last executing test programs: 18.078469273s ago: executing program 0 (id=7492): r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_PUBL_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x14}, 0x14}}, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NLBL_CALIPSO_C_REMOVE(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x24, r2, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x11) close_range(0xffffffffffffffff, r0, 0x2) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000004b00)={0x14}, 0x14}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) setxattr$smack_xattr_label(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000380)='security.SMACK64IPIN\x00', 0x0, 0x0, 0x3) 17.91452569s ago: executing program 0 (id=7493): r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_DEFRAG(r0, 0x4c80, 0x700) socketpair(0x1d, 0x3, 0x2, &(0x7f0000000040)={0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000080)=@abs={0x0, 0x0, 0x4e20}, 0x6e) 17.784370515s ago: executing program 0 (id=7494): setresuid(0x0, 0xee00, 0x0) sendmsg$IPSET_CMD_SWAP(0xffffffffffffffff, 0x0, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = dup3(r1, r0, 0x0) r3 = accept4$inet(r2, 0x0, 0x0, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(r3, 0x5411, &(0x7f0000000040)) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x2) sendmsg$NL80211_CMD_SET_MPATH(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {{}, {@void, @void}}}, 0x14}}, 0x40) getpeername(r4, 0x0, 0x0) r5 = syz_open_dev$mouse(&(0x7f0000000000), 0x4, 0x242) ioctl$KDSKBSENT(r5, 0x5451, 0x0) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x5451, 0x0) semget(0x0, 0x3, 0x220) 17.615626812s ago: executing program 0 (id=7495): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2000000000000002) syz_clone(0x8088200, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, 0x0) r0 = socket(0xf, 0xa, 0x4) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r0, 0x118, 0x1, 0x0, 0x0) 16.354527372s ago: executing program 0 (id=7496): r0 = socket$l2tp(0x2, 0x2, 0x73) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_RECONFIGURE(r1, 0x0, 0x0) syz_genetlink_get_family_id$nfc(0x0, r1) syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r1) sendmsg$NLBL_CIPSOV4_C_REMOVE(r1, 0x0, 0x200040c0) sendto$l2tp(r0, 0x0, 0x0, 0xbdd144ab34ec3040, &(0x7f0000000000)={0x2, 0x0, @empty, 0x2}, 0x10) socketpair(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r2, r3, 0x0) sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) socket$inet_icmp_raw(0x2e, 0x3, 0x1) ioctl$KDGETLED(r4, 0x4b31, &(0x7f0000000080)) r5 = syz_genetlink_get_family_id$gtp(&(0x7f00000000c0), r4) sendmsg$GTP_CMD_DELPDP(r2, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x28, r5, 0x200, 0x70bd2b, 0x25dfdbfd, {}, [@GTPA_PEER_ADDR6={0x14, 0xb, @dev={0xfe, 0x80, '\x00', 0x1e}}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0) 15.832215032s ago: executing program 0 (id=7498): r0 = socket$inet(0x2, 0x3, 0x1) ioctl$IOC_WATCH_QUEUE_SET_SIZE(r0, 0x5451, 0x0) setresuid(0x0, 0xee00, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x2, 0x0, 0x0, 0x8, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$inet6(0xa, 0x80000, 0x0) r4 = dup3(r3, 0xffffffffffffffff, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000000)) ptrace(0x10, r2) pipe2$watch_queue(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0xb82e336200000000) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_MPP(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYRESOCT=r5, @ANYBLOB="1b798d02ea32cb1b610d39d2108b4347479f4c2fab0d1ce9c35eaadd6ff0f6b13b0e21b412a50250d052c70f81e9404f721557cf218a5ac5f37d3be35b0365b10e1e9134", @ANYRESOCT=r7], 0x1c}, 0x1, 0x0, 0x0, 0x24040040}, 0x8000) r8 = socket$inet(0x2, 0x2, 0x0) ioctl$EXT4_IOC_GETSTATE(r8, 0x5451, 0x0) recvmsg$can_bcm(r6, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x40010000) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x11, 0x0, 0x0) 1.897835905s ago: executing program 1 (id=7528): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000000feffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r1}, 0x18) r2 = socket$kcm(0x21, 0x2, 0x2) recvmsg$kcm(r2, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) 1.673296424s ago: executing program 1 (id=7529): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x29, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb904021d08007b490d4f1e81f8d815000100ff05142603600e12080005007a010401a80016002000034004e00000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x0) 1.536269659s ago: executing program 1 (id=7530): r0 = socket$kcm(0x2b, 0x1, 0x0) setsockopt$sock_attach_bpf(r0, 0x11e, 0x6, 0x0, 0x0) 1.176358704s ago: executing program 1 (id=7531): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0xc) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r2, 0x2000012, 0x100e, 0x2, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 134.644715ms ago: executing program 1 (id=7532): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00'}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x2, &(0x7f0000000200)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x3, 0xe5, &(0x7f0000000240)=""/229, 0x0, 0x1c}, 0x94) 0s ago: executing program 1 (id=7533): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7020000010000e1850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:46526' (ED25519) to the list of known hosts. syzkaller login: [ 128.167670][ T3311] cgroup: Unknown subsys name 'net' [ 128.473449][ T3311] cgroup: Unknown subsys name 'cpuset' [ 128.512041][ T3311] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 129.225405][ T3311] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 142.836502][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 142.862926][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 143.224593][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 143.265826][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 144.883109][ T3317] hsr_slave_0: entered promiscuous mode [ 144.894208][ T3317] hsr_slave_1: entered promiscuous mode [ 145.241070][ T3316] hsr_slave_0: entered promiscuous mode [ 145.252287][ T3316] hsr_slave_1: entered promiscuous mode [ 145.258287][ T3316] debugfs: 'hsr0' already exists in 'hsr' [ 145.264353][ T3316] Cannot create hsr debugfs directory [ 146.690583][ T3317] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 146.740488][ T3317] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 146.813048][ T3317] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 146.843683][ T3317] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 147.076038][ T3316] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 147.128513][ T3316] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 147.163559][ T3316] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 147.217017][ T3316] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 148.324824][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.751023][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.898125][ T3317] veth0_vlan: entered promiscuous mode [ 153.979785][ T3317] veth1_vlan: entered promiscuous mode [ 154.238442][ T3317] veth0_macvtap: entered promiscuous mode [ 154.328442][ T3317] veth1_macvtap: entered promiscuous mode [ 154.420015][ T3316] veth0_vlan: entered promiscuous mode [ 154.506469][ T3316] veth1_vlan: entered promiscuous mode [ 154.751235][ T40] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.752437][ T40] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.752802][ T40] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 154.753136][ T40] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.076449][ T3316] veth0_macvtap: entered promiscuous mode [ 155.177954][ T3316] veth1_macvtap: entered promiscuous mode [ 155.541767][ T3317] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 155.542637][ T40] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.543214][ T40] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.543573][ T40] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.543983][ T40] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.478122][ T3500] fuse: root generation should be zero [ 167.310454][ T3431] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 167.469736][ T3431] usb 1-1: Using ep0 maxpacket: 32 [ 167.493520][ T3431] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.494286][ T3431] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.494776][ T3431] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 167.495776][ T3431] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 167.496080][ T3431] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.525878][ T3431] usb 1-1: config 0 descriptor?? [ 167.989339][ T3431] hid-generic 0003:1B96:000A.0001: unknown main item tag 0x0 [ 167.990014][ T3431] hid-generic 0003:1B96:000A.0001: unknown main item tag 0x0 [ 167.992009][ T3431] hid-generic 0003:1B96:000A.0001: unknown main item tag 0x0 [ 167.992196][ T3431] hid-generic 0003:1B96:000A.0001: unknown main item tag 0x0 [ 167.992327][ T3431] hid-generic 0003:1B96:000A.0001: unknown main item tag 0x0 [ 168.005486][ T3431] hid-generic 0003:1B96:000A.0001: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0 [ 170.081390][ T24] usb 1-1: USB disconnect, device number 2 [ 174.618022][ T3549] input: syz0 as /devices/virtual/input/input1 [ 177.020580][ T3553] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 180.941782][ T3572] input: syz0 as /devices/virtual/input/input2 [ 198.706092][ T3617] input: syz0 as /devices/virtual/input/input3 [ 212.993363][ T3648] binder: 3647:3648 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 212.993870][ T3648] binder: 3648 RLIMIT_NICE not set [ 213.519882][ T3648] binder: 3647:3648 ioctl c0306201 20000240 returned -14 [ 231.377212][ T3686] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 231.753948][ T3692] Zero length message leads to an empty skb [ 262.907248][ T3844] input: syz0 as /devices/virtual/input/input4 [ 267.046214][ T3865] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 290.145006][ T3929] serio: Serial port pts0 [ 303.625448][ T3963] serio: Serial port pts1 [ 306.219992][ T3972] serio: Serial port pts0 [ 321.664841][ T3993] input: syz0 as /devices/virtual/input/input5 [ 347.989935][ T4091] serio: Serial port pts0 [ 356.650442][ T4117] input: syz0 as /devices/virtual/input/input6 [ 369.781034][ T4146] input: syz0 as /devices/virtual/input/input7 [ 404.040185][ T4288] serio: Serial port pts0 [ 405.465070][ T4298] serio: Serial port pts1 [ 409.783415][ T4304] input: syz0 as /devices/virtual/input/input8 [ 427.736996][ T4328] serio: Serial port pts0 [ 442.911113][ T4338] capability: warning: `syz.1.309' uses deprecated v2 capabilities in a way that may be insecure [ 445.603220][ T4346] input: syz0 as /devices/virtual/input/input9 [ 447.307683][ T4351] input: syz0 as /devices/virtual/input/input10 [ 465.170344][ T4355] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 497.711377][ T4467] input: syz0 as /devices/virtual/input/input11 [ 515.850411][ T4505] input: syz0 as /devices/virtual/input/input12 [ 533.415275][ T4523] input: syz0 as /devices/virtual/input/input13 [ 535.725692][ T4539] serio: Serial port pts0 [ 546.875057][ T4566] input: syz0 as /devices/virtual/input/input14 [ 548.847350][ T4573] serio: Serial port pts0 [ 572.383992][ T4607] serio: Serial port pts0 [ 593.413184][ T4681] input: syz0 as /devices/virtual/input/input15 [ 610.384607][ T4706] input: syz0 as /devices/virtual/input/input16 [ 636.069280][ T4761] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 641.700105][ T4808] serio: Serial port pts0 [ 653.912042][ T4862] serio: Serial port pts1 [ 658.783431][ T4883] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 660.240383][ T4889] serio: Serial port pts0 [ 698.604041][ T5070] input: syz0 as /devices/virtual/input/input17 [ 718.760275][ T5089] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 722.817891][ T5124] input: syz0 as /devices/virtual/input/input18 [ 751.895850][ T5211] serio: Serial port pts0 [ 762.567446][ T5235] serio: Serial port pts1 [ 790.186370][ T5375] input: syz0 as /devices/virtual/input/input19 [ 806.763460][ T5406] input: syz0 as /devices/virtual/input/input20 [ 831.000608][ T5496] serio: Serial port pts0 [ 841.240090][ T5528] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 845.318913][ C0] hrtimer: interrupt took 739150 ns [ 853.000024][ T5565] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 857.477706][ T5611] serio: Serial port pts0 [ 887.070171][ T5774] serio: Serial port pts0 [ 893.038490][ T5804] input: syz0 as /devices/virtual/input/input21 [ 917.263083][ T5886] input: syz1 as /devices/virtual/input/input22 [ 932.374402][ T5939] syz.0.883 uses obsolete (PF_INET,SOCK_PACKET) [ 933.879705][ T2171] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 933.882690][ T2171] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 933.885013][ T2171] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 933.888420][ T2171] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 949.653331][ T6054] serio: Serial port pts0 [ 950.189752][ T6058] input: syz0 as /devices/virtual/input/input23 [ 973.450335][ T6141] serio: Serial port pts0 [ 977.540815][ T6155] input: syz0 as /devices/virtual/input/input24 [ 983.430308][ T6170] input: syz0 as /devices/virtual/input/input25 [ 999.260392][ T6193] input: syz0 as /devices/virtual/input/input26 [ 1002.375131][ T6223] input: syz0 as /devices/virtual/input/input27 [ 1007.982815][ T6264] serio: Serial port pts0 [ 1019.621187][ T6312] input: syz0 as /devices/virtual/input/input28 [ 1023.150451][ T6317] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 1032.742641][ T6343] input: syz0 as /devices/virtual/input/input29 [ 1034.351928][ T6349] input: syz0 as /devices/virtual/input/input30 [ 1053.336901][ T6371] input: syz0 as /devices/virtual/input/input31 [ 1072.120528][ T6419] input: syz0 as /devices/virtual/input/input33 [ 1096.881100][ T6543] serio: Serial port pts0 [ 1115.670773][ T6606] input: syz0 as /devices/virtual/input/input34 [ 1121.211319][ T6630] input: syz0 as /devices/virtual/input/input35 [ 1139.487091][ T6724] serio: Serial port pts0 [ 1141.015634][ T6734] input: syz0 as /devices/virtual/input/input36 [ 1163.833355][ T6801] input: syz0 as /devices/virtual/input/input37 [ 1187.407646][ T6845] serio: Serial port pts0 [ 1196.272610][ T6878] input: syz0 as /devices/virtual/input/input38 [ 1209.900097][ T6906] input: syz0 as /devices/virtual/input/input39 [ 1243.622532][ T7075] serio: Serial port pts0 [ 1245.111728][ T7084] input: syz0 as /devices/virtual/input/input40 [ 1267.351655][ T7161] input: syz0 as /devices/virtual/input/input41 [ 1268.492825][ T7168] serio: Serial port pts0 [ 1287.137676][ T7216] serio: Serial port pts0 [ 1287.878064][ T7221] input: syz0 as /devices/virtual/input/input42 [ 1299.361933][ T7250] input: syz0 as /devices/virtual/input/input43 [ 1302.430344][ T7255] serio: Serial port pts0 [ 1317.899443][ T7279] serio: Serial port pts0 [ 1328.995970][ T7355] input: syz0 as /devices/virtual/input/input44 [ 1330.014071][ T7362] serio: Serial port pts0 [ 1357.718361][ T7465] serio: Serial port pts0 [ 1365.245042][ T7487] input: syz0 as /devices/virtual/input/input45 [ 1369.462924][ T7500] input: syz0 as /devices/virtual/input/input46 [ 1388.382195][ T7556] syz_tun: entered promiscuous mode [ 1401.281994][ T7663] serio: Serial port pts0 [ 1402.230009][ T7668] serio: Serial port pts1 [ 1416.845728][ T7685] input: syz0 as /devices/virtual/input/input47 [ 1423.086097][ T7719] input: syz0 as /devices/virtual/input/input48 [ 1459.056260][ T5023] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1459.101618][ T5023] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1459.172295][ T5023] bond0 (unregistering): Released all slaves [ 1459.542410][ T5023] hsr_slave_0: left promiscuous mode [ 1459.554493][ T5023] hsr_slave_1: left promiscuous mode [ 1465.217496][ T7814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1465.265928][ T7814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1467.605368][ T7897] input: syz0 as /devices/virtual/input/input49 [ 1468.496419][ T7814] hsr_slave_0: entered promiscuous mode [ 1468.513971][ T7814] hsr_slave_1: entered promiscuous mode [ 1468.523376][ T7814] debugfs: 'hsr0' already exists in 'hsr' [ 1468.525982][ T7814] Cannot create hsr debugfs directory [ 1471.367802][ T7814] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1471.455163][ T7814] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1471.515068][ T7814] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1471.586809][ T7814] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1473.681379][ T7814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1482.132324][ T7814] veth0_vlan: entered promiscuous mode [ 1482.197076][ T7814] veth1_vlan: entered promiscuous mode [ 1482.467436][ T7814] veth0_macvtap: entered promiscuous mode [ 1482.511479][ T7814] veth1_macvtap: entered promiscuous mode [ 1482.787028][ T5023] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1482.791746][ T5023] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1482.807599][ T5023] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1482.841369][ T5023] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1483.620359][ T7985] serio: Serial port pts0 [ 1494.697020][ T8001] input: syz0 as /devices/virtual/input/input50 [ 1496.853905][ T8010] input: syz0 as /devices/virtual/input/input51 [ 1520.523226][ T8125] serio: Serial port pts0 [ 1522.213103][ T8137] serio: Serial port pts1 [ 1528.795309][ T8160] input: syz0 as /devices/virtual/input/input52 [ 1532.074560][ T8186] input: syz0 as /devices/virtual/input/input53 [ 1533.140172][ T8191] serio: Serial port pts0 [ 1550.871004][ T8221] input: syz0 as /devices/virtual/input/input54 [ 1553.891759][ T8238] serio: Serial port pts0 [ 1568.468340][ T8248] process 'syz.1.1657' launched './file0' with NULL argv: empty string added [ 1573.869519][ T8312] serio: Serial port pts0 [ 1589.142991][ T8368] input: syz0 as /devices/virtual/input/input55 [ 1589.635775][ T8372] serio: Serial port pts0 [ 1618.106682][ T8481] serio: Serial port pts0 [ 1704.784843][ T9000] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1919'. [ 1797.119995][ T878] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1797.270325][ T878] usb 1-1: Using ep0 maxpacket: 8 [ 1797.307200][ T878] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 1797.307824][ T878] usb 1-1: config 179 has no interface number 0 [ 1797.309127][ T878] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1797.309579][ T878] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1029, setting to 1024 [ 1797.310177][ T878] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1797.310515][ T878] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1797.310824][ T878] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1797.311311][ T878] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1797.311522][ T878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1797.428494][ T9711] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1797.625722][ T878] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input56 [ 1798.298320][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1798.299562][ T878] usb 1-1: USB disconnect, device number 3 [ 1833.047313][ T9928] loop7: detected capacity change from 0 to 16385 [ 1837.920063][ T6758] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 2002.443988][T11155] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2661'. [ 2052.330727][T11516] input: syz0 as /devices/virtual/input/input58 [ 2170.510247][T12362] fuse: Bad value for 'fd' [ 2261.186348][T13072] input: syz0 as /devices/virtual/input/input59 [ 2313.378500][ T4900] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 2313.579707][ T4900] usb 1-1: Using ep0 maxpacket: 16 [ 2313.600792][ T4900] usb 1-1: config 0 has no interfaces? [ 2313.621098][ T4900] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 2313.621414][ T4900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2313.621822][ T4900] usb 1-1: Product: syz [ 2313.622019][ T4900] usb 1-1: Manufacturer: syz [ 2313.622211][ T4900] usb 1-1: SerialNumber: syz [ 2313.641723][ T4900] usb 1-1: config 0 descriptor?? [ 2319.303513][ T6915] usb 1-1: USB disconnect, device number 5 [ 2326.369637][T10312] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 2326.539348][T10312] usb 1-1: Using ep0 maxpacket: 32 [ 2326.569748][T10312] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2326.570357][T10312] usb 1-1: config 0 has no interfaces? [ 2326.571020][T10312] usb 1-1: New USB device found, idVendor=04dd, idProduct=8007, bcdDevice=bb.c7 [ 2326.571353][T10312] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2326.595281][T10312] usb 1-1: config 0 descriptor?? [ 2326.874933][T10312] usb 1-1: string descriptor 0 read error: -71 [ 2326.915481][T10312] usb 1-1: USB disconnect, device number 6 [ 2364.104472][T13729] dvmrp1: entered allmulticast mode [ 2517.511918][T14866] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3942'. [ 2634.467914][T15762] lo: entered promiscuous mode [ 2634.494488][T15762] lo: left promiscuous mode [ 2694.103870][T16256] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2694.223141][T16256] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2694.312600][T16256] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2694.391628][T16256] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2694.711590][ T9612] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2694.795251][ T5023] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2694.838142][ T9612] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2694.870432][ T9612] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2816.425671][T17104] "syz.1.4723" (17104) uses obsolete ecb(arc4) skcipher [ 2843.406329][T17321] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4798'. [ 2852.563850][T17384] 8021q: VLANs not supported on ip6_vti0 [ 2874.803207][T17516] syz_tun: entered allmulticast mode [ 2874.813541][T17515] syz_tun: left allmulticast mode [ 2946.510973][T17962] : renamed from ipvlan1 [ 2952.267976][T18021] lo: entered promiscuous mode [ 2952.274099][T18020] lo: left promiscuous mode [ 3111.370154][ T3462] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 3111.539532][ T3462] usb 1-1: Using ep0 maxpacket: 16 [ 3111.554590][ T3462] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3111.558470][ T3462] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 16 [ 3111.563938][ T3462] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 3111.584517][ T3462] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 3111.584861][ T3462] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3111.586719][ T3462] usb 1-1: Product: syz [ 3111.586842][ T3462] usb 1-1: Manufacturer: syz [ 3111.586946][ T3462] usb 1-1: SerialNumber: syz [ 3111.868485][T19003] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 3111.872464][T19003] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 3112.316964][ T3462] cdc_ncm 1-1:1.0: failed GET_NTB_PARAMETERS [ 3112.324007][ T3462] cdc_ncm 1-1:1.0: bind() failure [ 3112.358203][ T3462] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 3112.363531][ T3462] cdc_ncm 1-1:1.1: bind() failure [ 3112.390077][ T3462] usb 1-1: USB disconnect, device number 7 [ 3143.547032][T19192] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5463'. [ 3163.407012][ C0] vcan0: j1939_tp_rxtimer: 0x0000000007d9870d: rx timeout, send abort [ 3163.909304][ C0] vcan0: j1939_tp_rxtimer: 0x0000000007d9870d: abort rx timeout. Force session deactivation [ 3176.945195][T19348] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5515'. [ 3250.760161][ T3462] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 3251.067980][ T3462] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 3251.069412][ T3462] usb 1-1: can't read configurations, error -71 [ 3309.264364][T20000] syz.1.5741 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 3309.266082][T20000] 8021q: VLANs not supported on ip6_vti0 [ 3348.513814][ T3462] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 3348.540177][ T3462] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 3406.840147][T20276] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 3407.011563][T20276] usb 1-1: Using ep0 maxpacket: 32 [ 3407.041342][T20276] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 3407.042469][T20276] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 3407.042693][T20276] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3407.063912][T20276] usb 1-1: config 0 descriptor?? [ 3407.394402][T20276] usb 1-1: string descriptor 0 read error: -71 [ 3407.408360][T20276] hub 1-1:0.0: bad descriptor, ignoring hub [ 3407.409911][T20276] hub 1-1:0.0: probe with driver hub failed with error -5 [ 3407.531002][T20276] usb 1-1: USB disconnect, device number 10 [ 3440.923514][ T40] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3440.924340][ T40] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3440.924768][ T40] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3440.925127][ T40] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3451.059743][T20587] binder: 20586:20587 tried to acquire reference to desc 0, got 1 instead [ 3453.110419][T20276] binder: release 20586:20587 transaction 8 out, still active [ 3453.111222][T20276] binder: undelivered TRANSACTION_COMPLETE [ 3453.138281][T15964] binder: send failed reply for transaction 8, target dead [ 3475.209857][T20684] serio: Serial port pts0 [ 3543.725289][T20973] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6069'. [ 3543.812467][T20973] vxcan3: entered promiscuous mode [ 3544.356183][T20976] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6069'. [ 3560.488025][T21030] netlink: 'syz.0.6089': attribute type 27 has an invalid length. [ 3583.808108][T21146] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 3584.451830][T21156] fuse: Bad value for 'fd' [ 3663.004511][ T30] audit: type=1326 audit(3662.790:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21419 comm="syz.0.6230" exe="/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9d95b3a8 code=0x0 [ 3686.637504][T21484] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6250'. [ 3739.730578][T21683] netlink: 9 bytes leftover after parsing attributes in process `syz.1.6317'. [ 3742.215332][T21683] gretap0: entered promiscuous mode [ 3799.300133][T21911] 8021q: VLANs not supported on vcan0 [ 3821.735601][T22012] netlink: 'syz.1.6433': attribute type 4 has an invalid length. [ 3823.939359][ T4900] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 3824.089791][ T4900] usb 1-1: Using ep0 maxpacket: 16 [ 3824.129663][ T4900] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 3824.130195][ T4900] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 3824.130513][ T4900] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 3824.154619][ T4900] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 3824.155336][ T4900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3824.155701][ T4900] usb 1-1: Product: syz [ 3824.155911][ T4900] usb 1-1: Manufacturer: syz [ 3824.156090][ T4900] usb 1-1: SerialNumber: syz [ 3824.672761][ T4900] usb 1-1: 0:2 : does not exist [ 3824.871360][ T4900] usb 1-1: USB disconnect, device number 11 [ 3825.171480][T22023] udevd[22023]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 3825.520152][ T4900] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 3825.744682][ T4900] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 3825.745559][ T4900] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 3825.745877][ T4900] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 3825.746315][ T4900] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 3825.844924][ T4900] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 3825.845486][ T4900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3825.846077][ T4900] usb 1-1: Product: syz [ 3825.846275][ T4900] usb 1-1: Manufacturer: syz [ 3825.846466][ T4900] usb 1-1: SerialNumber: syz [ 3825.905509][T22028] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 3826.369645][ T4900] cdc_ncm 1-1:1.0: bind() failure [ 3826.485070][ T4900] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71 [ 3826.493899][ T4900] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71 [ 3826.519485][ T4900] usbtest 1-1:1.1: probe with driver usbtest failed with error -71 [ 3826.562226][ T4900] usb 1-1: USB disconnect, device number 12 [ 3835.667374][T22073] "syz.1.6457" (22073) uses obsolete ecb(arc4) skcipher [ 3836.009754][T22075] "syz.1.6458" (22075) uses obsolete ecb(arc4) skcipher [ 3837.642722][T22085] "syz.1.6463" (22085) uses obsolete ecb(arc4) skcipher [ 3839.020408][T15964] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 3839.182083][T15964] usb 1-1: Using ep0 maxpacket: 32 [ 3839.247829][T15964] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 3839.248389][T15964] usb 1-1: config 0 has no interface number 0 [ 3839.250709][T15964] usb 1-1: config 0 interface 184 has no altsetting 0 [ 3839.277539][T15964] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 3839.281821][T15964] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3839.284707][T15964] usb 1-1: Product: syz [ 3839.286499][T15964] usb 1-1: Manufacturer: syz [ 3839.288366][T15964] usb 1-1: SerialNumber: syz [ 3839.318028][T15964] usb 1-1: config 0 descriptor?? [ 3839.374771][T15964] smsc75xx v1.0.0 [ 3839.782718][T15964] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 3839.786969][T15964] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 3839.791812][T15964] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 3839.796345][T15964] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71 [ 3839.817222][T15964] usb 1-1: USB disconnect, device number 13 [ 3868.472064][T22362] mmap: syz.0.6587 (22362) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 3884.238057][T22431] "syz.1.6611" (22431) uses obsolete ecb(arc4) skcipher [ 3909.203926][T22506] netlink: 'syz.1.6635': attribute type 4 has an invalid length. [ 3913.082614][T22528] netlink: 'syz.0.6642': attribute type 4 has an invalid length. [ 3916.864016][T22546] netlink: 'syz.0.6647': attribute type 4 has an invalid length. [ 3920.901552][T22560] netlink: 'syz.0.6652': attribute type 4 has an invalid length. [ 3946.653662][T21749] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 3946.860529][T21749] usb 1-1: Using ep0 maxpacket: 16 [ 3946.941255][T21749] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 3946.945545][T21749] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 3946.953914][T21749] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 3946.970525][T21749] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 3946.998068][T21749] usb 1-1: config 0 descriptor?? [ 3947.799448][T21749] hid-generic 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 3948.303892][T22686] netlink: 'syz.1.6694': attribute type 4 has an invalid length. [ 3955.163065][T22703] netlink: 'syz.1.6701': attribute type 4 has an invalid length. [ 3961.452590][ T3462] usb 1-1: USB disconnect, device number 14 [ 3981.550615][T21749] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 3981.747326][T21749] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 57662, setting to 64 [ 3981.771963][T21749] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 3981.775140][T21749] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3981.777684][T21749] usb 1-1: Product: syz [ 3981.780308][T21749] usb 1-1: Manufacturer: syz [ 3981.781725][T21749] usb 1-1: SerialNumber: syz [ 3982.090190][T21749] cdc_ncm 1-1:1.0: bind() failure [ 3982.116110][T21749] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 3982.118132][T21749] cdc_ncm 1-1:1.1: bind() failure [ 3982.135940][T21749] usb 1-1: USB disconnect, device number 15 [ 4020.563416][T23007] capability: warning: `syz.1.6805' uses 32-bit capabilities (legacy support in use) [ 4045.497184][T23137] netlink: 'syz.0.6856': attribute type 4 has an invalid length. [ 4053.070394][T23179] input: syz0 as /devices/virtual/input/input61 [ 4090.650363][ T3462] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 4090.810096][ T3462] usb 1-1: Using ep0 maxpacket: 32 [ 4090.850370][ T3462] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 4090.850898][ T3462] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 4090.855132][ T3462] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 4090.855417][ T3462] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 4090.887534][ T3462] usb 1-1: config 0 descriptor?? [ 4092.167603][ T3462] hid-generic 0003:1E7D:2D5A.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0 [ 4092.759785][ T3462] usb 1-1: USB disconnect, device number 16 [ 4093.200247][ T3462] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 4093.457495][ T3462] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 4093.611549][ T3462] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 4093.612268][ T3462] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 4093.612801][ T3462] usb 1-1: Product: syz [ 4093.612999][ T3462] usb 1-1: Manufacturer: syz [ 4093.613179][ T3462] usb 1-1: SerialNumber: syz [ 4093.647351][T23360] fido_id[23360]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 4094.742125][ T3462] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 4094.743639][ T3462] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 4094.743891][ T3462] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 4094.960785][ T3462] cdc_ncm 1-1:1.0: setting tx_max = 36 [ 4095.000699][ T3462] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 4095.867328][T21749] usb 1-1: USB disconnect, device number 17 [ 4095.891428][T21749] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP) [ 4096.403920][T23379] input: syz0 as /devices/virtual/input/input62 [ 4128.417960][T23564] "syz.0.6988" (23564) uses obsolete ecb(arc4) skcipher [ 4147.332194][T23728] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4147.447443][T23728] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4147.576771][T23728] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4147.697737][T23728] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4147.776931][T23738] netlink: 40 bytes leftover after parsing attributes in process `syz.1.7051'. [ 4148.012346][T23489] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 4148.093729][T23489] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 4148.153270][T23489] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 4148.253808][T23482] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 4152.171878][ T30] audit: type=1107 audit(4151.960:3): pid=23810 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='êè:™' [ 4156.124584][T23865] ======================================================= [ 4156.124584][T23865] WARNING: The mand mount option has been deprecated and [ 4156.124584][T23865] and is ignored by this kernel. Remove the mand [ 4156.124584][T23865] option from the mount to silence this warning. [ 4156.124584][T23865] ======================================================= [ 4173.628216][T23965] fuse: Bad value for 'fd' [ 4174.950480][T23991] fuse: Bad value for 'fd' [ 4176.241517][T24008] FAULT_INJECTION: forcing a failure. [ 4176.241517][T24008] name failslab, interval 1, probability 0, space 0, times 1 [ 4176.242316][T24008] CPU: 1 UID: 0 PID: 24008 Comm: syz.0.7163 Not tainted syzkaller #0 PREEMPT [ 4176.242533][T24008] Hardware name: linux,dummy-virt (DT) [ 4176.242941][T24008] Call trace: [ 4176.243610][T24008] show_stack+0x18/0x24 (C) [ 4176.245174][T24008] dump_stack_lvl+0x78/0x90 [ 4176.245388][T24008] dump_stack+0x18/0x24 [ 4176.245580][T24008] should_fail_ex+0x1dc/0x234 [ 4176.245715][T24008] should_failslab+0x54/0x80 [ 4176.245843][T24008] kmem_cache_alloc_noprof+0x54/0x52c [ 4176.245977][T24008] getname_flags.part.0+0x2c/0x1bc [ 4176.246154][T24008] getname_flags+0x38/0x60 [ 4176.246284][T24008] do_sys_openat2+0x5c/0xe8 [ 4176.246412][T24008] __arm64_sys_openat+0x64/0xa8 [ 4176.246537][T24008] invoke_syscall+0x48/0x110 [ 4176.246665][T24008] el0_svc_common.constprop.0+0x40/0xe0 [ 4176.246794][T24008] do_el0_svc+0x1c/0x28 [ 4176.246924][T24008] el0_svc+0x34/0x10c [ 4176.247093][T24008] el0t_64_sync_handler+0xa0/0xe4 [ 4176.247224][T24008] el0t_64_sync+0x1a4/0x1a8 [ 4181.428413][T24050] fuse: Bad value for 'fd' [ 4185.963803][T24092] fuse: Bad value for 'fd' [ 4186.586477][T24104] fuse: Bad value for 'fd' [ 4187.282220][T24117] fuse: Bad value for 'fd' [ 4188.292247][T24127] fuse: Bad value for 'fd' [ 4189.420394][T24143] mmap: syz.1.7220 (24143): VmData 29237248 exceed data ulimit 2050. Update limits or use boot option ignore_rlimit_data. [ 4196.968090][T24214] FAULT_INJECTION: forcing a failure. [ 4196.968090][T24214] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 4196.969965][T24214] CPU: 1 UID: 0 PID: 24214 Comm: syz.0.7247 Not tainted syzkaller #0 PREEMPT [ 4196.970267][T24214] Hardware name: linux,dummy-virt (DT) [ 4196.970382][T24214] Call trace: [ 4196.970500][T24214] show_stack+0x18/0x24 (C) [ 4196.971005][T24214] dump_stack_lvl+0x78/0x90 [ 4196.971259][T24214] dump_stack+0x18/0x24 [ 4196.971583][T24214] should_fail_ex+0x1dc/0x234 [ 4196.971989][T24214] should_fail+0x14/0x24 [ 4196.972270][T24214] should_fail_usercopy+0x1c/0x28 [ 4196.972540][T24214] simple_read_from_buffer+0x5c/0x138 [ 4196.972809][T24214] proc_fail_nth_read+0xac/0x134 [ 4196.973058][T24214] vfs_read+0xc0/0x318 [ 4196.973323][T24214] ksys_read+0x6c/0x100 [ 4196.973595][T24214] __arm64_sys_read+0x1c/0x28 [ 4196.973827][T24214] invoke_syscall+0x48/0x110 [ 4196.974098][T24214] el0_svc_common.constprop.0+0x40/0xe0 [ 4196.974353][T24214] do_el0_svc+0x1c/0x28 [ 4196.974616][T24214] el0_svc+0x34/0x10c [ 4196.974879][T24214] el0t_64_sync_handler+0xa0/0xe4 [ 4196.975140][T24214] el0t_64_sync+0x1a4/0x1a8 [ 4197.196266][T24218] Injecting memory failure for pfn 0x6708f at process virtual address 0x20000000 [ 4197.207464][T24218] Memory failure: 0x6708f: Sending SIGBUS to syz.1.7249:24218 due to hardware memory corruption [ 4197.211689][T24218] Memory failure: 0x6708f: recovery action for dirty LRU page: Recovered [ 4197.212022][T24218] Injecting memory failure for pfn 0x580df at process virtual address 0x20001000 [ 4197.237503][T24218] Memory failure: 0x580df: Sending SIGBUS to syz.1.7249:24218 due to hardware memory corruption [ 4197.238350][T24218] Memory failure: 0x580df: recovery action for dirty LRU page: Recovered [ 4197.253479][T24218] Injecting memory failure for pfn 0x4fd18 at process virtual address 0x20002000 [ 4197.259718][T24218] Memory failure: 0x4fd18: Sending SIGBUS to syz.1.7249:24218 due to hardware memory corruption [ 4197.260460][T24218] Memory failure: 0x4fd18: recovery action for dirty LRU page: Recovered [ 4197.260760][T24218] Injecting memory failure for pfn 0x42dd7 at process virtual address 0x20003000 [ 4197.271352][T24218] Memory failure: 0x42dd7: recovery action for reserved kernel page: Ignored [ 4209.327072][T24368] netlink: 'syz.0.7307': attribute type 4 has an invalid length. [ 4209.897628][T24378] "syz.1.7309" (24378) uses obsolete ecb(arc4) skcipher [ 4211.906506][T24409] FAULT_INJECTION: forcing a failure. [ 4211.906506][T24409] name failslab, interval 1, probability 0, space 0, times 0 [ 4211.907179][T24409] CPU: 1 UID: 0 PID: 24409 Comm: syz.0.7323 Not tainted syzkaller #0 PREEMPT [ 4211.907439][T24409] Hardware name: linux,dummy-virt (DT) [ 4211.907540][T24409] Call trace: [ 4211.907606][T24409] show_stack+0x18/0x24 (C) [ 4211.907758][T24409] dump_stack_lvl+0x78/0x90 [ 4211.907890][T24409] dump_stack+0x18/0x24 [ 4211.908015][T24409] should_fail_ex+0x1dc/0x234 [ 4211.908150][T24409] should_failslab+0x54/0x80 [ 4211.908279][T24409] kmem_cache_alloc_node_noprof+0x5c/0x530 [ 4211.908423][T24409] __alloc_skb+0x150/0x194 [ 4211.908617][T24409] netlink_alloc_large_skb+0x98/0xbc [ 4211.908764][T24409] netlink_sendmsg+0x10c/0x3fc [ 4211.908907][T24409] __sock_sendmsg+0x54/0x60 [ 4211.909054][T24409] ____sys_sendmsg+0x234/0x29c [ 4211.909200][T24409] ___sys_sendmsg+0xac/0x100 [ 4211.909350][T24409] __sys_sendmsg+0x98/0xf8 [ 4211.909494][T24409] __arm64_sys_sendmsg+0x24/0x30 [ 4211.909667][T24409] invoke_syscall+0x48/0x110 [ 4211.909821][T24409] el0_svc_common.constprop.0+0x40/0xe0 [ 4211.910092][T24409] do_el0_svc+0x1c/0x28 [ 4211.910352][T24409] el0_svc+0x34/0x10c [ 4211.910578][T24409] el0t_64_sync_handler+0xa0/0xe4 [ 4211.910836][T24409] el0t_64_sync+0x1a4/0x1a8 [ 4232.941651][T24678] FAULT_INJECTION: forcing a failure. [ 4232.941651][T24678] name failslab, interval 1, probability 0, space 0, times 0 [ 4232.942255][T24678] CPU: 1 UID: 0 PID: 24678 Comm: syz.0.7420 Not tainted syzkaller #0 PREEMPT [ 4232.942500][T24678] Hardware name: linux,dummy-virt (DT) [ 4232.942605][T24678] Call trace: [ 4232.942693][T24678] show_stack+0x18/0x24 (C) [ 4232.942962][T24678] dump_stack_lvl+0x78/0x90 [ 4232.943182][T24678] dump_stack+0x18/0x24 [ 4232.943490][T24678] should_fail_ex+0x1dc/0x234 [ 4232.943719][T24678] should_failslab+0x54/0x80 [ 4232.943992][T24678] __kmalloc_noprof+0xa8/0x608 [ 4232.944244][T24678] tomoyo_realpath_from_path+0x44/0x1b4 [ 4232.944466][T24678] tomoyo_path_number_perm+0xd8/0x20c [ 4232.944692][T24678] tomoyo_file_ioctl+0x1c/0x28 [ 4232.944918][T24678] security_file_ioctl+0x8c/0x19c [ 4232.945208][T24678] __arm64_sys_ioctl+0x48/0x104 [ 4232.945432][T24678] invoke_syscall+0x48/0x110 [ 4232.945651][T24678] el0_svc_common.constprop.0+0x40/0xe0 [ 4232.945870][T24678] do_el0_svc+0x1c/0x28 [ 4232.946150][T24678] el0_svc+0x34/0x10c [ 4232.946368][T24678] el0t_64_sync_handler+0xa0/0xe4 [ 4232.946732][T24678] el0t_64_sync+0x1a4/0x1a8 [ 4232.962392][T24678] ERROR: Out of memory at tomoyo_realpath_from_path. [ 4233.271597][T24685] input: syz0 as /devices/virtual/input/input63 [ 4234.793042][T24707] FAULT_INJECTION: forcing a failure. [ 4234.793042][T24707] name failslab, interval 1, probability 0, space 0, times 0 [ 4234.797668][T24707] CPU: 1 UID: 0 PID: 24707 Comm: syz.0.7430 Not tainted syzkaller #0 PREEMPT [ 4234.797989][T24707] Hardware name: linux,dummy-virt (DT) [ 4234.798138][T24707] Call trace: [ 4234.798227][T24707] show_stack+0x18/0x24 (C) [ 4234.798470][T24707] dump_stack_lvl+0x78/0x90 [ 4234.798740][T24707] dump_stack+0x18/0x24 [ 4234.798989][T24707] should_fail_ex+0x1dc/0x234 [ 4234.799232][T24707] should_failslab+0x54/0x80 [ 4234.799556][T24707] __kmalloc_noprof+0xa8/0x608 [ 4234.799999][T24707] tomoyo_encode2+0x7c/0x140 [ 4234.800289][T24707] tomoyo_encode+0x28/0x40 [ 4234.800567][T24707] tomoyo_realpath_from_path+0x80/0x1b4 [ 4234.800833][T24707] tomoyo_path_number_perm+0xd8/0x20c [ 4234.801111][T24707] tomoyo_file_ioctl+0x1c/0x28 [ 4234.801359][T24707] security_file_ioctl+0x8c/0x19c [ 4234.801700][T24707] __arm64_sys_ioctl+0x48/0x104 [ 4234.801934][T24707] invoke_syscall+0x48/0x110 [ 4234.802287][T24707] el0_svc_common.constprop.0+0x40/0xe0 [ 4234.802558][T24707] do_el0_svc+0x1c/0x28 [ 4234.802823][T24707] el0_svc+0x34/0x10c [ 4234.803036][T24707] el0t_64_sync_handler+0xa0/0xe4 [ 4234.803399][T24707] el0t_64_sync+0x1a4/0x1a8 [ 4234.809920][T24707] ERROR: Out of memory at tomoyo_realpath_from_path. [ 4238.458238][T24754] FAULT_INJECTION: forcing a failure. [ 4238.458238][T24754] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 4238.462205][T24754] CPU: 0 UID: 0 PID: 24754 Comm: syz.0.7440 Not tainted syzkaller #0 PREEMPT [ 4238.462411][T24754] Hardware name: linux,dummy-virt (DT) [ 4238.462478][T24754] Call trace: [ 4238.462530][T24754] show_stack+0x18/0x24 (C) [ 4238.462678][T24754] dump_stack_lvl+0x78/0x90 [ 4238.462812][T24754] dump_stack+0x18/0x24 [ 4238.462944][T24754] should_fail_ex+0x1dc/0x234 [ 4238.463074][T24754] should_fail+0x14/0x24 [ 4238.463395][T24754] should_fail_usercopy+0x1c/0x28 [ 4238.463599][T24754] simple_read_from_buffer+0x5c/0x138 [ 4238.463854][T24754] proc_fail_nth_read+0xac/0x134 [ 4238.464035][T24754] vfs_read+0xc0/0x318 [ 4238.464192][T24754] ksys_read+0x6c/0x100 [ 4238.464378][T24754] __arm64_sys_read+0x1c/0x28 [ 4238.464533][T24754] invoke_syscall+0x48/0x110 [ 4238.464692][T24754] el0_svc_common.constprop.0+0x40/0xe0 [ 4238.464849][T24754] do_el0_svc+0x1c/0x28 [ 4238.465000][T24754] el0_svc+0x34/0x10c [ 4238.465127][T24754] el0t_64_sync_handler+0xa0/0xe4 [ 4238.465256][T24754] el0t_64_sync+0x1a4/0x1a8 [ 4238.713277][T24758] 8021q: VLANs not supported on ipvlan1 [ 4241.230641][T24808] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7460'. [ 4246.959058][ C0] vkms_vblank_simulate: vblank timer overrun [ 4254.163575][T23484] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4254.221217][T23484] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4254.256826][T23484] bond0 (unregistering): Released all slaves [ 4254.547553][T23484] hsr_slave_0: left promiscuous mode [ 4254.555182][T23484] hsr_slave_1: left promiscuous mode [ 4260.632352][T24934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 4260.678326][T24934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 4261.520053][T25016] netlink: 'syz.1.7517': attribute type 2 has an invalid length. [ 4261.524398][T25016] netlink: 'syz.1.7517': attribute type 8 has an invalid length. [ 4261.570817][T25016] netlink: 'syz.1.7517': attribute type 9 has an invalid length. [ 4261.571352][T25016] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7517'. [ 4263.531828][T24934] hsr_slave_0: entered promiscuous mode [ 4263.543450][T24934] hsr_slave_1: entered promiscuous mode [ 4263.552694][T24934] debugfs: 'hsr0' already exists in 'hsr' [ 4263.553244][T24934] Cannot create hsr debugfs directory [ 4264.708306][T25058] netlink: 'syz.1.7529': attribute type 1 has an invalid length. [ 4264.711178][T25058] netlink: 'syz.1.7529': attribute type 3 has an invalid length. [ 4264.713244][T25058] netlink: 132 bytes leftover after parsing attributes in process `syz.1.7529'. [ 4266.488041][T25076] ================================================================== [ 4266.492010][T25076] BUG: KASAN: invalid-access in __memcpy+0xc/0x54 [ 4266.494244][T25076] Write at addr f9ff8000833cd6e0 by task syz.1.7533/25076 [ 4266.494790][T25076] Pointer tag: [f9], memory tag: [fe] [ 4266.494922][T25076] [ 4266.495655][T25076] CPU: 1 UID: 0 PID: 25076 Comm: syz.1.7533 Not tainted syzkaller #0 PREEMPT [ 4266.496149][T25076] Hardware name: linux,dummy-virt (DT) [ 4266.496494][T25076] Call trace: [ 4266.496854][T25076] show_stack+0x18/0x24 (C) [ 4266.497250][T25076] dump_stack_lvl+0x78/0x90 [ 4266.497494][T25076] print_report+0x108/0x61c [ 4266.497716][T25076] kasan_report+0x88/0xac SYZFAIL: failed to recv rpc [ 4266.497927][T25076] __do_kernel_fault+0x170/0x1c8 [ 4266.498179][T25076] do_bad_area+0x68/0x78 [ 4266.498391][T25076] do_tag_check_fault+0x34/0x44 [ 4266.498766][T25076] do_mem_abort+0x44/0x94 [ 4266.498985][T25076] el1_abort+0x44/0x68 [ 4266.499218][T25076] el1h_64_sync_handler+0x50/0xac [ 4266.499436][T25076] el1h_64_sync+0x6c/0x70 [ 4266.499741][T25076] __memcpy+0xc/0x54 (P) [ 4266.499932][T25076] do_misc_fixups+0x174/0x1aac [ 4266.500107][T25076] bpf_check+0x1348/0x2a24 [ 4266.500295][T25076] bpf_prog_load+0x63c/0xcd4 [ 4266.500491][T25076] __sys_bpf+0x2e0/0x1a88 [ 4266.500720][T25076] __arm64_sys_bpf+0x24/0x34 [ 4266.500911][T25076] invoke_syscall+0x48/0x110 [ 4266.501134][T25076] el0_svc_common.constprop.0+0x40/0xe0 [ 4266.501331][T25076] do_el0_svc+0x1c/0x28 [ 4266.501518][T25076] el0_svc+0x34/0x10c [ 4266.501698][T25076] el0t_64_sync_handler+0xa0/0xe4 [ 4266.501884][T25076] el0t_64_sync+0x1a4/0x1a8 [ 4266.502308][T25076] [ 4266.502554][T25076] The buggy address belongs to a 1-page vmalloc region starting at 0xf9ff8000833cd000 allocated at bpf_check+0x8c/0x2a24 [ 4266.504207][T25076] The buggy address belongs to the physical page: [ 4266.504684][T25076] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xf0f0000007f0e990 pfn:0x47f0e [ 4266.505145][T25076] flags: 0x1ffd80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x6) [ 4266.506201][T25076] raw: 01ffd80000000000 0000000000000000 dead000000000122 0000000000000000 [ 4266.506369][T25076] raw: f0f0000007f0e990 0000000000000000 00000001ffffffff 0000000000000000 [ 4266.506567][T25076] page dumped because: kasan: bad access detected [ 4266.506669][T25076] [ 4266.506745][T25076] Memory state around the buggy address: [ 4266.507063][T25076] ffff8000833cd400: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 4266.507258][T25076] ffff8000833cd500: f9 f9 f9 f9 f9 f9 f9 f9 fe fe fe fe fe fe fe fe [ 4266.507418][T25076] >ffff8000833cd600: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4266.507563][T25076] ^ [ 4266.507872][T25076] ffff8000833cd700: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4266.507985][T25076] ffff8000833cd800: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 4266.508133][T25076] ================================================================== [ 4266.510210][T25076] Disabling lock debugging due to kernel taint fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 4266.756675][T24934] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 4266.824389][T24934] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 4266.884234][T24934] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 4267.728033][T23490] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4267.826578][T23490] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4267.942235][T23490] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4268.016858][T23490] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 4269.480795][T23490] dvmrp1 (unregistering): left allmulticast mode [ 4269.652701][T23490] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4269.714852][T23490] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4269.761674][T23490] bond0 (unregistering): Released all slaves [ 4270.070698][T23490] hsr_slave_0: left promiscuous mode [ 4270.076521][T23490] hsr_slave_1: left promiscuous mode [ 4270.114657][T23490] veth1_macvtap: left promiscuous mode [ 4270.115449][T23490] veth0_macvtap: left promiscuous mode [ 4270.116177][T23490] veth1_vlan: left promiscuous mode [ 4270.116531][T23490] veth0_vlan: left promiscuous mode [ 4273.256501][T23490] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 4273.344611][T23490] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 4273.401452][T23490] bond0 (unregistering): Released all slaves [ 4273.596777][T23490] hsr_slave_0: left promiscuous mode [ 4273.606232][T23490] hsr_slave_1: left promiscuous mode VM DIAGNOSIS: 13:10:19 Registers: info registers vcpu 0 CPU#0 PC=ffff800081b11fac X00=ffff800081b11fa8 X01=f2f0000006062580 X02=fff07ffffcfd3000 X03=0000000000000cee X04=0000000000000000 X05=0000000000000000 X06=f2f0000006786400 X07=fdf00000030e3800 X08=0000000000000400 X09=0000000000000001 X10=000000000000019a X11=fff000007f8d6a40 X12=0000000000000006 X13=0000000000000001 X14=000000000000019a X15=ffff800081b63e30 X16=ffff800082ce8000 X17=fff07ffffcfd3000 X18=00000000b2d557fd X19=0000000000000000 X20=ffff800082a31688 X21=ffff800082a31680 X22=0000000000000004 X23=0000000000000004 X24=ffff800082a31688 X25=0000000000000028 X26=0000000000000000 X27=fff07ffffcfd3000 X28=f8f00000088c3d00 X29=ffff800082ceb510 X30=ffff80008017f9b0 SP=ffff800082ceb510 PSTATE=404020c9 -Z-- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2f2f2f2f2f2f2f2f:2f2f2f2f2f2f2f2f Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:665f65676e006d72:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000cc0000:cccccccccccccccc Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3333333333333333:3333333333333333 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000c00cccccccc Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffff90dd2a98:0000000000000000 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffff566c7c0:0000fffff566c7c0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffc8:0000fffff566c780 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff800081b11fac X00=ffff800081b11fa8 X01=ffff800081423b08 X02=ffff80008c363d40 X03=fff000007f8e90a8 X04=ffff80008c363d40 X05=0000000000000000 X06=ffff800082abefe0 X07=0000000000000001 X08=7f7f7f7f7f7f7f7f X09=00000000000000c0 X10=0000000000000000 X11=ffff8000830ebe20 X12=ffff8000829ff3c0 X13=ffff8000830ebb8d X14=ffff8000830ebb98 X15=ffff8000830eba00 X16=ffff800082cf0000 X17=fff07ffffcfec000 X18=00000000ffffffff X19=ffff800082c24c80 X20=000003e1416a2400 X21=00000000000cfacc X22=fff000007f8e8b60 X23=ffff8000830ebc40 X24=000003e154837b82 X25=00000000000000c0 X26=0000000000000001 X27=ffff8000801800e0 X28=0000000000000000 X29=ffff800082cf3e00 X30=ffff800081423b20 SP=ffff800082cf3e00 PSTATE=004020c9 ---- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2525252525252525:2525252525252525 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:65642f000a732520:7325207334362e25 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:206b736174207962:2030653664633333 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000ff0000ff00:00ff0000000000ff Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000f00f00f00000f Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:7962203065366463:3333383030303866 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3d3d3d3d3d3d3d3d:3d3d3d3d3d3d3d3d Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3d3d3d3d3d3d3d3d:3d3d3d3d3d3d3d3d Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffe2e4aa00:0000ffffe2e4aa00 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffe2e4a9d0 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000