last executing test programs: 7.200846404s ago: executing program 0 (id=475): socket(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$inet(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x5}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f00000003c0)=[{0x0}], 0x1) writev(r4, &(0x7f0000000100)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) 5.760930273s ago: executing program 1 (id=480): unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001380)=ANY=[@ANYBLOB="300000002000010000000000000000000200000000000000000000000c00144000000000000000000500130001"], 0x30}}, 0x0) 4.662277352s ago: executing program 1 (id=481): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r1, &(0x7f0000000100)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) close(0x3) 4.512066335s ago: executing program 1 (id=482): r0 = socket$kcm(0xa, 0x3, 0x87) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f00000006c0)="62ddaefc7fc1", 0x6}], 0x1}, 0x4) write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB='\x00h'], 0x9) sendmsg$kcm(r0, &(0x7f0000000580)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f00000004c0), 0x1}, 0x0) 4.411685174s ago: executing program 1 (id=483): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000080)={0x1c, r2, 0x211, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) 3.951336595s ago: executing program 1 (id=484): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071123c00000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) 3.854858074s ago: executing program 1 (id=485): mlockall(0x3) socket$inet_udp(0x2, 0x2, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8901, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) r2 = dup3(r1, r0, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) ioctl$TUNSETDEBUG(r2, 0x5450, 0x0) 1.307380072s ago: executing program 0 (id=486): r0 = socket$unix(0x1, 0x5, 0x0) recvmmsg$unix(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}}], 0x1, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) getsockname(r2, &(0x7f0000001d40)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, &(0x7f0000000100)=0x80) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) dup3(r4, r3, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x43, 0x0, &(0x7f0000000040)) 1.010951409s ago: executing program 0 (id=487): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x3, 0x0, 0x0, 0xf}]}}, &(0x7f0000001fc0)=""/4128, 0x26, 0x1020, 0x1}, 0x20) 881.338351ms ago: executing program 0 (id=488): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000002140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000002240)={0x0, 0x0, &(0x7f0000002200)={&(0x7f0000000700)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="290a00000000000000001400000008000300", @ANYRES32=r3, @ANYBLOB="050029000c0000000600360000f3ff30"], 0x2c}}, 0x0) 150.084487ms ago: executing program 0 (id=489): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000850000004f000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000914f00850000009b00000095"], &(0x7f00000008c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 0s ago: executing program 0 (id=490): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x4, [@enum={0x3, 0x0, 0x0, 0xf}, @array]}, {0x0, [0x0, 0x61]}}, &(0x7f0000001fc0)=""/4128, 0x40, 0x1020, 0x1}, 0x20) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:2900' (ED25519) to the list of known hosts. syzkaller login: [ 82.391662][ T3261] cgroup: Unknown subsys name 'net' [ 82.876326][ T3261] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.769545][ T3261] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.652792][ T3268] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.706309][ T3268] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.320261][ T3270] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.381244][ T3270] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.997229][ T3268] hsr_slave_0: entered promiscuous mode [ 91.017033][ T3268] hsr_slave_1: entered promiscuous mode [ 91.799157][ T3270] hsr_slave_0: entered promiscuous mode [ 91.836524][ T3270] hsr_slave_1: entered promiscuous mode [ 91.874660][ T3270] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.875916][ T3270] Cannot create hsr debugfs directory [ 92.054227][ T3268] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.085667][ T3268] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.099129][ T3268] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.113365][ T3268] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.618134][ T3270] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.639814][ T3270] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.651980][ T3270] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.665913][ T3270] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.449201][ T3268] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.930790][ T3270] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.259883][ T3268] veth0_vlan: entered promiscuous mode [ 98.280852][ T3270] veth0_vlan: entered promiscuous mode [ 98.305638][ T3268] veth1_vlan: entered promiscuous mode [ 98.329757][ T3270] veth1_vlan: entered promiscuous mode [ 98.460614][ T3268] veth0_macvtap: entered promiscuous mode [ 98.509744][ T3268] veth1_macvtap: entered promiscuous mode [ 98.530175][ T3270] veth0_macvtap: entered promiscuous mode [ 98.568140][ T3270] veth1_macvtap: entered promiscuous mode [ 98.778826][ T3268] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.779741][ T3268] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.780396][ T3268] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.781030][ T3268] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.828481][ T3270] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.829178][ T3270] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.829761][ T3270] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.830335][ T3270] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.395381][ T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 103.718565][ T25] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 103.720422][ T25] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 103.722455][ T25] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 103.728844][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.788670][ T3421] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 103.822084][ T25] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 104.022835][ T10] usb 1-1: USB disconnect, device number 2 [ 104.402527][ T3423] udevd[3423]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 104.854349][ T3431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 104.856001][ T3431] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 105.089856][ T3433] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 105.092198][ T3433] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 105.932874][ T3441] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 105.934118][ T3441] IPv6: NLM_F_CREATE should be set when creating new route [ 105.935322][ T3441] IPv6: NLM_F_CREATE should be set when creating new route [ 106.344352][ T30] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 106.435639][ T3444] netlink: 24 bytes leftover after parsing attributes in process `syz.1.15'. [ 106.544374][ T30] usb 1-1: Using ep0 maxpacket: 16 [ 106.560428][ T30] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.561156][ T30] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 106.562162][ T30] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 106.563249][ T30] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.571178][ T30] usb 1-1: config 0 descriptor?? [ 107.031103][ T30] hid-generic 0003:045E:07DA.0001: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 107.424410][ T3446] usb 1-1: USB disconnect, device number 3 [ 108.684088][ T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 108.864383][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 108.901692][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 108.902420][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 108.903149][ T10] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 108.904520][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.917470][ T10] usb 1-1: config 0 descriptor?? [ 109.512923][ T10] hid-generic 0003:045E:07DA.0002: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 109.916920][ T30] usb 1-1: USB disconnect, device number 4 [ 111.723788][ C0] sched: RT throttling activated [ 113.739858][ T3471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 113.741323][ T3471] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 114.814944][ T3490] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 115.137657][ T3497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 115.139992][ T3497] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 115.997726][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 122.833973][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 125.215926][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 127.464341][ T10] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 127.662547][ T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 127.664690][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 127.666412][ T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 127.667842][ T10] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 127.668910][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.692871][ T3619] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 127.708656][ T10] hub 1-1:1.0: bad descriptor, ignoring hub [ 127.709755][ T10] hub 1-1:1.0: probe with driver hub failed with error -5 [ 127.713359][ T10] cdc_wdm 1-1:1.0: skipping garbage [ 127.715434][ T10] cdc_wdm 1-1:1.0: skipping garbage [ 127.724536][ T10] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 128.000723][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 128.001397][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 128.002406][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 128.002937][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 128.004010][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 128.004581][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 128.005421][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 128.005890][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 128.006653][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 128.007119][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 128.007952][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 128.008438][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 128.009316][ C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71 [ 128.009784][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes [ 128.010428][ C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 128.057861][ T8] usb 1-1: USB disconnect, device number 5 [ 128.614807][ T8] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 128.794635][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 128.807199][ T8] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 128.807993][ T8] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 128.808688][ T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 128.809353][ T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 128.810045][ T8] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 128.810592][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.845592][ T8] hub 1-1:1.0: bad descriptor, ignoring hub [ 128.848167][ T8] hub 1-1:1.0: probe with driver hub failed with error -5 [ 128.851749][ T8] cdc_wdm 1-1:1.0: skipping garbage [ 128.852530][ T8] cdc_wdm 1-1:1.0: skipping garbage [ 128.876022][ T8] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 129.186146][ T3446] usb 1-1: USB disconnect, device number 6 [ 130.114222][ T3446] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 130.294447][ T3446] usb 1-1: Using ep0 maxpacket: 8 [ 130.304071][ T3446] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 130.306712][ T3446] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 130.308652][ T3446] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 130.309928][ T3446] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 130.310881][ T3446] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 130.312198][ T3446] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 130.313205][ T3446] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.568054][ T3446] usb 1-1: usb_control_msg returned -32 [ 130.568646][ T3446] usbtmc 1-1:16.0: can't read capabilities [ 135.233948][ C1] hrtimer: interrupt took 482336 ns [ 139.198541][ T3631] usbtmc 1-1:16.0: usb_control_msg returned -110 [ 139.214235][ T3446] usb 1-1: USB disconnect, device number 7 [ 139.802561][ T3641] netlink: 12 bytes leftover after parsing attributes in process `syz.0.86'. [ 145.546182][ T3673] syzkaller0: entered promiscuous mode [ 145.547294][ T3673] syzkaller0: entered allmulticast mode [ 148.704670][ T3446] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 148.854812][ T3446] usb 1-1: device descriptor read/64, error -71 [ 149.124576][ T3446] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 149.274806][ T3446] usb 1-1: device descriptor read/64, error -71 [ 149.399625][ T3446] usb usb1-port1: attempt power cycle [ 149.804464][ T3446] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 149.856177][ T3446] usb 1-1: device descriptor read/8, error -71 [ 150.125348][ T3446] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 150.169116][ T3446] usb 1-1: device descriptor read/8, error -71 [ 150.287618][ T3446] usb usb1-port1: unable to enumerate USB device [ 155.543567][ T3682] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.564633][ T3682] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.887301][ T3682] hsr_slave_0: entered promiscuous mode [ 156.925359][ T3682] hsr_slave_1: entered promiscuous mode [ 156.964506][ T3682] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 156.965143][ T3682] Cannot create hsr debugfs directory [ 157.630242][ T3682] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.726036][ T3682] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.840016][ T3682] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.934594][ T3682] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.347792][ T3682] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 158.378837][ T3682] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 158.397670][ T3682] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 158.411577][ T3682] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 159.274863][ T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 159.505123][ T10] usb 1-1: device descriptor read/64, error -71 [ 159.697212][ T3682] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.784618][ T10] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 159.964704][ T10] usb 1-1: device descriptor read/64, error -71 [ 160.089751][ T10] usb usb1-port1: attempt power cycle [ 160.524816][ T10] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 160.572614][ T10] usb 1-1: device descriptor read/8, error -71 [ 160.845315][ T10] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 160.892879][ T10] usb 1-1: device descriptor read/8, error -71 [ 161.016435][ T10] usb usb1-port1: unable to enumerate USB device [ 163.747944][ T3682] veth0_vlan: entered promiscuous mode [ 163.775154][ T3682] veth1_vlan: entered promiscuous mode [ 163.863980][ T3682] veth0_macvtap: entered promiscuous mode [ 163.882639][ T3682] veth1_macvtap: entered promiscuous mode [ 164.006821][ T3682] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.007942][ T3682] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.008939][ T3682] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.009503][ T3682] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.155105][ T3791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 172.157190][ T3791] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 172.956432][ T3803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 172.963327][ T3803] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 177.277249][ T3836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 177.278602][ T3836] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 178.330878][ T3858] netlink: 24 bytes leftover after parsing attributes in process `syz.0.149'. [ 184.132665][ T3904] wg2: entered promiscuous mode [ 184.133938][ T3904] wg2: entered allmulticast mode [ 186.754492][ T3363] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 186.934337][ T3363] usb 1-1: Using ep0 maxpacket: 16 [ 186.943060][ T3363] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 186.944365][ T3363] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 186.946508][ T3363] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 186.948454][ T3363] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.958523][ T3363] usb 1-1: config 0 descriptor?? [ 187.414421][ T3363] hid-generic 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 187.821080][ T10] usb 1-1: USB disconnect, device number 16 [ 190.032044][ T29] audit: type=1326 audit(189.870:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3918 comm="syz.0.171" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8cd43de8 code=0x7ffc0000 [ 190.042853][ T29] audit: type=1326 audit(189.880:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3918 comm="syz.0.171" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8cd43de8 code=0x7ffc0000 [ 190.051650][ T29] audit: type=1326 audit(189.890:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3918 comm="syz.0.171" exe="/syz-executor" sig=0 arch=c00000b7 syscall=178 compat=0 ip=0xffff8cd43de8 code=0x7ffc0000 [ 190.066597][ T29] audit: type=1326 audit(189.890:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3918 comm="syz.0.171" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8cd43de8 code=0x7ffc0000 [ 190.068679][ T29] audit: type=1326 audit(189.900:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3918 comm="syz.0.171" exe="/syz-executor" sig=0 arch=c00000b7 syscall=272 compat=0 ip=0xffff8cd43de8 code=0x7ffc0000 [ 190.094264][ T29] audit: type=1326 audit(189.900:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3918 comm="syz.0.171" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8cd43de8 code=0x7ffc0000 [ 190.096484][ T29] audit: type=1326 audit(189.910:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3918 comm="syz.0.171" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8cd43de8 code=0x7ffc0000 [ 190.339954][ T3923] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 190.659464][ T3931] netlink: 28 bytes leftover after parsing attributes in process `syz.0.177'. [ 190.660451][ T3931] netlink: 20 bytes leftover after parsing attributes in process `syz.0.177'. [ 194.573063][ T3941] syzkaller0: entered promiscuous mode [ 194.574381][ T3941] syzkaller0: entered allmulticast mode [ 194.932502][ T3945] netlink: 28 bytes leftover after parsing attributes in process `syz.0.183'. [ 194.933132][ T3945] netlink: 24 bytes leftover after parsing attributes in process `syz.0.183'. [ 211.515714][ T25] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 211.738814][ T3992] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 211.782869][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 211.787047][ T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 211.787202][ T3992] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.788378][ T25] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 211.790834][ T25] usb 1-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 211.791973][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.813285][ T25] usb 1-1: config 0 descriptor?? [ 212.442604][ T25] hid-generic 0003:5543:0003.0004: item fetching failed at offset 5/7 [ 212.446628][ T25] hid-generic 0003:5543:0003.0004: probe with driver hid-generic failed with error -22 [ 212.644249][ T25] usb 1-1: USB disconnect, device number 17 [ 213.410327][ T3992] hsr_slave_0: entered promiscuous mode [ 213.462228][ T3992] hsr_slave_1: entered promiscuous mode [ 213.554304][ T3992] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 213.554997][ T3992] Cannot create hsr debugfs directory [ 214.204241][ T3992] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.330828][ T3992] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.486592][ T3992] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 214.591922][ T3992] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 215.026608][ T3992] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 215.049311][ T3992] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 215.072756][ T3992] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 215.114504][ T3992] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 216.120395][ T3992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 218.044305][ T3446] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 218.269569][ T3446] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 218.270354][ T3446] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 218.271055][ T3446] usb 1-1: New USB device found, idVendor=056a, idProduct=037e, bcdDevice=6c.75 [ 218.271600][ T3446] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.291251][ T3446] usb 1-1: config 0 descriptor?? [ 218.309838][ T3446] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 220.126146][ T3992] veth0_vlan: entered promiscuous mode [ 220.180035][ T3992] veth1_vlan: entered promiscuous mode [ 220.270181][ T3992] veth0_macvtap: entered promiscuous mode [ 220.287850][ T3992] veth1_macvtap: entered promiscuous mode [ 220.407241][ T3992] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.407983][ T3992] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.408600][ T3992] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.409355][ T3992] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.671023][ T4092] netlink: 'syz.1.211': attribute type 10 has an invalid length. [ 222.071270][ T29] audit: type=1326 audit(221.910:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4098 comm="syz.1.214" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9b943de8 code=0x7ffc0000 [ 222.076620][ T29] audit: type=1326 audit(221.910:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4098 comm="syz.1.214" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9b943de8 code=0x7ffc0000 [ 222.089100][ T29] audit: type=1326 audit(221.920:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4098 comm="syz.1.214" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9b943de8 code=0x7ffc0000 [ 222.096295][ T29] audit: type=1326 audit(221.930:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4098 comm="syz.1.214" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9b943de8 code=0x7ffc0000 [ 222.097763][ T29] audit: type=1326 audit(221.930:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4098 comm="syz.1.214" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9b943de8 code=0x7ffc0000 [ 222.098813][ T29] audit: type=1326 audit(221.930:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4098 comm="syz.1.214" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9b943de8 code=0x7ffc0000 [ 222.112362][ T29] audit: type=1326 audit(221.940:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4098 comm="syz.1.214" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9b943de8 code=0x7ffc0000 [ 222.114799][ T29] audit: type=1326 audit(221.940:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4098 comm="syz.1.214" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9b943de8 code=0x7ffc0000 [ 222.117213][ T29] audit: type=1326 audit(221.950:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4098 comm="syz.1.214" exe="/syz-executor" sig=0 arch=c00000b7 syscall=280 compat=0 ip=0xffff9b943de8 code=0x7ffc0000 [ 222.118987][ T29] audit: type=1326 audit(221.950:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4098 comm="syz.1.214" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff9b943de8 code=0x7ffc0000 [ 225.016200][ T4107] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.018869][ T4107] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 230.102086][ T4116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 230.108920][ T4116] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 232.141639][ T955] usb 1-1: USB disconnect, device number 18 [ 236.950222][ T4218] netlink: 4 bytes leftover after parsing attributes in process `syz.1.262'. [ 236.996676][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 236.997394][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 236.998085][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 236.998563][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 236.999162][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 236.999638][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.000355][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.000848][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.001484][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.001963][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.002597][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.003079][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.004421][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.004883][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.005478][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.005941][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.006597][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.007231][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.007923][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.008393][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.009134][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.009667][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.010250][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.010778][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.012551][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.013125][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.014366][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.014851][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.015569][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.016042][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.016675][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.017179][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.017830][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.018348][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.019052][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found [ 237.019551][ C1] vcan0: j1939_xtp_rx_dat: no rx connection found [ 237.020237][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.020872][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.021574][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.022130][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.022865][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.023919][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.024733][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.025187][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.025910][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.026434][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.027513][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.028391][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.029605][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.030426][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.031612][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.032544][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.034424][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.035366][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.037050][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.037913][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.039005][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.039928][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.041052][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.041962][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.042888][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.043933][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.045029][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.045983][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.047309][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.048301][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.049886][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.050968][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.052195][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.054141][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.055557][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.056847][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.058507][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.059717][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.061378][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.062274][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.064296][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.065648][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.067128][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.068144][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.069453][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.070531][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.071869][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.072804][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.075253][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.076731][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.078745][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.080089][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.081818][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.082761][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.084502][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.085385][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.086911][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.087945][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.089285][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.090376][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.091606][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.092164][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.092786][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.093232][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.094275][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.094734][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.095373][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.095880][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 237.096479][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 237.096927][ C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 255.562938][ T4313] process 'syz.1.292' launched './file1' with NULL argv: empty string added [ 258.236015][ T3363] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 258.424650][ T3363] usb 1-1: Using ep0 maxpacket: 8 [ 258.450161][ T3363] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 258.453169][ T3363] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 258.457209][ T3363] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 258.459414][ T3363] usb 1-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 258.462230][ T3363] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 258.465623][ T3363] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 258.466831][ T3363] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.519026][ T3363] usbtmc 1-1:16.0: bulk endpoints not found [ 272.956721][ T8] usb 1-1: USB disconnect, device number 19 [ 275.014482][ T10] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 275.204287][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 275.211897][ T10] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 275.212753][ T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 275.214093][ T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 275.215210][ T10] usb 1-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 275.216544][ T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 275.218254][ T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 275.219204][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.235946][ T10] usbtmc 1-1:16.0: bulk endpoints not found [ 289.771126][ T4112] usb 1-1: USB disconnect, device number 20 [ 290.332537][ T4354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 290.352325][ T4354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 291.731737][ T4354] hsr_slave_0: entered promiscuous mode [ 291.777675][ T4354] hsr_slave_1: entered promiscuous mode [ 291.815014][ T4354] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 291.816218][ T4354] Cannot create hsr debugfs directory [ 292.466907][ T4354] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.528652][ T4354] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.638900][ T4354] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.740177][ T4354] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 293.091799][ T4354] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 293.156046][ T4354] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 293.196123][ T4354] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 293.226915][ T4354] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 294.477261][ T3264] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 294.568604][ T4354] 8021q: adding VLAN 0 to HW filter on device bond0 [ 294.744348][ T3264] usb 1-1: Using ep0 maxpacket: 8 [ 294.832032][ T3264] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 294.833404][ T3264] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 294.839802][ T3264] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 294.841058][ T3264] usb 1-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 294.842400][ T3264] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 294.848063][ T3264] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 294.849345][ T3264] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.901379][ T3264] usbtmc 1-1:16.0: bulk endpoints not found [ 298.678087][ T4354] veth0_vlan: entered promiscuous mode [ 298.719052][ T4354] veth1_vlan: entered promiscuous mode [ 298.853120][ T4354] veth0_macvtap: entered promiscuous mode [ 298.876297][ T4354] veth1_macvtap: entered promiscuous mode [ 299.011818][ T4354] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.012582][ T4354] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.013179][ T4354] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 299.015039][ T4354] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.062148][ T4455] syzkaller0: entered promiscuous mode [ 305.062929][ T4455] syzkaller0: entered allmulticast mode [ 309.188111][ T8] usb 1-1: USB disconnect, device number 21 [ 309.898687][ T4473] netlink: 20 bytes leftover after parsing attributes in process `syz.0.326'. [ 310.624736][ T4476] syzkaller0: entered promiscuous mode [ 310.625722][ T4476] syzkaller0: entered allmulticast mode [ 317.874425][ T4112] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 318.062950][ T4112] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 318.064242][ T4112] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 318.064983][ T4112] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 318.065704][ T4112] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.076297][ T4112] usb 1-1: config 0 descriptor?? [ 318.299565][ T4518] netlink: 300 bytes leftover after parsing attributes in process `syz.0.343'. [ 318.536894][ T4112] hid-generic 0003:256C:006D.0005: unknown main item tag 0x0 [ 318.537720][ T4112] hid-generic 0003:256C:006D.0005: unknown main item tag 0x0 [ 318.538385][ T4112] hid-generic 0003:256C:006D.0005: unknown main item tag 0x0 [ 318.539050][ T4112] hid-generic 0003:256C:006D.0005: unknown main item tag 0x0 [ 318.539696][ T4112] hid-generic 0003:256C:006D.0005: unknown main item tag 0x0 [ 318.547881][ T4112] hid-generic 0003:256C:006D.0005: hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.0-1/input0 [ 332.532443][ T8] usb 1-1: USB disconnect, device number 22 [ 337.565077][ T4531] netlink: 20 bytes leftover after parsing attributes in process `syz.0.346'. [ 338.376179][ T3264] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 338.590511][ T3264] usb 1-1: Using ep0 maxpacket: 16 [ 338.606819][ T3264] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 338.607826][ T3264] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 338.608508][ T3264] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 338.609170][ T3264] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 338.617167][ T3264] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 338.617877][ T3264] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 338.618450][ T3264] usb 1-1: SerialNumber: syz [ 338.649795][ T3264] cdc_acm 1-1:1.0: Control and data interfaces are not separated! [ 338.654863][ T3264] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -12 [ 338.848352][ T3264] usb 1-1: USB disconnect, device number 23 [ 349.710466][ T4558] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 349.730428][ T4558] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 351.175645][ T4558] hsr_slave_0: entered promiscuous mode [ 351.217504][ T4558] hsr_slave_1: entered promiscuous mode [ 351.265489][ T4558] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 351.266750][ T4558] Cannot create hsr debugfs directory [ 351.846203][ T4558] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.926518][ T4558] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.004830][ T4558] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.070800][ T4558] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.457616][ T4558] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 352.477056][ T4558] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 352.493275][ T4558] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 352.510129][ T4558] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 353.574908][ T3050] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 353.814551][ T3050] usb 1-1: Using ep0 maxpacket: 8 [ 353.861775][ T4558] 8021q: adding VLAN 0 to HW filter on device bond0 [ 353.901591][ T3050] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 353.902345][ T3050] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 353.903126][ T3050] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 353.904542][ T3050] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 353.916399][ T3050] usb 1-1: config 0 descriptor?? [ 354.385971][ T3050] hid-generic 0003:1E7D:2CED.0006: collection stack underflow [ 354.386699][ T3050] hid-generic 0003:1E7D:2CED.0006: item 0 1 0 12 parsing failed [ 354.388010][ T3050] hid-generic 0003:1E7D:2CED.0006: probe with driver hid-generic failed with error -22 [ 354.594639][ T3050] usb 1-1: USB disconnect, device number 24 [ 357.985485][ T4648] Zero length message leads to an empty skb [ 358.055830][ T4558] veth0_vlan: entered promiscuous mode [ 358.087752][ T4558] veth1_vlan: entered promiscuous mode [ 358.228964][ T4558] veth0_macvtap: entered promiscuous mode [ 358.251611][ T4558] veth1_macvtap: entered promiscuous mode [ 358.377345][ T4558] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.378068][ T4558] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.378669][ T4558] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 358.379255][ T4558] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 363.908268][ T4688] netlink: 'syz.1.375': attribute type 1 has an invalid length. [ 363.909074][ T4688] netlink: 56 bytes leftover after parsing attributes in process `syz.1.375'. [ 366.066174][ T4718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 366.070064][ T4718] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 367.110597][ T4725] netlink: 'syz.1.387': attribute type 4 has an invalid length. [ 367.593002][ T4733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 367.597405][ T4733] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 367.764299][ T4736] pim6reg1: entered promiscuous mode [ 367.766102][ T4736] pim6reg1: entered allmulticast mode [ 368.025176][ T4740] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 368.026686][ T4740] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 368.127377][ T4742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 368.128880][ T4742] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 368.154397][ T955] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 368.345833][ T955] usb 1-1: Using ep0 maxpacket: 8 [ 368.432007][ T955] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 368.433360][ T955] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 368.438074][ T955] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 368.439259][ T955] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 368.440522][ T955] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 368.442061][ T955] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 368.443124][ T955] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.680437][ T955] usb 1-1: usb_control_msg returned -32 [ 368.681312][ T955] usbtmc 1-1:16.0: can't read capabilities [ 369.539635][ T4758] syz.1.400 uses obsolete (PF_INET,SOCK_PACKET) [ 372.194483][ T4761] usbtmc 1-1:16.0: usb_control_msg returned -32 [ 372.234921][ T3264] usb 1-1: USB disconnect, device number 25 [ 377.021640][ T4828] input: syz0 as /devices/virtual/input/input2 [ 377.471621][ T4835] syz_tun: entered promiscuous mode [ 377.515098][ T4834] syz_tun: left promiscuous mode [ 378.018857][ T4848] syz_tun: entered promiscuous mode [ 380.978502][ T4847] syz_tun: left promiscuous mode [ 386.125749][ T4892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 386.130141][ T4892] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 386.262491][ T4894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 386.270350][ T4894] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.614274][ T3363] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 407.794427][ T3363] usb 1-1: Using ep0 maxpacket: 32 [ 407.805529][ T3363] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 407.806402][ T3363] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 407.807264][ T3363] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 407.807898][ T3363] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.822603][ T3363] usb 1-1: config 0 descriptor?? [ 407.832169][ T4954] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 407.849637][ T3363] hub 1-1:0.0: USB hub found [ 408.090897][ T3363] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 408.160052][ T4957] netlink: 'syz.1.470': attribute type 4 has an invalid length. [ 408.331855][ T3363] hid-generic 0003:046D:C314.0007: unknown main item tag 0x0 [ 408.342645][ T3363] hid-generic 0003:046D:C314.0007: hidraw0: USB HID v8.00 Device [HID 046d:c314] on usb-dummy_hcd.0-1/input0 [ 408.654345][ T3400] usb 1-1: USB disconnect, device number 26 [ 410.662242][ T4983] netlink: 'syz.0.475': attribute type 4 has an invalid length. [ 411.417069][ T4986] netlink: 'syz.1.481': attribute type 4 has an invalid length. [ 411.445280][ T4986] netlink: 'syz.1.481': attribute type 4 has an invalid length. [ 416.123748][ T5013] ================================================================== [ 416.132874][ T5013] BUG: KASAN: slab-use-after-free in btf_datasec_check_meta+0x94/0x300 [ 416.135867][ T5013] Read at addr fdf000000dd4e480 by task syz.0.490/5013 [ 416.137548][ T5013] Pointer tag: [fd], memory tag: [fe] [ 416.139017][ T5013] [ 416.140679][ T5013] CPU: 0 UID: 0 PID: 5013 Comm: syz.0.490 Not tainted 6.11.0-rc2-syzkaller-00257-g5189dafa4cf9 #0 [ 416.142738][ T5013] Hardware name: linux,dummy-virt (DT) [ 416.144199][ T5013] Call trace: [ 416.145001][ T5013] dump_backtrace+0x94/0xec [ 416.145929][ T5013] show_stack+0x18/0x24 [ 416.146610][ T5013] dump_stack_lvl+0x78/0x90 [ 416.147318][ T5013] print_report+0x108/0x618 [ 416.148154][ T5013] kasan_report+0x88/0xac [ 416.148786][ T5013] __do_kernel_fault+0x170/0x1c8 [ 416.149419][ T5013] do_tag_check_fault+0x78/0x8c [ 416.150079][ T5013] do_mem_abort+0x44/0x94 [ 416.150983][ T5013] el1_abort+0x40/0x60 [ 416.151730][ T5013] el1h_64_sync_handler+0xd8/0xe4 [ 416.152438][ T5013] el1h_64_sync+0x64/0x68 [ 416.153078][ T5013] btf_datasec_check_meta+0x94/0x300 [ 416.153989][ T5013] btf_new_fd+0x544/0x1454 [ 416.154836][ T5013] __sys_bpf+0x8d8/0x2168 [ 416.155752][ T5013] __arm64_sys_bpf+0x24/0x34 [ 416.156378][ T5013] invoke_syscall+0x48/0x110 [ 416.157016][ T5013] el0_svc_common.constprop.0+0x40/0xe0 [ 416.157757][ T5013] do_el0_svc+0x1c/0x28 [ 416.158417][ T5013] el0_svc+0x34/0xec [ 416.159026][ T5013] el0t_64_sync_handler+0x100/0x12c [ 416.159726][ T5013] el0t_64_sync+0x19c/0x1a0 [ 416.160677][ T5013] [ 416.161165][ T5013] Allocated by task 5011: [ 416.162084][ T5013] kasan_save_stack+0x3c/0x64 [ 416.162994][ T5013] save_stack_info+0x40/0x158 [ 416.163975][ T5013] kasan_save_alloc_info+0x14/0x20 [ 416.164719][ T5013] __kasan_kmalloc+0xb4/0xb8 [ 416.165405][ T5013] __kmalloc_cache_node_noprof+0x174/0x314 [ 416.166171][ T5013] __get_vm_area_node+0x90/0x1a0 [ 416.166876][ T5013] __vmalloc_node_range_noprof+0xe4/0x848 [ 416.167658][ T5013] vmalloc_noprof+0x94/0xa4 [ 416.168311][ T5013] bpf_prog_calc_tag+0x68/0x228 [ 416.168959][ T5013] bpf_check+0x1380/0x2664 [ 416.169532][ T5013] bpf_prog_load+0x678/0xbc0 [ 416.170210][ T5013] __sys_bpf+0xc28/0x2168 [ 416.170851][ T5013] __arm64_sys_bpf+0x24/0x34 [ 416.171565][ T5013] invoke_syscall+0x48/0x110 [ 416.172263][ T5013] el0_svc_common.constprop.0+0x40/0xe0 [ 416.172982][ T5013] do_el0_svc+0x1c/0x28 [ 416.173697][ T5013] el0_svc+0x34/0xec [ 416.174532][ T5013] el0t_64_sync_handler+0x100/0x12c [ 416.175395][ T5013] el0t_64_sync+0x19c/0x1a0 [ 416.176111][ T5013] [ 416.176541][ T5013] Freed by task 5011: [ 416.177216][ T5013] kasan_save_stack+0x3c/0x64 [ 416.177904][ T5013] save_stack_info+0x40/0x158 [ 416.178572][ T5013] kasan_save_free_info+0x18/0x24 [ 416.179198][ T5013] poison_slab_object+0x178/0x1c0 [ 416.179866][ T5013] __kasan_slab_free+0x30/0x48 [ 416.180501][ T5013] kfree+0xd8/0x28c [ 416.181253][ T5013] vfree+0xf8/0x34c [ 416.181906][ T5013] bpf_prog_calc_tag+0x174/0x228 [ 416.182637][ T5013] bpf_check+0x1380/0x2664 [ 416.183359][ T5013] bpf_prog_load+0x678/0xbc0 [ 416.184308][ T5013] __sys_bpf+0xc28/0x2168 [ 416.185060][ T5013] __arm64_sys_bpf+0x24/0x34 [ 416.185738][ T5013] invoke_syscall+0x48/0x110 [ 416.186414][ T5013] el0_svc_common.constprop.0+0x40/0xe0 [ 416.187194][ T5013] do_el0_svc+0x1c/0x28 [ 416.187898][ T5013] el0_svc+0x34/0xec [ 416.188571][ T5013] el0t_64_sync_handler+0x100/0x12c [ 416.189239][ T5013] el0t_64_sync+0x19c/0x1a0 [ 416.189901][ T5013] [ 416.190361][ T5013] The buggy address belongs to the object at fff000000dd4e480 [ 416.190361][ T5013] which belongs to the cache kmalloc-64 of size 64 [ 416.192107][ T5013] The buggy address is located 0 bytes inside of [ 416.192107][ T5013] 64-byte region [fff000000dd4e480, fff000000dd4e4c0) [ 416.193550][ T5013] [ 416.194291][ T5013] The buggy address belongs to the physical page: [ 416.195489][ T5013] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xfcf000000dd4e640 pfn:0x4dd4e [ 416.197294][ T5013] flags: 0x1ffc00000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x0) [ 416.198564][ T5013] page_type: 0xfdffffff(slab) [ 416.199835][ T5013] raw: 01ffc00000000000 fdf0000003001600 dead000000000122 0000000000000000 [ 416.200819][ T5013] raw: fcf000000dd4e640 000000008040002f 00000001fdffffff 0000000000000000 [ 416.201788][ T5013] page dumped because: kasan: bad access detected [ 416.202563][ T5013] [ 416.203008][ T5013] Memory state around the buggy address: [ 416.204101][ T5013] fff000000dd4e200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 416.205463][ T5013] fff000000dd4e300: fe fe fe fe fa fa fa fa fe fe fe fe fe fe fe fe [ 416.206360][ T5013] >fff000000dd4e400: fe fe fe fe fd fd fd fd fe fe fe fe fb fb fb fb [ 416.207323][ T5013] ^ [ 416.208373][ T5013] fff000000dd4e500: f6 f6 f6 f6 fe fe fe fe f4 f4 f4 f4 fe fe fe fe [ 416.209160][ T5013] fff000000dd4e600: f5 f5 f5 f5 fe fe fe fe fe fe fe fe fe fe fe fe [ 416.210026][ T5013] ================================================================== [ 416.215264][ T5013] Disabling lock debugging due to kernel taint SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 417.196909][ T1156] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.274725][ T1156] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.342178][ T1156] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.421238][ T1156] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.335025][ T1156] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 418.384260][ T1156] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 418.449380][ T1156] bond0 (unregistering): Released all slaves [ 418.649001][ T1156] hsr_slave_0: left promiscuous mode [ 418.699494][ T1156] hsr_slave_1: left promiscuous mode [ 418.822362][ T1156] veth1_macvtap: left promiscuous mode [ 418.824564][ T1156] veth0_macvtap: left promiscuous mode [ 418.826226][ T1156] veth1_vlan: left promiscuous mode [ 418.827667][ T1156] veth0_vlan: left promiscuous mode [ 420.857875][ T1156] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.928242][ T1156] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 421.017977][ T1156] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 421.149076][ T1156] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 421.899044][ T1156] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 421.939097][ T1156] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 421.988917][ T1156] bond0 (unregistering): Released all slaves [ 422.099185][ T1156] hsr_slave_0: left promiscuous mode [ 422.136831][ T1156] hsr_slave_1: left promiscuous mode [ 422.230796][ T1156] veth1_macvtap: left promiscuous mode [ 422.231390][ T1156] veth0_macvtap: left promiscuous mode [ 422.232010][ T1156] veth1_vlan: left promiscuous mode [ 422.232568][ T1156] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 08:24:16 Registers: info registers vcpu 0 CPU#0 PC=ffff80008083f540 X00=0000000000000002 X01=0000000000000018 X02=ffff800082a45018 X03=ffff800082816c68 X04=fcf0000004210080 X05=0000000000000035 X06=312e36313420205b X07=205b5d3834353733 X08=726f6d656d202c5d X09=5b203a6761742079 X10=676174207265746e X11=202c5d64665b203a X12=5b5d383435373331 X13=205d333130355420 X14=0000000000000000 X15=ffff800089d732e0 X16=74656d5f6b636568 X17=302f343978302b61 X18=ffffffffffffffff X19=ffff800082932ee2 X20=ffff80008083f5f0 X21=fcf0000004210080 X22=ffff800082932f0b X23=00000000000000c0 X24=000000000000003b X25=ffff800082816c98 X26=ffff8000826c0030 X27=ffff800082933ad0 X28=f2f000000a6aed80 X29=ffff800089d73560 X30=ffff80008083f618 SP=ffff800089d73560 PSTATE=824000c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffff8ce96418:0000ffff8ce96430 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffff8ce96428:0000ffff8ce96470 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffff8d9fca20:0000ffff8ce96410 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffff8ce96448:0000ffff8ce96420 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffff8ce96458:0000ffff8ce96450 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffff8ce96458:0000ffff8ce96450 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffff8ce96468:0000ffff8ce96460 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc63ec1c0:0000ffffc63ec1c0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffc63ec190 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff800080341534 X00=ffff8000827ddd30 X01=ffff8000826e9d10 X02=0000000000000000 X03=ffff8000827ddd30 X04=ffffffffffffffe0 X05=0000000000000040 X06=000000000000003f X07=0000000000000000 X08=ffff800088c23d88 X09=0000000000000000 X10=0000000000000000 X11=0000000000000000 X12=0000000000000000 X13=0000000000000000 X14=0000000000000000 X15=0000000000000000 X16=0000000000000000 X17=0000000000000000 X18=0000000000000000 X19=fefefefefefefeff X20=ffff800088c23ca0 X21=f2f00000034b29c0 X22=2f2f2f2f2f2f2f2f X23=0000000000000000 X24=61c8864680b583eb X25=ffff8000827ddd30 X26=0000000000000002 X27=f8f0000006303021 X28=00000000fffffff6 X29=ffff800088c23b70 X30=ffff800080340be4 SP=ffff800088c23b70 PSTATE=21400009 --C- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000007974:69726765746e692f Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f00ff00ff00f0000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f00ff00ff00ff00f:f00ff00ff00ff00f Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff0000000000:ffffff0000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3003300330033003:3003300330033003 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bcbcbc0000000003:bcbcbc0000000003 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3000000000000000:3000000000000000 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000