syzkaller login: [ 4.855419][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 11.526619][ T23] kauditd_printk_skb: 60 callbacks suppressed [ 11.526628][ T23] audit: type=1400 audit(1634917784.860:71): avc: denied { transition } for pid=290 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.532452][ T23] audit: type=1400 audit(1634917784.860:72): avc: denied { write } for pid=290 comm="sh" path="pipe:[361]" dev="pipefs" ino=361 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 11.537051][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 11.776177][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 12.205491][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #88!!! [ 12.355393][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 13.085308][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! Warning: Permanently added '10.128.15.193' (ECDSA) to the list of known hosts. 2021/10/22 15:49:51 fuzzer started 2021/10/22 15:49:51 dialing manager at 10.128.0.163:35843 [ 18.973534][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 19.010962][ T23] audit: type=1400 audit(1634917792.340:73): avc: denied { mounton } for pid=369 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1136 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 19.012302][ T369] cgroup: Unknown subsys name 'net' [ 19.035615][ T23] audit: type=1400 audit(1634917792.340:74): avc: denied { mount } for pid=369 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.060968][ T23] audit: type=1400 audit(1634917792.370:75): avc: denied { unmount } for pid=369 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 19.061116][ T369] cgroup: Unknown subsys name 'devices' [ 19.176935][ T369] cgroup: Unknown subsys name 'hugetlb' [ 19.182663][ T369] cgroup: Unknown subsys name 'rlimit' 2021/10/22 15:49:52 syscalls: 2405 2021/10/22 15:49:52 code coverage: enabled 2021/10/22 15:49:52 comparison tracing: enabled 2021/10/22 15:49:52 extra coverage: enabled 2021/10/22 15:49:52 setuid sandbox: enabled 2021/10/22 15:49:52 namespace sandbox: enabled 2021/10/22 15:49:52 Android sandbox: enabled 2021/10/22 15:49:52 fault injection: enabled 2021/10/22 15:49:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2021/10/22 15:49:52 net packet injection: enabled 2021/10/22 15:49:52 net device setup: enabled 2021/10/22 15:49:52 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2021/10/22 15:49:52 devlink PCI setup: PCI device 0000:00:10.0 is not available 2021/10/22 15:49:52 USB emulation: enabled 2021/10/22 15:49:52 hci packet injection: /dev/vhci does not exist 2021/10/22 15:49:52 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 2021/10/22 15:49:52 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 2021/10/22 15:49:52 fetching corpus: 0, signal 0/2000 (executing program) [ 19.396412][ T23] audit: type=1400 audit(1634917792.730:76): avc: denied { mounton } for pid=369 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 19.421280][ T23] audit: type=1400 audit(1634917792.730:77): avc: denied { mount } for pid=369 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 19.445025][ T23] audit: type=1400 audit(1634917792.730:78): avc: denied { setattr } for pid=369 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 19.477405][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 19.487156][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 19.496859][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! 2021/10/22 15:49:52 fetching corpus: 41, signal 15861/19014 (executing program) 2021/10/22 15:49:53 fetching corpus: 88, signal 28521/32203 (executing program) 2021/10/22 15:49:53 fetching corpus: 135, signal 34052/38267 (executing program) 2021/10/22 15:49:53 fetching corpus: 181, signal 39880/44396 (executing program) 2021/10/22 15:49:53 fetching corpus: 225, signal 43728/48526 (executing program) 2021/10/22 15:49:53 fetching corpus: 268, signal 47184/52106 (executing program) 2021/10/22 15:49:53 fetching corpus: 313, signal 50137/55093 (executing program) 2021/10/22 15:49:54 fetching corpus: 354, signal 52543/57560 (executing program) 2021/10/22 15:49:54 fetching corpus: 399, signal 54218/59347 (executing program) 2021/10/22 15:49:54 fetching corpus: 448, signal 56142/61245 (executing program) 2021/10/22 15:49:54 fetching corpus: 496, signal 59027/63721 (executing program) 2021/10/22 15:49:54 fetching corpus: 542, signal 60583/65138 (executing program) 2021/10/22 15:49:54 fetching corpus: 586, signal 63300/67210 (executing program) 2021/10/22 15:49:54 fetching corpus: 629, signal 65107/68583 (executing program) 2021/10/22 15:49:54 fetching corpus: 677, signal 67329/70088 (executing program) 2021/10/22 15:49:55 fetching corpus: 724, signal 68303/70806 (executing program) 2021/10/22 15:49:55 fetching corpus: 772, signal 69947/71844 (executing program) 2021/10/22 15:49:55 fetching corpus: 819, signal 71701/72836 (executing program) 2021/10/22 15:49:55 fetching corpus: 850, signal 73065/73600 (executing program) 2021/10/22 15:49:55 fetching corpus: 850, signal 73065/73626 (executing program) 2021/10/22 15:49:55 fetching corpus: 851, signal 73101/73693 (executing program) 2021/10/22 15:49:55 fetching corpus: 851, signal 73101/73724 (executing program) 2021/10/22 15:49:55 fetching corpus: 851, signal 73101/73778 (executing program) 2021/10/22 15:49:55 fetching corpus: 851, signal 73102/73822 (executing program) 2021/10/22 15:49:55 fetching corpus: 852, signal 73108/73863 (executing program) 2021/10/22 15:49:55 fetching corpus: 852, signal 73108/73925 (executing program) 2021/10/22 15:49:55 fetching corpus: 852, signal 73108/73972 (executing program) 2021/10/22 15:49:55 fetching corpus: 854, signal 73319/74223 (executing program) 2021/10/22 15:49:55 fetching corpus: 854, signal 73333/74263 (executing program) 2021/10/22 15:49:55 fetching corpus: 854, signal 73333/74296 (executing program) 2021/10/22 15:49:55 fetching corpus: 854, signal 73333/74337 (executing program) 2021/10/22 15:49:55 fetching corpus: 854, signal 73333/74361 (executing program) 2021/10/22 15:49:55 fetching corpus: 854, signal 73333/74429 (executing program) 2021/10/22 15:49:55 fetching corpus: 854, signal 73333/74460 (executing program) 2021/10/22 15:49:55 fetching corpus: 854, signal 73333/74497 (executing program) 2021/10/22 15:49:55 fetching corpus: 854, signal 73333/74551 (executing program) 2021/10/22 15:49:55 fetching corpus: 854, signal 73372/74554 (executing program) 2021/10/22 15:49:55 fetching corpus: 855, signal 73376/74558 (executing program) 2021/10/22 15:49:55 fetching corpus: 855, signal 73376/74558 (executing program) 2021/10/22 15:49:56 starting 6 fuzzer processes 15:49:56 executing program 0: r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x0, 0xc}}, {{0x9, 0x5, 0x81, 0x3, 0x20}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 15:49:56 executing program 1: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x10, 0x94, 0xe2, 0x40, 0x6189, 0x182d, 0x964e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa4, 0x55, 0x82}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 15:49:56 executing program 5: ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000000000000000000000000000000000000000000c278f02f9dc1a6f4883944bcc6f1ff00000000aa03ffff00000000000000000000000000000015d4d6fa1acd89cf27b0e6ffffff006a7052b383fb6d17929a6a8b68114185"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB="070000000000000007000000040000000000000000000000bd0a00000000000003000000010000000000000000000000000000000000000001000000020000000000000000000700ffffff7f04000000000000000000000000000000000000000000000000000000010000000400000000000000000000008e000000020000000000000000000000000000000000000000000000000000000500000004000000000000000001000000000080070e0000000000000000000000000000000000000000000000000000590b00000400000000000000000000000600000000000080000000000000000000000000000000000000000000000000ffffffff010000000000000000000000040000006d00000004"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000001c0)) 15:49:56 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) fcntl$getownex(r0, 0x10, &(0x7f0000000040)) 15:49:56 executing program 3: ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x270, 0x64000000, 0x4, 0xd0e0011, 0x0, 0xc6, 0x1d8, 0x1d8, 0x190, 0x1d8, 0x1d8, 0x3, 0x0, {[{{@ip={@multicast1, @multicast1, 0x0, 0x0, 'veth0_macvtap\x00', '\x00', {}, {}, 0x1}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "a7a9"}}, @common=@unspec=@connlimit={{0x40}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x3}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x31f) 15:49:56 executing program 4: write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cpuset\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) rmdir(&(0x7f0000000380)='./file0/file0\x00') perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000400)='./file0/file0\x00', 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) [ 23.671930][ T23] audit: type=1400 audit(1634917796.990:79): avc: denied { execmem } for pid=372 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 23.775998][ T23] audit: type=1400 audit(1634917797.110:80): avc: denied { mounton } for pid=377 comm="syz-executor.1" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 23.835352][ T23] audit: type=1400 audit(1634917797.110:81): avc: denied { mount } for pid=377 comm="syz-executor.1" name="/" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 23.919258][ T23] audit: type=1400 audit(1634917797.110:82): avc: denied { read } for pid=377 comm="syz-executor.1" dev="nsfs" ino=4026531999 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 23.934361][ T377] bridge0: port 1(bridge_slave_0) entered blocking state [ 23.947648][ T377] bridge0: port 1(bridge_slave_0) entered disabled state [ 23.954930][ T377] device bridge_slave_0 entered promiscuous mode [ 23.966446][ T377] bridge0: port 2(bridge_slave_1) entered blocking state [ 23.973600][ T377] bridge0: port 2(bridge_slave_1) entered disabled state [ 23.981028][ T377] device bridge_slave_1 entered promiscuous mode [ 24.065589][ T381] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.072704][ T381] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.080111][ T381] device bridge_slave_0 entered promiscuous mode [ 24.093443][ T383] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.100560][ T383] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.107965][ T383] device bridge_slave_0 entered promiscuous mode [ 24.115680][ T383] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.122700][ T383] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.130006][ T383] device bridge_slave_1 entered promiscuous mode [ 24.146088][ T381] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.153124][ T381] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.160566][ T381] device bridge_slave_1 entered promiscuous mode [ 24.174291][ T378] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.181544][ T378] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.188873][ T378] device bridge_slave_0 entered promiscuous mode [ 24.197551][ T378] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.204566][ T378] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.211902][ T378] device bridge_slave_1 entered promiscuous mode [ 24.224378][ T23] kauditd_printk_skb: 3 callbacks suppressed [ 24.224384][ T23] audit: type=1400 audit(1634917797.550:86): avc: denied { create } for pid=377 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 24.255347][ T23] audit: type=1400 audit(1634917797.560:87): avc: denied { write } for pid=377 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 24.257868][ T382] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.276217][ T23] audit: type=1400 audit(1634917797.560:88): avc: denied { read } for pid=377 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 24.283207][ T382] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.311873][ T382] device bridge_slave_0 entered promiscuous mode [ 24.357168][ T377] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.364192][ T377] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.371470][ T377] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.378515][ T377] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.386546][ T382] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.393562][ T382] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.400977][ T382] device bridge_slave_1 entered promiscuous mode [ 24.422341][ T383] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.429379][ T383] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.436656][ T383] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.443659][ T383] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.470651][ T385] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.477840][ T385] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.485069][ T385] device bridge_slave_0 entered promiscuous mode [ 24.495719][ T385] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.502753][ T385] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.510114][ T385] device bridge_slave_1 entered promiscuous mode [ 24.533974][ T381] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.541032][ T381] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.548290][ T381] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.555318][ T381] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.594160][ T396] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.601604][ T396] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.608747][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.616835][ T396] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.623958][ T396] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.631208][ T396] bridge0: port 1(bridge_slave_0) entered disabled state [ 24.638428][ T396] bridge0: port 2(bridge_slave_1) entered disabled state [ 24.657634][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.665842][ T108] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.672858][ T108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.680619][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.688738][ T108] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.695753][ T108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.703150][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.725532][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 24.733735][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.741261][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.749490][ T396] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.756548][ T396] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.764312][ T396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.772607][ T396] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.779643][ T396] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.807114][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.814542][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 24.822639][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.830791][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.837850][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.858418][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 24.866284][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 24.874535][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 24.882448][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 24.890362][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 24.898684][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 24.905716][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 24.913015][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 24.921570][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 24.928664][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 24.936161][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 24.959896][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 24.968236][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 24.976944][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.008541][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.017563][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.026087][ T108] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.033093][ T108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.040545][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.048418][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.056483][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.064409][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.071852][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.079315][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.087349][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.095406][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.103417][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.111582][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.119904][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.128097][ T108] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.135097][ T108] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.142529][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.151193][ T108] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.159488][ T108] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.166521][ T108] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.198119][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.206349][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.214506][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 25.222306][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.230614][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.238900][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.247236][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.255538][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.263751][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 25.271221][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 25.278641][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 25.286862][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 25.294932][ T403] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.301975][ T403] bridge0: port 1(bridge_slave_0) entered forwarding state [ 25.309404][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.317398][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.325149][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 25.333441][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 25.341571][ T403] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.348624][ T403] bridge0: port 2(bridge_slave_1) entered forwarding state [ 25.357032][ T74] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 25.375661][ T402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.383742][ T402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.392345][ T402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.400545][ T402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.408610][ T402] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.417284][ T402] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.425756][ T402] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.433850][ T402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.445849][ T383] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 25.458392][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 25.461137][ T23] audit: type=1400 audit(1634917798.790:89): avc: denied { read write } for pid=383 comm="syz-executor.2" name="loop2" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.466645][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 25.497465][ T23] audit: type=1400 audit(1634917798.820:90): avc: denied { open } for pid=383 comm="syz-executor.2" path="/dev/loop2" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 25.509296][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 25.531552][ T23] audit: type=1400 audit(1634917798.820:91): avc: denied { ioctl } for pid=383 comm="syz-executor.2" path="/dev/loop2" dev="devtmpfs" ino=117 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 15:49:58 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) fcntl$getownex(r0, 0x10, &(0x7f0000000040)) 15:49:58 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) fcntl$getownex(r0, 0x10, &(0x7f0000000040)) 15:49:58 executing program 2: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) fcntl$getownex(r0, 0x10, &(0x7f0000000040)) [ 25.558410][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 25.567606][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.580200][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.589290][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.599098][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready 15:49:58 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x5c8, 0x0, 0x9403, 0x0, 0x0, 0x2c0, 0x4f8, 0x3d8, 0x3d8, 0x4f8, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x3d0, 0x3f8, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x3}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x628) [ 25.625893][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 25.636329][ T23] audit: type=1400 audit(1634917798.970:92): avc: denied { open } for pid=414 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 25.659455][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready 15:49:59 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x5c8, 0x0, 0x9403, 0x0, 0x0, 0x2c0, 0x4f8, 0x3d8, 0x3d8, 0x4f8, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x3d0, 0x3f8, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x3}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x628) [ 25.670011][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 25.677806][ T23] audit: type=1400 audit(1634917798.990:93): avc: denied { perfmon } for pid=414 comm="syz-executor.4" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 25.699412][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready 15:49:59 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x5c8, 0x0, 0x9403, 0x0, 0x0, 0x2c0, 0x4f8, 0x3d8, 0x3d8, 0x4f8, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x3d0, 0x3f8, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x3}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x628) [ 25.707359][ T23] audit: type=1400 audit(1634917798.990:94): avc: denied { kernel } for pid=414 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1 [ 25.708672][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.726945][ T23] audit: type=1400 audit(1634917799.030:95): avc: denied { mounton } for pid=414 comm="syz-executor.4" path="/root/syzkaller-testdir733551708/syzkaller.ZQegwF/0/file0" dev="sda1" ino=1171 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 25.742535][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.769899][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 25.778238][ T403] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.806801][ T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 25.815088][ T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 25.823931][ T404] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.833535][ T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.842784][ T404] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.851748][ T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.860157][ T404] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.868616][ T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.876934][ T404] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.885046][ T404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.908288][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 25.917370][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 25.925762][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 25.933992][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 25.942726][ T405] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 25.974309][ T430] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 25.990432][ T433] xt_NFQUEUE: number of total queues is 0 [ 26.185691][ T403] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 26.235424][ T396] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 26.665708][ T396] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.715436][ T403] usb 2-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice=96.4e [ 26.724466][ T403] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.732481][ T403] usb 2-1: Product: syz [ 26.736781][ T403] usb 2-1: Manufacturer: syz [ 26.741367][ T403] usb 2-1: SerialNumber: syz [ 26.748955][ T403] usb 2-1: config 0 descriptor?? [ 26.835438][ T396] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 26.844596][ T396] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 26.852679][ T396] usb 1-1: Product: syz [ 26.856980][ T396] usb 1-1: Manufacturer: syz [ 26.861665][ T396] usb 1-1: SerialNumber: syz [ 27.635433][ T403] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 27.645690][ T403] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9 [ 27.656895][ T403] asix: probe of 2-1:0.0 failed with error -71 [ 27.665202][ T403] usb 2-1: USB disconnect, device number 2 [ 28.005419][ T396] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 28.011860][ T396] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 28.019466][ T396] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 28.236917][ T396] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42 [ 28.249270][ T396] usb 1-1: USB disconnect, device number 2 [ 28.255401][ T396] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM [ 28.395368][ T403] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 28.915402][ T403] usb 2-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice=96.4e [ 28.924623][ T403] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 28.937459][ T403] usb 2-1: Product: syz [ 28.941647][ T403] usb 2-1: Manufacturer: syz [ 28.946312][ T403] usb 2-1: SerialNumber: syz [ 28.951382][ T403] usb 2-1: config 0 descriptor?? [ 28.975451][ T403] usb 2-1: can't set config #0, error -71 [ 28.981618][ T403] usb 2-1: USB disconnect, device number 3 [ 28.985350][ T405] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 29.345419][ T405] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 15:50:02 executing program 4: write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cpuset\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) rmdir(&(0x7f0000000380)='./file0/file0\x00') perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000400)='./file0/file0\x00', 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 15:50:02 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x5c8, 0x0, 0x9403, 0x0, 0x0, 0x2c0, 0x4f8, 0x3d8, 0x3d8, 0x4f8, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x3d0, 0x3f8, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x3}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}]}, @common=@inet=@TCPMSS={0x28}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x628) 15:50:02 executing program 3: ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x270, 0x64000000, 0x4, 0xd0e0011, 0x0, 0xc6, 0x1d8, 0x1d8, 0x190, 0x1d8, 0x1d8, 0x3, 0x0, {[{{@ip={@multicast1, @multicast1, 0x0, 0x0, 'veth0_macvtap\x00', '\x00', {}, {}, 0x1}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "a7a9"}}, @common=@unspec=@connlimit={{0x40}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x3}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x31f) 15:50:02 executing program 5: ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000000000000000000000000000000000000000000c278f02f9dc1a6f4883944bcc6f1ff00000000aa03ffff00000000000000000000000000000015d4d6fa1acd89cf27b0e6ffffff006a7052b383fb6d17929a6a8b68114185"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB="070000000000000007000000040000000000000000000000bd0a00000000000003000000010000000000000000000000000000000000000001000000020000000000000000000700ffffff7f04000000000000000000000000000000000000000000000000000000010000000400000000000000000000008e000000020000000000000000000000000000000000000000000000000000000500000004000000000000000001000000000080070e0000000000000000000000000000000000000000000000000000590b00000400000000000000000000000600000000000080000000000000000000000000000000000000000000000000ffffffff010000000000000000000000040000006d00000004"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000001c0)) 15:50:02 executing program 1: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x10, 0x94, 0xe2, 0x40, 0x6189, 0x182d, 0x964e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa4, 0x55, 0x82}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 15:50:02 executing program 0: r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x0, 0xc}}, {{0x9, 0x5, 0x81, 0x3, 0x20}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 15:50:02 executing program 5: ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000000000000000000000000000000000000000000c278f02f9dc1a6f4883944bcc6f1ff00000000aa03ffff00000000000000000000000000000015d4d6fa1acd89cf27b0e6ffffff006a7052b383fb6d17929a6a8b68114185"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB="070000000000000007000000040000000000000000000000bd0a00000000000003000000010000000000000000000000000000000000000001000000020000000000000000000700ffffff7f04000000000000000000000000000000000000000000000000000000010000000400000000000000000000008e000000020000000000000000000000000000000000000000000000000000000500000004000000000000000001000000000080070e0000000000000000000000000000000000000000000000000000590b00000400000000000000000000000600000000000080000000000000000000000000000000000000000000000000ffffffff010000000000000000000000040000006d00000004"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000001c0)) 15:50:02 executing program 2: r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x0, 0xc}}, {{0x9, 0x5, 0x81, 0x3, 0x20}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 15:50:02 executing program 3: ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x270, 0x64000000, 0x4, 0xd0e0011, 0x0, 0xc6, 0x1d8, 0x1d8, 0x190, 0x1d8, 0x1d8, 0x3, 0x0, {[{{@ip={@multicast1, @multicast1, 0x0, 0x0, 'veth0_macvtap\x00', '\x00', {}, {}, 0x1}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "a7a9"}}, @common=@unspec=@connlimit={{0x40}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x3}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x31f) [ 29.537263][ T453] xt_NFQUEUE: number of total queues is 0 [ 29.546725][ T405] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 29.566469][ T405] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 15:50:02 executing program 3: ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x270, 0x64000000, 0x4, 0xd0e0011, 0x0, 0xc6, 0x1d8, 0x1d8, 0x190, 0x1d8, 0x1d8, 0x3, 0x0, {[{{@ip={@multicast1, @multicast1, 0x0, 0x0, 'veth0_macvtap\x00', '\x00', {}, {}, 0x1}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "a7a9"}}, @common=@unspec=@connlimit={{0x40}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x3}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x31f) 15:50:02 executing program 4: write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cpuset\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) rmdir(&(0x7f0000000380)='./file0/file0\x00') perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000400)='./file0/file0\x00', 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) [ 29.592026][ T405] usb 1-1: Product: syz [ 29.595207][ T463] xt_NFQUEUE: number of total queues is 0 [ 29.598914][ T405] usb 1-1: Manufacturer: syz 15:50:02 executing program 5: ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000000000000000000000000000000000000000000c278f02f9dc1a6f4883944bcc6f1ff00000000aa03ffff00000000000000000000000000000015d4d6fa1acd89cf27b0e6ffffff006a7052b383fb6d17929a6a8b68114185"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB="070000000000000007000000040000000000000000000000bd0a00000000000003000000010000000000000000000000000000000000000001000000020000000000000000000700ffffff7f04000000000000000000000000000000000000000000000000000000010000000400000000000000000000008e000000020000000000000000000000000000000000000000000000000000000500000004000000000000000001000000000080070e0000000000000000000000000000000000000000000000000000590b00000400000000000000000000000600000000000080000000000000000000000000000000000000000000000000ffffffff010000000000000000000000040000006d00000004"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000001c0)) 15:50:02 executing program 3: ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000000000000000000000000000000000000000000c278f02f9dc1a6f4883944bcc6f1ff00000000aa03ffff00000000000000000000000000000015d4d6fa1acd89cf27b0e6ffffff006a7052b383fb6d17929a6a8b68114185"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB="070000000000000007000000040000000000000000000000bd0a00000000000003000000010000000000000000000000000000000000000001000000020000000000000000000700ffffff7f04000000000000000000000000000000000000000000000000000000010000000400000000000000000000008e000000020000000000000000000000000000000000000000000000000000000500000004000000000000000001000000000080070e0000000000000000000000000000000000000000000000000000590b00000400000000000000000000000600000000000080000000000000000000000000000000000000000000000000ffffffff010000000000000000000000040000006d00000004"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000001c0)) [ 29.633804][ T466] xt_NFQUEUE: number of total queues is 0 [ 29.641330][ T405] usb 1-1: can't set config #1, error -71 [ 29.650417][ T405] usb 1-1: USB disconnect, device number 3 15:50:03 executing program 4: write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cpuset\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) rmdir(&(0x7f0000000380)='./file0/file0\x00') perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000400)='./file0/file0\x00', 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 15:50:03 executing program 3: ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000000000000000000000000000000000000000000c278f02f9dc1a6f4883944bcc6f1ff00000000aa03ffff00000000000000000000000000000015d4d6fa1acd89cf27b0e6ffffff006a7052b383fb6d17929a6a8b68114185"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB="070000000000000007000000040000000000000000000000bd0a00000000000003000000010000000000000000000000000000000000000001000000020000000000000000000700ffffff7f04000000000000000000000000000000000000000000000000000000010000000400000000000000000000008e000000020000000000000000000000000000000000000000000000000000000500000004000000000000000001000000000080070e0000000000000000000000000000000000000000000000000000590b00000400000000000000000000000600000000000080000000000000000000000000000000000000000000000000ffffffff010000000000000000000000040000006d00000004"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000001c0)) 15:50:03 executing program 5: ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000000000000000000000000000000000000000000c278f02f9dc1a6f4883944bcc6f1ff00000000aa03ffff00000000000000000000000000000015d4d6fa1acd89cf27b0e6ffffff006a7052b383fb6d17929a6a8b68114185"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB="070000000000000007000000040000000000000000000000bd0a00000000000003000000010000000000000000000000000000000000000001000000020000000000000000000700ffffff7f04000000000000000000000000000000000000000000000000000000010000000400000000000000000000008e000000020000000000000000000000000000000000000000000000000000000500000004000000000000000001000000000080070e0000000000000000000000000000000000000000000000000000590b00000400000000000000000000000600000000000080000000000000000000000000000000000000000000000000ffffffff010000000000000000000000040000006d00000004"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000001c0)) [ 29.795365][ T403] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 29.855355][ T404] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 30.025348][ T405] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 30.235484][ T404] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.365463][ T403] usb 2-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice=96.4e [ 30.374499][ T403] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.382573][ T403] usb 2-1: Product: syz [ 30.385424][ T405] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.386746][ T403] usb 2-1: Manufacturer: syz [ 30.402220][ T403] usb 2-1: SerialNumber: syz [ 30.409033][ T403] usb 2-1: config 0 descriptor?? [ 30.415474][ T404] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 30.424496][ T404] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.432627][ T404] usb 3-1: Product: syz [ 30.436890][ T404] usb 3-1: Manufacturer: syz [ 30.441465][ T404] usb 3-1: SerialNumber: syz [ 30.555398][ T405] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 30.564503][ T405] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 30.572559][ T405] usb 1-1: Product: syz [ 30.576781][ T405] usb 1-1: Manufacturer: syz [ 30.581417][ T405] usb 1-1: SerialNumber: syz [ 31.285387][ T403] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 31.295413][ T403] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9 [ 31.306566][ T403] asix: probe of 2-1:0.0 failed with error -71 [ 31.313821][ T403] usb 2-1: USB disconnect, device number 4 [ 31.585393][ T404] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 31.591910][ T404] cdc_ncm 3-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 31.599664][ T404] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 31.725367][ T405] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 31.731838][ T405] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 31.739319][ T405] cdc_ncm 1-1:1.0: setting rx_max = 2048 15:50:05 executing program 1: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x10, 0x94, 0xe2, 0x40, 0x6189, 0x182d, 0x964e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa4, 0x55, 0x82}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) [ 31.828595][ T404] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42 [ 31.846192][ T404] usb 3-1: USB disconnect, device number 2 [ 31.852249][ T404] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM [ 31.956869][ T405] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42 [ 31.969579][ T405] usb 1-1: USB disconnect, device number 4 [ 31.978783][ T405] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM [ 32.065337][ T403] usb 2-1: new high-speed USB device number 5 using dummy_hcd 15:50:05 executing program 0: r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x0, 0xc}}, {{0x9, 0x5, 0x81, 0x3, 0x20}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 15:50:05 executing program 4: ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x270, 0x64000000, 0x4, 0xd0e0011, 0x0, 0xc6, 0x1d8, 0x1d8, 0x190, 0x1d8, 0x1d8, 0x3, 0x0, {[{{@ip={@multicast1, @multicast1, 0x0, 0x0, 'veth0_macvtap\x00', '\x00', {}, {}, 0x1}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "a7a9"}}, @common=@unspec=@connlimit={{0x40}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x3}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x31f) 15:50:05 executing program 3: ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000000000000000000000000000000000000000000c278f02f9dc1a6f4883944bcc6f1ff00000000aa03ffff00000000000000000000000000000015d4d6fa1acd89cf27b0e6ffffff006a7052b383fb6d17929a6a8b68114185"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB="070000000000000007000000040000000000000000000000bd0a00000000000003000000010000000000000000000000000000000000000001000000020000000000000000000700ffffff7f04000000000000000000000000000000000000000000000000000000010000000400000000000000000000008e000000020000000000000000000000000000000000000000000000000000000500000004000000000000000001000000000080070e0000000000000000000000000000000000000000000000000000590b00000400000000000000000000000600000000000080000000000000000000000000000000000000000000000000ffffffff010000000000000000000000040000006d00000004"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000001c0)) 15:50:05 executing program 5: ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000000000000000000000000000000000000000000c278f02f9dc1a6f4883944bcc6f1ff00000000aa03ffff00000000000000000000000000000015d4d6fa1acd89cf27b0e6ffffff006a7052b383fb6d17929a6a8b68114185"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB="070000000000000007000000040000000000000000000000bd0a00000000000003000000010000000000000000000000000000000000000001000000020000000000000000000700ffffff7f04000000000000000000000000000000000000000000000000000000010000000400000000000000000000008e000000020000000000000000000000000000000000000000000000000000000500000004000000000000000001000000000080070e0000000000000000000000000000000000000000000000000000590b00000400000000000000000000000600000000000080000000000000000000000000000000000000000000000000ffffffff010000000000000000000000040000006d00000004"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000001c0)) 15:50:05 executing program 2: r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x0, 0xc}}, {{0x9, 0x5, 0x81, 0x3, 0x20}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 15:50:05 executing program 4: ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x270, 0x64000000, 0x4, 0xd0e0011, 0x0, 0xc6, 0x1d8, 0x1d8, 0x190, 0x1d8, 0x1d8, 0x3, 0x0, {[{{@ip={@multicast1, @multicast1, 0x0, 0x0, 'veth0_macvtap\x00', '\x00', {}, {}, 0x1}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "a7a9"}}, @common=@unspec=@connlimit={{0x40}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x3}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x31f) 15:50:05 executing program 4: ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x8, 0x3, 0x270, 0x64000000, 0x4, 0xd0e0011, 0x0, 0xc6, 0x1d8, 0x1d8, 0x190, 0x1d8, 0x1d8, 0x3, 0x0, {[{{@ip={@multicast1, @multicast1, 0x0, 0x0, 'veth0_macvtap\x00', '\x00', {}, {}, 0x1}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "a7a9"}}, @common=@unspec=@connlimit={{0x40}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x3}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x31f) 15:50:05 executing program 3: write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cpuset\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) rmdir(&(0x7f0000000380)='./file0/file0\x00') perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000400)='./file0/file0\x00', 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 15:50:05 executing program 5: ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000000000000000000000000000000000000000000000000000c278f02f9dc1a6f4883944bcc6f1ff00000000aa03ffff00000000000000000000000000000015d4d6fa1acd89cf27b0e6ffffff006a7052b383fb6d17929a6a8b68114185"]) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB="070000000000000007000000040000000000000000000000bd0a00000000000003000000010000000000000000000000000000000000000001000000020000000000000000000700ffffff7f04000000000000000000000000000000000000000000000000000000010000000400000000000000000000008e000000020000000000000000000000000000000000000000000000000000000500000004000000000000000001000000000080070e0000000000000000000000000000000000000000000000000000590b00000400000000000000000000000600000000000080000000000000000000000000000000000000000000000000ffffffff010000000000000000000000040000006d00000004"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000001c0)) [ 32.456833][ T533] xt_NFQUEUE: number of total queues is 0 [ 32.490087][ T541] xt_NFQUEUE: number of total queues is 0 15:50:05 executing program 4: write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cpuset\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) rmdir(&(0x7f0000000380)='./file0/file0\x00') perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000400)='./file0/file0\x00', 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 15:50:05 executing program 3: write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cpuset\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) rmdir(&(0x7f0000000380)='./file0/file0\x00') perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000400)='./file0/file0\x00', 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) [ 32.529484][ T549] xt_NFQUEUE: number of total queues is 0 [ 32.585466][ T403] usb 2-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice=96.4e [ 32.594574][ T403] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 32.602729][ T403] usb 2-1: Product: syz [ 32.606929][ T403] usb 2-1: Manufacturer: syz [ 32.611549][ T403] usb 2-1: SerialNumber: syz [ 32.616646][ T403] usb 2-1: config 0 descriptor?? [ 32.725349][ T396] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 32.735444][ T405] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 33.095515][ T396] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 33.115507][ T405] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 33.265427][ T396] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 33.274496][ T396] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.282629][ T396] usb 1-1: Product: syz [ 33.287075][ T405] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 33.296184][ T396] usb 1-1: Manufacturer: syz [ 33.300787][ T405] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.309011][ T396] usb 1-1: SerialNumber: syz [ 33.313842][ T405] usb 3-1: Product: syz [ 33.319029][ T405] usb 3-1: Manufacturer: syz [ 33.323706][ T405] usb 3-1: SerialNumber: syz [ 33.505390][ T403] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 33.515396][ T403] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9 [ 33.526554][ T403] asix: probe of 2-1:0.0 failed with error -71 [ 33.533545][ T403] usb 2-1: USB disconnect, device number 5 15:50:07 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x0, 0x0, 0x0, 0xfff}, 0x1c) [ 34.012699][ T23] kauditd_printk_skb: 9 callbacks suppressed [ 34.012706][ T23] audit: type=1400 audit(1634917807.340:105): avc: denied { create } for pid=556 comm="syz-executor.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 34.038743][ T23] audit: type=1400 audit(1634917807.340:106): avc: denied { setopt } for pid=556 comm="syz-executor.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 34.435389][ T396] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 34.441900][ T396] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 34.449458][ T396] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 34.475362][ T405] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 34.481831][ T405] cdc_ncm 3-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 34.489430][ T405] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 34.676305][ T396] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42 [ 34.689859][ T396] usb 1-1: USB disconnect, device number 5 [ 34.697120][ T396] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM [ 34.707603][ T405] cdc_ncm 3-1:1.0 usb1: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42 [ 34.731473][ T405] usb 3-1: USB disconnect, device number 3 [ 34.737711][ T405] cdc_ncm 3-1:1.0 usb1: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM 15:50:08 executing program 0: r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x0, 0xc}}, {{0x9, 0x5, 0x81, 0x3, 0x20}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 15:50:08 executing program 4: write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cpuset\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) rmdir(&(0x7f0000000380)='./file0/file0\x00') perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000400)='./file0/file0\x00', 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 15:50:08 executing program 3: write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cpuset\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) rmdir(&(0x7f0000000380)='./file0/file0\x00') perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000400)='./file0/file0\x00', 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 15:50:08 executing program 1: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x10, 0x94, 0xe2, 0x40, 0x6189, 0x182d, 0x964e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa4, 0x55, 0x82}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 15:50:08 executing program 2: r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x0, 0xc}}, {{0x9, 0x5, 0x81, 0x3, 0x20}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 15:50:08 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x0, 0x0, 0x0, 0xfff}, 0x1c) 15:50:08 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x0, 0x0, 0x0, 0xfff}, 0x1c) 15:50:08 executing program 4: write$selinux_attr(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cpuset\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) rmdir(&(0x7f0000000380)='./file0/file0\x00') perf_event_open(&(0x7f0000000280)={0x2, 0x80, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000400)='./file0/file0\x00', 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 15:50:08 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x0, 0x0, 0x0, 0xfff}, 0x1c) 15:50:08 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x0, 0x0, 0x0, 0xfff}, 0x1c) 15:50:08 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x0, 0x0, 0x0, 0xfff}, 0x1c) 15:50:08 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x0, 0x0, 0x0, 0xfff}, 0x1c) [ 35.425333][ T404] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 35.445349][ T403] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 35.475340][ T405] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 35.805442][ T403] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.885376][ T405] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.945445][ T404] usb 2-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice=96.4e [ 35.954538][ T404] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 35.962729][ T404] usb 2-1: Product: syz [ 35.966964][ T404] usb 2-1: Manufacturer: syz [ 35.971545][ T404] usb 2-1: SerialNumber: syz [ 35.976297][ T403] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 35.985759][ T404] usb 2-1: config 0 descriptor?? [ 35.990753][ T403] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 35.998880][ T403] usb 1-1: Product: syz [ 36.003076][ T403] usb 1-1: Manufacturer: syz [ 36.007912][ T403] usb 1-1: SerialNumber: syz [ 36.075565][ T405] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 36.084651][ T405] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 36.092704][ T405] usb 3-1: Product: syz [ 36.096915][ T405] usb 3-1: Manufacturer: syz [ 36.101513][ T405] usb 3-1: SerialNumber: syz [ 36.915384][ T404] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 36.925476][ T404] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9 [ 36.936616][ T404] asix: probe of 2-1:0.0 failed with error -71 [ 36.943339][ T404] usb 2-1: USB disconnect, device number 6 [ 37.135366][ T403] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 37.141890][ T403] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 37.149600][ T403] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 37.245377][ T405] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 37.251812][ T405] cdc_ncm 3-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 37.259283][ T405] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 37.366670][ T403] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42 [ 37.378335][ T403] usb 1-1: USB disconnect, device number 6 [ 37.384435][ T403] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM [ 37.486782][ T405] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM, 42:42:42:42:42:42 [ 37.510541][ T405] usb 3-1: USB disconnect, device number 4 [ 37.517732][ C0] skbuff: skb_over_panic: text:ffffffff830a5b5f len:184 put:172 head:ffff8881163ba000 data:ffff8881163ba000 tail:0xb8 end:0x80 dev: [ 37.531871][ C0] ------------[ cut here ]------------ [ 37.537331][ C0] kernel BUG at net/core/skbuff.c:110! [ 37.542780][ C0] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 37.548836][ C0] CPU: 0 PID: 649 Comm: sed Not tainted 5.10.75-syzkaller-01082-g234d53d2bb60 #0 [ 37.557921][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.567976][ C0] RIP: 0010:skb_panic+0x14f/0x160 [ 37.573020][ C0] Code: 87 85 48 8b 75 c0 48 8b 55 b8 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 b8 00 00 00 00 53 41 56 41 55 41 54 e8 2c 61 89 fd 48 83 c4 20 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 41 [ 37.592630][ C0] RSP: 0018:ffffc90000006ee8 EFLAGS: 00010286 [ 37.598674][ C0] RAX: 0000000000000087 RBX: ffffffff85873b60 RCX: a3747c18861db300 [ 37.606625][ C0] RDX: 0000000000000703 RSI: 0000000000000703 RDI: 0000000000000000 [ 37.614576][ C0] RBP: ffffc90000006f30 R08: ffffffff81545368 R09: ffffed103ee095d8 [ 37.622656][ C0] R10: ffffed103ee095d8 R11: 0000000000000000 R12: ffff8881163ba000 [ 37.630605][ C0] R13: 00000000000000b8 R14: 0000000000000080 R15: dffffc0000000000 [ 37.638562][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 37.647479][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 37.654049][ C0] CR2: 00007f4a0e371270 CR3: 0000000116b19000 CR4: 00000000003506b0 [ 37.662004][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 37.669960][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 37.677913][ C0] Call Trace: [ 37.681171][ C0] [ 37.684007][ C0] ? cdc_ncm_fill_tx_frame+0x127f/0x3d50 [ 37.689644][ C0] ? cdc_ncm_fill_tx_frame+0x127f/0x3d50 [ 37.696392][ C0] skb_over_panic+0x2c/0x30 [ 37.700872][ C0] ? cdc_ncm_fill_tx_frame+0x127f/0x3d50 [ 37.706478][ C0] skb_put+0x205/0x210 [ 37.710523][ C0] cdc_ncm_fill_tx_frame+0x127f/0x3d50 [ 37.715958][ C0] cdc_ncm_tx_fixup+0x98/0xf0 [ 37.720607][ C0] usbnet_start_xmit+0x111/0x1a60 [ 37.725606][ C0] ? validate_xmit_skb+0x62d/0xc40 [ 37.730689][ C0] ? inode_permission+0xe0/0x520 [ 37.735600][ C0] xmit_one+0x16a/0x480 [ 37.739757][ C0] dev_hard_start_xmit+0xad/0x1c0 [ 37.744767][ C0] sch_direct_xmit+0x28f/0x9b0 [ 37.749513][ C0] ? asan.module_dtor+0x20/0x20 [ 37.754345][ C0] __qdisc_run+0x245/0x3e0 [ 37.758760][ C0] ? sch_direct_xmit+0x9b0/0x9b0 [ 37.763673][ C0] __dev_queue_xmit+0xe7e/0x2ac0 [ 37.768587][ C0] ? dev_queue_xmit+0x20/0x20 [ 37.773236][ C0] ? __local_bh_enable_ip+0xa8/0x170 [ 37.778496][ C0] ? __kasan_check_write+0x14/0x20 [ 37.783586][ C0] ? _raw_write_lock_bh+0xa3/0x170 [ 37.788671][ C0] ? __local_bh_enable_ip+0xa8/0x170 [ 37.793946][ C0] ? eth_header+0x11f/0x200 [ 37.798441][ C0] ? memcpy+0x56/0x70 [ 37.802416][ C0] dev_queue_xmit+0x17/0x20 [ 37.806905][ C0] neigh_resolve_output+0x693/0x740 [ 37.812101][ C0] ip6_finish_output2+0x109c/0x1930 [ 37.817301][ C0] ? __ip6_finish_output+0x7b0/0x7b0 [ 37.822621][ C0] __ip6_finish_output+0x610/0x7b0 [ 37.827719][ C0] ip6_finish_output+0x3f/0x1e0 [ 37.832549][ C0] ? ip6_output+0x1f3/0x4c0 15:50:11 executing program 5: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$sock(r0, &(0x7f000000d000)=[{{0x0, 0x0, &(0x7f0000003240)=[{&(0x7f0000003100)="dc", 0x1}], 0x1}}], 0x1, 0x0) recvmmsg$unix(r1, 0x0, 0x0, 0x0, 0x0) 15:50:11 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, &(0x7f0000000180)) 15:50:11 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) r1 = socket(0x11, 0x800000003, 0x8) bind(r1, &(0x7f0000000280)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e030a86df875f2e3ff5f163ee340b7679500800000000000000101013c5811039e0c775027ec8e66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5acc326d3a0dffc2c654"}, 0x80) sendto$inet(r0, 0x0, 0x0, 0x20004091, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000240)="9b17e6284febffd7c37947f7989de4ef6750102e7f97bc692aac2de98ab72207366766a546ffd2960d3729c35ba4f72395a998d9229ff7244d5499cbe99c886a1d9723af264c715778a50ebd6f23a4790934848ef1e71b7d099832d0ee996ca772ad1cc4421a26a28ffe65c752dff5d2286bdf4f25080018e77d1a565a443115241a83fced147ceb252a0c3ec8708db199ae95088edd807531f2c51e0620c5e668bf5f1f6b48f09a9d67900e1b02f21b31d03eb3888aafe704875ecdb0be5cfe85c37837cc0661613266394a071492785b", 0xd1, 0xfecc, 0x0, 0x0) 15:50:11 executing program 1: syz_emit_ethernet(0x56, &(0x7f00000033c0)={@broadcast, @empty, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6ef784", 0x20, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {[@srh, @dstopts={0x1, 0x1, '\x00', [@ra, @generic={0x0, 0x3, "a311dd"}]}]}}}}}, 0x0) [ 37.837038][ C0] ip6_output+0x211/0x4c0 [ 37.841348][ C0] ? asan.module_dtor+0x20/0x20 [ 37.846193][ C0] ? ip6_output+0x4c0/0x4c0 [ 37.850697][ C0] ? __rcu_read_lock+0x50/0x50 [ 37.855473][ C0] ? nf_hook_slow+0x1b6/0x200 [ 37.860156][ C0] mld_sendpack+0x5fc/0xb20 [ 37.864703][ C0] ? add_grec+0x1370/0x1370 [ 37.869248][ C0] ? mld_send_report+0x210/0x210 [ 37.869271][ T23] audit: type=1400 audit(1634917811.170:107): avc: denied { prog_load } for pid=650 comm="syz-executor.5" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 37.874191][ C0] mld_ifc_timer_expire+0x85b/0xc50 [ 37.874210][ C0] ? _raw_spin_lock_irq+0xa4/0x1b0 [ 37.903651][ C0] ? _raw_spin_lock_irqsave+0x210/0x210 [ 37.909212][ C0] ? mld_gq_timer_expire+0xe0/0xe0 [ 37.914331][ C0] call_timer_fn+0x35/0x280 [ 37.918839][ C0] ? mld_gq_timer_expire+0xe0/0xe0 [ 37.923961][ C0] expire_timers+0x21f/0x3b0 [ 37.928557][ C0] __run_timers+0x548/0x680 [ 37.933065][ C0] ? enqueue_timer+0x470/0x470 [ 37.937834][ C0] run_timer_softirq+0x69/0xf0 [ 37.942584][ C0] __do_softirq+0x27e/0x598 [ 37.947081][ C0] asm_call_irq_on_stack+0xf/0x20 [ 37.952098][ C0] [ 37.955037][ C0] do_softirq_own_stack+0x60/0x80 [ 37.960054][ C0] __irq_exit_rcu+0x128/0x150 [ 37.964723][ C0] irq_exit_rcu+0x9/0x10 [ 37.968951][ C0] sysvec_apic_timer_interrupt+0xbf/0xe0 [ 37.974579][ C0] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 37.980553][ C0] RIP: 0010:memset+0x27/0x40 [ 37.985138][ C0] Code: 00 00 00 55 48 89 e5 41 57 41 56 53 49 89 d7 41 89 f6 48 89 fb 48 8b 4d 08 48 89 d6 ba 01 00 00 00 e8 0d ed ff ff 84 c0 74 10 <48> 89 df 44 89 f6 4c 89 fa e8 db 14 d1 00 eb 02 31 c0 5b 41 5e 41 [ 38.004733][ C0] RSP: 0018:ffffc9000e3f7558 EFLAGS: 00000202 [ 38.010781][ C0] RAX: ffffffff822b7701 RBX: ffffc9000e3f75e0 RCX: ffffffff822b771b [ 38.018732][ C0] RDX: 0000000000000001 RSI: 0000000000000038 RDI: ffffc9000e3f75e0 [ 38.026683][ C0] RBP: ffffc9000e3f7570 R08: dffffc0000000000 R09: fffff52001c7eec3 [ 38.034638][ C0] R10: fffff52001c7eec3 R11: 0000000000000000 R12: 0000000010000000 [ 38.042587][ C0] R13: ffffffff86f234e0 R14: 0000000000000000 R15: 0000000000000038 [ 38.050555][ C0] ? avc_has_perm_noaudit+0x81/0x4d0 [ 38.055814][ C0] ? avc_has_perm_noaudit+0x9b/0x4d0 [ 38.061090][ C0] ? memset+0x23/0x40 [ 38.065055][ C0] avc_has_perm_noaudit+0x9b/0x4d0 [ 38.070144][ C0] ? memcpy+0x56/0x70 [ 38.074100][ C0] ? avc_denied+0x1b0/0x1b0 [ 38.078580][ C0] ? step_into+0x487/0x1f10 [ 38.083062][ C0] selinux_inode_permission+0x37f/0x6a0 [ 38.088600][ C0] ? __kernel_text_address+0x9a/0x110 [ 38.093947][ C0] ? unwind_get_return_address+0x4c/0x90 [ 38.099556][ C0] ? selinux_inode_follow_link+0x3c0/0x3c0 [ 38.105355][ C0] ? walk_component+0x33a/0x790 [ 38.110196][ C0] security_inode_permission+0x94/0x120 [ 38.115720][ C0] inode_permission+0xe0/0x520 [ 38.120460][ C0] link_path_walk+0x1f8/0xbf0 [ 38.125121][ C0] ? path_init+0x1130/0x1130 [ 38.129686][ C0] ? __x64_sys_newfstatat+0x9b/0xb0 [ 38.134858][ C0] ? do_syscall_64+0x31/0x70 [ 38.139426][ C0] path_lookupat+0xab/0x6c0 [ 38.143907][ C0] filename_lookup+0x23f/0x6c0 [ 38.148648][ C0] ? hashlen_string+0x120/0x120 [ 38.153476][ C0] ? getname_flags+0x207/0x650 [ 38.158216][ C0] user_path_at_empty+0x40/0x50 [ 38.163042][ C0] vfs_statx+0x10a/0x3f0 [ 38.167272][ C0] ? vfs_fstatat+0x40/0x40 [ 38.171663][ C0] __se_sys_newfstatat+0xc8/0x760 [ 38.176684][ C0] ? kmem_cache_free+0xaa/0x1e0 [ 38.181511][ C0] ? __x64_sys_newfstatat+0xb0/0xb0 [ 38.186684][ C0] ? rcu_force_quiescent_state+0x180/0x180 [ 38.192467][ C0] ? __kasan_slab_free+0x11/0x20 [ 38.197380][ C0] ? slab_free_freelist_hook+0xb2/0x180 [ 38.202901][ C0] ? percpu_counter_add_batch+0x14b/0x170 [ 38.208596][ C0] ? unlock_page_memcg+0x130/0x130 [ 38.213689][ C0] ? debug_smp_processor_id+0x1c/0x20 [ 38.219039][ C0] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 38.225083][ C0] __x64_sys_newfstatat+0x9b/0xb0 [ 38.230086][ C0] do_syscall_64+0x31/0x70 [ 38.234497][ C0] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 38.240382][ C0] RIP: 0033:0x7f4a0e62ee6a [ 38.244782][ C0] Code: 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 0b 00 00 00 66 2e 0f 1f 84 00 00 00 00 00 90 41 89 ca b8 06 01 00 00 0f 05 <3d> 00 f0 ff ff 77 07 31 c0 c3 0f 1f 40 00 f7 d8 89 05 28 23 01 00 [ 38.264368][ C0] RSP: 002b:00007fff7b657d18 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 [ 38.272759][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4a0e62ee6a [ 38.280728][ C0] RDX: 00007fff7b657dd0 RSI: 00007fff7b657d20 RDI: 00000000ffffff9c [ 38.288679][ C0] RBP: 00007fff7b657e90 R08: 00000000ffffffff R09: 00007fff7b657d20 [ 38.296627][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 38.304579][ C0] R13: 00007fff7b657d2b R14: 00007fff7b657d20 R15: 00007f4a0e641e00 [ 38.312543][ C0] Modules linked in: [ 38.316451][ T23] audit: type=1400 audit(1634917811.170:108): avc: denied { name_bind } for pid=656 comm="syz-executor.3" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 15:50:11 executing program 5: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$sock(r0, &(0x7f000000d000)=[{{0x0, 0x0, &(0x7f0000003240)=[{&(0x7f0000003100)="dc", 0x1}], 0x1}}], 0x1, 0x0) recvmmsg$unix(r1, 0x0, 0x0, 0x0, 0x0) 15:50:11 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, &(0x7f0000000180)) 15:50:11 executing program 1: syz_emit_ethernet(0x56, &(0x7f00000033c0)={@broadcast, @empty, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6ef784", 0x20, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', {[@srh, @dstopts={0x1, 0x1, '\x00', [@ra, @generic={0x0, 0x3, "a311dd"}]}]}}}}}, 0x0) [ 38.316476][ C0] ---[ end trace 2780249781a37ced ]--- [ 38.343704][ C0] RIP: 0010:skb_panic+0x14f/0x160 [ 38.348754][ C0] Code: 87 85 48 8b 75 c0 48 8b 55 b8 8b 4d d4 44 8b 45 d0 4c 8b 4d c8 b8 00 00 00 00 53 41 56 41 55 41 54 e8 2c 61 89 fd 48 83 c4 20 <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 41 [ 38.368396][ C0] RSP: 0018:ffffc90000006ee8 EFLAGS: 00010286 [ 38.374638][ C0] RAX: 0000000000000087 RBX: ffffffff85873b60 RCX: a3747c18861db300 [ 38.378575][ T23] audit: type=1400 audit(1634917811.170:109): avc: denied { node_bind } for pid=656 comm="syz-executor.3" saddr=224.0.0.2 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 38.382629][ C0] RDX: 0000000000000703 RSI: 0000000000000703 RDI: 0000000000000000 [ 38.407159][ T23] audit: type=1400 audit(1634917811.740:110): avc: denied { bind } for pid=656 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 38.412841][ C0] RBP: ffffc90000006f30 R08: ffffffff81545368 R09: ffffed103ee095d8 [ 38.412857][ C0] R10: ffffed103ee095d8 R11: 0000000000000000 R12: ffff8881163ba000 [ 38.448423][ C0] R13: 00000000000000b8 R14: 0000000000000080 R15: dffffc0000000000 [ 38.456417][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 38.465375][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 38.472077][ C0] CR2: 00007f4a0e371270 CR3: 0000000116b19000 CR4: 00000000003506b0 [ 38.480085][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 38.488043][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 38.496001][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 38.503420][ C0] Kernel Offset: disabled [ 38.507724][ C0] Rebooting in 86400 seconds..