last executing test programs: 4m5.862403571s ago: executing program 1 (id=247): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000000)='mm_lru_insertion\x00'}, 0x10) r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000084c05e60c00000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000540)='kfree\x00', r2}, 0x10) syz_usb_control_io(r0, &(0x7f00000005c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000090"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000700)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="2001"], 0x0}) 4m5.304610827s ago: executing program 1 (id=248): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x3, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x200}}}}}}, 0x0) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001dc0), r0) sendmsg$MPTCP_PM_CMD_ANNOUNCE(r0, &(0x7f0000002880)={0x0, 0x0, &(0x7f0000002840)={&(0x7f0000002800)={0x14, r2, 0x1, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0) 4m4.615555316s ago: executing program 1 (id=250): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r2, @ANYBLOB="00000000000000002400128009000100626f6e64000000001400028008000000000000000800090001"], 0x44}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=r5, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c0002800800070003"], 0x3c}}, 0x0) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000008060001080006040002aaaaaaaaaaaaac1414bbaaaaaa9745aaaa00"], 0x0) 4m2.403217039s ago: executing program 1 (id=253): r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x4a, &(0x7f00000000c0)=ANY=[], 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000dc0)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB=' \x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) fcntl$setstatus(r2, 0x4, 0x40800) preadv(r2, &(0x7f0000000280)=[{&(0x7f0000000340)=""/186, 0xba}], 0x1, 0x0, 0x0) 4m1.320789179s ago: executing program 1 (id=254): mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'netdevsim0\x00', 0x0}) unshare(0x62040200) r2 = gettid() sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r1, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r2], 0x28}}, 0x0) 3m58.80231551s ago: executing program 1 (id=257): ioctl$TIOCL_GETMOUSEREPORTING(0xffffffffffffffff, 0x5412, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x6021a}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000400)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x4, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x6, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @loopback, @multicast2}, "00186371ae9b1c03"}}}}}, 0x0) 3m56.550592023s ago: executing program 0 (id=261): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="7800000039000900000f0f000000000001000000040000000c000180cafc080005470000080002"], 0x78}}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x2, &(0x7f0000000040)=[{&(0x7f00000000c0)="1800000039000517d25a80648c63940d0324fc600b003540", 0x18}], 0x1, 0x0, 0x0, 0x6c000000}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000056c0), r1) 3m55.480545533s ago: executing program 0 (id=262): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c00000031000301000000000000000001"], 0x1c}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x1c, 0x31, 0x103, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x8, 0x4, 0x0, 0x1, [@typed={0x4, 0x4c}]}]}, 0x1c}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)={0x14, 0x31, 0x107, 0x0, 0x0, {0x3, 0x7c}}, 0x14}}, 0x10) 3m55.028290446s ago: executing program 0 (id=263): keyctl$session_to_parent(0x12) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{}, {}, {0x6}]}) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$session_to_parent(0x12) 3m52.055931389s ago: executing program 0 (id=264): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) r1 = landlock_create_ruleset(&(0x7f0000000100)={0x2010, 0x0, 0x3}, 0x18, 0x0) landlock_restrict_self(r1, 0x0) landlock_restrict_self(r0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = gettid() ioctl$sock_SIOCSPGRP(r3, 0x8902, &(0x7f00000000c0)=r4) sendto$unix(r2, &(0x7f00000001c0)="fa", 0x2, 0x1, 0x0, 0x0) 3m50.883757982s ago: executing program 0 (id=265): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3a}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e29, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x16, 0x1}}}}}}, 0x0) 3m50.551232512s ago: executing program 0 (id=266): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) unshare(0x62040200) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x22048854, &(0x7f0000000200)={0x2, 0x4e23, @empty}, 0x10) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) 0s ago: executing program 32 (id=266): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) unshare(0x62040200) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x22048854, &(0x7f0000000200)={0x2, 0x4e23, @empty}, 0x10) r1 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:13177' (ED25519) to the list of known hosts. syzkaller login: [ 125.176161][ T3265] cgroup: Unknown subsys name 'net' [ 125.514055][ T3265] cgroup: Unknown subsys name 'cpuset' [ 125.555819][ T3265] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 126.537977][ T3265] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 136.411384][ T3270] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 136.443836][ T3270] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 136.794042][ T3271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 136.826841][ T3271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 138.587832][ T3270] hsr_slave_0: entered promiscuous mode [ 138.639567][ T3270] hsr_slave_1: entered promiscuous mode [ 139.040789][ T3271] hsr_slave_0: entered promiscuous mode [ 139.117763][ T3271] hsr_slave_1: entered promiscuous mode [ 139.156555][ T3271] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 139.159893][ T3271] Cannot create hsr debugfs directory [ 140.433163][ T3270] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 140.488208][ T3270] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 140.539967][ T3270] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 140.597532][ T3270] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 140.765642][ T3271] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 140.811293][ T3271] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 140.827738][ T3271] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 140.847707][ T3271] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 142.607810][ T3270] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.978418][ T3271] 8021q: adding VLAN 0 to HW filter on device bond0 [ 149.523703][ T3270] veth0_vlan: entered promiscuous mode [ 149.619259][ T3270] veth1_vlan: entered promiscuous mode [ 149.900735][ T3271] veth0_vlan: entered promiscuous mode [ 149.993824][ T3271] veth1_vlan: entered promiscuous mode [ 150.026394][ T3270] veth0_macvtap: entered promiscuous mode [ 150.071462][ T3270] veth1_macvtap: entered promiscuous mode [ 150.486819][ T3270] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.488197][ T3270] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.489290][ T3270] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.490333][ T3270] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.536347][ T3271] veth0_macvtap: entered promiscuous mode [ 150.591432][ T3271] veth1_macvtap: entered promiscuous mode [ 150.990685][ T3271] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.992043][ T3271] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.993262][ T3271] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.994421][ T3271] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.130168][ T3270] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 151.874395][ T3408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 151.880370][ T3408] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 152.663014][ T3416] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 153.520776][ T3420] wg2: entered promiscuous mode [ 153.562067][ T3420] wg2: entered allmulticast mode [ 156.441699][ T3436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 156.444449][ T3436] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 173.108152][ T3447] netlink: 312 bytes leftover after parsing attributes in process `syz.0.16'. [ 174.992629][ T3453] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 177.643463][ T3461] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 181.141669][ T3468] syzkaller0: entered promiscuous mode [ 181.142677][ T3468] syzkaller0: entered allmulticast mode [ 182.256530][ T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 182.619685][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.621064][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.623962][ T25] usb 1-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 182.629258][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.651792][ T25] usb 1-1: config 0 descriptor?? [ 183.113514][ T25] hid-generic 0003:0EEF:72D0.0001: unknown main item tag 0x0 [ 183.116191][ T25] hid-generic 0003:0EEF:72D0.0001: unknown main item tag 0x0 [ 183.117456][ T25] hid-generic 0003:0EEF:72D0.0001: unknown main item tag 0x0 [ 183.119317][ T25] hid-generic 0003:0EEF:72D0.0001: unknown main item tag 0x0 [ 183.120427][ T25] hid-generic 0003:0EEF:72D0.0001: unknown main item tag 0x0 [ 183.143215][ T25] hid-generic 0003:0EEF:72D0.0001: hidraw0: USB HID v0.00 Device [HID 0eef:72d0] on usb-dummy_hcd.0-1/input0 [ 183.316464][ T8] usb 1-1: USB disconnect, device number 2 [ 189.217662][ T25] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 189.492758][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 189.494245][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 189.511202][ T25] usb 1-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 189.512478][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.553043][ T25] usb 1-1: config 0 descriptor?? [ 190.223868][ T25] usbhid 1-1:0.0: can't add hid device: -71 [ 190.240329][ T25] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 190.309821][ T25] usb 1-1: USB disconnect, device number 3 [ 206.055407][ T3514] serio: Serial port ptm0 [ 209.086746][ T3525] pim6reg1: entered promiscuous mode [ 209.087743][ T3525] pim6reg1: entered allmulticast mode [ 225.762633][ T3659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.768025][ T3659] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 226.008108][ T3661] netem: incorrect gi model size [ 226.009072][ T3661] netem: change failed [ 234.446261][ T3676] serio: Serial port ptm0 [ 239.608185][ T3691] netlink: 4 bytes leftover after parsing attributes in process `syz.1.67'. [ 240.030866][ T3695] netlink: 12 bytes leftover after parsing attributes in process `syz.1.69'. [ 240.032097][ T3695] netlink: 16 bytes leftover after parsing attributes in process `syz.1.69'. [ 245.202565][ T3712] fuse: Bad value for 'fd' [ 255.321576][ T3734] netlink: 8 bytes leftover after parsing attributes in process `syz.1.85'. [ 255.328075][ T3734] netlink: 4 bytes leftover after parsing attributes in process `syz.1.85'. [ 255.343869][ T3734] netlink: 4 bytes leftover after parsing attributes in process `syz.1.85'. [ 262.702259][ T3762] input: syz0 as /devices/virtual/input/input1 [ 266.351614][ T3776] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 266.354164][ T3776] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 305.559261][ T3917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 305.561102][ T3917] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 322.383083][ T3948] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 322.393584][ T3948] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 339.725249][ C0] hrtimer: interrupt took 878944 ns [ 343.207231][ T3989] netlink: 296 bytes leftover after parsing attributes in process `syz.1.146'. [ 438.240513][ T4224] x_tables: duplicate underflow at hook 3 [ 446.235520][ T4237] netlink: 12 bytes leftover after parsing attributes in process `syz.0.197'. [ 468.113468][ T4272] xt_hashlimit: size too large, truncated to 1048576 [ 473.128548][ T4283] netlink: 52 bytes leftover after parsing attributes in process `syz.1.212'. [ 473.582991][ T4285] futex_wake_op: syz.1.213 tries to shift op by 144; fix this program [ 493.664215][ T4317] netlink: 20 bytes leftover after parsing attributes in process `syz.0.224'. [ 493.673900][ T4317] IPv6: NLM_F_REPLACE set, but no existing node found! [ 499.157662][ T4333] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 499.160339][ T4333] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 530.688229][ T4377] netlink: 296 bytes leftover after parsing attributes in process `syz.1.238'. [ 537.178427][ T4383] Illegal XDP return value 69088000 on prog (id 13) dev N/A, expect packet loss! [ 541.177172][ T4396] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 541.180074][ T4396] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 542.951634][ T3615] bond0: (slave bond_slave_0): interface is now down [ 542.954554][ T3615] bond0: (slave bond_slave_1): interface is now down [ 543.002827][ T3615] bond0: (slave bond_slave_0): interface is now down [ 543.005638][ T3615] bond0: (slave bond_slave_1): interface is now down [ 543.026797][ T3627] bond0: (slave bond_slave_0): interface is now down [ 543.027778][ T3627] bond0: (slave bond_slave_1): interface is now down [ 543.046150][ T3615] bond0: (slave bond_slave_0): interface is now down [ 543.047157][ T3615] bond0: (slave bond_slave_1): interface is now down [ 543.066586][ T3627] bond0: (slave bond_slave_0): interface is now down [ 543.068664][ T3627] bond0: (slave bond_slave_1): interface is now down [ 543.086396][ T3627] bond0: (slave bond_slave_0): interface is now down [ 543.088954][ T3627] bond0: (slave bond_slave_1): interface is now down [ 543.121689][ T3627] bond0: now running without any active interface! [ 543.171095][ T4401] netlink: 'syz.1.250': attribute type 10 has an invalid length. [ 543.238178][ T4401] syz_tun: entered promiscuous mode [ 543.402885][ T3606] bond0: (slave bond_slave_0): interface is now down [ 543.418225][ T3606] bond0: (slave bond_slave_1): interface is now down [ 543.443190][ T3606] bond0: (slave bond_slave_0): interface is now down [ 543.478921][ T4404] netlink: 'syz.0.251': attribute type 10 has an invalid length. [ 543.481197][ T3606] bond0: (slave bond_slave_1): interface is now down [ 543.503613][ T3606] bond0: now running without any active interface! [ 545.007021][ T4408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 545.013352][ T4408] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 545.311922][ T4408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 545.314638][ T4408] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 549.887258][ C0] sched: DL replenish lagged too much [ 552.046577][ T29] audit: type=1326 audit(551.770:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4432 comm="syz.0.263" exe="/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffb5b4a2a8 code=0x0 [ 554.535228][ C1] vkms_vblank_simulate: vblank timer overrun [ 1408.315285][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1408.317591][ C1] rcu: (detected by 1, t=30002 jiffies, g=37561, q=540102 ncpus=2) [ 1408.318520][ C1] rcu: All QSes seen, last rcu_preempt kthread activity 30002 (4295078104-4295048102), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 1408.320750][ C1] rcu: rcu_preempt kthread starved for 30002 jiffies! g37561 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 1408.324083][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1408.328089][ C1] rcu: RCU grace-period kthread stack dump: [ 1408.330345][ C1] task:rcu_preempt state:R running task stack:0 pid:17 tgid:17 ppid:2 flags:0x00000008 [ 1408.336013][ C1] Call trace: [ 1408.337366][ C1] __switch_to+0xf0/0x150 [ 1408.339287][ C1] __schedule+0x330/0x8fc [ 1408.340879][ C1] schedule+0x34/0x104 [ 1408.342530][ C1] schedule_timeout+0x80/0xf4 [ 1408.343594][ C1] rcu_gp_fqs_loop+0x138/0x48c [ 1408.344627][ C1] rcu_gp_kthread+0x130/0x15c [ 1408.345994][ C1] kthread+0x114/0x118 [ 1408.346863][ C1] ret_from_fork+0x10/0x20 [ 1408.348125][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 1408.349948][ C1] CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0 [ 1408.352322][ C1] Hardware name: linux,dummy-virt (DT) [ 1408.354482][ C1] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1408.357193][ C1] pc : find_stack+0x84/0x134 [ 1408.358311][ C1] lr : stack_depot_save_flags+0x184/0x5c4 [ 1408.359539][ C1] sp : ffff800082b8b430 [ 1408.360538][ C1] x29: ffff800082b8b430 x28: fcf0000004c5ace0 x27: ffff800082a1d3a8 [ 1408.362612][ C1] x26: fff000007a400000 x25: fff000007adb3420 x24: 00000000009b3420 [ 1408.364512][ C1] x23: 000000004a09b342 x22: 0000000000000019 x21: 0000000000000000 [ 1408.366270][ C1] x20: ffff800082b8b4f0 x19: f4f000000308c880 x18: 0000000000000001 [ 1408.368085][ C1] x17: fcf000000931ee60 x16: 0000000000000017 x15: fdf000000d431840 [ 1408.369930][ C1] x14: 0000000000000004 x13: 0000000000000021 x12: 0000000000004788 [ 1408.371867][ C1] x11: fdf000000d431b10 x10: fdf000000d431810 x9 : f4f000000308c8a0 [ 1408.373807][ C1] x8 : 00000000000000c8 x7 : ffff800081575cd8 x6 : ffff800081575cd8 [ 1408.376075][ C1] x5 : 0000000000000038 x4 : 0000000000000003 x3 : 000000004a09b342 [ 1408.377439][ C1] x2 : 0000000000000019 x1 : ffff800082b8b4f0 x0 : fff000007adb3420 [ 1408.379008][ C1] Call trace: [ 1408.379637][ C1] find_stack+0x84/0x134 [ 1408.380432][ C1] stack_depot_save_flags+0x184/0x5c4 [ 1408.381279][ C1] kasan_save_stack+0x50/0x64 [ 1408.382104][ C1] save_stack_info+0x40/0x158 [ 1408.382913][ C1] kasan_save_free_info+0x18/0x24 [ 1408.383740][ C1] __kasan_slab_free+0x74/0x8c [ 1408.384514][ C1] kmem_cache_free+0x100/0x39c [ 1408.385381][ C1] kfree_skbmem+0xa0/0xd0 [ 1408.386111][ C1] sk_skb_reason_drop+0x9c/0xcc [ 1408.386830][ C1] nft_synproxy_do_eval+0x178/0x270 [ 1408.387613][ C1] nft_synproxy_eval+0x14/0x38 [ 1408.388403][ C1] nft_do_chain+0x108/0x484 [ 1408.389246][ C1] nft_do_chain_inet+0xa0/0x114 [ 1408.390033][ C1] nf_hook_slow+0x48/0x118 [ 1408.390820][ C1] ip_local_deliver+0xec/0x120 [ 1408.391641][ C1] ip_rcv_finish+0x90/0xb0 [ 1408.392385][ C1] ip_rcv+0xec/0xf8 [ 1408.393117][ C1] __netif_receive_skb_one_core+0x58/0x84 [ 1408.394008][ C1] __netif_receive_skb+0x18/0x60 [ 1408.394791][ C1] process_backlog+0x84/0x13c [ 1408.395700][ C1] __napi_poll+0x38/0x198 [ 1408.396390][ C1] net_rx_action+0x344/0x3c8 [ 1408.397080][ C1] handle_softirqs+0x108/0x240 [ 1408.397811][ C1] run_ksoftirqd+0x3c/0x4c [ 1408.398586][ C1] smpboot_thread_fn+0x208/0x22c [ 1408.399409][ C1] kthread+0x114/0x118 [ 1408.400177][ C1] ret_from_fork+0x10/0x20 VM DIAGNOSIS: 00:56:38 Registers: info registers vcpu 0 CPU#0 PC=ffff8000802fdb28 X00=fdf000000304f700 X01=f4f000000af726c0 X02=0000000000000100 X03=000000000072f458 X04=fff000007f8dcf40 X05=f3f000000af726ff X06=f3f000000af72780 X07=0000000000000000 X08=fdf000000304f700 X09=0000000000000820 X10=fcf000000d430404 X11=fcf000000d4304b0 X12=0000000000004788 X13=0000000000000021 X14=0000000000000001 X15=fcf000000d430440 X16=0000000000000017 X17=f6f000000931e5a0 X18=0000000000000001 X19=0000000000000820 X20=0000000000000003 X21=ffff800080156730 X22=ffff800082b431e0 X23=f6f0000003239240 X24=ffff800082b431c8 X25=ffff800082b44000 X26=0000000000000001 X27=fdf000000304f700 X28=0000000000000002 X29=ffff800082b43130 X30=ffff800081a3a8a8 SP=ffff800082b43130 PSTATE=81400009 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000010 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3670695f73250073:646e6f6365732075 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f00ff00ff00ff00f:f00ff00ff00ff00f Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000000ff000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f00ff00ff00ff00f:f00ff00ff00ff00f Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000ff000000000:00000ff000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:cc0c0000cc000000:cc0c0000cc000000 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff800081a2f088 X00=ffff80008227a058 X01=ffff80008000b9e0 X02=0000000000000025 X03=0000000000000000 X04=ffff80008227a058 X05=000000000000000f X06=ffff80008000bb08 X07=00000000ffffffff X08=00000000203a7563 X09=00000000000092b9 X10=ffff8000827fe5d0 X11=0000000000000371 X12=0000000000000a53 X13=ffff80008000bb40 X14=ffff80008000bb08 X15=ffff80008000b960 X16=3033207974697669 X17=3932342820323030 X18=00000000fffffffd X19=ffff80008227a058 X20=ffff80008000bb52 X21=0000000000000001 X22=ffff80008000bb08 X23=ffff80008000bb00 X24=ffff80008000bcb0 X25=0000000000000008 X26=ffff80008000bcb0 X27=00000000fffffff0 X28=ffff80008227a058 X29=ffff80008000b980 X30=ffff800081a3419c SP=ffff80008000b980 PSTATE=804000c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:63206f742064656c:6961460064252f68 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f00ff00ff00ff00f:f00ff00ff00ff00f Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000f000f0000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f00ff00ff00ff00f:f00ff00ff00ff00f Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000000f0f00:00000000000f0f00 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000000000c00c:000000000000c00c Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000