last executing test programs: 7m39.421159707s ago: executing program 0 (id=2268): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00'}, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000001040)={0x30, r1, 0x1, 0x0, 0x3, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x4084}, 0x20008040) 7m35.864976356s ago: executing program 0 (id=2270): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) syz_emit_ethernet(0xb2, &(0x7f00000005c0)={@multicast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xa4, 0x0, 0x0, 0x2, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x0, 0x80, 0x0, {0x22, 0x4, 0x0, 0x0, 0x0, 0x64, 0x1000, 0x0, 0x1, 0xa, @local, @rand_addr=0x64010102, {[@ssrr={0x89, 0xf, 0x18, [@multicast2, @remote, @multicast2]}, @cipso={0x86, 0x63, 0xffffffffffffffff, [{0x5, 0xc, "2016e445273d26ad8b13"}, {0x5, 0x9, "cda155f8446838"}, {0x5, 0xd, "86d299388651838be571c4"}, {0x1, 0x10, "63e000c44c5bf6330a43170462f1"}, {0x5, 0xe, "dc5cdeb29385f1cac391dfee"}, {0x5, 0xc, "f951cfb363e8cec25836"}, {0x2, 0xa, "6f40128f26845ca8"}, {0x2, 0x7, "bdc9dea596"}]}]}}}}}}}, 0x0) 7m33.61873267s ago: executing program 0 (id=2272): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x4, 0x5, &(0x7f0000000240)=@framed={{0x18, 0x2, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0x27}, @call={0x85, 0x0, 0x0, 0xa0}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 7m31.527874267s ago: executing program 0 (id=2273): r0 = socket(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000300)={'syz_tun\x00', &(0x7f0000000340)=@ethtool_eeprom={0x7, 0xb0}}) 7m29.178864385s ago: executing program 0 (id=2274): r0 = socket(0x400000010, 0x3, 0x0) write(r0, &(0x7f0000000200)="fc0000001400073eac093a00090007000aab0800080000000400e293210001c000000000060000000100000009000000fa2c1eff8656aaa79bffffffff0000002d00024000036c6c256f1a272fdf0d11512fd633d4400007f60eb8fa2e6b00000016fd368934d07302ade01720d7d5bbc91a3e2e80772c05f70c9ddef2fe082038f4f8b29d3ef3d92883170efdffffff3ae4f50504000000000040d815b2ccd243f295edbabc7c3f1a5f4e023dd16b176e83df150c3b8829a1ad0a4f41f0d48f6f0000080548deac270e37429f3694dec896592d69d381873cf1582740000000000000001ace36f071d0c22700", 0xed) 7m26.331799814s ago: executing program 0 (id=2275): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8905, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) 6m38.29501686s ago: executing program 32 (id=2275): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8905, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) 37.325922817s ago: executing program 2 (id=2330): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000100001000000000000000000d100000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a19020000000000000000010020000c00024000000000000000010900010073797a31000000002000"], 0xe8}}, 0x0) 34.507362042s ago: executing program 2 (id=2332): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=@base={0x1, 0x8, 0x4932, 0x82, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x20000}, 0x6e) 27.227099769s ago: executing program 1 (id=2334): write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000880), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000880)=ANY=[@ANYBLOB='1-'], 0x31) 18.918638838s ago: executing program 1 (id=2335): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 12.196456582s ago: executing program 1 (id=2336): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018010000756cff7c00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000006c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 9.79861216s ago: executing program 2 (id=2337): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x40000}}, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000001040)={0x1c, r2, 0x1, 0x0, 0x3, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4084}, 0x20008040) 9.349843708s ago: executing program 1 (id=2338): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000791260000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 6.797891282s ago: executing program 2 (id=2339): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b8f6216ff202b"], 0x0}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000018c0)=ANY=[@ANYBLOB="0a000000d2cf00003d36000002"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000180), 0x3, r0}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000380)={r0, &(0x7f0000001940), 0xfffffffffffffffe}, 0x20) 4.808093574s ago: executing program 1 (id=2340): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000006c0)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000) 3.150150211s ago: executing program 2 (id=2341): bpf$MAP_CREATE(0x0, &(0x7f0000000f80)=@base={0x1, 0x8, 0x4932, 0x82, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x20000}, 0x6e) 1.692412001s ago: executing program 1 (id=2342): bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000142020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000e02800850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020100008500000043"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 0s ago: executing program 2 (id=2343): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x40000}}, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000600), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000001040)={0x28, r2, 0x1, 0x0, 0x3, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4084}, 0x20008040) kernel console output (not intermixed with test programs): 0x1a6 [ 5464.284919][T11619] [] dump_stack+0x1c/0x24 [ 5464.285498][T11619] [] should_fail_ex+0x48c/0x5cc [ 5464.286062][T11619] [] should_failslab+0xba/0x102 [ 5464.286656][T11619] [] kmem_cache_alloc_node_noprof+0x274/0x3c8 [ 5464.287262][T11619] [] __alloc_skb+0x33c/0x43a [ 5464.287852][T11619] [] netlink_alloc_large_skb+0x7a/0x13e [ 5464.288409][T11619] [] netlink_sendmsg+0x65e/0xdd8 [ 5464.288971][T11619] [] __sock_sendmsg+0xcc/0x160 [ 5464.289521][T11619] [] ____sys_sendmsg+0x63e/0x79c [ 5464.290072][T11619] [] ___sys_sendmsg+0x144/0x1e6 [ 5464.290681][T11619] [] __sys_sendmsg+0x188/0x246 [ 5464.291298][T11619] [] __riscv_sys_sendmsg+0x70/0xa2 [ 5464.291916][T11619] [] syscall_handler+0x94/0x118 [ 5464.292404][T11619] [] do_trap_ecall_u+0x396/0x530 [ 5464.292889][T11619] [] handle_exception+0x146/0x152 [ 5464.306827][ C1] vkms_vblank_simulate: vblank timer overrun [ 5464.457943][T11229] usb 2-1: new low-speed USB device number 39 using dummy_hcd [ 5464.515387][T11229] usb 2-1: Invalid ep0 maxpacket: 32 [ 5464.665144][T11229] usb 2-1: new low-speed USB device number 40 using dummy_hcd [ 5464.721809][T11229] usb 2-1: Invalid ep0 maxpacket: 32 [ 5464.794877][T11229] usb usb2-port1: unable to enumerate USB device [ 5478.257972][T11635] __nla_validate_parse: 12 callbacks suppressed [ 5478.258294][T11635] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1090'. [ 5478.396853][T11635] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1090'. [ 5478.402019][T11635] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1090'. [ 5478.428660][T11635] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1090'. [ 5478.455636][T11635] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1090'. [ 5478.485689][T11635] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1090'. [ 5478.540453][T11635] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1090'. [ 5478.592080][T11635] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1090'. [ 5478.622214][T11635] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1090'. [ 5478.645355][T11635] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1090'. [ 5487.457496][T11656] __nla_validate_parse: 12 callbacks suppressed [ 5487.458030][T11656] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1093'. [ 5488.344471][ T7248] usb 1-1: new low-speed USB device number 45 using dummy_hcd [ 5488.586853][ T7248] usb 1-1: Invalid ep0 maxpacket: 32 [ 5488.956717][ T7248] usb 1-1: new low-speed USB device number 46 using dummy_hcd [ 5489.286712][ T7248] usb 1-1: Invalid ep0 maxpacket: 32 [ 5489.300790][ T7248] usb usb1-port1: attempt power cycle [ 5489.887887][ T7248] usb 1-1: new low-speed USB device number 47 using dummy_hcd [ 5490.009412][ T7248] usb 1-1: Invalid ep0 maxpacket: 32 [ 5490.284646][ T7248] usb 1-1: new low-speed USB device number 48 using dummy_hcd [ 5490.314854][ T7248] usb 1-1: Invalid ep0 maxpacket: 32 [ 5490.320398][ T7248] usb usb1-port1: unable to enumerate USB device [ 5494.925775][ T8439] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 5495.195580][ T8439] usb 2-1: Using ep0 maxpacket: 8 [ 5495.288681][ T8439] usb 2-1: config index 0 descriptor too short (expected 74, got 45) [ 5495.290688][ T8439] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 5495.292602][ T8439] usb 2-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 5495.316656][ T8439] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 5495.318649][ T8439] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 5495.558032][ T8439] usbtmc 2-1:16.0: bulk endpoints not found [ 5497.301244][T11229] usb 2-1: USB disconnect, device number 41 [ 5507.877782][T11689] netlink: 'syz.1.1099': attribute type 12 has an invalid length. [ 5511.404859][ T8439] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 241 sec [ 5512.197721][ T8439] usb 2-1: new low-speed USB device number 42 using dummy_hcd [ 5512.431300][ T8439] usb 2-1: Invalid ep0 maxpacket: 32 [ 5512.611967][ T8439] usb 2-1: new low-speed USB device number 43 using dummy_hcd [ 5512.910816][ T8439] usb 2-1: Invalid ep0 maxpacket: 32 [ 5512.939420][ T8439] usb usb2-port1: attempt power cycle [ 5513.574054][ T8439] usb 2-1: new low-speed USB device number 44 using dummy_hcd [ 5513.641674][ T8439] usb 2-1: Invalid ep0 maxpacket: 32 [ 5513.846470][ T8439] usb 2-1: new low-speed USB device number 45 using dummy_hcd [ 5513.926526][ T8439] usb 2-1: Invalid ep0 maxpacket: 32 [ 5513.976060][ T8439] usb usb2-port1: unable to enumerate USB device [ 5517.946689][T11700] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1101'. [ 5518.851659][T11702] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1101'. [ 5518.915110][T11702] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1101'. [ 5518.976370][T11702] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1101'. [ 5518.999847][T11702] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1101'. [ 5519.011751][T11702] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1101'. [ 5519.021046][T11702] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1101'. [ 5519.037278][T11702] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1101'. [ 5519.048210][T11702] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1101'. [ 5519.055981][T11702] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1101'. [ 5524.520667][ T8439] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 5524.955706][ T8439] usb 1-1: Using ep0 maxpacket: 8 [ 5525.271262][ T8439] usb 1-1: config index 0 descriptor too short (expected 74, got 45) [ 5525.276812][ T8439] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 5525.279251][ T8439] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 5525.281634][ T8439] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 5525.300365][ T8439] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 5525.699417][ T8439] usbtmc 1-1:16.0: bulk endpoints not found [ 5528.732111][ T4833] usb 1-1: USB disconnect, device number 49 [ 5540.941422][T11739] __nla_validate_parse: 11 callbacks suppressed [ 5540.942004][T11739] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1106'. [ 5541.740418][T11733] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1106'. [ 5541.768931][T11733] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1106'. [ 5541.789796][T11733] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1106'. [ 5541.847668][T11733] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1106'. [ 5541.887008][T11733] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1106'. [ 5541.909899][T11733] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1106'. [ 5541.968855][T11733] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1106'. [ 5542.007140][T11733] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1106'. [ 5542.037359][T11733] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1106'. [ 5551.265689][T10916] usb 1-1: new low-speed USB device number 50 using dummy_hcd [ 5551.607552][T10916] usb 1-1: Invalid ep0 maxpacket: 32 [ 5551.787970][T10916] usb 1-1: new low-speed USB device number 51 using dummy_hcd [ 5552.165826][T10916] usb 1-1: Invalid ep0 maxpacket: 32 [ 5552.180865][T10916] usb usb1-port1: attempt power cycle [ 5552.737114][T10916] usb 1-1: new low-speed USB device number 52 using dummy_hcd [ 5552.788593][T10916] usb 1-1: Invalid ep0 maxpacket: 32 [ 5553.260631][T10916] usb 1-1: new low-speed USB device number 53 using dummy_hcd [ 5553.341633][T10916] usb 1-1: Invalid ep0 maxpacket: 32 [ 5553.366828][T10916] usb usb1-port1: unable to enumerate USB device [ 5571.785465][ T8379] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 302 sec [ 5575.908676][T11774] __nla_validate_parse: 12 callbacks suppressed [ 5575.909027][T11774] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1115'. [ 5576.312626][T11775] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1115'. [ 5576.340943][T11775] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1115'. [ 5576.378332][T11775] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1115'. [ 5576.397035][T11775] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1115'. [ 5576.402584][T11775] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1115'. [ 5576.439272][T11775] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1115'. [ 5576.486082][T11775] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1115'. [ 5576.537033][T11775] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1115'. [ 5576.622632][T11775] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1115'. [ 5583.265711][ T7248] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 5583.465486][ T7248] usb 1-1: Using ep0 maxpacket: 16 [ 5583.857796][ T7248] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 5583.859896][ T7248] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 5583.861367][ T7248] usb 1-1: Product: syz [ 5583.862535][ T7248] usb 1-1: Manufacturer: syz [ 5583.885306][ T7248] usb 1-1: SerialNumber: syz [ 5584.278422][ T7248] usb 1-1: config 0 descriptor?? [ 5584.850354][ T7248] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 5584.987867][ T7248] usb 1-1: Detected FT-X [ 5585.008768][ T7248] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 5585.040365][ T7248] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 5585.082070][ T7248] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71 [ 5585.196059][ T7248] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 5585.384820][ T7248] usb 1-1: USB disconnect, device number 54 [ 5585.829761][ T7248] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 5586.034693][ T7248] ftdi_sio 1-1:0.0: device disconnected [ 5593.535943][T11822] FAULT_INJECTION: forcing a failure. [ 5593.535943][T11822] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 5593.540328][T11822] CPU: 1 UID: 0 PID: 11822 Comm: syz.1.1120 Not tainted syzkaller #0 PREEMPT [ 5593.540916][T11822] Hardware name: riscv-virtio,qemu (DT) [ 5593.541113][T11822] Call Trace: [ 5593.541283][T11822] [] dump_backtrace+0x2e/0x3c [ 5593.541892][T11822] [] show_stack+0x30/0x3c [ 5593.542318][T11822] [] dump_stack_lvl+0x12e/0x1a6 [ 5593.542963][T11822] [] dump_stack+0x1c/0x24 [ 5593.543553][T11822] [] should_fail_ex+0x48c/0x5cc [ 5593.544150][T11822] [] should_fail+0xe/0x16 [ 5593.544753][T11822] [] should_fail_usercopy+0x1e/0x26 [ 5593.545342][T11822] [] _copy_from_iter+0x200/0x1d22 [ 5593.545938][T11822] [] packet_sendmsg+0x11c0/0x52dc [ 5593.546603][T11822] [] __sock_sendmsg+0xcc/0x160 [ 5593.547173][T11822] [] ____sys_sendmsg+0x63e/0x79c [ 5593.547745][T11822] [] ___sys_sendmsg+0x144/0x1e6 [ 5593.548360][T11822] [] __sys_sendmsg+0x188/0x246 [ 5593.549018][T11822] [] __riscv_sys_sendmsg+0x70/0xa2 [ 5593.549671][T11822] [] syscall_handler+0x94/0x118 [ 5593.550159][T11822] [] do_trap_ecall_u+0x396/0x530 [ 5593.550636][T11822] [] handle_exception+0x146/0x152 [ 5620.392126][T11858] __nla_validate_parse: 12 callbacks suppressed [ 5620.399501][T11858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1128'. [ 5620.450320][T11858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1128'. [ 5620.466602][T11858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1128'. [ 5620.531701][T11858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1128'. [ 5620.628405][T11858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1128'. [ 5620.642696][T11858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1128'. [ 5620.671188][T11858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1128'. [ 5620.717791][T11858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1128'. [ 5620.773953][T11858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1128'. [ 5620.784366][T11858] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1128'. [ 5632.105512][T11229] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 362 sec [ 5635.307826][T11888] netlink: 'syz.0.1136': attribute type 1 has an invalid length. [ 5635.310514][T11888] netlink: 'syz.0.1136': attribute type 3 has an invalid length. [ 5635.311937][T11888] __nla_validate_parse: 34 callbacks suppressed [ 5635.312259][T11888] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1136'. [ 5635.330379][T11888] NCSI netlink: No device for ifindex 0 [ 5680.997785][T11932] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1150'. [ 5681.158132][T11932] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1150'. [ 5681.182069][T11932] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1150'. [ 5681.249828][T11932] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1150'. [ 5681.277550][T11932] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1150'. [ 5681.321258][T11932] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1150'. [ 5681.339772][T11932] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1150'. [ 5681.358437][T11932] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1150'. [ 5681.369675][T11932] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1150'. [ 5681.388244][T11932] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1150'. [ 5688.431744][T11947] FAULT_INJECTION: forcing a failure. [ 5688.431744][T11947] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 5688.436685][T11947] CPU: 1 UID: 0 PID: 11947 Comm: syz.1.1153 Not tainted syzkaller #0 PREEMPT [ 5688.437238][T11947] Hardware name: riscv-virtio,qemu (DT) [ 5688.437435][T11947] Call Trace: [ 5688.437616][T11947] [] dump_backtrace+0x2e/0x3c [ 5688.438201][T11947] [] show_stack+0x30/0x3c [ 5688.438645][T11947] [] dump_stack_lvl+0x12e/0x1a6 [ 5688.439277][T11947] [] dump_stack+0x1c/0x24 [ 5688.439888][T11947] [] should_fail_ex+0x48c/0x5cc [ 5688.440472][T11947] [] should_fail+0xe/0x16 [ 5688.441059][T11947] [] should_fail_usercopy+0x1e/0x26 [ 5688.441660][T11947] [] _copy_from_user+0x3e/0x398 [ 5688.442152][T11947] [] __tun_chr_ioctl+0x1c0/0x5cb2 [ 5688.442727][T11947] [] tun_chr_ioctl+0x2a/0x38 [ 5688.443205][T11947] [] __riscv_sys_ioctl+0x180/0x1e4 [ 5688.443707][T11947] [] syscall_handler+0x94/0x118 [ 5688.444221][T11947] [] do_trap_ecall_u+0x396/0x530 [ 5688.444752][T11947] [] handle_exception+0x146/0x152 [ 5693.071583][T10667] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 423 sec [ 5697.756503][T11955] __nla_validate_parse: 12 callbacks suppressed [ 5697.757063][T11955] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1157'. [ 5697.829803][T11955] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1157'. [ 5697.839710][T11955] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1157'. [ 5697.855112][T11955] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1157'. [ 5697.862099][T11955] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1157'. [ 5697.897084][T11955] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1157'. [ 5697.921870][T11955] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1157'. [ 5697.952407][T11955] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1157'. [ 5697.986577][T11955] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1157'. [ 5698.007042][T11955] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1157'. [ 5713.926325][T11987] __nla_validate_parse: 12 callbacks suppressed [ 5713.926694][T11987] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1163'. [ 5734.981642][T12008] FAULT_INJECTION: forcing a failure. [ 5734.981642][T12008] name failslab, interval 1, probability 0, space 0, times 0 [ 5734.984501][T12008] CPU: 0 UID: 0 PID: 12008 Comm: syz.0.1166 Not tainted syzkaller #0 PREEMPT [ 5734.984853][T12008] Hardware name: riscv-virtio,qemu (DT) [ 5734.984965][T12008] Call Trace: [ 5734.985058][T12008] [] dump_backtrace+0x2e/0x3c [ 5734.985421][T12008] [] show_stack+0x30/0x3c [ 5734.985665][T12008] [] dump_stack_lvl+0x12e/0x1a6 [ 5734.986000][T12008] [] dump_stack+0x1c/0x24 [ 5734.986330][T12008] [] should_fail_ex+0x48c/0x5cc [ 5734.986720][T12008] [] should_failslab+0xba/0x102 [ 5734.987051][T12008] [] __kmalloc_noprof+0xca/0x584 [ 5734.987422][T12008] [] io_alloc_ocqe+0x94/0x582 [ 5734.987793][T12008] [] __io_submit_flush_completions+0x1534/0x1552 [ 5734.988116][T12008] [] io_submit_sqes+0x9c4/0x28e6 [ 5734.988424][T12008] [] __riscv_sys_io_uring_enter+0xda6/0x1942 [ 5734.988788][T12008] [] syscall_handler+0x94/0x118 [ 5734.989065][T12008] [] do_trap_ecall_u+0x396/0x530 [ 5734.989326][T12008] [] handle_exception+0x146/0x152 [ 5753.467929][T10667] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 483 sec [ 5753.557472][T12026] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1170'. [ 5753.619983][T12031] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1170'. [ 5753.685947][T12031] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1170'. [ 5753.729653][T12031] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1170'. [ 5753.800118][T12031] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1170'. [ 5753.849836][T12031] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1170'. [ 5753.901494][T12031] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1170'. [ 5753.951734][T12031] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1170'. [ 5753.987373][T12031] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1170'. [ 5754.038426][T12031] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1170'. [ 5760.422675][T12042] __nla_validate_parse: 12 callbacks suppressed [ 5760.436033][T12042] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1172'. [ 5781.528854][T12061] loop1: detected capacity change from 0 to 7 [ 5784.274235][T12061] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1177'. [ 5814.256069][ T8379] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 544 sec [ 5820.540866][T12097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1186'. [ 5820.561457][T12097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1186'. [ 5820.571071][T12097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1186'. [ 5820.588134][T12097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1186'. [ 5820.601693][T12097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1186'. [ 5820.630992][T12097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1186'. [ 5820.641297][T12097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1186'. [ 5820.651564][T12097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1186'. [ 5820.659936][T12097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1186'. [ 5820.674632][T12097] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1186'. [ 5832.297471][T12117] veth1_to_bridge: entered promiscuous mode [ 5832.299200][T12117] veth1_to_bridge: entered allmulticast mode [ 5836.328275][T12121] __nla_validate_parse: 12 callbacks suppressed [ 5836.331915][T12121] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1193'. [ 5836.516582][T12122] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1192'. [ 5845.892607][T12131] kernel read not supported for file /file1 (pid: 12131 comm: syz.1.1196) [ 5845.908795][ T35] kauditd_printk_skb: 60 callbacks suppressed [ 5845.909122][ T35] audit: type=1800 audit(5844.990:4125): pid=12131 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1196" name="file1" dev="mqueue" ino=16992 res=0 errno=0 [ 5851.927917][T12133] FAULT_INJECTION: forcing a failure. [ 5851.927917][T12133] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 5851.930977][T12133] CPU: 1 UID: 0 PID: 12133 Comm: syz.1.1197 Not tainted syzkaller #0 PREEMPT [ 5851.931502][T12133] Hardware name: riscv-virtio,qemu (DT) [ 5851.931700][T12133] Call Trace: [ 5851.931871][T12133] [] dump_backtrace+0x2e/0x3c [ 5851.932452][T12133] [] show_stack+0x30/0x3c [ 5851.932968][T12133] [] dump_stack_lvl+0x12e/0x1a6 [ 5851.933590][T12133] [] dump_stack+0x1c/0x24 [ 5851.934292][T12133] [] should_fail_ex+0x48c/0x5cc [ 5851.934900][T12133] [] should_fail+0xe/0x16 [ 5851.935451][T12133] [] should_fail_usercopy+0x1e/0x26 [ 5851.936033][T12133] [] _copy_to_user+0x3e/0x372 [ 5851.936490][T12133] [] simple_read_from_buffer+0xd4/0x16c [ 5851.937084][T12133] [] proc_fail_nth_read+0x198/0x244 [ 5851.937674][T12133] [] vfs_read+0x2ee/0xbba [ 5851.938213][T12133] [] ksys_read+0x126/0x234 [ 5851.938760][T12133] [] __riscv_sys_read+0x6e/0xa0 [ 5851.939303][T12133] [] syscall_handler+0x94/0x118 [ 5851.939815][T12133] [] do_trap_ecall_u+0x396/0x530 [ 5851.940286][T12133] [] handle_exception+0x146/0x152 [ 5858.019136][T12139] FAULT_INJECTION: forcing a failure. [ 5858.019136][T12139] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 5858.020454][T12139] CPU: 0 UID: 0 PID: 12139 Comm: syz.0.1200 Not tainted syzkaller #0 PREEMPT [ 5858.020785][T12139] Hardware name: riscv-virtio,qemu (DT) [ 5858.020890][T12139] Call Trace: [ 5858.020992][T12139] [] dump_backtrace+0x2e/0x3c [ 5858.021560][T12139] [] show_stack+0x30/0x3c [ 5858.021983][T12139] [] dump_stack_lvl+0x12e/0x1a6 [ 5858.022609][T12139] [] dump_stack+0x1c/0x24 [ 5858.023004][T12139] [] should_fail_ex+0x48c/0x5cc [ 5858.023322][T12139] [] should_fail+0xe/0x16 [ 5858.023649][T12139] [] should_fail_usercopy+0x1e/0x26 [ 5858.023969][T12139] [] strncpy_from_user+0xa8/0x9c8 [ 5858.024205][T12139] [] __riscv_sys_request_key+0x112/0x43c [ 5858.024620][T12139] [] syscall_handler+0x94/0x118 [ 5858.024902][T12139] [] do_trap_ecall_u+0x396/0x530 [ 5858.025162][T12139] [] handle_exception+0x146/0x152 [ 5864.572188][T12149] kernel read not supported for file /file1 (pid: 12149 comm: syz.1.1203) [ 5864.581905][ T35] audit: type=1800 audit(5863.670:4126): pid=12149 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1203" name="file1" dev="mqueue" ino=17048 res=0 errno=0 [ 5874.506092][ T8379] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 604 sec [ 5902.157008][ T8379] usb 2-1: new low-speed USB device number 46 using dummy_hcd [ 5902.425027][ T8379] usb 2-1: Invalid ep0 maxpacket: 32 [ 5902.595815][ T8379] usb 2-1: new low-speed USB device number 47 using dummy_hcd [ 5902.908211][ T8379] usb 2-1: Invalid ep0 maxpacket: 32 [ 5902.947305][ T8379] usb usb2-port1: attempt power cycle [ 5903.467702][ T8379] usb 2-1: new low-speed USB device number 48 using dummy_hcd [ 5903.534511][ T8379] usb 2-1: Invalid ep0 maxpacket: 32 [ 5903.725558][ T8379] usb 2-1: new low-speed USB device number 49 using dummy_hcd [ 5903.757885][ T8379] usb 2-1: Invalid ep0 maxpacket: 32 [ 5903.776753][ T8379] usb usb2-port1: unable to enumerate USB device [ 5907.957758][T12270] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1213'. [ 5908.201068][T12265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1213'. [ 5908.227600][T12265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1213'. [ 5908.296976][T12265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1213'. [ 5908.326551][T12265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1213'. [ 5908.340958][T12265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1213'. [ 5908.357634][T12265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1213'. [ 5908.371739][T12265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1213'. [ 5908.391181][T12265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1213'. [ 5908.416556][T12265] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1213'. [ 5931.095564][T12056] usb 2-1: new low-speed USB device number 50 using dummy_hcd [ 5931.385204][T12056] usb 2-1: Invalid ep0 maxpacket: 32 [ 5931.588170][T12056] usb 2-1: new low-speed USB device number 51 using dummy_hcd [ 5931.855351][T12056] usb 2-1: Invalid ep0 maxpacket: 32 [ 5931.866971][T12056] usb usb2-port1: attempt power cycle [ 5932.305734][T12056] usb 2-1: new low-speed USB device number 52 using dummy_hcd [ 5932.429057][T12056] usb 2-1: Invalid ep0 maxpacket: 32 [ 5932.614917][T12056] usb 2-1: new low-speed USB device number 53 using dummy_hcd [ 5932.685746][T12056] usb 2-1: Invalid ep0 maxpacket: 32 [ 5932.705416][T12056] usb usb2-port1: unable to enumerate USB device [ 5934.757912][ T8439] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 665 sec [ 5940.916601][T12319] __nla_validate_parse: 12 callbacks suppressed [ 5940.917190][T12319] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1222'. [ 5941.889337][T12314] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1222'. [ 5941.930443][T12314] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1222'. [ 5941.989575][T12314] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1222'. [ 5942.006255][T12314] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1222'. [ 5942.010667][T12314] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1222'. [ 5942.028910][T12314] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1222'. [ 5942.082209][T12314] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1222'. [ 5942.109109][T12314] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1222'. [ 5942.140795][T12314] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1222'. [ 5942.806982][T12324] kernel read not supported for file /file1 (pid: 12324 comm: syz.1.1223) [ 5942.814035][ T35] audit: type=1800 audit(5941.900:4127): pid=12324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1223" name="file1" dev="mqueue" ino=17145 res=0 errno=0 [ 5948.110340][T12330] __nla_validate_parse: 12 callbacks suppressed [ 5948.110689][T12330] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1225'. [ 5952.530704][T10916] usb 1-1: new low-speed USB device number 55 using dummy_hcd [ 5952.797935][T10916] usb 1-1: Invalid ep0 maxpacket: 32 [ 5952.991877][T10916] usb 1-1: new low-speed USB device number 56 using dummy_hcd [ 5953.236208][T10916] usb 1-1: Invalid ep0 maxpacket: 32 [ 5953.258157][T10916] usb usb1-port1: attempt power cycle [ 5953.898294][T10916] usb 1-1: new low-speed USB device number 57 using dummy_hcd [ 5953.977694][T10916] usb 1-1: Invalid ep0 maxpacket: 32 [ 5954.195643][T10916] usb 1-1: new low-speed USB device number 58 using dummy_hcd [ 5954.338682][T10916] usb 1-1: Invalid ep0 maxpacket: 32 [ 5954.349650][T10916] usb usb1-port1: unable to enumerate USB device [ 5981.802642][T10667] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 5982.066255][T10667] usb 2-1: Using ep0 maxpacket: 8 [ 5982.644974][T10667] usb 2-1: config index 0 descriptor too short (expected 74, got 45) [ 5982.649437][T10667] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 5982.650694][T10667] usb 2-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 5982.663976][T10667] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 5982.665148][T10667] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 5982.956927][T10667] usbtmc 2-1:16.0: bulk endpoints not found [ 5985.808387][ T8439] usb 2-1: USB disconnect, device number 54 [ 5995.705261][T10667] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 726 sec [ 6009.346934][ T8379] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 6009.556003][ T8379] usb 1-1: Using ep0 maxpacket: 8 [ 6009.662240][ T8379] usb 1-1: config index 0 descriptor too short (expected 74, got 45) [ 6009.668967][ T8379] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 6009.671322][ T8379] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 6009.676171][ T8379] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 6009.684218][ T8379] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 6010.196700][ T8379] usbtmc 1-1:16.0: bulk endpoints not found [ 6012.741830][T10667] usb 1-1: USB disconnect, device number 59 [ 6016.555212][T12442] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1245'. [ 6023.494393][T12449] netlink: 'syz.0.1246': attribute type 2 has an invalid length. [ 6023.496328][T12449] netlink: 46 bytes leftover after parsing attributes in process `syz.0.1246'. [ 6030.407247][T11229] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 6030.655541][T11229] usb 1-1: Using ep0 maxpacket: 8 [ 6030.796508][T11229] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 6030.798490][T11229] usb 1-1: config 179 has no interface number 0 [ 6030.800142][T11229] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 6030.802027][T11229] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 6030.834245][T11229] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11 [ 6030.836502][T11229] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 6030.838748][T11229] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 6030.841653][T11229] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 6030.847109][T11229] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 6031.111879][T12463] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 6032.750284][ T8379] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input32 [ 6037.630445][ T8439] usb 1-1: USB disconnect, device number 60 [ 6037.634999][ C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 6037.636923][ C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 6044.770715][ T8439] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 6045.075845][ T8439] usb 2-1: Using ep0 maxpacket: 8 [ 6045.184326][ T8439] usb 2-1: config index 0 descriptor too short (expected 74, got 45) [ 6045.186309][ T8439] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 6045.188150][ T8439] usb 2-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 6045.190406][ T8439] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 6045.192040][ T8439] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 6045.772723][ T8439] usbtmc 2-1:16.0: bulk endpoints not found [ 6048.416850][T12499] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1251'. [ 6049.025659][ T8439] usb 2-1: USB disconnect, device number 55 [ 6055.734699][T10667] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 786 sec [ 6062.506706][T12517] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1256'. [ 6067.635679][T11441] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 6068.007394][T11441] usb 2-1: Using ep0 maxpacket: 8 [ 6068.137342][T11441] usb 2-1: config index 0 descriptor too short (expected 74, got 45) [ 6068.139274][T11441] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 6068.141301][T11441] usb 2-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 6068.154384][T11441] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 6068.156497][T11441] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 6068.617830][T11441] usbtmc 2-1:16.0: bulk endpoints not found [ 6070.194566][ T8379] usb 2-1: USB disconnect, device number 56 [ 6079.451704][ T8439] usb 1-1: new low-speed USB device number 61 using dummy_hcd [ 6079.766750][ T8439] usb 1-1: Invalid ep0 maxpacket: 32 [ 6079.955702][ T8439] usb 1-1: new low-speed USB device number 62 using dummy_hcd [ 6080.387345][ T8439] usb 1-1: Invalid ep0 maxpacket: 32 [ 6080.397944][ T8439] usb usb1-port1: attempt power cycle [ 6080.910495][ T8439] usb 1-1: new low-speed USB device number 63 using dummy_hcd [ 6080.968769][ T8439] usb 1-1: Invalid ep0 maxpacket: 32 [ 6081.176663][ T8439] usb 1-1: new low-speed USB device number 64 using dummy_hcd [ 6081.216385][ T8439] usb 1-1: Invalid ep0 maxpacket: 32 [ 6081.225241][ T8439] usb usb1-port1: unable to enumerate USB device [ 6099.217421][T12555] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1262'. [ 6107.814533][T12561] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1263'. [ 6116.194224][ T8379] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 846 sec [ 6118.057496][T12569] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1266'. [ 6121.126884][T12572] binder: 12570:12572 unknown command 0 [ 6121.128937][T12572] binder: 12570:12572 ioctl c0306201 200000000440 returned -22 [ 6128.631793][T12577] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1268'. [ 6129.272461][T12578] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1268'. [ 6129.321551][T12578] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1268'. [ 6129.355938][T12578] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1268'. [ 6129.389414][T12578] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1268'. [ 6129.426955][T12578] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1268'. [ 6129.472573][T12578] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1268'. [ 6129.532385][T12578] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1268'. [ 6129.577955][T12578] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1268'. [ 6129.607815][T12582] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1269'. [ 6147.685660][T12599] trusted_key: encrypted_key: insufficient parameters specified [ 6147.901561][T12600] __nla_validate_parse: 13 callbacks suppressed [ 6147.902186][T12600] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1273'. [ 6148.755028][T12056] Process accounting resumed [ 6150.391451][T12596] Process accounting resumed [ 6173.818499][ T7248] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 6174.157767][ T7248] usb 2-1: Using ep0 maxpacket: 16 [ 6174.319767][ T7248] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 6174.329842][ T7248] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 6174.361347][ T7248] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice= 0.00 [ 6174.365310][ T7248] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 6174.617363][ T7248] usb 2-1: config 0 descriptor?? [ 6176.505479][ T8379] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 906 sec [ 6177.310206][ T7248] playstation 0003:054C:0DF2.0001: hidraw0: USB HID v0.09 Device [HID 054c:0df2] on usb-dummy_hcd.1-1/input0 [ 6177.627488][ T7248] playstation 0003:054C:0DF2.0001: Invalid reportID received, expected 9 got 53 [ 6177.630184][ T7248] playstation 0003:054C:0DF2.0001: Failed to retrieve DualSense pairing info: -22 [ 6177.632555][ T7248] playstation 0003:054C:0DF2.0001: Failed to get MAC address from DualSense [ 6177.675784][ T7248] playstation 0003:054C:0DF2.0001: Failed to create dualsense. [ 6177.851367][ T7248] playstation 0003:054C:0DF2.0001: probe with driver playstation failed with error -22 [ 6180.116012][T10667] usb 2-1: USB disconnect, device number 57 [ 6182.185344][T12648] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1284'. [ 6182.201939][T12648] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1284'. [ 6182.208861][T12648] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1284'. [ 6182.217661][T12648] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1284'. [ 6182.226371][T12648] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1284'. [ 6182.231821][T12648] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1284'. [ 6182.241632][T12648] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1284'. [ 6182.268380][T12648] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1284'. [ 6182.279528][T12648] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1284'. [ 6182.287951][T12648] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1284'. [ 6197.826401][T12675] __nla_validate_parse: 12 callbacks suppressed [ 6197.826811][T12675] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1290'. [ 6197.867108][T12675] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1290'. [ 6197.872169][T12675] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1290'. [ 6197.896752][T12675] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1290'. [ 6197.915731][T12675] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1290'. [ 6197.921425][T12675] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1290'. [ 6197.959921][T12675] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1290'. [ 6197.968189][T12675] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1290'. [ 6197.978124][T12675] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1290'. [ 6197.985984][T12675] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1290'. [ 6204.469429][ T35] audit: type=1326 audit(6203.560:4128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=172 compat=0 ip=0xd55dc code=0x7ffc0000 [ 6204.471485][ T35] audit: type=1326 audit(6203.560:4129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=139 compat=0 ip=0x7fffbcc505e8 code=0x7ffc0000 [ 6204.487918][ T35] audit: type=1326 audit(6203.560:4130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 6204.490974][ T35] audit: type=1326 audit(6203.570:4131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 6204.492579][ T35] audit: type=1326 audit(6203.570:4132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=172 compat=0 ip=0xd55dc code=0x7ffc0000 [ 6204.507960][ T35] audit: type=1326 audit(6203.570:4133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=139 compat=0 ip=0x7fffbcc505e8 code=0x7ffc0000 [ 6204.586176][ T35] audit: type=1326 audit(6203.600:4134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=172 compat=0 ip=0xd55dc code=0x7ffc0000 [ 6204.604167][ T35] audit: type=1326 audit(6203.680:4135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=139 compat=0 ip=0x7fffbcc505e8 code=0x7ffc0000 [ 6204.606039][ T35] audit: type=1326 audit(6203.690:4136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=172 compat=0 ip=0xd55dc code=0x7ffc0000 [ 6204.608469][ T35] audit: type=1326 audit(6203.690:4137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=139 compat=0 ip=0x7fffbcc505e8 code=0x7ffc0000 [ 6209.559870][ T35] kauditd_printk_skb: 426 callbacks suppressed [ 6209.560397][ T35] audit: type=1326 audit(6208.640:4564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=139 compat=0 ip=0x7fffbcc505e8 code=0x7ffc0000 [ 6209.596888][ T35] audit: type=1326 audit(6208.680:4565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=172 compat=0 ip=0xd55dc code=0x7ffc0000 [ 6209.615216][ T35] audit: type=1326 audit(6208.700:4566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=139 compat=0 ip=0x7fffbcc505e8 code=0x7ffc0000 [ 6209.647359][ T35] audit: type=1326 audit(6208.730:4567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=172 compat=0 ip=0xd55dc code=0x7ffc0000 [ 6209.650639][ T35] audit: type=1326 audit(6208.740:4568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=139 compat=0 ip=0x7fffbcc505e8 code=0x7ffc0000 [ 6209.671100][ T35] audit: type=1326 audit(6208.740:4569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=172 compat=0 ip=0xd55dc code=0x7ffc0000 [ 6209.705263][ T35] audit: type=1326 audit(6208.750:4570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=139 compat=0 ip=0x7fffbcc505e8 code=0x7ffc0000 [ 6209.709651][ T35] audit: type=1326 audit(6208.770:4571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=172 compat=0 ip=0xd55dc code=0x7ffc0000 [ 6209.725763][ T35] audit: type=1326 audit(6208.780:4572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=139 compat=0 ip=0x7fffbcc505e8 code=0x7ffc0000 [ 6209.728881][ T35] audit: type=1326 audit(6208.790:4573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12688 comm="syz.1.1294" exe="/syz-executor" sig=0 arch=c00000f3 syscall=172 compat=0 ip=0xd55dc code=0x7ffc0000 [ 6232.045617][T12714] __nla_validate_parse: 12 callbacks suppressed [ 6232.046142][T12714] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1303'. [ 6236.936203][T10667] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 967 sec [ 6242.541571][T12724] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1307'. [ 6242.660787][T12724] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1307'. [ 6242.682720][T12724] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1307'. [ 6242.731607][T12724] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1307'. [ 6242.785138][T12724] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1307'. [ 6242.809125][T12724] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1307'. [ 6242.849768][T12724] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1307'. [ 6242.880312][T12724] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1307'. [ 6242.900979][T12724] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1307'. [ 6242.947985][T12724] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1307'. [ 6247.612706][T12736] __nla_validate_parse: 11 callbacks suppressed [ 6247.656431][T12736] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1309'. [ 6257.085398][T12748] capability: warning: `syz.1.1312' uses deprecated v2 capabilities in a way that may be insecure [ 6262.257473][T12755] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1315'. [ 6284.747436][T12776] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1322'. [ 6289.448544][T12780] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 6291.091851][T12782] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1325'. [ 6297.227640][ T8439] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1027 sec [ 6299.960345][T12790] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1329'. [ 6302.168912][T12792] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1330'. [ 6304.500254][T12794] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1331'. [ 6312.801590][T12805] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1335'. [ 6315.766861][T12808] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1336'. [ 6317.251275][T12810] netlink: 'syz.1.1337': attribute type 2 has an invalid length. [ 6317.258088][T12810] netlink: 46 bytes leftover after parsing attributes in process `syz.1.1337'. [ 6321.847895][T12819] kernel read not supported for file /file1 (pid: 12819 comm: syz.1.1339) [ 6321.855761][ T35] kauditd_printk_skb: 184 callbacks suppressed [ 6321.856119][ T35] audit: type=1800 audit(6320.940:4758): pid=12819 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1339" name="file1" dev="mqueue" ino=18913 res=0 errno=0 [ 6325.517583][T12825] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1341'. [ 6340.112434][T12841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1347'. [ 6340.236039][T12841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1347'. [ 6340.259517][T12841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1347'. [ 6340.296395][T12841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1347'. [ 6340.334334][T12841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1347'. [ 6340.358551][T12841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1347'. [ 6340.390995][T12841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1347'. [ 6340.422099][T12841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1347'. [ 6340.450586][T12841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1347'. [ 6340.489363][T12841] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1347'. [ 6345.935688][T12851] __nla_validate_parse: 11 callbacks suppressed [ 6345.936031][T12851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1349'. [ 6345.980756][T12851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1349'. [ 6346.056640][T12851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1349'. [ 6346.088742][T12851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1349'. [ 6346.106896][T12851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1349'. [ 6346.111683][T12851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1349'. [ 6346.130214][T12851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1349'. [ 6346.142658][T12851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1349'. [ 6346.172106][T12851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1349'. [ 6346.208247][T12851] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1349'. [ 6357.636213][ T8379] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1088 sec [ 6361.457328][T12873] netlink: 'syz.0.1353': attribute type 2 has an invalid length. [ 6361.458584][T12873] __nla_validate_parse: 12 callbacks suppressed [ 6361.458810][T12873] netlink: 46 bytes leftover after parsing attributes in process `syz.0.1353'. [ 6366.409807][T12879] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1355'. [ 6366.465580][T12879] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1355'. [ 6366.470302][T12879] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1355'. [ 6366.486832][T12879] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1355'. [ 6366.491596][T12879] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1355'. [ 6366.518016][T12879] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1355'. [ 6366.525242][T12879] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1355'. [ 6366.530205][T12879] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1355'. [ 6366.554950][T12879] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1355'. [ 6366.562006][T12879] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1355'. [ 6366.592639][T12879] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1355'. [ 6368.948905][T12889] kernel read not supported for file /file1 (pid: 12889 comm: syz.0.1357) [ 6368.953906][ T35] audit: type=1800 audit(6368.040:4759): pid=12889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1357" name="file1" dev="mqueue" ino=19020 res=0 errno=0 [ 6385.079569][T12903] netlink: 'syz.1.1360': attribute type 21 has an invalid length. [ 6385.081109][T12903] IPv6: NLM_F_CREATE should be specified when creating new route [ 6385.437672][ T8379] usb 1-1: new high-speed USB device number 65 using dummy_hcd [ 6385.626243][ T8379] usb 1-1: Using ep0 maxpacket: 8 [ 6385.817033][ T8379] usb 1-1: config index 0 descriptor too short (expected 74, got 45) [ 6385.819014][ T8379] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 6385.821161][ T8379] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 6385.860690][ T8379] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 6385.862675][ T8379] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 6386.186806][ T8379] usbtmc 1-1:16.0: bulk endpoints not found [ 6388.126959][ T8916] usb 1-1: USB disconnect, device number 65 [ 6389.750219][T12922] __nla_validate_parse: 10 callbacks suppressed [ 6389.750548][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1362'. [ 6389.797123][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1362'. [ 6389.809479][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1362'. [ 6389.815373][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1362'. [ 6389.826393][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1362'. [ 6389.835966][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1362'. [ 6389.845563][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1362'. [ 6389.851556][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1362'. [ 6389.898772][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1362'. [ 6389.913922][T12922] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1362'. [ 6396.791647][T12932] __nla_validate_parse: 11 callbacks suppressed [ 6396.792168][T12932] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1364'. [ 6401.285426][T12936] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1366'. [ 6402.066254][T12938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1367'. [ 6402.117002][T12938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1367'. [ 6402.139606][T12938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1367'. [ 6402.162457][T12938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1367'. [ 6402.236380][T12938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1367'. [ 6402.258136][T12938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1367'. [ 6402.279964][T12938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1367'. [ 6402.299657][T12938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1367'. [ 6402.311493][T12938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1367'. [ 6402.374705][T12938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1367'. [ 6407.119945][ T8439] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 6407.384732][ T8439] usb 1-1: Using ep0 maxpacket: 8 [ 6407.474279][ T8439] usb 1-1: config index 0 descriptor too short (expected 74, got 45) [ 6407.475603][ T8439] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 6407.476960][ T8439] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 6407.478496][ T8439] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 6407.479526][ T8439] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 6407.770504][ T8439] usbtmc 1-1:16.0: bulk endpoints not found [ 6410.274719][ T8439] usb 1-1: USB disconnect, device number 66 [ 6411.772044][T12954] netlink: 'syz.1.1369': attribute type 62 has an invalid length. [ 6417.945325][T12913] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1148 sec [ 6418.767099][T12972] input: syz0 as /devices/virtual/input/input33 [ 6424.836771][T12986] __nla_validate_parse: 11 callbacks suppressed [ 6424.837133][T12986] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'. [ 6425.052057][T12980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'. [ 6425.134985][T12980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'. [ 6425.194677][T12980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'. [ 6425.245235][T12980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'. [ 6425.285361][T12980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'. [ 6425.329322][T12980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'. [ 6425.369488][T12980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'. [ 6425.409613][T12980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'. [ 6425.449718][T12980] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1373'. [ 6427.552117][T12991] kernel read not supported for file /file1 (pid: 12991 comm: syz.1.1374) [ 6427.574045][ T35] audit: type=1800 audit(6426.660:4760): pid=12991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1374" name="file1" dev="mqueue" ino=19156 res=0 errno=0 [ 6433.418504][T12996] __nla_validate_parse: 12 callbacks suppressed [ 6433.418862][T12996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1375'. [ 6433.451545][T12996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1375'. [ 6433.457627][T12996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1375'. [ 6433.468767][T12996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1375'. [ 6433.534679][T12996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1375'. [ 6433.577621][T12996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1375'. [ 6433.595316][T12996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1375'. [ 6433.620556][T12996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1375'. [ 6433.640046][T12996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1375'. [ 6433.652218][T12996] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1375'. [ 6440.809920][ T7248] usb 2-1: new low-speed USB device number 58 using dummy_hcd [ 6441.025178][ T7248] usb 2-1: device descriptor read/64, error -71 [ 6441.344925][ T7248] usb 2-1: new low-speed USB device number 59 using dummy_hcd [ 6441.545397][ T7248] usb 2-1: device descriptor read/64, error -71 [ 6441.663852][ T7248] usb usb2-port1: attempt power cycle [ 6441.846778][T13013] __nla_validate_parse: 12 callbacks suppressed [ 6441.847302][T13013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1379'. [ 6441.900739][T13013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1379'. [ 6441.932361][T13013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1379'. [ 6441.949027][T13013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1379'. [ 6441.968626][T13013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1379'. [ 6441.985941][T13013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1379'. [ 6441.999163][T13013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1379'. [ 6442.014692][T13013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1379'. [ 6442.022250][T13013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1379'. [ 6442.059356][T13013] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1379'. [ 6442.179533][ T7248] usb 2-1: new low-speed USB device number 60 using dummy_hcd [ 6442.236377][ T7248] usb 2-1: device descriptor read/8, error -71 [ 6442.526523][ T7248] usb 2-1: new low-speed USB device number 61 using dummy_hcd [ 6442.562212][ T7248] usb 2-1: device descriptor read/8, error -71 [ 6442.710722][ T7248] usb usb2-port1: unable to enumerate USB device [ 6446.266700][T13024] kernel read not supported for file /file1 (pid: 13024 comm: syz.0.1380) [ 6446.272246][ T35] audit: type=1800 audit(6445.360:4761): pid=13024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1380" name="file1" dev="mqueue" ino=19599 res=0 errno=0 [ 6452.178230][T13028] netlink: 'syz.0.1382': attribute type 4 has an invalid length. [ 6452.882508][T13028] netlink: 'syz.0.1382': attribute type 4 has an invalid length. [ 6458.805175][T13038] kernel read not supported for file /file1 (pid: 13038 comm: syz.1.1385) [ 6458.808680][ T35] audit: type=1800 audit(6457.900:4762): pid=13038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1385" name="file1" dev="mqueue" ino=19218 res=0 errno=0 [ 6467.129421][T13045] __nla_validate_parse: 12 callbacks suppressed [ 6467.129954][T13045] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1387'. [ 6473.002053][T13051] FAULT_INJECTION: forcing a failure. [ 6473.002053][T13051] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 6473.005832][T13051] CPU: 1 UID: 0 PID: 13051 Comm: syz.1.1389 Not tainted syzkaller #0 PREEMPT [ 6473.006377][T13051] Hardware name: riscv-virtio,qemu (DT) [ 6473.006564][T13051] Call Trace: [ 6473.006736][T13051] [] dump_backtrace+0x2e/0x3c [ 6473.007343][T13051] [] show_stack+0x30/0x3c [ 6473.007781][T13051] [] dump_stack_lvl+0x12e/0x1a6 [ 6473.008382][T13051] [] dump_stack+0x1c/0x24 [ 6473.009036][T13051] [] should_fail_ex+0x48c/0x5cc [ 6473.009644][T13051] [] should_fail+0xe/0x16 [ 6473.010177][T13051] [] should_fail_usercopy+0x1e/0x26 [ 6473.010724][T13051] [] _copy_from_user+0x3e/0x398 [ 6473.011214][T13051] [] sk_getsockopt+0x1b0/0x2d5a [ 6473.011762][T13051] [] do_sock_getsockopt+0x51e/0x5ea [ 6473.012335][T13051] [] __sys_getsockopt+0xda/0x16a [ 6473.013044][T13051] [] __riscv_sys_getsockopt+0xa6/0x114 [ 6473.013693][T13051] [] syscall_handler+0x94/0x118 [ 6473.014198][T13051] [] do_trap_ecall_u+0x396/0x530 [ 6473.014682][T13051] [] handle_exception+0x146/0x152 [ 6474.809578][T13053] kernel read not supported for file /file1 (pid: 13053 comm: syz.0.1390) [ 6474.875865][ T35] audit: type=1800 audit(6473.960:4763): pid=13053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1390" name="file1" dev="mqueue" ino=19262 res=0 errno=0 [ 6478.277529][ T8439] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1208 sec [ 6478.525557][T13057] input: syz0 as /devices/virtual/input/input34 [ 6478.539197][T13059] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1393'. [ 6486.336203][T13076] kernel read not supported for file /file1 (pid: 13076 comm: syz.0.1396) [ 6486.379866][ T35] audit: type=1800 audit(6485.430:4764): pid=13076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1396" name="file1" dev="mqueue" ino=19654 res=0 errno=0 [ 6494.136968][T13079] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1397'. [ 6496.851927][T13081] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1398'. [ 6500.977532][T13085] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 6501.029460][T13085] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 6501.042177][T13085] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 6501.047313][T13085] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 6501.065950][T13085] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 6501.071093][T13085] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 6501.095035][T13085] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 6501.099592][T13085] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 6501.110017][T13085] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 6501.119704][T13085] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1400'. [ 6501.820111][T13092] kernel read not supported for file /file1 (pid: 13092 comm: syz.0.1401) [ 6501.828546][ T35] audit: type=1800 audit(6500.910:4765): pid=13092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1401" name="file1" dev="mqueue" ino=19320 res=0 errno=0 [ 6526.677662][T13181] fuse: Unknown parameter '' [ 6527.642740][T13183] input: syz0 as /devices/virtual/input/input35 [ 6536.795449][T10667] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 6537.025477][T10667] usb 1-1: Using ep0 maxpacket: 16 [ 6537.109678][T10667] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 6537.111002][T10667] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 6537.596739][T10667] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 6537.598653][T10667] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 6537.600148][T10667] usb 1-1: Product: syz [ 6537.601377][T10667] usb 1-1: Manufacturer: syz [ 6537.602592][T10667] usb 1-1: SerialNumber: syz [ 6537.758468][T13198] __nla_validate_parse: 11 callbacks suppressed [ 6537.759008][T13198] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1410'. [ 6538.354492][ T8439] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1268 sec [ 6539.865477][T13193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6539.950704][T13193] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6540.261926][T10667] usb 1-1: 0:2 : does not exist [ 6545.438514][T10667] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 6553.853747][T12641] usb 1-1: USB disconnect, device number 67 [ 6556.877687][T13235] input: syz0 as /devices/virtual/input/input36 [ 6563.990506][T13243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1414'. [ 6564.067136][T13243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1414'. [ 6564.098102][T13243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1414'. [ 6564.119364][T13243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1414'. [ 6564.146427][T13243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1414'. [ 6564.158373][T13243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1414'. [ 6564.168471][T13243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1414'. [ 6564.176943][T13243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1414'. [ 6564.189312][T13243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1414'. [ 6564.210167][T13243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1414'. [ 6568.799922][T13254] FAULT_INJECTION: forcing a failure. [ 6568.799922][T13254] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 6568.802097][T13254] CPU: 0 UID: 0 PID: 13254 Comm: syz.1.1416 Not tainted syzkaller #0 PREEMPT [ 6568.802589][T13254] Hardware name: riscv-virtio,qemu (DT) [ 6568.802841][T13254] Call Trace: [ 6568.803016][T13254] [] dump_backtrace+0x2e/0x3c [ 6568.803610][T13254] [] show_stack+0x30/0x3c [ 6568.804044][T13254] [] dump_stack_lvl+0x12e/0x1a6 [ 6568.804692][T13254] [] dump_stack+0x1c/0x24 [ 6568.805256][T13254] [] should_fail_ex+0x48c/0x5cc [ 6568.805835][T13254] [] should_fail+0xe/0x16 [ 6568.806397][T13254] [] should_fail_usercopy+0x1e/0x26 [ 6568.806994][T13254] [] _copy_from_user+0x3e/0x398 [ 6568.807471][T13254] [] copy_msghdr_from_user+0xbe/0x176 [ 6568.808120][T13254] [] ___sys_sendmsg+0x112/0x1e6 [ 6568.808775][T13254] [] __sys_sendmsg+0x188/0x246 [ 6568.809359][T13254] [] __riscv_sys_sendmsg+0x70/0xa2 [ 6568.810001][T13254] [] syscall_handler+0x94/0x118 [ 6568.810483][T13254] [] do_trap_ecall_u+0x396/0x530 [ 6568.810963][T13254] [] handle_exception+0x146/0x152 [ 6578.631051][T13274] __nla_validate_parse: 12 callbacks suppressed [ 6578.631611][T13274] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1420'. [ 6578.927712][T13269] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1420'. [ 6578.949239][T13269] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1420'. [ 6578.961854][T13269] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1420'. [ 6578.975104][T13269] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1420'. [ 6578.992106][T13269] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1420'. [ 6579.016029][T13269] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1420'. [ 6579.035523][T13269] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1420'. [ 6579.060400][T13269] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1420'. [ 6579.087735][T13269] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1420'. [ 6586.570726][T13283] netlink: 'syz.1.1423': attribute type 29 has an invalid length. [ 6586.680965][T13283] netlink: 'syz.1.1423': attribute type 29 has an invalid length. [ 6586.818155][T13283] __nla_validate_parse: 13 callbacks suppressed [ 6586.818729][T13283] netlink: 500 bytes leftover after parsing attributes in process `syz.1.1423'. [ 6592.419484][T13287] syz.0.1425 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 6596.028217][T13305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1426'. [ 6596.069676][T13305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1426'. [ 6596.088726][T13305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1426'. [ 6596.151919][T13305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1426'. [ 6596.176210][T13305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1426'. [ 6596.181483][T13305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1426'. [ 6596.219131][T13305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1426'. [ 6596.243885][T13305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1426'. [ 6596.249546][T13305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1426'. [ 6596.292135][T13305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1426'. [ 6599.306820][T10916] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1329 sec [ 6603.179438][T13313] __nla_validate_parse: 11 callbacks suppressed [ 6603.179999][T13313] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1427'. [ 6605.675773][T13315] cgroup: Invalid name [ 6605.885987][T13315] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate. [ 6615.381686][T13328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1432'. [ 6615.451484][T13328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1432'. [ 6615.485433][T13328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1432'. [ 6615.501286][T13328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1432'. [ 6615.512192][T13328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1432'. [ 6615.525843][T13328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1432'. [ 6615.538622][T13328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1432'. [ 6615.566302][T13328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1432'. [ 6615.591759][T13328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1432'. [ 6615.616441][T13328] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1432'. [ 6629.068197][T13343] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 6635.801140][ T35] audit: type=1326 audit(6634.890:4766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13345 comm="syz.0.1437" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x0 [ 6657.249984][T13359] FAULT_INJECTION: forcing a failure. [ 6657.249984][T13359] name failslab, interval 1, probability 0, space 0, times 0 [ 6657.253359][T13359] CPU: 1 UID: 0 PID: 13359 Comm: syz.1.1442 Not tainted syzkaller #0 PREEMPT [ 6657.253688][T13359] Hardware name: riscv-virtio,qemu (DT) [ 6657.253793][T13359] Call Trace: [ 6657.253888][T13359] [] dump_backtrace+0x2e/0x3c [ 6657.254252][T13359] [] show_stack+0x30/0x3c [ 6657.254509][T13359] [] dump_stack_lvl+0x12e/0x1a6 [ 6657.254917][T13359] [] dump_stack+0x1c/0x24 [ 6657.255259][T13359] [] should_fail_ex+0x48c/0x5cc [ 6657.255801][T13359] [] should_failslab+0xba/0x102 [ 6657.256217][T13359] [] kmem_cache_alloc_noprof+0x62/0x3bc [ 6657.256642][T13359] [] skb_clone+0x180/0x3ce [ 6657.257189][T13359] [] dev_queue_xmit_nit+0x384/0xc06 [ 6657.257793][T13359] [] dev_hard_start_xmit+0x75c/0xace [ 6657.258421][T13359] [] sch_direct_xmit+0x166/0x466 [ 6657.258816][T13359] [] __qdisc_run+0x4de/0x2098 [ 6657.259217][T13359] [] __dev_queue_xmit+0x29e8/0x4aa4 [ 6657.259586][T13359] [] ip_finish_output2+0xcfa/0x2770 [ 6657.259895][T13359] [] __ip_finish_output+0x378/0x60c [ 6657.260183][T13359] [] ip_finish_output+0x3c/0x350 [ 6657.260573][T13359] [] ip_output+0x21e/0x83a [ 6657.260858][T13359] [] __ip_queue_xmit+0x8a4/0x21c2 [ 6657.261149][T13359] [] ip_queue_xmit+0x54/0x6c [ 6657.261470][T13359] [] __tcp_transmit_skb+0x1a58/0x437c [ 6657.261796][T13359] [] tcp_xmit_probe_skb+0x2fc/0x3f4 [ 6657.262111][T13359] [] tcp_send_window_probe+0x132/0x168 [ 6657.262459][T13359] [] do_tcp_setsockopt+0x237a/0x2808 [ 6657.262723][T13359] [] tcp_setsockopt+0xc8/0xe0 [ 6657.263070][T13359] [] sock_common_setsockopt+0x90/0xc0 [ 6657.263327][T13359] [] do_sock_setsockopt+0x208/0x400 [ 6657.263690][T13359] [] __sys_setsockopt+0x142/0x1e6 [ 6657.264082][T13359] [] __riscv_sys_setsockopt+0xa6/0x114 [ 6657.264753][T13359] [] syscall_handler+0x94/0x118 [ 6657.265220][T13359] [] do_trap_ecall_u+0x396/0x530 [ 6657.265682][T13359] [] handle_exception+0x146/0x152 [ 6659.545063][T13361] input: syz0 as /devices/virtual/input/input37 [ 6659.715621][T12913] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1390 sec [ 6670.308629][T13376] ======================================================= [ 6670.308629][T13376] WARNING: The mand mount option has been deprecated and [ 6670.308629][T13376] and is ignored by this kernel. Remove the mand [ 6670.308629][T13376] option from the mount to silence this warning. [ 6670.308629][T13376] ======================================================= [ 6674.130471][T13385] block nbd1: shutting down sockets [ 6713.090925][T13439] FAULT_INJECTION: forcing a failure. [ 6713.090925][T13439] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 6713.092268][T13439] CPU: 0 UID: 0 PID: 13439 Comm: syz.1.1460 Not tainted syzkaller #0 PREEMPT [ 6713.092615][T13439] Hardware name: riscv-virtio,qemu (DT) [ 6713.092778][T13439] Call Trace: [ 6713.092879][T13439] [] dump_backtrace+0x2e/0x3c [ 6713.093244][T13439] [] show_stack+0x30/0x3c [ 6713.093491][T13439] [] dump_stack_lvl+0x12e/0x1a6 [ 6713.093855][T13439] [] dump_stack+0x1c/0x24 [ 6713.094198][T13439] [] should_fail_ex+0x48c/0x5cc [ 6713.094535][T13439] [] should_fail+0xe/0x16 [ 6713.094849][T13439] [] should_fail_usercopy+0x1e/0x26 [ 6713.095176][T13439] [] _copy_from_user+0x3e/0x398 [ 6713.095441][T13439] [] do_sock_getsockopt+0x2a2/0x5ea [ 6713.095763][T13439] [] __sys_getsockopt+0xda/0x16a [ 6713.096099][T13439] [] __riscv_sys_getsockopt+0xa6/0x114 [ 6713.096443][T13439] [] syscall_handler+0x94/0x118 [ 6713.096754][T13439] [] do_trap_ecall_u+0x396/0x530 [ 6713.097013][T13439] [] handle_exception+0x146/0x152 [ 6720.047324][ T8379] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1450 sec [ 6720.577154][T13445] __nla_validate_parse: 12 callbacks suppressed [ 6720.577713][T13445] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1463'. [ 6720.667043][T13444] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1462'. [ 6729.249614][T13455] capability: warning: `syz.0.1466' uses 32-bit capabilities (legacy support in use) [ 6731.291970][T13455] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1466'. [ 6732.195256][T11441] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 6732.426135][T11441] usb 1-1: Using ep0 maxpacket: 32 [ 6732.844234][T11441] usb 1-1: unable to get BOS descriptor or descriptor too short [ 6732.978276][T11441] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 6732.981243][T11441] usb 1-1: config 1 has an invalid interface descriptor of length 2, skipping [ 6732.992376][T11441] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 6733.007379][T11441] usb 1-1: config 1 has no interface number 1 [ 6733.208142][T11441] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 6733.210150][T11441] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 6733.211701][T11441] usb 1-1: Product: syz [ 6733.214621][T11441] usb 1-1: Manufacturer: syz [ 6733.215983][T11441] usb 1-1: SerialNumber: syz [ 6738.890349][T11441] usb 1-1: 2:1 : unknown format tag 0x3 is detected. processed as MPEG. [ 6738.892579][T11441] usb 1-1: found format II with max.bitrate = 6, frame size=2 [ 6738.907134][T11441] usb 1-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 6741.042468][T10916] usb 1-1: USB disconnect, device number 68 [ 6749.238819][T13489] kernel read not supported for file /file1 (pid: 13489 comm: syz.0.1469) [ 6749.265961][ T35] audit: type=1800 audit(6748.330:4767): pid=13489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1469" name="file1" dev="mqueue" ino=20764 res=0 errno=0 [ 6749.904860][T13490] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1468'. [ 6765.576978][T13515] kernel read not supported for file /file1 (pid: 13515 comm: syz.0.1474) [ 6765.591938][ T35] audit: type=1800 audit(6764.670:4768): pid=13515 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1474" name="file1" dev="mqueue" ino=20797 res=0 errno=0 [ 6771.797720][T13518] netlink: 'syz.0.1476': attribute type 1 has an invalid length. [ 6776.143423][T13526] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1478'. [ 6780.906144][T10916] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1511 sec [ 6802.280308][T13545] FAULT_INJECTION: forcing a failure. [ 6802.280308][T13545] name failslab, interval 1, probability 0, space 0, times 0 [ 6802.282466][T13545] CPU: 1 UID: 0 PID: 13545 Comm: syz.1.1484 Not tainted syzkaller #0 PREEMPT [ 6802.283057][T13545] Hardware name: riscv-virtio,qemu (DT) [ 6802.283250][T13545] Call Trace: [ 6802.283446][T13545] [] dump_backtrace+0x2e/0x3c [ 6802.284041][T13545] [] show_stack+0x30/0x3c [ 6802.284443][T13545] [] dump_stack_lvl+0x12e/0x1a6 [ 6802.285072][T13545] [] dump_stack+0x1c/0x24 [ 6802.285682][T13545] [] should_fail_ex+0x48c/0x5cc [ 6802.286264][T13545] [] should_failslab+0xba/0x102 [ 6802.286881][T13545] [] kmem_cache_alloc_node_noprof+0x274/0x3c8 [ 6802.287526][T13545] [] copy_process+0x416/0x72ce [ 6802.288125][T13545] [] kernel_clone+0x128/0xd9e [ 6802.288742][T13545] [] __do_sys_clone+0xfe/0x13e [ 6802.289339][T13545] [] __riscv_sys_clone+0xa0/0x10e [ 6802.289963][T13545] [] syscall_handler+0x94/0x118 [ 6802.290422][T13545] [] do_trap_ecall_u+0x396/0x530 [ 6802.290873][T13545] [] handle_exception+0x146/0x152 [ 6804.955754][T13549] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1486'. [ 6805.715317][T11441] usb 1-1: new full-speed USB device number 69 using dummy_hcd [ 6806.171879][T11441] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 6806.192117][T11441] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 6806.195315][T11441] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 107, setting to 64 [ 6806.327408][T11441] usb 1-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a [ 6806.328846][T11441] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 6806.330293][T11441] usb 1-1: Product: syz [ 6806.331018][T11441] usb 1-1: Manufacturer: syz [ 6806.331801][T11441] usb 1-1: SerialNumber: syz [ 6806.502332][T11441] usb 1-1: config 0 descriptor?? [ 6806.578720][T13549] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 6806.714681][T11441] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input38 [ 6808.164217][T11441] usb 1-1: USB disconnect, device number 69 [ 6823.101047][T13582] trusted_key: encrypted_key: insufficient parameters specified [ 6823.417438][T13464] Process accounting resumed [ 6824.878149][T13582] Process accounting resumed [ 6826.569710][T13588] FAULT_INJECTION: forcing a failure. [ 6826.569710][T13588] name fail_iommufd, interval 1, probability 0, space 0, times 1 [ 6826.572001][T13588] CPU: 0 UID: 0 PID: 13588 Comm: syz.1.1491 Not tainted syzkaller #0 PREEMPT [ 6826.572511][T13588] Hardware name: riscv-virtio,qemu (DT) [ 6826.572767][T13588] Call Trace: [ 6826.572939][T13588] [] dump_backtrace+0x2e/0x3c [ 6826.573620][T13588] [] show_stack+0x30/0x3c [ 6826.574131][T13588] [] dump_stack_lvl+0x12e/0x1a6 [ 6826.574768][T13588] [] dump_stack+0x1c/0x24 [ 6826.575373][T13588] [] should_fail_ex+0x48c/0x5cc [ 6826.575947][T13588] [] should_fail+0xe/0x16 [ 6826.576515][T13588] [] iommufd_should_fail+0x22/0x2a [ 6826.576999][T13588] [] iommufd_get_object+0x8a/0x488 [ 6826.577573][T13588] [] iommufd_ioas_unmap+0xf4/0x4a6 [ 6826.578095][T13588] [] iommufd_fops_ioctl+0x566/0x842 [ 6826.578670][T13588] [] __riscv_sys_ioctl+0x180/0x1e4 [ 6826.579124][T13588] [] syscall_handler+0x94/0x118 [ 6826.580042][T13588] [] do_trap_ecall_u+0x396/0x530 [ 6826.580596][T13588] [] handle_exception+0x146/0x152 [ 6841.226092][T12913] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1571 sec [ 6841.692228][T13596] FAULT_INJECTION: forcing a failure. [ 6841.692228][T13596] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 6841.726494][T13596] CPU: 0 UID: 0 PID: 13596 Comm: syz.1.1494 Not tainted syzkaller #0 PREEMPT [ 6841.727073][T13596] Hardware name: riscv-virtio,qemu (DT) [ 6841.727197][T13596] Call Trace: [ 6841.727298][T13596] [] dump_backtrace+0x2e/0x3c [ 6841.727670][T13596] [] show_stack+0x30/0x3c [ 6841.727921][T13596] [] dump_stack_lvl+0x12e/0x1a6 [ 6841.728281][T13596] [] dump_stack+0x1c/0x24 [ 6841.728678][T13596] [] should_fail_ex+0x48c/0x5cc [ 6841.729032][T13596] [] should_fail+0xe/0x16 [ 6841.729359][T13596] [] should_fail_usercopy+0x1e/0x26 [ 6841.729712][T13596] [] _copy_from_iter+0x200/0x1d22 [ 6841.730127][T13596] [] netlink_sendmsg+0x7c2/0xdd8 [ 6841.730454][T13596] [] __sock_sendmsg+0xcc/0x160 [ 6841.730842][T13596] [] ____sys_sendmsg+0x63e/0x79c [ 6841.731229][T13596] [] ___sys_sendmsg+0x144/0x1e6 [ 6841.731602][T13596] [] __sys_sendmsg+0x188/0x246 [ 6841.731973][T13596] [] __riscv_sys_sendmsg+0x70/0xa2 [ 6841.732344][T13596] [] syscall_handler+0x94/0x118 [ 6841.732716][T13596] [] do_trap_ecall_u+0x396/0x530 [ 6841.733001][T13596] [] handle_exception+0x146/0x152 [ 6869.400747][T13618] kernel read not supported for file /file1 (pid: 13618 comm: syz.0.1502) [ 6869.441535][ T35] audit: type=1800 audit(6868.530:4769): pid=13618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1502" name="file1" dev="mqueue" ino=20969 res=0 errno=0 [ 6901.630818][T10916] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1632 sec [ 6913.428862][T13657] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1509'. [ 6933.330371][T13690] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 6935.001099][T13693] netlink: 256 bytes leftover after parsing attributes in process `syz.0.1515'. [ 6938.676169][T13696] FAULT_INJECTION: forcing a failure. [ 6938.676169][T13696] name failslab, interval 1, probability 0, space 0, times 0 [ 6938.678405][T13696] CPU: 1 UID: 0 PID: 13696 Comm: syz.1.1516 Not tainted syzkaller #0 PREEMPT [ 6938.678934][T13696] Hardware name: riscv-virtio,qemu (DT) [ 6938.679126][T13696] Call Trace: [ 6938.679294][T13696] [] dump_backtrace+0x2e/0x3c [ 6938.679889][T13696] [] show_stack+0x30/0x3c [ 6938.680272][T13696] [] dump_stack_lvl+0x12e/0x1a6 [ 6938.680870][T13696] [] dump_stack+0x1c/0x24 [ 6938.681420][T13696] [] should_fail_ex+0x48c/0x5cc [ 6938.681961][T13696] [] should_failslab+0xba/0x102 [ 6938.682530][T13696] [] __kmalloc_node_noprof+0xcc/0x58e [ 6938.683157][T13696] [] __vmalloc_node_range_noprof+0x360/0x11b0 [ 6938.683635][T13696] [] __vmalloc_noprof+0xfc/0x12a [ 6938.684056][T13696] [] bpf_prog_alloc_no_stats+0x64/0x52c [ 6938.684682][T13696] [] bpf_prog_alloc+0x3a/0x26e [ 6938.685292][T13696] [] bpf_prog_load+0x7ac/0x212c [ 6938.685807][T13696] [] __sys_bpf+0x812/0x4334 [ 6938.686326][T13696] [] __riscv_sys_bpf+0x6c/0xc6 [ 6938.686871][T13696] [] syscall_handler+0x94/0x118 [ 6938.687327][T13696] [] do_trap_ecall_u+0x396/0x530 [ 6938.687791][T13696] [] handle_exception+0x146/0x152 [ 6938.767165][T13696] syz.1.1516: vmalloc error: size 4096, failed to allocated page array size 8, mode:0x500dc2(GFP_HIGHUSER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0 [ 6938.797669][T13696] CPU: 1 UID: 0 PID: 13696 Comm: syz.1.1516 Not tainted syzkaller #0 PREEMPT [ 6938.798250][T13696] Hardware name: riscv-virtio,qemu (DT) [ 6938.798446][T13696] Call Trace: [ 6938.798634][T13696] [] dump_backtrace+0x2e/0x3c [ 6938.799228][T13696] [] show_stack+0x30/0x3c [ 6938.799649][T13696] [] dump_stack_lvl+0x12e/0x1a6 [ 6938.800217][T13696] [] dump_stack+0x1c/0x24 [ 6938.800802][T13696] [] warn_alloc+0x170/0x292 [ 6938.801325][T13696] [] __vmalloc_node_range_noprof+0xe3c/0x11b0 [ 6938.801836][T13696] [] __vmalloc_noprof+0xfc/0x12a [ 6938.802255][T13696] [] bpf_prog_alloc_no_stats+0x64/0x52c [ 6938.802861][T13696] [] bpf_prog_alloc+0x3a/0x26e [ 6938.803415][T13696] [] bpf_prog_load+0x7ac/0x212c [ 6938.803994][T13696] [] __sys_bpf+0x812/0x4334 [ 6938.804601][T13696] [] __riscv_sys_bpf+0x6c/0xc6 [ 6938.805197][T13696] [] syscall_handler+0x94/0x118 [ 6938.805712][T13696] [] do_trap_ecall_u+0x396/0x530 [ 6938.806230][T13696] [] handle_exception+0x146/0x152 [ 6938.868398][T13696] Mem-Info: [ 6938.870783][T13696] active_anon:2639 inactive_anon:0 isolated_anon:0 [ 6938.870783][T13696] active_file:16391 inactive_file:37058 isolated_file:0 [ 6938.870783][T13696] unevictable:768 dirty:101 writeback:0 [ 6938.870783][T13696] slab_reclaimable:2785 slab_unreclaimable:27661 [ 6938.870783][T13696] mapped:12964 shmem:854 pagetables:782 [ 6938.870783][T13696] sec_pagetables:0 bounce:0 [ 6938.870783][T13696] kernel_misc_reclaimable:0 [ 6938.870783][T13696] free:200709 free_pcp:6801 free_cma:52608 [ 6938.899302][T13696] Node 0 active_anon:10556kB inactive_anon:0kB active_file:65564kB inactive_file:148232kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:51856kB dirty:404kB writeback:0kB shmem:3416kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6360kB pagetables:3128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 6938.950106][T13696] Node 0 DMA32 free:802836kB boost:0kB min:22528kB low:28160kB high:33792kB reserved_highatomic:0KB free_highatomic:0KB active_anon:10556kB inactive_anon:0kB active_file:65564kB inactive_file:148232kB unevictable:3072kB writepending:404kB present:2097152kB managed:1431464kB mlocked:0kB bounce:0kB free_pcp:27332kB local_pcp:13484kB free_cma:210432kB [ 6938.987626][T13696] lowmem_reserve[]: 0 0 0 [ 6939.008192][T13696] Node 0 DMA32: 1583*4kB (UME) 593*8kB (UME) 189*16kB (UME) 311*32kB (UME) 130*64kB (UME) 59*128kB (UM) 38*256kB (UME) 21*512kB (MC) 11*1024kB (UMC) 3*2048kB (UM) 177*4096kB (UMC) = 802804kB [ 6939.164651][T13696] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 6939.166647][T13696] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 6939.169611][T13696] 54306 total pagecache pages [ 6939.170717][T13696] 0 pages in swap cache [ 6939.171807][T13696] Free swap = 124996kB [ 6939.234943][T13696] Total swap = 124996kB [ 6939.237365][T13696] 524288 pages RAM [ 6939.239134][T13696] 0 pages HighMem/MovableOnly [ 6939.240181][T13696] 166422 pages reserved [ 6939.241252][T13696] 52736 pages cma reserved [ 6958.499763][T13727] netlink: 'syz.0.1521': attribute type 1 has an invalid length. [ 6958.539188][T13727] netlink: 'syz.0.1521': attribute type 2 has an invalid length. [ 6959.469154][T10916] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 6959.758023][T10916] usb 1-1: Using ep0 maxpacket: 16 [ 6959.875408][T10916] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 6959.877567][T10916] usb 1-1: config 0 has no interface number 0 [ 6959.879189][T10916] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7 [ 6959.881544][T10916] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 6959.940076][T10916] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 6959.941671][T10916] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 6959.964309][T10916] usb 1-1: Product: syz [ 6959.965401][T10916] usb 1-1: SerialNumber: syz [ 6960.069598][T10916] usb 1-1: config 0 descriptor?? [ 6960.297861][T10916] usbhid 1-1:0.8: couldn't find an input interrupt endpoint [ 6961.131183][T13714] block device autoloading is deprecated and will be removed. [ 6961.348458][T10916] usb 1-1: USB disconnect, device number 70 [ 6962.027839][T12913] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1692 sec [ 6986.401571][T13777] batadv_slave_1: entered allmulticast mode [ 6986.446109][T13777] random: crng reseeded on system resumption [ 6987.439285][T13777] Restarting kernel threads ... [ 6987.485067][T13777] Done restarting kernel threads. [ 6987.830768][T13777] dvmrp8: entered allmulticast mode [ 6989.458766][T13777] batadv_slave_1: left allmulticast mode [ 6989.476968][T13777] dvmrp8: left allmulticast mode [ 6995.856673][T13792] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1531'. [ 6995.896064][T13792] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1531'. [ 6995.917042][T13792] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1531'. [ 6995.978508][T13792] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1531'. [ 6996.038576][T13792] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1531'. [ 6996.051968][T13792] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1531'. [ 6996.071110][T13792] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1531'. [ 6996.092237][T13792] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1531'. [ 6996.136713][T13792] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1531'. [ 6996.178680][T13792] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1531'. [ 7015.638204][T13812] FAULT_INJECTION: forcing a failure. [ 7015.638204][T13812] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 7015.640417][T13812] CPU: 1 UID: 0 PID: 13812 Comm: syz.1.1536 Not tainted syzkaller #0 PREEMPT [ 7015.640992][T13812] Hardware name: riscv-virtio,qemu (DT) [ 7015.641190][T13812] Call Trace: [ 7015.641355][T13812] [] dump_backtrace+0x2e/0x3c [ 7015.641973][T13812] [] show_stack+0x30/0x3c [ 7015.642395][T13812] [] dump_stack_lvl+0x12e/0x1a6 [ 7015.643040][T13812] [] dump_stack+0x1c/0x24 [ 7015.643641][T13812] [] should_fail_ex+0x48c/0x5cc [ 7015.644223][T13812] [] should_fail+0xe/0x16 [ 7015.644877][T13812] [] should_fail_usercopy+0x1e/0x26 [ 7015.645453][T13812] [] _copy_to_user+0x3e/0x372 [ 7015.645909][T13812] [] sk_getsockopt+0x3fe/0x2d5a [ 7015.646427][T13812] [] do_sock_getsockopt+0x51e/0x5ea [ 7015.646972][T13812] [] __sys_getsockopt+0xda/0x16a [ 7015.647562][T13812] [] __riscv_sys_getsockopt+0xa6/0x114 [ 7015.648179][T13812] [] syscall_handler+0x94/0x118 [ 7015.648687][T13812] [] do_trap_ecall_u+0x396/0x530 [ 7015.649144][T13812] [] handle_exception+0x146/0x152 [ 7022.047443][T12913] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1752 sec [ 7039.065833][T13931] __nla_validate_parse: 12 callbacks suppressed [ 7039.066413][T13931] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1541'. [ 7050.452322][T13807] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7051.049191][T13807] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7056.231292][T14022] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1543'. [ 7085.027981][T10667] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1815 sec [ 7091.020633][T13807] hsr_slave_0: entered promiscuous mode [ 7091.061465][T13807] hsr_slave_1: entered promiscuous mode [ 7091.098849][T13807] debugfs: 'hsr0' already exists in 'hsr' [ 7091.100648][T13807] Cannot create hsr debugfs directory [ 7102.029051][T13807] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7103.129615][T13807] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7104.019099][T13807] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7104.832269][T13807] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7107.791834][T13807] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 7107.959290][T13807] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 7108.177257][T13807] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 7108.382022][T13807] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 7126.600615][T13807] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7145.144809][T13967] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1875 sec [ 7180.735961][T14235] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 7202.088943][T13807] veth0_vlan: entered promiscuous mode [ 7205.731831][T13807] veth1_vlan: entered promiscuous mode [ 7206.089510][T10916] page_pool_release_retry() stalled pool shutdown: id 14, 51 inflight 1936 sec [ 7209.035998][T13807] veth0_macvtap: entered promiscuous mode [ 7209.470574][T13807] veth1_macvtap: entered promiscuous mode [ 7211.871226][ T3041] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7211.941451][ T3041] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7211.945913][ T3041] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7211.947996][ T3041] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7219.049770][T14260] binder: 14259:14260 ioctl c0306201 200000000080 returned -14 [ 7237.891549][T14282] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1557'. [ 7275.097607][T14273] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 7275.169627][T14273] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 7290.549104][T14273] hsr_slave_0: entered promiscuous mode [ 7290.599315][T14273] hsr_slave_1: entered promiscuous mode [ 7290.618237][T14273] debugfs: 'hsr0' already exists in 'hsr' [ 7290.619305][T14273] Cannot create hsr debugfs directory [ 7295.581266][T14273] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7296.318107][T14273] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7296.876341][T14273] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7297.411821][T14273] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 7299.597898][T14273] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 7299.819999][T14273] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 7300.135521][T14273] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 7300.280585][T14273] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 7311.169644][T14273] 8021q: adding VLAN 0 to HW filter on device bond0 [ 7354.301712][T14273] veth0_vlan: entered promiscuous mode [ 7354.849276][T14273] veth1_vlan: entered promiscuous mode [ 7355.537760][T14273] veth0_macvtap: entered promiscuous mode [ 7355.694077][T14273] veth1_macvtap: entered promiscuous mode [ 7357.122610][ T3041] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 7357.128573][ T3041] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 7357.175676][ T3041] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 7357.177382][ T3041] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 7366.301581][T14680] syzkaller1: entered promiscuous mode [ 7366.306016][T14680] syzkaller1: entered allmulticast mode [ 7368.645008][T14291] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 7369.208337][T14291] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 7369.210141][T14291] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 7369.211425][T14291] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 7369.212440][T14291] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 7369.564773][T14291] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 7369.569487][T14291] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 7369.570467][T14291] usb 1-1: Manufacturer: syz [ 7369.828732][T14291] usb 1-1: config 0 descriptor?? [ 7371.187333][T14291] appleir 0003:05AC:8243.0002: unknown main item tag 0x0 [ 7371.447974][T14291] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 7377.265536][ T7248] usb 1-1: reset high-speed USB device number 71 using dummy_hcd [ 7378.386333][T14291] usb 1-1: USB disconnect, device number 71 [ 7394.356135][ T35] audit: type=1326 audit(7393.430:4770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14716 comm="syz.0.1574" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 7394.390597][ T35] audit: type=1326 audit(7393.480:4771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14716 comm="syz.0.1574" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 7394.506362][ T35] audit: type=1326 audit(7393.600:4772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14716 comm="syz.0.1574" exe="/syz-executor" sig=0 arch=c00000f3 syscall=222 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 7394.567072][ T35] audit: type=1326 audit(7393.650:4773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14716 comm="syz.0.1574" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 7394.590169][ T35] audit: type=1326 audit(7393.680:4774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14716 comm="syz.0.1574" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 7394.649803][ T35] audit: type=1326 audit(7393.740:4775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14716 comm="syz.0.1574" exe="/syz-executor" sig=0 arch=c00000f3 syscall=234 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 7505.047940][T14676] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 7505.291830][T14676] usb 1-1: Using ep0 maxpacket: 32 [ 7505.502460][T14676] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 7505.526829][T14676] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 7505.528829][T14676] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 188, changing to 11 [ 7505.530514][T14676] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 34363, setting to 1024 [ 7505.532245][T14676] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 7505.551166][T14676] usb 1-1: config 0 interface 0 has no altsetting 0 [ 7505.736181][T14676] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 7505.737529][T14676] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 7505.738485][T14676] usb 1-1: Product: syz [ 7505.739208][T14676] usb 1-1: Manufacturer: syz [ 7505.739980][T14676] usb 1-1: SerialNumber: syz [ 7505.927551][T14676] usb 1-1: config 0 descriptor?? [ 7505.981763][T14769] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 7506.289483][T14676] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 7506.476763][T14676] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 7506.969260][T14676] usb 1-1: USB disconnect, device number 72 [ 7507.168776][T14676] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 7511.339420][T14789] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 7553.415638][ T8916] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 7553.637234][ T8916] usb 2-1: Using ep0 maxpacket: 8 [ 7553.703973][ T8916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 7553.706721][ T8916] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 7553.708386][ T8916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 7553.859327][ T8916] usb 2-1: config 0 descriptor?? [ 7555.074380][ T8916] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 7556.776066][T13203] usb 2-1: USB disconnect, device number 62 [ 7619.867861][T14874] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 7632.228791][T14880] input: syz1 as /devices/virtual/input/input39 [ 7708.369900][T14965] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 7719.388100][T12913] atkbd serio0: keyboard reset failed on [ 7720.588128][T14985] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 7720.910680][T12913] atkbd serio0: keyboard reset failed on [ 7724.769677][T14988] Invalid ELF header magic: != ELF [ 7727.628796][T14992] binder_alloc: 14991: binder_alloc_buf, no vma [ 7730.515390][ T7248] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 7730.786465][ T7248] usb 1-1: Using ep0 maxpacket: 8 [ 7730.851764][ T7248] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 7730.863315][ T7248] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 7730.864905][ T7248] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 7730.866944][ T7248] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 7730.868553][ T7248] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 7730.869586][ T7248] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 7731.122187][T14999] misc userio: No port type given on /dev/userio [ 7731.177632][T14999] misc userio: No port type given on /dev/userio [ 7732.005141][ T7248] usb 1-1: GET_CAPABILITIES returned 0 [ 7732.007074][ T7248] usbtmc 1-1:16.0: can't read capabilities [ 7733.036972][ T7248] usb 1-1: USB disconnect, device number 73 [ 7734.599634][T15012] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 7737.816582][T13203] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 7738.089211][T13203] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 7738.092127][T13203] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 7738.251401][T13203] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 7738.259364][T13203] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 7738.261416][T13203] usb 2-1: Manufacturer: syz [ 7738.560991][T13203] usb 2-1: config 0 descriptor?? [ 7740.857097][T13203] rc_core: IR keymap rc-hauppauge not found [ 7740.858926][T13203] Registered IR keymap rc-empty [ 7741.155907][T13203] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 7741.238933][T13203] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input42 [ 7741.470618][ C1] igorplugusb 2-1:0.0: Error: urb status = -32 [ 7742.078011][T13203] usb 2-1: USB disconnect, device number 63 [ 7751.248679][T15043] misc userio: No port type given on /dev/userio [ 7751.268691][T15043] misc userio: No port type given on /dev/userio [ 7778.888812][T15069] misc userio: No port type given on /dev/userio [ 7778.916809][T15069] misc userio: No port type given on /dev/userio [ 7781.568789][T15071] block nbd0: not configured, cannot reconfigure [ 7932.345405][T15178] netlink: 277 bytes leftover after parsing attributes in process `syz.1.1692'. [ 7935.475966][T15177] binder: BINDER_SET_CONTEXT_MGR already set [ 7935.478864][T15177] binder: 15175:15177 ioctl 4018620d 200000004a80 returned -16 [ 7946.993258][ C1] sched: DL replenish lagged too much [ 7957.700378][T15200] binder: BINDER_SET_CONTEXT_MGR already set [ 7957.702192][T15200] binder: 15197:15200 ioctl 4018620d 200000004a80 returned -16 [ 7970.425918][T15210] comedi: valid board names for 8255 driver are: [ 7970.428798][T15210] 8255 [ 7970.429985][T15210] comedi: valid board names for vmk80xx driver are: [ 7970.431205][T15210] vmk80xx [ 7970.432217][T15210] comedi: valid board names for usbduxsigma driver are: [ 7970.434955][T15210] usbduxsigma [ 7970.436018][T15210] comedi: valid board names for usbduxfast driver are: [ 7970.437412][T15210] usbduxfast [ 7970.438432][T15210] comedi: valid board names for usbdux driver are: [ 7970.439738][T15210] usbdux [ 7970.440847][T15210] comedi: valid board names for ni6501 driver are: [ 7970.442182][T15210] ni6501 [ 7970.446197][T15210] comedi: valid board names for dt9812 driver are: [ 7970.447710][T15210] dt9812 [ 7970.448845][T15210] comedi: valid board names for ni_labpc_cs driver are: [ 7970.450199][T15210] ni_labpc_cs [ 7970.451368][T15210] comedi: valid board names for ni_daq_700 driver are: [ 7970.455404][T15210] ni_daq_700 [ 7970.456720][T15210] comedi: valid board names for labpc_pci driver are: [ 7970.458059][T15210] labpc_pci [ 7970.459146][T15210] comedi: valid board names for adl_pci9118 driver are: [ 7970.460687][T15210] pci9118dg [ 7970.461883][T15210] pci9118hg [ 7970.466239][T15210] pci9118hr [ 7970.467468][T15210] comedi: valid board names for 8255_pci driver are: [ 7970.468728][T15210] 8255_pci [ 7970.469792][T15210] comedi: valid board names for comedi_parport driver are: [ 7970.471203][T15210] comedi_parport [ 7970.472319][T15210] comedi: valid board names for comedi_test driver are: [ 7970.474737][T15210] comedi_test [ 7970.476603][T15210] comedi: valid board names for comedi_bond driver are: [ 7970.479568][T15210] comedi_bond [ 7980.822382][T15218] binder: BINDER_SET_CONTEXT_MGR already set [ 7980.856597][T15218] binder: 15217:15218 ioctl 4018620d 200000004a80 returned -16 [ 8007.277886][T15267] rdma_op ffffaf803000e1f0 conn xmit_rdma 0000000000000000 [ 8053.746748][T15296] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1728'. [ 8088.749825][T13464] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 8089.125677][T13464] usb 2-1: Using ep0 maxpacket: 8 [ 8089.597562][T13464] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 8089.599757][T13464] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 8089.601500][T13464] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 8089.668065][T13464] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 8089.670211][T13464] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 8089.672641][T13464] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 8089.712162][T13464] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 8092.295967][T13464] usb 2-1: usb_control_msg returned -71 [ 8092.299405][T13464] usbtmc 2-1:16.0: can't read capabilities [ 8092.955467][T13464] usb 2-1: USB disconnect, device number 64 [ 8115.761483][T15357] binder: 15356:15357 unknown command 0 [ 8115.766350][T15357] binder: 15356:15357 ioctl c0306201 200000000080 returned -22 [ 8129.191816][T15374] veth0: entered promiscuous mode [ 8129.279288][T15374] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1743'. [ 8183.135880][T15427] syzkaller1: entered promiscuous mode [ 8183.137133][T15427] syzkaller1: entered allmulticast mode [ 8224.068068][T15454] misc userio: No port type given on /dev/userio [ 8248.295157][T13967] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 8248.534486][T13967] usb 2-1: Using ep0 maxpacket: 8 [ 8248.668621][T13967] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 8248.670113][T13967] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 8248.671047][T13967] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 8248.789751][T13967] usb 2-1: config 0 descriptor?? [ 8249.654415][T13967] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 8251.270269][T13464] usb 2-1: USB disconnect, device number 65 [ 8293.388794][T12913] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 8293.635809][T12913] usb 2-1: Using ep0 maxpacket: 8 [ 8293.747698][T12913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 8293.750432][T12913] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 8293.752234][T12913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 8294.091384][T12913] usb 2-1: config 0 descriptor?? [ 8295.225214][T12913] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 8297.908740][T13464] usb 2-1: USB disconnect, device number 66 [ 8335.887649][T15564] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1784'. [ 8335.894635][T15564] nbd: must specify a device to reconfigure [ 8356.077799][T15586] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1790'. [ 8356.079775][T15586] nbd: must specify a device to reconfigure [ 8371.900432][T15606] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1796'. [ 8371.911766][T15606] nbd: must specify a device to reconfigure [ 8378.426049][T15608] syz_tun: entered promiscuous mode [ 8378.495039][T15608] batadv_slave_0: entered promiscuous mode [ 8415.711790][T15631] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1801'. [ 8415.736415][T15631] nbd: must specify a device to reconfigure [ 8451.597734][T15646] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1806'. [ 8451.599674][T15646] nbd: must specify a device to reconfigure [ 8493.115029][T15669] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1812'. [ 8493.116941][T15669] nbd: must specify a device to reconfigure [ 8527.805542][T15693] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1818'. [ 8527.811022][T15693] nbd: must specify a device to reconfigure [ 8602.476146][T15766] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1847'. [ 8630.121442][ T35] audit: type=1326 audit(8629.210:4776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15802 comm="syz.1.1859" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7fc00000 [ 8630.166467][ T35] audit: type=1326 audit(8629.240:4777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15802 comm="syz.1.1859" exe="/syz-executor" sig=0 arch=c00000f3 syscall=29 compat=0 ip=0xdbb72 code=0x7fc00000 [ 8630.236607][ T35] audit: type=1326 audit(8629.300:4778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15802 comm="syz.1.1859" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7fc00000 [ 8639.628109][T15186] usb 2-1: new full-speed USB device number 67 using dummy_hcd [ 8639.631345][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 8639.866938][T15186] usb 2-1: device descriptor read/64, error -32 [ 8640.255917][T15186] usb 2-1: new full-speed USB device number 68 using dummy_hcd [ 8640.816036][T15186] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 8640.818193][T15186] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 8640.880361][T15186] usb 2-1: config 0 descriptor?? [ 8643.690600][T15186] pegasus 2-1:0.0: probe with driver pegasus failed with error -32 [ 8654.897505][T12913] usb 2-1: USB disconnect, device number 68 [ 8696.301851][T15865] ttynull ttynull: ldisc open failed (-12), clearing slot 0 [ 9140.290240][T16257] lo speed is unknown, defaulting to 1000 [ 9140.301414][T16257] lo speed is unknown, defaulting to 1000 [ 9140.793900][T16257] lo speed is unknown, defaulting to 1000 [ 9142.344512][T16257] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 9144.308477][T16257] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 9146.648568][T16257] lo speed is unknown, defaulting to 1000 [ 9146.689856][T16257] lo speed is unknown, defaulting to 1000 [ 9146.720659][T16257] lo speed is unknown, defaulting to 1000 [ 9146.750680][T16257] lo speed is unknown, defaulting to 1000 [ 9252.052506][ T35] audit: type=1326 audit(9251.130:4779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2027" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 9252.097045][ T35] audit: type=1326 audit(9251.180:4780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2027" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 9252.310762][ T35] audit: type=1326 audit(9251.400:4781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2027" exe="/syz-executor" sig=0 arch=c00000f3 syscall=293 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 9252.329216][ T35] audit: type=1326 audit(9251.410:4782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2027" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 9252.345674][ T35] audit: type=1326 audit(9251.430:4783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2027" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 9252.400594][ T35] audit: type=1326 audit(9251.480:4784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2027" exe="/syz-executor" sig=0 arch=c00000f3 syscall=56 compat=0 ip=0xda9c2 code=0x7ffc0000 [ 9252.437977][ T35] audit: type=1326 audit(9251.510:4785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2027" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 9252.480037][ T35] audit: type=1326 audit(9251.560:4786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2027" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 9252.515556][ T35] audit: type=1326 audit(9251.580:4787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2027" exe="/syz-executor" sig=0 arch=c00000f3 syscall=227 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 9252.517527][ T35] audit: type=1326 audit(9251.600:4788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16325 comm="syz.0.2027" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdbb72 code=0x7ffc0000 [ 9255.666784][T16330] trusted_key: syz.1.2028 sent an empty control message without MSG_MORE. [ 9304.301806][T16355] ptrace attach of "/syz-executor exec"[13807] was attempted by " \x0cH;'Sde/Ȑ|zPиW\x0bPt5QI0kp;t>?7~՞8)>\x0a.Fv\x5c0CP{\x07ԭ4OT)%DkfCkF 籥;m\x0cv\x0cTʪz5m֢vī'c^تg_\x0bƍ8)c,(qeB㑻SPt4o IHwL#@mUpE^agh~d_9\x07r|GJj+&ҽk(\x07rnE4(#ë\x0b YβB\x0aЦ&R`?L1tիw.M=3|Gsmg4`|\x22{б춋1[{ȯw/B_g6-qyk*o\x0d\x5cc8\x5 [ 9348.198999][T16398] atomic_op ffffaf801c254998 conn xmit_atomic 0000000000000000 [ 9406.175995][T16430] Device tree not included in the provided image [ 9409.311765][T16434] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2057'. [ 9496.237918][T16505] lo speed is unknown, defaulting to 1000 [ 9543.539796][T16575] xt_bpf: check failed: parse error [ 9555.507174][T16586] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2101'. [ 9678.490847][T16706] netlink: 140 bytes leftover after parsing attributes in process `syz.0.2148'. [ 9678.585403][T16706] netlink: 'syz.0.2148': attribute type 5 has an invalid length. [ 9679.597059][T16708] netlink: 'syz.0.2148': attribute type 10 has an invalid length. [ 9708.901671][T16734] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2158'. [ 9708.909368][T16734] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2158'. [ 9709.521716][T10674] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 9709.532215][T10674] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 9709.537794][T16734] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2158'. [ 9709.591187][T10674] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 9709.591801][T16734] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2158'. [ 9709.597523][T10674] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 9730.338913][T16753] geneve2: entered promiscuous mode [ 9732.536423][T16753] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2166'. [ 9739.854979][T16776] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2169'. [ 9750.141703][T16794] atomic_op ffffaf801c0e6998 conn xmit_atomic 0000000000000000 [ 9773.141855][T16809] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2182'. [ 9773.262105][T16809] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 9783.291635][T16821] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2187'. [ 9783.297250][T16821] 8021q: VLANs not supported on nlmon0 [ 9847.598292][T16900] veth0_to_bond: entered allmulticast mode [ 9905.141629][T16988] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2256'. [ 9906.020079][T16988] netlink: 'syz.1.2256': attribute type 4 has an invalid length. [ 9906.725285][T16991] netlink: 'syz.1.2256': attribute type 4 has an invalid length. [ 9906.762347][T16229] lo speed is unknown, defaulting to 1000 [ 9906.779699][T16229] syz0: Port: 1 Link DOWN [ 9907.395952][T16229] lo speed is unknown, defaulting to 1000 [ 9907.397687][T16229] syz0: Port: 1 Link ACTIVE [ 9945.650206][T17036] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2277'. [ 9959.873602][T17048] atomic_op ffffaf802c248998 conn xmit_atomic 0000000000000000 [10000.569154][T17060] atomic_op ffffaf802c24a198 conn xmit_atomic 0000000000000000 [10013.516682][T17031] syz_tun (unregistering): left promiscuous mode [10016.211851][T10674] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [10016.255433][T10674] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [10017.590759][T10674] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [10017.592312][T10674] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [10018.455754][T10674] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [10018.465549][T10674] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [10019.711111][T10674] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [10019.736477][T10674] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [10027.141913][T17061] lo speed is unknown, defaulting to 1000 [10045.172161][T10674] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [10045.335059][T10674] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [10045.540183][T10674] bond0 (unregistering): Released all slaves [10047.365099][T10674] batadv_slave_0: left promiscuous mode [10047.848176][T10674] hsr_slave_0: left promiscuous mode [10048.144170][T10674] hsr_slave_1: left promiscuous mode [10048.414041][T10674] veth1_macvtap: left promiscuous mode [10048.416906][T10674] veth0_macvtap: left promiscuous mode [10048.420932][T10674] veth1_vlan: left promiscuous mode [10048.426933][T10674] veth0_vlan: left promiscuous mode [10048.989488][T17131] atomic_op ffffaf802de3e198 conn xmit_atomic 0000000000000000 [10092.614753][T17190] lo speed is unknown, defaulting to 1000 [10109.118844][T17061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [10109.251615][T17061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [10132.822101][T17061] hsr_slave_0: entered promiscuous mode [10132.870546][T17061] hsr_slave_1: entered promiscuous mode [10132.882489][T17061] debugfs: 'hsr0' already exists in 'hsr' [10132.915141][T17061] Cannot create hsr debugfs directory [10149.609087][T17061] netdevsim netdevsim2 netdevsim0: renamed from eth0 [10149.771266][T17061] netdevsim netdevsim2 netdevsim1: renamed from eth1 [10149.882121][T17061] netdevsim netdevsim2 netdevsim2: renamed from eth2 [10151.100417][T17061] netdevsim netdevsim2 netdevsim3: renamed from eth3 [10169.119387][T17061] 8021q: adding VLAN 0 to HW filter on device bond0 [10260.671582][T17061] veth0_vlan: entered promiscuous mode [10261.696893][T17061] veth1_vlan: entered promiscuous mode [10264.972162][T17061] veth0_macvtap: entered promiscuous mode [10265.982626][T17061] veth1_macvtap: entered promiscuous mode [10271.090486][T17067] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [10271.106484][T17067] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [10271.197174][T17067] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [10271.375239][T17067] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [10306.488230][T17604] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2319'. [10331.026344][T17621] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2325'. [10331.029852][T17621] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2325'. [10388.560426][T17656] [10388.564640][T17656] ============================= [10388.565999][T17656] WARNING: suspicious RCU usage [10388.569581][T17656] syzkaller #0 Not tainted [10388.570828][T17656] ----------------------------- [10388.572255][T17656] kernel/events/callchain.c:163 suspicious rcu_dereference_check() usage! [10388.575668][T17656] [10388.575668][T17656] other info that might help us debug this: [10388.575668][T17656] [10388.577502][T17656] [10388.577502][T17656] rcu_scheduler_active = 2, debug_locks = 1 [10388.580235][T17656] 1 lock held by syz.1.2342/17656: [10388.582501][T17656] #0: ffffffff883de000 (rcu_read_lock_trace){....}-{0:0}, at: bpf_prog_test_run_syscall+0x2fe/0x778 [10388.595884][T17656] [10388.595884][T17656] stack backtrace: [10388.597096][T17656] CPU: 1 UID: 0 PID: 17656 Comm: syz.1.2342 Not tainted syzkaller #0 PREEMPT [10388.597651][T17656] Hardware name: riscv-virtio,qemu (DT) [10388.597855][T17656] Call Trace: [10388.598023][T17656] [] dump_backtrace+0x2e/0x3c [10388.598602][T17656] [] show_stack+0x30/0x3c [10388.599045][T17656] [] dump_stack_lvl+0x12e/0x1a6 [10388.599694][T17656] [] dump_stack+0x1c/0x24 [10388.600362][T17656] [] lockdep_rcu_suspicious+0x196/0x268 [10388.601055][T17656] [] get_callchain_entry+0x2da/0x448 [10388.601657][T17656] [] get_perf_callchain+0xc2/0x6be [10388.602199][T17656] [] __bpf_get_stack+0x492/0xa24 [10388.602772][T17656] [] bpf_get_stack+0x34/0x44 [10388.603256][T17656] [] bpf_get_stack_raw_tp+0xde/0x112 [10388.603882][T17656] [] bpf_prog_b8a90dd1efcc4ad9+0x4a/0x5c [10388.605156][T17656] [] bpf_prog_test_run_syscall+0x592/0x778 [10388.605887][T17656] [] __sys_bpf+0x1d86/0x4334 [10388.606466][T17656] [] __riscv_sys_bpf+0x6c/0xc6 [10388.607055][T17656] [] syscall_handler+0x94/0x118 [10388.607564][T17656] [] do_trap_ecall_u+0x396/0x530 [10388.608037][T17656] [] handle_exception+0x146/0x152 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [10408.546520][T10674] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [10410.646443][T10674] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [10412.258345][T10674] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [10413.200249][T10674] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 VM DIAGNOSIS: 06:05:00 Registers: info registers vcpu 0 CPU#0 V = 0 pc ffffffff85111cba mhartid 0000000000000000 mstatus 0000000a000001a2 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000000 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b10d mtvec 00000000800004f0 stvec ffffffff863ed0f0 vstvec 0000000000000000 mepc ffffffff8008f7ca sepc ffffffff802df000 vsepc 0000000000000000 mcause 0000000000000009 scause 8000000000000009 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 000000008004a000 sscratch 0000000000000000 satp 910cb000000b32ef x0/zero 0000000000000000 x1/ra ffffffff85892e86 x2/sp ffff8f8000006900 x3/gp ffffffff89c9e340 x4/tp ffffaf801b024ec0 x5/t0 ffffaf803357fb80 x6/t1 fffffffef2232698 x7/t2 0000000000000000 x8/s0 ffff8f8000006980 x9/s1 ffffaf801b9a1980 x10/a0 ffffaf801b9a1c04 x11/a1 0000000000000004 x12/a2 0000000000f00000 x13/a3 ffffffff85892cca x14/a4 0000000000000000 x15/a5 ffffaf801b024ec0 x16/a6 0000000000f00000 x17/a7 ffffaf801b9a1ac3 x18/s2 ffffaf803357fc20 x19/s3 0000000000000000 x20/s4 000000000379d422 x21/s5 000000000379d422 x22/s6 ffffaf801b9a2388 x23/s7 ffffaf801b9a217c x24/s8 1ffff5f003734466 x25/s9 ffffaf801e061200 x26/s10 1ffff5f00373442f x27/s11 1ffff1f000000d7c x28/t3 70ca818e00000000 x29/t4 fffff5ef03734358 x30/t5 fffff5ef03734359 x31/t6 0000000000000002 fcsr 0000000000000000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 CPU#1 V = 0 pc ffffffff81f0ee30 mhartid 0000000000000001 mstatus 0000000a000000a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000000 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b10d mtvec 00000000800004f0 stvec ffffffff863ed0f0 vstvec 0000000000000000 mepc ffffffff81f0d46a sepc ffffffff8030c32e vsepc 0000000000000000 mcause 8000000000000003 scause 8000000000000005 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080048000 sscratch 0000000000000000 satp 910cb000000b32ef x0/zero 0000000000000000 x1/ra ffffffff81f0ee00 x2/sp ffff8f8000f76fd0 x3/gp ffffffff89c9e340 x4/tp ffffaf801c76cec0 x5/t0 2d2d2d2d2d2d2d2d x6/t1 fffff1ef001eede4 x7/t2 2d2d2d2d2d2d2d2d x8/s0 ffff8f8000f77010 x9/s1 0000000000000000 x10/a0 ffffffff91036168 x11/a1 000000000000001f x12/a2 0000000000080000 x13/a3 ffffffff81f0ee00 x14/a4 1ffffffff2206c2d x15/a5 ffff8f800006d000 x16/a6 0000000000000003 x17/a7 0000000000000003 x18/s2 ffffffff91036120 x19/s3 000000000000002d x20/s4 0000000000000000 x21/s5 0000000000000000 x22/s6 ffffffff81f0ed92 x23/s7 0000000000000000 x24/s8 ffffffff90e60fd5 x25/s9 0000000000000010 x26/s10 fffffffef2206c2f x27/s11 dfffffff00000000 x28/t3 31e5606e00000000 x29/t4 fffff1ef001eede4 x30/t5 fffff1ef001eede5 x31/t6 0000000000000002 fcsr 0000000000000000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000