[ 130.695300][ T41] audit: type=1400 audit(1595169394.611:41): avc: denied { map } for pid=9068 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:64274' (ECDSA) to the list of known hosts. [ 134.007746][ T41] audit: type=1400 audit(1595169397.921:42): avc: denied { map } for pid=9080 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/07/19 14:36:38 fuzzer started 2020/07/19 14:36:38 dialing manager at 10.0.2.10:45593 2020/07/19 14:36:39 syscalls: 3205 2020/07/19 14:36:39 code coverage: enabled 2020/07/19 14:36:39 comparison tracing: enabled 2020/07/19 14:36:39 extra coverage: enabled 2020/07/19 14:36:39 setuid sandbox: enabled 2020/07/19 14:36:39 namespace sandbox: enabled 2020/07/19 14:36:39 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/19 14:36:39 fault injection: enabled 2020/07/19 14:36:39 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/19 14:36:39 net packet injection: enabled 2020/07/19 14:36:39 net device setup: enabled 2020/07/19 14:36:39 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/19 14:36:39 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/19 14:36:39 USB emulation: enabled [ 135.138647][ T41] audit: type=1400 audit(1595169399.051:43): avc: denied { integrity } for pid=9097 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 14:37:20 executing program 0: [ 176.824000][ T41] audit: type=1400 audit(1595169440.731:44): avc: denied { map } for pid=9102 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=2102 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 14:37:21 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCSBRK(r1, 0x541b) 14:37:21 executing program 2: r0 = gettid() r1 = creat(&(0x7f0000000280)='./file0\x00', 0x1) prctl$PR_SET_PTRACER(0x59616d61, r0) write$binfmt_script(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="2321202e2f66696c653020f014d336b04b030400000000000092290a7e4555a763c15ceda085e276ed3ae7a290ab0e74467713328b5e4577124d1a2e21da765cd1ce2356a8f856f0bf8893cc7149595314f0771b65d33e129933dd93f99f03cd6b4c5903e1ddb592a67f706eb14c1d3d1a204fe2e9c50d7920f69e068d2c7faba4084e7a3b0c6c699890e197a5280000cfdd7ff58b659bbf65c6a2b2e441a0e0c44a3d9abeb7d90f000000000e077d0d67096da85a6d22c36fac7505a35892211b5194d55e0ad396b242ac"], 0x191) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0) close(r1) setxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) [ 177.819406][ T9104] IPVS: ftp: loaded support on port[0] = 21 14:37:21 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, 0xffffffffffffffff) [ 178.128554][ T9106] IPVS: ftp: loaded support on port[0] = 21 [ 178.447599][ T9108] IPVS: ftp: loaded support on port[0] = 21 [ 178.482533][ T9104] chnl_net:caif_netlink_parms(): no params data found [ 178.664687][ T9110] IPVS: ftp: loaded support on port[0] = 21 [ 178.692094][ T9104] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.709707][ T9104] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.736049][ T9104] device bridge_slave_0 entered promiscuous mode [ 178.775347][ T9104] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.800098][ T9104] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.823624][ T9104] device bridge_slave_1 entered promiscuous mode [ 178.854838][ T9106] chnl_net:caif_netlink_parms(): no params data found [ 178.919399][ T9104] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 178.976230][ T9104] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 179.108812][ T9104] team0: Port device team_slave_0 added [ 179.138625][ T9104] team0: Port device team_slave_1 added [ 179.212751][ T9106] bridge0: port 1(bridge_slave_0) entered blocking state [ 179.244385][ T9106] bridge0: port 1(bridge_slave_0) entered disabled state [ 179.277095][ T9106] device bridge_slave_0 entered promiscuous mode [ 179.320608][ T9106] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.348558][ T9106] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.377021][ T9106] device bridge_slave_1 entered promiscuous mode [ 179.414853][ T9104] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 179.442365][ T9104] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.535291][ T9104] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 179.585397][ T9106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 179.626661][ T9104] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 179.646936][ T9104] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.743663][ T9104] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 179.821069][ T9106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 179.912605][ T9106] team0: Port device team_slave_0 added [ 179.934675][ T9106] team0: Port device team_slave_1 added [ 180.076881][ T9104] device hsr_slave_0 entered promiscuous mode [ 180.153619][ T9104] device hsr_slave_1 entered promiscuous mode [ 180.265492][ T9106] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 180.291979][ T9106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.391383][ T9106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 180.442525][ T9106] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 180.472746][ T9106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.576691][ T9106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 180.675090][ T9108] chnl_net:caif_netlink_parms(): no params data found [ 180.766281][ T9110] chnl_net:caif_netlink_parms(): no params data found [ 180.954327][ T9106] device hsr_slave_0 entered promiscuous mode [ 181.032096][ T9106] device hsr_slave_1 entered promiscuous mode [ 181.172287][ T9106] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 181.195206][ T9106] Cannot create hsr debugfs directory [ 181.314608][ T9108] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.343644][ T9108] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.368583][ T9108] device bridge_slave_0 entered promiscuous mode [ 181.394107][ T9108] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.431197][ T9108] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.457825][ T9108] device bridge_slave_1 entered promiscuous mode [ 181.577425][ T9108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 181.646170][ T9110] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.683876][ T9110] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.716048][ T9110] device bridge_slave_0 entered promiscuous mode [ 181.787862][ T9108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 181.891371][ T9108] team0: Port device team_slave_0 added [ 181.947623][ T9108] team0: Port device team_slave_1 added [ 181.979004][ T9110] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.016701][ T9110] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.044066][ T9110] device bridge_slave_1 entered promiscuous mode [ 182.155986][ T9110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.226033][ T9108] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 182.260754][ T9108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 182.398377][ T9108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 182.476298][ T9108] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 182.513373][ T9108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 182.608202][ T9108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 182.660367][ T9110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 182.721411][ T9110] team0: Port device team_slave_0 added [ 182.745086][ T9110] team0: Port device team_slave_1 added [ 182.780074][ T41] audit: type=1400 audit(1595169446.691:45): avc: denied { create } for pid=9104 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 182.784858][ T9110] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 182.876369][ T41] audit: type=1400 audit(1595169446.701:46): avc: denied { write } for pid=9104 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 182.902627][ T9110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 182.902634][ T9110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 182.920722][ T9104] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 182.964966][ T41] audit: type=1400 audit(1595169446.701:47): avc: denied { read } for pid=9104 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 183.251322][ T9110] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 183.293391][ T9110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.431182][ T9110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 183.557194][ T9108] device hsr_slave_0 entered promiscuous mode [ 183.622475][ T9108] device hsr_slave_1 entered promiscuous mode [ 183.682023][ T9108] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 183.719698][ T9108] Cannot create hsr debugfs directory [ 183.763024][ T9104] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 183.906495][ T9104] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 184.047233][ T9104] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 184.198966][ T9110] device hsr_slave_0 entered promiscuous mode [ 184.292693][ T9110] device hsr_slave_1 entered promiscuous mode [ 184.372205][ T9110] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 184.411217][ T9110] Cannot create hsr debugfs directory [ 184.487060][ T9106] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 184.587651][ T9106] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 184.678364][ T9106] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 184.809185][ T9106] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 185.104652][ T9108] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 185.252332][ T9108] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 185.344959][ T9108] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 185.460853][ T9108] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 185.601240][ T9110] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 185.676129][ T9110] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 185.765349][ T9110] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 185.870248][ T9110] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 186.045876][ T9106] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.070410][ T9104] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.097708][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.113696][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.148973][ T2861] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 186.162059][ T2861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 186.177723][ T9106] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.191217][ T9104] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.219690][ T2861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.238162][ T2861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.254763][ T2861] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.272271][ T2861] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.299318][ T2861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.335790][ T2861] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.362706][ T2861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.390911][ T2861] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.419603][ T2861] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.456080][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.477918][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.500879][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.522561][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.540723][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.576426][ T9129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.593163][ T9129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.611136][ T9129] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.632291][ T9129] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.649600][ T9129] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.700792][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.729511][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.756002][ T9110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.777847][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.796886][ T9108] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.815824][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.838712][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.862203][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.907930][ T9110] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.930376][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.952978][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.970993][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.997051][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.037170][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.093814][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.143458][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.185863][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.229307][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.268364][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.304020][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.325906][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.339948][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.352287][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.367025][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.381354][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.392059][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.403519][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.420019][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.432048][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.450075][ T9104] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.470813][ T9106] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 187.488623][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.502895][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 187.532114][ T9108] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.548249][ T9130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.567927][ T9130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.589017][ T9130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.609547][ T9130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.628520][ T9130] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.644326][ T9130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.672099][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.688787][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.720345][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.746063][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.769056][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 187.789451][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 187.807733][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.837820][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.859445][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.879835][ T3231] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.896975][ T3231] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.915353][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.936108][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.965444][ T9104] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.984728][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.011316][ T9110] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 188.030327][ T9110] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.065024][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.079682][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.101202][ T3838] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.121328][ T3838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.145440][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.171864][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.199747][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 188.229086][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 188.253388][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.275116][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.295920][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.319832][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.349672][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.388099][ T9106] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.440194][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.469590][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.506399][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.530022][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.557358][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.583434][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.603484][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.624911][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.649165][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.684257][ T9108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.712651][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 188.729879][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 188.748061][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 188.767304][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 188.797475][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 188.820882][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 188.847045][ T9110] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.873305][ T9129] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 188.890902][ T9129] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 188.941759][ T9108] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.977500][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 189.005018][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 189.023768][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 189.056812][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 189.082792][ T9106] device veth0_vlan entered promiscuous mode [ 189.127826][ T9104] device veth0_vlan entered promiscuous mode [ 189.158947][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 189.190807][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 189.212416][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 189.249702][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 189.312219][ T9106] device veth1_vlan entered promiscuous mode [ 189.355406][ T9130] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 189.394771][ T9130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 189.447515][ T9130] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 189.513834][ T9104] device veth1_vlan entered promiscuous mode [ 189.567284][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 189.624205][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 189.718775][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 189.765089][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 189.809631][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 189.845554][ T3231] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 189.882399][ T9129] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 189.906608][ T9129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 189.927608][ T9110] device veth0_vlan entered promiscuous mode [ 189.953955][ T9129] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 189.979659][ T9129] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 190.014252][ T9108] device veth0_vlan entered promiscuous mode [ 190.026837][ T9110] device veth1_vlan entered promiscuous mode [ 190.056543][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 190.082506][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 190.113738][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 190.155180][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 190.195776][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 190.246911][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 190.305426][ T9104] device veth0_macvtap entered promiscuous mode [ 190.355867][ T9106] device veth0_macvtap entered promiscuous mode [ 190.399166][ T9108] device veth1_vlan entered promiscuous mode [ 190.459087][ T9104] device veth1_macvtap entered promiscuous mode [ 190.514351][ T9106] device veth1_macvtap entered promiscuous mode [ 190.552145][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 190.581056][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 190.606747][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 190.644601][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 190.677327][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 190.709945][ T61] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 190.752543][ T9106] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 190.784860][ T9110] device veth0_macvtap entered promiscuous mode [ 190.809162][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 190.844857][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 190.874632][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 190.915261][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 190.943022][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 190.994425][ T9106] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 191.027854][ T9130] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 191.073547][ T9130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 191.117890][ T9104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 191.156985][ T9104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.205637][ T9104] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 191.235206][ T9110] device veth1_macvtap entered promiscuous mode [ 191.270033][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 191.319535][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 191.360667][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 191.389213][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 191.429818][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 191.479458][ T9104] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 191.543539][ T9104] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 191.584719][ T9104] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 191.625354][ T9108] device veth0_macvtap entered promiscuous mode [ 191.652330][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 191.678679][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 191.704385][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 191.875593][ T9108] device veth1_macvtap entered promiscuous mode [ 191.907069][ T9110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 191.963947][ T9110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.002638][ T9110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 192.029527][ T9110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.057348][ T9110] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 192.155718][ T9129] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 192.178872][ T9129] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 192.211258][ T9110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 192.254421][ T9110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.285102][ T9110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 192.321042][ T9110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.346648][ T9110] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 192.450439][ T41] audit: type=1400 audit(1595169456.361:48): avc: denied { associate } for pid=9106 comm="syz-executor.1" name="syz1" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 192.515408][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 192.535391][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 192.663559][ T9108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 192.663563][ T9106] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 192.737417][ T9108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 14:37:36 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCSBRK(r1, 0x541b) [ 192.775654][ T9108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 192.812402][ T9108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 14:37:36 executing program 1: r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vim2m\x00', 0x2, 0x0) lseek(r0, 0x0, 0x0) [ 192.842929][ T9108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 14:37:36 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea79b717bc42ac3a565d019abadd5a3d871dbb918bcc1518839ca88193da410d75165f0b7b52661c355c44fe7c9b54d75cec5971fba94f4d35", 0x46}], 0x4, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 192.874868][ T9108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 192.922492][ T9108] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.114410][ T9131] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 193.132956][ T9131] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready 14:37:37 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 193.160837][ T9108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 193.196832][ T9108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.242354][ T9108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 193.290814][ T9108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.325234][ T9108] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 193.359945][ T9108] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.384680][ T9108] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 193.473587][ T9131] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 193.503227][ T9131] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 14:37:37 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea79b717bc42ac3a565d019abadd5a3d871dbb918bcc1518839ca88193da410d75165f0b7b52661c355c44fe7c9b54d75cec5971fba94f4d35647a799be05a9b522b1882bac98d3d7c2974d348d2e528d360381c5353709d09745856", 0x69}], 0x4, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 14:37:37 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 193.908261][ T41] audit: type=1400 audit(1595169457.821:49): avc: denied { open } for pid=9165 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 14:37:40 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) 14:37:40 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 14:37:40 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @local}}) write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000ffffffffffffaaaeaaaaaaaa86dd600000000007"], 0x3a) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) 14:37:40 executing program 0: syz_usb_connect$cdc_ncm(0x2, 0x73, &(0x7f0000000100)=ANY=[@ANYBLOB="12010002020000402505a1a44000010203010902"], &(0x7f00000005c0)={0xa, &(0x7f0000000040)={0xa}, 0x0, 0x0}) 14:37:41 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 14:37:41 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) 14:37:41 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) 14:37:41 executing program 1: recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) [ 197.596624][ T3838] usb 5-1: new full-speed USB device number 2 using dummy_hcd 14:37:41 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) 14:37:41 executing program 1: recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) [ 197.982154][ T3838] usb 5-1: not running at top speed; connect to a high speed hub [ 198.092973][ T3838] usb 5-1: config 0 has no interfaces? 14:37:42 executing program 2: poll(&(0x7f0000000000)=[{}], 0x1, 0x0) [ 198.272641][ T3838] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 198.295064][ T3838] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.317931][ T3838] usb 5-1: Product: syz [ 198.330332][ T3838] usb 5-1: Manufacturer: syz [ 198.343307][ T3838] usb 5-1: SerialNumber: syz [ 198.367009][ T3838] usb 5-1: config 0 descriptor?? [ 198.639977][ T3838] usb 5-1: USB disconnect, device number 2 [ 199.432393][ T3838] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 199.802376][ T3838] usb 5-1: not running at top speed; connect to a high speed hub [ 199.912005][ T3838] usb 5-1: config 0 has no interfaces? 14:37:44 executing program 1: recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 14:37:44 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @local}}) write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000ffffffffffffaaaeaaaaaaaa86dd600000000007"], 0x3a) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) 14:37:44 executing program 2: poll(&(0x7f0000000000)=[{}], 0x1, 0x0) 14:37:44 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @local}}) write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000ffffffffffffaaaeaaaaaaaa86dd600000000007"], 0x3a) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) 14:37:44 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 200.102240][ T3838] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 14:37:44 executing program 2: poll(&(0x7f0000000000)=[{}], 0x1, 0x0) 14:37:44 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) 14:37:44 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 200.192676][ T3838] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.229887][ T3838] usb 5-1: Product: syz [ 200.256577][ T3838] usb 5-1: Manufacturer: syz 14:37:44 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) [ 200.278756][ T3838] usb 5-1: config 0 descriptor?? [ 200.341063][ T3838] usb 5-1: can't set config #0, error -71 [ 200.368956][ T3838] usb 5-1: USB disconnect, device number 3 14:37:44 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000280)='hfsplus\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x8803, &(0x7f0000000640)) 14:37:44 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 14:37:44 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) poll(&(0x7f0000000000)=[{r0}], 0x1, 0x0) 14:37:44 executing program 0: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='net/ip6_flowlabel\x00') preadv(r0, &(0x7f00000017c0), 0x1d2, 0x4b) 14:37:45 executing program 1: syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 14:37:45 executing program 2: syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) poll(0x0, 0x0, 0x0) 14:37:45 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000180)="895b74e29fc8e535522bed7a32ea79b717bc42ac3a565d019abadd5a3d871dbb918bcc1518839ca88193da410d75165f0b7b52661c355c44fe7c9b54d75cec5971fba94f4d35647a799be05a9b522b1882bac98d3d7c2974d348d2e528d360381c5353709d09745856c834a2f893454d9f4f0000266300481bfb1ce8366858835bb1ebed3764d54bcffae0832fe47198a7a03842468c1c785c0650bfa60978", 0x9f}], 0x4, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 14:37:45 executing program 2: syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) poll(0x0, 0x0, 0x0) 14:37:45 executing program 1: syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 14:37:45 executing program 2: syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) poll(0x0, 0x0, 0x0) 14:37:45 executing program 0: perf_event_open(&(0x7f0000001340)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000380)='net/ip6_flowlabel\x00') preadv(r0, &(0x7f00000017c0), 0x1d2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) socket(0x0, 0x803, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="400000000400010007000000000000000a000000", @ANYRES32, @ANYBLOB="14000200fe80000000000000000000000000000014000100ff010000000000000000000000000001"], 0x40}}, 0x0) 14:37:45 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000280)='hfsplus\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x8803, &(0x7f0000000640)) 14:37:45 executing program 1: syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) [ 201.370484][ T41] audit: type=1400 audit(1595169465.281:50): avc: denied { perfmon } for pid=9269 comm="syz-executor.0" capability=38 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 14:37:45 executing program 1: r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r1, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0707000000000000000000000000140002"], 0x28}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r5, r2, 0x0, 0x100006800) 14:37:45 executing program 2: syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) poll(&(0x7f0000000000), 0x0, 0x0) 14:37:45 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fcntl$dupfd(r0, 0x406, r2) [ 201.462757][ T41] audit: type=1400 audit(1595169465.281:51): avc: denied { kernel } for pid=9269 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 14:37:45 executing program 2: syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) poll(&(0x7f0000000000), 0x0, 0x0) 14:37:45 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @local}}) write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000ffffffffffffaaaeaaaaaaaa86dd"], 0x3a) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) 14:37:45 executing program 2: syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) poll(&(0x7f0000000000), 0x0, 0x0) [ 201.555019][ T41] audit: type=1400 audit(1595169465.281:52): avc: denied { confidentiality } for pid=9269 comm="syz-executor.0" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 201.667267][ T41] audit: type=1804 audit(1595169465.581:53): pid=9293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir994392875/syzkaller.kW3te3/17/cgroup.controllers" dev="sda1" ino=16591 res=1 14:37:45 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000280)='hfsplus\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x8803, &(0x7f0000000640)) 14:37:45 executing program 2: syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) poll(&(0x7f0000000000)=[{}], 0x1, 0x0) [ 202.032889][ T9293] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 202.054539][ T9293] File: /syzkaller-testdir994392875/syzkaller.kW3te3/17/cgroup.controllers PID: 9293 Comm: syz-executor.1 14:37:46 executing program 2: syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) poll(&(0x7f0000000000)=[{}], 0x1, 0x0) 14:37:46 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000280)='hfsplus\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x8803, &(0x7f0000000640)) 14:37:46 executing program 1: r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r1, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0707000000000000000000000000140002"], 0x28}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r5, r2, 0x0, 0x100006800) 14:37:46 executing program 2: syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) poll(&(0x7f0000000000)=[{}], 0x1, 0x0) [ 202.086399][ T41] audit: type=1804 audit(1595169466.001:54): pid=9302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir994392875/syzkaller.kW3te3/17/cgroup.controllers" dev="sda1" ino=16591 res=1 [ 202.153010][ T41] audit: type=1804 audit(1595169466.001:55): pid=9293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/syzkaller-testdir994392875/syzkaller.kW3te3/17/cgroup.controllers" dev="sda1" ino=16591 res=1 [ 202.271993][ T41] audit: type=1804 audit(1595169466.181:56): pid=9325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir994392875/syzkaller.kW3te3/18/cgroup.controllers" dev="sda1" ino=16598 res=1 [ 202.576656][ T9325] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 202.607470][ T9325] File: /syzkaller-testdir994392875/syzkaller.kW3te3/18/cgroup.controllers PID: 9325 Comm: syz-executor.1 14:37:46 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @local}}) write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000ffffffffffffaaaeaaaaaaaa86dd"], 0x3a) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) 14:37:46 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000280)={'sit0\x00', &(0x7f0000000200)={'ip6_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}) 14:37:46 executing program 1: r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r1, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0707000000000000000000000000140002"], 0x28}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r5, r2, 0x0, 0x100006800) 14:37:46 executing program 3: syz_mount_image$hfsplus(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x8803, &(0x7f0000000640)) 14:37:46 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/5, 0x5}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x11e, &(0x7f00000003c0)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000007d00000097ba4ecb40a2ee2e328aaf3c06f4970e85a63c9a4b0d8b9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fa000200006f3ca61633d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07cc514d7615c7689e93ad448a65e9"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 14:37:46 executing program 3: syz_mount_image$hfsplus(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x8803, &(0x7f0000000640)) 14:37:46 executing program 2: syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) [ 202.843311][ T41] audit: type=1804 audit(1595169466.761:57): pid=9338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir994392875/syzkaller.kW3te3/19/cgroup.controllers" dev="sda1" ino=16597 res=1 14:37:46 executing program 3: syz_mount_image$hfsplus(0x0, &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x8803, &(0x7f0000000640)) [ 203.101291][ T9338] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 203.152584][ T9338] File: /syzkaller-testdir994392875/syzkaller.kW3te3/19/cgroup.controllers PID: 9338 Comm: syz-executor.1 14:37:47 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000280)='hfsplus\x00', 0x0, 0x0, 0x0, 0x0, 0x8803, &(0x7f0000000640)) 14:37:47 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000280)='hfsplus\x00', 0x0, 0x0, 0x0, 0x0, 0x8803, &(0x7f0000000640)) 14:37:47 executing program 1: r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r1, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0707000000000000000000000000140002"], 0x28}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r5, r2, 0x0, 0x100006800) 14:37:47 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @local}}) write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000ffffffffffffaaaeaaaaaaaa86dd"], 0x3a) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) 14:37:47 executing program 2: r0 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000000)={0x20, 0x0, &(0x7f0000000040)=[@clear_death, @request_death], 0x0, 0x0, 0x0}) 14:37:47 executing program 2: r0 = socket$kcm(0x29, 0x5, 0x0) readv(r0, &(0x7f0000000340)=[{&(0x7f0000000300)=""/1, 0xffffffffffffffff}], 0x1) 14:37:47 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000280)='hfsplus\x00', 0x0, 0x0, 0x0, 0x0, 0x8803, &(0x7f0000000640)) 14:37:47 executing program 2: syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x84, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000090040082505a8a40700000000010902240401010000000904000012070103000905010200ffe00000090582021a"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) dup(0xffffffffffffffff) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[], 0x0) [ 203.893160][ T41] audit: type=1804 audit(1595169467.801:58): pid=9379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir994392875/syzkaller.kW3te3/20/cgroup.controllers" dev="sda1" ino=16601 res=1 14:37:47 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000280)='hfsplus\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)) [ 204.110764][ T9394] hfsplus: unable to find HFS+ superblock [ 204.342359][ T9129] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 204.642757][ T9129] usb 7-1: Using ep0 maxpacket: 8 14:37:48 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @local}}) write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000ffffffffffffaaaeaaaaaaaa86dd"], 0x3a) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) 14:37:48 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000280)='hfsplus\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)) 14:37:48 executing program 1: r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r1, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0707000000000000000000000000140002"], 0x28}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendfile(0xffffffffffffffff, r2, 0x0, 0x100006800) [ 204.760037][ T9402] hfsplus: unable to find HFS+ superblock [ 204.792343][ T9129] usb 7-1: config index 0 descriptor too short (expected 1060, got 36) 14:37:48 executing program 1: r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r1, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0707000000000000000000000000140002"], 0x28}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendfile(0xffffffffffffffff, r2, 0x0, 0x100006800) [ 204.830496][ T41] audit: type=1804 audit(1595169468.741:59): pid=9401 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir994392875/syzkaller.kW3te3/21/cgroup.controllers" dev="sda1" ino=16604 res=1 [ 204.853857][ T9129] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 1792, setting to 1024 [ 204.989582][ T9129] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 205.028282][ T9129] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 26 [ 205.054085][ T9129] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 205.090326][ T9129] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.07 [ 205.113851][ T9129] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 14:37:49 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000280)='hfsplus\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)) [ 205.154596][ T9391] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 205.172126][ T9391] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 205.187064][ T9414] hfsplus: unable to find HFS+ superblock [ 205.205250][ T9129] hub 7-1:1.0: bad descriptor, ignoring hub 14:37:49 executing program 1: r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r1, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0707000000000000000000000000140002"], 0x28}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendfile(0xffffffffffffffff, r2, 0x0, 0x100006800) [ 205.236803][ T9129] hub: probe of 7-1:1.0 failed with error -5 [ 205.408518][ T9391] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 205.443105][ T9391] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 205.748573][ T9129] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 205.979192][ T9426] udc-core: couldn't find an available UDC or it's busy [ 206.020394][ T9426] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 206.062523][ C2] usblp0: nonzero read bulk status received: -71 [ 206.079345][ T13] usb 7-1: USB disconnect, device number 2 [ 206.181329][ T13] usblp0: removed [ 206.597817][ T9427] udc-core: couldn't find an available UDC or it's busy [ 206.638629][ T9427] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 14:37:50 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000280)='hfsplus\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x8803, 0x0) 14:37:50 executing program 1: r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r1, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0707000000000000000000000000140002"], 0x28}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r4, r2, 0x0, 0x100006800) 14:37:50 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @local}}) write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000ffffffffffffaaaeaaaaaaaa86dd"], 0x3a) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) 14:37:50 executing program 2: syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x84, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000090040082505a8a40700000000010902240401010000000904000012070103000905010200ffe00000090582021a"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) dup(0xffffffffffffffff) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[], 0x0) [ 206.809434][ T41] kauditd_printk_skb: 2 callbacks suppressed [ 206.809445][ T41] audit: type=1804 audit(1595169470.721:62): pid=9432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir994392875/syzkaller.kW3te3/24/cgroup.controllers" dev="sda1" ino=16617 res=1 14:37:50 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000280)='hfsplus\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x8803, 0x0) 14:37:51 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @local}}) write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000ffffffffffffaaaeaaaaaaaa86dd"], 0x3a) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) 14:37:51 executing program 1: r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r1, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0707000000000000000000000000140002"], 0x28}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r3, r2, 0x0, 0x100006800) [ 207.122020][ T9129] usb 7-1: new high-speed USB device number 3 using dummy_hcd 14:37:51 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000280)='hfsplus\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x8803, 0x0) [ 207.210531][ T41] audit: type=1804 audit(1595169471.121:63): pid=9450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir994392875/syzkaller.kW3te3/25/cgroup.controllers" dev="sda1" ino=16624 res=1 14:37:51 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @local}}) write$tun(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000000ffffffffffffaaaeaaaaaaaa86dd"], 0x3a) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) [ 207.412152][ T9129] usb 7-1: Using ep0 maxpacket: 8 14:37:51 executing program 3: syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x84, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000090040082505a8a40700000000010902240401010000000904000012070103000905010200ffe00000090582021a"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) dup(0xffffffffffffffff) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[], 0x0) 14:37:51 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @local}}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) [ 207.572591][ T9129] usb 7-1: config index 0 descriptor too short (expected 1060, got 36) [ 207.594173][ T9129] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 1792, setting to 1024 [ 207.616133][ T9129] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 207.639271][ T9129] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 26 [ 207.664935][ T9129] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 207.698603][ T9129] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.07 [ 207.724076][ T9129] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.763550][ T9437] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 207.787521][ T9437] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 207.831948][ T2861] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 207.833113][ T9129] hub 7-1:1.0: bad descriptor, ignoring hub [ 207.901397][ T9129] hub: probe of 7-1:1.0 failed with error -5 [ 207.906064][ T9450] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 207.988178][ T9450] File: /syzkaller-testdir994392875/syzkaller.kW3te3/25/cgroup.controllers PID: 9450 Comm: syz-executor.1 [ 208.039605][ T9437] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 208.069713][ T9437] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 208.142365][ T2861] usb 8-1: Using ep0 maxpacket: 8 [ 208.281948][ T2861] usb 8-1: config index 0 descriptor too short (expected 1060, got 36) [ 208.298401][ T2861] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 1792, setting to 1024 [ 208.319777][ T2861] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 208.334371][ T9129] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 208.341780][ T2861] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 26 [ 208.392108][ T2861] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 208.426196][ T2861] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.07 [ 208.447143][ T2861] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.487645][ T9462] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 208.502721][ T9462] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 208.532459][ T2861] hub 8-1:1.0: bad descriptor, ignoring hub [ 208.544051][ T2861] hub: probe of 8-1:1.0 failed with error -5 [ 208.579905][ T9471] udc-core: couldn't find an available UDC or it's busy [ 208.592361][ T9471] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 208.643924][ T3838] usb 7-1: USB disconnect, device number 3 [ 208.665532][ T3838] usblp0: removed [ 208.747148][ T9462] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 208.764836][ T9462] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 209.023108][ T2861] usblp 8-1:1.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 14:37:53 executing program 1: r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r1, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0707000000000000000000000000140002"], 0x28}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r3, r2, 0x0, 0x100006800) 14:37:53 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @local}}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) 14:37:53 executing program 2: syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x84, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000090040082505a8a40700000000010902240401010000000904000012070103000905010200ffe00000090582021a"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) dup(0xffffffffffffffff) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[], 0x0) [ 209.266868][ T41] audit: type=1804 audit(1595169473.181:64): pid=9474 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir994392875/syzkaller.kW3te3/26/cgroup.controllers" dev="sda1" ino=16630 res=1 [ 209.273765][ T9480] udc-core: couldn't find an available UDC or it's busy [ 209.381123][ T9480] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 209.429177][ T9129] usb 8-1: USB disconnect, device number 2 [ 209.453124][ T9129] usblp0: removed [ 209.512035][ T61] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 209.769625][ T9474] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 209.794174][ T61] usb 7-1: Using ep0 maxpacket: 8 [ 209.805550][ T9474] File: /syzkaller-testdir994392875/syzkaller.kW3te3/26/cgroup.controllers PID: 9474 Comm: syz-executor.1 14:37:53 executing program 1: r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r1, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0707000000000000000000000000140002"], 0x28}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r3, r2, 0x0, 0x100006800) [ 209.929679][ T41] audit: type=1804 audit(1595169473.841:65): pid=9484 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir994392875/syzkaller.kW3te3/27/cgroup.controllers" dev="sda1" ino=16630 res=1 [ 209.942069][ T61] usb 7-1: config index 0 descriptor too short (expected 1060, got 36) 14:37:53 executing program 3: syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x84, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000090040082505a8a40700000000010902240401010000000904000012070103000905010200ffe00000090582021a"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) dup(0xffffffffffffffff) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[], 0x0) [ 209.998766][ T61] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 1792, setting to 1024 [ 210.018859][ T61] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 210.033893][ T61] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 26 [ 210.047862][ T61] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 210.067231][ T61] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.07 [ 210.080977][ T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.122171][ T9477] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 210.132642][ T9477] raw-gadget gadget: fail, usb_ep_enable returned -22 14:37:54 executing program 0: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @local}}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) [ 210.172112][ T61] hub 7-1:1.0: bad descriptor, ignoring hub [ 210.181743][ T61] hub: probe of 7-1:1.0 failed with error -5 [ 210.291823][ T3231] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 210.334487][ T9484] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 210.360383][ T9484] File: /syzkaller-testdir994392875/syzkaller.kW3te3/27/cgroup.controllers PID: 9484 Comm: syz-executor.1 [ 210.378050][ T9477] raw-gadget gadget: fail, usb_ep_enable returned -22 14:37:54 executing program 1: r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r1, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0707000000000000000000000000140002"], 0x28}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r2, 0xffffffffffffffff, 0x0, 0x100006800) [ 210.408082][ T9477] raw-gadget gadget: fail, usb_ep_enable returned -22 14:37:54 executing program 1: r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r1, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0707000000000000000000000000140002"], 0x28}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r2, 0xffffffffffffffff, 0x0, 0x100006800) [ 210.551911][ T3231] usb 8-1: Using ep0 maxpacket: 8 14:37:54 executing program 1: r0 = syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r1, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0707000000000000000000000000140002"], 0x28}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r2, 0xffffffffffffffff, 0x0, 0x100006800) [ 210.671929][ T3231] usb 8-1: config index 0 descriptor too short (expected 1060, got 36) [ 210.673251][ T61] usblp 7-1:1.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 210.690686][ T3231] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 1792, setting to 1024 [ 210.766491][ T3231] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 14:37:54 executing program 1: syz_genetlink_get_family_id$wireguard(&(0x7f00000000c0)='wireguard\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000280)=ANY=[], 0x208e292) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4000002, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r2, r1, 0x0, 0x100006800) [ 210.800261][ T3231] usb 8-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 26 [ 210.818946][ T3231] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 210.843972][ T3231] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.07 [ 210.861407][ T3231] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.892340][ T41] audit: type=1804 audit(1595169474.811:66): pid=9510 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir994392875/syzkaller.kW3te3/31/cgroup.controllers" dev="sda1" ino=16630 res=1 [ 210.902654][ T9488] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 210.921211][ T9511] udc-core: couldn't find an available UDC or it's busy [ 210.921226][ T9511] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 211.063307][ C2] usblp0: nonzero read bulk status received: -71 [ 211.099129][ T9488] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 211.099756][ T61] usb 7-1: USB disconnect, device number 4 [ 211.103717][ T9476] usblp0: removed [ 211.095123][ C2] ================================================================== [ 211.183896][ T3231] hub 8-1:1.0: bad descriptor, ignoring hub [ 211.162084][ C2] BUG: KASAN: use-after-free in __lock_acquire+0x3c7b/0x56e0 [ 211.162084][ C2] Read of size 8 at addr ffff88801e938940 by task syz-executor.1/9508 [ 211.222535][ T3231] hub: probe of 8-1:1.0 failed with error -5 [ 211.162084][ C2] [ 211.162084][ C2] CPU: 2 PID: 9508 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 211.162084][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 211.162084][ C2] Call Trace: [ 211.162084][ C2] [ 211.162084][ C2] dump_stack+0x18f/0x20d [ 211.162084][ C2] ? __lock_acquire+0x3c7b/0x56e0 [ 211.346671][ C2] ? __lock_acquire+0x3c7b/0x56e0 [ 211.381587][ C2] print_address_description.constprop.0.cold+0xae/0x436 [ 211.381587][ C2] ? vprintk_func+0x97/0x1a6 [ 211.396016][ T9488] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 211.381587][ C2] ? __lock_acquire+0x3c7b/0x56e0 [ 211.381587][ C2] kasan_report.cold+0x1f/0x37 [ 211.381587][ C2] ? __lock_acquire+0x3c7b/0x56e0 [ 211.381587][ C2] __lock_acquire+0x3c7b/0x56e0 [ 211.381587][ C2] ? lockdep_hardirqs_off+0x66/0xa0 [ 211.381587][ C2] ? trace_hardirqs_off+0x27/0x210 [ 211.424947][ T9488] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 211.381587][ C2] ? netconsole_netdev_event+0x2b0/0x2b0 [ 211.381587][ C2] ? console_unlock+0xac8/0xf30 [ 211.451877][ C2] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 211.451877][ C2] lock_acquire+0x1f1/0xad0 [ 211.451877][ C2] ? usblp_bulk_read+0x211/0x270 [ 211.451877][ C2] ? lock_release+0x8d0/0x8d0 [ 211.451877][ C2] ? printk+0xba/0xed [ 211.451877][ C2] ? log_store.cold+0x16/0x16 [ 211.451877][ C2] ? lock_downgrade+0x820/0x820 [ 211.451877][ C2] ? lockdep_hardirqs_off+0x66/0xa0 [ 211.581594][ C2] _raw_spin_lock_irqsave+0x8c/0xc0 [ 211.581594][ C2] ? usblp_bulk_read+0x211/0x270 [ 211.601623][ C2] usblp_bulk_read+0x211/0x270 [ 211.601623][ C2] __usb_hcd_giveback_urb+0x30d/0x540 [ 211.601623][ C2] usb_hcd_giveback_urb+0x367/0x410 [ 211.601623][ C2] dummy_timer+0x11ea/0x2f9f [ 211.601623][ C2] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 211.601623][ C2] ? lock_acquire+0x1f1/0xad0 [ 211.601623][ C2] ? lock_downgrade+0x820/0x820 [ 211.698276][ T3231] usblp 8-1:1.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 211.601623][ C2] ? dummy_dequeue+0x4c0/0x4c0 [ 211.601623][ C2] ? lock_is_held_type+0xb0/0xe0 [ 211.601623][ C2] call_timer_fn+0x1ac/0x760 [ 211.601623][ C2] ? dummy_dequeue+0x4c0/0x4c0 [ 211.601623][ C2] ? add_timer_on+0x490/0x490 [ 211.601623][ C2] ? lock_downgrade+0x820/0x820 [ 211.601623][ C2] ? _raw_spin_unlock_irq+0x1f/0x80 [ 211.601623][ C2] ? lockdep_hardirqs_on_prepare+0x1bc/0x590 [ 211.601623][ C2] ? trace_hardirqs_on+0x5f/0x220 [ 211.601623][ C2] ? dummy_dequeue+0x4c0/0x4c0 [ 211.601623][ C2] __run_timers.part.0+0x54c/0xa20 [ 211.601623][ C2] ? call_timer_fn+0x760/0x760 [ 211.601623][ C2] ? preempt_schedule_notrace_thunk+0x16/0x31 [ 211.601623][ C2] ? sched_clock_local+0xd8/0x150 [ 211.914810][ C2] ? sched_clock_cpu+0x148/0x1b0 [ 211.921635][ C2] run_timer_softirq+0xae/0x1a0 [ 211.943828][ C2] __do_softirq+0x34c/0xa60 [ 211.951796][ C2] asm_call_on_stack+0xf/0x20 [ 211.963747][ C2] [ 211.963747][ C2] do_softirq_own_stack+0x111/0x170 [ 211.963747][ C2] irq_exit_rcu+0x229/0x270 [ 211.984033][ C2] sysvec_apic_timer_interrupt+0x54/0x120 [ 211.984033][ C2] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 212.003831][ C2] RIP: 0010:qlist_free_all+0x2f/0x140 [ 212.025979][ C2] Code: 55 41 54 55 53 48 8b 1f 48 85 db 0f 84 08 01 00 00 48 89 f5 49 89 fd 48 85 ed 49 89 ee 0f 84 8b 00 00 00 49 63 86 3c 01 00 00 <4c> 8b 23 48 29 c3 48 83 3d 2b bf 01 08 00 0f 84 e6 00 00 00 9c 58 [ 212.051952][ C0] usblp0: nonzero read bulk status received: -71 [ 212.061673][ C2] RSP: 0018:ffffc90001b27470 EFLAGS: 00010246 [ 212.084438][ C2] RAX: 0000000000000000 RBX: ffff8880214bb380 RCX: ffffea00009d7e07 [ 212.101672][ C2] RDX: 0000000000000000 RSI: ffffffff8134589a RDI: 0000000000000007 [ 212.111596][ C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 212.123693][ C2] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880214bb380 [ 212.131626][ C2] R13: ffffc90001b274a8 R14: ffff88802c8001c0 R15: 0000000000000282 [ 212.146031][ C2] ? __phys_addr+0x9a/0x110 [ 212.146031][ C2] quarantine_reduce+0x17e/0x200 [ 212.161831][ C2] __kasan_kmalloc.constprop.0+0x9e/0xd0 [ 212.163873][ C2] kmem_cache_alloc_node_trace+0x140/0x400 [ 212.171673][ C2] __get_vm_area_node+0x126/0x3b0 [ 212.183754][ C2] ? netlink_sendmsg+0x5f0/0xd90 [ 212.205974][ C2] vmalloc+0xf2/0x1a0 [ 212.213494][ C2] ? netlink_sendmsg+0x5f0/0xd90 [ 212.224872][ C2] netlink_sendmsg+0x5f0/0xd90 [ 212.232672][ C2] ? netlink_unicast+0x7d0/0x7d0 [ 212.242130][ C2] ? netlink_unicast+0x7d0/0x7d0 [ 212.244461][ C2] sock_sendmsg+0xcf/0x120 [ 212.254114][ C2] sock_no_sendpage+0xee/0x130 [ 212.268515][ C2] ? sk_page_frag_refill+0x1d0/0x1d0 [ 212.271790][ C2] ? lockdep_hardirqs_on+0x6a/0xe0 [ 212.271790][ C2] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 212.291806][ C2] ? sk_page_frag_refill+0x1d0/0x1d0 [ 212.295596][ C2] sock_sendpage+0xe5/0x140 [ 212.301738][ C2] ? __sock_recv_ts_and_drops+0x430/0x430 [ 212.311648][ C2] pipe_to_sendpage+0x2ad/0x380 [ 212.323911][ C2] ? propagate_umount+0x1c20/0x1c20 [ 212.323911][ C2] ? __put_page+0xe1/0x380 [ 212.323911][ C2] __splice_from_pipe+0x3dc/0x830 [ 212.346993][ C2] ? propagate_umount+0x1c20/0x1c20 [ 212.351797][ C2] generic_splice_sendpage+0xd4/0x140 [ 212.351797][ C2] ? __splice_from_pipe+0x830/0x830 [ 212.373304][ C2] ? pipe_to_user+0x170/0x170 [ 212.381766][ C2] ? __splice_from_pipe+0x830/0x830 [ 212.381766][ C2] direct_splice_actor+0x171/0x2f0 [ 212.393982][ C2] ? generic_splice_sendpage+0x140/0x140 [ 212.401617][ C2] ? pipe_to_user+0x170/0x170 [ 212.411662][ C2] splice_direct_to_actor+0x38c/0x980 [ 212.411662][ C2] ? generic_splice_sendpage+0x140/0x140 [ 212.423654][ C2] ? do_splice_to+0x170/0x170 [ 212.431649][ C2] ? lock_is_held_type+0xb0/0xe0 [ 212.445782][ C2] do_splice_direct+0x1b3/0x280 [ 212.451641][ C2] ? splice_direct_to_actor+0x980/0x980 [ 212.451641][ C2] do_sendfile+0x559/0xc30 [ 212.473496][ C2] ? do_compat_pwritev64+0x1b0/0x1b0 [ 212.485484][ C2] ? put_timespec64+0xcb/0x120 [ 212.485484][ C2] ? ns_to_timespec64+0xc0/0xc0 [ 212.503959][ C2] ? __x64_sys_futex+0x382/0x4e0 [ 212.511698][ C2] __x64_sys_sendfile64+0x1cc/0x210 [ 212.521693][ C2] ? __ia32_sys_sendfile+0x220/0x220 [ 212.523793][ C2] ? lock_is_held_type+0xb0/0xe0 [ 212.533066][ C2] ? do_syscall_64+0x1c/0xe0 [ 212.545012][ C2] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 212.551660][ C2] do_syscall_64+0x60/0xe0 [ 212.563768][ C2] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 212.571702][ C2] RIP: 0033:0x45c049 [ 212.582419][ C2] Code: Bad RIP value. [ 212.584829][ C2] RSP: 002b:00007f44175ebc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 212.601777][ C2] RAX: ffffffffffffffda RBX: 0000000000713f40 RCX: 000000000045c049 [ 212.624514][ C2] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 212.631673][ C2] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000 [ 212.643725][ C2] R10: 0000000100006800 R11: 0000000000000246 R12: 000000000074bf00 [ 212.663744][ C2] R13: 00007fff48702fef R14: 00007f44175cc000 R15: 0000000000000003 [ 212.681614][ C2] [ 212.681614][ C2] Allocated by task 61: [ 212.692018][ C2] save_stack+0x1b/0x40 [ 212.702074][ C2] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 212.702074][ C2] kmem_cache_alloc_trace+0x14f/0x2d0 [ 212.721993][ C2] usblp_probe+0xed/0x1110 [ 212.725991][ C2] usb_probe_interface+0x2f7/0x780 [ 212.731725][ C2] really_probe+0x282/0x8a0 [ 212.743993][ C2] driver_probe_device+0xfe/0x1d0 [ 212.751727][ C2] __device_attach_driver+0x1c2/0x220 [ 212.751727][ C2] bus_for_each_drv+0x15f/0x1e0 [ 212.791216][ C2] __device_attach+0x28d/0x3f0 [ 212.791973][ C2] bus_probe_device+0x1e4/0x290 [ 212.791973][ C2] device_add+0xacf/0x1be0 [ 212.814456][ C2] usb_set_configuration+0xef6/0x17a0 [ 212.831912][ C2] usb_generic_driver_probe+0xba/0xf2 [ 212.845320][ C2] usb_probe_device+0xc6/0x210 [ 212.853721][ C2] really_probe+0x282/0x8a0 [ 212.862609][ C2] driver_probe_device+0xfe/0x1d0 [ 212.871973][ C2] __device_attach_driver+0x1c2/0x220 [ 212.881641][ C2] bus_for_each_drv+0x15f/0x1e0 [ 212.893835][ C2] __device_attach+0x28d/0x3f0 [ 212.901685][ C2] bus_probe_device+0x1e4/0x290 [ 212.911682][ C2] device_add+0xacf/0x1be0 [ 212.913880][ C2] usb_new_device.cold+0x748/0x103b [ 212.921648][ C2] hub_event+0x2033/0x3e40 [ 212.934311][ C2] process_one_work+0x94c/0x1670 [ 212.945994][ C2] worker_thread+0x64c/0x1120 [ 212.947423][ C2] kthread+0x3b5/0x4a0 [ 212.961767][ C2] ret_from_fork+0x1f/0x30 [ 212.964043][ C2] [ 212.971655][ C2] Freed by task 9476: [ 212.981679][ C2] save_stack+0x1b/0x40 [ 212.991784][ C2] __kasan_slab_free+0xf5/0x140 [ 213.001765][ C2] kfree+0x103/0x2c0 [ 213.004133][ C2] usblp_release.cold+0xd/0x12 [ 213.011648][ C2] __fput+0x33c/0x880 [ 213.027395][ C2] task_work_run+0xdd/0x190 [ 213.031859][ C2] __prepare_exit_to_usermode+0x1e9/0x1f0 [ 213.043826][ C2] do_syscall_64+0x6c/0xe0 [ 213.053410][ C2] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 213.061661][ C2] [ 213.061661][ C2] The buggy address belongs to the object at ffff88801e938800 [ 213.061661][ C2] which belongs to the cache kmalloc-1k of size 1024 [ 213.093829][ C2] The buggy address is located 320 bytes inside of [ 213.093829][ C2] 1024-byte region [ffff88801e938800, ffff88801e938c00) [ 213.105984][ C2] The buggy address belongs to the page: [ 213.121650][ C2] page:ffffea00007a4e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88801e938000 [ 213.135974][ C2] flags: 0xfffe0000000200(slab) [ 213.154718][ C2] raw: 00fffe0000000200 ffffea00008f7f88 ffffea00003fc5c8 ffff88802c800c40 [ 213.163009][ C2] raw: ffff88801e938000 ffff88801e938000 0000000100000001 0000000000000000 [ 213.186462][ C2] page dumped because: kasan: bad access detected [ 213.203795][ C2] [ 213.203795][ C2] Memory state around the buggy address: [ 213.211693][ C2] ffff88801e938800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 213.231764][ C2] ffff88801e938880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 213.241640][ C2] >ffff88801e938900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 213.253935][ C2] ^ [ 213.253935][ C2] ffff88801e938980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 213.281806][ C2] ffff88801e938a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 213.291792][ C2] ================================================================== [ 213.303687][ C2] Disabling lock debugging due to kernel taint [ 213.322238][ C2] Kernel panic - not syncing: panic_on_warn set ... [ 213.331829][ C2] CPU: 2 PID: 9508 Comm: syz-executor.1 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 213.343706][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 213.371753][ C2] Call Trace: [ 213.371753][ C2] [ 213.382212][ C2] dump_stack+0x18f/0x20d [ 213.391720][ C2] ? __lock_acquire+0x3b90/0x56e0 [ 213.402065][ C2] panic+0x2e3/0x75c [ 213.402065][ C2] ? __warn_printk+0xf3/0xf3 [ 213.412690][ C2] ? _raw_spin_unlock_irqrestore+0x5b/0xe0 [ 213.412690][ C2] ? __lock_acquire+0x3c7b/0x56e0 [ 213.432572][ C2] ? __lock_acquire+0x3c7b/0x56e0 [ 213.441841][ C2] end_report+0x4d/0x53 [ 213.452636][ C2] kasan_report.cold+0xd/0x37 [ 213.461761][ C2] ? __lock_acquire+0x3c7b/0x56e0 [ 213.471731][ C2] __lock_acquire+0x3c7b/0x56e0 [ 213.472633][ C2] ? lockdep_hardirqs_off+0x66/0xa0 [ 213.494887][ C2] ? trace_hardirqs_off+0x27/0x210 [ 213.512177][ C2] ? netconsole_netdev_event+0x2b0/0x2b0 [ 213.518166][ C2] ? console_unlock+0xac8/0xf30 [ 213.532801][ C2] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 213.573800][ C2] lock_acquire+0x1f1/0xad0 [ 213.593971][ C2] ? usblp_bulk_read+0x211/0x270 [ 213.603414][ C2] ? lock_release+0x8d0/0x8d0 [ 213.612103][ C2] ? printk+0xba/0xed [ 213.623651][ C2] ? log_store.cold+0x16/0x16 [ 213.631646][ C2] ? lock_downgrade+0x820/0x820 [ 213.641828][ C2] ? lockdep_hardirqs_off+0x66/0xa0 [ 213.653101][ C2] _raw_spin_lock_irqsave+0x8c/0xc0 [ 213.661620][ C2] ? usblp_bulk_read+0x211/0x270 [ 213.672839][ C2] usblp_bulk_read+0x211/0x270 [ 213.692888][ C2] __usb_hcd_giveback_urb+0x30d/0x540 [ 213.712905][ C2] usb_hcd_giveback_urb+0x367/0x410 [ 213.712905][ C2] dummy_timer+0x11ea/0x2f9f [ 213.741976][ C2] ? lockdep_hardirqs_on_prepare+0x590/0x590 [ 213.761919][ C2] ? lock_acquire+0x1f1/0xad0 [ 213.761919][ C2] ? lock_downgrade+0x820/0x820 [ 213.773178][ C2] ? dummy_dequeue+0x4c0/0x4c0 [ 213.781673][ C2] ? lock_is_held_type+0xb0/0xe0 [ 213.781673][ C2] call_timer_fn+0x1ac/0x760 [ 213.791699][ C2] ? dummy_dequeue+0x4c0/0x4c0 [ 213.803139][ C2] ? add_timer_on+0x490/0x490 [ 213.803139][ C2] ? lock_downgrade+0x820/0x820 [ 213.811841][ C2] ? _raw_spin_unlock_irq+0x1f/0x80 [ 213.822470][ C2] ? lockdep_hardirqs_on_prepare+0x1bc/0x590 [ 213.831835][ C2] ? trace_hardirqs_on+0x5f/0x220 [ 213.851837][ C2] ? dummy_dequeue+0x4c0/0x4c0 [ 213.863210][ C2] __run_timers.part.0+0x54c/0xa20 [ 213.871737][ C2] ? call_timer_fn+0x760/0x760 [ 213.882588][ C2] ? preempt_schedule_notrace_thunk+0x16/0x31 [ 213.901908][ C2] ? sched_clock_local+0xd8/0x150 [ 213.912963][ C2] ? sched_clock_cpu+0x148/0x1b0 [ 213.921795][ C2] run_timer_softirq+0xae/0x1a0 [ 213.942959][ C2] __do_softirq+0x34c/0xa60 [ 213.951902][ C2] asm_call_on_stack+0xf/0x20 [ 213.951902][ C2] [ 213.962441][ C2] do_softirq_own_stack+0x111/0x170 [ 213.982172][ C2] irq_exit_rcu+0x229/0x270 [ 213.985469][ C2] sysvec_apic_timer_interrupt+0x54/0x120 [ 213.991743][ C2] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 214.011808][ C2] RIP: 0010:qlist_free_all+0x2f/0x140 [ 214.011808][ C2] Code: 55 41 54 55 53 48 8b 1f 48 85 db 0f 84 08 01 00 00 48 89 f5 49 89 fd 48 85 ed 49 89 ee 0f 84 8b 00 00 00 49 63 86 3c 01 00 00 <4c> 8b 23 48 29 c3 48 83 3d 2b bf 01 08 00 0f 84 e6 00 00 00 9c 58 [ 214.051701][ C2] RSP: 0018:ffffc90001b27470 EFLAGS: 00010246 [ 214.052155][ C2] RAX: 0000000000000000 RBX: ffff8880214bb380 RCX: ffffea00009d7e07 [ 214.071972][ C2] RDX: 0000000000000000 RSI: ffffffff8134589a RDI: 0000000000000007 [ 214.082550][ C2] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 214.103317][ C2] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880214bb380 [ 214.111711][ C2] R13: ffffc90001b274a8 R14: ffff88802c8001c0 R15: 0000000000000282 [ 214.122683][ C2] ? __phys_addr+0x9a/0x110 [ 214.132509][ C2] quarantine_reduce+0x17e/0x200 [ 214.142843][ C2] __kasan_kmalloc.constprop.0+0x9e/0xd0 [ 214.161718][ C2] kmem_cache_alloc_node_trace+0x140/0x400 [ 214.171687][ C2] __get_vm_area_node+0x126/0x3b0 [ 214.171687][ C2] ? netlink_sendmsg+0x5f0/0xd90 [ 214.192972][ C2] vmalloc+0xf2/0x1a0 [ 214.201768][ C2] ? netlink_sendmsg+0x5f0/0xd90 [ 214.201768][ C2] netlink_sendmsg+0x5f0/0xd90 [ 214.215098][ C2] ? netlink_unicast+0x7d0/0x7d0 [ 214.215098][ C2] ? netlink_unicast+0x7d0/0x7d0 [ 214.232547][ C2] sock_sendmsg+0xcf/0x120 [ 214.241651][ C2] sock_no_sendpage+0xee/0x130 [ 214.251695][ C2] ? sk_page_frag_refill+0x1d0/0x1d0 [ 214.252571][ C2] ? lockdep_hardirqs_on+0x6a/0xe0 [ 214.261681][ C2] ? _raw_spin_unlock_irqrestore+0x9b/0xe0 [ 214.272913][ C2] ? sk_page_frag_refill+0x1d0/0x1d0 [ 214.272913][ C2] sock_sendpage+0xe5/0x140 [ 214.292921][ C2] ? __sock_recv_ts_and_drops+0x430/0x430 [ 214.301765][ C2] pipe_to_sendpage+0x2ad/0x380 [ 214.321679][ C2] ? propagate_umount+0x1c20/0x1c20 [ 214.321679][ C2] ? __put_page+0xe1/0x380 [ 214.333522][ C2] __splice_from_pipe+0x3dc/0x830 [ 214.341737][ C2] ? propagate_umount+0x1c20/0x1c20 [ 214.362445][ C2] generic_splice_sendpage+0xd4/0x140 [ 214.374259][ C2] ? __splice_from_pipe+0x830/0x830 [ 214.385110][ C2] ? pipe_to_user+0x170/0x170 [ 214.385110][ C2] ? __splice_from_pipe+0x830/0x830 [ 214.403187][ C2] direct_splice_actor+0x171/0x2f0 [ 214.422491][ C2] ? generic_splice_sendpage+0x140/0x140 [ 214.431681][ C2] ? pipe_to_user+0x170/0x170 [ 214.451694][ C2] splice_direct_to_actor+0x38c/0x980 [ 214.461780][ C2] ? generic_splice_sendpage+0x140/0x140 [ 214.472631][ C2] ? do_splice_to+0x170/0x170 [ 214.481770][ C2] ? lock_is_held_type+0xb0/0xe0 [ 214.492864][ C2] do_splice_direct+0x1b3/0x280 [ 214.501876][ C2] ? splice_direct_to_actor+0x980/0x980 [ 214.512781][ C2] do_sendfile+0x559/0xc30 [ 214.531817][ C2] ? do_compat_pwritev64+0x1b0/0x1b0 [ 214.552796][ C2] ? put_timespec64+0xcb/0x120 [ 214.573299][ C2] ? ns_to_timespec64+0xc0/0xc0 [ 214.591782][ C2] ? __x64_sys_futex+0x382/0x4e0 [ 214.603934][ C2] __x64_sys_sendfile64+0x1cc/0x210 [ 214.623886][ C2] ? __ia32_sys_sendfile+0x220/0x220 [ 214.651889][ C2] ? lock_is_held_type+0xb0/0xe0 [ 214.662715][ C2] ? do_syscall_64+0x1c/0xe0 [ 214.681822][ C2] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 214.713403][ C2] do_syscall_64+0x60/0xe0 [ 214.732984][ C2] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 214.752764][ C2] RIP: 0033:0x45c049 [ 214.773275][ C2] Code: Bad RIP value. [ 214.781778][ C2] RSP: 002b:00007f44175ebc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 214.801807][ C2] RAX: ffffffffffffffda RBX: 0000000000713f40 RCX: 000000000045c049 [ 214.833445][ C2] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 214.883339][ C2] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000 [ 214.911748][ C2] R10: 0000000100006800 R11: 0000000000000246 R12: 000000000074bf00 [ 214.911748][ C2] R13: 00007fff48702fef R14: 00007f44175cc000 R15: 0000000000000003 [ 214.953598][ C2] Kernel Offset: disabled [ 214.953598][ C2] Rebooting in 86400 seconds..