0x770 [ 340.633758][T14883] ? __get_vm_area_node+0x101/0x330 [ 340.633780][T14883] __get_vm_area_node+0x101/0x330 [ 340.633812][T14883] __vmalloc_node_range_noprof+0x228/0x1630 [ 340.633833][T14883] ? vhost_task_create+0x1db/0x370 [ 340.633858][T14883] ? rcu_is_watching+0x12/0xc0 [ 340.633892][T14883] ? vhost_task_create+0x1db/0x370 [ 340.633922][T14883] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 340.633951][T14883] ? rcu_is_watching+0x12/0xc0 [ 340.633974][T14883] ? trace_kmem_cache_alloc+0xd5/0x100 [ 340.633995][T14883] ? vhost_task_create+0x1db/0x370 [ 340.634018][T14883] __vmalloc_node_noprof+0xad/0xf0 [ 340.634040][T14883] ? vhost_task_create+0x1db/0x370 [ 340.634067][T14883] copy_process+0x7fb/0x7ed0 [ 340.634085][T14883] ? irqentry_exit+0x24d/0x7e0 [ 340.634164][T14883] ? lockdep_hardirqs_on+0x78/0x100 [ 340.634187][T14883] ? irqentry_exit+0x24d/0x7e0 [ 340.634222][T14883] ? __pfx_copy_process+0x10/0x10 [ 340.634239][T14883] ? debug_check_no_locks_freed+0x7a/0x120 [ 340.634263][T14883] ? lockdep_init_map_type+0x5c/0x250 [ 340.634293][T14883] ? lockdep_init_map_type+0x5c/0x250 [ 340.634385][T14883] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 340.634405][T14883] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 340.634430][T14883] vhost_task_create+0x1db/0x370 [ 340.634454][T14883] ? __pfx_vhost_task_create+0x10/0x10 [ 340.634475][T14883] ? register_lock_class+0x40/0x560 [ 340.634503][T14883] ? __pfx_vhost_task_fn+0x10/0x10 [ 340.634530][T14883] ? __pfx___mutex_lock+0x10/0x10 [ 340.634555][T14883] ? kasan_quarantine_put+0x104/0x240 [ 340.634590][T14883] kvm_mmu_post_init_vm+0x1b3/0x370 [ 340.634614][T14883] kvm_arch_vcpu_ioctl_run+0x66/0x1890 [ 340.634638][T14883] ? kvm_vcpu_ioctl+0x1546/0x1720 [ 340.634661][T14883] kvm_vcpu_ioctl+0x730/0x1720 [ 340.634682][T14883] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 340.634703][T14883] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 340.634727][T14883] ? do_vfs_ioctl+0x226/0x13e0 [ 340.634747][T14883] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 340.634765][T14883] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 340.634809][T14883] ? __fget_files+0x215/0x3d0 [ 340.634828][T14883] ? hook_file_ioctl_common+0x149/0x410 [ 340.634863][T14883] ? selinux_file_ioctl+0x13b/0x290 [ 340.634885][T14883] ? selinux_file_ioctl+0xb6/0x290 [ 340.634910][T14883] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 340.634931][T14883] __x64_sys_ioctl+0x18e/0x210 [ 340.634950][T14883] do_syscall_64+0x10b/0xf80 [ 340.634987][T14883] ? clear_bhb_loop+0x40/0x90 [ 340.635009][T14883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.635027][T14883] RIP: 0033:0x7f1b82d9ce59 [ 340.635044][T14883] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 340.635061][T14883] RSP: 002b:00007f1b83bfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 340.635078][T14883] RAX: ffffffffffffffda RBX: 00007f1b83015fa0 RCX: 00007f1b82d9ce59 [ 340.635089][T14883] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 340.635099][T14883] RBP: 00007f1b83bfa090 R08: 0000000000000000 R09: 0000000000000000 [ 340.635114][T14883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 340.635125][T14883] R13: 00007f1b83016038 R14: 00007f1b83015fa0 R15: 00007ffdb53e8928 [ 340.635149][T14883] [ 340.636135][T14883] syz.1.3232: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 340.646041][T14888] syzkaller0: entered promiscuous mode [ 340.652799][T14883] ,cpuset= [ 340.659313][T14888] syzkaller0: entered allmulticast mode [ 340.792146][T14883] /,mems_allowed=0-1 [ 340.804289][T14883] CPU: 0 UID: 0 PID: 14883 Comm: syz.1.3232 Not tainted syzkaller #0 PREEMPT(full) [ 340.804305][T14883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 340.804311][T14883] Call Trace: [ 340.804317][T14883] [ 340.804323][T14883] dump_stack_lvl+0x100/0x190 [ 340.804354][T14883] warn_alloc.cold+0x95/0x1c1 [ 340.804368][T14883] ? __pfx_warn_alloc+0x10/0x10 [ 340.804384][T14883] ? trace_kmalloc+0xe3/0x110 [ 340.804398][T14883] ? __kmalloc_cache_node_noprof+0x2d9/0x770 [ 340.804410][T14883] ? __kasan_kmalloc+0x8a/0xb0 [ 340.804427][T14883] ? __get_vm_area_node+0x208/0x330 [ 340.804443][T14883] __vmalloc_node_range_noprof+0xccd/0x1630 [ 340.804458][T14883] ? rcu_is_watching+0x12/0xc0 [ 340.804478][T14883] ? vhost_task_create+0x1db/0x370 [ 340.804497][T14883] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 340.804514][T14883] ? rcu_is_watching+0x12/0xc0 [ 340.804529][T14883] ? trace_kmem_cache_alloc+0xd5/0x100 [ 340.804541][T14883] ? vhost_task_create+0x1db/0x370 [ 340.804555][T14883] __vmalloc_node_noprof+0xad/0xf0 [ 340.804568][T14883] ? vhost_task_create+0x1db/0x370 [ 340.804584][T14883] copy_process+0x7fb/0x7ed0 [ 340.804593][T14883] ? irqentry_exit+0x24d/0x7e0 [ 340.804608][T14883] ? lockdep_hardirqs_on+0x78/0x100 [ 340.804622][T14883] ? irqentry_exit+0x24d/0x7e0 [ 340.804641][T14883] ? __pfx_copy_process+0x10/0x10 [ 340.804651][T14883] ? debug_check_no_locks_freed+0x7a/0x120 [ 340.804665][T14883] ? lockdep_init_map_type+0x5c/0x250 [ 340.804683][T14883] ? lockdep_init_map_type+0x5c/0x250 [ 340.804698][T14883] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 340.804711][T14883] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 340.804729][T14883] vhost_task_create+0x1db/0x370 [ 340.804744][T14883] ? __pfx_vhost_task_create+0x10/0x10 [ 340.804758][T14883] ? register_lock_class+0x40/0x560 [ 340.804775][T14883] ? __pfx_vhost_task_fn+0x10/0x10 [ 340.804790][T14883] ? __pfx___mutex_lock+0x10/0x10 [ 340.804830][T14883] ? kasan_quarantine_put+0x104/0x240 [ 340.804851][T14883] kvm_mmu_post_init_vm+0x1b3/0x370 [ 340.804867][T14883] kvm_arch_vcpu_ioctl_run+0x66/0x1890 [ 340.804883][T14883] ? kvm_vcpu_ioctl+0x1546/0x1720 [ 340.804897][T14883] kvm_vcpu_ioctl+0x730/0x1720 [ 340.804910][T14883] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 340.804922][T14883] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 340.804936][T14883] ? do_vfs_ioctl+0x226/0x13e0 [ 340.804948][T14883] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 340.804959][T14883] ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10 [ 340.804978][T14883] ? __fget_files+0x215/0x3d0 [ 340.804991][T14883] ? hook_file_ioctl_common+0x149/0x410 [ 340.805011][T14883] ? selinux_file_ioctl+0x13b/0x290 [ 340.805024][T14883] ? selinux_file_ioctl+0xb6/0x290 [ 340.805038][T14883] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 340.805050][T14883] __x64_sys_ioctl+0x18e/0x210 [ 340.805062][T14883] do_syscall_64+0x10b/0xf80 [ 340.805076][T14883] ? clear_bhb_loop+0x40/0x90 [ 340.805089][T14883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.805100][T14883] RIP: 0033:0x7f1b82d9ce59 [ 340.805110][T14883] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 340.805120][T14883] RSP: 002b:00007f1b83bfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 340.805130][T14883] RAX: ffffffffffffffda RBX: 00007f1b83015fa0 RCX: 00007f1b82d9ce59 [ 340.805137][T14883] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 340.805143][T14883] RBP: 00007f1b83bfa090 R08: 0000000000000000 R09: 0000000000000000 [ 340.805148][T14883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 340.805154][T14883] R13: 00007f1b83016038 R14: 00007f1b83015fa0 R15: 00007ffdb53e8928 [ 340.805167][T14883] [ 340.805219][T14883] Mem-Info: [ 340.862886][T14892] netlink: 'syz.0.3235': attribute type 3 has an invalid length. [ 340.863169][T14883] active_anon:28794 inactive_anon:0 isolated_anon:0 [ 340.863169][T14883] active_file:24591 inactive_file:40817 isolated_file:0 [ 340.863169][T14883] unevictable:1768 dirty:187 writeback:0 [ 340.863169][T14883] slab_reclaimable:12380 slab_unreclaimable:74862 [ 340.863169][T14883] mapped:26740 shmem:18774 pagetables:1339 [ 340.863169][T14883] sec_pagetables:300 bounce:0 [ 340.863169][T14883] kernel_misc_reclaimable:0 [ 340.863169][T14883] free:421687 free_pcp:8855 free_cma:0 [ 340.867265][T14892] netlink: 'syz.0.3235': attribute type 1 has an invalid length. [ 340.868408][T14883] Node 0 active_anon:115140kB inactive_anon:0kB active_file:98256kB inactive_file:163064kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:69924kB dirty:748kB writeback:0kB shmem:71560kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13632kB pagetables:5144kB sec_pagetables:1200kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 340.871035][T14892] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3235'. [ 340.872660][T14883] Node 1 active_anon:36kB inactive_anon:0kB active_file:108kB inactive_file:204kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:37036kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:128kB pagetables:212kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB gpu_active:0kB gpu_reclaim:0kB [ 340.875763][T14892] NCSI netlink: No device for ifindex 33022 [ 340.876921][T14883] Node 0 [ 340.935033][T14894] nbd: must specify an index to disconnect [ 341.012241][T14883] DMA free:7116kB boost:0kB min:340kB low:424kB high:508kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:52kB local_pcp:0kB free_cma:0kB [ 341.029571][T14883] lowmem_reserve[]: 0 1231 1231 1231 1231 [ 341.031999][T14883] Node 0 DMA32 free:122748kB boost:0kB min:27480kB low:34348kB high:41216kB reserved_highatomic:0KB free_highatomic:0KB active_anon:115088kB inactive_anon:0kB active_file:98256kB inactive_file:163064kB unevictable:3536kB writepending:836kB zspages:0kB present:2080628kB managed:1260864kB mlocked:0kB bounce:0kB free_pcp:27224kB local_pcp:8328kB free_cma:0kB [ 341.046196][T14883] lowmem_reserve[]: 0 0 0 0 0 [ 341.048460][T14883] Node 1 Normal free:1557108kB boost:0kB min:39756kB low:49692kB high:59628kB reserved_highatomic:0KB free_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:108kB inactive_file:204kB unevictable:3536kB writepending:0kB zspages:0kB present:2097152kB managed:1781884kB mlocked:0kB bounce:0kB free_pcp:7724kB local_pcp:956kB free_cma:0kB [ 341.062566][T14883] lowmem_reserve[]: 0 0 0 0 0 [ 341.064737][T14883] Node 0 DMA: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 2*1024kB (U) 2*2048kB (UM) 0*4096kB = 7116kB [ 341.070628][T14883] Node 0 DMA32: 2411*4kB (UE) 1872*8kB (UME) 1165*16kB (UM) 123*32kB (UM) 11*64kB (UM) 14*128kB (M) 37*256kB (UM) 40*512kB (U) 26*1024kB (U) 6*2048kB (UM) 1*4096kB (U) = 122652kB [ 341.079498][T14883] Node 1 Normal: 34*4kB (UM) 45*8kB (UM) 53*16kB (UME) 46*32kB (UME) 18*64kB (UME) 14*128kB (UME) 8*256kB (UM) 8*512kB (UM) 5*1024kB (UME) 2*2048kB (ME) 375*4096kB (UM) = 1557120kB [ 341.087884][T14883] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 341.092173][T14883] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 341.095952][T14883] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 341.099968][T14883] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 341.104383][T14883] 84178 total pagecache pages [ 341.106441][T14883] 0 pages in swap cache [ 341.108226][T14883] Free swap = 124996kB [ 341.110018][T14883] Total swap = 124996kB [ 341.111570][T14883] 1048443 pages RAM [ 341.113073][T14883] 0 pages HighMem/MovableOnly [ 341.114869][T14883] 283916 pages reserved [ 341.116474][T14883] 0 pages cma reserved [ 341.183030][T14906] usb usb7: usbfs: process 14906 (syz.0.3240) did not claim interface 0 before use [ 341.214192][T14909] FAULT_INJECTION: forcing a failure. [ 341.214192][T14909] name failslab, interval 1, probability 0, space 0, times 0 [ 341.221160][T14909] CPU: 0 UID: 0 PID: 14909 Comm: syz.1.3241 Not tainted syzkaller #0 PREEMPT(full) [ 341.221176][T14909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 341.221183][T14909] Call Trace: [ 341.221189][T14909] [ 341.221194][T14909] dump_stack_lvl+0x100/0x190 [ 341.221213][T14909] should_fail_ex.cold+0x5/0xa [ 341.221229][T14909] ? tomoyo_realpath_from_path+0xb6/0x690 [ 341.221245][T14909] should_failslab+0xc2/0x120 [ 341.221258][T14909] __kmalloc_noprof+0xe0/0x850 [ 341.221274][T14909] ? kfree+0x1dd/0x6c0 [ 341.221290][T14909] tomoyo_realpath_from_path+0xb6/0x690 [ 341.221308][T14909] tomoyo_path_perm+0x276/0x460 [ 341.221320][T14909] ? tomoyo_path_perm+0x262/0x460 [ 341.221334][T14909] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 341.221346][T14909] ? ima_match_policy+0x8b8/0x2340 [ 341.221370][T14909] ? __lock_acquire+0x4a5/0x2630 [ 341.221394][T14909] ? rcu_is_watching+0x12/0xc0 [ 341.221414][T14909] security_inode_getattr+0x116/0x280 [ 341.221430][T14909] vfs_getattr+0x25/0x60 [ 341.221447][T14909] loop_query_min_dio_size.isra.0+0x117/0x250 [ 341.221489][T14909] ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10 [ 341.221513][T14909] ? filemap_check_errors+0xa9/0x150 [ 341.221528][T14909] ? filemap_write_and_wait_range+0x7d/0x130 [ 341.221547][T14909] loop_configure+0x6e4/0x15b0 [ 341.221567][T14909] ? tomoyo_path_number_perm+0x46d/0x580 [ 341.221580][T14909] ? stack_trace_save+0x8e/0xc0 [ 341.221595][T14909] ? __lock_acquire+0x4a5/0x2630 [ 341.221610][T14909] ? __pfx_loop_configure+0x10/0x10 [ 341.221639][T14909] lo_ioctl+0xcf3/0x1bc0 [ 341.221657][T14909] ? __pfx_lo_ioctl+0x10/0x10 [ 341.221672][T14909] ? __pfx_avc_has_extended_perms+0x10/0x10 [ 341.221693][T14909] ? kasan_quarantine_put+0x104/0x240 [ 341.221716][T14909] ? blk_get_meta_cap+0xd4/0x6c0 [ 341.221735][T14909] ? __pfx_blk_get_meta_cap+0x10/0x10 [ 341.221757][T14909] ? blkdev_common_ioctl+0x515/0x2b80 [ 341.221785][T14909] ? __fget_files+0x215/0x3d0 [ 341.221800][T14909] ? __pfx_lo_ioctl+0x10/0x10 [ 341.221815][T14909] blkdev_ioctl+0x5ad/0x6f0 [ 341.221827][T14909] ? __pfx_blkdev_ioctl+0x10/0x10 [ 341.221838][T14909] ? selinux_file_ioctl+0x13b/0x290 [ 341.221853][T14909] ? selinux_file_ioctl+0xb6/0x290 [ 341.221869][T14909] ? __pfx_blkdev_ioctl+0x10/0x10 [ 341.221899][T14909] __x64_sys_ioctl+0x18e/0x210 [ 341.221916][T14909] do_syscall_64+0x10b/0xf80 [ 341.221932][T14909] ? clear_bhb_loop+0x40/0x90 [ 341.221947][T14909] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.221959][T14909] RIP: 0033:0x7f1b82d9ce59 [ 341.221971][T14909] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 341.221983][T14909] RSP: 002b:00007f1b83bfa028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 341.221995][T14909] RAX: ffffffffffffffda RBX: 00007f1b83015fa0 RCX: 00007f1b82d9ce59 [ 341.222002][T14909] RDX: 0000200000000500 RSI: 0000000000004c0a RDI: 0000000000000003 [ 341.222010][T14909] RBP: 00007f1b83bfa090 R08: 0000000000000000 R09: 0000000000000000 [ 341.222016][T14909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 341.222023][T14909] R13: 00007f1b83016038 R14: 00007f1b83015fa0 R15: 00007ffdb53e8928 [ 341.222038][T14909] [ 341.222149][T14909] ERROR: Out of memory at tomoyo_realpath_from_path. [ 341.267307][T14913] netlink: 'syz.0.3243': attribute type 4 has an invalid length. [ 341.268425][T14909] loop2: detected capacity change from 0 to 3 [ 341.363102][T14909] ldm_validate_privheads(): Disk read failed. [ 341.365974][T14909] Dev loop2: unable to read RDB block 3 [ 341.368357][T14909] loop2: unable to read partition table [ 341.370771][T14909] loop2: partition table beyond EOD, truncated [ 341.373611][T14909] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 341.435705][T14919] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 341.549065][T14927] syzkaller0: entered promiscuous mode [ 341.551604][T14927] syzkaller0: entered allmulticast mode [ 341.649258][T12661] overlayfs: failed lookup in lower (newroot/134, name='bus', err=-40): overlapping layers [ 341.656199][T12661] overlayfs: failed lookup in lower (newroot/134, name='bus', err=-40): overlapping layers [ 342.017761][ T46] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 342.023288][ T46] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.138328][ T46] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 342.142799][ T46] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.390518][ T46] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 342.394352][ T46] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.534368][ T46] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 342.538176][ T46] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.801976][ T46] bridge_slave_1: left allmulticast mode [ 342.805671][ T46] bridge_slave_1: left promiscuous mode [ 342.808430][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 342.818254][ T46] bridge_slave_0: left allmulticast mode [ 342.820592][ T46] bridge_slave_0: left promiscuous mode [ 342.829295][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.078513][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 343.083494][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 343.087650][ T46] bond0 (unregistering): Released all slaves [ 343.312552][ T40] kauditd_printk_skb: 5002 callbacks suppressed [ 343.312570][ T40] audit: type=1400 audit(1778628241.947:5407): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 343.323590][ T5447] audit: audit_backlog=65 > audit_backlog_limit=64 [ 343.324119][ T40] audit: type=1400 audit(1778628241.957:5408): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 343.326676][ T5447] audit: audit_lost=82 audit_rate_limit=0 audit_backlog_limit=64 [ 343.335710][ T40] audit: type=1400 audit(1778628241.957:5409): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 343.338638][ T5447] audit: backlog limit exceeded [ 343.346807][ T40] audit: type=1400 audit(1778628241.957:5410): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 343.348872][ T5447] audit: audit_backlog=65 > audit_backlog_limit=64 [ 343.356464][ T40] audit: type=1400 audit(1778628241.957:5411): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 343.359211][ T5447] audit: audit_lost=83 audit_rate_limit=0 audit_backlog_limit=64 [ 343.467116][ T46] hsr_slave_0: left promiscuous mode [ 343.470552][ T46] hsr_slave_1: left promiscuous mode [ 343.473718][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 343.476954][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 343.481493][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 343.485316][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 343.501357][ T46] veth1_macvtap: left promiscuous mode [ 343.505138][ T46] veth0_macvtap: left promiscuous mode [ 343.507624][ T46] veth1_vlan: left promiscuous mode [ 343.693144][ T46] team0 (unregistering): Port device team_slave_1 removed [ 343.700910][ T46] team0 (unregistering): Port device team_slave_0 removed [ 344.233292][ T46] IPVS: stop unused estimator thread 0... [ 344.417423][ T46] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.490044][ T46] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.609096][ T46] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.712614][ T46] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.878301][ T46] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.969344][ T46] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.057917][ T46] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.315590][ T46] bridge_slave_1: left allmulticast mode [ 345.317585][ T46] bridge_slave_1: left promiscuous mode [ 345.319518][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.324415][ T46] bridge_slave_0: left allmulticast mode [ 345.326693][ T46] bridge_slave_0: left promiscuous mode [ 345.328910][ T46] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.339062][ T46] bridge_slave_1: left allmulticast mode [ 345.342144][ T46] bridge_slave_1: left promiscuous mode [ 345.345184][ T46] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.353957][ T46] ¾x9ÿ: left allmulticast mode [ 345.356888][ T46] ¾x9ÿ: left promiscuous mode [ 345.360439][ T46] bridge0: port 1(1¾x9ÿ) entered disabled state [ 345.674969][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 345.681311][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 345.685383][ T46] bond0 (unregistering): Released all slaves [ 345.893843][ T46] bond1 (unregistering): (slave bridge2): Releasing backup interface [ 345.897194][ T46] bridge2 (unregistering): left promiscuous mode [ 345.957108][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 345.963378][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 345.974422][ T46] bond0 (unregistering): Released all slaves [ 345.982160][ T46] bond1 (unregistering): Released all slaves [ 346.612246][ T46] hsr_slave_0: left promiscuous mode [ 346.615586][ T46] hsr_slave_1: left promiscuous mode [ 346.618592][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 346.621864][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 346.625359][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 346.627755][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 346.633487][ T46] hsr_slave_0: left promiscuous mode [ 346.636007][ T46] hsr_slave_1: left promiscuous mode [ 346.638976][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 346.641916][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 346.645409][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 346.647866][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 346.667315][ T46] veth1_macvtap: left promiscuous mode [ 346.669054][ T46] veth0_macvtap: left promiscuous mode [ 346.670923][ T46] veth1_vlan: left promiscuous mode [ 346.672848][ T46] veth0_vlan: left promiscuous mode [ 346.676112][ T46] veth1_macvtap: left promiscuous mode [ 346.678722][ T46] veth0_macvtap: left promiscuous mode [ 346.681395][ T46] veth1_vlan: left promiscuous mode [ 346.683605][ T46] veth0_vlan: left promiscuous mode [ 346.920008][ T46] team0 (unregistering): Port device team_slave_1 removed [ 346.929035][ T46] team0 (unregistering): Port device team_slave_0 removed [ 347.178631][ T46] team0 (unregistering): Port device team_slave_1 removed [ 347.191638][ T46] team0 (unregistering): Port device team_slave_0 removed [ 347.822697][ T46] IPVS: stop unused estimator thread 0... [ 347.827230][ T46] IPVS: stop unused estimator thread 0... [ 348.323797][ T40] kauditd_printk_skb: 32657 callbacks suppressed [ 348.323812][ T40] audit: type=1400 audit(1778628246.967:37834): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 348.331344][ T5447] audit: audit_backlog=65 > audit_backlog_limit=64 [ 348.332610][ T40] audit: type=1400 audit(1778628246.967:37835): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 348.332637][ T40] audit: type=1400 audit(1778628246.967:37836): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 348.334910][ T5447] audit: audit_lost=162 audit_rate_limit=0 audit_backlog_limit=64 [ 348.342606][ T40] audit: type=1400 audit(1778628246.967:37837): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 348.348580][ T5447] audit: backlog limit exceeded [ 348.351303][ T40] audit: type=1400 audit(1778628246.967:37838): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 348.358333][ T5447] audit: audit_backlog=65 > audit_backlog_limit=64 [ 348.359367][ T40] audit: type=1400 audit(1778628246.967:37839): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 353.332711][ T40] kauditd_printk_skb: 33562 callbacks suppressed [ 353.332728][ T40] audit: type=1400 audit(1778628251.977:70602): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 353.343154][ T40] audit: type=1400 audit(1778628251.977:70603): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 353.346161][ T5447] audit: audit_backlog=65 > audit_backlog_limit=64 [ 353.350009][ T40] audit: type=1400 audit(1778628251.977:70604): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 353.352834][ T5447] audit: audit_lost=430 audit_rate_limit=0 audit_backlog_limit=64 [ 353.361321][ T40] audit: type=1400 audit(1778628251.977:70605): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 353.364204][ T5447] audit: backlog limit exceeded [ 353.373062][ T40] audit: type=1400 audit(1778628251.977:70606): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 353.373108][ T40] audit: type=1400 audit(1778628251.977:70607): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 353.373139][ T40] audit: type=1400 audit(1778628251.977:70608): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 358.342559][ T40] kauditd_printk_skb: 35651 callbacks suppressed [ 358.342574][ T40] audit: type=1400 audit(1778628256.987:106260): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 358.351476][ T5447] audit: audit_backlog=65 > audit_backlog_limit=64 [ 358.352772][ T40] audit: type=1400 audit(1778628256.987:106261): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 358.352797][ T40] audit: type=1400 audit(1778628256.987:106262): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 358.352819][ T40] audit: type=1400 audit(1778628256.987:106263): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 358.352838][ T40] audit: type=1400 audit(1778628256.987:106264): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 358.355675][ T5447] audit: audit_lost=431 audit_rate_limit=0 audit_backlog_limit=64 [ 358.363879][ T40] audit: type=1400 audit(1778628256.987:106265): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0 [ 358.370472][ T5447] audit: backlog limit exceeded [ 358.378447][ T40] audit: type=1400 audit(1778628256.987:106266): avc: denied { read } for pid=5447 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=0