last executing test programs: 5.15724948s ago: executing program 0 (id=828): bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0xd, 0x3, 0x4, 0x7, 0x1, 0xffffffffffffffff, 0x15b4}, 0x50) 5.076085384s ago: executing program 0 (id=829): openat$binderfs(0xffffffffffffff9c, 0x0, 0x1002, 0x0) r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000030020f003176c4000000000010902"], 0x0) syz_usb_disconnect(r0) syz_usb_connect(0x4, 0x4a, &(0x7f0000000080)=ANY=[], 0x0) syz_usb_control_io(r0, 0x0, 0x0) 3.826710167s ago: executing program 0 (id=833): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e21, 0x5, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c) 3.701610202s ago: executing program 0 (id=834): r0 = socket$key(0xf, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x285c, 0x4) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r1, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000003c80)="f5", 0x1}], 0x1}}], 0x1, 0x8011) 1.536376175s ago: executing program 1 (id=841): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000604000000002e"], 0x0, 0x37}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0900000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=r0, @ANYBLOB="0200000001"], 0x48) 1.395929261s ago: executing program 1 (id=842): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x14, &(0x7f0000000140)={0xffffffffffffffff}, 0x106, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r0, &(0x7f0000000080)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e24, 0xfffffffa, @loopback, 0x6}, r2}}, 0x30) 1.247857237s ago: executing program 1 (id=843): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f00000001c0)={0x1f00, 0x80, 0x1, 'queue0\x00'}) 1.126139923s ago: executing program 1 (id=844): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x18}}, &(0x7f0000000080)='syzkaller\x00', 0x5}, 0x94) 998.141428ms ago: executing program 0 (id=845): openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2037) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10400}}, 0x50) syz_fuse_handle_req(r0, &(0x7f000000a380)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000580c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000234e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000e6ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x20, 0x0, 0x2, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) writev(r2, 0x0, 0x0) close(r0) 958.290139ms ago: executing program 1 (id=846): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f000000d600)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="82", 0x1}], 0x1}}], 0x1, 0x114027d77c4637a9) 289.677238ms ago: executing program 0 (id=847): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb80393884d01a507, 0x4008032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) ioctl$UFFDIO_MOVE(r0, 0xc028aa05, &(0x7f0000000080)={&(0x7f00000e5000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, 0x2000, 0x1}) 0s ago: executing program 1 (id=848): openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000fcffffff850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r1}, &(0x7f0000000080), &(0x7f00000000c0)=r0}, 0x20) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:16502' (ED25519) to the list of known hosts. syzkaller login: [ 122.723460][ T3306] cgroup: Unknown subsys name 'net' [ 122.978590][ T3306] cgroup: Unknown subsys name 'cpuset' [ 123.018063][ T3306] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 123.641417][ T3306] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 138.997885][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 139.033778][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 139.449287][ T3311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 139.495318][ T3311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 140.920810][ T3312] hsr_slave_0: entered promiscuous mode [ 140.936531][ T3312] hsr_slave_1: entered promiscuous mode [ 141.789318][ T3311] hsr_slave_0: entered promiscuous mode [ 141.799696][ T3311] hsr_slave_1: entered promiscuous mode [ 141.808448][ T3311] debugfs: 'hsr0' already exists in 'hsr' [ 141.812213][ T3311] Cannot create hsr debugfs directory [ 142.822174][ T3312] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 142.941959][ T3312] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 143.028953][ T3312] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 143.061199][ T3312] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 143.601525][ T3311] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 143.641755][ T3311] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 143.682026][ T3311] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 143.720973][ T3311] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 144.567402][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 145.312067][ T3311] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.716917][ T3312] veth0_vlan: entered promiscuous mode [ 150.778830][ T3312] veth1_vlan: entered promiscuous mode [ 151.039755][ T3312] veth0_macvtap: entered promiscuous mode [ 151.070350][ T3312] veth1_macvtap: entered promiscuous mode [ 151.445786][ T3311] veth0_vlan: entered promiscuous mode [ 151.471142][ T1203] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.472268][ T1203] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.472702][ T1203] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.473062][ T1203] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 151.573473][ T3311] veth1_vlan: entered promiscuous mode [ 152.076833][ T3311] veth0_macvtap: entered promiscuous mode [ 152.133019][ T3311] veth1_macvtap: entered promiscuous mode [ 152.285664][ T3312] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 152.362806][ T941] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.370003][ T941] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.370426][ T941] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 152.370876][ T941] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 153.233433][ T3460] syz.1.2 uses obsolete (PF_INET,SOCK_PACKET) [ 154.281796][ T3466] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4'. [ 155.065440][ T3469] lo speed is unknown, defaulting to 1000 [ 155.068109][ T3469] lo speed is unknown, defaulting to 1000 [ 155.080342][ T3469] lo speed is unknown, defaulting to 1000 [ 155.108382][ T3469] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 155.145740][ T3469] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 155.248190][ T3469] lo speed is unknown, defaulting to 1000 [ 155.278576][ T3469] lo speed is unknown, defaulting to 1000 [ 155.900117][ T3473] mmap: syz.1.3 (3473) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 159.157053][ T3457] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 159.365796][ T3457] usb 1-1: Using ep0 maxpacket: 32 [ 159.457379][ T3457] usb 1-1: config 0 has an invalid interface number: 196 but max is 0 [ 159.457951][ T3457] usb 1-1: config 0 has no interface number 0 [ 159.459302][ T3457] usb 1-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 159.459980][ T3457] usb 1-1: config 0 interface 196 has no altsetting 0 [ 159.551052][ T3457] usb 1-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 159.551703][ T3457] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.552350][ T3457] usb 1-1: Product: syz [ 159.552574][ T3457] usb 1-1: Manufacturer: syz [ 159.552799][ T3457] usb 1-1: SerialNumber: syz [ 159.603469][ T3457] usb 1-1: config 0 descriptor?? [ 159.694460][ T3481] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 160.495452][ T3457] ipheth 1-1:0.196: ipheth_enable_ncm: usb_control_msg: 0 [ 160.571123][ T3457] ipheth 1-1:0.196: Apple iPhone USB Ethernet device attached [ 160.703312][ T3374] usb 1-1: USB disconnect, device number 2 [ 160.939986][ T3374] ipheth 1-1:0.196: Apple iPhone USB Ethernet now disconnected [ 161.023425][ T3484] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 161.846315][ T3486] block nbd0: shutting down sockets [ 162.087365][ T3489] netlink: 140 bytes leftover after parsing attributes in process `syz.0.11'. [ 162.595837][ T3374] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 162.765882][ T3374] usb 1-1: Using ep0 maxpacket: 32 [ 162.825578][ T3374] usb 1-1: config 0 has no interfaces? [ 162.881632][ T3374] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 162.886726][ T3374] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.889809][ T3374] usb 1-1: Product: syz [ 162.891673][ T3374] usb 1-1: Manufacturer: syz [ 162.893774][ T3374] usb 1-1: SerialNumber: syz [ 162.921811][ T3374] usb 1-1: config 0 descriptor?? [ 164.105259][ T3374] usb 1-1: USB disconnect, device number 3 [ 164.696044][ T3503] syzkaller1: entered promiscuous mode [ 164.698007][ T3503] syzkaller1: entered allmulticast mode [ 167.023061][ T3515] netlink: 4280 bytes leftover after parsing attributes in process `syz.1.19'. [ 179.160033][ T3532] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 179.169004][ T3532] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 191.796592][ T3583] netlink: 60 bytes leftover after parsing attributes in process `syz.0.45'. [ 207.888156][ T3381] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 208.065980][ T3381] usb 1-1: Using ep0 maxpacket: 32 [ 208.160231][ T3381] usb 1-1: config 0 has an invalid interface number: 85 but max is 0 [ 208.160882][ T3381] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 208.161491][ T3381] usb 1-1: config 0 has no interface number 0 [ 208.161955][ T3381] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 208.162310][ T3381] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 208.162634][ T3381] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 208.162952][ T3381] usb 1-1: config 0 interface 85 altsetting 7 has 5 endpoint descriptors, different from the interface descriptor's value: 6 [ 208.163214][ T3381] usb 1-1: config 0 interface 85 has no altsetting 0 [ 208.322156][ T3381] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 208.322782][ T3381] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.323294][ T3381] usb 1-1: Product: syz [ 208.323457][ T3381] usb 1-1: Manufacturer: syz [ 208.323631][ T3381] usb 1-1: SerialNumber: syz [ 208.377372][ T3381] usb 1-1: config 0 descriptor?? [ 208.662627][ T3381] usb 1-1: USB disconnect, device number 4 [ 209.195306][ T3381] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 209.390068][ T3381] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 209.390960][ T3381] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 209.391235][ T3381] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 209.391465][ T3381] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 209.397899][ T3381] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 209.440247][ T3381] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 209.440716][ T3381] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 209.440863][ T3381] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 209.441004][ T3381] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 209.441207][ T3381] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 209.504823][ T3381] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 209.505385][ T3381] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 209.505539][ T3381] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 209.505685][ T3381] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 209.505851][ T3381] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 209.678488][ T3381] usb 1-1: string descriptor 0 read error: -22 [ 209.679751][ T3381] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 209.685203][ T3381] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.797881][ T3381] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 210.006561][ T3402] usb 1-1: USB disconnect, device number 5 [ 210.131376][ T3623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.134131][ T3623] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 226.369548][ T3667] netlink: 4 bytes leftover after parsing attributes in process `syz.0.76'. [ 227.276704][ T3672] loop6: detected capacity change from 0 to 7 [ 228.528771][ T1908] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 228.583933][ T1908] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 232.248906][ T3681] hid-generic 0000:0000:0000.0001: pid 3681 passed too large report [ 235.246722][ T3713] random: crng reseeded on system resumption [ 262.473458][ T3778] syz.1.117 (3778): drop_caches: 2 [ 272.927123][ T24] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 273.200915][ T24] usb 1-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 273.201584][ T24] usb 1-1: config 1 interface 0 has no altsetting 0 [ 273.240176][ T24] usb 1-1: New USB device found, idVendor=046d, idProduct=c286, bcdDevice= 0.40 [ 273.240898][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.243907][ T24] usb 1-1: Product: syz [ 273.249158][ T24] usb 1-1: Manufacturer: syz [ 273.251637][ T24] usb 1-1: SerialNumber: syz [ 273.877318][ T24] usbhid 1-1:1.0: can't add hid device: -71 [ 273.878017][ T24] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 273.898513][ T24] usb 1-1: USB disconnect, device number 6 [ 276.117244][ T3818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 276.132375][ T3818] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 277.381983][ T3758] lo speed is unknown, defaulting to 1000 [ 292.757318][ T3868] fuse: Bad value for 'fd' [ 292.771155][ T3868] Zero length message leads to an empty skb [ 304.791161][ T3920] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 304.793328][ T3920] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 305.260219][ T3928] netlink: 20 bytes leftover after parsing attributes in process `syz.1.169'. [ 307.813735][ T3947] netlink: 16 bytes leftover after parsing attributes in process `syz.0.177'. [ 316.518019][ T3983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 316.542934][ T3983] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 318.305516][ C0] hrtimer: interrupt took 983820 ns [ 328.126583][ T4027] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 334.535802][ T40] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 334.725663][ T40] usb 1-1: Using ep0 maxpacket: 16 [ 334.778728][ T40] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 334.779407][ T40] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 334.874935][ T40] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 334.875573][ T40] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.881408][ T40] usb 1-1: Product: syz [ 334.881638][ T40] usb 1-1: Manufacturer: syz [ 334.881809][ T40] usb 1-1: SerialNumber: syz [ 334.929378][ T40] usb 1-1: config 0 descriptor?? [ 340.126300][ T4086] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 340.130540][ T4086] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 340.447147][ T4090] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 345.221842][ T3758] usb 1-1: USB disconnect, device number 7 [ 349.759578][ T4111] netlink: 32 bytes leftover after parsing attributes in process `syz.0.238'. [ 350.700286][ T4123] process 'syz.0.243' launched './file2' with NULL argv: empty string added [ 350.847360][ T4125] ptrace attach of "/syz-executor exec"[3311] was attempted by "/syz-executor exec"[4125] [ 352.271688][ T4141] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 352.323463][ T4141] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 354.217245][ T4166] capability: warning: `syz.0.262' uses deprecated v2 capabilities in a way that may be insecure [ 356.846584][ T4183] fuse: Bad value for 'fd' [ 361.848377][ T4195] fuse: Bad value for 'fd' [ 370.090629][ T4260] lo speed is unknown, defaulting to 1000 [ 371.649293][ T30] audit: type=1326 audit(884.361:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4266 comm="syz.1.303" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c068 code=0x7ffc0000 [ 371.665669][ T30] audit: type=1326 audit(884.361:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4266 comm="syz.1.303" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c068 code=0x7ffc0000 [ 371.678533][ T30] audit: type=1326 audit(884.361:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4266 comm="syz.1.303" exe="/syz-executor" sig=0 arch=c00000b7 syscall=230 compat=0 ip=0xffffbc55c068 code=0x7ffc0000 [ 371.692706][ T30] audit: type=1326 audit(884.401:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4266 comm="syz.1.303" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c068 code=0x7ffc0000 [ 373.362664][ T4280] tun0: tun_chr_ioctl cmd 1074025675 [ 373.363292][ T4280] tun0: persist disabled [ 373.579183][ T4282] netlink: 'syz.0.310': attribute type 10 has an invalid length. [ 376.417810][ T4291] netlink: 'syz.0.314': attribute type 6 has an invalid length. [ 376.651287][ T4297] lo: entered allmulticast mode [ 376.687942][ T4295] lo: left allmulticast mode [ 376.750017][ T4296] lo speed is unknown, defaulting to 1000 [ 377.763656][ T4304] netlink: 'syz.1.320': attribute type 10 has an invalid length. [ 377.895295][ T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 378.157610][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 378.158193][ T24] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 378.169554][ T24] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 378.170410][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.222185][ T24] usb 1-1: config 0 descriptor?? [ 378.538069][ T24] usb 1-1: USB disconnect, device number 8 [ 378.635370][ T4318] can0: slcan on ptm0. [ 379.238453][ T4317] can0 (unregistered): slcan off ptm0. [ 387.518021][ T4419] fuse: Bad value for 'fd' [ 387.727662][ T4422] netlink: 20 bytes leftover after parsing attributes in process `syz.0.359'. [ 388.212103][ T4431] fuse: Bad value for 'fd' [ 388.335034][ T3758] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 388.535097][ T3758] usb 1-1: Using ep0 maxpacket: 16 [ 388.563486][ T3758] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 388.566627][ T3758] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 388.688700][ T3758] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 388.689310][ T3758] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.692439][ T3758] usb 1-1: Product: syz [ 388.692644][ T3758] usb 1-1: Manufacturer: syz [ 388.692834][ T3758] usb 1-1: SerialNumber: syz [ 388.741212][ T3758] usb 1-1: config 0 descriptor?? [ 389.283053][ T4441] fuse: Bad value for 'fd' [ 391.249884][ T4466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 391.251568][ T4466] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 391.720813][ T4468] syzkaller0: create flow: hash 2727578394 index 1 [ 391.720998][ T55] syzkaller0: tun_net_xmit 76 [ 391.730164][ T55] syzkaller0: tun_net_xmit 48 [ 391.746521][ T3457] syzkaller0: tun_net_xmit 76 [ 391.755167][ T4467] syzkaller0: delete flow: hash 2727578394 index 1 [ 393.006819][ T4476] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.009199][ T4476] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.188481][ T4478] netlink: 8 bytes leftover after parsing attributes in process `syz.1.385'. [ 395.783565][ T4499] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 399.016966][ T3457] usb 1-1: USB disconnect, device number 9 [ 399.045183][ T4508] syz_tun: entered allmulticast mode [ 400.211906][ T4527] loop6: detected capacity change from 0 to 7 [ 401.533172][ T4547] syzkaller0: entered promiscuous mode [ 401.535365][ T4547] syzkaller0: entered allmulticast mode [ 402.526080][ T4563] netlink: 8 bytes leftover after parsing attributes in process `syz.0.424'. [ 402.536590][ T4563] veth0_to_bond: entered allmulticast mode [ 402.978852][ T3758] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 403.041252][ T3758] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 405.222833][ T4588] pim6reg1: entered promiscuous mode [ 405.225560][ T4588] pim6reg1: entered allmulticast mode [ 407.618442][ T4621] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.620119][ T4621] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 409.631196][ T24] lo speed is unknown, defaulting to 1000 [ 409.632031][ T24] syz2: Port: 1 Link DOWN [ 409.643695][ T39] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.653557][ T39] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.654085][ T39] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.667613][ T39] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.296645][ T4640] fuse: Bad value for 'group_id' [ 410.301445][ T4640] fuse: Bad value for 'group_id' [ 411.419424][ T4651] could not open pipe file descriptor [ 412.238913][ T4661] netlink: 48 bytes leftover after parsing attributes in process `syz.1.466'. [ 412.985158][ T24] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 413.223080][ T24] usb 1-1: config 0 has an invalid interface number: 128 but max is 0 [ 413.223564][ T24] usb 1-1: config 0 has no interface number 0 [ 413.263127][ T24] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 413.265626][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.265859][ T24] usb 1-1: Product: syz [ 413.266023][ T24] usb 1-1: Manufacturer: syz [ 413.266203][ T24] usb 1-1: SerialNumber: syz [ 413.302738][ T24] usb 1-1: config 0 descriptor?? [ 417.779038][ T4703] can0: slcan on ptm0. [ 417.900064][ T4702] can0 (unregistered): slcan off ptm0. [ 421.788191][ T4723] binder: 4722:4723 tried to acquire reference to desc 0, got 1 instead [ 421.819651][ T1908] binder: undelivered transaction 5, process died. [ 421.853061][ T1908] binder: undelivered TRANSACTION_COMPLETE [ 422.405405][ T4728] fuse: Unknown parameter 'grou00000000000000000000' [ 422.678399][ T4732] syzkaller0: entered promiscuous mode [ 422.682062][ T4732] syzkaller0: entered allmulticast mode [ 422.695173][ T4732] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 65487 [ 422.978054][ T30] audit: type=1326 audit(935.691:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4733 comm="syz.1.495" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c068 code=0x7ffc0000 [ 422.983587][ T30] audit: type=1326 audit(935.691:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4733 comm="syz.1.495" exe="/syz-executor" sig=0 arch=c00000b7 syscall=61 compat=0 ip=0xffffbc55c068 code=0x7ffc0000 [ 422.985074][ T30] audit: type=1326 audit(935.691:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4733 comm="syz.1.495" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c068 code=0x7ffc0000 [ 423.130065][ T4736] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 423.141588][ T4736] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 423.312060][ T4738] fuse: Unknown parameter 'grou00000000000000000000' [ 423.700809][ T24] usb 1-1: USB disconnect, device number 10 [ 424.386012][ T4750] fuse: Unknown parameter 'grou00000000000000000000' [ 425.069006][ T4760] fuse: Unknown parameter 'group_i00000000000000000000' [ 427.900348][ T4776] binder: 4764:4776 tried to acquire reference to desc 0, got 1 instead [ 427.909515][ T4776] binder: 4764:4776 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 427.916560][ T4776] binder: 4776 RLIMIT_NICE not set [ 427.919670][ T4776] binder: 4776 RLIMIT_NICE not set [ 427.925876][ T4776] binder: 4776 RLIMIT_NICE not set [ 427.926577][ T4776] binder_alloc: 4764: binder_alloc_buf, no vma [ 427.926741][ T4776] binder: cannot allocate buffer: vma cleared, target dead or dying [ 427.927197][ T4776] binder: 4764:4776 transaction reply to 4764:4776 failed 14/29189/-3, code 0 size 0-0 line 3335 [ 427.927610][ T4776] binder: send failed reply for transaction 13 to 4764:4776 [ 428.022098][ T4778] fuse: Unknown parameter 'group_id00000000000000000000' [ 428.229121][ T30] audit: type=1326 audit(940.941:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4779 comm="syz.1.514" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c068 code=0x7ffc0000 [ 428.239113][ T30] audit: type=1326 audit(940.941:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4779 comm="syz.1.514" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c068 code=0x7ffc0000 [ 428.241557][ T30] audit: type=1326 audit(940.951:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4779 comm="syz.1.514" exe="/syz-executor" sig=0 arch=c00000b7 syscall=197 compat=0 ip=0xffffbc55c068 code=0x7ffc0000 [ 428.250159][ T30] audit: type=1326 audit(940.951:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4779 comm="syz.1.514" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c068 code=0x7ffc0000 [ 428.258204][ T30] audit: type=1326 audit(940.961:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4779 comm="syz.1.514" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffbc55c068 code=0x7ffc0000 [ 428.706045][ T4786] loop8: detected capacity change from 0 to 8 [ 428.938413][ T4788] fuse: Unknown parameter 'group_id00000000000000000000' [ 429.363720][ T30] audit: type=1326 audit(942.071:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4764 comm="syz.0.509" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8a35c068 code=0x7fc00000 [ 429.438702][ T24] binder: undelivered TRANSACTION_ERROR: 29190 [ 429.485342][ T24] binder: undelivered TRANSACTION_COMPLETE [ 429.485938][ T24] binder: undelivered TRANSACTION_ERROR: 29189 [ 429.778201][ T4800] fuse: Unknown parameter 'group_id00000000000000000000' [ 430.075735][ T4806] netlink: 'syz.1.526': attribute type 5 has an invalid length. [ 430.419385][ T4810] fuse: Bad value for 'user_id' [ 430.422767][ T4810] fuse: Bad value for 'user_id' [ 431.133008][ T4819] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776 [ 431.133748][ T4819] PKCS7: Only support pkcs7_signedData type [ 431.327820][ T4821] fuse: Bad value for 'user_id' [ 431.331824][ T4821] fuse: Bad value for 'user_id' [ 431.749298][ T4824] [U] ‚ [ 432.341271][ T4832] fuse: Bad value for 'user_id' [ 432.341888][ T4832] fuse: Bad value for 'user_id' [ 433.312051][ T4844] fuse: Bad value for 'fd' [ 434.289165][ T4856] fuse: Bad value for 'fd' [ 434.482005][ T4858] netlink: 8 bytes leftover after parsing attributes in process `syz.1.549'. [ 434.486538][ T4858] netlink: 'syz.1.549': attribute type 32 has an invalid length. [ 434.942885][ T4863] netlink: 'syz.1.552': attribute type 29 has an invalid length. [ 434.952545][ T4863] netlink: 'syz.1.552': attribute type 29 has an invalid length. [ 435.219621][ T24] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 435.445461][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 435.508226][ T24] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 435.508926][ T24] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 435.509252][ T24] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 435.631219][ T24] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 435.631882][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 435.637801][ T24] usb 1-1: Product: syz [ 435.638052][ T24] usb 1-1: Manufacturer: syz [ 435.638243][ T24] usb 1-1: SerialNumber: syz [ 436.226827][ T24] usb 1-1: 2:1 : format type 0 is detected, processed as PCM [ 437.087168][ T24] usb 1-1: current rate 7151616 is different from the runtime rate 9338507 [ 437.628631][ T24] usb 1-1: USB disconnect, device number 11 [ 438.023489][ T4890] netlink: 28 bytes leftover after parsing attributes in process `syz.0.564'. [ 438.616478][ T4894] udevd[4894]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 441.226013][ T24] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 441.395690][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 441.508827][ T24] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 441.509492][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 441.670169][ T24] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 441.688353][ C0] vkms_vblank_simulate: vblank timer overrun [ 441.715890][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 441.716120][ T24] usb 1-1: Product: syz [ 441.716277][ T24] usb 1-1: Manufacturer: syz [ 441.716445][ T24] usb 1-1: SerialNumber: syz [ 441.767750][ T24] usb 1-1: config 0 descriptor?? [ 441.961893][ T4927] netlink: 8 bytes leftover after parsing attributes in process `syz.1.575'. [ 441.962453][ T4927] netlink: 12 bytes leftover after parsing attributes in process `syz.1.575'. [ 442.106037][ T952] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 442.106870][ T952] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 442.110558][ T4927] netlink: 8 bytes leftover after parsing attributes in process `syz.1.575'. [ 442.110751][ T4927] netlink: 12 bytes leftover after parsing attributes in process `syz.1.575'. [ 442.111929][ T952] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 442.112316][ T952] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 442.968801][ T4937] fuse: Invalid rootmode [ 444.405789][ T4953] netlink: 4 bytes leftover after parsing attributes in process `syz.1.586'. [ 447.148619][ T4961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 447.163590][ T4961] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 447.481629][ T4963] syzkaller0: entered promiscuous mode [ 447.481968][ T4963] syzkaller0: entered allmulticast mode [ 447.767667][ T4966] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 447.769752][ T4966] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 447.992665][ T4968] netlink: 4 bytes leftover after parsing attributes in process `syz.1.591'. [ 448.533501][ T4974] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 448.541045][ T4974] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 452.095676][ T1908] usb 1-1: USB disconnect, device number 12 [ 456.482338][ T5024] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 461.516272][ T40] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 461.710236][ T40] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 461.710695][ T40] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.737476][ T40] usb 1-1: config 0 descriptor?? [ 461.802929][ T40] cp210x 1-1:0.0: cp210x converter detected [ 462.229595][ T40] usb 1-1: cp210x converter now attached to ttyUSB0 [ 462.420406][ T40] usb 1-1: USB disconnect, device number 13 [ 462.502500][ T40] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 462.603505][ T40] cp210x 1-1:0.0: device disconnected [ 464.232040][ T5095] binder: 5094:5095 tried to acquire reference to desc 0, got 1 instead [ 464.246485][ T5095] binder: 5094:5095 got reply transaction with bad transaction stack, transaction 19 has target 5094:0 [ 464.250996][ T5095] binder: 5094:5095 transaction reply to 0:0 failed 26/29201/-71, code 0 size 0-0 line 3069 [ 464.267072][ T11] binder: release 5094:5095 transaction 19 out, still active [ 464.267742][ T11] binder: undelivered TRANSACTION_COMPLETE [ 464.268334][ T11] binder: undelivered TRANSACTION_ERROR: 29201 [ 464.278737][ T5097] netlink: 'syz.0.646': attribute type 1 has an invalid length. [ 464.279233][ T5097] netlink: 'syz.0.646': attribute type 2 has an invalid length. [ 464.302081][ T11] binder: send failed reply for transaction 19, target dead [ 464.505493][ T5100] netlink: 168 bytes leftover after parsing attributes in process `syz.0.648'. [ 465.035025][ T11] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 465.239420][ T11] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 465.239866][ T11] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 465.240215][ T11] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 465.240519][ T11] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 465.240714][ T11] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 465.255685][ T11] usb 1-1: config 0 descriptor?? [ 465.797003][ T11] hid-generic 0003:047F:FFFF.0003: hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 465.970433][ T11] usb 1-1: USB disconnect, device number 14 [ 466.597683][ T5115] fido_id[5115]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 467.201004][ T5134] fuse: Unknown parameter '0x0000000000000004' [ 467.399483][ T11] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 467.615193][ T11] usb 1-1: Using ep0 maxpacket: 16 [ 467.729878][ T11] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 467.730471][ T11] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 467.886336][ T11] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 467.886978][ T11] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.887611][ T11] usb 1-1: Product: syz [ 467.887824][ T11] usb 1-1: Manufacturer: syz [ 467.887991][ T11] usb 1-1: SerialNumber: syz [ 468.227976][ T11] usb 1-1: 0:2 : does not exist [ 468.317690][ T11] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 468.542949][ T11] usb 1-1: USB disconnect, device number 15 [ 469.181602][ T4793] udevd[4793]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 470.866448][ T5170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 470.868975][ T5170] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 471.743208][ T5175] syzkaller0: entered promiscuous mode [ 471.747097][ T5175] syzkaller0: entered allmulticast mode [ 472.193656][ T5181] syzkaller1: entered promiscuous mode [ 472.205681][ T5181] syzkaller1: entered allmulticast mode [ 473.468391][ T5192] netlink: 'syz.1.683': attribute type 10 has an invalid length. [ 473.481854][ T5192] netlink: 4 bytes leftover after parsing attributes in process `syz.1.683'. [ 475.116269][ T5209] netlink: 4 bytes leftover after parsing attributes in process `syz.0.690'. [ 475.372354][ T5215] netlink: 76 bytes leftover after parsing attributes in process `syz.0.691'. [ 476.537979][ T5221] netlink: 4 bytes leftover after parsing attributes in process `syz.0.693'. [ 478.002328][ T5236] netlink: 4 bytes leftover after parsing attributes in process `syz.0.697'. [ 495.864834][ T11] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 496.045048][ T11] usb 1-1: Using ep0 maxpacket: 8 [ 496.110857][ T11] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 496.121647][ T11] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 496.132879][ T11] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 496.139232][ T11] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 496.151355][ T11] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 496.156916][ T11] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.490011][ T11] usb 1-1: GET_CAPABILITIES returned 0 [ 496.492192][ T11] usbtmc 1-1:16.0: can't read capabilities [ 496.716322][ T11] usb 1-1: USB disconnect, device number 16 [ 506.545778][ T5384] netlink: 8 bytes leftover after parsing attributes in process `syz.0.747'. [ 506.777971][ T5386] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 519.951902][ T5443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 519.968566][ T5443] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 526.124816][ T11] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 526.318536][ T11] usb 1-1: config 150 has an invalid interface number: 204 but max is 2 [ 526.319010][ T11] usb 1-1: config 150 has 1 interface, different from the descriptor's value: 3 [ 526.319616][ T11] usb 1-1: config 150 has no interface number 0 [ 526.319972][ T11] usb 1-1: config 150 interface 204 has no altsetting 0 [ 526.355886][ T11] usb 1-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 526.356530][ T11] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.357230][ T11] usb 1-1: Product: syz [ 526.357399][ T11] usb 1-1: Manufacturer: syz [ 526.357596][ T11] usb 1-1: SerialNumber: syz [ 526.675433][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 526.678100][ C0] raw-gadget.0 gadget.0: ignoring, device is not running [ 526.709022][ T11] xr_serial 1-1:150.204: skipping garbage [ 526.717130][ T11] xr_serial 1-1:150.204: skipping garbage [ 526.765440][ T11] usb 1-1: USB disconnect, device number 17 [ 533.995407][ T5481] binder: 5480:5481 tried to acquire reference to desc 0, got 1 instead [ 533.998840][ T5481] binder: 5480:5481 Release 1 refcount change on invalid ref 3 ret -22 [ 536.844771][ T5494] netlink: 4 bytes leftover after parsing attributes in process `syz.0.781'. [ 537.557555][ T5504] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 537.561742][ T5504] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 540.042283][ T5520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 540.047852][ T5520] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 540.218577][ T5521] block nbd0: NBD_DISCONNECT [ 540.222699][ T5521] block nbd0: Disconnected due to user request. [ 540.226710][ T5521] block nbd0: shutting down sockets [ 545.125447][ T3381] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 545.445546][ T3381] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 545.452025][ T3381] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.603840][ T3381] usb 1-1: config 0 descriptor?? [ 548.903087][ T3381] pegasus 1-1:0.0: probe with driver pegasus failed with error -71 [ 548.925952][ T3381] usb 1-1: USB disconnect, device number 18 [ 554.865434][ T11] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 555.025050][ T11] usb 1-1: Using ep0 maxpacket: 16 [ 555.064846][ T11] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 555.065236][ T11] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 555.065709][ T11] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 555.096962][ T11] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 555.097635][ T11] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.097837][ T11] usb 1-1: Product: syz [ 555.098030][ T11] usb 1-1: Manufacturer: syz [ 555.098220][ T11] usb 1-1: SerialNumber: syz [ 555.578815][ T11] usb 1-1: 0:2 : does not exist [ 556.769326][ T11] usb 1-1: 1:0: failed to get current value for ch 0 (-22) [ 557.038399][ T11] usb 1-1: USB disconnect, device number 19 [ 557.133149][ T5583] random: crng reseeded on system resumption [ 557.527626][ T5547] udevd[5547]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 565.305260][ T3457] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 565.486341][ T3457] usb 1-1: Using ep0 maxpacket: 32 [ 565.520567][ T3457] usb 1-1: unable to get BOS descriptor or descriptor too short [ 565.528790][ T3457] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 565.529934][ T3457] usb 1-1: can't read configurations, error -71 [ 566.625118][ T3457] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 566.786377][ T3457] usb 1-1: Using ep0 maxpacket: 32 [ 566.862784][ T3457] usb 1-1: config 0 has no interfaces? [ 566.863451][ T3457] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 566.866672][ T3457] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.913653][ T3457] usb 1-1: config 0 descriptor?? [ 567.195320][ T3457] usb 1-1: USB disconnect, device number 21 [ 569.701370][ T5664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 569.715726][ T5664] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 571.490477][ T5682] ------------[ cut here ]------------ [ 571.490994][ T5682] verifier bug: not inlined functions bpf_probe_read_kernel_str#115 is missing func(1) [ 571.496454][ T5682] WARNING: CPU: 0 PID: 5682 at kernel/bpf/verifier.c:22838 do_misc_fixups+0x1784/0x1ab4 [ 571.506344][ T5682] Modules linked in: [ 571.509768][ T5682] CPU: 0 UID: 0 PID: 5682 Comm: syz.1.848 Not tainted syzkaller #0 PREEMPT [ 571.510745][ T5682] Hardware name: linux,dummy-virt (DT) [ 571.511232][ T5682] pstate: 60402009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 571.511748][ T5682] pc : do_misc_fixups+0x1784/0x1ab4 [ 571.512158][ T5682] lr : do_misc_fixups+0x1784/0x1ab4 [ 571.512492][ T5682] sp : ffff80008c4639a0 [ 571.512947][ T5682] x29: ffff80008c4639a0 x28: fdff800083b35000 x27: 0000000000000009 [ 571.513833][ T5682] x26: faf0000004e80000 x25: 0000000000000000 x24: faf0000004e86200 [ 571.514525][ T5682] x23: 000000000000f0ff x22: 0000000000000009 x21: faf0000004e86128 [ 571.515073][ T5682] x20: faf0000004e80aa8 x19: ffff80008242bb10 x18: 0000000000000000 [ 571.515721][ T5682] x17: fff07ffffcfe1000 x16: ffff800080000000 x15: 0000000000000002 [ 571.516331][ T5682] x14: 000000000000017e x13: 0000000000000000 x12: ffff800082911258 [ 571.516869][ T5682] x11: 00000000000000c0 x10: 9be0fecb51999c52 x9 : 5253a8a1d52a198e [ 571.517451][ T5682] x8 : f8f000000b8e6e78 x7 : 0000000000000004 x6 : 0000004606659b35 [ 571.517973][ T5682] x5 : 0000000000000002 x4 : fbffff3fffffffff x3 : 000000000000ffff [ 571.518535][ T5682] x2 : 0000000000000000 x1 : 0000000000000000 x0 : f8f000000b8e5c80 [ 571.519252][ T5682] Call trace: [ 571.519686][ T5682] do_misc_fixups+0x1784/0x1ab4 (P) [ 571.520241][ T5682] bpf_check+0x1308/0x2aac [ 571.520641][ T5682] bpf_prog_load+0x634/0xb74 [ 571.521002][ T5682] __sys_bpf+0x2e0/0x1a3c [ 571.521327][ T5682] __arm64_sys_bpf+0x24/0x34 [ 571.521659][ T5682] invoke_syscall+0x48/0x110 [ 571.522006][ T5682] el0_svc_common.constprop.0+0x40/0xe0 [ 571.522426][ T5682] do_el0_svc+0x1c/0x28 [ 571.522749][ T5682] el0_svc+0x34/0x10c [ 571.523079][ T5682] el0t_64_sync_handler+0xa0/0xe4 [ 571.523423][ T5682] el0t_64_sync+0x1a4/0x1a8 [ 571.524029][ T5682] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 571.978521][ T3312] syz_tun (unregistering): left allmulticast mode [ 572.411927][ T39] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 572.419121][ T39] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.558287][ T39] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 572.559031][ T39] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.661287][ T39] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 572.661694][ T39] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.793268][ T39] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 572.793858][ T39] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 574.259289][ T39] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 574.306809][ T39] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 574.347436][ T39] bond0 (unregistering): Released all slaves [ 574.637248][ T39] hsr_slave_0: left promiscuous mode [ 574.647696][ T39] hsr_slave_1: left promiscuous mode [ 574.681896][ T39] veth1_macvtap: left promiscuous mode [ 574.682574][ T39] veth0_macvtap: left promiscuous mode [ 574.683871][ T39] veth1_vlan: left promiscuous mode [ 574.689209][ T39] veth0_vlan: left promiscuous mode [ 577.740113][ T39] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 577.778101][ T39] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 577.811764][ T39] bond0 (unregistering): Released all slaves [ 578.010159][ T39] hsr_slave_0: left promiscuous mode [ 578.021189][ T39] hsr_slave_1: left promiscuous mode VM DIAGNOSIS: 08:45:27 Registers: info registers vcpu 0 CPU#0 PC=ffff8000800b1134 X00=ffff800082bce4e8 X01=f8f000000b8e5c80 X02=0000000000000000 X03=0000000000000000 X04=0000000000000018 X05=8080808080000000 X06=fefefefeff636473 X07=7f7f7f7f7f7f7f7f X08=0101010101010101 X09=000000000002ffe8 X10=0000000000000001 X11=0000000000000001 X12=ffff8000829ef238 X13=ffff80008c463488 X14=00000000ffffffea X15=ffff80008c4630d0 X16=ffff800080000000 X17=fff07ffffcfe1000 X18=00000000ffffffff X19=ffff80008c463850 X20=f8f000000b8e6400 X21=ffff80008261d438 X22=ffff80008261d438 X23=0000000000000009 X24=0000000000000000 X25=0000000000001632 X26=0000000000000000 X27=ffff80008261d438 X28=f8f000000b8e5c80 X29=ffff80008c4635b0 X30=ffff8000800b1134 SP=ffff80008c4635b0 PSTATE=624023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0a0a0a0a0a0a0a0a:0a0a0a0a0a0a0a0a Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:750000293128636e:756620676e697373 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:7369203531312372:74735f6c656e7265 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00ffff0000000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0ff0000000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:705f66706220736e:6f6974636e756620 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:20736e6f6974636e:75662064656e696c Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6b5f646165725f65:626f72705f667062 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffcf85dd90:0000ffffcf85dd90 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd8:0000ffffcf85dd60 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff8000800122d4 X00=0000000000000000 X01=0000ffffffd88978 X02=0000000000000000 X03=00000000000020e1 X04=0000aaab0cc58eb0 X05=0000000000000000 X06=0000000000000000 X07=0000000000000001 X08=0000000000000050 X09=0000000000000008 X10=0000000000000001 X11=0000ffffffd87710 X12=0000000000000007 X13=00000000000010d0 X14=0000000000000000 X15=0000000000000001 X16=0000aaaad43f2ed0 X17=0000ffffac33fae0 X18=000000000000005d X19=0000000000000009 X20=0000aaab0cc37e70 X21=0000000000000000 X22=0000000000000001 X23=0000000000000001 X24=0000000000000000 X25=0000000000000000 X26=0000aaab0cc80ef0 X27=0000ffffac3f8af0 X28=0000000000000000 X29=0000ffffffd88a00 X30=0000aaaad43bc9a8 SP=ffff80008c55c000 PSTATE=414023c9 -Z-- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:372f6b636f6c622f:7665642f7379732f Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00313a372f6b636f:6c622f7665642f73 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff0000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffff00000000:ffffffff00ff0000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffff0000ffff0f00 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00c0000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaab0cc45c90 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaab0cc42f70 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffffd87740:0000ffffffd87740 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd8:0000ffffffd87710 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000