last executing test programs: 34.012913778s ago: executing program 0 (id=6686): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0xa, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', 0x0}) syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000001c0)={0x14, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x22, 0x17, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @main=@item_4={0x3, 0x0, 0x9, "b2938f8d"}, @local=@item_012={0x1, 0x2, 0x2, "90"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8, "000f0200"}]}}, 0x0}, 0x0) sendto$packet(r1, &(0x7f0000000180)="0b036828e0ff64000200475400f6a13bb10000000800894f4820", 0x1fffe, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 33.333103077s ago: executing program 0 (id=6687): r0 = openat$cuse(0xffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r0, &(0x7f0000003340)={0x2020}, 0x2020) pselect6(0x2000, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x300}, 0x0, &(0x7f0000000100)={0x8}, 0x0, 0x0) 33.193430115s ago: executing program 0 (id=6688): r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000040), &(0x7f00000000c0)=0x8) 33.032859744s ago: executing program 0 (id=6689): socket$inet6(0xa, 0x2, 0x0) syz_open_dev$loop(&(0x7f00000000c0), 0x1, 0x400000) r0 = syz_open_procfs(0x0, 0x0) fchdir(r0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0xffffffff}, 0x0) getdents(r0, &(0x7f0000000140)=""/72, 0x48) socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet_sctp(0x2, 0x1, 0x84) syz_usb_connect(0x3, 0x24, &(0x7f0000001100)={{0x12, 0x1, 0x0, 0xc1, 0xb3, 0x9a, 0x8, 0x4e6, 0x9, 0x200, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x5, 0x8, 0xe0, 0x22, [{{0x9, 0x4, 0xa2, 0x6, 0x0, 0x69, 0x4b, 0x1, 0x4d}}]}}]}}, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x6d}, 0x2c) r4 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x2000, 0x0, 0x12d5c, 0x12d5c}}, 0x44) setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0) r5 = socket(0x40000000015, 0x5, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x1, @loopback}, 0xb) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r2, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={0x0, 0x90}, 0x1, 0x0, 0x0, 0x10}, 0x20040090) 11.791582911s ago: executing program 1 (id=6706): socket(0x28, 0x5, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x498, &(0x7f0000000200)={0x0, 0x7279, 0x0, 0x4, 0x125}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) 1.932604891s ago: executing program 0 (id=6707): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001140)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x3}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0) 1.712859863s ago: executing program 0 (id=6708): socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, 0x0) socket$inet6(0xa, 0x3, 0x8000000003c) syz_emit_ethernet(0x46, &(0x7f00000002c0)={@multicast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x10, 0x2c, 0x0, @dev, @mcast2, {[@hopopts={0x3c}], @echo_reply}}}}}, 0x0) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = syz_io_uring_setup(0x497, &(0x7f0000002180)={0x0, 0x787f, 0x100, 0x4, 0x1b0}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) socket$nl_route(0x10, 0x3, 0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3, 0x700}]}, 0x1, 0x1}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r2, 0x0, 0x0, 0x0, 0x60, 0x1, {0x1}}) io_uring_enter(r3, 0x3517, 0x173d, 0x42, 0x0, 0x0) 1.242277099s ago: executing program 1 (id=6709): r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000040), &(0x7f00000000c0)=0x8) 1.112266747s ago: executing program 1 (id=6710): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900030073797a31000000001400040008000140"], 0xe0}}, 0x0) 982.251634ms ago: executing program 1 (id=6711): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=@updpolicy={0x138, 0x19, 0x1, 0x0, 0x10, {{@in=@multicast1, @in=@remote, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {0x1, 0x0, 0x80}}, [@tmpl={0x84, 0x5, [{{@in=@loopback, 0x0, 0x32}, 0x0, @in6=@private0, 0x800000, 0x3, 0x3}, {{@in6=@mcast1, 0xfffffffe, 0x33}, 0x0, @in=@private=0xa010101, 0x3504, 0x75d86b3f9e18768a, 0x3, 0x1, 0x0, 0xabf}]}]}, 0x138}}, 0x0) 851.274572ms ago: executing program 1 (id=6712): unshare(0x64000600) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000d00)=@nat={'nat\x00', 0x19, 0x11, 0x90, [0x200000000c40, 0x0, 0x0, 0x200000000c70, 0x200000000ca0], 0x0, 0x0, 0x0}, 0x50) 0s ago: executing program 1 (id=6713): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x54, r2, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_FRAME={0x26, 0x33, @auth={{{0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}, {0x3}, @device_b, @device_b, @initial, {0x7, 0xf95}, @value=@ver_80211n={0x0, 0x59cf, 0x0, 0x1, 0x0, 0x3, 0x1}}, 0x1, 0x5, 0x25c, @void}}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x16e4}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x6}]]}, 0x54}, 0x1, 0x0, 0x0, 0xc0}, 0x0) kernel console output (not intermixed with test programs): usb 2-1: new high-speed USB device number 119 using dummy_hcd [ 3423.415818][ T6883] usb 2-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 3423.416041][ T6883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3423.416296][ T6883] usb 2-1: Product: syz [ 3423.416361][ T6883] usb 2-1: Manufacturer: syz [ 3423.416406][ T6883] usb 2-1: SerialNumber: syz [ 3423.421579][ T6883] usb 2-1: config 0 descriptor?? [ 3428.794683][T31145] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 3428.948936][T31145] usb 1-1: Using ep0 maxpacket: 32 [ 3428.963434][T31145] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3428.963675][T31145] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3428.963878][T31145] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 3428.963968][T31145] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3428.967611][T31145] usb 1-1: config 0 descriptor?? [ 3429.590158][T31145] savu 0003:1E7D:2D5A.0040: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 3429.714442][T31145] usb 1-1: USB disconnect, device number 2 [ 3433.659906][T26742] usb 2-1: USB disconnect, device number 119 [ 3434.214983][T31210] netlink: 'syz.1.5979': attribute type 10 has an invalid length. [ 3434.215726][T31210] netlink: 40 bytes leftover after parsing attributes in process `syz.1.5979'. [ 3434.251301][T31210] A link change request failed with some changes committed already. Interface netdevsim3 may have been left with an inconsistent configuration, please check. [ 3434.599563][ T31] audit: type=1400 audit(3434.579:550): avc: denied { execute } for pid=31211 comm="syz.1.5980" path="/dev/nullb0" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 3434.751534][T31214] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5981'. [ 3435.598846][ T31] audit: type=1400 audit(3435.549:551): avc: denied { map } for pid=31216 comm="syz.1.5982" path="socket:[64900]" dev="sockfs" ino=64900 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 3441.981581][ T31] audit: type=1400 audit(3441.959:552): avc: denied { search } for pid=31197 comm="syz.0.5976" name="/" dev="configfs" ino=1090 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 3463.399288][ T11] usb 2-1: new high-speed USB device number 120 using dummy_hcd [ 3463.572336][ T11] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 3463.572563][ T11] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 3463.572773][ T11] usb 2-1: config 1 has no interface number 0 [ 3463.572908][ T11] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3463.573038][ T11] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 3463.573125][ T11] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 3463.593355][ T11] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 3463.593624][ T11] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3463.593813][ T11] usb 2-1: Product: syz [ 3463.593853][ T11] usb 2-1: Manufacturer: syz [ 3463.593884][ T11] usb 2-1: SerialNumber: syz [ 3464.449940][ T11] cdc_ncm 2-1:1.1: bind() failure [ 3464.680579][T31145] usb 2-1: USB disconnect, device number 120 [ 3465.148972][T31145] usb 2-1: new high-speed USB device number 121 using dummy_hcd [ 3465.299108][T31145] usb 2-1: Using ep0 maxpacket: 8 [ 3465.304642][T31145] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 3465.305250][T31145] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 3465.305822][T31145] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 3465.306459][T31145] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 3465.307012][T31145] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 3465.307606][T31145] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 3465.308051][T31145] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3465.557925][T31145] usb 2-1: GET_CAPABILITIES returned 0 [ 3465.559511][T31145] usbtmc 2-1:16.0: can't read capabilities [ 3465.781762][T31145] usb 2-1: USB disconnect, device number 121 [ 3469.608888][T26742] usb 2-1: new full-speed USB device number 122 using dummy_hcd [ 3469.842357][T26742] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3469.842580][T26742] usb 2-1: config 0 has no interfaces? [ 3469.842645][T26742] usb 2-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 3469.842732][T26742] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3469.845829][T26742] usb 2-1: config 0 descriptor?? [ 3470.071862][ T31] audit: type=1400 audit(3470.049:553): avc: denied { mounton } for pid=31270 comm="syz.1.5990" path="/proc/1211/task" dev="proc" ino=64141 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 3470.076282][ T48] usb 2-1: USB disconnect, device number 122 [ 3486.378826][ T48] usb 2-1: new high-speed USB device number 123 using dummy_hcd [ 3486.618867][ T48] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 3486.619230][ T48] usb 2-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 3486.619401][ T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3496.882748][ T48] usb 2-1: USB disconnect, device number 123 [ 3499.179341][ T11] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 3499.394729][ T11] usb 1-1: Using ep0 maxpacket: 16 [ 3499.409495][ T11] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3499.409709][ T11] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3499.409947][ T11] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 3499.410014][ T11] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3499.413165][ T11] usb 1-1: config 0 descriptor?? [ 3500.159739][ T11] hid-multitouch 0003:1FD2:6007.0041: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.0-1/input0 [ 3500.350158][ T48] usb 1-1: USB disconnect, device number 3 [ 3529.128792][ T6883] usb 2-1: new high-speed USB device number 124 using dummy_hcd [ 3529.370373][ T6883] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 3529.370620][ T6883] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 3529.370806][ T6883] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 3529.381168][ T6883] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 3529.381395][ T6883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3529.381629][ T6883] usb 2-1: Product: syz [ 3529.381746][ T6883] usb 2-1: Manufacturer: syz [ 3529.381852][ T6883] usb 2-1: SerialNumber: syz [ 3529.401360][ T6883] hub 2-1:1.0: bad descriptor, ignoring hub [ 3529.401655][ T6883] hub 2-1:1.0: probe with driver hub failed with error -5 [ 3529.612956][ T6883] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 124 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 3529.641524][ T6883] usb 2-1: USB disconnect, device number 124 [ 3529.645435][ T6883] usblp0: removed [ 3533.983366][ T31] audit: type=1800 audit(3533.959:554): pid=31387 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.6005" name="bus" dev="ramfs" ino=64190 res=0 errno=0 [ 3555.397275][T31408] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6012'. [ 3555.962195][T31418] binder: BINDER_SET_CONTEXT_MGR already set [ 3555.962453][T31418] binder: 31417:31418 ioctl 4018620d 20000040 returned -16 [ 3558.868945][T26742] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 3559.048992][T26742] usb 1-1: Using ep0 maxpacket: 32 [ 3559.200613][T26742] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 3559.200818][T26742] usb 1-1: config 0 has no interface number 0 [ 3559.219462][T26742] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 3559.219660][T26742] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3559.219837][T26742] usb 1-1: Product: syz [ 3559.219948][T26742] usb 1-1: Manufacturer: syz [ 3559.220052][T26742] usb 1-1: SerialNumber: syz [ 3559.221942][T26742] usb 1-1: config 0 descriptor?? [ 3565.828944][T31145] usb 2-1: new high-speed USB device number 125 using dummy_hcd [ 3566.452043][T31145] usb 2-1: config 0 interface 0 altsetting 60 endpoint 0xE has invalid maxpacket 1023, setting to 64 [ 3566.452774][T31145] usb 2-1: config 0 interface 0 altsetting 60 endpoint 0xD has invalid wMaxPacketSize 0 [ 3566.453399][T31145] usb 2-1: config 0 interface 0 altsetting 60 bulk endpoint 0xD has invalid maxpacket 0 [ 3566.454192][T31145] usb 2-1: config 0 interface 0 has no altsetting 0 [ 3566.454672][T31145] usb 2-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=ae.ad [ 3566.455191][T31145] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3566.458793][T31145] usb 2-1: config 0 descriptor?? [ 3569.520650][ T6883] usb 1-1: USB disconnect, device number 4 [ 3571.783232][T31145] usb 2-1: string descriptor 0 read error: -32 [ 3571.784288][T31145] usb 2-1: ucan: probing device on interface #0 [ 3571.784632][T31145] usb 2-1: ucan: invalid endpoint configuration [ 3571.784777][T31145] usb 2-1: ucan: probe failed; try to update the device firmware [ 3580.436706][ T48] usb 2-1: USB disconnect, device number 125 [ 3583.732802][T31479] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6028'. [ 3587.524074][T31487] netlink: 388 bytes leftover after parsing attributes in process `syz.1.6031'. [ 3618.108773][T26742] usb 2-1: new high-speed USB device number 126 using dummy_hcd [ 3618.278906][T26742] usb 2-1: Using ep0 maxpacket: 16 [ 3618.301973][T26742] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3618.302198][T26742] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 3618.302378][T26742] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 3618.302428][T26742] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 3618.315462][T26742] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 3618.315678][T26742] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 3618.315857][T26742] usb 2-1: Manufacturer: syz [ 3618.317785][T26742] usb 2-1: config 0 descriptor?? [ 3618.541912][T16697] usb 2-1: USB disconnect, device number 126 [ 3620.060197][T31564] netlink: 'syz.1.6055': attribute type 39 has an invalid length. [ 3620.919454][T31568] binder: 31567:31568 ioctl c018620b 0 returned -14 [ 3637.419147][T31145] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 3637.689120][T31145] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 3637.689357][T31145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3637.689554][T31145] usb 1-1: Product: syz [ 3637.689666][T31145] usb 1-1: Manufacturer: syz [ 3637.689772][T31145] usb 1-1: SerialNumber: syz [ 3637.923955][T31145] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 3638.151856][T31145] usb 1-1: USB disconnect, device number 5 [ 3638.157892][T31145] usblp0: removed [ 3656.509548][ T31] audit: type=1326 audit(3656.479:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31614 comm="syz.1.6068" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3670.131611][ T31] audit: type=1326 audit(3670.109:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31630 comm="syz.0.6073" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3671.668739][T11839] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 3671.798959][T11839] usb 1-1: device descriptor read/64, error -71 [ 3672.118910][T11839] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 3672.299002][T11839] usb 1-1: device descriptor read/64, error -71 [ 3672.410089][T11839] usb usb1-port1: attempt power cycle [ 3672.749042][T11839] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 3672.799316][T11839] usb 1-1: device descriptor read/8, error -71 [ 3673.048845][T11839] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 3673.073642][T11839] usb 1-1: device descriptor read/8, error -71 [ 3673.180448][T11839] usb usb1-port1: unable to enumerate USB device [ 3685.282192][T31712] fuse: Bad value for 'fd' [ 3685.602586][T31715] FAULT_INJECTION: forcing a failure. [ 3685.602586][T31715] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3685.602832][T31715] CPU: 0 UID: 0 PID: 31715 Comm: syz.0.6097 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3685.602874][T31715] Hardware name: ARM-Versatile Express [ 3685.602888][T31715] Call trace: [ 3685.602909][T31715] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3685.602976][T31715] r7:00000000 r6:00000000 r5:60000013 r4:82257d0c [ 3685.602987][T31715] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3685.603016][T31715] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3685.603046][T31715] r5:84a38000 r4:82951710 [ 3685.603169][T31715] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3685.603247][T31715] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3685.603339][T31715] r8:76bd2f30 r7:00000000 r6:00000000 r5:dfec5f68 r4:00000002 [ 3685.603372][T31715] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3685.603461][T31715] [<8095f694>] (should_fail_usercopy) from [<8058cc58>] (simple_read_from_buffer+0x80/0x13c) [ 3685.603550][T31715] [<8058cbd8>] (simple_read_from_buffer) from [<806041f0>] (proc_fail_nth_read+0xb8/0x100) [ 3685.603606][T31715] r10:00000001 r9:80604138 r8:00000002 r7:dfec5f68 r6:0000000f r5:76bd2f30 [ 3685.603620][T31715] r4:84a38000 r3:dfec5e9f [ 3685.603629][T31715] [<80604138>] (proc_fail_nth_read) from [<805517a0>] (vfs_read+0x98/0x320) [ 3685.603700][T31715] r8:76bd2f30 r7:dfec5f68 r6:84a38000 r5:0000000f r4:854fee40 [ 3685.603747][T31715] [<80551708>] (vfs_read) from [<80552440>] (ksys_read+0x74/0xe4) [ 3685.603836][T31715] r10:00000003 r9:84a38000 r8:8020029c r7:00000000 r6:00000000 r5:854fee40 [ 3685.603862][T31715] r4:854fee43 [ 3685.603922][T31715] [<805523cc>] (ksys_read) from [<805524c0>] (sys_read+0x10/0x14) [ 3685.604043][T31715] r7:00000003 r6:00000004 r5:76bd2f30 r4:0000000f [ 3685.604054][T31715] [<805524b0>] (sys_read) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3685.604097][T31715] Exception stack(0xdfec5fa8 to 0xdfec5ff0) [ 3685.604157][T31715] 5fa0: 0000000f 76bd2f30 00000004 76bd2f30 0000000f 00000000 [ 3685.604208][T31715] 5fc0: 0000000f 76bd2f30 00000004 00000003 002d0000 00000000 00006364 76bd30bc [ 3685.604236][T31715] 5fe0: 00000158 76bd2ed0 000d7d68 0012fe04 [ 3687.751071][T31729] fuse: Bad value for 'fd' [ 3690.443353][T31745] fuse: Invalid rootmode [ 3692.565835][T31753] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=22 sclass=netlink_tcpdiag_socket pid=31753 comm=syz.0.6109 [ 3698.040404][ T31] audit: type=1326 audit(3698.019:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31777 comm="syz.1.6119" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3710.091676][T31796] fuse: Bad value for 'fd' [ 3711.836137][ T31] audit: type=1326 audit(3711.809:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31797 comm="syz.1.6126" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3712.213715][T31809] FAULT_INJECTION: forcing a failure. [ 3712.213715][T31809] name failslab, interval 1, probability 0, space 0, times 0 [ 3712.213974][T31809] CPU: 0 UID: 0 PID: 31809 Comm: syz.0.6130 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3712.214018][T31809] Hardware name: ARM-Versatile Express [ 3712.214032][T31809] Call trace: [ 3712.214056][T31809] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3712.214147][T31809] r7:84a3ec00 r6:00000000 r5:60000013 r4:82257d0c [ 3712.214225][T31809] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3712.214309][T31809] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3712.214402][T31809] r5:84a3ec00 r4:8291bcc0 [ 3712.214416][T31809] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3712.214478][T31809] [<8095f454>] (should_fail_ex) from [<8052568c>] (should_failslab+0x6c/0x94) [ 3712.214681][T31809] r8:00000000 r7:84a3ec00 r6:00000cc0 r5:ffffffff r4:832ce240 [ 3712.214691][T31809] [<80525620>] (should_failslab) from [<80509a90>] (kmem_cache_alloc_node_noprof+0x50/0x338) [ 3712.214790][T31809] [<80509a40>] (kmem_cache_alloc_node_noprof) from [<81526ff8>] (__alloc_skb+0x138/0x160) [ 3712.214976][T31809] r10:00000000 r9:00000000 r8:00000cc0 r7:00000000 r6:832ce240 r5:ffffffff [ 3712.215018][T31809] r4:82806040 [ 3712.215116][T31809] [<81526ec0>] (__alloc_skb) from [<81644d3c>] (netlink_alloc_large_skb+0x88/0xa0) [ 3712.215241][T31809] r8:00000000 r7:85419000 r6:00000014 r5:84c42500 r4:00000140 [ 3712.215253][T31809] [<81644cb4>] (netlink_alloc_large_skb) from [<81645360>] (netlink_sendmsg+0x134/0x444) [ 3712.215341][T31809] r5:84c42500 r4:e06b5f20 [ 3712.215397][T31809] [<8164522c>] (netlink_sendmsg) from [<81519cbc>] (__sock_sendmsg+0x44/0x78) [ 3712.215556][T31809] r10:00000000 r9:e06b5dc4 r8:e06b5dc4 r7:00000000 r6:84c42500 r5:e06b5f20 [ 3712.215570][T31809] r4:00000000 [ 3712.215677][T31809] [<81519c78>] (__sock_sendmsg) from [<8151a52c>] (____sys_sendmsg+0x298/0x2cc) [ 3712.215767][T31809] r7:00000000 r6:84c42500 r5:04000010 r4:e06b5f20 [ 3712.215847][T31809] [<8151a294>] (____sys_sendmsg) from [<8151c2cc>] (___sys_sendmsg+0x9c/0xd0) [ 3712.215885][T31809] r10:e06b5e24 r9:20000100 r8:04000010 r7:00000000 r6:84c42500 r5:e06b5f20 [ 3712.215929][T31809] r4:00000000 [ 3712.216021][T31809] [<8151c230>] (___sys_sendmsg) from [<8151c75c>] (__sys_sendmsg+0x8c/0xd8) [ 3712.216103][T31809] r10:00000128 r9:84a3ec00 r8:854fe240 r7:04000010 r6:20000100 r5:854fe241 [ 3712.216144][T31809] r4:00000004 [ 3712.216182][T31809] [<8151c6d0>] (__sys_sendmsg) from [<8151c7bc>] (sys_sendmsg+0x14/0x18) [ 3712.216287][T31809] r8:8020029c r7:00000128 r6:0012fee0 r5:00000000 r4:00000000 [ 3712.216392][T31809] [<8151c7a8>] (sys_sendmsg) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3712.216505][T31809] Exception stack(0xe06b5fa8 to 0xe06b5ff0) [ 3712.216564][T31809] 5fa0: 00000000 00000000 00000004 20000100 04000010 00000000 [ 3712.216586][T31809] 5fc0: 00000000 00000000 0012fee0 00000128 002d0000 00000000 00006364 76bd30bc [ 3712.216712][T31809] 5fe0: 76bd2ec0 76bd2eb0 0001939c 00131f30 [ 3714.260669][T31824] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6136'. [ 3714.812148][ T31] audit: type=1400 audit(3714.789:559): avc: denied { map } for pid=31836 comm="syz.1.6138" path="socket:[65514]" dev="sockfs" ino=65514 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 3715.902233][T31847] FAULT_INJECTION: forcing a failure. [ 3715.902233][T31847] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3715.902569][T31847] CPU: 1 UID: 0 PID: 31847 Comm: syz.1.6141 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3715.902615][T31847] Hardware name: ARM-Versatile Express [ 3715.902629][T31847] Call trace: [ 3715.902661][T31847] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3715.902721][T31847] r7:00000000 r6:00000000 r5:60000013 r4:82257d0c [ 3715.902731][T31847] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3715.902760][T31847] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3715.902790][T31847] r5:83ad6c00 r4:82951710 [ 3715.902798][T31847] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3715.902830][T31847] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3715.902863][T31847] r8:76beff30 r7:00000000 r6:00000000 r5:e0871f68 r4:00000002 [ 3715.902872][T31847] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3715.902898][T31847] [<8095f694>] (should_fail_usercopy) from [<8058cc58>] (simple_read_from_buffer+0x80/0x13c) [ 3715.902929][T31847] [<8058cbd8>] (simple_read_from_buffer) from [<806041f0>] (proc_fail_nth_read+0xb8/0x100) [ 3715.902967][T31847] r10:00000001 r9:80604138 r8:00000002 r7:e0871f68 r6:0000000f r5:76beff30 [ 3715.902979][T31847] r4:83ad6c00 r3:e0871e9f [ 3715.902987][T31847] [<80604138>] (proc_fail_nth_read) from [<805517a0>] (vfs_read+0x98/0x320) [ 3715.903022][T31847] r8:76beff30 r7:e0871f68 r6:83ad6c00 r5:0000000f r4:85e66240 [ 3715.903032][T31847] [<80551708>] (vfs_read) from [<80552440>] (ksys_read+0x74/0xe4) [ 3715.903065][T31847] r10:00000003 r9:83ad6c00 r8:8020029c r7:00000000 r6:00000000 r5:85e66240 [ 3715.903076][T31847] r4:85e66243 [ 3715.903084][T31847] [<805523cc>] (ksys_read) from [<805524c0>] (sys_read+0x10/0x14) [ 3715.903115][T31847] r7:00000003 r6:00000004 r5:76beff30 r4:0000000f [ 3715.903123][T31847] [<805524b0>] (sys_read) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3715.903148][T31847] Exception stack(0xe0871fa8 to 0xe0871ff0) [ 3715.903169][T31847] 1fa0: 0000000f 76beff30 00000004 76beff30 0000000f 00000000 [ 3715.903187][T31847] 1fc0: 0000000f 76beff30 00000004 00000003 002d0000 00000000 00006364 76bf00bc [ 3715.903201][T31847] 1fe0: 00000158 76befed0 000d7d68 0012fe04 [ 3716.814495][ T31] audit: type=1326 audit(3716.789:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=31840 comm="syz.0.6140" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3716.989038][ T6883] usb 2-1: new high-speed USB device number 127 using dummy_hcd [ 3717.198887][ T6883] usb 2-1: Using ep0 maxpacket: 32 [ 3717.228679][ T6883] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 3717.228902][ T6883] usb 2-1: config 0 has no interface number 0 [ 3717.229120][ T6883] usb 2-1: config 0 interface 184 has no altsetting 0 [ 3717.274976][ T6883] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 3717.275168][ T6883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3717.275332][ T6883] usb 2-1: Product: syz [ 3717.275396][ T6883] usb 2-1: Manufacturer: syz [ 3717.275432][ T6883] usb 2-1: SerialNumber: syz [ 3717.287754][ T6883] usb 2-1: config 0 descriptor?? [ 3717.291963][ T6883] smsc75xx v1.0.0 [ 3717.908159][ T31] audit: type=1400 audit(3717.879:561): avc: denied { ioctl } for pid=31853 comm="syz.1.6143" path="socket:[65831]" dev="sockfs" ino=65831 ioctlcmd=0x5450 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sock_file permissive=1 [ 3718.561757][ T6883] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 3718.562037][ T6883] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 3718.564498][ T6883] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 3718.564721][ T6883] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 3718.564850][ T6883] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 3718.564966][ T6883] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 3718.565217][ T6883] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71 [ 3718.569748][ T6883] usb 2-1: USB disconnect, device number 127 [ 3718.638803][T30150] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3718.693658][T30150] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3718.736116][T30150] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3718.790510][T30150] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3718.946599][T30150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3718.953748][T30150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3718.956328][T30150] bond0 (unregistering): Released all slaves [ 3719.040150][T30150] hsr_slave_0: left promiscuous mode [ 3719.041860][T30150] hsr_slave_1: left promiscuous mode [ 3719.048219][T30150] veth1_macvtap: left promiscuous mode [ 3719.068136][T30150] veth0_macvtap: left promiscuous mode [ 3719.068844][T30150] veth1_vlan: left promiscuous mode [ 3719.069052][T30150] veth0_vlan: left promiscuous mode [ 3720.513771][T31870] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3720.517422][T31870] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3721.231228][T31870] hsr_slave_0: entered promiscuous mode [ 3721.232402][T31870] hsr_slave_1: entered promiscuous mode [ 3721.233218][T31870] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3721.233485][T31870] Cannot create hsr debugfs directory [ 3721.784984][T31870] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 3721.794487][T31870] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 3721.804760][T31870] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 3721.810845][T31870] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 3722.220730][T32238] FAULT_INJECTION: forcing a failure. [ 3722.220730][T32238] name failslab, interval 1, probability 0, space 0, times 0 [ 3722.221624][T32238] CPU: 1 UID: 0 PID: 32238 Comm: syz.0.6146 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3722.221694][T32238] Hardware name: ARM-Versatile Express [ 3722.221708][T32238] Call trace: [ 3722.221731][T32238] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3722.221790][T32238] r7:00000d40 r6:00000000 r5:60000013 r4:82257d0c [ 3722.221801][T32238] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3722.221830][T32238] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3722.221860][T32238] r5:83890000 r4:8291bcc0 [ 3722.221868][T32238] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3722.221899][T32238] [<8095f454>] (should_fail_ex) from [<8052568c>] (should_failslab+0x6c/0x94) [ 3722.221938][T32238] r8:83890000 r7:00000d40 r6:85e66928 r5:00000019 r4:83001240 [ 3722.221947][T32238] [<80525620>] (should_failslab) from [<8050a480>] (__kmalloc_noprof+0x9c/0x458) [ 3722.221976][T32238] [<8050a3e4>] (__kmalloc_noprof) from [<807bc1b4>] (tomoyo_encode2+0x64/0xf0) [ 3722.222017][T32238] r10:00000fff r9:83351000 r8:00000000 r7:84c03000 r6:85e66928 r5:83d31ffd [ 3722.222028][T32238] r4:83d31fef [ 3722.222036][T32238] [<807bc150>] (tomoyo_encode2) from [<807bc264>] (tomoyo_encode+0x24/0x30) [ 3722.222073][T32238] r9:83351000 r8:00000000 r7:84c03000 r6:85e66928 r5:00001000 r4:83d31ff0 [ 3722.222083][T32238] [<807bc240>] (tomoyo_encode) from [<807bc2f0>] (tomoyo_realpath_from_path+0x80/0x17c) [ 3722.222117][T32238] r5:00001000 r4:83d31000 [ 3722.222125][T32238] [<807bc270>] (tomoyo_realpath_from_path) from [<807b83f0>] (tomoyo_path_number_perm+0xcc/0x22c) [ 3722.222165][T32238] r10:83890000 r9:00000000 r8:85e66900 r7:00008914 r6:00000004 r5:81cd56c4 [ 3722.222177][T32238] r4:85e66928 r3:826c0240 [ 3722.222192][T32238] [<807b8324>] (tomoyo_path_number_perm) from [<807bccd0>] (tomoyo_file_ioctl+0x1c/0x20) [ 3722.222268][T32238] r9:00000003 r8:85e66900 r7:20001500 r6:20001500 r5:00008914 r4:85e66900 [ 3722.222289][T32238] [<807bccb4>] (tomoyo_file_ioctl) from [<8076a70c>] (security_file_ioctl+0x64/0x1e4) [ 3722.222360][T32238] [<8076a6a8>] (security_file_ioctl) from [<8056b32c>] (sys_ioctl+0x4c/0xd84) [ 3722.222449][T32238] r7:20001500 r6:85e66901 r5:00000000 r4:00008914 [ 3722.222473][T32238] [<8056b2e0>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3722.222521][T32238] Exception stack(0xeabe5fa8 to 0xeabe5ff0) [ 3722.222543][T32238] 5fa0: 00000000 00000000 00000003 00008914 20001500 00000000 [ 3722.222562][T32238] 5fc0: 00000000 00000000 0012fee0 00000036 002d0000 00000000 00006364 76bd30bc [ 3722.222577][T32238] 5fe0: 76bd2ec0 76bd2eb0 0001939c 00131f30 [ 3722.222598][T32238] r10:00000036 r9:83890000 r8:8020029c r7:00000036 r6:0012fee0 r5:00000000 [ 3722.222608][T32238] r4:00000000 [ 3722.249065][T32238] ERROR: Out of memory at tomoyo_realpath_from_path. [ 3722.476686][T31870] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3723.118197][T31870] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 3724.714488][T31870] veth0_vlan: entered promiscuous mode [ 3724.725735][T31870] veth1_vlan: entered promiscuous mode [ 3724.764943][T31870] veth0_macvtap: entered promiscuous mode [ 3724.777424][T31870] veth1_macvtap: entered promiscuous mode [ 3724.847772][T31870] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3724.848107][T31870] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3724.849436][T31870] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3724.849553][T31870] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 3725.391056][ T31] audit: type=1326 audit(3725.369:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32265 comm="syz.0.6148" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3725.638968][ T6883] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 3725.793998][ T6883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3725.794250][ T6883] usb 2-1: config 0 has no interfaces? [ 3725.794447][ T6883] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 3725.794566][ T6883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3725.796515][ T6883] usb 2-1: config 0 descriptor?? [ 3726.020494][ T11] usb 2-1: USB disconnect, device number 2 [ 3726.162698][T32328] FAULT_INJECTION: forcing a failure. [ 3726.162698][T32328] name failslab, interval 1, probability 0, space 0, times 0 [ 3726.163633][T32328] CPU: 0 UID: 0 PID: 32328 Comm: syz.1.6152 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3726.163700][T32328] Hardware name: ARM-Versatile Express [ 3726.163714][T32328] Call trace: [ 3726.163735][T32328] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3726.163795][T32328] r7:00000c40 r6:00000000 r5:60000013 r4:82257d0c [ 3726.163804][T32328] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3726.163833][T32328] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3726.163862][T32328] r5:83896000 r4:8291bcc0 [ 3726.163870][T32328] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3726.163904][T32328] [<8095f454>] (should_fail_ex) from [<8052568c>] (should_failslab+0x6c/0x94) [ 3726.163943][T32328] r8:83896000 r7:00000c40 r6:854fe4a8 r5:00001000 r4:830016c0 [ 3726.163952][T32328] [<80525620>] (should_failslab) from [<8050a480>] (__kmalloc_noprof+0x9c/0x458) [ 3726.163982][T32328] [<8050a3e4>] (__kmalloc_noprof) from [<807bc2ac>] (tomoyo_realpath_from_path+0x3c/0x17c) [ 3726.164021][T32328] r10:83896000 r9:8309e800 r8:00000000 r7:83404908 r6:854fe4a8 r5:00001000 [ 3726.164031][T32328] r4:00000000 [ 3726.164059][T32328] [<807bc270>] (tomoyo_realpath_from_path) from [<807b83f0>] (tomoyo_path_number_perm+0xcc/0x22c) [ 3726.164101][T32328] r10:83896000 r9:00000000 r8:854fe480 r7:00005451 r6:00000004 r5:81cd56c4 [ 3726.164113][T32328] r4:854fe4a8 r3:826c0240 [ 3726.164121][T32328] [<807b8324>] (tomoyo_path_number_perm) from [<807bccd0>] (tomoyo_file_ioctl+0x1c/0x20) [ 3726.164157][T32328] r9:00000003 r8:854fe480 r7:00000000 r6:00000000 r5:00005451 r4:854fe480 [ 3726.164166][T32328] [<807bccb4>] (tomoyo_file_ioctl) from [<8076a70c>] (security_file_ioctl+0x64/0x1e4) [ 3726.164197][T32328] [<8076a6a8>] (security_file_ioctl) from [<8056b32c>] (sys_ioctl+0x4c/0xd84) [ 3726.164230][T32328] r7:00000000 r6:854fe481 r5:00000000 r4:00005451 [ 3726.164239][T32328] [<8056b2e0>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3726.164263][T32328] Exception stack(0xead49fa8 to 0xead49ff0) [ 3726.164283][T32328] 9fa0: 00000000 00000000 00000003 00005451 00000000 00000000 [ 3726.164301][T32328] 9fc0: 00000000 00000000 0012fee0 00000036 002d0000 00000000 00006364 76b140bc [ 3726.164315][T32328] 9fe0: 76b13ec0 76b13eb0 0001939c 00131f30 [ 3726.164334][T32328] r10:00000036 r9:83896000 r8:8020029c r7:00000036 r6:0012fee0 r5:00000000 [ 3726.164345][T32328] r4:00000000 [ 3726.186329][T32328] ERROR: Out of memory at tomoyo_realpath_from_path. [ 3729.480231][T32379] fuse: Bad value for 'fd' [ 3730.420691][T32387] FAULT_INJECTION: forcing a failure. [ 3730.420691][T32387] name failslab, interval 1, probability 0, space 0, times 0 [ 3730.421128][T32387] CPU: 1 UID: 0 PID: 32387 Comm: syz.1.6169 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3730.421251][T32387] Hardware name: ARM-Versatile Express [ 3730.421284][T32387] Call trace: [ 3730.421324][T32387] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3730.421436][T32387] r7:83ad3c00 r6:00000000 r5:60000013 r4:82257d0c [ 3730.421478][T32387] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3730.421535][T32387] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3730.421592][T32387] r5:83ad3c00 r4:8291bcc0 [ 3730.421609][T32387] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3730.421724][T32387] [<8095f454>] (should_fail_ex) from [<8052568c>] (should_failslab+0x6c/0x94) [ 3730.421804][T32387] r8:00000000 r7:83ad3c00 r6:00000cc0 r5:83ad3c00 r4:83002cc0 [ 3730.421825][T32387] [<80525620>] (should_failslab) from [<8050a0fc>] (kmem_cache_alloc_noprof+0x4c/0x334) [ 3730.421884][T32387] [<8050a0b0>] (kmem_cache_alloc_noprof) from [<80293de8>] (prepare_creds+0x24/0x2f0) [ 3730.421956][T32387] r10:0000000b r9:83316400 r8:00000000 r7:00000000 r6:83ad3c00 r5:83ad3c00 [ 3730.421979][T32387] r4:00000000 [ 3730.421996][T32387] [<80293dc4>] (prepare_creds) from [<80294214>] (prepare_exec_creds+0x10/0x50) [ 3730.422058][T32387] r7:00000000 r6:83ad3c00 r5:83316400 r4:00000000 [ 3730.422076][T32387] [<80294204>] (prepare_exec_creds) from [<8055a730>] (bprm_execve+0x3c/0x524) [ 3730.422138][T32387] r5:83316400 r4:00000000 [ 3730.422158][T32387] [<8055a6f4>] (bprm_execve) from [<8055be70>] (do_execveat_common+0x154/0x190) [ 3730.422226][T32387] r10:0000000b r9:83316400 r8:00000000 r7:00000000 r6:83ad3c00 r5:832dc000 [ 3730.422249][T32387] r4:00000000 [ 3730.422266][T32387] [<8055bd1c>] (do_execveat_common) from [<8055ce14>] (sys_execve+0x3c/0x44) [ 3730.422342][T32387] r9:83ad3c00 r8:8020029c r7:0000000b r6:0012fee0 r5:00000000 r4:00000000 [ 3730.422360][T32387] [<8055cdd8>] (sys_execve) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3730.422410][T32387] Exception stack(0xeac15fa8 to 0xeac15ff0) [ 3730.422452][T32387] 5fa0: 00000000 00000000 200000c0 00000000 00000000 00000000 [ 3730.422491][T32387] 5fc0: 00000000 00000000 0012fee0 0000000b 002d0000 00000000 00006364 76b140bc [ 3730.422521][T32387] 5fe0: 76b13ec0 76b13eb0 0001939c 00131f30 [ 3730.422548][T32387] r5:00000000 r4:00000000 [ 3730.521947][T32390] fuse: Bad value for 'fd' [ 3730.993911][T32400] fuse: Bad value for 'fd' [ 3731.700045][T32410] fuse: Unknown parameter '0x0000000000000004' [ 3732.844248][T32423] fuse: Unknown parameter '0x0000000000000004' [ 3733.880739][T32433] fuse: Unknown parameter '0x0000000000000004' [ 3735.254898][T32441] FAULT_INJECTION: forcing a failure. [ 3735.254898][T32441] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3735.255163][T32441] CPU: 1 UID: 0 PID: 32441 Comm: syz.1.6194 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3735.255206][T32441] Hardware name: ARM-Versatile Express [ 3735.255220][T32441] Call trace: [ 3735.255241][T32441] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3735.255389][T32441] r7:00000000 r6:00000000 r5:60000013 r4:82257d0c [ 3735.255422][T32441] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3735.255499][T32441] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3735.255558][T32441] r5:83250000 r4:82951710 [ 3735.255570][T32441] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3735.255749][T32441] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3735.255926][T32441] r8:76b13f30 r7:00000000 r6:00000000 r5:eb575f68 r4:00000002 [ 3735.255935][T32441] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3735.255983][T32441] [<8095f694>] (should_fail_usercopy) from [<8058cc58>] (simple_read_from_buffer+0x80/0x13c) [ 3735.256076][T32441] [<8058cbd8>] (simple_read_from_buffer) from [<806041f0>] (proc_fail_nth_read+0xb8/0x100) [ 3735.256203][T32441] r10:00000001 r9:80604138 r8:00000002 r7:eb575f68 r6:0000000f r5:76b13f30 [ 3735.256456][T32441] r4:83250000 r3:eb575e9f [ 3735.256482][T32441] [<80604138>] (proc_fail_nth_read) from [<805517a0>] (vfs_read+0x98/0x320) [ 3735.256647][T32441] r8:76b13f30 r7:eb575f68 r6:83250000 r5:0000000f r4:8512f780 [ 3735.256806][T32441] [<80551708>] (vfs_read) from [<80552440>] (ksys_read+0x74/0xe4) [ 3735.256850][T32441] r10:00000003 r9:83250000 r8:8020029c r7:00000000 r6:00000000 r5:8512f780 [ 3735.256996][T32441] r4:8512f783 [ 3735.257033][T32441] [<805523cc>] (ksys_read) from [<805524c0>] (sys_read+0x10/0x14) [ 3735.257220][T32441] r7:00000003 r6:00000004 r5:76b13f30 r4:0000000f [ 3735.257270][T32441] [<805524b0>] (sys_read) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3735.257327][T32441] Exception stack(0xeb575fa8 to 0xeb575ff0) [ 3735.257470][T32441] 5fa0: 0000000f 76b13f30 00000004 76b13f30 0000000f 00000000 [ 3735.257501][T32441] 5fc0: 0000000f 76b13f30 00000004 00000003 002d0000 00000000 00006364 76b140bc [ 3735.257591][T32441] 5fe0: 00000158 76b13ed0 000d7d68 0012fe04 [ 3735.369364][ T31] audit: type=1326 audit(3735.349:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32430 comm="syz.0.6189" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3735.374167][T32446] fuse: Unknown parameter '0x0000000000000004' [ 3736.408943][T32462] SELinux: Context system_u:object_r:ppp_device_t:s0 is not valid (left unmapped). [ 3736.410816][ T31] audit: type=1400 audit(3736.389:564): avc: denied { relabelto } for pid=32460 comm="syz.1.6200" name=".log" dev="tmpfs" ino=208 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:ppp_device_t:s0" [ 3736.412249][ T31] audit: type=1400 audit(3736.389:565): avc: denied { associate } for pid=32460 comm="syz.1.6200" name=".log" dev="tmpfs" ino=208 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:ppp_device_t:s0" [ 3736.913678][ T31] audit: type=1400 audit(3736.889:566): avc: denied { unlink } for pid=31870 comm="syz-executor" name=".log" dev="tmpfs" ino=208 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:ppp_device_t:s0" [ 3737.033387][ T31] audit: type=1400 audit(3737.009:567): avc: denied { read } for pid=32465 comm="syz.1.6202" name="ptmx" dev="devtmpfs" ino=603 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 3737.034832][ T31] audit: type=1400 audit(3737.009:568): avc: denied { open } for pid=32465 comm="syz.1.6202" path="/dev/ptmx" dev="devtmpfs" ino=603 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 3737.054062][ T31] audit: type=1400 audit(3737.029:569): avc: denied { ioctl } for pid=32465 comm="syz.1.6202" path="/dev/ptmx" dev="devtmpfs" ino=603 ioctlcmd=0x5450 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 3737.342076][ T31] audit: type=1400 audit(3737.319:570): avc: denied { write } for pid=32471 comm="syz.1.6205" name="udmabuf" dev="devtmpfs" ino=662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 3738.068016][ T31] audit: type=1400 audit(3738.039:571): avc: denied { setattr } for pid=32484 comm="syz.1.6209" name="null" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 3739.776351][ T31] audit: type=1326 audit(3739.749:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32486 comm="syz.1.6210" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3740.484291][T32516] FAULT_INJECTION: forcing a failure. [ 3740.484291][T32516] name failslab, interval 1, probability 0, space 0, times 0 [ 3740.485225][T32516] CPU: 0 UID: 0 PID: 32516 Comm: syz.0.6222 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3740.485296][T32516] Hardware name: ARM-Versatile Express [ 3740.485310][T32516] Call trace: [ 3740.485331][T32516] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3740.485400][T32516] r7:00100cc0 r6:00000000 r5:60000013 r4:82257d0c [ 3740.485411][T32516] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3740.485442][T32516] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3740.485495][T32516] r5:83892400 r4:8291bcc0 [ 3740.485504][T32516] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3740.485536][T32516] [<8095f454>] (should_fail_ex) from [<8052568c>] (should_failslab+0x6c/0x94) [ 3740.485575][T32516] r8:00100cc0 r7:00100cc0 r6:00000000 r5:83001240 r4:00000002 [ 3740.485585][T32516] [<80525620>] (should_failslab) from [<80508c60>] (__kvmalloc_node_noprof+0xe0/0x59c) [ 3740.485615][T32516] [<80508b80>] (__kvmalloc_node_noprof) from [<804a58e0>] (vmemdup_user+0x28/0x16c) [ 3740.485654][T32516] r10:000000e4 r9:83892400 r8:20000780 r7:20000780 r6:00001000 r5:00000000 [ 3740.485665][T32516] r4:00000002 [ 3740.485673][T32516] [<804a58b8>] (vmemdup_user) from [<8058a72c>] (setxattr_copy+0x58/0x90) [ 3740.485710][T32516] r9:83892400 r8:20000780 r7:00000003 r6:00001000 r5:00000000 r4:eb885e48 [ 3740.485720][T32516] [<8058a6d4>] (setxattr_copy) from [<8058a938>] (path_setxattrat+0x7c/0x17c) [ 3740.485747][T32516] r5:00000000 r4:20000740 [ 3740.485756][T32516] [<8058a8bc>] (path_setxattrat) from [<8058ac38>] (sys_fsetxattr+0x30/0x38) [ 3740.485791][T32516] r8:8020029c r7:000000e4 r6:0012fee0 r5:00000000 r4:00000001 [ 3740.485800][T32516] [<8058ac08>] (sys_fsetxattr) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3740.485826][T32516] Exception stack(0xeb885fa8 to 0xeb885ff0) [ 3740.485847][T32516] 5fa0: 00000001 00000000 00000003 20000740 20000780 00000002 [ 3740.485866][T32516] 5fc0: 00000001 00000000 0012fee0 000000e4 002d0000 00000000 00006364 76bd30bc [ 3740.485881][T32516] 5fe0: 76bd2ec0 76bd2eb0 0001939c 00131f30 [ 3741.632210][T32534] FAULT_INJECTION: forcing a failure. [ 3741.632210][T32534] name failslab, interval 1, probability 0, space 0, times 0 [ 3741.639155][T32534] CPU: 0 UID: 0 PID: 32534 Comm: syz.1.6228 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3741.639238][T32534] Hardware name: ARM-Versatile Express [ 3741.639252][T32534] Call trace: [ 3741.639278][T32534] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3741.639379][T32534] r7:83ac6c00 r6:00000000 r5:60000113 r4:82257d0c [ 3741.639391][T32534] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3741.639421][T32534] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3741.639451][T32534] r5:83ac6c00 r4:8291bcc0 [ 3741.639459][T32534] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3741.639491][T32534] [<8095f454>] (should_fail_ex) from [<8052568c>] (should_failslab+0x6c/0x94) [ 3741.639529][T32534] r8:00000000 r7:83ac6c00 r6:00000cc0 r5:76b12e60 r4:83001300 [ 3741.639539][T32534] [<80525620>] (should_failslab) from [<805094b0>] (__kmalloc_cache_noprof+0x4c/0x33c) [ 3741.639568][T32534] [<80509464>] (__kmalloc_cache_noprof) from [<810393fc>] (raw_ioctl_init+0x138/0x340) [ 3741.639607][T32534] r10:83ac6c00 r9:8245d6c4 r8:854a5ec0 r7:b5403587 r6:8446f000 r5:76b12e60 [ 3741.639617][T32534] r4:00000000 [ 3741.639634][T32534] [<810392c4>] (raw_ioctl_init) from [<8103aa5c>] (raw_ioctl+0x3f0/0x1094) [ 3741.639669][T32534] r10:83ac6c00 r9:00000004 r8:8494ba80 r7:76b12e60 r6:76b12e60 r5:00000000 [ 3741.639679][T32534] r4:8446f000 [ 3741.639687][T32534] [<8103a66c>] (raw_ioctl) from [<8056b418>] (sys_ioctl+0x138/0xd84) [ 3741.639722][T32534] r10:83ac6c00 r9:00000004 r8:8494ba80 r7:76b12e60 r6:8494ba81 r5:00000000 [ 3741.639733][T32534] r4:41015500 [ 3741.639741][T32534] [<8056b2e0>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3741.639765][T32534] Exception stack(0xeb99dfa8 to 0xeb99dff0) [ 3741.639787][T32534] dfa0: 00000004 76b12e70 00000004 41015500 76b12e60 76b11e00 [ 3741.639806][T32534] dfc0: 00000004 76b12e70 76b11e70 00000036 00000005 76b12e60 00000000 00000000 [ 3741.639821][T32534] dfe0: 00000000 76b11de8 002b8000 001318fc [ 3741.639840][T32534] r10:00000036 r9:83ac6c00 r8:8020029c r7:00000036 r6:76b11e70 r5:76b12e70 [ 3741.639850][T32534] r4:00000004 [ 3743.765273][ T31] audit: type=1326 audit(3743.739:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32537 comm="syz.0.6230" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3746.036683][T32566] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=32566 comm=syz.0.6235 [ 3747.430999][ T31] audit: type=1326 audit(3747.409:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32564 comm="syz.1.6239" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3754.592131][ T31] audit: type=1400 audit(3754.559:575): avc: denied { append } for pid=32588 comm="syz.1.6247" name="rtc0" dev="devtmpfs" ino=697 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 3755.263976][T32599] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=1013 sclass=netlink_tcpdiag_socket pid=32599 comm=syz.1.6252 [ 3755.280410][T32600] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=1013 sclass=netlink_tcpdiag_socket pid=32600 comm=syz.1.6252 [ 3760.884297][ T31] audit: type=1326 audit(3760.859:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32622 comm="syz.1.6259" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3762.947496][T32638] binder: 32637:32638 ioctl 40046205 0 returned -22 [ 3764.243572][ T31] audit: type=1326 audit(134221492.224:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32644 comm="syz.1.6267" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3769.842419][T32687] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=5133 sclass=netlink_audit_socket pid=32687 comm=syz.0.6278 [ 3783.092344][ T31] audit: type=1400 audit(134221511.074:578): avc: denied { nlmsg_tty_audit } for pid=32744 comm="syz.1.6296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 3783.655099][T32756] FAULT_INJECTION: forcing a failure. [ 3783.655099][T32756] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3783.656247][T32756] CPU: 0 UID: 0 PID: 32756 Comm: syz.1.6301 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3783.656312][T32756] Hardware name: ARM-Versatile Express [ 3783.656326][T32756] Call trace: [ 3783.656347][T32756] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3783.656417][T32756] r7:20000380 r6:00000000 r5:60000013 r4:82257d0c [ 3783.656427][T32756] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3783.656456][T32756] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3783.656487][T32756] r5:84a3a400 r4:82951710 [ 3783.656495][T32756] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3783.656527][T32756] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3783.656560][T32756] r8:00000000 r7:20000380 r6:848a8900 r5:00000000 r4:ecf39e68 [ 3783.656569][T32756] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3783.656595][T32756] [<8095f694>] (should_fail_usercopy) from [<808aeb9c>] (_copy_from_iter+0x6c/0x7c8) [ 3783.656625][T32756] [<808aeb30>] (_copy_from_iter) from [<816453b8>] (netlink_sendmsg+0x18c/0x444) [ 3783.656672][T32756] r10:00000000 r9:00000000 r8:ecf39e78 r7:84330000 r6:00000015 r5:85e37600 [ 3783.656684][T32756] r4:ecf39e68 [ 3783.656692][T32756] [<8164522c>] (netlink_sendmsg) from [<81519cbc>] (__sock_sendmsg+0x44/0x78) [ 3783.656732][T32756] r10:81e4e0c0 r9:20000380 r8:00000000 r7:84cebb80 r6:84cebb80 r5:ecf39e68 [ 3783.656742][T32756] r4:00000000 [ 3783.656750][T32756] [<81519c78>] (__sock_sendmsg) from [<81519d90>] (sock_write_iter+0xa0/0xfc) [ 3783.656781][T32756] r7:84cebb80 r6:8494bd80 r5:ecf39f08 r4:ecf39ef0 [ 3783.656789][T32756] [<81519cf0>] (sock_write_iter) from [<80552328>] (vfs_write+0x3a4/0x448) [ 3783.656823][T32756] r7:84a3a400 r6:00000015 r5:8494bd80 r4:00000000 [ 3783.656831][T32756] [<80551f84>] (vfs_write) from [<80552594>] (ksys_write+0xd0/0xe4) [ 3783.656865][T32756] r10:00000004 r9:84a3a400 r8:8020029c r7:00000015 r6:20000380 r5:8494bd80 [ 3783.656875][T32756] r4:8494bd81 [ 3783.656883][T32756] [<805524c4>] (ksys_write) from [<805525b8>] (sys_write+0x10/0x14) [ 3783.656914][T32756] r7:00000004 r6:0012fee0 r5:00000000 r4:00000000 [ 3783.656921][T32756] [<805525a8>] (sys_write) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3783.656947][T32756] Exception stack(0xecf39fa8 to 0xecf39ff0) [ 3783.656968][T32756] 9fa0: 00000000 00000000 00000003 20000380 00000015 00000000 [ 3783.656986][T32756] 9fc0: 00000000 00000000 0012fee0 00000004 002d0000 00000000 00006364 76b140bc [ 3783.657001][T32756] 9fe0: 76b13ec0 76b13eb0 0001939c 00131f30 [ 3783.804997][ T31] audit: type=1326 audit(134221511.784:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=32731 comm="syz.0.6290" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3787.631661][ T31] audit: type=1326 audit(134221515.614:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=307 comm="syz.1.6309" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3790.599291][ T11] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 3790.758968][ T11] usb 1-1: Using ep0 maxpacket: 8 [ 3790.772546][ T11] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3790.773179][ T11] usb 1-1: config 0 has no interfaces? [ 3790.777091][ T11] usb 1-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 3790.777675][ T11] usb 1-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 3790.778321][ T11] usb 1-1: Product: syz [ 3790.779104][ T11] usb 1-1: SerialNumber: syz [ 3790.781951][ T11] usb 1-1: config 0 descriptor?? [ 3790.994569][T16697] usb 1-1: USB disconnect, device number 10 [ 3791.102340][ T31] audit: type=1326 audit(134221519.084:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=330 comm="syz.1.6316" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3791.204880][ T337] FAULT_INJECTION: forcing a failure. [ 3791.204880][ T337] name failslab, interval 1, probability 0, space 0, times 0 [ 3791.217693][ T337] CPU: 1 UID: 0 PID: 337 Comm: syz.0.6317 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3791.217769][ T337] Hardware name: ARM-Versatile Express [ 3791.217784][ T337] Call trace: [ 3791.217806][ T337] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3791.217873][ T337] r7:00000d40 r6:00000000 r5:60000013 r4:82257d0c [ 3791.217884][ T337] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3791.217914][ T337] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3791.217946][ T337] r5:83896000 r4:8291bcc0 [ 3791.217954][ T337] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3791.217987][ T337] [<8095f454>] (should_fail_ex) from [<8052568c>] (should_failslab+0x6c/0x94) [ 3791.218025][ T337] r8:83896000 r7:00000d40 r6:854fece8 r5:00000022 r4:83001240 [ 3791.218034][ T337] [<80525620>] (should_failslab) from [<8050a480>] (__kmalloc_noprof+0x9c/0x458) [ 3791.218070][ T337] [<8050a3e4>] (__kmalloc_noprof) from [<807bc1b4>] (tomoyo_encode2+0x64/0xf0) [ 3791.218111][ T337] r10:00000fff r9:8309e800 r8:00000000 r7:834e36e8 r6:854fece8 r5:83d30ffc [ 3791.218122][ T337] r4:83d30fe5 [ 3791.218129][ T337] [<807bc150>] (tomoyo_encode2) from [<807bc264>] (tomoyo_encode+0x24/0x30) [ 3791.218166][ T337] r9:8309e800 r8:00000000 r7:834e36e8 r6:854fece8 r5:00001000 r4:83d30fe6 [ 3791.218175][ T337] [<807bc240>] (tomoyo_encode) from [<807bc2f0>] (tomoyo_realpath_from_path+0x80/0x17c) [ 3791.218206][ T337] r5:00001000 r4:83d30000 [ 3791.218214][ T337] [<807bc270>] (tomoyo_realpath_from_path) from [<807b83f0>] (tomoyo_path_number_perm+0xcc/0x22c) [ 3791.218252][ T337] r10:83896000 r9:00000000 r8:854fecc0 r7:00005501 r6:00000004 r5:81cd56c4 [ 3791.218264][ T337] r4:854fece8 r3:826c0240 [ 3791.218272][ T337] [<807b8324>] (tomoyo_path_number_perm) from [<807bccd0>] (tomoyo_file_ioctl+0x1c/0x20) [ 3791.218309][ T337] r9:00000004 r8:854fecc0 r7:00000000 r6:00000000 r5:00005501 r4:854fecc0 [ 3791.218318][ T337] [<807bccb4>] (tomoyo_file_ioctl) from [<8076a70c>] (security_file_ioctl+0x64/0x1e4) [ 3791.218349][ T337] [<8076a6a8>] (security_file_ioctl) from [<8056b32c>] (sys_ioctl+0x4c/0xd84) [ 3791.218466][ T337] r7:00000000 r6:854fecc1 r5:76bd1e70 r4:00005501 [ 3791.218478][ T337] [<8056b2e0>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3791.218510][ T337] Exception stack(0xed0d9fa8 to 0xed0d9ff0) [ 3791.218539][ T337] 9fa0: 00000004 76bd1e70 00000004 00005501 00000000 76bd0e00 [ 3791.218559][ T337] 9fc0: 00000004 76bd1e70 76bd0e70 00000036 00000005 76bd1e60 0041084c 0000003b [ 3791.218574][ T337] 9fe0: 00000000 76bd0de8 002b8000 001318fc [ 3791.218593][ T337] r10:00000036 r9:83896000 r8:8020029c r7:00000036 r6:76bd0e70 r5:76bd1e70 [ 3791.218604][ T337] r4:00000004 [ 3791.248864][ T337] ERROR: Out of memory at tomoyo_realpath_from_path. [ 3791.508880][T16697] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 3791.668759][T16697] usb 1-1: Using ep0 maxpacket: 8 [ 3791.690563][T16697] usb 1-1: unable to get BOS descriptor or descriptor too short [ 3791.692369][T16697] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 3791.694131][T16697] usb 1-1: can't read configurations, error -71 [ 3793.529091][ T48] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 3793.692537][ T48] usb 2-1: config index 0 descriptor too short (expected 45, got 36) [ 3793.693213][ T48] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 3793.695189][ T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 3793.696520][ T48] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 3793.699475][ T48] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 3793.701069][ T48] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 3793.702556][ T48] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3793.706790][ T48] usb 2-1: config 0 descriptor?? [ 3793.710505][ T376] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 3794.130541][ T48] plantronics 0003:047F:FFFF.0042: reserved main item tag 0xd [ 3794.140280][ T48] plantronics 0003:047F:FFFF.0042: No inputs registered, leaving [ 3794.145036][ T48] plantronics 0003:047F:FFFF.0042: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 3794.393016][ T11] usb 2-1: USB disconnect, device number 3 [ 3795.509823][ T31] audit: type=1326 audit(134221523.494:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=408 comm="syz.1.6328" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3797.634289][ T421] FAULT_INJECTION: forcing a failure. [ 3797.634289][ T421] name failslab, interval 1, probability 0, space 0, times 0 [ 3797.634859][ T421] CPU: 1 UID: 0 PID: 421 Comm: syz.1.6331 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3797.634936][ T421] Hardware name: ARM-Versatile Express [ 3797.634962][ T421] Call trace: [ 3797.635006][ T421] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3797.635123][ T421] r7:00000c40 r6:00000000 r5:60000013 r4:82257d0c [ 3797.635145][ T421] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3797.635208][ T421] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3797.635273][ T421] r5:83aed400 r4:8291bcc0 [ 3797.635292][ T421] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3797.635358][ T421] [<8095f454>] (should_fail_ex) from [<8052568c>] (should_failslab+0x6c/0x94) [ 3797.635430][ T421] r8:83aed400 r7:00000c40 r6:854feaa8 r5:00001000 r4:830016c0 [ 3797.635448][ T421] [<80525620>] (should_failslab) from [<8050a480>] (__kmalloc_noprof+0x9c/0x458) [ 3797.635516][ T421] [<8050a3e4>] (__kmalloc_noprof) from [<807bc2ac>] (tomoyo_realpath_from_path+0x3c/0x17c) [ 3797.635596][ T421] r10:83aed400 r9:83351000 r8:00000000 r7:84c00880 r6:854feaa8 r5:00001000 [ 3797.635619][ T421] r4:00000000 [ 3797.635628][ T421] [<807bc270>] (tomoyo_realpath_from_path) from [<807b83f0>] (tomoyo_path_number_perm+0xcc/0x22c) [ 3797.635668][ T421] r10:83aed400 r9:00000000 r8:854fea80 r7:00008983 r6:00000004 r5:81cd56c4 [ 3797.635680][ T421] r4:854feaa8 r3:826c0240 [ 3797.635688][ T421] [<807b8324>] (tomoyo_path_number_perm) from [<807bccd0>] (tomoyo_file_ioctl+0x1c/0x20) [ 3797.635728][ T421] r9:00000003 r8:854fea80 r7:20000540 r6:20000540 r5:00008983 r4:854fea80 [ 3797.635738][ T421] [<807bccb4>] (tomoyo_file_ioctl) from [<8076a70c>] (security_file_ioctl+0x64/0x1e4) [ 3797.635771][ T421] [<8076a6a8>] (security_file_ioctl) from [<8056b32c>] (sys_ioctl+0x4c/0xd84) [ 3797.635804][ T421] r7:20000540 r6:854fea81 r5:00000000 r4:00008983 [ 3797.635813][ T421] [<8056b2e0>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3797.635838][ T421] Exception stack(0xed621fa8 to 0xed621ff0) [ 3797.635862][ T421] 1fa0: 00000000 00000000 00000003 00008983 20000540 00000000 [ 3797.635881][ T421] 1fc0: 00000000 00000000 0012fee0 00000036 002d0000 00000000 00006364 76b140bc [ 3797.635895][ T421] 1fe0: 76b13ec0 76b13eb0 0001939c 00131f30 [ 3797.635915][ T421] r10:00000036 r9:83aed400 r8:8020029c r7:00000036 r6:0012fee0 r5:00000000 [ 3797.635924][ T421] r4:00000000 [ 3797.636303][ T421] ERROR: Out of memory at tomoyo_realpath_from_path. [ 3797.768898][ T415] FAULT_INJECTION: forcing a failure. [ 3797.768898][ T415] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3797.769146][ T415] CPU: 0 UID: 0 PID: 415 Comm: syz.0.6329 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3797.769180][ T415] Hardware name: ARM-Versatile Express [ 3797.769193][ T415] Call trace: [ 3797.769213][ T415] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3797.769319][ T415] r7:00000000 r6:00000000 r5:60000013 r4:82257d0c [ 3797.769335][ T415] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3797.769370][ T415] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3797.769400][ T415] r5:84a3ec00 r4:82951710 [ 3797.769423][ T415] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3797.769509][ T415] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3797.769577][ T415] r8:76b90f30 r7:00000000 r6:00000000 r5:ed5cdf68 r4:00000002 [ 3797.769593][ T415] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3797.769680][ T415] [<8095f694>] (should_fail_usercopy) from [<8058cc58>] (simple_read_from_buffer+0x80/0x13c) [ 3797.769717][ T415] [<8058cbd8>] (simple_read_from_buffer) from [<806041f0>] (proc_fail_nth_read+0xb8/0x100) [ 3797.769756][ T415] r10:00000001 r9:80604138 r8:00000002 r7:ed5cdf68 r6:0000000f r5:76b90f30 [ 3797.769769][ T415] r4:84a3ec00 r3:ed5cde9f [ 3797.769777][ T415] [<80604138>] (proc_fail_nth_read) from [<805517a0>] (vfs_read+0x98/0x320) [ 3797.769814][ T415] r8:76b90f30 r7:ed5cdf68 r6:84a3ec00 r5:0000000f r4:8494b3c0 [ 3797.769823][ T415] [<80551708>] (vfs_read) from [<80552440>] (ksys_read+0x74/0xe4) [ 3797.769857][ T415] r10:00000003 r9:84a3ec00 r8:8020029c r7:00000000 r6:00000000 r5:8494b3c0 [ 3797.769881][ T415] r4:8494b3c3 [ 3797.769891][ T415] [<805523cc>] (ksys_read) from [<805524c0>] (sys_read+0x10/0x14) [ 3797.769925][ T415] r7:00000003 r6:00000005 r5:76b90f30 r4:0000000f [ 3797.769947][ T415] [<805524b0>] (sys_read) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3797.769975][ T415] Exception stack(0xed5cdfa8 to 0xed5cdff0) [ 3797.769996][ T415] dfa0: 0000000f 76b90f30 00000005 76b90f30 0000000f 00000000 [ 3797.770015][ T415] dfc0: 0000000f 76b90f30 00000005 00000003 002d0000 00000000 00006364 76b910bc [ 3797.770029][ T415] dfe0: 00000158 76b90ed0 000d7d68 0012fe04 [ 3799.695909][ T31] audit: type=1326 audit(134221527.674:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=433 comm="syz.0.6334" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3801.671433][ T497] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=497 comm=syz.1.6346 [ 3801.673984][ T497] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=497 comm=syz.1.6346 [ 3803.031400][ T531] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=531 comm=syz.0.6357 [ 3803.596504][ T545] FAULT_INJECTION: forcing a failure. [ 3803.596504][ T545] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3803.597539][ T545] CPU: 1 UID: 0 PID: 545 Comm: syz.0.6362 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3803.597616][ T545] Hardware name: ARM-Versatile Express [ 3803.597631][ T545] Call trace: [ 3803.597654][ T545] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3803.597720][ T545] r7:8398ac00 r6:00000000 r5:60000013 r4:82257d0c [ 3803.597731][ T545] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3803.597765][ T545] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3803.597800][ T545] r5:841f0c00 r4:82951710 [ 3803.597809][ T545] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3803.597845][ T545] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3803.597887][ T545] r8:81d352c0 r7:8398ac00 r6:c010640b r5:00000010 r4:00000010 [ 3803.597897][ T545] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3803.597928][ T545] [<8095f694>] (should_fail_usercopy) from [<80ab7880>] (drm_ioctl+0x1c8/0x5b0) [ 3803.597961][ T545] [<80ab76b8>] (drm_ioctl) from [<8056b418>] (sys_ioctl+0x138/0xd84) [ 3803.598005][ T545] r10:841f0c00 r9:00000003 r8:856a5f00 r7:20000880 r6:856a5f01 r5:00000000 [ 3803.598017][ T545] r4:c010640b [ 3803.598027][ T545] [<8056b2e0>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3803.598056][ T545] Exception stack(0xeda21fa8 to 0xeda21ff0) [ 3803.598080][ T545] 1fa0: 00000000 00000000 00000003 c010640b 20000880 00000000 [ 3803.598102][ T545] 1fc0: 00000000 00000000 0012fee0 00000036 002d0000 00000000 00006364 76bd30bc [ 3803.598120][ T545] 1fe0: 76bd2ec0 76bd2eb0 0001939c 00131f30 [ 3803.598143][ T545] r10:00000036 r9:841f0c00 r8:8020029c r7:00000036 r6:0012fee0 r5:00000000 [ 3803.598155][ T545] r4:00000000 [ 3803.724271][ T553] FAULT_INJECTION: forcing a failure. [ 3803.724271][ T553] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3803.724609][ T553] CPU: 1 UID: 0 PID: 553 Comm: syz.1.6366 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3803.724652][ T553] Hardware name: ARM-Versatile Express [ 3803.724667][ T553] Call trace: [ 3803.724690][ T553] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3803.724747][ T553] r7:eda89e20 r6:00000000 r5:60000013 r4:82257d0c [ 3803.724757][ T553] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3803.724787][ T553] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3803.724819][ T553] r5:83892400 r4:82951710 [ 3803.724827][ T553] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3803.724860][ T553] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3803.724896][ T553] r8:00040004 r7:eda89e20 r6:20000300 r5:00000000 r4:eda89f20 [ 3803.724904][ T553] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3803.724932][ T553] [<8095f694>] (should_fail_usercopy) from [<8151c150>] (copy_msghdr_from_user+0x50/0x130) [ 3803.724964][ T553] [<8151c100>] (copy_msghdr_from_user) from [<8151c2a8>] (___sys_sendmsg+0x78/0xd0) [ 3803.724998][ T553] r8:00040004 r7:00000000 r6:837d7680 r5:eda89f20 r4:eda89e64 [ 3803.725008][ T553] [<8151c230>] (___sys_sendmsg) from [<8151c75c>] (__sys_sendmsg+0x8c/0xd8) [ 3803.725045][ T553] r10:00000128 r9:83892400 r8:856a5f00 r7:00040004 r6:20000300 r5:856a5f01 [ 3803.725055][ T553] r4:00000003 [ 3803.725064][ T553] [<8151c6d0>] (__sys_sendmsg) from [<8151c7bc>] (sys_sendmsg+0x14/0x18) [ 3803.725098][ T553] r8:8020029c r7:00000128 r6:0012fee0 r5:00000000 r4:00000000 [ 3803.725107][ T553] [<8151c7a8>] (sys_sendmsg) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3803.725133][ T553] Exception stack(0xeda89fa8 to 0xeda89ff0) [ 3803.725154][ T553] 9fa0: 00000000 00000000 00000003 20000300 00040004 00000000 [ 3803.725174][ T553] 9fc0: 00000000 00000000 0012fee0 00000128 002d0000 00000000 00006364 76b140bc [ 3803.725190][ T553] 9fe0: 76b13ec0 76b13eb0 0001939c 00131f30 [ 3804.383299][ T570] FAULT_INJECTION: forcing a failure. [ 3804.383299][ T570] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3804.383616][ T570] CPU: 0 UID: 0 PID: 570 Comm: syz.0.6373 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3804.383652][ T570] Hardware name: ARM-Versatile Express [ 3804.383665][ T570] Call trace: [ 3804.383688][ T570] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3804.383749][ T570] r7:00000000 r6:00000000 r5:60000013 r4:82257d0c [ 3804.383760][ T570] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3804.383789][ T570] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3804.383819][ T570] r5:83894800 r4:82951710 [ 3804.383841][ T570] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3804.383877][ T570] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3804.383912][ T570] r8:76bd2f30 r7:00000000 r6:00000000 r5:edb29f68 r4:00000002 [ 3804.383921][ T570] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3804.383947][ T570] [<8095f694>] (should_fail_usercopy) from [<8058cc58>] (simple_read_from_buffer+0x80/0x13c) [ 3804.383977][ T570] [<8058cbd8>] (simple_read_from_buffer) from [<806041f0>] (proc_fail_nth_read+0xb8/0x100) [ 3804.384015][ T570] r10:00000001 r9:80604138 r8:00000002 r7:edb29f68 r6:0000000f r5:76bd2f30 [ 3804.384028][ T570] r4:83894800 r3:edb29e9f [ 3804.384035][ T570] [<80604138>] (proc_fail_nth_read) from [<805517a0>] (vfs_read+0x98/0x320) [ 3804.384071][ T570] r8:76bd2f30 r7:edb29f68 r6:83894800 r5:0000000f r4:85481300 [ 3804.384112][ T570] [<80551708>] (vfs_read) from [<80552440>] (ksys_read+0x74/0xe4) [ 3804.384151][ T570] r10:00000003 r9:83894800 r8:8020029c r7:00000000 r6:00000000 r5:85481300 [ 3804.384163][ T570] r4:85481303 [ 3804.384170][ T570] [<805523cc>] (ksys_read) from [<805524c0>] (sys_read+0x10/0x14) [ 3804.384201][ T570] r7:00000003 r6:00000004 r5:76bd2f30 r4:0000000f [ 3804.384222][ T570] [<805524b0>] (sys_read) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3804.384251][ T570] Exception stack(0xedb29fa8 to 0xedb29ff0) [ 3804.384274][ T570] 9fa0: 0000000f 76bd2f30 00000004 76bd2f30 0000000f 00000000 [ 3804.384292][ T570] 9fc0: 0000000f 76bd2f30 00000004 00000003 002d0000 00000000 00006364 76bd30bc [ 3804.384307][ T570] 9fe0: 00000158 76bd2ed0 000d7d68 0012fe04 [ 3805.099791][T16697] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 3805.280298][T16697] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 3805.281643][T16697] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3805.283326][T16697] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3805.284408][T16697] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 3805.301890][T16697] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 3805.303036][T16697] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 3805.304076][T16697] usb 1-1: Manufacturer: syz [ 3805.311161][T16697] usb 1-1: config 0 descriptor?? [ 3805.779821][T16697] appleir 0003:05AC:8243.0043: unknown main item tag 0x0 [ 3805.781027][T16697] appleir 0003:05AC:8243.0043: No inputs registered, leaving [ 3805.784805][T16697] appleir 0003:05AC:8243.0043: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 3807.337708][ T31] audit: type=1400 audit(134221535.314:584): avc: denied { lock } for pid=595 comm="syz.0.6378" path="/dev/cuse" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 3807.880284][T31145] usb 1-1: USB disconnect, device number 13 [ 3808.258690][ T31] audit: type=1400 audit(134221536.194:585): avc: denied { remount } for pid=610 comm="syz.0.6384" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 3808.258969][ T31] audit: type=1400 audit(134221536.234:586): avc: denied { unmount } for pid=30147 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 3811.671966][ T640] FAULT_INJECTION: forcing a failure. [ 3811.671966][ T640] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3811.672213][ T640] CPU: 0 UID: 0 PID: 640 Comm: syz.1.6389 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3811.672248][ T640] Hardware name: ARM-Versatile Express [ 3811.672263][ T640] Call trace: [ 3811.672285][ T640] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3811.672393][ T640] r7:20000200 r6:00000000 r5:60000013 r4:82257d0c [ 3811.672413][ T640] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3811.672467][ T640] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3811.672528][ T640] r5:84161800 r4:82951710 [ 3811.672539][ T640] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3811.672576][ T640] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3811.672615][ T640] r8:84d51180 r7:20000200 r6:edce9eec r5:00000010 r4:00000010 [ 3811.672654][ T640] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3811.672686][ T640] [<8095f694>] (should_fail_usercopy) from [<8151a594>] (move_addr_to_kernel+0x34/0xf8) [ 3811.672719][ T640] [<8151a560>] (move_addr_to_kernel) from [<8151b23c>] (__sys_bind+0x80/0x108) [ 3811.672752][ T640] r7:856a5300 r6:00000010 r5:856a5301 r4:00000003 [ 3811.672783][ T640] [<8151b1bc>] (__sys_bind) from [<8151b2d4>] (sys_bind+0x10/0x14) [ 3811.672823][ T640] r9:84161800 r8:8020029c r7:0000011a r6:0012fee0 r5:00000000 r4:00000000 [ 3811.672851][ T640] [<8151b2c4>] (sys_bind) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3811.672880][ T640] Exception stack(0xedce9fa8 to 0xedce9ff0) [ 3811.672902][ T640] 9fa0: 00000000 00000000 00000003 20000200 00000010 00000000 [ 3811.672924][ T640] 9fc0: 00000000 00000000 0012fee0 0000011a 002d0000 00000000 00006364 76a900bc [ 3811.672940][ T640] 9fe0: 76a8fec0 76a8feb0 0001939c 00131f30 [ 3814.668876][ T31] audit: type=1326 audit(134221542.634:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=674 comm="syz.1.6407" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3815.402388][ T31] audit: type=1400 audit(134221543.384:588): avc: denied { accept } for pid=682 comm="syz.0.6410" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 3815.625846][ T31] audit: type=1400 audit(134221543.604:589): avc: denied { accept } for pid=682 comm="syz.0.6410" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1 [ 3821.323516][ T31] audit: type=1326 audit(134221549.304:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=701 comm="syz.1.6416" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3822.969403][ T11] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 3823.148828][ T11] usb 1-1: Using ep0 maxpacket: 8 [ 3823.210502][ T11] usb 1-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 156, changing to 11 [ 3823.210740][ T11] usb 1-1: config 1 interface 0 altsetting 1 endpoint 0x2 has invalid wMaxPacketSize 0 [ 3823.210947][ T11] usb 1-1: config 1 interface 0 has no altsetting 0 [ 3823.228818][ T11] usb 1-1: New USB device found, idVendor=11ff, idProduct=3331, bcdDevice= 0.40 [ 3823.229038][ T11] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3823.229286][ T11] usb 1-1: Product: ﳤ气伀㶫ꨩ迯薾ꚤ柑쨄홸㢏丯￿绚ᴌๅ蝇桌⁦ꀧᏬ䓱⋚ꁾ縐詵촎䃍䭒⧢퍐쇄辝탽籦憌涋묮槗试ꔅቴ孢⑓⾐ࠣ㟿⺚㎧딴泄钣샟䥒﷞钍䩃囀쥍ꇉ塍❄쩌磌鐔뱰넊儳栊 [ 3823.229389][ T11] usb 1-1: Manufacturer: 褒ؔ彍二导摝猲硝쿱虱⒯⺢糇﷍䵷촹ꎃ磂皑駮ﻗ궐歓딬俰ꑞ혫섅䞷赹ᮬ⧔蠙㥜旖鴱⦩ꩡ斯쿐䷘왦傧䨙겍갅驵⪢鶡胻Ꞽ຃뒂⥊肞䀉ᢹ低涕왽㾔쐢䱠บܕ殢뺖ਧ簑緙單ኲ䗹纓燳嶬ꤖ襵茠૛ֈ憣﹇暤⼚䑈쫽蘛І䵦啁꼀䅯䊥虄뗇븐氶锭͖뿙鐥陭㶎늼沢 [ 3823.229434][ T11] usb 1-1: SerialNumber: ј [ 3823.791925][ T713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3823.795253][ T713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3823.980632][ T713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3824.072705][ T713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3824.840511][ T11] usbhid 1-1:1.0: can't add hid device: -71 [ 3824.840823][ T11] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 3824.843806][ T11] usb 1-1: USB disconnect, device number 14 [ 3824.955988][ T739] FAULT_INJECTION: forcing a failure. [ 3824.955988][ T739] name failslab, interval 1, probability 0, space 0, times 0 [ 3824.960112][ T739] CPU: 1 UID: 0 PID: 739 Comm: syz.1.6426 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3824.960264][ T739] Hardware name: ARM-Versatile Express [ 3824.960294][ T739] Call trace: [ 3824.960343][ T739] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3824.960469][ T739] r7:00000c40 r6:00000000 r5:60000113 r4:82257d0c [ 3824.960491][ T739] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3824.960553][ T739] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3824.960618][ T739] r5:84170000 r4:8291bcc0 [ 3824.960638][ T739] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3824.960706][ T739] [<8095f454>] (should_fail_ex) from [<8052568c>] (should_failslab+0x6c/0x94) [ 3824.960787][ T739] r8:84170000 r7:00000c40 r6:854fe6e8 r5:00001000 r4:830016c0 [ 3824.960808][ T739] [<80525620>] (should_failslab) from [<8050a480>] (__kmalloc_noprof+0x9c/0x458) [ 3824.960871][ T739] [<8050a3e4>] (__kmalloc_noprof) from [<807bc2ac>] (tomoyo_realpath_from_path+0x3c/0x17c) [ 3824.960955][ T739] r10:84170000 r9:8309e800 r8:00000000 r7:83414c38 r6:854fe6e8 r5:00001000 [ 3824.960981][ T739] r4:00000000 [ 3824.960999][ T739] [<807bc270>] (tomoyo_realpath_from_path) from [<807b83f0>] (tomoyo_path_number_perm+0xcc/0x22c) [ 3824.961083][ T739] r10:84170000 r9:00000000 r8:854fe6c0 r7:00004c80 r6:00000004 r5:81cd56c4 [ 3824.961111][ T739] r4:854fe6e8 r3:826c0240 [ 3824.961130][ T739] [<807b8324>] (tomoyo_path_number_perm) from [<807bccd0>] (tomoyo_file_ioctl+0x1c/0x20) [ 3824.961211][ T739] r9:00000003 r8:854fe6c0 r7:00000001 r6:00000001 r5:00004c80 r4:854fe6c0 [ 3824.961231][ T739] [<807bccb4>] (tomoyo_file_ioctl) from [<8076a70c>] (security_file_ioctl+0x64/0x1e4) [ 3824.961297][ T739] [<8076a6a8>] (security_file_ioctl) from [<8056b32c>] (sys_ioctl+0x4c/0xd84) [ 3824.961374][ T739] r7:00000001 r6:854fe6c1 r5:00000000 r4:00004c80 [ 3824.961399][ T739] [<8056b2e0>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3824.961487][ T739] Exception stack(0xee201fa8 to 0xee201ff0) [ 3824.961536][ T739] 1fa0: 00000000 00000000 00000003 00004c80 00000001 00000000 [ 3824.961581][ T739] 1fc0: 00000000 00000000 0012fee0 00000036 002d0000 00000000 00006364 76b140bc [ 3824.961614][ T739] 1fe0: 76b13ec0 76b13eb0 0001939c 00131f30 [ 3824.961658][ T739] r10:00000036 r9:84170000 r8:8020029c r7:00000036 r6:0012fee0 r5:00000000 [ 3824.961682][ T739] r4:00000000 [ 3824.992532][ T739] ERROR: Out of memory at tomoyo_realpath_from_path. [ 3825.482089][ T31] audit: type=1400 audit(134221553.464:591): avc: denied { lock } for pid=748 comm="syz.1.6430" path="socket:[69144]" dev="sockfs" ino=69144 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 3825.862703][ T760] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 3825.867916][ T761] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 3826.786875][ T31] audit: type=1400 audit(134221554.764:592): avc: denied { map } for pid=775 comm="syz.0.6436" path="/dev/vcs" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 3826.788838][ T31] audit: type=1400 audit(134221554.764:593): avc: denied { execute } for pid=775 comm="syz.0.6436" path="/dev/vcs" dev="devtmpfs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 3833.130072][ T818] FAULT_INJECTION: forcing a failure. [ 3833.130072][ T818] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3833.130370][ T818] CPU: 0 UID: 0 PID: 818 Comm: syz.1.6443 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3833.130428][ T818] Hardware name: ARM-Versatile Express [ 3833.130442][ T818] Call trace: [ 3833.130493][ T818] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3833.130554][ T818] r7:00000000 r6:00000000 r5:60000113 r4:82257d0c [ 3833.130564][ T818] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3833.130594][ T818] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3833.130625][ T818] r5:83b03000 r4:8291bd14 [ 3833.130633][ T818] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3833.130664][ T818] [<8095f454>] (should_fail_ex) from [<8052571c>] (should_fail_alloc_page+0x68/0x74) [ 3833.130704][ T818] r8:00000001 r7:00000000 r6:00000000 r5:00000cc0 r4:ee505d70 [ 3833.130713][ T818] [<805256b4>] (should_fail_alloc_page) from [<804f445c>] (prepare_alloc_pages.constprop.0+0x94/0x1b4) [ 3833.130744][ T818] [<804f43c8>] (prepare_alloc_pages.constprop.0) from [<804fc3a0>] (__alloc_frozen_pages_noprof+0xb8/0x1138) [ 3833.130784][ T818] r10:854f0500 r9:00000000 r8:00000cc0 r7:8516a534 r6:837b9880 r5:837cf730 [ 3833.130797][ T818] r4:00000000 r3:ee505d70 [ 3833.130805][ T818] [<804fc2e8>] (__alloc_frozen_pages_noprof) from [<804fd508>] (get_free_pages_noprof+0x1c/0x74) [ 3833.130844][ T818] r10:854f0500 r9:00000500 r8:854f0504 r7:8516a534 r6:837b9880 r5:837cf730 [ 3833.130854][ T818] r4:8516a51c [ 3833.130862][ T818] [<804fd4ec>] (get_free_pages_noprof) from [<8079033c>] (inode_doinit_with_dentry+0x234/0x4a0) [ 3833.130895][ T818] [<80790108>] (inode_doinit_with_dentry) from [<80790640>] (sb_finish_set_opts+0x98/0x334) [ 3833.130934][ T818] r10:854f0500 r9:837cf730 r8:837b9880 r7:854f0530 r6:00000500 r5:822667f0 [ 3833.130944][ T818] r4:854f0504 [ 3833.130952][ T818] [<807905a8>] (sb_finish_set_opts) from [<80793fdc>] (selinux_set_mnt_opts+0x6ac/0x730) [ 3833.130991][ T818] r10:854f0500 r9:00000000 r8:8516a51c r7:854f0514 r6:824683fc r5:84331800 [ 3833.131003][ T818] r4:854f0504 [ 3833.131010][ T818] [<80793930>] (selinux_set_mnt_opts) from [<8076f980>] (security_sb_set_mnt_opts+0x5c/0x80) [ 3833.131053][ T818] r10:8245f068 r9:84331800 r8:00000000 r7:00000000 r6:00000000 r5:80793930 [ 3833.131063][ T818] r4:8245f068 [ 3833.131071][ T818] [<8076f924>] (security_sb_set_mnt_opts) from [<80554974>] (vfs_get_tree+0x70/0x108) [ 3833.131112][ T818] r10:85481cc0 r9:854aff80 r8:00000000 r7:85481cc1 r6:854aff80 r5:00000000 [ 3833.131124][ T818] r4:84331800 r3:00000000 [ 3833.131132][ T818] [<80554904>] (vfs_get_tree) from [<805a3dcc>] (vfs_cmd_create+0x54/0xb8) [ 3833.131165][ T818] r6:854aff84 r5:854aff80 r4:00000000 [ 3833.131174][ T818] [<805a3d78>] (vfs_cmd_create) from [<805a44fc>] (sys_fsconfig+0x424/0x518) [ 3833.131204][ T818] r7:85481cc1 r6:854aff84 r5:00000000 r4:00000006 [ 3833.131213][ T818] [<805a40d8>] (sys_fsconfig) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3833.131240][ T818] Exception stack(0xee505fa8 to 0xee505ff0) [ 3833.131261][ T818] 5fa0: 00000000 00000000 00000005 00000006 00000000 00000000 [ 3833.131280][ T818] 5fc0: 00000000 00000000 0012fee0 000001af 002d0000 00000000 00006364 76ad20bc [ 3833.131295][ T818] 5fe0: 76ad1ec0 76ad1eb0 0001939c 00131f30 [ 3833.131315][ T818] r10:000001af r9:83b03000 r8:8020029c r7:000001af r6:0012fee0 r5:00000000 [ 3833.131326][ T818] r4:00000000 [ 3835.508681][T13818] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 3835.682185][T13818] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 3835.682451][T13818] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3835.682631][T13818] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3835.682750][T13818] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 3835.748807][T13818] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 3835.749042][T13818] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 3835.749215][T13818] usb 1-1: Manufacturer: syz [ 3835.753114][T13818] usb 1-1: config 0 descriptor?? [ 3836.259754][T13818] appleir 0003:05AC:8243.0044: unknown main item tag 0x0 [ 3836.261089][T13818] appleir 0003:05AC:8243.0044: No inputs registered, leaving [ 3836.265082][T13818] appleir 0003:05AC:8243.0044: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 3837.152126][ T847] FAULT_INJECTION: forcing a failure. [ 3837.152126][ T847] name failslab, interval 1, probability 0, space 0, times 0 [ 3837.159071][ T847] CPU: 0 UID: 0 PID: 847 Comm: syz.0.6448 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3837.159167][ T847] Hardware name: ARM-Versatile Express [ 3837.159183][ T847] Call trace: [ 3837.159205][ T847] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3837.159264][ T847] r7:00000d40 r6:00000000 r5:60000113 r4:82257d0c [ 3837.159274][ T847] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3837.159302][ T847] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3837.159334][ T847] r5:838b0000 r4:8291bcc0 [ 3837.159342][ T847] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3837.159373][ T847] [<8095f454>] (should_fail_ex) from [<8052568c>] (should_failslab+0x6c/0x94) [ 3837.159411][ T847] r8:838b0000 r7:00000d40 r6:854817a8 r5:00000023 r4:83001240 [ 3837.159419][ T847] [<80525620>] (should_failslab) from [<8050a480>] (__kmalloc_noprof+0x9c/0x458) [ 3837.159448][ T847] [<8050a3e4>] (__kmalloc_noprof) from [<807bc1b4>] (tomoyo_encode2+0x64/0xf0) [ 3837.159499][ T847] r10:00000fff r9:8309e800 r8:00000000 r7:837b94c8 r6:854817a8 r5:8440effc [ 3837.159510][ T847] r4:8440efe4 [ 3837.159518][ T847] [<807bc150>] (tomoyo_encode2) from [<807bc264>] (tomoyo_encode+0x24/0x30) [ 3837.159554][ T847] r9:8309e800 r8:00000000 r7:837b94c8 r6:854817a8 r5:00001000 r4:8440efe5 [ 3837.159563][ T847] [<807bc240>] (tomoyo_encode) from [<807bc2f0>] (tomoyo_realpath_from_path+0x80/0x17c) [ 3837.159593][ T847] r5:00001000 r4:8440e000 [ 3837.159600][ T847] [<807bc270>] (tomoyo_realpath_from_path) from [<807b83f0>] (tomoyo_path_number_perm+0xcc/0x22c) [ 3837.159638][ T847] r10:838b0000 r9:00000000 r8:85481780 r7:400c4807 r6:00000004 r5:81cd56c4 [ 3837.159649][ T847] r4:854817a8 r3:826c0240 [ 3837.159657][ T847] [<807b8324>] (tomoyo_path_number_perm) from [<807bccd0>] (tomoyo_file_ioctl+0x1c/0x20) [ 3837.159693][ T847] r9:00000004 r8:85481780 r7:20000000 r6:20000000 r5:400c4807 r4:85481780 [ 3837.159702][ T847] [<807bccb4>] (tomoyo_file_ioctl) from [<8076a70c>] (security_file_ioctl+0x64/0x1e4) [ 3837.159733][ T847] [<8076a6a8>] (security_file_ioctl) from [<8056b32c>] (sys_ioctl+0x4c/0xd84) [ 3837.159765][ T847] r7:20000000 r6:85481781 r5:00000000 r4:400c4807 [ 3837.159775][ T847] [<8056b2e0>] (sys_ioctl) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3837.159800][ T847] Exception stack(0xee621fa8 to 0xee621ff0) [ 3837.159821][ T847] 1fa0: 00000000 00000000 00000004 400c4807 20000000 00000000 [ 3837.159839][ T847] 1fc0: 00000000 00000000 0012fee0 00000036 002d0000 00000000 00006364 76bb20bc [ 3837.159853][ T847] 1fe0: 76bb1ec0 76bb1eb0 0001939c 00131f30 [ 3837.159873][ T847] r10:00000036 r9:838b0000 r8:8020029c r7:00000036 r6:0012fee0 r5:00000000 [ 3837.159883][ T847] r4:00000000 [ 3837.258960][ T847] ERROR: Out of memory at tomoyo_realpath_from_path. [ 3838.401063][ T31] audit: type=1326 audit(134221566.384:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=845 comm="syz.1.6452" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3838.860487][ T6883] usb 1-1: USB disconnect, device number 15 [ 3843.789964][ T881] FAULT_INJECTION: forcing a failure. [ 3843.789964][ T881] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3843.790262][ T881] CPU: 1 UID: 0 PID: 881 Comm: syz.0.6457 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3843.790311][ T881] Hardware name: ARM-Versatile Express [ 3843.790326][ T881] Call trace: [ 3843.790349][ T881] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3843.790408][ T881] r7:00000000 r6:00000000 r5:60000013 r4:82257d0c [ 3843.790419][ T881] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3843.790449][ T881] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3843.790565][ T881] r5:8416ec00 r4:82951710 [ 3843.790608][ T881] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3843.790653][ T881] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3843.790706][ T881] r8:76bd2f30 r7:00000000 r6:00000000 r5:ee6f1f68 r4:00000002 [ 3843.790717][ T881] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3843.790803][ T881] [<8095f694>] (should_fail_usercopy) from [<8058cc58>] (simple_read_from_buffer+0x80/0x13c) [ 3843.790882][ T881] [<8058cbd8>] (simple_read_from_buffer) from [<806041f0>] (proc_fail_nth_read+0xb8/0x100) [ 3843.791003][ T881] r10:00000001 r9:80604138 r8:00000002 r7:ee6f1f68 r6:0000000f r5:76bd2f30 [ 3843.791024][ T881] r4:8416ec00 r3:ee6f1e9f [ 3843.791032][ T881] [<80604138>] (proc_fail_nth_read) from [<805517a0>] (vfs_read+0x98/0x320) [ 3843.791089][ T881] r8:76bd2f30 r7:ee6f1f68 r6:8416ec00 r5:0000000f r4:854fe780 [ 3843.791188][ T881] [<80551708>] (vfs_read) from [<80552440>] (ksys_read+0x74/0xe4) [ 3843.791288][ T881] r10:00000003 r9:8416ec00 r8:8020029c r7:00000000 r6:00000000 r5:854fe780 [ 3843.791393][ T881] r4:854fe783 [ 3843.791471][ T881] [<805523cc>] (ksys_read) from [<805524c0>] (sys_read+0x10/0x14) [ 3843.791585][ T881] r7:00000003 r6:00000004 r5:76bd2f30 r4:0000000f [ 3843.791656][ T881] [<805524b0>] (sys_read) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3843.791747][ T881] Exception stack(0xee6f1fa8 to 0xee6f1ff0) [ 3843.791771][ T881] 1fa0: 0000000f 76bd2f30 00000004 76bd2f30 0000000f 00000000 [ 3843.791869][ T881] 1fc0: 0000000f 76bd2f30 00000004 00000003 002d0000 00000000 00006364 76bd30bc [ 3843.791972][ T881] 1fe0: 00000158 76bd2ed0 000d7d68 0012fe04 [ 3844.200441][ T883] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2816 sclass=netlink_route_socket pid=883 comm=syz.0.6458 [ 3847.062411][ T31] audit: type=1326 audit(134221575.044:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=886 comm="syz.0.6459" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3850.339188][T31145] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 3850.488631][T31145] usb 2-1: Using ep0 maxpacket: 8 [ 3850.493851][T31145] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 3850.494070][T31145] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 3850.494139][T31145] usb 2-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config [ 3850.494188][T31145] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 3850.494228][T31145] usb 2-1: config 250 has no interface number 0 [ 3850.512603][T31145] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 3850.512844][T31145] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 3850.512926][T31145] usb 2-1: Product: syz [ 3850.512968][T31145] usb 2-1: SerialNumber: syz [ 3850.548931][T31145] hub 2-1:250.228: bad descriptor, ignoring hub [ 3850.549183][T31145] hub 2-1:250.228: probe with driver hub failed with error -5 [ 3850.899196][T31145] usb 2-1: USB disconnect, device number 4 [ 3851.258867][T31145] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 3851.408919][T31145] usb 2-1: Using ep0 maxpacket: 8 [ 3851.419876][T31145] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 3851.420201][T31145] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 3851.420398][T31145] usb 2-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config [ 3851.420532][T31145] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 3851.420579][T31145] usb 2-1: config 250 has no interface number 0 [ 3851.428166][T31145] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 3851.428643][T31145] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 3851.428834][T31145] usb 2-1: Product: syz [ 3851.428904][T31145] usb 2-1: SerialNumber: syz [ 3851.449893][T31145] hub 2-1:250.228: bad descriptor, ignoring hub [ 3851.450155][T31145] hub 2-1:250.228: probe with driver hub failed with error -5 [ 3851.759261][ T6883] usb 2-1: USB disconnect, device number 5 [ 3851.803392][ T937] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2816 sclass=netlink_route_socket pid=937 comm=syz.1.6463 [ 3852.110642][ T947] sctp: [Deprecated]: syz.0.6464 (pid 947) Use of int in maxseg socket option. [ 3852.110642][ T947] Use struct sctp_assoc_value instead [ 3855.122276][ T997] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=261 sclass=netlink_audit_socket pid=997 comm=syz.1.6479 [ 3858.603113][ T1020] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2816 sclass=netlink_route_socket pid=1020 comm=syz.1.6487 [ 3860.201449][ T1040] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2816 sclass=netlink_route_socket pid=1040 comm=syz.0.6492 [ 3861.895381][ T31] audit: type=1400 audit(134221589.874:596): avc: denied { setattr } for pid=1054 comm="syz.1.6498" name="NFC_RAW" dev="sockfs" ino=69421 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 3861.926210][ T31] audit: type=1400 audit(134221589.884:597): avc: denied { accept } for pid=1054 comm="syz.1.6498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 3863.289152][T31145] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 3863.449187][T31145] usb 2-1: Using ep0 maxpacket: 8 [ 3863.461346][T31145] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 3863.461759][T31145] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 3863.461898][T31145] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 3863.461978][T31145] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3863.465615][T31145] usb 2-1: config 0 descriptor?? [ 3863.719016][ T1079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3863.721088][ T1079] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3864.818909][T31145] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 3865.054473][T13818] usb 2-1: USB disconnect, device number 6 [ 3866.438672][ T1118] FAULT_INJECTION: forcing a failure. [ 3866.438672][ T1118] name failslab, interval 1, probability 0, space 0, times 0 [ 3866.438938][ T1118] CPU: 1 UID: 0 PID: 1118 Comm: syz.1.6517 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3866.438973][ T1118] Hardware name: ARM-Versatile Express [ 3866.438986][ T1118] Call trace: [ 3866.439013][ T1118] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3866.439137][ T1118] r7:83afe000 r6:00000000 r5:60000113 r4:82257d0c [ 3866.439152][ T1118] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3866.439196][ T1118] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3866.439268][ T1118] r5:83afe000 r4:8291bcc0 [ 3866.439285][ T1118] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3866.439321][ T1118] [<8095f454>] (should_fail_ex) from [<8052568c>] (should_failslab+0x6c/0x94) [ 3866.439381][ T1118] r8:00000000 r7:83afe000 r6:00000cc0 r5:ffffffff r4:832ce240 [ 3866.439392][ T1118] [<80525620>] (should_failslab) from [<80509a90>] (kmem_cache_alloc_node_noprof+0x50/0x338) [ 3866.439423][ T1118] [<80509a40>] (kmem_cache_alloc_node_noprof) from [<81526ff8>] (__alloc_skb+0x138/0x160) [ 3866.439463][ T1118] r10:dff55d3c r9:00000000 r8:00000cc0 r7:00000000 r6:832ce240 r5:ffffffff [ 3866.439492][ T1118] r4:82806040 [ 3866.439514][ T1118] [<81526ec0>] (__alloc_skb) from [<8152f400>] (alloc_skb_with_frags+0x44/0x1ec) [ 3866.439552][ T1118] r8:802ce320 r7:dff55cc4 r6:00000000 r5:00001000 r4:00000000 [ 3866.439562][ T1118] [<8152f3bc>] (alloc_skb_with_frags) from [<8151fdec>] (sock_alloc_send_pskb+0x1f4/0x228) [ 3866.439613][ T1118] r10:dff55d3c r9:00000000 r8:802ce320 r7:dff55cc4 r6:83afe000 r5:7fffffff [ 3866.439641][ T1118] r4:84858000 [ 3866.439680][ T1118] [<8151fbf8>] (sock_alloc_send_pskb) from [<818d96e0>] (isotp_sendmsg+0x2ac/0x820) [ 3866.439725][ T1118] r10:dff55f20 r9:00000128 r8:dff55f30 r7:00000128 r6:84858000 r5:8485a000 [ 3866.439735][ T1118] r4:00000000 [ 3866.439743][ T1118] [<818d9434>] (isotp_sendmsg) from [<81519cbc>] (__sock_sendmsg+0x44/0x78) [ 3866.439808][ T1118] r10:00000000 r9:dff55dc4 r8:dff55dc4 r7:00000000 r6:84d50c80 r5:dff55f20 [ 3866.439843][ T1118] r4:00000000 [ 3866.439852][ T1118] [<81519c78>] (__sock_sendmsg) from [<8151a52c>] (____sys_sendmsg+0x298/0x2cc) [ 3866.439893][ T1118] r7:00000000 r6:84d50c80 r5:20004081 r4:dff55f20 [ 3866.439916][ T1118] [<8151a294>] (____sys_sendmsg) from [<8151c2cc>] (___sys_sendmsg+0x9c/0xd0) [ 3866.439986][ T1118] r10:dff55e24 r9:200002c0 r8:20004081 r7:00000000 r6:84d50c80 r5:dff55f20 [ 3866.440026][ T1118] r4:00000000 [ 3866.440037][ T1118] [<8151c230>] (___sys_sendmsg) from [<8151c75c>] (__sys_sendmsg+0x8c/0xd8) [ 3866.440103][ T1118] r10:00000128 r9:83afe000 r8:854fe600 r7:20004081 r6:200002c0 r5:854fe601 [ 3866.440115][ T1118] r4:00000003 [ 3866.440123][ T1118] [<8151c6d0>] (__sys_sendmsg) from [<8151c7bc>] (sys_sendmsg+0x14/0x18) [ 3866.440172][ T1118] r8:8020029c r7:00000128 r6:0012fee0 r5:00000000 r4:00000000 [ 3866.440182][ T1118] [<8151c7a8>] (sys_sendmsg) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3866.440210][ T1118] Exception stack(0xdff55fa8 to 0xdff55ff0) [ 3866.440260][ T1118] 5fa0: 00000000 00000000 00000003 200002c0 20004081 00000000 [ 3866.440282][ T1118] 5fc0: 00000000 00000000 0012fee0 00000128 002d0000 00000000 00006364 76af30bc [ 3866.440317][ T1118] 5fe0: 76af2ec0 76af2eb0 0001939c 00131f30 [ 3871.537026][ T1172] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=1172 comm=syz.1.6532 [ 3872.574284][ T1190] sctp: [Deprecated]: syz.0.6539 (pid 1190) Use of int in maxseg socket option. [ 3872.574284][ T1190] Use struct sctp_assoc_value instead [ 3874.762248][ T1204] FAULT_INJECTION: forcing a failure. [ 3874.762248][ T1204] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3874.763409][ T1204] CPU: 0 UID: 0 PID: 1204 Comm: syz.1.6542 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3874.763496][ T1204] Hardware name: ARM-Versatile Express [ 3874.763511][ T1204] Call trace: [ 3874.763532][ T1204] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3874.763593][ T1204] r7:00000000 r6:00000000 r5:60000013 r4:82257d0c [ 3874.763603][ T1204] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3874.763634][ T1204] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3874.763665][ T1204] r5:841f0c00 r4:82951710 [ 3874.763674][ T1204] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3874.763707][ T1204] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3874.763746][ T1204] r8:e010deb8 r7:00000000 r6:00000001 r5:76b13f30 r4:00000001 [ 3874.763756][ T1204] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3874.763784][ T1204] [<8095f694>] (should_fail_usercopy) from [<808b7810>] (kstrtouint_from_user+0x54/0x13c) [ 3874.763814][ T1204] [<808b77bc>] (kstrtouint_from_user) from [<80605630>] (proc_fail_nth_write+0x40/0xe8) [ 3874.763852][ T1204] r8:e010df68 r7:841f0c00 r6:00000001 r5:85481f00 r4:00000001 [ 3874.763862][ T1204] [<806055f0>] (proc_fail_nth_write) from [<80552030>] (vfs_write+0xac/0x448) [ 3874.763896][ T1204] r5:85481f00 r4:806055f0 [ 3874.763904][ T1204] [<80551f84>] (vfs_write) from [<80552538>] (ksys_write+0x74/0xe4) [ 3874.763939][ T1204] r10:00000004 r9:841f0c00 r8:8020029c r7:00000000 r6:00000002 r5:85481f00 [ 3874.763951][ T1204] r4:85481f03 [ 3874.763959][ T1204] [<805524c4>] (ksys_write) from [<805525b8>] (sys_write+0x10/0x14) [ 3874.763991][ T1204] r7:00000004 r6:00000004 r5:76b13f30 r4:00000001 [ 3874.764000][ T1204] [<805525a8>] (sys_write) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3874.764028][ T1204] Exception stack(0xe010dfa8 to 0xe010dff0) [ 3874.764050][ T1204] dfa0: 00000001 76b13f30 00000004 76b13f30 00000001 00000000 [ 3874.764069][ T1204] dfc0: 00000001 76b13f30 00000004 00000004 002d0000 00000000 00006364 76b140bc [ 3874.764084][ T1204] dfe0: 00000158 76b13ed0 000d7d68 0012fecc [ 3878.043521][ T31] audit: type=1400 audit(134221606.024:598): avc: denied { lock } for pid=1235 comm="syz.1.6554" path="socket:[69629]" dev="sockfs" ino=69629 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 3878.232612][ T1241] FAULT_INJECTION: forcing a failure. [ 3878.232612][ T1241] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3878.232938][ T1241] CPU: 0 UID: 0 PID: 1241 Comm: syz.0.6553 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3878.232980][ T1241] Hardware name: ARM-Versatile Express [ 3878.232995][ T1241] Call trace: [ 3878.233017][ T1241] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3878.233074][ T1241] r7:00000000 r6:00000000 r5:60000013 r4:82257d0c [ 3878.233085][ T1241] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3878.233114][ T1241] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3878.233143][ T1241] r5:83af9800 r4:82951710 [ 3878.233151][ T1241] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3878.233182][ T1241] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3878.233215][ T1241] r8:76bd2f30 r7:00000000 r6:00000000 r5:e050df68 r4:00000002 [ 3878.233223][ T1241] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3878.233249][ T1241] [<8095f694>] (should_fail_usercopy) from [<8058cc58>] (simple_read_from_buffer+0x80/0x13c) [ 3878.233279][ T1241] [<8058cbd8>] (simple_read_from_buffer) from [<806041f0>] (proc_fail_nth_read+0xb8/0x100) [ 3878.233317][ T1241] r10:00000001 r9:80604138 r8:00000002 r7:e050df68 r6:0000000f r5:76bd2f30 [ 3878.233329][ T1241] r4:83af9800 r3:e050de9f [ 3878.233337][ T1241] [<80604138>] (proc_fail_nth_read) from [<805517a0>] (vfs_read+0x98/0x320) [ 3878.233372][ T1241] r8:76bd2f30 r7:e050df68 r6:83af9800 r5:0000000f r4:854810c0 [ 3878.233381][ T1241] [<80551708>] (vfs_read) from [<80552440>] (ksys_read+0x74/0xe4) [ 3878.233415][ T1241] r10:00000003 r9:83af9800 r8:8020029c r7:00000000 r6:00000000 r5:854810c0 [ 3878.233425][ T1241] r4:854810c3 [ 3878.233432][ T1241] [<805523cc>] (ksys_read) from [<805524c0>] (sys_read+0x10/0x14) [ 3878.233507][ T1241] r7:00000003 r6:00000004 r5:76bd2f30 r4:0000000f [ 3878.233518][ T1241] [<805524b0>] (sys_read) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3878.233546][ T1241] Exception stack(0xe050dfa8 to 0xe050dff0) [ 3878.233568][ T1241] dfa0: 0000000f 76bd2f30 00000004 76bd2f30 0000000f 00000000 [ 3878.233587][ T1241] dfc0: 0000000f 76bd2f30 00000004 00000003 002d0000 00000000 00006364 76bd30bc [ 3878.233601][ T1241] dfe0: 00000158 76bd2ed0 000d7d68 0012fe04 [ 3881.790268][ T1274] FAULT_INJECTION: forcing a failure. [ 3881.790268][ T1274] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3881.790574][ T1274] CPU: 1 UID: 0 PID: 1274 Comm: syz.0.6569 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3881.790617][ T1274] Hardware name: ARM-Versatile Express [ 3881.790634][ T1274] Call trace: [ 3881.790655][ T1274] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3881.790713][ T1274] r7:20001400 r6:00000000 r5:60000013 r4:82257d0c [ 3881.790724][ T1274] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3881.790753][ T1274] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3881.790783][ T1274] r5:84a3d400 r4:82951710 [ 3881.790791][ T1274] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3881.790823][ T1274] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3881.790857][ T1274] r8:00001f00 r7:20001400 r6:84859000 r5:00000000 r4:00001000 [ 3881.790865][ T1274] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3881.790891][ T1274] [<8095f694>] (should_fail_usercopy) from [<808aeb9c>] (_copy_from_iter+0x6c/0x7c8) [ 3881.791004][ T1274] [<808aeb30>] (_copy_from_iter) from [<808af400>] (copy_page_from_iter+0x108/0x144) [ 3881.791133][ T1274] r10:84859000 r9:82a70528 r8:00001000 r7:dde9bc84 r6:00007000 r5:00000000 [ 3881.791173][ T1274] r4:00001000 [ 3881.791262][ T1274] [<808af2f8>] (copy_page_from_iter) from [<8153649c>] (skb_copy_datagram_from_iter+0xc4/0x28c) [ 3881.791368][ T1274] r10:00000f00 r9:00000000 r8:00000f00 r7:00008000 r6:84b8af00 r5:00008f00 [ 3881.791465][ T1274] r4:00008000 [ 3881.791561][ T1274] [<815363d8>] (skb_copy_datagram_from_iter) from [<817ef7b0>] (unix_stream_sendmsg+0x1ac/0x644) [ 3881.791632][ T1274] r10:00000000 r9:e07f5f30 r8:e07f5f20 r7:00008000 r6:855b9200 r5:8470ea80 [ 3881.791696][ T1274] r4:00008f00 [ 3881.791718][ T1274] [<817ef604>] (unix_stream_sendmsg) from [<81519cbc>] (__sock_sendmsg+0x44/0x78) [ 3881.791792][ T1274] r10:00000000 r9:e07f5dc4 r8:e07f5dc4 r7:00000000 r6:84d50000 r5:e07f5f20 [ 3881.791823][ T1274] r4:00000000 [ 3881.791891][ T1274] [<81519c78>] (__sock_sendmsg) from [<8151a52c>] (____sys_sendmsg+0x298/0x2cc) [ 3881.791992][ T1274] r7:00000000 r6:84d50000 r5:00000000 r4:e07f5f20 [ 3881.792060][ T1274] [<8151a294>] (____sys_sendmsg) from [<8151c2cc>] (___sys_sendmsg+0x9c/0xd0) [ 3881.792135][ T1274] r10:e07f5e24 r9:200029c0 r8:00000000 r7:00000000 r6:84d50000 r5:e07f5f20 [ 3881.792188][ T1274] r4:00000000 [ 3881.792248][ T1274] [<8151c230>] (___sys_sendmsg) from [<8151c75c>] (__sys_sendmsg+0x8c/0xd8) [ 3881.792301][ T1274] r10:00000128 r9:84a3d400 r8:854fe600 r7:00000000 r6:200029c0 r5:854fe601 [ 3881.792341][ T1274] r4:00000005 [ 3881.792412][ T1274] [<8151c6d0>] (__sys_sendmsg) from [<8151c7bc>] (sys_sendmsg+0x14/0x18) [ 3881.792449][ T1274] r8:8020029c r7:00000128 r6:0012fee0 r5:00000000 r4:00000000 [ 3881.792465][ T1274] [<8151c7a8>] (sys_sendmsg) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3881.792560][ T1274] Exception stack(0xe07f5fa8 to 0xe07f5ff0) [ 3881.792628][ T1274] 5fa0: 00000000 00000000 00000005 200029c0 00000000 00000000 [ 3881.792740][ T1274] 5fc0: 00000000 00000000 0012fee0 00000128 002d0000 00000000 00006364 76bd30bc [ 3881.792844][ T1274] 5fe0: 76bd2ec0 76bd2eb0 0001939c 00131f30 [ 3886.060224][ T1290] FAULT_INJECTION: forcing a failure. [ 3886.060224][ T1290] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3886.061218][ T1290] CPU: 0 UID: 0 PID: 1290 Comm: syz.0.6575 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3886.061284][ T1290] Hardware name: ARM-Versatile Express [ 3886.061297][ T1290] Call trace: [ 3886.061318][ T1290] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3886.061377][ T1290] r7:837d7900 r6:00000000 r5:60000013 r4:82257d0c [ 3886.061387][ T1290] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3886.061416][ T1290] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3886.061445][ T1290] r5:84a3c800 r4:82951710 [ 3886.061453][ T1290] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3886.061524][ T1290] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3886.061559][ T1290] r8:00000000 r7:837d7900 r6:00000021 r5:00000084 r4:00000000 [ 3886.061568][ T1290] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3886.061594][ T1290] [<8095f694>] (should_fail_usercopy) from [<8151a1a0>] (do_sock_getsockopt+0x1a8/0x29c) [ 3886.061631][ T1290] [<81519ff8>] (do_sock_getsockopt) from [<8151beac>] (__sys_getsockopt+0x94/0xcc) [ 3886.061666][ T1290] r9:84a3c800 r8:85481480 r7:e89cdf50 r6:00000021 r5:e89cdf58 r4:85481481 [ 3886.061675][ T1290] [<8151be18>] (__sys_getsockopt) from [<8151bf00>] (sys_getsockopt+0x1c/0x24) [ 3886.061707][ T1290] r8:8020029c r7:00000127 r6:0012fee0 r5:00000000 r4:200009c0 [ 3886.061715][ T1290] [<8151bee4>] (sys_getsockopt) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3886.061741][ T1290] Exception stack(0xe89cdfa8 to 0xe89cdff0) [ 3886.061760][ T1290] dfa0: 200009c0 00000000 00000003 00000084 00000021 20000980 [ 3886.061778][ T1290] dfc0: 200009c0 00000000 0012fee0 00000127 002d0000 00000000 00006364 76bd30bc [ 3886.061793][ T1290] dfe0: 76bd2ec0 76bd2eb0 0001939c 00131f30 [ 3886.386781][ T31] audit: type=1326 audit(134221614.364:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1283 comm="syz.1.6574" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3889.315467][ T1304] sctp: [Deprecated]: syz.0.6580 (pid 1304) Use of int in max_burst socket option deprecated. [ 3889.315467][ T1304] Use struct sctp_assoc_value instead [ 3890.001066][ T1300] FAULT_INJECTION: forcing a failure. [ 3890.001066][ T1300] name failslab, interval 1, probability 0, space 0, times 0 [ 3890.019547][ T1300] CPU: 0 UID: 0 PID: 1300 Comm: syz.1.6579 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3890.019661][ T1300] Hardware name: ARM-Versatile Express [ 3890.019692][ T1300] Call trace: [ 3890.019735][ T1300] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3890.019843][ T1300] r7:00100cc0 r6:00000000 r5:60000013 r4:82257d0c [ 3890.019862][ T1300] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3890.019919][ T1300] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3890.019977][ T1300] r5:84a3ec00 r4:8291bcc0 [ 3890.019994][ T1300] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3890.020058][ T1300] [<8095f454>] (should_fail_ex) from [<8052568c>] (should_failslab+0x6c/0x94) [ 3890.020134][ T1300] r8:00100cc0 r7:00100cc0 r6:00000000 r5:83001240 r4:00000011 [ 3890.020154][ T1300] [<80525620>] (should_failslab) from [<80508c60>] (__kvmalloc_node_noprof+0xe0/0x59c) [ 3890.020211][ T1300] [<80508b80>] (__kvmalloc_node_noprof) from [<804a58e0>] (vmemdup_user+0x28/0x16c) [ 3890.020282][ T1300] r10:000000e2 r9:84a3ec00 r8:20000100 r7:20000100 r6:00000000 r5:20000040 [ 3890.020308][ T1300] r4:00000011 [ 3890.020323][ T1300] [<804a58b8>] (vmemdup_user) from [<8058a72c>] (setxattr_copy+0x58/0x90) [ 3890.020406][ T1300] r9:84a3ec00 r8:20000100 r7:ffffff9c r6:00000000 r5:20000040 r4:e07f1e40 [ 3890.020425][ T1300] [<8058a6d4>] (setxattr_copy) from [<8058a938>] (path_setxattrat+0x7c/0x17c) [ 3890.020482][ T1300] r5:20000040 r4:20000080 [ 3890.020499][ T1300] [<8058a8bc>] (path_setxattrat) from [<8058abc4>] (sys_setxattr+0x34/0x3c) [ 3890.020561][ T1300] r8:8020029c r7:000000e2 r6:0012fee0 r5:00000000 r4:20000080 [ 3890.020579][ T1300] [<8058ab90>] (sys_setxattr) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3890.020630][ T1300] Exception stack(0xe07f1fa8 to 0xe07f1ff0) [ 3890.020675][ T1300] 1fa0: 00000002 00000000 20000040 20000080 20000100 00000011 [ 3890.020711][ T1300] 1fc0: 00000002 00000000 0012fee0 000000e2 002d0000 00000000 00006364 76b140bc [ 3890.020740][ T1300] 1fe0: 76b13ec0 76b13eb0 0001939c 00131f30 [ 3890.020764][ T1300] r4:00000002 [ 3893.620379][ T31] audit: type=1326 audit(134221621.604:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1323 comm="syz.1.6588" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3897.627737][ T1339] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1339 comm=syz.1.6594 [ 3900.543497][ T31] audit: type=1326 audit(134221628.524:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1346 comm="syz.1.6597" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3904.849265][ T31] audit: type=1326 audit(134221632.834:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1368 comm="syz.1.6603" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3906.973420][ T1381] FAULT_INJECTION: forcing a failure. [ 3906.973420][ T1381] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3906.973716][ T1381] CPU: 1 UID: 0 PID: 1381 Comm: syz.1.6605 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3906.973774][ T1381] Hardware name: ARM-Versatile Express [ 3906.973789][ T1381] Call trace: [ 3906.973810][ T1381] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3906.973891][ T1381] r7:00000000 r6:00000000 r5:60000013 r4:82257d0c [ 3906.973951][ T1381] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3906.973995][ T1381] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3906.974036][ T1381] r5:838b0000 r4:82951710 [ 3906.974091][ T1381] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3906.974151][ T1381] [<8095f454>] (should_fail_ex) from [<8095f690>] (should_fail+0x14/0x18) [ 3906.974234][ T1381] r8:76b13f30 r7:00000000 r6:00000000 r5:dfc3df68 r4:00000002 [ 3906.974323][ T1381] [<8095f67c>] (should_fail) from [<8095f6b0>] (should_fail_usercopy+0x1c/0x20) [ 3906.974395][ T1381] [<8095f694>] (should_fail_usercopy) from [<8058cc58>] (simple_read_from_buffer+0x80/0x13c) [ 3906.974428][ T1381] [<8058cbd8>] (simple_read_from_buffer) from [<806041f0>] (proc_fail_nth_read+0xb8/0x100) [ 3906.974520][ T1381] r10:00000001 r9:80604138 r8:00000002 r7:dfc3df68 r6:0000000f r5:76b13f30 [ 3906.974582][ T1381] r4:838b0000 r3:dfc3de9f [ 3906.974623][ T1381] [<80604138>] (proc_fail_nth_read) from [<805517a0>] (vfs_read+0x98/0x320) [ 3906.974709][ T1381] r8:76b13f30 r7:dfc3df68 r6:838b0000 r5:0000000f r4:854fe000 [ 3906.974803][ T1381] [<80551708>] (vfs_read) from [<80552440>] (ksys_read+0x74/0xe4) [ 3906.974887][ T1381] r10:00000003 r9:838b0000 r8:8020029c r7:00000000 r6:00000000 r5:854fe000 [ 3906.974908][ T1381] r4:854fe003 [ 3906.974917][ T1381] [<805523cc>] (ksys_read) from [<805524c0>] (sys_read+0x10/0x14) [ 3906.975046][ T1381] r7:00000003 r6:00000005 r5:76b13f30 r4:0000000f [ 3906.975141][ T1381] [<805524b0>] (sys_read) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3906.975239][ T1381] Exception stack(0xdfc3dfa8 to 0xdfc3dff0) [ 3906.975306][ T1381] dfa0: 0000000f 76b13f30 00000005 76b13f30 0000000f 00000000 [ 3906.975409][ T1381] dfc0: 0000000f 76b13f30 00000005 00000003 002d0000 00000000 00006364 76b140bc [ 3906.975463][ T1381] dfe0: 00000158 76b13ed0 000d7d68 0012fe04 [ 3909.311837][ T31] audit: type=1326 audit(134221637.294:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1395 comm="syz.0.6610" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3912.762182][ C0] vcan0: j1939_tp_rxtimer: 0x857f6000: rx timeout, send abort [ 3913.262991][ C0] vcan0: j1939_tp_rxtimer: 0x857f6000: abort rx timeout. Force session deactivation [ 3915.100939][ T31] audit: type=1326 audit(134221643.084:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1418 comm="syz.1.6619" exe="/syz-executor" sig=9 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x0 [ 3921.835723][ T1454] FAULT_INJECTION: forcing a failure. [ 3921.835723][ T1454] name failslab, interval 1, probability 0, space 0, times 0 [ 3921.836082][ T1454] CPU: 0 UID: 0 PID: 1454 Comm: syz.1.6628 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 3921.836148][ T1454] Hardware name: ARM-Versatile Express [ 3921.836165][ T1454] Call trace: [ 3921.836187][ T1454] [<802019e4>] (dump_backtrace) from [<80201ae0>] (show_stack+0x18/0x1c) [ 3921.836246][ T1454] r7:83ad6c00 r6:00000000 r5:60000013 r4:82257d0c [ 3921.836257][ T1454] [<80201ac8>] (show_stack) from [<8022003c>] (dump_stack_lvl+0x70/0x7c) [ 3921.836286][ T1454] [<8021ffcc>] (dump_stack_lvl) from [<80220060>] (dump_stack+0x18/0x1c) [ 3921.836317][ T1454] r5:83ad6c00 r4:8291bcc0 [ 3921.836326][ T1454] [<80220048>] (dump_stack) from [<8095f618>] (should_fail_ex+0x1c4/0x228) [ 3921.836358][ T1454] [<8095f454>] (should_fail_ex) from [<8052568c>] (should_failslab+0x6c/0x94) [ 3921.836501][ T1454] r8:00000000 r7:83ad6c00 r6:00000cc0 r5:200000c0 r4:830a8a80 [ 3921.836572][ T1454] [<80525620>] (should_failslab) from [<8050a0fc>] (kmem_cache_alloc_noprof+0x4c/0x334) [ 3921.836645][ T1454] [<8050a0b0>] (kmem_cache_alloc_noprof) from [<80560b4c>] (getname_flags.part.0+0x28/0x18c) [ 3921.836738][ T1454] r10:0000003d r9:83ad6c00 r8:8020029c r7:00000003 r6:8245d848 r5:200000c0 [ 3921.836763][ T1454] r4:200000c0 [ 3921.836782][ T1454] [<80560b24>] (getname_flags.part.0) from [<80565c34>] (getname_flags+0x3c/0x50) [ 3921.836892][ T1454] r9:83ad6c00 r8:8020029c r7:00000002 r6:ffffff9c r5:00000003 r4:200000c0 [ 3921.836957][ T1454] [<80565bf8>] (getname_flags) from [<805661ec>] (user_path_at+0x2c/0x64) [ 3921.837114][ T1454] r5:00000003 r4:dfe59f7c [ 3921.837163][ T1454] [<805661c0>] (user_path_at) from [<8054d6e8>] (sys_chroot+0x48/0x104) [ 3921.837327][ T1454] r6:83ad6c00 r5:200000c0 r4:00000000 [ 3921.837394][ T1454] [<8054d6a0>] (sys_chroot) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 3921.837514][ T1454] Exception stack(0xdfe59fa8 to 0xdfe59ff0) [ 3921.837586][ T1454] 9fa0: 00000000 00000000 200000c0 00000000 00000000 00000000 [ 3921.837805][ T1454] 9fc0: 00000000 00000000 0012fee0 0000003d 002d0000 00000000 00006364 76b140bc [ 3921.837877][ T1454] 9fe0: 76b13ec0 76b13eb0 0001939c 00131f30 [ 3921.838000][ T1454] r7:0000003d r6:0012fee0 r5:00000000 r4:00000000 [ 3922.548879][ T11] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 3922.722472][ T11] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 3922.722693][ T11] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3922.722843][ T11] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3922.722975][ T11] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 3922.750615][ T11] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 3922.750817][ T11] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 3922.750958][ T11] usb 1-1: Manufacturer: syz [ 3922.753041][ T11] usb 1-1: config 0 descriptor?? [ 3923.261812][ T11] appleir 0003:05AC:8243.0045: unknown main item tag 0x0 [ 3923.262575][ T11] appleir 0003:05AC:8243.0045: No inputs registered, leaving [ 3923.266434][ T11] appleir 0003:05AC:8243.0045: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 3924.540051][ T1458] raw-gadget.0 gadget.0: fail, usb_ep_queue returned -108 [ 3924.610114][T16697] usb 1-1: reset high-speed USB device number 16 using dummy_hcd [ 3924.859277][ T6883] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 3925.037908][ T6883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3925.038339][ T6883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3925.039056][ T6883] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 3925.039153][ T6883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3925.044373][ T6883] usb 2-1: config 0 descriptor?? [ 3925.205537][ T1483] netlink: 'syz.0.6631': attribute type 1 has an invalid length. [ 3925.390018][T31145] usb 1-1: USB disconnect, device number 16 [ 3925.420298][ T1483] 8021q: adding VLAN 0 to HW filter on device bond1 [ 3925.449811][ T1483] ip6erspan0: entered promiscuous mode [ 3925.453644][ T1483] bond1: (slave ip6erspan0): making interface the new active one [ 3925.466077][ T1483] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 3925.470247][ T6883] hid-steam 0003:28DE:1142.0046: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 3925.549246][ T6883] hid-steam 0003:28DE:1142.0046: Steam wireless receiver connected [ 3925.570099][ T6883] hid-steam 0003:28DE:1142.0047: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 3925.681337][T31145] usb 2-1: USB disconnect, device number 7 [ 3925.683612][T31145] hid-steam 0003:28DE:1142.0046: Steam wireless receiver disconnected [ 3927.829986][ T11] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 3927.997037][ T11] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3927.998157][ T11] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3928.000963][ T11] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 3928.002912][ T11] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 3928.005291][ T11] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3928.011670][ T11] usb 1-1: config 0 descriptor?? [ 3928.522454][ T11] plantronics 0003:047F:FFFF.0048: No inputs registered, leaving [ 3928.540800][ T11] plantronics 0003:047F:FFFF.0048: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 3930.619930][ T6883] usb 1-1: USB disconnect, device number 17 [ 3930.627315][ T31] audit: type=1326 audit(134221658.604:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1658 comm="syz.0.6646" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x7ffc0000 [ 3930.768827][ T31] audit: type=1326 audit(134221658.734:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1658 comm="syz.0.6646" exe="/syz-executor" sig=0 arch=40000028 syscall=376 compat=0 ip=0x131f30 code=0x7ffc0000 [ 3930.859034][ T31] audit: type=1326 audit(134221658.834:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1658 comm="syz.0.6646" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x7ffc0000 [ 3930.859484][ T31] audit: type=1326 audit(134221658.834:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1658 comm="syz.0.6646" exe="/syz-executor" sig=0 arch=40000028 syscall=240 compat=0 ip=0x131f30 code=0x7ffc0000 [ 3931.989273][T31145] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 3932.332537][T31145] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3932.332866][T31145] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 3932.333041][T31145] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 3932.333132][T31145] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3932.336179][T31145] usb 1-1: config 0 descriptor?? [ 3932.624638][T31145] usb 1-1: USB disconnect, device number 18 [ 3936.808805][ T1705] input: syz0 as /devices/virtual/input/input62 [ 3940.041354][ T1737] netlink: 104 bytes leftover after parsing attributes in process `syz.1.6664'. [ 3940.069063][ T31] audit: type=1400 audit(134221668.024:609): avc: denied { nlmsg_read } for pid=1736 comm="syz.1.6664" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 3941.905509][ T1746] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6667'. [ 3943.619054][T16697] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 3943.782643][T16697] usb 1-1: config 0 has no interfaces? [ 3943.787697][T16697] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 3943.789999][T16697] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3943.791308][T16697] usb 1-1: Product: syz [ 3943.792816][T16697] usb 1-1: Manufacturer: syz [ 3943.794141][T16697] usb 1-1: SerialNumber: syz [ 3943.796934][T16697] usb 1-1: config 0 descriptor?? [ 3944.045223][ T1750] input: syz0 as /devices/virtual/input/input63 [ 3955.241989][ T1769] netlink: 136 bytes leftover after parsing attributes in process `syz.1.6673'. [ 3966.054987][T31145] usb 1-1: USB disconnect, device number 19 [ 3979.459142][T31145] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 3979.619880][T31145] usb 1-1: Using ep0 maxpacket: 8 [ 3979.669276][T31145] usb 1-1: config 5 has an invalid interface number: 162 but max is 0 [ 3979.669526][T31145] usb 1-1: config 5 has no interface number 0 [ 3979.669687][T31145] usb 1-1: config 5 interface 162 has no altsetting 0 [ 3979.675511][T31145] usb 1-1: New USB device found, idVendor=04e6, idProduct=0009, bcdDevice= 2.00 [ 3979.676132][T31145] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3979.676662][T31145] usb 1-1: Product: syz [ 3979.677015][T31145] usb 1-1: Manufacturer: syz [ 3979.677489][T31145] usb 1-1: SerialNumber: syz [ 3984.703777][T31145] usb-storage 1-1:5.162: USB Mass Storage device detected [ 3984.720358][T31145] usb-storage 1-1:5.162: This device (04e6,0009,0200 S 4b P 01) has an unneeded Protocol entry in unusual_devs.h (kernel 6.15.0-rc5-syzkaller) [ 3984.720358][T31145] Please send a copy of this message to and [ 3985.746399][ T1854] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6700'. [ 3987.858956][ T11] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 3987.859609][ C0] raw-gadget.1 gadget.1: ignoring, device is not running [ 3988.259349][ T11] usb 2-1: device descriptor read/64, error -32 [ 3988.508993][ T11] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 3990.798837][ T11] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 3990.799244][ T11] usb 2-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 3990.799443][ T11] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 3990.799572][ T11] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3992.367283][ T11] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 3992.393530][ T11] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 3997.902018][T13818] usb 2-1: USB disconnect, device number 9 [ 4008.279218][T16697] usb 1-1: USB disconnect, device number 20 [ 4009.349321][ T1915] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6710'. [ 4009.471588][ T1918] netlink: 128 bytes leftover after parsing attributes in process `syz.1.6711'. [ 4009.869185][T31145] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 4010.029179][T31145] usb 2-1: config 0 has no interfaces? [ 4010.052223][T31145] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 4010.053834][T31145] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 4010.054930][T31145] usb 2-1: Product: syz [ 4010.056598][T31145] usb 2-1: Manufacturer: syz [ 4010.060058][T31145] usb 2-1: SerialNumber: syz [ 4010.064969][T31145] usb 2-1: config 0 descriptor?? [ 4010.321025][T31145] usb 2-1: USB disconnect, device number 10 [ 4010.624096][ T1955] 8<--- cut here --- [ 4010.632932][ T1955] Unable to handle kernel NULL pointer dereference at virtual address 0000000e when read [ 4010.634284][ T1955] [0000000e] *pgd=852e1003, *pmd=df2bc003 [ 4010.636065][ T1955] Internal error: Oops: 205 [#1] SMP ARM [ 4010.636470][ T1955] Modules linked in: [ 4010.636803][ T1955] CPU: 1 UID: 0 PID: 1955 Comm: syz.0.6708 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT [ 4010.637006][ T1955] Hardware name: ARM-Versatile Express [ 4010.637560][ T1955] PC is at io_ring_buffers_peek+0x24/0x258 [ 4010.637765][ T1955] LR is at io_buffers_peek+0x68/0x8c [ 4010.637928][ T1955] pc : [<80889608>] lr : [<80889d4c>] psr: 20000013 [ 4010.638785][ T1955] sp : dfacdd90 ip : dfacddd8 fp : dfacddd4 [ 4010.639317][ T1955] r10: 00000060 r9 : 00000000 r8 : 84ae2180 [ 4010.639527][ T1955] r7 : 84821e0c r6 : 84821e00 r5 : dfacde14 r4 : 85757000 [ 4010.639807][ T1955] r3 : 00000001 r2 : 84821e0c r1 : dfacde14 r0 : 85757000 [ 4010.640093][ T1955] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none [ 4010.640341][ T1955] Control: 30c5387d Table: 85472e40 DAC: 00000000 [ 4010.640580][ T1955] Register r0 information: slab io_kiocb start 85757000 pointer offset 0 size 192 [ 4010.641442][ T1955] Register r1 information: 2-page vmalloc region starting at 0xdfacc000 allocated at kernel_clone+0xac/0x3e4 [ 4010.642085][ T1955] Register r2 information: slab kmalloc-256 start 84821e00 pointer offset 12 size 256 [ 4010.642453][ T1955] Register r3 information: non-paged memory [ 4010.642769][ T1955] Register r4 information: slab io_kiocb start 85757000 pointer offset 0 size 192 [ 4010.643158][ T1955] Register r5 information: 2-page vmalloc region starting at 0xdfacc000 allocated at kernel_clone+0xac/0x3e4 [ 4010.643491][ T1955] Register r6 information: slab kmalloc-256 start 84821e00 pointer offset 0 size 256 [ 4010.643825][ T1955] Register r7 information: slab kmalloc-256 start 84821e00 pointer offset 12 size 256 [ 4010.644151][ T1955] Register r8 information: slab kmalloc-64 start 84ae2180 pointer offset 0 size 64 [ 4010.644466][ T1955] Register r9 information: NULL pointer [ 4010.644655][ T1955] Register r10 information: non-paged memory [ 4010.644908][ T1955] Register r11 information: 2-page vmalloc region starting at 0xdfacc000 allocated at kernel_clone+0xac/0x3e4 [ 4010.645300][ T1955] Register r12 information: 2-page vmalloc region starting at 0xdfacc000 allocated at kernel_clone+0xac/0x3e4 [ 4010.645682][ T1955] Process syz.0.6708 (pid: 1955, stack limit = 0xdfacc000) [ 4010.646055][ T1955] Stack: (0xdfacdd90 to 0xdface000) [ 4010.646352][ T1955] dd80: 81a4c2d4 8030cb14 8446f100 00000001 [ 4010.646614][ T1955] dda0: 00010000 84821e0c 00000000 85757000 dfacde14 84821e00 84821e0c 00000000 [ 4010.646979][ T1955] ddc0: 80000001 00000060 dfacddec dfacddd8 80889d4c 808895f0 837dd900 85757000 [ 4010.647238][ T1955] dde0: dfacde54 dfacddf0 8089327c 80889cf0 00000000 dfacddd8 84821e00 40c14c76 [ 4010.647520][ T1955] de00: 00010001 00000001 8446f128 00000000 00000000 84821e0c 00000000 00000000 [ 4010.647796][ T1955] de20: 00010001 40c14c76 dfacde54 85757000 81cf0ca0 00000000 00000000 00000000 [ 4010.648080][ T1955] de40: 80000001 84175400 dfacde7c dfacde58 8088225c 80892fd4 85757000 80000001 [ 4010.648351][ T1955] de60: 0000001b 81cf0b5c 85477cc0 00000000 dfacdebc dfacde80 80886d2c 8088221c [ 4010.648663][ T1955] de80: 85757240 85757300 857573c0 81cf0ca0 85757540 8446f000 8575706c 85757000 [ 4010.649064][ T1955] dea0: 856e0000 00000000 00000000 84175400 dfacdf14 dfacdec0 80887844 80886cf0 [ 4010.649380][ T1955] dec0: 8088e2d4 81a554b0 00000000 00000000 00000800 00000800 81cf0b5c 00000800 [ 4010.649675][ T1955] dee0: 8446f000 40c14c76 85477600 00000042 8446f000 00003517 85477600 00000000 [ 4010.650033][ T1955] df00: 84175400 00000000 dfacdfa4 dfacdf18 808882ec 80887644 ecac8b10 8446f040 [ 4010.650336][ T1955] df20: 00000000 0000173d 81a50050 81a4ff20 dfacdf54 dfacdf40 8026b438 8029ce24 [ 4010.650604][ T1955] df40: dfacdfb0 40000000 dfacdf84 dfacdf58 802229dc 8026b3f4 00000000 8281d05c [ 4010.650912][ T1955] df60: dfacdfb0 0014c490 ecac8b10 80222930 00000000 40c14c76 dfacdfac 00000000 [ 4010.651234][ T1955] df80: 00000000 002e64d4 000001aa 8020029c 84175400 000001aa 00000000 dfacdfa8 [ 4010.651525][ T1955] dfa0: 80200060 808881c0 00000000 00000000 00000007 00003517 0000173d 00000042 [ 4010.651842][ T1955] dfc0: 00000000 00000000 002e64d4 000001aa 002d0000 00000000 00006364 76b3d0bc [ 4010.652118][ T1955] dfe0: 76b3cec0 76b3ceb0 0001939c 00131f30 60000010 00000007 00000000 00000000 [ 4010.652531][ T1955] Call trace: [ 4010.652757][ T1955] [<808895e4>] (io_ring_buffers_peek) from [<80889d4c>] (io_buffers_peek+0x68/0x8c) [ 4010.653094][ T1955] r10:00000060 r9:80000001 r8:00000000 r7:84821e0c r6:84821e00 r5:dfacde14 [ 4010.653526][ T1955] r4:85757000 [ 4010.653760][ T1955] [<80889ce4>] (io_buffers_peek) from [<8089327c>] (io_recv+0x2b4/0x46c) [ 4010.654169][ T1955] r5:85757000 r4:837dd900 [ 4010.654392][ T1955] [<80892fc8>] (io_recv) from [<8088225c>] (__io_issue_sqe+0x4c/0x1c0) [ 4010.654664][ T1955] r10:84175400 r9:80000001 r8:00000000 r7:00000000 r6:00000000 r5:81cf0ca0 [ 4010.654976][ T1955] r4:85757000 [ 4010.655140][ T1955] [<80882210>] (__io_issue_sqe) from [<80886d2c>] (io_issue_sqe+0x48/0x59c) [ 4010.655465][ T1955] r9:00000000 r8:85477cc0 r7:81cf0b5c r6:0000001b r5:80000001 r4:85757000 [ 4010.655754][ T1955] [<80886ce4>] (io_issue_sqe) from [<80887844>] (io_submit_sqes+0x20c/0x938) [ 4010.656043][ T1955] r10:84175400 r9:00000000 r8:00000000 r7:856e0000 r6:85757000 r5:8575706c [ 4010.656373][ T1955] r4:8446f000 [ 4010.656551][ T1955] [<80887638>] (io_submit_sqes) from [<808882ec>] (sys_io_uring_enter+0x138/0x780) [ 4010.656896][ T1955] r10:00000000 r9:84175400 r8:00000000 r7:85477600 r6:00003517 r5:8446f000 [ 4010.657146][ T1955] r4:00000042 [ 4010.657302][ T1955] [<808881b4>] (sys_io_uring_enter) from [<80200060>] (ret_fast_syscall+0x0/0x1c) [ 4010.657619][ T1955] Exception stack(0xdfacdfa8 to 0xdfacdff0) [ 4010.657817][ T1955] dfa0: 00000000 00000000 00000007 00003517 0000173d 00000042 [ 4010.658084][ T1955] dfc0: 00000000 00000000 002e64d4 000001aa 002d0000 00000000 00006364 76b3d0bc [ 4010.658344][ T1955] dfe0: 76b3cec0 76b3ceb0 0001939c 00131f30 [ 4010.658733][ T1955] r10:000001aa r9:84175400 r8:8020029c r7:000001aa r6:002e64d4 r5:00000000 [ 4010.659096][ T1955] r4:00000000 [ 4010.659450][ T1955] Code: e1a08002 e5912000 e50b2030 e1a05001 (e1d920be) [ 4010.660694][ T1955] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 4010.734756][ T1955] Kernel panic - not syncing: Fatal exception [ 4010.736502][ T1955] Rebooting in 86400 seconds.. VM DIAGNOSIS: 04:05:10 Registers: info registers vcpu 0 CPU#0 R00=828293f8 R01=00000000 R02=006bbbb1 R03=81a50888 R04=00000006 R05=828fac48 R06=00000000 R07=828fac40 R08=83b01800 R09=00000028 R10=828fac48 R11=df801984 R12=df801988 R13=df801978 R14=803480f4 R15=81a50898 PSR=60010093 -ZC- A S svc32 s00=880301a0 s01=00080002 d00=00080002880301a0 s02=00029003 s03=08848008 d01=0884800800029003 s04=00080001 s05=06011386 d02=0601138600080001 s06=00010800 s07=8392c008 d03=8392c00800010800 s08=80021884 s09=0112f201 d04=0112f20180021884 s10=00080606 s11=00010000 d05=0001000000080606 s12=8392ce08 s13=ff021885 d06=ff0218858392ce08 s14=03ffffff s15=06017980 d07=0601798003ffffff s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=800c0505 s33=80030804 d16=80030804800c0505 s34=09800437 s35=04379003 d17=0437900309800437 s36=a0030880 s37=08080037 d18=08080037a0030880 s38=0637a803 s39=00000c08 d19=00000c080637a803 s40=37b00300 s41=8e000800 d20=8e00080037b00300 s42=06060113 s43=00000a08 d21=00000a0806060113 s44=f2080001 s45=18828392 d22=18828392f2080001 s46=98378002 s47=0006016c d23=0006016c98378002 s48=00000001 s49=00000000 d24=0000000000000001 s50=00000000 s51=00000000 d25=0000000000000000 s52=a6577e47 s53=f90e4d83 d26=f90e4d83a6577e47 s54=c990be76 s55=c0b73574 d27=c0b73574c990be76 s56=5d7744e5 s57=e9aab7d3 d28=e9aab7d35d7744e5 s58=d05b08f1 s59=5b93332d d29=5b93332dd05b08f1 s60=6c9166d1 s61=aab80313 d30=aab803136c9166d1 s62=e147242a s63=c2adb194 d31=c2adb194e147242a FPSCR: 00000000 info registers vcpu 1 CPU#1 R00=84396c40 R01=0000000a R02=eb249000 R03=00000000 R04=838bc042 R05=84396c40 R06=80a62868 R07=838bc042 R08=8282a2b8 R09=00000000 R10=000049c2 R11=dfacd9cc R12=00000002 R13=dfacd9c0 R14=8295b2ec R15=80a628c0 PSR=80000093 N--- A S svc32 s00=00000000 s01=00000000 d00=0000000000000000 s02=00000000 s03=00000000 d01=0000000000000000 s04=00000000 s05=00000000 d02=0000000000000000 s06=00000000 s07=00000000 d03=0000000000000000 s08=00000000 s09=00000000 d04=0000000000000000 s10=00000000 s11=00000000 d05=0000000000000000 s12=00000000 s13=00000000 d06=0000000000000000 s14=00000000 s15=00000000 d07=0000000000000000 s16=00000000 s17=00000000 d08=0000000000000000 s18=00000000 s19=00000000 d09=0000000000000000 s20=00000000 s21=00000000 d10=0000000000000000 s22=00000000 s23=00000000 d11=0000000000000000 s24=00000000 s25=00000000 d12=0000000000000000 s26=00000000 s27=00000000 d13=0000000000000000 s28=00000000 s29=00000000 d14=0000000000000000 s30=00000000 s31=00000000 d15=0000000000000000 s32=00000000 s33=00000000 d16=0000000000000000 s34=00000000 s35=00000000 d17=0000000000000000 s36=00000000 s37=00000000 d18=0000000000000000 s38=00000000 s39=00000000 d19=0000000000000000 s40=00000000 s41=00000000 d20=0000000000000000 s42=00000000 s43=00000000 d21=0000000000000000 s44=00000000 s45=00000000 d22=0000000000000000 s46=00000000 s47=00000000 d23=0000000000000000 s48=00000000 s49=00000000 d24=0000000000000000 s50=00000000 s51=00000000 d25=0000000000000000 s52=00000000 s53=00000000 d26=0000000000000000 s54=00000000 s55=00000000 d27=0000000000000000 s56=00000000 s57=00000000 d28=0000000000000000 s58=00000000 s59=00000000 d29=0000000000000000 s60=00000000 s61=00000000 d30=0000000000000000 s62=00000000 s63=00000000 d31=0000000000000000 FPSCR: 00000000