last executing test programs: 2.807714114s ago: executing program 0 (id=1026): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) munmap(&(0x7f000000f000/0x2000)=nil, 0x2000) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, 0x930, 0x280000f, 0x11, r2, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r3, 0x20, &(0x7f0000000080)="fb0149dd033be3ac2cc4a29ea6abf4e7454e37c4b85400005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa76c869d22627e700", 0x0, 0x29) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r2, 0x0) r4 = eventfd2(0x0, 0x0) close(r4) openat$kvm(0xffffff9c, &(0x7f0000000040), 0x1a17f2, 0x0) write$eventfd(r4, &(0x7f0000000180)=0x5, 0xfffffde3) 2.330387869s ago: executing program 1 (id=1028): openat$kvm(0xffffffffffffff9c, 0x0, 0x709900, 0x0) syz_kvm_add_vcpu(0x0, 0x0, &(0x7f0000000b00)=[@featur2={0x1, 0x4a}], 0x1) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4020ae46, 0x0) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0x80111500, 0x20000000) mmap$KVM_VCPU(&(0x7f0000000000/0x14000)=nil, 0x930, 0x0, 0x5c1fd1b656592f1, 0xffffffffffffffff, 0x0) mmap$KVM_VCPU(&(0x7f0000001000/0x2000)=nil, 0x930, 0x2000003, 0x4120932, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r3, 0x541b, 0x20000000) r4 = syz_kvm_setup_syzos_vm(r2) syz_kvm_setup_syzos_vm(0xffffffffffffffff) eventfd2(0x0, 0x80001) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r2, 0x7, 0x120) r5 = syz_kvm_add_vcpu(r4, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = syz_kvm_add_vcpu(r4, &(0x7f0000000100)={0x0, 0x0}, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1}) ioctl$KVM_RUN(r5, 0xae80, 0x0) syz_kvm_add_vcpu(0x0, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000500)=[@featur1={0x1, 0x8}], 0x1) 2.330101249s ago: executing program 0 (id=1029): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x8, 0x4f832, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r2, 0x4020aeae, &(0x7f0000000080)={0x5, 0x3}) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f00000001c0)=@arm64_core={0x6030000000100042, &(0x7f0000000000)=0xffffffff8000001b}) 1.983551009s ago: executing program 0 (id=1030): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x0, 0x4f831, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x44000, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0x40086602, 0x20000000) r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x400100, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r4, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0400000000000000400000000000000053000084000000585f0000000000000009"], 0xfd84}], 0x1, 0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_DEVICE_ATTR_vm(r5, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)={0x4, 0x8, 0x2}}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r7, 0x4020aed2, &(0x7f0000000380)={0xdddd0000, 0x10000}) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x300000c, 0x4f832, 0xffffffffffffffff, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r10, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_GET_ONE_REG(r10, 0x4010aeab, &(0x7f0000000100)=@arm64_core={0x603000000010000e, &(0x7f0000000180)=0x10000}) syz_kvm_vgic_v3_setup(r7, 0x4, 0x40) ioctl$KVM_GET_IRQCHIP(r7, 0xc208ae62, &(0x7f0000000400)={0x0, 0x0, @ioapic}) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) close(0x3) eventfd2(0x0, 0x80000) 1.749535437s ago: executing program 1 (id=1031): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x60100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r3, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) ioctl$KVM_GET_ONE_REG(r3, 0x4010aeab, &(0x7f0000000200)=@arm64_fp={0x6040000000100078, &(0x7f00000001c0)=0x5}) 1.438152706s ago: executing program 0 (id=1032): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x40) r2 = eventfd2(0x0, 0x0) r3 = eventfd2(0x0, 0x1) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000002c0)={r2, 0x1, 0x2, r3}) r4 = eventfd2(0x0, 0x80801) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r4, 0x1, 0x2, r3}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000180)={r2, 0x800, 0x3, r3}) 1.252555371s ago: executing program 1 (id=1033): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x0) r3 = eventfd2(0x0, 0x801) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x8, 0xf000, 0x2, r3, 0x2}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x1, r2, 0x1}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x10000001000, 0x0, 0x1, r2, 0x5}) 989.47052ms ago: executing program 1 (id=1034): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xae) 922.174662ms ago: executing program 0 (id=1035): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x1, r2, 0x1}) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x7f, 0x6000, 0x4, r2, 0x2}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x1000, 0x0, 0x1, r2, 0x5}) 531.540264ms ago: executing program 1 (id=1036): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x18b400, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, 0x0, 0x18}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4208ae9b, &(0x7f0000000180)={0x3, 0x0, [0x2, 0x81, 0x22, 0x5, 0x6, 0x8, 0x18ac9062, 0x80]}) syz_kvm_vgic_v3_setup(r1, 0x1, 0x80) ioctl$KVM_RUN(r2, 0xae80, 0x0) 450.036156ms ago: executing program 0 (id=1037): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$arm64(r1, r2, &(0x7f0000e8a000/0x18000)=nil, &(0x7f0000000080)=[{0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}], 0x1, 0x0, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x100) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000140)=@arm64={0x28, 0x7, 0x2, '\x00', 0x694}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 1 (id=1038): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_vgic_v3_setup(r1, 0x1, 0x40) r2 = eventfd2(0x0, 0x0) r3 = eventfd2(0x0, 0x1) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000002c0)={r2, 0x1, 0x2, r3}) r4 = eventfd2(0x0, 0x801) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r4, 0x1, 0x2, r3}) close(0x4) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:10451' (ED25519) to the list of known hosts. syzkaller login: [ 124.461622][ T3265] cgroup: Unknown subsys name 'net' [ 124.835971][ T3265] cgroup: Unknown subsys name 'cpuset' [ 124.876887][ T3265] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 125.807857][ T3265] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 135.925120][ T3271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 136.027909][ T3271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 136.186004][ T3270] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 136.286472][ T3270] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 137.998815][ T3271] hsr_slave_0: entered promiscuous mode [ 138.068465][ T3271] hsr_slave_1: entered promiscuous mode [ 138.510978][ T3270] hsr_slave_0: entered promiscuous mode [ 138.567821][ T3270] hsr_slave_1: entered promiscuous mode [ 138.625968][ T3270] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 138.627607][ T3270] Cannot create hsr debugfs directory [ 139.908332][ T3271] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 139.948241][ T3271] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 139.982902][ T3271] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 140.020952][ T3271] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 140.257670][ T3270] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 140.291377][ T3270] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 140.316591][ T3270] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 140.348091][ T3270] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 142.132474][ T3271] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.346326][ T3270] 8021q: adding VLAN 0 to HW filter on device bond0 [ 148.741575][ T3270] veth0_vlan: entered promiscuous mode [ 148.802310][ T3270] veth1_vlan: entered promiscuous mode [ 148.984483][ T3270] veth0_macvtap: entered promiscuous mode [ 149.027384][ T3270] veth1_macvtap: entered promiscuous mode [ 149.306928][ T3270] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.308493][ T3270] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.309772][ T3270] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.310981][ T3270] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 149.771443][ T3271] veth0_vlan: entered promiscuous mode [ 149.870541][ T3271] veth1_vlan: entered promiscuous mode [ 149.981669][ T3270] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 150.175653][ T3271] veth0_macvtap: entered promiscuous mode [ 150.209501][ T3271] veth1_macvtap: entered promiscuous mode [ 150.391113][ T3271] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.392602][ T3271] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.395523][ T3271] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.396995][ T3271] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.361963][ T3424] vcan1: entered promiscuous mode [ 163.363167][ T3424] vcan1: entered allmulticast mode [ 167.292639][ T3431] Zero length message leads to an empty skb [ 169.313526][ T3436] xt_nat: multiple ranges no longer supported [ 174.481628][ C1] vkms_vblank_simulate: vblank timer overrun [ 176.874083][ C1] vkms_vblank_simulate: vblank timer overrun [ 187.363196][ T3465] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 199.636224][ T3496] snd_dummy snd_dummy.0: control 6:2047:7:syz0:255 is already present [ 202.061621][ T3521] netlink: 16 bytes leftover after parsing attributes in process `syz.1.38'. [ 202.526964][ T3525] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.37'. [ 202.530828][ T3520] netlink: 4083 bytes leftover after parsing attributes in process `syz.0.37'. [ 213.877569][ T3591] syz.1.62 uses obsolete (PF_INET,SOCK_PACKET) [ 215.150037][ T3602] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 223.772483][ T3623] netlink: 16 bytes leftover after parsing attributes in process `syz.0.75'. [ 223.785022][ T3623] netlink: 52 bytes leftover after parsing attributes in process `syz.0.75'. [ 223.786368][ T3623] netlink: 24 bytes leftover after parsing attributes in process `syz.0.75'. [ 223.788593][ T3623] vlan0: entered allmulticast mode [ 223.789797][ T3623] veth0_vlan: entered allmulticast mode [ 231.048854][ T3642] sch_tbf: burst 0 is lower than device veth0_to_team mtu (1514) ! [ 234.542676][ T3651] netlink: 32 bytes leftover after parsing attributes in process `syz.0.85'. [ 234.553681][ T3651] netlink: 32 bytes leftover after parsing attributes in process `syz.0.85'. [ 239.805042][ T3681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 239.807537][ T3681] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 240.195678][ T3684] netlink: 8 bytes leftover after parsing attributes in process `syz.1.97'. [ 248.203259][ T3703] netlink: 8 bytes leftover after parsing attributes in process `syz.0.102'. [ 248.207942][ T3703] netlink: 24 bytes leftover after parsing attributes in process `syz.0.102'. [ 248.392695][ T3703] gtp0: entered promiscuous mode [ 248.401536][ T3703] gtp0: entered allmulticast mode [ 254.673248][ T3722] netlink: 8 bytes leftover after parsing attributes in process `syz.1.110'. [ 254.890829][ T3725] netlink: 8 bytes leftover after parsing attributes in process `syz.1.111'. [ 259.745388][ T30] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 261.954776][ T30] usb 1-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 261.956950][ T30] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 261.958240][ T30] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.334687][ T3416] usb 1-1: USB disconnect, device number 2 [ 275.402736][ T3752] tmpfs: Bad value for 'mpol' [ 275.845084][ T3754] netlink: 56 bytes leftover after parsing attributes in process `syz.1.117'. [ 286.478693][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.481686][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.482664][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.483584][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.485817][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.486735][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.487544][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.488369][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.489244][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.490226][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.502912][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.504634][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.505534][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.506363][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.507365][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.508268][ T3416] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 286.527849][ T3416] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz1 [ 290.683593][ T3839] capability: warning: `syz.0.144' uses 32-bit capabilities (legacy support in use) [ 291.583588][ T3849] netlink: 8 bytes leftover after parsing attributes in process `syz.0.149'. [ 292.210595][ T3857] netlink: 16 bytes leftover after parsing attributes in process `syz.0.153'. [ 292.211932][ T3857] netlink: 32 bytes leftover after parsing attributes in process `syz.0.153'. [ 300.198064][ T3334] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 300.220323][ T3334] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 338.588771][ T4002] vlan2: entered promiscuous mode [ 338.589631][ T4002] vlan2: entered allmulticast mode [ 340.030807][ T4016] trusted_key: syz.0.203 sent an empty control message without MSG_MORE. [ 349.299534][ T4049] loop6: detected capacity change from 0 to 1 [ 350.121750][ C0] hrtimer: interrupt took 76800480 ns [ 384.056534][ T4164] netlink: 4 bytes leftover after parsing attributes in process `syz.1.244'. [ 394.438666][ T4210] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 394.439998][ T4210] IPv6: NLM_F_CREATE should be set when creating new route [ 423.932290][ T4300] process 'syz.0.293' launched './file2' with NULL argv: empty string added [ 424.534776][ T3416] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 424.685632][ T3416] usb 1-1: Using ep0 maxpacket: 32 [ 424.702677][ T3416] usb 1-1: config 0 has an invalid interface number: 235 but max is 0 [ 424.704787][ T3416] usb 1-1: config 0 has no interface number 0 [ 424.732542][ T3416] usb 1-1: New USB device found, idVendor=085a, idProduct=0009, bcdDevice=a3.47 [ 424.733864][ T3416] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.736331][ T3416] usb 1-1: Product: syz [ 424.737251][ T3416] usb 1-1: Manufacturer: syz [ 424.738269][ T3416] usb 1-1: SerialNumber: syz [ 424.761148][ T3416] usb 1-1: config 0 descriptor?? [ 425.027253][ T3416] kaweth 1-1:0.235: Firmware present in device. [ 425.030567][ T3416] kaweth 1-1:0.235: Error reading configuration (-71), no net device created [ 425.032577][ T3416] kaweth 1-1:0.235: probe with driver kaweth failed with error -5 [ 425.052497][ T3416] usb 1-1: USB disconnect, device number 3 [ 427.449696][ T4315] netlink: 'syz.0.295': attribute type 10 has an invalid length. [ 427.452298][ T4315] netlink: 40 bytes leftover after parsing attributes in process `syz.0.295'. [ 427.501140][ T4315] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check. [ 455.235911][ T9] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 455.411063][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 455.412786][ T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 455.413766][ T9] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 455.428392][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.439420][ T9] usb 1-1: config 0 descriptor?? [ 455.684811][ T25] usb 1-1: USB disconnect, device number 4 [ 456.568023][ T4414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 456.571122][ T4414] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 472.515054][ T4456] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 472.518356][ T4456] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 476.388024][ T4476] Process accounting resumed [ 477.568161][ T4489] trusted_key: encrypted_key: keylen parameter is missing [ 479.797987][ T3334] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 481.814765][ T3334] usb 1-1: Using ep0 maxpacket: 32 [ 481.833810][ T3334] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 481.835344][ T3334] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 481.836302][ T3334] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 481.837022][ T3334] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.853781][ T3334] usb 1-1: config 0 descriptor?? [ 482.816441][ T3334] ft260 0003:0403:6030.0003: item fetching failed at offset 0/2 [ 482.819210][ T3334] ft260 0003:0403:6030.0003: failed to parse HID [ 482.820783][ T3334] ft260 0003:0403:6030.0003: probe with driver ft260 failed with error -22 [ 483.010931][ T1879] usb 1-1: USB disconnect, device number 5 [ 483.323194][ T4498] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 519.659229][ T4602] xt_l2tp: invalid flags combination: c [ 534.196105][ T29] audit: type=1326 audit(533.870:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4630 comm="syz.0.391" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8734a068 code=0x7ffc0000 [ 534.207738][ T29] audit: type=1326 audit(533.890:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4630 comm="syz.0.391" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8734a068 code=0x7ffc0000 [ 534.238096][ T29] audit: type=1326 audit(533.910:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4630 comm="syz.0.391" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8734a068 code=0x7ffc0000 [ 534.241947][ T29] audit: type=1326 audit(533.910:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4630 comm="syz.0.391" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff8734a068 code=0x7ffc0000 [ 534.290685][ T29] audit: type=1326 audit(533.940:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4630 comm="syz.0.391" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8734a068 code=0x7ffc0000 [ 534.292736][ T29] audit: type=1326 audit(533.960:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4630 comm="syz.0.391" exe="/syz-executor" sig=0 arch=c00000b7 syscall=443 compat=0 ip=0xffff8734a068 code=0x7ffc0000 [ 534.326179][ T29] audit: type=1326 audit(533.960:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4630 comm="syz.0.391" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8734a068 code=0x7ffc0000 [ 535.725729][ T4639] netlink: 24 bytes leftover after parsing attributes in process `syz.0.394'. [ 535.733821][ T4639] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 537.578198][ T4644] binder: 4643:4644 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 537.580217][ T4644] binder: 4644 RLIMIT_NICE not set [ 538.083659][ T4646] binder: 4643:4646 tried to acquire reference to desc 0, got 1 instead [ 538.106536][ T4646] binder: 4643:4646 got reply transaction with no transaction stack [ 538.107749][ T4646] binder: 4643:4646 transaction reply to 0:0 failed 6/29201/-71, size 0-0 line 3046 [ 538.110321][ T4644] binder: 4644 RLIMIT_NICE not set [ 538.142145][ T4496] binder: release 4643:4646 transaction 5 out, still active [ 538.143475][ T4496] binder: undelivered TRANSACTION_COMPLETE [ 538.183561][ T4496] binder: release 4643:4644 transaction 5 in, still active [ 538.186086][ T4496] binder: send failed reply for transaction 5, target dead [ 538.187735][ T4496] binder: undelivered TRANSACTION_ERROR: 29201 [ 539.971034][ C1] vkms_vblank_simulate: vblank timer overrun [ 555.649233][ T4683] mmap: syz.1.405 (4683) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 556.893857][ T4687] netlink: 'syz.1.406': attribute type 3 has an invalid length. [ 558.991812][ T4705] netlink: 128 bytes leftover after parsing attributes in process `syz.0.413'. [ 559.436177][ T4697] syzkaller1: entered promiscuous mode [ 559.436764][ T4697] syzkaller1: entered allmulticast mode [ 568.719196][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies. [ 569.867956][ T3414] usb 1-1: new low-speed USB device number 6 using dummy_hcd [ 570.151605][ T3414] usb 1-1: config index 0 descriptor too short (expected 1307, got 27) [ 570.152903][ T3414] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 570.153866][ T3414] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 570.158975][ T3414] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 570.173508][ T3414] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 570.176454][ T3414] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 570.179983][ T3414] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 570.397123][ T3414] usb 1-1: string descriptor 0 read error: -22 [ 570.401121][ T3414] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 570.402343][ T3414] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.451223][ T3414] usb 1-1: config 0 descriptor?? [ 570.518757][ T3414] hub 1-1:0.0: bad descriptor, ignoring hub [ 570.519956][ T3414] hub 1-1:0.0: probe with driver hub failed with error -5 [ 571.666023][ T3414] usb 1-1: USB disconnect, device number 6 [ 573.869590][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 577.321760][ T4765] binder: 4760:4765 BC_FREE_BUFFER u0000000000000000 no match [ 577.322388][ T4765] binder: 4760:4765 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 577.323019][ T4765] binder: 4765 RLIMIT_NICE not set [ 591.794578][ T3416] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 591.964899][ T3416] usb 1-1: Using ep0 maxpacket: 16 [ 592.022982][ T3416] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 592.023632][ T3416] usb 1-1: config 0 has no interface number 0 [ 592.087771][ T3416] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 592.088448][ T3416] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.089036][ T3416] usb 1-1: Product: syz [ 592.090895][ T3416] usb 1-1: Manufacturer: syz [ 592.091419][ T3416] usb 1-1: SerialNumber: syz [ 592.120555][ T3416] usb 1-1: config 0 descriptor?? [ 602.181552][ T4833] netlink: 28 bytes leftover after parsing attributes in process `syz.1.454'. [ 602.465183][ T3416] usb 1-1: USB disconnect, device number 7 [ 605.979881][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 608.696203][ T3416] usb 1-1: new low-speed USB device number 8 using dummy_hcd [ 608.945127][ T3416] usb 1-1: config index 0 descriptor too short (expected 1307, got 27) [ 608.947057][ T3416] usb 1-1: config 0 has an invalid interface number: 0 but max is -1 [ 608.947860][ T3416] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 608.948894][ T3416] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 608.950132][ T3416] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 608.951875][ T3416] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 608.952866][ T3416] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 609.020130][ T3416] usb 1-1: string descriptor 0 read error: -22 [ 609.021802][ T3416] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 609.022672][ T3416] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 609.045448][ T3416] usb 1-1: config 0 descriptor?? [ 609.110229][ T3416] hub 1-1:0.0: bad descriptor, ignoring hub [ 609.110983][ T3416] hub 1-1:0.0: probe with driver hub failed with error -5 [ 610.255440][ T3416] usb 1-1: USB disconnect, device number 8 [ 610.889320][ T4871] batadv_slave_0: entered promiscuous mode [ 626.422932][ T4920] hsr0: entered allmulticast mode [ 626.426884][ T4920] hsr_slave_0: entered allmulticast mode [ 626.429639][ T4920] hsr_slave_1: entered allmulticast mode [ 631.443397][ T4945] random: crng reseeded on system resumption [ 641.573947][ T4979] input: syz1 as /devices/virtual/input/input2 [ 649.799897][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x4 [ 649.801892][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x2 [ 649.804755][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 649.806325][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 649.807595][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 649.808855][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 649.810198][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 649.811642][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 649.813269][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 649.815408][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 649.817368][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 649.818831][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 649.819971][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 649.821494][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 649.823409][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 649.826053][ T25] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x0 [ 649.848289][ T25] hid-generic 0000:3000000:0000.0004: hidraw0: HID v0.00 Device [sy] on syz0 [ 652.426470][ T5003] Process accounting resumed [ 655.926869][ T3416] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 656.322347][ T3416] usb 1-1: New USB device found, idVendor=8086, idProduct=0630, bcdDevice=83.b4 [ 656.323653][ T3416] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 656.335649][ T3416] usb 1-1: Product: syz [ 656.336633][ T3416] usb 1-1: Manufacturer: syz [ 656.337505][ T3416] usb 1-1: SerialNumber: syz [ 656.371668][ T3416] usb 1-1: config 0 descriptor?? [ 656.653680][ T3416] usb 1-1: USB disconnect, device number 9 [ 659.239845][ T5036] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 659.289402][ T5036] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 659.929745][ T5034] input: syz0 as /devices/virtual/input/input3 [ 680.392297][ T5069] binder: 5068:5069 tried to acquire reference to desc 0, got 1 instead [ 680.430101][ T5069] binder: 5068:5069 got transaction with invalid data ptr [ 680.438866][ T5069] binder: 5068:5069 transaction call to 5068:0 failed 11/29201/-14, size 0-24 line 3436 [ 680.458988][ T1879] binder: undelivered TRANSACTION_ERROR: 29201 [ 685.077763][ T5090] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 685.083363][ T5090] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 707.797849][ T5150] ptrace attach of "/syz-executor exec"[3271] was attempted by "/syz-executor exec"[5150] [ 724.525122][ T3358] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 724.798339][ T3358] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 724.799683][ T3358] usb 1-1: config 0 has no interfaces? [ 724.800678][ T3358] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 724.827567][ T3358] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 724.859292][ T3358] usb 1-1: config 0 descriptor?? [ 735.182895][ T3334] usb 1-1: USB disconnect, device number 10 [ 738.975897][ T5236] netlink: 88 bytes leftover after parsing attributes in process `syz.0.578'. [ 746.789056][ T5258] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 746.791521][ T5258] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 758.172607][ T5293] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 761.459006][ T5306] serio: Serial port ptm0 [ 764.228484][ T5313] netlink: 'syz.1.601': attribute type 10 has an invalid length. [ 764.810573][ T5318] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 764.817086][ T5318] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 766.415655][ T3358] usb 1-1: new low-speed USB device number 11 using dummy_hcd [ 766.596788][ T3358] usb 1-1: config 0 has no interfaces? [ 766.628930][ T3358] usb 1-1: string descriptor 0 read error: -22 [ 767.555822][ T3358] usb 1-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 767.557556][ T3358] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 768.561883][ T3358] usb 1-1: config 0 descriptor?? [ 770.018846][ T25] usb 1-1: USB disconnect, device number 11 [ 779.606496][ T5364] binder: 5363:5364 got transaction to invalid handle, 2 [ 779.607733][ T5364] binder: 5364:5363 cannot find target node [ 779.610916][ T5364] binder: 5363:5364 transaction call to 0:0 failed 14/29201/-22, size 0-0 line 3145 [ 779.655513][ T3358] binder: undelivered TRANSACTION_ERROR: 29201 [ 788.635949][ T5402] netlink: 12 bytes leftover after parsing attributes in process `syz.1.632'. [ 819.523385][ T5469] can0: slcan on ttyS3. [ 819.668415][ T5468] can0 (unregistered): slcan off ttyS3. [ 820.175483][ T1879] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 820.359436][ T1879] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 820.361017][ T1879] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 820.362617][ T1879] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 820.363810][ T1879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 820.396890][ T1879] usb 1-1: config 0 descriptor?? [ 820.906277][ T1879] hid-generic 0003:046D:C222.0005: unknown main item tag 0x0 [ 820.907904][ T1879] hid-generic 0003:046D:C222.0005: collection stack underflow [ 820.909234][ T1879] hid-generic 0003:046D:C222.0005: item 0 0 0 12 parsing failed [ 820.911891][ T1879] hid-generic 0003:046D:C222.0005: probe with driver hid-generic failed with error -22 [ 821.124371][ T25] usb 1-1: USB disconnect, device number 12 [ 828.845588][ T25] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 828.995422][ T25] usb 1-1: Using ep0 maxpacket: 16 [ 829.029429][ T25] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 829.031163][ T25] usb 1-1: config 0 has no interface number 0 [ 829.071860][ T25] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 829.073828][ T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 829.077979][ T25] usb 1-1: Product: syz [ 829.078839][ T25] usb 1-1: Manufacturer: syz [ 829.079276][ T25] usb 1-1: SerialNumber: syz [ 829.089229][ T25] usb 1-1: config 0 descriptor?? [ 839.701009][ T25] usb 1-1: USB disconnect, device number 13 [ 840.665620][ T25] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 840.936157][ T25] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 840.937688][ T25] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 840.939049][ T25] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 840.940171][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 840.989829][ T25] usb 1-1: config 0 descriptor?? [ 841.271314][ T5524] netlink: 32 bytes leftover after parsing attributes in process `syz.0.672'. [ 841.289863][ T25] usb 1-1: USB disconnect, device number 14 [ 848.726069][ T5545] netlink: 20 bytes leftover after parsing attributes in process `syz.1.678'. [ 852.050118][ T5558] netlink: 60 bytes leftover after parsing attributes in process `syz.1.684'. [ 852.051342][ T5558] netlink: 16 bytes leftover after parsing attributes in process `syz.1.684'. [ 852.061381][ T5558] netlink: 60 bytes leftover after parsing attributes in process `syz.1.684'. [ 864.219460][ T5577] ptrace attach of "/syz-executor exec"[5579] was attempted by "\x5c"[5577] [ 864.311482][ T5580] netlink: 'syz.0.690': attribute type 10 has an invalid length. [ 880.795369][ T3358] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 881.039203][ T3358] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 881.040032][ T3358] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 881.040691][ T3358] usb 1-1: New USB device found, idVendor=046d, idProduct=c534, bcdDevice= 0.00 [ 881.041257][ T3358] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 881.061430][ T3358] usb 1-1: config 0 descriptor?? [ 881.569260][ T3358] hid-generic 0003:046D:C534.0006: unknown main item tag 0x0 [ 881.601454][ T3358] hid-generic 0003:046D:C534.0006: hidraw0: USB HID v0.00 Device [HID 046d:c534] on usb-dummy_hcd.0-1/input0 [ 881.815199][ T3358] usb 1-1: USB disconnect, device number 15 [ 904.115223][ T5708] syz.0.732 (5708): drop_caches: 1 [ 904.184819][ T5708] syz.0.732 (5708): drop_caches: 1 [ 906.363375][ T5738] vti0: entered allmulticast mode [ 909.002282][ T5746] syz.1.744 (5746): drop_caches: 2 [ 909.010354][ T5746] syz.1.744 (5746): drop_caches: 2 [ 909.387244][ T5751] vlan2: entered promiscuous mode [ 909.393841][ T5751] vlan2: entered allmulticast mode [ 909.397008][ T5751] veth1_vlan: entered allmulticast mode [ 909.545402][ T5751] netlink: 4 bytes leftover after parsing attributes in process `syz.1.746'. [ 909.688005][ T5751] hsr_slave_1 (unregistering): left promiscuous mode [ 914.580831][ T5787] vlan2: entered allmulticast mode [ 917.290991][ T5822] Illegal XDP return value 4294967294 on prog (id 22) dev N/A, expect packet loss! [ 921.047440][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 926.563140][ T5925] sctp: [Deprecated]: syz.0.809 (pid 5925) Use of int in max_burst socket option deprecated. [ 926.563140][ T5925] Use struct sctp_assoc_value instead [ 927.893233][ T5938] xt_connbytes: Forcing CT accounting to be enabled [ 931.327569][ T5983] netlink: 4 bytes leftover after parsing attributes in process `syz.0.834'. [ 931.561815][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 932.981014][ T6007] netlink: 8 bytes leftover after parsing attributes in process `syz.1.841'. [ 933.767656][ T6017] syzkaller1: entered promiscuous mode [ 933.768808][ T6017] syzkaller1: entered allmulticast mode [ 935.941570][ T6048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.859'. [ 936.550188][ T6058] netlink: 8 bytes leftover after parsing attributes in process `syz.0.863'. [ 936.552144][ T6058] netlink: 4 bytes leftover after parsing attributes in process `syz.0.863'. [ 936.553183][ T6059] netlink: 24 bytes leftover after parsing attributes in process `syz.1.864'. [ 936.868620][ T6065] netlink: 244 bytes leftover after parsing attributes in process `syz.1.867'. [ 938.163180][ T6084] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2 [ 939.841632][ T6095] netlink: 12 bytes leftover after parsing attributes in process `syz.1.879'. [ 940.032166][ T6099] netlink: 48 bytes leftover after parsing attributes in process `syz.1.881'. [ 940.892191][ T6112] TCP: tcp_parse_options: Illegal window scaling value 112 > 14 received [ 941.011203][ T6114] netlink: 28 bytes leftover after parsing attributes in process `syz.1.888'. [ 941.186162][ T6117] netlink: 'syz.1.889': attribute type 39 has an invalid length. [ 945.668023][ T6140] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.897'. [ 945.677845][ T6137] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.897'. [ 948.754707][ T6158] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 949.312551][ T6164] syz_tun: entered promiscuous mode [ 949.333114][ T6164] syz_tun: left promiscuous mode [ 951.498657][ T6191] vlan1: entered promiscuous mode [ 951.503096][ T6191] vlan1: left promiscuous mode [ 955.065245][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 960.030209][ T6261] netlink: 8 bytes leftover after parsing attributes in process `syz.1.943'. [ 961.240135][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 964.399686][ T6288] netlink: 8 bytes leftover after parsing attributes in process `syz.1.953'. [ 969.595485][ T6365] pim6reg1: entered promiscuous mode [ 969.596609][ T6365] pim6reg1: entered allmulticast mode [ 972.142541][ T6412] netlink: 8 bytes leftover after parsing attributes in process `syz.1.996'. [ 973.845586][ T6429] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1005'. [ 976.353070][ T6458] netlink: 'syz.0.1017': attribute type 10 has an invalid length. [ 976.833557][ T6461] netlink: 'syz.0.1019': attribute type 12 has an invalid length. [ 976.835882][ T6461] netlink: 120 bytes leftover after parsing attributes in process `syz.0.1019'. [ 981.667974][ T6502] ------------[ cut here ]------------ [ 981.675127][ T6502] WARNING: CPU: 1 PID: 6502 at arch/arm64/include/asm/kvm_emulate.h:536 kvm_handle_mmio_return+0x1b4/0x1f4 [ 981.678065][ T6502] Modules linked in: [ 981.680232][ T6502] CPU: 1 UID: 0 PID: 6502 Comm: syz.0.1037 Not tainted 6.12.0-rc6-syzkaller-00279-gde2f378f2b77 #0 [ 981.682834][ T6502] Hardware name: linux,dummy-virt (DT) [ 981.684028][ T6502] pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 981.685153][ T6502] pc : kvm_handle_mmio_return+0x1b4/0x1f4 [ 981.686132][ T6502] lr : kvm_arch_vcpu_ioctl_run+0x1ac/0x854 [ 981.686923][ T6502] sp : ffff8000895c3ab0 [ 981.687513][ T6502] x29: ffff8000895c3ab0 x28: fdf00000076da480 x27: 0000000000000000 [ 981.689066][ T6502] x26: 0000000000000000 x25: f9f00000095f3768 x24: f9f00000095f3720 [ 981.690328][ T6502] x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000 [ 981.691666][ T6502] x20: fdf000000a995000 x19: f9f00000095f3720 x18: ffffffffffffffff [ 981.693003][ T6502] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000895c3aa0 [ 981.694476][ T6502] x14: ffff8000895c3d88 x13: ffff8000895c3d4a x12: 6d766b3a65646f6e [ 981.695610][ T6502] x11: 0000000000000000 x10: 0000000000000078 x9 : 000000000000008b [ 981.697373][ T6502] x8 : ffff8000895c3d98 x7 : 0000000000000000 x6 : 0000000000005452 [ 981.698854][ T6502] x5 : 0000000000000005 x4 : f8f0000006068e40 x3 : fdf00000076da480 [ 981.700241][ T6502] x2 : 0000000000000000 x1 : 00000000939f0045 x0 : 0000000000000001 [ 981.701749][ T6502] Call trace: [ 981.702380][ T6502] kvm_handle_mmio_return+0x1b4/0x1f4 [ 981.703183][ T6502] kvm_arch_vcpu_ioctl_run+0x1ac/0x854 [ 981.704025][ T6502] kvm_vcpu_ioctl+0x294/0xa04 [ 981.704811][ T6502] __arm64_sys_ioctl+0xac/0xf0 [ 981.705538][ T6502] invoke_syscall+0x48/0x110 [ 981.706182][ T6502] el0_svc_common.constprop.0+0x40/0xe0 [ 981.706911][ T6502] do_el0_svc+0x1c/0x28 [ 981.707572][ T6502] el0_svc+0x30/0xdc [ 981.708475][ T6502] el0t_64_sync_handler+0x100/0x12c [ 981.709366][ T6502] el0t_64_sync+0x19c/0x1a0 [ 981.710257][ T6502] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 982.869995][ T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 982.950249][ T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 983.048896][ T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 983.132209][ T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 984.572801][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 984.652785][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 984.700519][ T13] bond0 (unregistering): Released all slaves [ 984.970445][ T13] hsr_slave_0: left promiscuous mode [ 985.046045][ T13] hsr_slave_1: left promiscuous mode [ 985.136882][ T13] veth1_vlan: left promiscuous mode [ 985.886317][ T13] hsr0 (unregistering): left allmulticast mode [ 987.849558][ T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 987.936105][ T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 988.068364][ T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 988.165790][ T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 989.591276][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 989.632385][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 989.681178][ T13] bond0 (unregistering): Released all slaves [ 989.835586][ T13] hsr_slave_0: left promiscuous mode [ 989.922593][ T13] veth1_vlan: left allmulticast mode [ 989.926262][ T13] veth1_macvtap: left promiscuous mode [ 989.926899][ T13] veth0_macvtap: left promiscuous mode [ 989.927914][ T13] veth1_vlan: left promiscuous mode [ 989.928930][ T13] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 17:25:59 Registers: info registers vcpu 0 CPU#0 PC=ffff800081a3bbbc X00=ffff800081a3bbb8 X01=ffff800081330618 X02=0000000000000004 X03=0000000000000024 X04=0000000000000024 X05=0000ffffa57ef034 X06=f6f00000096ca028 X07=f9ddcfafc9d047b3 X08=0000000000000000 X09=0000000000000000 X10=0000000000000000 X11=0000000000000000 X12=0000000000000000 X13=0000000000000000 X14=0000000000000000 X15=fbf000000a867c76 X16=0000000000000000 X17=0000000000000000 X18=0000000000000000 X19=000000000002f8bc X20=ffff8000829d2180 X21=000000e468281200 X22=0000000000000000 X23=ffff800082950d74 X24=f3f0000006659d28 X25=0000000000000024 X26=0000000000000040 X27=f6f00000096ca000 X28=f3f0000006659c80 X29=ffff800088c13a70 X30=ffff800081330630 SP=ffff800088c13a70 PSTATE=61400009 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff800081a0f320 X00=000000000000006c X01=fdf00000076da480 X02=ffff800082a78e88 X03=0000000000000000 X04=0000000000000000 X05=fff000007f8e43c8 X06=80000000ffffe000 X07=ffff8000827fe5d0 X08=00000000ffffdfff X09=ffff80008274e5d0 X10=ffff8000827fe5d0 X11=000000000000046e X12=0000000000000d4a X13=ffff80008274e5d0 X14=373330312e302e7a X15=69617420746f4e20 X16=312e36206465746e X17=2d3663722d302e32 X18=ffffffffffffffff X19=ffff80008295073b X20=fdf00000076dabf0 X21=ffff80008244c588 X22=ffff80008244c588 X23=ffff80008298bb40 X24=0000000000000001 X25=0000000000001966 X26=0000000000000000 X27=ffff80008244c588 X28=fdf00000076da480 X29=ffff8000895c36b0 X30=ffff800081a0f294 SP=ffff8000895c3690 PSTATE=624003c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffff00000007 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000000000c000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d503201fd503201f:d503201fd503201f Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d503201fd503201f:d503201fd503201f Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d503201fd503201f:d503201fd503201f Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d503201fd503201f:d503201fd503201f Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffff874d6458:0000ffff874d6450 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffff874d6468:0000ffff874d6460 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffd00e1560:0000ffffd00e1560 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffd00e1530 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000