last executing test programs: 3.270448558s ago: executing program 0 (id=6228): timer_create(0x3, &(0x7f0000000000)={0x0, 0x2f, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000040)=0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) timer_settime(r0, 0x1, &(0x7f00000000c0)={{r1, r2+60000000}}, &(0x7f0000000100)) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r4, 0x5450, 0x0) r5 = socket$can_j1939(0x1d, 0x2, 0x7) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_START_SCHED_SCAN(r6, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f00000012c0)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="000000000000000000004b0000000c0099000000000000000000"], 0x20}}, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r5, 0x8983, &(0x7f0000000e40)={0x2, 'pimreg0\x00', {0x3ff}, 0x3}) 3.038356318s ago: executing program 0 (id=6229): r0 = getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$audio1(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_CTL(r2, 0x5450, 0x0) r3 = syz_pidfd_open(r0, 0x0) r4 = pidfd_getfd(r3, r1, 0x0) sendmsg$NL80211_CMD_ASSOCIATE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x0, 0x700, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20008044}, 0x10) 2.810671336s ago: executing program 0 (id=6230): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) syz_open_dev$hidraw(&(0x7f0000000200), 0xa4f, 0x280) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="000020000f79eff46dd59eb16c3ad01cf00900000070b8bc7d576924f4640ebb485ac40602237c6f3946e4c40b6dd1e7"], 0x14}}, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = fcntl$dupfd(r2, 0x0, r1) sendmsg$NL80211_CMD_SET_MPATH(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x0) r4 = add_key(&(0x7f0000000080)='ceph\x00', &(0x7f00000000c0)={'syz', 0x0}, &(0x7f0000000100)="80e674516b37d0a5534a47fda72d949ba8ec42c1189acb8c459909dcd554b937692b46e0b6beed25a98f02b5501100948b35b1f0587e0730c1e4344982f86a1c352c5c5a71de83f3657b3fd3fbd311ce822a633d7752fb7489736ad29209d028e643e6c5feed0f08eceaf9bc6eb872eab925ae2d77c71ecee30f5fda423cc3183cbaa549c2fd220cadd59b5c535b8cc1ae1b7376ba1417096a0d36724a031e72061824791a485ee4e714faeb502a47056e0d642542362800e4e0e90f1e345913cfd5c68b461e91bbaea35dad66", 0xcd, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r4, r3, 0xb4) socket$can_j1939(0x1d, 0x2, 0x7) 2.650452703s ago: executing program 0 (id=6232): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000a40)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0x60, 0x1412, 0x8, 0x70bd2b, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x1}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x44081}, 0x8000) 2.510921569s ago: executing program 0 (id=6233): r0 = openat$mixer(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(0xffffffffffffffff, 0xc1004110, &(0x7f0000000100)={0x7fff, [0x792, 0x10001, 0x3], [{0x5d69a434, 0x100, 0x1, 0x0, 0x1}, {0x3, 0x10000, 0x0, 0x0, 0x1, 0x1}, {0x9, 0x0, 0x0, 0x0, 0x1}, {0x2, 0x4}, {0x13b7d2c9, 0x100}, {0x3, 0x1a3, 0x1, 0x1, 0x0, 0x1}, {0xfffffffe, 0x4, 0x0, 0x1, 0x0, 0x1}, {0x5e, 0xdecb, 0x0, 0x0, 0x0, 0x1}, {0x400, 0x3, 0x0, 0x1, 0x1, 0x1}, {0x0, 0x9, 0x1, 0x1, 0x1}, {0xffffffff, 0x8}, {0x9, 0x2, 0x1, 0x0, 0x1}], 0x6b}) openat$mixer(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/3\x00') ioctl$USBDEVFS_DISCSIGNAL(r1, 0x8008550e, &(0x7f0000000140)={0x0, 0x0}) r2 = syz_open_dev$vcsu(&(0x7f0000000000), 0x200094, 0x197b42) close(r2) close(0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) r3 = syz_open_dev$vcsn(&(0x7f0000000000), 0xb, 0x0) close(r3) ioctl$KDSKBENT(r3, 0x4b47, &(0x7f0000000040)={0x6, 0x7, 0xe}) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r4, 0x5452, &(0x7f00000009c0)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}}) ioctl$FS_IOC_FSGETXATTR(r3, 0x801c581f, &(0x7f0000000200)={0xfffffffd, 0x67, 0xff, 0xfffffff7, 0x7}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040), 0xf5, 0x0, &(0x7f0000000080)="3f0dcedf3de7412903de2e03ae3420b50bbe67f57dc177f171ef9042f0ff8b8ffd57ef22274823b41969fda8c0666b9a425c6aa9d15856edf686cd3d05d756dd5897ceaa046584348459d63663160666ae1fc0cf624e0200ea19a84cba31e666adc61fd594b3981aafd1c1d853a23c7fe1d820a3f3433492db06318a223ddec55b622acf214f7db249dfc976d6afd25bbd8b380f30a5abccf24687048cab881ba29e8c3122de7ccbf17a91fc613d52a14fb8c365c17525b568de4618f1188a6fe2eb5302278f46a22416258b0a291816bd9769736c67a648b97f10668e6debcc875d384f6075ac936b9eca6ba5bbcaa9b98fa06ac8"}) sendmsg$IPSET_CMD_HEADER(r2, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={&(0x7f0000001900)={0x14, 0xc, 0x6, 0x301, 0x0, 0x0, {0x7, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x8800}, 0x20000000) 2.331103156s ago: executing program 0 (id=6235): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x31) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = socket$kcm(0x29, 0x5, 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='\x00', 0x1100) dup3(r3, r4, 0x0) ioctl$TIOCSLCKTRMIOS(r4, 0x5452, &(0x7f0000000080)) r5 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f0000000300)=[@its_setup={0x82, 0x28, {0x0, 0x0, 0xba}}], 0x28}, 0x0, 0x0) r6 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000002c0), 0x94302, 0x0) ioctl$EXT4_IOC_MIGRATE(r6, 0x6609) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000000)=@arm64={0x0, 0x1, 0xf, '\x00', 0xfffffffffffff105}) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x801, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000180)={&(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7}) ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f00000001c0)={0x0, 0x0, 0x0}) r10 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ASSERT(r10, 0x0, 0x5, 0x0, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) r12 = fcntl$dupfd(r11, 0x0, r11) syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETCRTC(r12, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r12, 0xc06864ce, &(0x7f0000000100)={r13, 0x0, 0x0, 0x0, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x4]}) ioctl$DRM_IOCTL_MODE_SETPLANE(r7, 0xc03064b7, &(0x7f0000000200)={r8, r9, r13, 0xd2a1, 0x0, 0xe, 0x9, 0x0, 0x100, 0x8, 0xffff0000, 0x7fff}) ioctl$KVM_ARM_VCPU_FINALIZE(r5, 0x4004aec2, &(0x7f00000000c0)=0x5) r14 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r14, 0x5450, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2.091921636s ago: executing program 1 (id=6236): r0 = openat2(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x20a40}, 0x18) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_SOCK_GET(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="14001c0400785137f96729ff7537ef44f017bbaee603", @ANYRES16=0x0, @ANYBLOB="000225bd7000ffdbdf2506000000"], 0x14}, 0x1, 0x0, 0x0, 0x44800}, 0x8004000) r1 = syz_open_dev$admmidi(&(0x7f0000000180), 0x6, 0x149040) sync_file_range(r1, 0x9, 0xa, 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.kill\x00', 0x26e1, 0x0) r4 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) getsockopt$IP_VS_SO_GET_INFO(r5, 0x0, 0x22, 0x0, 0x0) close(r3) r6 = syz_open_dev$vcsn(&(0x7f0000000240), 0x0, 0x111042) ioctl$sock_inet6_udp_SIOCINQ(r6, 0x541b, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) r7 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000001c0), 0x300, 0x0) ioctl$BTRFS_IOC_DEFRAG_RANGE(r7, 0x40309410, &(0x7f0000000280)={0xfffffffffffff001, 0x6, 0x1, 0xfffffff9, 0x0, [0xc2aa, 0x2, 0x1, 0x1ff]}) sendmsg$nl_xfrm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x33fe0}}, 0x0) r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) sync_file_range(r8, 0x0, 0x0, 0x2) sendmsg$DEVLINK_CMD_GET(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0}}, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NET_DM_CMD_STOP(r9, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000500}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x10, 0x1, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 1.72104298s ago: executing program 1 (id=6237): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000a40)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0x60, 0x1412, 0x8, 0x70bd2b, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x1}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x44081}, 0x8000) 1.461337841s ago: executing program 1 (id=6238): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) syz_open_dev$hidraw(&(0x7f0000000200), 0xa4f, 0x280) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="000020000f79eff46dd59eb16c3ad01cf00900000070b8bc7d576924f4640ebb485ac40602237c6f3946e4c40b6dd1e7"], 0x14}}, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = fcntl$dupfd(r2, 0x0, r1) sendmsg$NL80211_CMD_SET_MPATH(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0}}, 0x0) r4 = add_key(&(0x7f0000000080)='ceph\x00', &(0x7f00000000c0)={'syz', 0x0}, &(0x7f0000000100)="80e674516b37d0a5534a47fda72d949ba8ec42c1189acb8c459909dcd554b937692b46e0b6beed25a98f02b5501100948b35b1f0587e0730c1e4344982f86a1c352c5c5a71de83f3657b3fd3fbd311ce822a633d7752fb7489736ad29209d028e643e6c5feed0f08eceaf9bc6eb872eab925ae2d77c71ecee30f5fda423cc3183cbaa549c2fd220cadd59b5c535b8cc1ae1b7376ba1417096a0d36724a031e72061824791a485ee4e714faeb502a47056e0d642542362800e4e0e90f1e345913cfd5c68b461e91bbaea35dad66", 0xcd, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r4, r3, 0xb4) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000e40)={0x2, 'pimreg0\x00', {0x3ff}, 0x47df}) 1.199526112s ago: executing program 1 (id=6239): r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close(r0) r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x5450, 0x0) r2 = syz_open_dev$vcsu(&(0x7f0000000ac0), 0x8000000000004, 0x80042) ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x541c, &(0x7f0000000080)) ioctl$TUNSETTXFILTER(r2, 0x5451, 0x0) r3 = socket(0x1d, 0x2, 0x6) r4 = timerfd_create(0x0, 0x0) close(r4) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_KEY(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) pipe2(&(0x7f0000000540)={0xffffffffffffffff}, 0x0) ioctl$TIOCMGET(r6, 0x5451, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r2, 0xc0189373, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r3, {0x4}}, './file0\x00'}) r7 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) dup3(r8, r7, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x80045400, &(0x7f0000000140)) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r5, 0x3, {0x2, 0xff}}, 0x18) 497.19994ms ago: executing program 1 (id=6240): pipe2(&(0x7f00000003c0)={0x0, 0x0}, 0x9eda41c050a40ac2) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f00000000c0)='syzkaller\x00'}, 0x90) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r3, 0x5521, 0x0) r4 = openat$mixer(0xffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = syz_open_dev$audion(&(0x7f0000000180), 0x1ff, 0x0) r6 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$DEVLINK_CMD_RATE_SET(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, 0x0, 0xb8eee940bd61a227}, 0x14}}, 0x0) recvmsg(r7, &(0x7f0000000c80)={&(0x7f0000000980)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, 0x0}, 0x0) dup3(r7, r8, 0x0) r9 = openat$null(0xffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCL_GETKMSGREDIRECT(r9, 0x5451, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x14, 0x0, 0x8, 0x70bd29, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) sendmsg$DEVLINK_CMD_SB_POOL_SET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="0c010000", @ANYRES16=r6, @ANYBLOB="200027bd7000fedbdf25100000000e0001006e657464657673696d0000000f0002006e657464657673691100ff0f000008001300000500140001000000080001007063690011000200303030303a30303a31302e300000000008000b0007000000060011000200000008001300bdf87400000005001400020000000e0001006e657464657673696d0000000f00547ae788fcf82fcad002006e657464657673696d30000008000b00540600000600110000000000080013002cc600000500140001000004080001007063690011000200303030303a30303a31302e300000000002000b00ff0f00000600110097ff0000080013000700000005001400000000000000000000000000000000000000b3851ea4498ccd70451cb4c57067ebd33356af3f9b3ee11799e4c9b2c1e83c8949820a8a1bedee02b87f4e210f40841bda657e7bb8050aaa4940c8f2df11a02da5a354a84f7e188a74d060a2282a3ea0bb0204aa23a37ee9c69468c351f39b8b186944de1e5d56cbc93bba45392697adac29ab73c49089b33b13ab331d72a53b4f464cc5d6d1110807344b3a228e45a61a40c9fa911888b968e39a94f2999815bfdc8ceeaefaa03287158834"], 0x10c}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000001) ioctl$SNDRV_PCM_IOCTL_READI_FRAMES(r5, 0x800c4151, 0x0) r10 = dup3(r4, r0, 0x0) r11 = socket$kcm(0x29, 0x5, 0x0) sendmsg$IPCTNL_MSG_CT_GET_DYING(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x24000000}, 0x24008040) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r10, 0xc0189373, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0x9}}, './file0\x00'}) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000000)=@n={0x0, 0x0, @generic}) 0s ago: executing program 1 (id=6241): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0a00000000000000000000000000000000000000a68483dd265cfd52d7360734c3e8a66033bb28686ab77d16edb5eafcb74f362a5ff757cf1fe61cc269790d29e703b99cfc4eae8dfa797f8edc33f87650fa6c8452135feedcac0d5d1e8c269a0de7fa877cd2c664420fab052b37e20700a5d0e284dd3e96057291fbd9c10cc5d4fd6e54a9b2d7dd4cf4fd25c678c08de324147e565ea918660f16059bfb63f816edaacadbce101e670018996a502788", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000500), 0x8) recvmsg$unix(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) r2 = fsopen(&(0x7f0000000000)='tmpfs\x00', 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.stat\x00', 0x26e1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = fcntl$dupfd(r4, 0x0, r4) sendmsg$IPCTNL_MSG_EXP_GET(r5, &(0x7f0000003300)={0x0, 0x0, &(0x7f00000032c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000010201"], 0x14}}, 0x0) r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000980), 0x200000, 0x0) ioctl$VFAT_IOCTL_READDIR_SHORT(r6, 0x82307202, 0x0) recvmsg$inet_nvme(r5, &(0x7f0000000280)={&(0x7f0000003440)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0}, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_ZERO(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="81caa229bf47998d1265c26d79f3b94ed3451c8427246c1466ba6bc54684c974a2cd71edd35ef081152e9b889069225625e7fd2659fae851994c6fcf2cc8462b37f4601c02f2dd69049e1ae3fb2c0986a2af329bce729098798dc69396e5bc3dfcd383bbc023434929454b163f19457c60cd0f320d70257fd1a264f0805c81898a796b45b34889f303c2f67d1d408467a8a34b8a9453ae861c71f3c753302824e4d36f6ccc2d46cac09c61596a02a30bce8007ba1dc3aa3a118547d7955ff67d0abeab477b5e2754012713b7d6f9613c1673df16c9dbfe67c449d250d185c62b4b59a6ab5add914d6cfd7ea74dd9dd2420a4a31a8cac4c21e8226cfe8f6f0f442c44cf8ac83d020cec4970b1d5fc72db7edba6f41a33449956df67d9a3f8dea55857598a584be7224d9084b75b904031a04d558b05dd4e4632e0848265da0045a881a4eb519fc66f73b156", @ANYBLOB="74c64d5c10df90d7ba7f8464d0f88872bc73c9f5a69a74c3b67b8cd1cf113eeb8e09699f825a9043a2a217cd03470241778137e162824454c3ef7956c9d40a6e444b094fb81cd70779e83b202f0cbcf29b3f000ab6e676dd5e088b36911e45da5f96ce550c8a5bd57ee6a5a4cc3cb533177ffaed6b11f9c21c8f45666a0b0a43b2a37b4a3e2436f50bd37c62566cf7f082c37c954752ff1ce7d679932db922f6f8985c9f14a2685a4a727b6ec47b", @ANYBLOB="0000000000000000000010000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) close(r3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) openat(r3, &(0x7f00000000c0)='./file0\x00', 0x400, 0x88) sendmsg$nl_xfrm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x33fe0}}, 0x0) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) fstatfs(r8, &(0x7f0000000080)=""/78) sendmsg$IPVS_CMD_NEW_DEST(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) r9 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) sendmsg$NLBL_MGMT_C_LISTALL(0xffffffffffffffff, 0x0, 0x4048800) recvmmsg(r9, &(0x7f0000001740)=[{{&(0x7f0000000400)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, 0x0, 0x0, 0x0, 0x52}}], 0x1, 0x2, 0x0) read$FUSE(r1, &(0x7f0000001780)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_LSEEK(r1, &(0x7f0000000040)={0x18, 0x0, r11, {0x9}}, 0x18) close_range(r10, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:57909' (ED25519) to the list of known hosts. syzkaller login: [ 135.139897][ T3307] cgroup: Unknown subsys name 'net' [ 135.387306][ T3307] cgroup: Unknown subsys name 'cpuset' [ 135.429927][ T3307] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 136.194098][ T3307] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 150.120164][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 150.239885][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 150.267463][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 150.397763][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 152.070382][ T3313] hsr_slave_0: entered promiscuous mode [ 152.086713][ T3313] hsr_slave_1: entered promiscuous mode [ 152.619738][ T3312] hsr_slave_0: entered promiscuous mode [ 152.630420][ T3312] hsr_slave_1: entered promiscuous mode [ 152.638912][ T3312] debugfs: 'hsr0' already exists in 'hsr' [ 152.642588][ T3312] Cannot create hsr debugfs directory [ 154.048143][ T3313] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 154.113069][ T3313] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 154.172972][ T3313] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 154.211067][ T3313] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 154.560563][ T3312] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 154.612690][ T3312] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 154.638729][ T3312] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 154.661634][ T3312] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 156.124040][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.183494][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 162.351418][ T3313] veth0_vlan: entered promiscuous mode [ 162.403053][ T3312] veth0_vlan: entered promiscuous mode [ 162.442329][ T3313] veth1_vlan: entered promiscuous mode [ 162.530586][ T3312] veth1_vlan: entered promiscuous mode [ 162.713277][ T3313] veth0_macvtap: entered promiscuous mode [ 162.780789][ T3313] veth1_macvtap: entered promiscuous mode [ 162.889156][ T3312] veth0_macvtap: entered promiscuous mode [ 162.957676][ T3312] veth1_macvtap: entered promiscuous mode [ 163.282673][ T151] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.283909][ T151] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.284443][ T151] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.316471][ T151] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.377901][ T151] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.378700][ T151] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.379032][ T151] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.379414][ T151] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.070351][ T3312] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 166.458700][ T3474] input: syz0 as /devices/virtual/input/input1 [ 170.481077][ T3463] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 173.378424][ T3487] input: syz0 as /devices/virtual/input/input2 [ 192.419399][ T3520] serio: Serial port pts0 [ 193.144304][ T3524] input: syz0 as /devices/virtual/input/input3 [ 209.013228][ T3532] fuse: root generation should be zero [ 214.472128][ T3569] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 220.456076][ T3620] input: syz0 as /devices/virtual/input/input4 [ 221.860060][ T3631] input: syz0 as /devices/virtual/input/input5 [ 232.948492][ T3676] input: syz0 as /devices/virtual/input/input6 [ 252.956687][ T3715] input: syz0 as /devices/virtual/input/input7 [ 255.169193][ T3724] serio: Serial port pts0 [ 271.870046][ T3734] Zero length message leads to an empty skb [ 283.627969][ T3800] serio: Serial port pts0 [ 287.523014][ T3810] serio: Serial port pts1 [ 298.780436][ T3816] input: syz0 as /devices/virtual/input/input8 [ 314.376163][ T3838] input: syz0 as /devices/virtual/input/input9 [ 327.888494][ T3875] input: syz0 as /devices/virtual/input/input10 [ 351.681592][ T3952] input: syz0 as /devices/virtual/input/input11 [ 352.153994][ T3955] serio: Serial port pts0 [ 376.411106][ T4030] serio: Serial port pts0 [ 388.579468][ T4077] serio: Serial port pts1 [ 396.067810][ T4108] input: syz0 as /devices/virtual/input/input12 [ 396.520517][ T3963] udevd[3963]: setting mode of /dev/input/event1 to 020660 failed: No such file or directory [ 396.522252][ T3963] udevd[3963]: setting owner of /dev/input/event1 to uid=0, gid=103 failed: No such file or directory [ 418.253662][ T4156] input: syz0 as /devices/virtual/input/input13 [ 435.698791][ T4205] input: syz0 as /devices/virtual/input/input14 [ 436.530169][ T4210] input: syz0 as /devices/virtual/input/input15 [ 440.210287][ T4231] syz_tun: entered promiscuous mode [ 458.182301][ T4266] input: syz0 as /devices/virtual/input/input16 [ 461.293910][ T4284] input: syz0 as /devices/virtual/input/input17 [ 480.161405][ T4302] serio: Serial port pts0 [ 482.682795][ T4311] input: syz0 as /devices/virtual/input/input18 [ 495.393145][ T4316] input: syz0 as /devices/virtual/input/input19 [ 500.427217][ T4332] input: syz0 as /devices/virtual/input/input20 [ 507.869735][ T4337] input: syz0 as /devices/virtual/input/input21 [ 510.492211][ T4350] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 510.500744][ T4350] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 516.690646][ T4375] input: syz0 as /devices/virtual/input/input22 [ 529.106971][ T4400] input: syz0 as /devices/virtual/input/input23 [ 542.171838][ T4409] serio: Serial port pts0 [ 553.017999][ T4430] input: syz0 as /devices/virtual/input/input24 [ 556.814718][ T4445] input: syz0 as /devices/virtual/input/input25 [ 584.292447][ T4497] input: syz0 as /devices/virtual/input/input26 [ 588.801024][ T4529] input: syz0 as /devices/virtual/input/input27 [ 591.120834][ T4541] input: syz0 as /devices/virtual/input/input28 [ 617.480191][ T4593] input: syz0 as /devices/virtual/input/input29 [ 620.972072][ T4603] input: syz0 as /devices/virtual/input/input30 [ 638.567329][ T4610] input: syz0 as /devices/virtual/input/input31 [ 640.319920][ T4624] input: syz0 as /devices/virtual/input/input32 [ 648.454073][ T4656] serio: Serial port pts0 [ 658.776974][ T4662] input: syz0 as /devices/virtual/input/input34 [ 666.303784][ T4683] input: syz0 as /devices/virtual/input/input35 [ 687.658359][ T4727] input: syz0 as /devices/virtual/input/input36 [ 689.712311][ T4731] input: syz0 as /devices/virtual/input/input37 [ 693.164490][ T4745] input: syz0 as /devices/virtual/input/input38 [ 696.444524][ T4755] serio: Serial port pts0 [ 706.386310][ T4763] serio: Serial port pts1 [ 720.764737][ T4800] input: syz0 as /devices/virtual/input/input39 [ 729.180774][ T4862] input: syz0 as /devices/virtual/input/input40 [ 737.943747][ T4887] serio: Serial port pts0 [ 746.572348][ T4892] input: syz0 as /devices/virtual/input/input41 [ 765.213670][ T4932] input: syz0 as /devices/virtual/input/input42 [ 768.056978][ T4945] serio: Serial port pts0 [ 798.440268][ T5022] input: syz0 as /devices/virtual/input/input43 [ 803.883736][ T5047] input: syz0 as /devices/virtual/input/input44 [ 808.553368][ T5065] input: syz0 as /devices/virtual/input/input45 [ 831.550175][ T5122] input: syz0 as /devices/virtual/input/input46 [ 837.143940][ T5156] input: syz0 as /devices/virtual/input/input47 [ 839.934524][ T5170] serio: Serial port pts0 [ 853.623122][ T5177] serio: Serial port pts1 [ 858.778449][ T5191] capability: warning: `syz.0.584' uses deprecated v2 capabilities in a way that may be insecure [ 868.810115][ T5219] input: syz0 as /devices/virtual/input/input48 [ 887.553682][ T5243] input: syz0 as /devices/virtual/input/input49 [ 896.244126][ T5273] input: syz0 as /devices/virtual/input/input50 [ 921.057220][ T5341] input: syz0 as /devices/virtual/input/input51 [ 923.418612][ T5352] input: syz0 as /devices/virtual/input/input52 [ 939.518208][ T5356] input: syz0 as /devices/virtual/input/input53 [ 945.717016][ T5370] input: syz1 as /devices/virtual/input/input54 [ 953.428119][ T5394] input: syz0 as /devices/virtual/input/input55 [ 977.999660][ T5465] input: syz0 as /devices/virtual/input/input56 [ 980.571151][ T5478] serio: Serial port pts0 [ 993.934102][ T5483] input: syz0 as /devices/virtual/input/input57 [ 997.805707][ T5494] serio: Serial port pts0 [ 1019.503211][ T5541] input: syz0 as /devices/virtual/input/input58 [ 1019.980402][ T5544] input: syz0 as /devices/virtual/input/input59 [ 1021.363874][ T5551] input: syz0 as /devices/virtual/input/input60 [ 1038.421838][ T5556] input: syz0 as /devices/virtual/input/input61 [ 1039.402471][ T5562] input: syz0 as /devices/virtual/input/input62 [ 1064.130337][ T5601] serio: Serial port pts0 [ 1071.190142][ T5628] input: syz0 as /devices/virtual/input/input63 [ 1083.959622][ T5655] serio: Serial port pts0 [ 1091.516425][ T5676] serio: Serial port pts0 [ 1103.200287][ T5702] input: syz0 as /devices/virtual/input/input64 [ 1104.423247][ T5706] input: syz0 as /devices/virtual/input/input65 [ 1108.849247][ T5720] input: syz0 as /devices/virtual/input/input66 [ 1122.227217][ T5730] input: syz0 as /devices/virtual/input/input67 [ 1141.779357][ T5794] input: syz0 as /devices/virtual/input/input68 [ 1147.586971][ T5802] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 1148.798716][ T5815] input: syz0 as /devices/virtual/input/input69 [ 1161.593330][ T5829] input: syz0 as /devices/virtual/input/input70 [ 1168.847650][ T5853] input: syz0 as /devices/virtual/input/input71 [ 1175.871489][ T5907] serio: Serial port pts0 [ 1175.932931][ T5909] input: syz0 as /devices/virtual/input/input72 [ 1191.991673][ T5924] serio: Serial port pts0 [ 1192.632679][ T5929] serio: Serial port pts1 [ 1202.072034][ T5973] input: syz0 as /devices/virtual/input/input73 [ 1224.503387][ T6029] serio: Serial port pts0 [ 1225.597620][ T6038] input: syz0 as /devices/virtual/input/input74 [ 1242.872544][ T6065] input: syz0 as /devices/virtual/input/input75 [ 1245.849788][ T6080] input: syz0 as /devices/virtual/input/input76 [ 1264.229354][ T6095] input: syz0 as /devices/virtual/input/input77 [ 1267.863468][ T6114] input: syz0 as /devices/virtual/input/input78 [ 1283.409680][ T6118] input: syz0 as /devices/virtual/input/input79 [ 1293.532055][ T6138] input: syz0 as /devices/virtual/input/input80 [ 1305.477746][ T6160] input: syz0 as /devices/virtual/input/input81 [ 1310.655900][ T6164] input: syz0 as /devices/virtual/input/input82 [ 1312.865158][ C1] hrtimer: interrupt took 734180 ns [ 1328.731922][ T6185] input: syz0 as /devices/virtual/input/input83 [ 1329.689226][ T6191] input: syz0 as /devices/virtual/input/input84 [ 1346.216644][ T6196] serio: Serial port pts0 [ 1357.232673][ T6235] input: syz0 as /devices/virtual/input/input85 [ 1362.439161][ T6247] serio: Serial port pts0 [ 1388.588355][ T6351] input: syz0 as /devices/virtual/input/input86 [ 1390.438891][ T6362] input: syz0 as /devices/virtual/input/input87 [ 1412.647016][ T6398] input: syz0 as /devices/virtual/input/input88 [ 1434.034619][ T6467] serio: Serial port pts0 [ 1437.794782][ T6477] input: syz0 as /devices/virtual/input/input89 [ 1459.093506][ T6518] input: syz0 as /devices/virtual/input/input90 [ 1466.912844][ T6531] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1031'. [ 1484.257504][ T6600] serio: Serial port pts0 [ 1485.106505][ T6606] serio: Serial port pts1 [ 1506.300416][ T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 1506.322874][ T10] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1509.537709][ T6688] input: syz0 as /devices/virtual/input/input91 [ 1520.184342][ T6714] loop7: detected capacity change from 0 to 16385 [ 1541.360374][ T6843] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1541.649239][ T6842] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1135'. [ 1683.906801][ T7798] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 1695.672687][ T7907] serio: Serial port pts0 [ 1770.517290][ T8316] input: syz0 as /devices/virtual/input/input92 [ 1869.289728][ T8864] input: syz0 as /devices/virtual/input/input93 [ 1910.500769][ T9109] input: syz0 as /devices/virtual/input/input94 [ 1959.271852][ T9371] input: syz1 as /devices/virtual/input/input95 [ 2014.411417][ T9711] input: syz0 as /devices/virtual/input/input96 [ 2040.008930][ T9822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2040.011455][ T9822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2052.427828][ T9878] syz.1.2172 uses obsolete (PF_INET,SOCK_PACKET) [ 2095.706062][T10143] dvmrp1: entered allmulticast mode [ 2134.764611][T10421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2134.782308][T10421] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2135.919010][T10431] input: syz1 as /devices/virtual/input/input97 [ 2178.207290][T10637] lo: entered promiscuous mode [ 2178.251452][T10637] lo: left promiscuous mode [ 2272.710080][T11269] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2272.728005][T11269] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2416.938942][T12291] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3007'. [ 2419.709635][T12314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2419.720819][T12314] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2537.597628][T13135] input: syz0 as /devices/virtual/input/input99 [ 2690.414343][T14224] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2690.419506][T14224] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2812.848462][T15094] lo: entered promiscuous mode [ 2812.877423][T15094] lo: left promiscuous mode [ 2828.790849][T15203] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4015'. [ 2887.911377][T15536] 8021q: VLANs not supported on ip6_vti0 [ 2888.308948][T15544] syz_tun: entered allmulticast mode [ 2888.317181][T15543] syz_tun: left allmulticast mode [ 2922.668989][T15753] input: syz0 as /devices/virtual/input/input100 [ 2967.028166][T16009] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4294'. [ 2983.266815][T16098] input: syz0 as /devices/virtual/input/input101 [ 3010.636711][T16135] lo: entered promiscuous mode [ 3010.639439][T16134] lo: left promiscuous mode [ 3018.912050][T16200] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4360'. [ 3121.196467][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 3121.386253][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 3121.418969][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3121.419735][ T10] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16 [ 3121.422782][ T10] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 3121.462713][ T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 3121.463477][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3121.474533][ T10] usb 1-1: Product: syz [ 3121.478991][ T10] usb 1-1: Manufacturer: syz [ 3121.479654][ T10] usb 1-1: SerialNumber: syz [ 3121.749406][T16745] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 3121.764351][T16745] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 3122.241047][ T10] cdc_ncm 1-1:1.0: failed GET_NTB_PARAMETERS [ 3122.248110][ T10] cdc_ncm 1-1:1.0: bind() failure [ 3122.299980][ T10] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 3122.304596][ T10] cdc_ncm 1-1:1.1: bind() failure [ 3122.347884][ T10] usb 1-1: USB disconnect, device number 2 [ 3179.993047][T17088] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3180.012094][T17088] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3180.800022][T17098] input: syz0 as /devices/virtual/input/input102 [ 3191.392710][T17141] : renamed from ipvlan1 [ 3199.399767][T17181] netlink: 52 bytes leftover after parsing attributes in process `syz.1.4706'. [ 3202.223569][T17194] Process accounting resumed [ 3241.734456][T17406] syz.0.4784 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 3241.740155][T17406] 8021q: VLANs not supported on ip6_vti0 [ 3293.823247][T17701] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4884'. [ 3325.110541][T14365] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 3325.300379][T14365] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 3325.301034][T14365] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 3325.301261][T14365] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 3325.301458][T14365] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 3325.301724][T14365] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 3325.376772][T14365] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 3325.377406][T14365] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 3325.378028][T14365] usb 1-1: SerialNumber: syz [ 3325.422823][T14365] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 3336.182986][T14365] usb 1-1: USB disconnect, device number 3 [ 3356.625791][T17878] serio: Serial port pts0 [ 3465.219480][T15462] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3465.219975][T15462] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3465.220403][T15462] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3465.220681][T15462] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3472.405902][T18298] serio: Serial port pts0 [ 3503.788464][T18422] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 3523.703279][T18473] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5138'. [ 3569.681092][T18598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3569.683929][T18598] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3593.998203][T18711] serio: Serial port pts0 [ 3638.286009][T18868] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5274'. [ 3670.676210][T18998] process 'syz.0.5321' launched './file0' with NULL argv: empty string added [ 3673.984191][T19016] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5326'. [ 3703.635843][T19103] serio: Serial port pts0 [ 3711.609812][ T30] audit: type=1326 audit(3711.300:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=19128 comm="syz.1.5359" exe="/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9b35c068 code=0x0 [ 3715.572209][T19142] 8021q: VLANs not supported on ip6gre0 [ 3725.310234][T19175] fuse: Bad value for 'fd' [ 3741.181310][T19229] 8021q: VLANs not supported on ip_vti0 [ 3746.828467][T19240] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3746.831122][T19240] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3769.398884][T19330] serio: Serial port pts0 [ 3805.113475][T19448] input: syz0 as /devices/virtual/input/input105 [ 3833.458452][T19528] 8021q: VLANs not supported on vcan0 [ 3841.680650][T19553] netlink: 9 bytes leftover after parsing attributes in process `syz.0.5493'. [ 3845.481770][T19553] gretap0: entered promiscuous mode [ 3872.976267][T19656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3872.977898][T19656] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3884.067076][T19703] "syz.0.5546" (19703) uses obsolete ecb(arc4) skcipher [ 3902.247796][T19816] input: syz0 as /devices/virtual/input/input106 [ 3902.350268][T19818] pimreg: entered allmulticast mode [ 3902.359471][T19818] pimreg: left allmulticast mode [ 3923.921277][T19952] input: syz0 as /devices/virtual/input/input107 [ 3959.061243][T20058] binder: 20057:20058 ioctl 4018620d 0 returned -22 [ 3959.510437][T20058] binder: 20057:20058 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 3959.526219][T20058] binder: 20058 RLIMIT_NICE not set [ 3977.373956][T20128] fuse: Bad value for 'fd' [ 4002.564344][T20221] input: syz0 as /devices/virtual/input/input108 [ 4011.741686][T20244] fuse: Bad value for 'fd' [ 4022.838951][T20259] fuse: Bad value for 'fd' [ 4023.247074][T20263] input: syz0 as /devices/virtual/input/input109 [ 4031.633108][T20284] capability: warning: `syz.0.5764' uses 32-bit capabilities (legacy support in use) [ 4037.480387][T20297] input: syz0 as /devices/virtual/input/input110 [ 4040.403250][T20302] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 4040.412310][T20302] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 4050.983241][T20316] input: syz0 as /devices/virtual/input/input111 [ 4060.006630][T20330] input: syz0 as /devices/virtual/input/input112 [ 4072.496234][T20342] input: syz0 as /devices/virtual/input/input113 [ 4078.898671][T20365] fuse: Unknown parameter 'group_i00000000000000000000' [ 4081.708291][T20376] input: syz0 as /devices/virtual/input/input114 [ 4084.172817][T20380] fuse: Unknown parameter 'group_i00000000000000000000' [ 4088.412519][T20393] fuse: Unknown parameter 'group_i00000000000000000000' [ 4088.608864][T20395] input: syz0 as /devices/virtual/input/input115 [ 4107.813364][T20439] serio: Serial port pts0 [ 4116.402984][T20469] input: syz0 as /devices/virtual/input/input116 [ 4125.238459][T20484] input: syz1 as /devices/virtual/input/input117 [ 4135.627886][T20496] input: syz0 as /devices/virtual/input/input118 [ 4146.231960][T20500] input: syz0 as /devices/virtual/input/input119 [ 4154.531441][T20506] input: syz0 as /devices/virtual/input/input120 [ 4173.677681][T20536] input: syz0 as /devices/virtual/input/input121 [ 4181.416327][T20557] input: syz0 as /devices/virtual/input/input122 [ 4198.639870][T20574] serio: Serial port pts0 [ 4218.288109][T20625] input: syz0 as /devices/virtual/input/input123 [ 4221.519277][T20632] input: syz0 as /devices/virtual/input/input124 [ 4228.548022][T20637] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 4230.180935][T20649] input: syz0 as /devices/virtual/input/input125 [ 4250.009804][T20668] input: syz0 as /devices/virtual/input/input126 [ 4261.360940][T20680] kernel profiling enabled (shift: 0) [ 4277.339449][T20743] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 4304.783594][T20914] input: syz0 as /devices/virtual/input/input128 [ 4322.750471][T20952] input: syz0 as /devices/virtual/input/input129 [ 4323.140218][T20955] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 4331.217143][T20987] input: syz0 as /devices/virtual/input/input131 [ 4350.930924][T21003] input: syz0 as /devices/virtual/input/input132 [ 4354.722067][T21024] input: syz0 as /devices/virtual/input/input133 [ 4362.114555][T21038] ubi31: attaching mtd0 [ 4362.246981][T21038] ubi31: scanning is finished [ 4362.251193][T21038] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 4362.337320][T21038] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 4368.978345][T21040] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 4371.622258][T21069] input: syz0 as /devices/virtual/input/input134 [ 4374.304687][T21072] input: syz0 as /devices/virtual/input/input135 [ 4394.741809][T21105] input: syz0 as /devices/virtual/input/input136 [ 4410.379585][T21129] input: syz0 as /devices/virtual/input/input137 [ 4413.627863][T21132] input: syz0 as /devices/virtual/input/input138 [ 4431.617944][T21144] input: syz0 as /devices/virtual/input/input139 [ 4439.347559][T21147] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 4439.725928][T21155] input: syz0 as /devices/virtual/input/input140 [ 4453.816901][T21173] input: syz0 as /devices/virtual/input/input141 [ 4459.572334][T21187] input: syz0 as /devices/virtual/input/input142 [ 4474.946795][T21191] input: syz0 as /devices/virtual/input/input143 [ 4482.530063][T21199] FAULT_INJECTION: forcing a failure. [ 4482.530063][T21199] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 4482.531281][T21199] CPU: 1 UID: 0 PID: 21199 Comm: syz.1.6066 Not tainted syzkaller #0 PREEMPT [ 4482.531769][T21199] Hardware name: linux,dummy-virt (DT) [ 4482.532336][T21199] Call trace: [ 4482.532959][T21199] show_stack+0x18/0x24 (C) [ 4482.533640][T21199] dump_stack_lvl+0x78/0x90 [ 4482.533971][T21199] dump_stack+0x18/0x24 [ 4482.534218][T21199] should_fail_ex+0x1dc/0x234 [ 4482.534471][T21199] should_fail+0x14/0x24 [ 4482.534734][T21199] should_fail_usercopy+0x1c/0x28 [ 4482.535047][T21199] _inline_copy_from_user+0x24/0xb0 [ 4482.535362][T21199] copy_msghdr_from_user+0x54/0xcc [ 4482.535622][T21199] ___sys_sendmsg+0x8c/0x100 [ 4482.535897][T21199] __sys_sendmsg+0x98/0xf8 [ 4482.536146][T21199] __arm64_sys_sendmsg+0x24/0x30 [ 4482.536405][T21199] invoke_syscall+0x48/0x110 [ 4482.536677][T21199] el0_svc_common.constprop.0+0x40/0xe0 [ 4482.536926][T21199] do_el0_svc+0x1c/0x28 [ 4482.537184][T21199] el0_svc+0x34/0x10c [ 4482.537584][T21199] el0t_64_sync_handler+0xa0/0xe4 [ 4482.537836][T21199] el0t_64_sync+0x1a4/0x1a8 [ 4493.734140][T21207] ubi31: attaching mtd0 [ 4493.848296][T21207] ubi31: scanning is finished [ 4493.849469][T21207] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 4493.933602][T21207] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 4495.698291][T21209] fuse: Bad value for 'fd' [ 4501.264672][T21233] ubi31: attaching mtd0 [ 4501.360019][T21233] ubi31: scanning is finished [ 4501.360997][T21233] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 4501.427944][T21233] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 4506.622424][T21278] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6096'. [ 4517.087732][T21392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 4517.090224][T21392] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 4521.254254][T21430] FAULT_INJECTION: forcing a failure. [ 4521.254254][T21430] name failslab, interval 1, probability 0, space 0, times 1 [ 4521.254856][T21430] CPU: 0 UID: 0 PID: 21430 Comm: syz.0.6147 Not tainted syzkaller #0 PREEMPT [ 4521.255180][T21430] Hardware name: linux,dummy-virt (DT) [ 4521.255288][T21430] Call trace: [ 4521.255393][T21430] show_stack+0x18/0x24 (C) [ 4521.255638][T21430] dump_stack_lvl+0x78/0x90 [ 4521.255852][T21430] dump_stack+0x18/0x24 [ 4521.256066][T21430] should_fail_ex+0x1dc/0x234 [ 4521.256474][T21430] should_failslab+0x54/0x80 [ 4521.256719][T21430] __kmalloc_noprof+0xa8/0x430 [ 4521.256995][T21430] tomoyo_encode2+0x7c/0x140 [ 4521.257252][T21430] tomoyo_encode+0x28/0x40 [ 4521.257512][T21430] tomoyo_realpath_from_path+0x80/0x1b4 [ 4521.257783][T21430] tomoyo_path_number_perm+0xd8/0x20c [ 4521.257999][T21430] tomoyo_file_ioctl+0x1c/0x28 [ 4521.258251][T21430] security_file_ioctl+0x8c/0x19c [ 4521.258463][T21430] __arm64_sys_ioctl+0x48/0x104 [ 4521.258682][T21430] invoke_syscall+0x48/0x110 [ 4521.258895][T21430] el0_svc_common.constprop.0+0x40/0xe0 [ 4521.259154][T21430] do_el0_svc+0x1c/0x28 [ 4521.259418][T21430] el0_svc+0x34/0x10c [ 4521.259652][T21430] el0t_64_sync_handler+0xa0/0xe4 [ 4521.259898][T21430] el0t_64_sync+0x1a4/0x1a8 [ 4521.315235][T21430] ERROR: Out of memory at tomoyo_realpath_from_path. [ 4522.593618][T21450] fuse: Unknown parameter '0x000000000000000400000000000000000006' [ 4525.731633][T21486] lo: entered promiscuous mode [ 4526.288190][T21486] lo: left promiscuous mode [ 4527.277792][T21505] FAULT_INJECTION: forcing a failure. [ 4527.277792][T21505] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 4527.286028][T21505] CPU: 1 UID: 0 PID: 21505 Comm: syz.1.6174 Not tainted syzkaller #0 PREEMPT [ 4527.286377][T21505] Hardware name: linux,dummy-virt (DT) [ 4527.286499][T21505] Call trace: [ 4527.286606][T21505] show_stack+0x18/0x24 (C) [ 4527.286874][T21505] dump_stack_lvl+0x78/0x90 [ 4527.287122][T21505] dump_stack+0x18/0x24 [ 4527.287365][T21505] should_fail_ex+0x1dc/0x234 [ 4527.287622][T21505] should_fail+0x14/0x24 [ 4527.287863][T21505] should_fail_usercopy+0x1c/0x28 [ 4527.288150][T21505] copy_from_sockptr_offset.constprop.0+0x48/0xf4 [ 4527.288430][T21505] j1939_sk_setsockopt_flag+0x40/0xc0 [ 4527.288681][T21505] j1939_sk_setsockopt+0x6c/0x308 [ 4527.288922][T21505] do_sock_setsockopt+0xa0/0x18c [ 4527.289169][T21505] __sys_setsockopt+0x80/0xfc [ 4527.289413][T21505] __arm64_sys_setsockopt+0x28/0x38 [ 4527.289693][T21505] invoke_syscall+0x48/0x110 [ 4527.289943][T21505] el0_svc_common.constprop.0+0x40/0xe0 [ 4527.290190][T21505] do_el0_svc+0x1c/0x28 [ 4527.290435][T21505] el0_svc+0x34/0x10c [ 4527.290689][T21505] el0t_64_sync_handler+0xa0/0xe4 [ 4527.290936][T21505] el0t_64_sync+0x1a4/0x1a8 [ 4528.210926][T21519] FAULT_INJECTION: forcing a failure. [ 4528.210926][T21519] name failslab, interval 1, probability 0, space 0, times 0 [ 4528.217193][T21519] CPU: 1 UID: 0 PID: 21519 Comm: syz.0.6181 Not tainted syzkaller #0 PREEMPT [ 4528.217565][T21519] Hardware name: linux,dummy-virt (DT) [ 4528.217690][T21519] Call trace: [ 4528.217785][T21519] show_stack+0x18/0x24 (C) [ 4528.218068][T21519] dump_stack_lvl+0x78/0x90 [ 4528.218316][T21519] dump_stack+0x18/0x24 [ 4528.218550][T21519] should_fail_ex+0x1dc/0x234 [ 4528.218788][T21519] should_failslab+0x54/0x80 [ 4528.219023][T21519] __kmalloc_noprof+0xa8/0x430 [ 4528.219248][T21519] tomoyo_realpath_from_path+0x44/0x1b4 [ 4528.219503][T21519] tomoyo_path_number_perm+0xd8/0x20c [ 4528.219752][T21519] tomoyo_file_ioctl+0x1c/0x28 [ 4528.219988][T21519] security_file_ioctl+0x8c/0x19c [ 4528.220220][T21519] __arm64_sys_ioctl+0x48/0x104 [ 4528.220504][T21519] invoke_syscall+0x48/0x110 [ 4528.220748][T21519] el0_svc_common.constprop.0+0x40/0xe0 [ 4528.220992][T21519] do_el0_svc+0x1c/0x28 [ 4528.221245][T21519] el0_svc+0x34/0x10c [ 4528.221505][T21519] el0t_64_sync_handler+0xa0/0xe4 [ 4528.221775][T21519] el0t_64_sync+0x1a4/0x1a8 [ 4528.251866][T21519] ERROR: Out of memory at tomoyo_realpath_from_path. [ 4536.600152][T21582] FAULT_INJECTION: forcing a failure. [ 4536.600152][T21582] name failslab, interval 1, probability 0, space 0, times 0 [ 4536.601008][T21582] CPU: 0 UID: 0 PID: 21582 Comm: syz.1.6208 Not tainted syzkaller #0 PREEMPT [ 4536.601274][T21582] Hardware name: linux,dummy-virt (DT) [ 4536.601387][T21582] Call trace: [ 4536.601475][T21582] show_stack+0x18/0x24 (C) [ 4536.601773][T21582] dump_stack_lvl+0x78/0x90 [ 4536.601997][T21582] dump_stack+0x18/0x24 [ 4536.602213][T21582] should_fail_ex+0x1dc/0x234 [ 4536.602424][T21582] should_failslab+0x54/0x80 [ 4536.602676][T21582] __kmalloc_noprof+0xa8/0x430 [ 4536.602921][T21582] tomoyo_realpath_from_path+0x44/0x1b4 [ 4536.603186][T21582] tomoyo_path_number_perm+0xd8/0x20c [ 4536.603457][T21582] tomoyo_file_ioctl+0x1c/0x28 [ 4536.603707][T21582] security_file_ioctl+0x8c/0x19c [ 4536.603976][T21582] __arm64_sys_ioctl+0x48/0x104 [ 4536.604281][T21582] invoke_syscall+0x48/0x110 [ 4536.604530][T21582] el0_svc_common.constprop.0+0x40/0xe0 [ 4536.604782][T21582] do_el0_svc+0x1c/0x28 [ 4536.605087][T21582] el0_svc+0x34/0x10c [ 4536.605326][T21582] el0t_64_sync_handler+0xa0/0xe4 [ 4536.605587][T21582] el0t_64_sync+0x1a4/0x1a8 [ 4536.610343][T21582] ERROR: Out of memory at tomoyo_realpath_from_path. [ 4540.144528][T21618] FAULT_INJECTION: forcing a failure. [ 4540.144528][T21618] name failslab, interval 1, probability 0, space 0, times 0 [ 4540.146532][T21618] CPU: 0 UID: 0 PID: 21618 Comm: syz.1.6222 Not tainted syzkaller #0 PREEMPT [ 4540.146815][T21618] Hardware name: linux,dummy-virt (DT) [ 4540.146923][T21618] Call trace: [ 4540.147035][T21618] show_stack+0x18/0x24 (C) [ 4540.147292][T21618] dump_stack_lvl+0x78/0x90 [ 4540.147506][T21618] dump_stack+0x18/0x24 [ 4540.147787][T21618] should_fail_ex+0x1dc/0x234 [ 4540.148057][T21618] should_failslab+0x54/0x80 [ 4540.148295][T21618] __kmalloc_noprof+0xa8/0x430 [ 4540.148529][T21618] tomoyo_encode2+0x7c/0x140 [ 4540.148769][T21618] tomoyo_encode+0x28/0x40 [ 4540.148996][T21618] tomoyo_realpath_from_path+0x80/0x1b4 [ 4540.149230][T21618] tomoyo_path_number_perm+0xd8/0x20c [ 4540.149480][T21618] tomoyo_file_ioctl+0x1c/0x28 [ 4540.149755][T21618] security_file_ioctl+0x8c/0x19c [ 4540.149992][T21618] __arm64_sys_ioctl+0x48/0x104 [ 4540.150241][T21618] invoke_syscall+0x48/0x110 [ 4540.150496][T21618] el0_svc_common.constprop.0+0x40/0xe0 [ 4540.150752][T21618] do_el0_svc+0x1c/0x28 [ 4540.151008][T21618] el0_svc+0x34/0x10c [ 4540.151282][T21618] el0t_64_sync_handler+0xa0/0xe4 [ 4540.151532][T21618] el0t_64_sync+0x1a4/0x1a8 [ 4540.151874][T21618] ERROR: Out of memory at tomoyo_realpath_from_path. [ 4540.628036][T21620] ======================================================= [ 4540.628036][T21620] WARNING: The mand mount option has been deprecated and [ 4540.628036][T21620] and is ignored by this kernel. Remove the mand [ 4540.628036][T21620] option from the mount to silence this warning. [ 4540.628036][T21620] ======================================================= [ 4545.367631][T21654] ================================================================== [ 4545.370912][T21654] BUG: KASAN: invalid-access in __kvm_pgtable_walk+0x110/0x2d0 [ 4545.372483][T21654] Read at addr f2f000000b91c000 by task syz.0.6235/21654 [ 4545.372832][T21654] Pointer tag: [f2], memory tag: [fe] [ 4545.372990][T21654] [ 4545.373796][T21654] CPU: 0 UID: 0 PID: 21654 Comm: syz.0.6235 Not tainted syzkaller #0 PREEMPT [ 4545.374317][T21654] Hardware name: linux,dummy-virt (DT) [ 4545.374704][T21654] Call trace: [ 4545.375179][T21654] show_stack+0x18/0x24 (C) [ 4545.375639][T21654] dump_stack_lvl+0x78/0x90 [ 4545.375884][T21654] print_report+0x108/0x61c [ 4545.376095][T21654] kasan_report+0x88/0xac [ 4545.376311][T21654] __do_kernel_fault+0x170/0x1c8 [ 4545.376536][T21654] do_bad_area+0x68/0x78 [ 4545.376757][T21654] do_tag_check_fault+0x34/0x44 [ 4545.376971][T21654] do_mem_abort+0x44/0x94 [ 4545.377173][T21654] el1_abort+0x40/0x60 [ 4545.377376][T21654] el1h_64_sync_handler+0x50/0xac [ 4545.377615][T21654] el1h_64_sync+0x6c/0x70 [ 4545.377934][T21654] __kvm_pgtable_walk+0x110/0x2d0 (P) [ 4545.378150][T21654] kvm_pgtable_walk+0xd0/0x164 [ 4545.378361][T21654] kvm_pgtable_stage2_destroy_range+0x3c/0x70 [ 4545.378588][T21654] kvm_stage2_destroy+0x74/0xd0 [ 4545.378809][T21654] kvm_free_stage2_pgd+0x4c/0x84 [ 4545.379027][T21654] kvm_uninit_stage2_mmu+0x1c/0x34 [ 4545.379244][T21654] kvm_arch_flush_shadow_all+0x6c/0x84 [ 4545.379463][T21654] kvm_mmu_notifier_release+0x30/0x84 [ 4545.379687][T21654] mmu_notifier_unregister+0x5c/0x11c [ 4545.379966][T21654] kvm_destroy_vm+0x148/0x2b0 [ 4545.380185][T21654] kvm_vcpu_release+0x70/0x9c [ 4545.380400][T21654] __fput+0xcc/0x2dc [ 4545.380628][T21654] ____fput+0x14/0x20 [ 4545.380850][T21654] task_work_run+0x78/0xd4 [ 4545.381073][T21654] get_signal+0xc8/0x848 [ 4545.381290][T21654] do_signal+0xf0/0x3ec [ 4545.381501][T21654] do_notify_resume+0xe0/0x16c [ 4545.381744][T21654] el0_svc+0x108/0x10c [ 4545.381948][T21654] el0t_64_sync_handler+0xa0/0xe4 [ 4545.382168][T21654] el0t_64_sync+0x1a4/0x1a8 [ 4545.382599][T21654] [ 4545.383022][T21654] The buggy address belongs to the physical page: [ 4545.383648][T21654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xf1f0000000000000 pfn:0x4b91c [ 4545.384135][T21654] flags: 0x1fff40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xd) [ 4545.385373][T21654] raw: 01fff40000000000 ffffc1ffc0123188 ffffc1ffc00c2288 0000000000000000 [ 4545.385594][T21654] raw: f1f0000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 4545.385806][T21654] page dumped because: kasan: bad access detected [ 4545.385919][T21654] [ 4545.386002][T21654] Memory state around the buggy address: [ 4545.386315][T21654] fff000000b91be00: f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 [ 4545.386494][T21654] fff000000b91bf00: f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 [ 4545.386651][T21654] >fff000000b91c000: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4545.386786][T21654] ^ [ 4545.387187][T21654] fff000000b91c100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4545.387344][T21654] fff000000b91c200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4545.387512][T21654] ================================================================== [ 4545.389385][T21654] Disabling lock debugging due to kernel taint [ 4545.703681][T21667] BUG: Bad page state in process syz.1.6241 pfn:4308a [ 4545.704317][T21667] page: refcount:-511 mapcount:0 mapping:0000000000000000 index:0x4b pfn:0x4308a [ 4545.704537][T21667] flags: 0x1ffd00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x4) [ 4545.704812][T21667] raw: 01ffd00000000000 dead000000000100 dead000000000122 0000000000000000 [ 4545.705614][T21667] raw: 000000000000004b 0000000000000000 fffffe01ffffffff 0000000000000000 [ 4545.705714][T21667] page dumped because: nonzero _refcount [ 4545.705838][T21667] Modules linked in: [ 4545.707600][T21667] CPU: 0 UID: 0 PID: 21667 Comm: syz.1.6241 Tainted: G B syzkaller #0 PREEMPT [ 4545.707916][T21667] Tainted: [B]=BAD_PAGE [ 4545.708023][T21667] Hardware name: linux,dummy-virt (DT) [ 4545.708125][T21667] Call trace: [ 4545.708210][T21667] show_stack+0x18/0x24 (C) [ 4545.708455][T21667] dump_stack_lvl+0x78/0x90 [ 4545.708685][T21667] dump_stack+0x18/0x24 [ 4545.708896][T21667] bad_page+0x84/0x128 [ 4545.709109][T21667] check_new_page+0x104/0x130 [ 4545.709347][T21667] __rmqueue_pcplist+0x14c/0x1080 [ 4545.709592][T21667] alloc_pages_bulk_noprof+0x2a0/0x558 [ 4545.709809][T21667] alloc_pages_bulk_mempolicy_noprof+0xb8/0x55c [ 4545.710025][T21667] __vmalloc_node_range_noprof+0x45c/0x804 [ 4545.710238][T21667] __vmalloc_node_noprof+0x90/0xa0 [ 4545.710448][T21667] copy_process+0x928/0x1500 [ 4545.710673][T21667] kernel_clone+0x64/0x368 [ 4545.710947][T21667] __do_sys_clone+0x70/0xa8 [ 4545.711188][T21667] __arm64_sys_clone+0x20/0x2c [ 4545.711441][T21667] invoke_syscall+0x48/0x110 [ 4545.711696][T21667] el0_svc_common.constprop.0+0x40/0xe0 [ 4545.711915][T21667] do_el0_svc+0x1c/0x28 [ 4545.712130][T21667] el0_svc+0x34/0x10c [ 4545.712375][T21667] el0t_64_sync_handler+0xa0/0xe4 [ 4545.712640][T21667] el0t_64_sync+0x1a4/0x1a8 [ 4545.713444][T21667] BUG: Bad page state in process syz.1.6241 pfn:4b91c [ 4545.713578][T21667] page: refcount:-510 mapcount:0 mapping:0000000000000000 index:0xf1f0000000000000 pfn:0x4b91c [ 4545.713734][T21667] flags: 0x1fff40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xd) [ 4545.713942][T21667] raw: 01fff40000000000 dead000000000100 dead000000000122 0000000000000000 [ 4545.714109][T21667] raw: f1f0000000000000 0000000000000000 fffffe02ffffffff 0000000000000000 [ 4545.714204][T21667] page dumped because: nonzero _refcount [ 4545.714274][T21667] Modules linked in: [ 4545.714406][T21667] CPU: 0 UID: 0 PID: 21667 Comm: syz.1.6241 Tainted: G B syzkaller #0 PREEMPT [ 4545.714639][T21667] Tainted: [B]=BAD_PAGE [ 4545.714715][T21667] Hardware name: linux,dummy-virt (DT) [ 4545.714839][T21667] Call trace: [ 4545.714909][T21667] show_stack+0x18/0x24 (C) [ 4545.715158][T21667] dump_stack_lvl+0x78/0x90 [ 4545.715365][T21667] dump_stack+0x18/0x24 [ 4545.715557][T21667] bad_page+0x84/0x128 [ 4545.715756][T21667] check_new_page+0x104/0x130 [ 4545.716022][T21667] __rmqueue_pcplist+0x14c/0x1080 [ 4545.716217][T21667] alloc_pages_bulk_noprof+0x2a0/0x558 [ 4545.716414][T21667] alloc_pages_bulk_mempolicy_noprof+0xb8/0x55c [ 4545.716632][T21667] __vmalloc_node_range_noprof+0x45c/0x804 [ 4545.716848][T21667] __vmalloc_node_noprof+0x90/0xa0 [ 4545.717097][T21667] copy_process+0x928/0x1500 [ 4545.717317][T21667] kernel_clone+0x64/0x368 [ 4545.717587][T21667] __do_sys_clone+0x70/0xa8 [ 4545.717808][T21667] __arm64_sys_clone+0x20/0x2c [ 4545.718026][T21667] invoke_syscall+0x48/0x110 [ 4545.718243][T21667] el0_svc_common.constprop.0+0x40/0xe0 [ 4545.718483][T21667] do_el0_svc+0x1c/0x28 [ 4545.718706][T21667] el0_svc+0x34/0x10c [ 4545.718948][T21667] el0t_64_sync_handler+0xa0/0xe4 [ 4545.719208][T21667] el0t_64_sync+0x1a4/0x1a8 VM DIAGNOSIS: 06:50:42 Registers: info registers vcpu 0 CPU#0 PC=ffff800080ce36a0 X00=0000000000000001 X01=0000000000000010 X02=0000000000000011 X03=0000000000000010 X04=fcf0000005906818 X05=ffff800080010000 X06=0000000000000000 X07=0000000000000000 X08=ffff8000894bbbc0 X09=00000000000000c0 X10=4fec00edffb1664f X11=00000000000000c0 X12=0000000000000000 X13=0000000000000000 X14=000000000000039c X15=0000000000000000 X16=ffff800080000000 X17=fff07ffffcfe1000 X18=0000000000000000 X19=fcf0000003ed7c00 X20=fcf0000005906808 X21=0000000000000000 X22=000000000000001a X23=f7f000000586c600 X24=ffffffffffe00000 X25=0000000000000003 X26=0000000000000002 X27=0000000000000000 X28=f3f0000003145c80 X29=ffff800080003ec0 X30=ffff800080ce3688 SP=ffff800080003ec0 PSTATE=004020c9 ---- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6d766b2f7665642f Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffffffffffff:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffff00000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ff00ff0000000000:ffffffffffffff00 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f0f00000fffffff0 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000000cf000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaaafb676c90 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaaafb673f70 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc18101a0:0000ffffc18101a0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffc1810170 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff8000808edd08 X00=0000000000000002 X01=0000000000000018 X02=ffff800082ce5018 X03=ffff800082aaf170 X04=fbf00000030dd880 X05=000000000000000a X06=0000000000000034 X07=0000000000000000 X08=7f7f7f7f7f7f7f7f X09=ffff800082aaf1a0 X10=0000000000000001 X11=ffff8000830bbe10 X12=ffff8000829ef238 X13=ffff8000830bbb7d X14=ffff8000830bbb88 X15=ffff8000830bb9f0 X16=ffff800080008000 X17=fff07ffffcffa000 X18=00000000ffffffff X19=f7f000000304304e X20=ffff8000808eddb8 X21=fbf00000030dd880 X22=f7f000000304304e X23=ffff8000808eddb8 X24=000000000000004e X25=0000000000000001 X26=fdf00000032b3780 X27=0000000000000000 X28=0000000000000000 X29=ffff8000830bbc90 X30=ffff8000808edde0 SP=ffff8000830bbc90 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00706d742e313a37:622f617461642f76 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c000000000000000:0003000000003000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00ff00000000ff00 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3303330333033303:3303330333033303 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c000000003000030:c000000003000030 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaaafb676c90 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaaafb673f70 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc1814100:0000ffffc1814100 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd8:0000ffffc18140d0 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000