last executing test programs: 7.449927338s ago: executing program 1 (id=301): r0 = socket(0x1d, 0x2, 0x6) unshare(0x20000400) bind$unix(r0, 0x0, 0x0) 7.251490986s ago: executing program 1 (id=302): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000022c0)=ANY=[@ANYBLOB="b70200000800"], 0x0}, 0x94) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x20000000, @dev={0xfe, 0x80, '\x00', 0x1e}, 0x8}, 0x1c) getsockopt$sock_buf(r0, 0x1, 0x19, &(0x7f0000002f80)=""/217, &(0x7f0000003080)=0xd9) 7.188347428s ago: executing program 1 (id=303): syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000d00)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000880)={0x2, 0x4e23, @rand_addr=0x64010101}, 0x10, &(0x7f0000000a80)}}], 0x2, 0x4000) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x16c}}, 0x4000000) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$kcm(0xa, 0x922000000003, 0x11) sendmsg$sock(r2, 0x0, 0x0) openat$cgroup_ro(r1, 0x0, 0x275a, 0x0) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) r4 = openat$cgroup(r3, &(0x7f0000000180)='syz1\x00', 0x200002, 0x0) r5 = openat$cgroup_procs(r4, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000c40), 0x12) 6.985043527s ago: executing program 1 (id=304): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0xffffff1f, 0x70bd2a, 0x1, {0x0, 0x0, 0x0, 0x0, 0x200}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IKEY={0x8, 0x4, 0xfffffffc}]}}}]}, 0x44}}, 0x0) 6.847747353s ago: executing program 1 (id=305): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r4) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r5, 0x0, 0x80000}, 0x18) kexec_load(0x0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) memfd_secret(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) 2.649115253s ago: executing program 0 (id=306): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000004c0), r0) sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)={0x38, r1, 0xc88719ede475f2bf, 0x70bd29, 0x25dfdbfe, {}, [@IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xfffe}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x3}]}, 0x38}, 0x1, 0x0, 0x0, 0x8040}, 0x44000) 1.656940883s ago: executing program 0 (id=307): sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x3c, 0x0, 0x20, 0x70b92e, 0x25dfdbfb, {}, [@ETHTOOL_A_COALESCE_TX_USECS_LOW={0x8, 0x10, 0xc0000}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES={0x8, 0x7, 0x6}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5, 0x18, 0x1}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH={0x8, 0x16, 0x10001}, @ETHTOOL_A_COALESCE_RX_USECS_IRQ={0x8, 0x4, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x851}, 0x4014) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c0017800400ad0014"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) 1.358449815s ago: executing program 0 (id=308): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000007380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)={0x3c, r1, 0xe096044a3fc9e6f1, 0xffffffff, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x81}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0xfa}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x3c}, 0x1, 0x0, 0x0, 0x200000d0}, 0x8050) 259.4533ms ago: executing program 0 (id=309): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x2404c8c0) socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c0009000800"], 0x4c}}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 191.709252ms ago: executing program 1 (id=310): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newlink={0x20, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1, 0xc000}}, 0x20}, 0x1, 0x0, 0x0, 0x404c084}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$kcm(0xa, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x890b, &(0x7f0000000000)={r0}) 109.988836ms ago: executing program 0 (id=311): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) 0s ago: executing program 0 (id=312): syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00') r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180000002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r0, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44) r1 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x12}, 0x80, &(0x7f0000000140)=[{&(0x7f00000006c0)="6204", 0x2}], 0x1}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:22370' (ED25519) to the list of known hosts. syzkaller login: [ 130.494586][ T3307] cgroup: Unknown subsys name 'net' [ 130.716854][ T3307] cgroup: Unknown subsys name 'cpuset' [ 130.760094][ T3307] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 131.497221][ T3307] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 147.467540][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.502474][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.883432][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.915947][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 149.408683][ T3313] hsr_slave_0: entered promiscuous mode [ 149.417096][ T3313] hsr_slave_1: entered promiscuous mode [ 149.856873][ T3312] hsr_slave_0: entered promiscuous mode [ 149.867347][ T3312] hsr_slave_1: entered promiscuous mode [ 149.873788][ T3312] debugfs: 'hsr0' already exists in 'hsr' [ 149.876559][ T3312] Cannot create hsr debugfs directory [ 151.098838][ T3313] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 151.160207][ T3313] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 151.191769][ T3313] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 151.213512][ T3313] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 151.523001][ T3312] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 151.557175][ T3312] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 151.588196][ T3312] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 151.624795][ T3312] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 152.819341][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.006949][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.535724][ T3313] veth0_vlan: entered promiscuous mode [ 158.615697][ T3313] veth1_vlan: entered promiscuous mode [ 158.824272][ T3312] veth0_vlan: entered promiscuous mode [ 158.947299][ T3312] veth1_vlan: entered promiscuous mode [ 158.999709][ T3313] veth0_macvtap: entered promiscuous mode [ 159.057995][ T3313] veth1_macvtap: entered promiscuous mode [ 159.295072][ T3312] veth0_macvtap: entered promiscuous mode [ 159.354117][ T113] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.372802][ T3312] veth1_macvtap: entered promiscuous mode [ 159.379753][ T113] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.384437][ T113] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.384969][ T113] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.789281][ T54] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.803709][ T54] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.807907][ T54] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.830205][ T54] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.114361][ T3313] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 161.428165][ T3461] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 161.436806][ T3461] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 161.805256][ T3462] Zero length message leads to an empty skb [ 169.118733][ T3412] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 170.029577][ T3496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 170.036572][ T3496] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 170.041716][ T3412] usb 1-1: Using ep0 maxpacket: 16 [ 170.076647][ T3412] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 170.091507][ T3412] usb 1-1: config 0 has no interface number 0 [ 170.093286][ T3412] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 170.136166][ T3412] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 170.141020][ T3412] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 170.144436][ T3412] usb 1-1: Product: syz [ 170.146600][ T3412] usb 1-1: SerialNumber: syz [ 170.168632][ T3412] usb 1-1: config 0 descriptor?? [ 170.217159][ T3412] cm109 1-1:0.8: invalid payload size 34, expected 4 [ 170.263033][ T3412] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input1 [ 170.458708][ T3499] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 170.465834][ T3499] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 170.657075][ C1] cm109 1-1:0.8: cm109_urb_irq_callback: urb status -71 [ 170.658699][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 170.659717][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 170.661037][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 170.661787][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 170.662401][ T3381] usb 1-1: USB disconnect, device number 2 [ 170.662982][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 170.663335][ C1] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 170.692972][ T3381] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 170.766033][ T3501] syz.1.15 uses obsolete (PF_INET,SOCK_PACKET) [ 171.261977][ T3381] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 171.491122][ T3381] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 171.491522][ T3381] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.511937][ T3381] usb 1-1: config 0 descriptor?? [ 173.182290][ T3381] pegasus 1-1:0.0: can't reset MAC [ 173.183982][ T3381] pegasus 1-1:0.0: probe with driver pegasus failed with error -5 [ 173.279199][ T3381] usb 1-1: USB disconnect, device number 3 [ 176.461150][ T3528] binder: 3527:3528 ioctl c0306201 20000080 returned -14 [ 176.476725][ T3528] binder: 3527:3528 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 176.477126][ T3528] binder: 3528 RLIMIT_NICE not set [ 179.237912][ T3542] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 179.921849][ T3412] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 180.171683][ T3412] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 180.172719][ T3412] usb 1-1: config 0 has no interface number 0 [ 180.173446][ T3412] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 180.174050][ T3412] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 180.174491][ T3412] usb 1-1: config 0 interface 255 has no altsetting 0 [ 180.265698][ T3412] usb 1-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd [ 180.268416][ T3412] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 180.271194][ T3412] usb 1-1: Product: syz [ 180.272554][ T3412] usb 1-1: Manufacturer: syz [ 180.273931][ T3412] usb 1-1: SerialNumber: syz [ 180.297578][ T3412] usb 1-1: config 0 descriptor?? [ 180.566777][ T3412] usb 1-1: USB disconnect, device number 4 [ 182.093333][ T3565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 182.122339][ T3565] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 194.002043][ T3603] netlink: 'syz.1.48': attribute type 2 has an invalid length. [ 194.019895][ T3603] netlink: 132 bytes leftover after parsing attributes in process `syz.1.48'. [ 194.082498][ T3605] netlink: 64691 bytes leftover after parsing attributes in process `syz.0.50'. [ 195.053965][ T3616] netlink: 184 bytes leftover after parsing attributes in process `syz.0.55'. [ 206.021597][ T40] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 206.069718][ T3676] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 206.078960][ T3676] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 206.201683][ T40] usb 1-1: Using ep0 maxpacket: 16 [ 206.240139][ T40] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 206.243840][ T40] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 206.261148][ T40] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 206.301184][ T40] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 206.305036][ T40] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.312289][ T40] usb 1-1: Product: syz [ 206.316258][ T40] usb 1-1: Manufacturer: syz [ 206.321029][ T40] usb 1-1: SerialNumber: syz [ 206.799527][ T40] usb 1-1: 0:2 : does not exist [ 208.969811][ T40] usb 1-1: USB disconnect, device number 5 [ 209.552382][ T40] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 209.751346][ T40] usb 1-1: Using ep0 maxpacket: 32 [ 209.778732][ T40] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 209.779301][ T40] usb 1-1: config 0 has no interface number 0 [ 209.846639][ T40] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 209.850759][ T40] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.856454][ T40] usb 1-1: Product: syz [ 209.860913][ T40] usb 1-1: Manufacturer: syz [ 209.870967][ T40] usb 1-1: SerialNumber: syz [ 209.895551][ T40] usb 1-1: config 0 descriptor?? [ 209.946974][ T40] smsc95xx v2.0.0 [ 210.397244][ T40] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 210.401998][ T40] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 210.529813][ T3681] udevd[3681]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 211.486019][ T40] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 211.496943][ T40] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 211.544264][ T40] usb 1-1: USB disconnect, device number 6 [ 212.718220][ T3717] netlink: 8 bytes leftover after parsing attributes in process `syz.0.91'. [ 214.811627][ T3735] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 216.816626][ T3753] ptrace attach of "/syz-executor exec"[3312] was attempted by ""[3753] [ 216.994230][ T3755] binder: 3754:3755 tried to acquire reference to desc 0, got 1 instead [ 217.024390][ T3755] binder_alloc: 3754: binder_alloc_buf, no vma [ 217.025133][ T3755] binder: cannot allocate buffer: vma cleared, target dead or dying [ 217.034884][ T3755] binder: 3754:3755 transaction async to 3754:0 failed 7/29189/-3, code 0 size 0-0 line 3335 [ 217.049827][ T9] binder: undelivered TRANSACTION_ERROR: 29189 [ 217.601508][ T40] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 217.771259][ T40] usb 1-1: Using ep0 maxpacket: 8 [ 217.851403][ T40] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 217.854882][ T40] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.859273][ T40] usb 1-1: Product: syz [ 217.862318][ T40] usb 1-1: Manufacturer: syz [ 217.869854][ T40] usb 1-1: SerialNumber: syz [ 217.892679][ T40] usb 1-1: config 0 descriptor?? [ 218.646484][ T3770] capability: warning: `syz.1.113' uses 32-bit capabilities (legacy support in use) [ 221.157692][ T3788] binder: 3787:3788 tried to acquire reference to desc 0, got 1 instead [ 221.167061][ T3788] binder: 3787:3788 got reply transaction with bad transaction stack, transaction 12 has target 3787:0 [ 221.169409][ T3788] binder: 3787:3788 transaction reply to 0:0 failed 13/29201/-71, code 0 size 0-0 line 3069 [ 221.177476][ T3497] binder: release 3787:3788 transaction 12 out, still active [ 221.179580][ T3497] binder: undelivered TRANSACTION_COMPLETE [ 221.182687][ T3497] binder: undelivered TRANSACTION_ERROR: 29201 [ 221.198909][ T3497] binder: send failed reply for transaction 12, target dead [ 221.265159][ T3790] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 221.268669][ T3790] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 221.465422][ T3792] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 221.471778][ T3792] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 221.604712][ T3794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 221.608842][ T3794] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 221.826230][ T3799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 221.832576][ T3799] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.157313][ T3828] syzkaller1: entered promiscuous mode [ 225.162376][ T3828] syzkaller1: entered allmulticast mode [ 225.577759][ T3830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.585135][ T3830] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.781343][ T3832] binder: 3831:3832 ioctl c0306201 20000080 returned -14 [ 225.805634][ T3832] binder: 3831:3832 tried to acquire reference to desc 0, got 1 instead [ 225.817082][ T3832] binder: 3831:3832 not enough space to store 5 fds in buffer [ 225.821770][ T3832] binder: 3832:3831 translate fd array failed [ 225.827530][ T3832] binder: 3831:3832 transaction call to 3831:0 failed 18/29201/-22, code 0 size 112-24 line 3591 [ 225.838617][ T9] binder: undelivered TRANSACTION_ERROR: 29201 [ 226.727162][ T3841] netlink: 'syz.1.143': attribute type 4 has an invalid length. [ 227.325221][ T3847] netlink: 12 bytes leftover after parsing attributes in process `syz.1.146'. [ 227.875471][ T3853] binder: 3852:3853 ioctl c0306201 20000080 returned -14 [ 227.892748][ T3853] binder: 3852:3853 tried to acquire reference to desc 0, got 1 instead [ 227.898097][ T3853] binder: 3852:3853 got transaction with invalid offsets ptr [ 227.899079][ T3853] binder: 3852:3853 transaction call to 3852:0 failed 23/29201/-22, code 0 size 112-24 line 3680 [ 227.906408][ T9] binder: undelivered TRANSACTION_ERROR: 29201 [ 228.216326][ T3412] usb 1-1: USB disconnect, device number 7 [ 228.250973][ T3857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 228.253366][ T3857] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.045254][ T3866] input: syz1 as /devices/virtual/input/input2 [ 230.011859][ T3875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 230.017506][ T3875] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 230.441642][ T3879] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 230.461281][ T3879] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 231.708221][ T3886] binder: 3885:3886 tried to acquire reference to desc 0, got 1 instead [ 231.715319][ T3886] binder: cannot allocate buffer [ 231.716018][ T3886] binder: 3885:3886 transaction call to 3885:0 failed 28/29201/-22, code 0 size 0-24 line 3335 [ 231.730816][ T10] binder: undelivered TRANSACTION_ERROR: 29201 [ 235.052277][ T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 235.211745][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 235.287059][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 235.287892][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c539, bcdDevice= 0.00 [ 235.288085][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.346396][ T9] usb 1-1: config 0 descriptor?? [ 235.928266][ T9] hid-generic 0003:046D:C539.0001: hidraw0: USB HID v0.00 Device [HID 046d:c539] on usb-dummy_hcd.0-1/input0 [ 236.097840][ T3412] usb 1-1: USB disconnect, device number 8 [ 236.414519][ T3941] netlink: 20 bytes leftover after parsing attributes in process `syz.0.184'. [ 236.796354][ T3945] netlink: 8 bytes leftover after parsing attributes in process `syz.0.185'. [ 236.796972][ T3945] netlink: 8 bytes leftover after parsing attributes in process `syz.0.185'. [ 236.806716][ T3945] netlink: 8 bytes leftover after parsing attributes in process `syz.0.185'. [ 237.057751][ T3938] fido_id[3938]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 238.251747][ T10] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 238.467607][ T10] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 238.468212][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.468970][ T10] usb 1-1: Product: syz [ 238.469211][ T10] usb 1-1: Manufacturer: syz [ 238.469414][ T10] usb 1-1: SerialNumber: syz [ 238.501888][ T10] usb 1-1: config 0 descriptor?? [ 239.911606][ T3958] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 240.078746][ T3963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 240.088818][ T3963] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 240.502304][ T3967] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 240.504553][ T3967] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 248.458124][ T3996] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 248.459850][ T3996] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 248.809259][ T9] usb 1-1: USB disconnect, device number 9 [ 249.323306][ T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 249.507275][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 249.508137][ T9] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 249.508447][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.534697][ T9] usb 1-1: config 0 descriptor?? [ 253.905893][ T4010] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 253.908380][ T4010] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 254.092345][ T4013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 254.103386][ T4013] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 255.022269][ T4020] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.024837][ T4020] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 259.634551][ T4043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 259.655589][ T4043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 259.693135][ T4043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 259.695552][ T4043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 259.932542][ T3412] usb 1-1: USB disconnect, device number 10 [ 260.961318][ T3497] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 261.137111][ T3497] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 261.138054][ T3497] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 261.138313][ T3497] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.173416][ T3497] usb 1-1: config 0 descriptor?? [ 263.231488][ T4059] 8021q: adding VLAN 0 to HW filter on device bond1 [ 263.725557][ T4066] netlink: 'syz.1.230': attribute type 1 has an invalid length. [ 263.731025][ T4066] netlink: 12 bytes leftover after parsing attributes in process `syz.1.230'. [ 263.737034][ T4066] nbd: must specify at least one socket [ 264.055392][ T4070] netlink: 'syz.1.232': attribute type 1 has an invalid length. [ 265.104589][ T3497] usbhid 1-1:0.0: can't add hid device: -71 [ 265.105900][ T3497] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 265.195978][ T3497] usb 1-1: USB disconnect, device number 11 [ 266.661932][ T4094] netlink: 8 bytes leftover after parsing attributes in process `syz.1.238'. [ 268.544214][ T10] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 268.706845][ T4119] netlink: 4 bytes leftover after parsing attributes in process `syz.1.246'. [ 268.721228][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 268.744269][ T4119] lo speed is unknown, defaulting to 1000 [ 268.746804][ T4119] lo speed is unknown, defaulting to 1000 [ 268.755023][ T4119] lo speed is unknown, defaulting to 1000 [ 268.764465][ T10] usb 1-1: config index 0 descriptor too short (expected 44, got 36) [ 268.769018][ T10] usb 1-1: config 0 has an invalid interface number: 126 but max is 0 [ 268.773587][ T10] usb 1-1: config 0 has no interface number 0 [ 268.777134][ T10] usb 1-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023 [ 268.783463][ T10] usb 1-1: config 0 interface 126 altsetting 16 endpoint 0x82 has invalid wMaxPacketSize 0 [ 268.783952][ T10] usb 1-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 0 [ 268.784153][ T10] usb 1-1: config 0 interface 126 has no altsetting 0 [ 268.812347][ T4119] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 268.835313][ T10] usb 1-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c [ 268.835701][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.836046][ T10] usb 1-1: Product: syz [ 268.836218][ T10] usb 1-1: Manufacturer: syz [ 268.836405][ T10] usb 1-1: SerialNumber: syz [ 268.861706][ T4119] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 268.885817][ T10] usb 1-1: config 0 descriptor?? [ 268.902097][ T4115] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 269.025752][ T4119] lo speed is unknown, defaulting to 1000 [ 269.083756][ T4119] lo speed is unknown, defaulting to 1000 [ 269.325624][ T4119] netlink: 'syz.1.246': attribute type 4 has an invalid length. [ 269.362494][ T10] ir_usb 1-1:0.126: IR Dongle converter detected [ 269.373098][ T10] usb 1-1: IRDA class descriptor not found, device not bound [ 269.431557][ T10] usb 1-1: USB disconnect, device number 12 [ 269.907805][ T4125] syzkaller1: entered promiscuous mode [ 269.910815][ T4125] syzkaller1: entered allmulticast mode [ 271.517063][ T4140] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.704726][ T4140] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.842750][ T4140] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.977249][ T4140] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 275.296513][ T39] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.453443][ T39] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.578856][ T39] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 275.676024][ T39] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.059998][ T54] netdevsim netdevsim1 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.066661][ T54] netdevsim netdevsim1 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.067156][ T54] netdevsim netdevsim1 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.067528][ T54] netdevsim netdevsim1 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.771529][ T4182] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 280.775017][ T4182] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 284.067033][ T4191] netlink: 8 bytes leftover after parsing attributes in process `syz.1.270'. [ 284.386542][ T4193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 284.399149][ T4193] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 286.313550][ T4205] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 286.325850][ T4205] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 288.234978][ T4220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 288.245979][ T4220] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.794317][ T4241] netlink: 8 bytes leftover after parsing attributes in process `syz.1.291'. [ 292.868395][ T4241] netlink: 12 bytes leftover after parsing attributes in process `syz.1.291'. [ 294.123091][ T3575] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 294.327905][ T3575] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 294.328364][ T3575] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 294.328508][ T3575] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.366396][ T3575] usb 1-1: config 0 descriptor?? [ 299.689252][ T3575] usbhid 1-1:0.0: can't add hid device: -32 [ 299.691310][ T3575] usbhid 1-1:0.0: probe with driver usbhid failed with error -32 [ 304.849627][ T4271] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 309.283447][ T4154] usb 1-1: USB disconnect, device number 13 [ 312.137490][ T4301] ------------[ cut here ]------------ [ 312.137945][ T4301] verifier bug: not inlined functions bpf_probe_read_user#112 is missing func(1) [ 312.144110][ T4301] WARNING: CPU: 0 PID: 4301 at kernel/bpf/verifier.c:22838 do_misc_fixups+0x1784/0x1ab4 [ 312.150890][ T4301] Modules linked in: [ 312.152430][ T4301] CPU: 0 UID: 0 PID: 4301 Comm: syz.0.312 Not tainted syzkaller #0 PREEMPT [ 312.154185][ T4301] Hardware name: linux,dummy-virt (DT) [ 312.154729][ T4301] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 312.155509][ T4301] pc : do_misc_fixups+0x1784/0x1ab4 [ 312.156086][ T4301] lr : do_misc_fixups+0x1784/0x1ab4 [ 312.156643][ T4301] sp : ffff800089c839a0 [ 312.157081][ T4301] x29: ffff800089c839a0 x28: f0ff80008358d000 x27: 0000000000000009 [ 312.158274][ T4301] x26: f3f0000008e38000 x25: 0000000000000000 x24: f3f0000008e3e200 [ 312.159089][ T4301] x23: 000000000000f0ff x22: 0000000000000009 x21: f3f0000008e3e128 [ 312.159864][ T4301] x20: f3f0000008e38aa8 x19: ffff80008242bb10 x18: 0000000000000000 [ 312.160847][ T4301] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffda5bff78 [ 312.161737][ T4301] x14: 000000000000026b x13: 0000000000000000 x12: ffff800082911258 [ 312.162524][ T4301] x11: 00000000000000c0 x10: aeb953055dcf4543 x9 : e0c2e38a3ab47ca3 [ 312.163406][ T4301] x8 : f5f000000addb6f8 x7 : 0000000000000004 x6 : 00000002129009f5 [ 312.164264][ T4301] x5 : 0000000000000002 x4 : fbffff3fffffffff x3 : 000000000000ffff [ 312.164984][ T4301] x2 : 0000000000000000 x1 : 0000000000000000 x0 : f5f000000adda500 [ 312.165936][ T4301] Call trace: [ 312.166538][ T4301] do_misc_fixups+0x1784/0x1ab4 (P) [ 312.167364][ T4301] bpf_check+0x1308/0x2aac [ 312.167910][ T4301] bpf_prog_load+0x634/0xb74 [ 312.168379][ T4301] __sys_bpf+0x2e0/0x1a3c [ 312.168898][ T4301] __arm64_sys_bpf+0x24/0x34 [ 312.169386][ T4301] invoke_syscall+0x48/0x110 [ 312.169922][ T4301] el0_svc_common.constprop.0+0x40/0xe0 [ 312.170678][ T4301] do_el0_svc+0x1c/0x28 [ 312.171126][ T4301] el0_svc+0x34/0x10c [ 312.171557][ T4301] el0t_64_sync_handler+0xa0/0xe4 [ 312.172095][ T4301] el0t_64_sync+0x1a4/0x1a8 [ 312.172814][ T4301] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 312.905564][ T54] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 312.989186][ T54] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.089555][ T54] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 313.179951][ T54] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 314.163668][ T54] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 314.221119][ T54] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 314.273492][ T54] bond0 (unregistering): Released all slaves [ 314.426483][ T54] hsr_slave_0: left promiscuous mode [ 314.432200][ T54] hsr_slave_1: left promiscuous mode [ 314.456818][ T54] veth1_macvtap: left promiscuous mode [ 314.458971][ T54] veth0_macvtap: left promiscuous mode [ 314.462881][ T54] veth1_vlan: left promiscuous mode [ 314.464976][ T54] veth0_vlan: left promiscuous mode [ 317.487642][ T54] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 317.515363][ T54] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 317.580077][ T54] bond0 (unregistering): Released all slaves [ 317.617775][ T54] bond1 (unregistering): Released all slaves [ 317.834925][ T54] hsr_slave_0: left promiscuous mode [ 317.846606][ T54] hsr_slave_1: left promiscuous mode VM DIAGNOSIS: 08:07:39 Registers: info registers vcpu 0 CPU#0 PC=ffff800081b02830 X00=00000000fffffffa X01=000000000000002a X02=ffff800089c83300 X03=ffff800082671858 X04=ffff800082671856 X05=ffff800082091580 X06=ffff800089c83428 X07=00000000ffffffff X08=ffff800089c835c0 X09=00000000000010cd X10=0000000000000001 X11=0000000000000001 X12=ffff8000829ef238 X13=ffff800089c83433 X14=ffff800089c83428 X15=ffff800089c83260 X16=0000000000000000 X17=0000000000000000 X18=00000000ffffffff X19=ffff800082671857 X20=0000000000000400 X21=ffff800082671856 X22=ffff800089c83428 X23=0000000000000004 X24=ffff800089c835c8 X25=0000000000000000 X26=0000000000000008 X27=ffff800089c8345e X28=ffff800082671856 X29=ffff800089c83250 X30=118f800081b069d8 SP=ffff800089c83250 PSTATE=a24023c9 N-C- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2525252525252525:2525252525252525 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000756c6c2570:6f6f6c2f7665642f Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:fff000f0000000f0 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff000000ff00:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:fff000f000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bb448243222c92da:e3914ed4e87380b0 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffda5bff90:0000ffffda5bff90 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffda5bff60 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff80008058ff14 X00=ffff800089c03b78 X01=000000009a683f6e X02=f4f00000063b80d8 X03=0000000000000000 X04=66326395cca85b25 X05=f5f000000ca54890 X06=0000000000000010 X07=7f7f7f7f7f7f7f7f X08=0101010101010101 X09=00000000000000a4 X10=0000000000000000 X11=0000000000000000 X12=0000000000000000 X13=0000000000000000 X14=0000000000000000 X15=0000000000000000 X16=0000000000000000 X17=0000000000000000 X18=0000000000000000 X19=f5f000000403e680 X20=ffff800089c03b98 X21=f5f0000006339a30 X22=ffff80008058fed8 X23=f5f0000006339a20 X24=0000000000000000 X25=0000000000000000 X26=0000000000000000 X27=0000000000000000 X28=fcf000000afe1280 X29=ffff800089c03a80 X30=0fdf80008058ff58 SP=ffff800089c03a50 PSTATE=61402009 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:372f6b636f6c622f:7665642f7379732f Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00303a372f6b636f:6c622f7665642f73 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff0000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffff00000000:ffffffff00ff0000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffff0000ffff0f00 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00c00000cc000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2c3230322c313032:2c3030322c38462c Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2c3630322c353032:2c3430322c333032 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc3ca5db0:0000ffffc3ca5db0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd8:0000ffffc3ca5d80 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000