syzkaller login: [ 489.807527][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 497.860567][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 497.902134][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 519.307054][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:47079' (ECDSA) to the list of known hosts. 1970/01/01 00:09:23 fuzzer started 1970/01/01 00:09:40 dialing manager at localhost:45141 [ 587.157931][ T2039] cgroup: Unknown subsys name 'net' [ 588.281555][ T2039] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:09:47 syscalls: 2827 1970/01/01 00:09:47 code coverage: enabled 1970/01/01 00:09:47 comparison tracing: enabled 1970/01/01 00:09:47 extra coverage: enabled 1970/01/01 00:09:47 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:09:47 setuid sandbox: enabled 1970/01/01 00:09:47 namespace sandbox: enabled 1970/01/01 00:09:48 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:09:48 fault injection: enabled 1970/01/01 00:09:48 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:09:48 net packet injection: enabled 1970/01/01 00:09:48 net device setup: enabled 1970/01/01 00:09:48 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:09:48 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:09:48 USB emulation: enabled 1970/01/01 00:09:48 hci packet injection: /dev/vhci does not exist 1970/01/01 00:09:48 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:09:48 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:09:48 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:09:54 fetching corpus: 50, signal 38603/41510 (executing program) 1970/01/01 00:09:59 fetching corpus: 98, signal 57533/61037 (executing program) 1970/01/01 00:10:02 fetching corpus: 147, signal 66471/70663 (executing program) 1970/01/01 00:10:07 fetching corpus: 196, signal 76309/80882 (executing program) 1970/01/01 00:10:10 fetching corpus: 246, signal 82178/87152 (executing program) 1970/01/01 00:10:13 fetching corpus: 296, signal 85920/91320 (executing program) 1970/01/01 00:10:16 fetching corpus: 346, signal 89753/95495 (executing program) 1970/01/01 00:10:19 fetching corpus: 396, signal 94164/100052 (executing program) 1970/01/01 00:10:21 fetching corpus: 446, signal 98093/104058 (executing program) 1970/01/01 00:10:26 fetching corpus: 496, signal 101403/107443 (executing program) 1970/01/01 00:10:29 fetching corpus: 546, signal 104495/110599 (executing program) 1970/01/01 00:10:33 fetching corpus: 596, signal 107629/113658 (executing program) 1970/01/01 00:10:36 fetching corpus: 646, signal 110411/116309 (executing program) 1970/01/01 00:10:39 fetching corpus: 695, signal 114871/120176 (executing program) 1970/01/01 00:10:41 fetching corpus: 745, signal 117536/122554 (executing program) 1970/01/01 00:10:44 fetching corpus: 794, signal 120405/124972 (executing program) 1970/01/01 00:10:47 fetching corpus: 844, signal 122282/126688 (executing program) 1970/01/01 00:10:50 fetching corpus: 894, signal 124202/128316 (executing program) 1970/01/01 00:10:53 fetching corpus: 944, signal 126868/130418 (executing program) 1970/01/01 00:10:57 fetching corpus: 994, signal 129359/132318 (executing program) 1970/01/01 00:11:00 fetching corpus: 1042, signal 131281/133731 (executing program) 1970/01/01 00:11:03 fetching corpus: 1092, signal 133947/135635 (executing program) 1970/01/01 00:11:05 fetching corpus: 1142, signal 135623/136844 (executing program) 1970/01/01 00:11:07 fetching corpus: 1174, signal 136909/137704 (executing program) 1970/01/01 00:11:07 fetching corpus: 1174, signal 136909/137736 (executing program) 1970/01/01 00:11:08 fetching corpus: 1175, signal 136964/137818 (executing program) 1970/01/01 00:11:08 fetching corpus: 1175, signal 136964/137857 (executing program) 1970/01/01 00:11:08 fetching corpus: 1175, signal 136964/137896 (executing program) 1970/01/01 00:11:08 fetching corpus: 1175, signal 136964/137927 (executing program) 1970/01/01 00:11:08 fetching corpus: 1175, signal 136964/137963 (executing program) 1970/01/01 00:11:08 fetching corpus: 1175, signal 136968/137990 (executing program) 1970/01/01 00:11:08 fetching corpus: 1175, signal 136968/138027 (executing program) 1970/01/01 00:11:09 fetching corpus: 1175, signal 136968/138070 (executing program) 1970/01/01 00:11:09 fetching corpus: 1175, signal 136968/138098 (executing program) 1970/01/01 00:11:09 fetching corpus: 1175, signal 136968/138131 (executing program) 1970/01/01 00:11:09 fetching corpus: 1175, signal 136968/138161 (executing program) 1970/01/01 00:11:09 fetching corpus: 1175, signal 136968/138212 (executing program) 1970/01/01 00:11:09 fetching corpus: 1175, signal 136968/138250 (executing program) 1970/01/01 00:11:10 fetching corpus: 1175, signal 136968/138280 (executing program) 1970/01/01 00:11:10 fetching corpus: 1175, signal 136968/138318 (executing program) 1970/01/01 00:11:10 fetching corpus: 1175, signal 136968/138356 (executing program) 1970/01/01 00:11:10 fetching corpus: 1175, signal 136968/138382 (executing program) 1970/01/01 00:11:10 fetching corpus: 1175, signal 136968/138427 (executing program) 1970/01/01 00:11:10 fetching corpus: 1175, signal 136968/138458 (executing program) 1970/01/01 00:11:11 fetching corpus: 1175, signal 136968/138494 (executing program) 1970/01/01 00:11:11 fetching corpus: 1175, signal 136968/138533 (executing program) 1970/01/01 00:11:11 fetching corpus: 1175, signal 136968/138564 (executing program) 1970/01/01 00:11:11 fetching corpus: 1175, signal 136968/138594 (executing program) 1970/01/01 00:11:11 fetching corpus: 1175, signal 136968/138636 (executing program) 1970/01/01 00:11:11 fetching corpus: 1175, signal 136968/138671 (executing program) 1970/01/01 00:11:11 fetching corpus: 1175, signal 136968/138699 (executing program) 1970/01/01 00:11:12 fetching corpus: 1175, signal 136968/138741 (executing program) 1970/01/01 00:11:12 fetching corpus: 1175, signal 136968/138776 (executing program) 1970/01/01 00:11:12 fetching corpus: 1175, signal 136968/138812 (executing program) 1970/01/01 00:11:12 fetching corpus: 1175, signal 136968/138846 (executing program) 1970/01/01 00:11:12 fetching corpus: 1175, signal 136968/138879 (executing program) 1970/01/01 00:11:12 fetching corpus: 1175, signal 136968/138923 (executing program) 1970/01/01 00:11:12 fetching corpus: 1175, signal 136968/138949 (executing program) 1970/01/01 00:11:12 fetching corpus: 1175, signal 136968/138979 (executing program) 1970/01/01 00:11:13 fetching corpus: 1175, signal 136968/139007 (executing program) 1970/01/01 00:11:13 fetching corpus: 1175, signal 136968/139030 (executing program) 1970/01/01 00:11:13 fetching corpus: 1175, signal 136968/139062 (executing program) 1970/01/01 00:11:13 fetching corpus: 1175, signal 136968/139093 (executing program) 1970/01/01 00:11:13 fetching corpus: 1175, signal 136968/139122 (executing program) 1970/01/01 00:11:13 fetching corpus: 1175, signal 136968/139158 (executing program) 1970/01/01 00:11:13 fetching corpus: 1175, signal 136968/139198 (executing program) 1970/01/01 00:11:13 fetching corpus: 1175, signal 136968/139234 (executing program) 1970/01/01 00:11:14 fetching corpus: 1175, signal 136968/139259 (executing program) 1970/01/01 00:11:14 fetching corpus: 1175, signal 136968/139272 (executing program) 1970/01/01 00:11:14 fetching corpus: 1175, signal 136968/139272 (executing program) 1970/01/01 00:13:02 starting 2 fuzzer processes 00:13:02 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001500), 0x0, 0x0) ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000001540)) 00:13:02 executing program 1: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@array={0x0, 0x0, 0x0, 0x2, 0x0, {0x0, 0x3000000}}]}}, &(0x7f0000000180)=""/237, 0x32, 0xed, 0x1}, 0x20) [ 808.356571][ T2046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 808.450528][ T2046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 810.395858][ T2044] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 810.756929][ T2044] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 822.493101][ T2046] device hsr_slave_0 entered promiscuous mode [ 822.538580][ T2046] device hsr_slave_1 entered promiscuous mode [ 823.661006][ T2044] device hsr_slave_0 entered promiscuous mode [ 823.687944][ T2044] device hsr_slave_1 entered promiscuous mode [ 823.707146][ T2044] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 823.710349][ T2044] Cannot create hsr debugfs directory [ 832.661671][ T2046] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 832.850203][ T2046] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 832.932873][ T2046] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 833.217905][ T2046] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 834.771863][ T2044] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 835.336846][ T2044] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 835.546683][ T2044] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 835.701171][ T2044] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 844.700939][ T2046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 845.870821][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 845.969001][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 847.011064][ T2044] 8021q: adding VLAN 0 to HW filter on device bond0 [ 847.347500][ T2012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 847.447631][ T2012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 853.061684][ T2012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 853.108970][ T2012] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 853.912980][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 853.969255][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 854.002346][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 854.029665][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 854.631182][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 854.701181][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 855.271595][ T2046] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 855.348968][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 855.843168][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 855.883190][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 855.908395][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 855.965907][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 855.986822][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 856.006547][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 856.026925][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 856.318460][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 856.792737][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 856.799741][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 857.500324][ T2044] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 857.501741][ T2044] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 857.659230][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 857.699402][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 857.751757][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 857.797516][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 857.937371][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 858.850760][ T2012] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 858.856647][ T2012] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 878.088612][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 878.188527][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 879.310707][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 879.382581][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 885.667620][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 885.720388][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 885.908450][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 885.950713][ T2420] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 886.009669][ T2046] device veth0_vlan entered promiscuous mode [ 886.555474][ T2046] device veth1_vlan entered promiscuous mode [ 887.452465][ T2012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 887.499514][ T2012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 887.627327][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 887.661569][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 887.887931][ T2044] device veth0_vlan entered promiscuous mode [ 888.621132][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 888.666997][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 888.751426][ T2044] device veth1_vlan entered promiscuous mode [ 889.019571][ T2046] device veth0_macvtap entered promiscuous mode [ 889.530207][ T2046] device veth1_macvtap entered promiscuous mode [ 890.511329][ T2012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 890.569738][ T2012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 890.760991][ T2044] device veth0_macvtap entered promiscuous mode [ 890.925759][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 890.950695][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 890.971409][ T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 891.240634][ T2044] device veth1_macvtap entered promiscuous mode [ 891.536669][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 891.582032][ T2040] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 891.985098][ T2046] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.987801][ T2046] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.989087][ T2046] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 891.990299][ T2046] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 892.880495][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 892.909538][ T829] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 893.253161][ T2012] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 893.302924][ T2012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 893.949852][ T2044] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 893.951196][ T2044] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 893.952412][ T2044] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 893.966612][ T2044] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:15:00 executing program 1: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@array={0x0, 0x0, 0x0, 0x2, 0x0, {0x0, 0x3000000}}]}}, &(0x7f0000000180)=""/237, 0x32, 0xed, 0x1}, 0x20) 00:15:01 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001500), 0x0, 0x0) ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000001540)) 00:15:04 executing program 1: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@array={0x0, 0x0, 0x0, 0x2, 0x0, {0x0, 0x3000000}}]}}, &(0x7f0000000180)=""/237, 0x32, 0xed, 0x1}, 0x20) 00:15:04 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001500), 0x0, 0x0) ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000001540)) 00:15:07 executing program 1: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@array={0x0, 0x0, 0x0, 0x2, 0x0, {0x0, 0x3000000}}]}}, &(0x7f0000000180)=""/237, 0x32, 0xed, 0x1}, 0x20) 00:15:08 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001500), 0x0, 0x0) ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000001540)) 00:15:11 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000002c0)={r2, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000380)=0x90) 00:15:13 executing program 0: syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}}}]}}]}}, 0x0) 00:15:14 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000002c0)={r2, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000380)=0x90) [ 916.889529][ T829] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 917.587974][ T829] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 917.592834][ T829] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 917.615002][ T829] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 917.616404][ T829] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 917.617681][ T829] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 917.782337][ T829] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 917.794712][ T829] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 917.795966][ T829] usb 1-1: SerialNumber: syz [ 918.587988][ T829] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 918.591645][ T829] CPU: 0 PID: 829 Comm: kworker/0:2 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 918.595241][ T829] Hardware name: riscv-virtio,qemu (DT) [ 918.597432][ T829] Workqueue: usb_hub_wq hub_event [ 918.599338][ T829] Call Trace: [ 918.600630][ T829] [] dump_backtrace+0x2e/0x3c [ 918.602357][ T829] [] show_stack+0x34/0x40 [ 918.604367][ T829] [] dump_stack_lvl+0xe4/0x150 [ 918.606069][ T829] [] dump_stack+0x1c/0x24 [ 918.608276][ T829] [] panic+0x24a/0x634 [ 918.609792][ T829] [] schedule+0x0/0x14c [ 918.611919][ T829] [] preempt_schedule_common+0x4e/0xde [ 918.613876][ T829] [] preempt_schedule+0x34/0x36 [ 918.616138][ T829] [] __kernfs_new_node+0x5e8/0x5f2 [ 918.617791][ T829] [] kernfs_new_node+0x66/0xbe [ 918.619226][ T829] [] kernfs_create_link+0x78/0x142 [ 918.620769][ T829] [] sysfs_do_create_link_sd+0x84/0x12a [ 918.622330][ T829] [] sysfs_create_link+0x52/0x92 [ 918.624382][ T829] [] driver_sysfs_add+0x96/0x14c [ 918.626463][ T829] [] really_probe+0x102/0x89e [ 918.627917][ T829] [] __driver_probe_device+0x24a/0x2d4 [ 918.629448][ T829] [] driver_probe_device+0x60/0x1a4 [ 918.630967][ T829] [] __device_attach_driver+0x17c/0x224 [ 918.632550][ T829] [] bus_for_each_drv+0x132/0x1a6 [ 918.634385][ T829] [] __device_attach+0x1e0/0x372 [ 918.635918][ T829] [] device_initial_probe+0x1c/0x26 [ 918.637444][ T829] [] bus_probe_device+0x144/0x154 [ 918.638837][ T829] [] device_add+0x91e/0x129e [ 918.640369][ T829] [] usb_set_configuration+0xafe/0xf6a [ 918.641856][ T829] [] usb_generic_driver_probe+0xb2/0x122 [ 918.643600][ T829] [] usb_probe_device+0xa8/0x204 [ 918.645730][ T829] [] really_probe+0x1a6/0x89e [ 918.647167][ T829] [] __driver_probe_device+0x24a/0x2d4 [ 918.648647][ T829] [] driver_probe_device+0x60/0x1a4 [ 918.650221][ T829] [] __device_attach_driver+0x17c/0x224 [ 918.651866][ T829] [] bus_for_each_drv+0x132/0x1a6 [ 918.653590][ T829] [] __device_attach+0x1e0/0x372 [ 918.655625][ T829] [] device_initial_probe+0x1c/0x26 [ 918.657147][ T829] [] bus_probe_device+0x144/0x154 [ 918.658635][ T829] [] device_add+0x91e/0x129e [ 918.660269][ T829] [] usb_new_device+0x5c8/0xd78 [ 918.662649][ T829] [] hub_event+0x1b3e/0x3364 [ 918.664897][ T829] [] process_one_work+0x654/0xffe [ 918.666509][ T829] [] worker_thread+0x360/0x8fa [ 918.668012][ T829] [] kthread+0x19e/0x1fa [ 918.669568][ T829] [] ret_from_exception+0x0/0x10 [ 918.671830][ T829] SMP: stopping secondary CPUs [ 918.675278][ T829] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:01:01 Registers: info registers vcpu 0 pc ffffffff80dc15ca mhartid 0000000000000000 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc ffffffff800bdb3e mcause 0000000000000009 scause 8000000000000009 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc15ca x2/sp ffffaf800e38a330 x3/gp ffffffff85863ac0 x4/tp ffffaf800e373080 x5/t0 ffffffff86bcb657 x6/t1 9088126b5a617b00 x7/t2 0000000000000000 x8/s0 ffffaf800e38a350 x9/s1 ffffffff86e58900 x10/a0 ffff8f800066c005 x11/a1 0000000000000007 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc15ca x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc2ca x18/s2 0000000000000005 x19/s3 0000000000002710 x20/s4 0000000000000020 x21/s5 ffffffff86e58b98 x22/s6 ffffffff86e58950 x23/s7 ffffffff86bcb6b1 x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001c7141c x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 414fffffe0000000 f3/ft3 43e0000000000000 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc 000000008000060c mhartid 0000000000000001 mstatus 0000000000004820 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff800055d4 sepc 00007fffa3a3029c mcause 8000000000000007 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra 00007fffa3d74220 x2/sp 0000000080016ee8 x3/gp 00007fffa3dc7a68 x4/tp 00007fffa39a26c8 x5/t0 ffffffff800055d4 x6/t1 00007fffa3d2eebc x7/t2 00000000331eee86 x8/s0 00007ffff16f2450 x9/s1 00007fffa3dc7e60 x10/a0 0000000000000007 x11/a1 00007ffff16f2450 x12/a2 00007fffce3e9f30 x13/a3 0000000000000000 x14/a4 00007ffff16f2460 x15/a5 0000000000000000 x16/a6 00000000000f423f x17/a7 0000000000000071 x18/s2 0000000000000000 x19/s3 0000000000000010 x20/s4 0000000000000000 x21/s5 0000000000000004 x22/s6 0000000000000010 x23/s7 00007fffa3dcac48 x24/s8 ffffffffffffffff x25/s9 0000000000000000 x26/s10 0000000000000001 x27/s11 0000000000000001 x28/t3 00007fffa3a3028c x29/t4 0000000000000018 x30/t5 0000000000000028 x31/t6 47769f0000000000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000