last executing test programs: 21.629088928s ago: executing program 1 (id=121): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x6) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x20048010) sendto(0xffffffffffffffff, 0x0, 0x0, 0x800, &(0x7f0000000600)=@l2tp6={0xa, 0x0, 0x7, @local, 0x5}, 0x80) r6 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x5}, 0x100) 17.829394446s ago: executing program 1 (id=134): truncate(&(0x7f0000000000)='./file1\x00', 0x100003) 17.725747023s ago: executing program 1 (id=136): r0 = openat$smackfs_onlycap(0xffffffffffffff9c, &(0x7f0000004580), 0x2, 0x0) write$UHID_INPUT(r0, &(0x7f0000007cc0)={0x8, {"2d47151c7da13741c794a75d0d1bee0c2d0503f65f90b7682da8c3039c7416370dd8e9c4b7782d30aafe1f74bad91bbebc82290aacb6fb8dbc7398afa9da719b43b48eeba421eb5a071cc3da3a8378ad6a4865407086d49c021c5bb0d92f816f6da36f59e86f049848e6f53b054e5396ae902878145255de320a88940650bfe8106517702a7621964b277e465a1bba7929203fbcd8ac7d1c189b35d22f15b64f94b33a9dadd3ff1567f8ad4dc0425d032ce1c67c750b26c98714b4879e1433427324b0720fe2744955fbba2ae383de8c461d650117a0f6cdd9101e3a84657818ab678f0305e9cd61e58fa8e7a314a87e760c5d87758ae878f916f8287e4bdd08681cc58d594ab0211a2cbeff263329f2486dd3be79cbbbeb745ef108c03e77e010104d4138b844a5edbd4bbd293456d67f281d551367bf4f8c02ce9eac70e9330308ab0bf3fffefb06ec4deca6be469fb222ec7a5cae93cd0b30afe2c9ae19bac214c75d830392267cea23782fd6b7150aff91bb96ee9e2128542594838cf4b6d570b6cc278e286824149c803060ab76d865f6383afa9ef1802626746918062638fe626df80256d2a193c749395e8166fc5680259880c0c75cfac3ad47a06711f34b530b9bd279337ead5cd294034d1b8eda5ba7b7bac2a31d7ab58144e0eaf60ec386a8de55451a791565b3853c73b93cc03cb0f2a0dd44864279a335b80995bbd4a72d3e35425191505cb63b01273c2c1a4fb8e72172938f9f3ba64fb57a298f6fc2d47c7f7d07299e752143af6373cd62c0293fe9206497adf70d8ba0e6887f88832d3a070aec9868ddfc7ec5c63408d6c8ee20972f5e2734dc39ba4b9573e7c83e691c93f05b62b38ebdfeb8ba47bfc60a27ee3b6bbfce40edbfed450ec5eef4c44934c31f491f47c8df6d9e4bb039ff7a6282231ce5dcbcc4455aa2fcee2b67509a5a2654a50e440060f8e1c6716f9e3ed2f3cd9e58effd44a179bacdef0a6caf68959c1809ad5135c9fc9a3615a11cc4675ef1b0ac3d0641632254eb5d80a54b851ed8510dca9bc1109dfe5913174e805e555c725db6aee895c83b8b076c765eea84f1b5453c34903ae692bb367681501c3965ffca6546d8facb6f439a61dc8d5f9b5c6bc78e4ac91f292d41c047f470d974734d561847d8fa86bcc70fdb5d66c5130c4b05f340949b22341e5d94dc0ff9b8227f040390905c475cce2e51cd632139d1b9498ae634026de33ddde1ba87b835d77e64b954bc4ffb7598ca570c0743df33e0587c19fd17f4441b8ded0b4ad7b0f313ac4ceee6755056d24fb9e40a6e61811e23d229a86a03a042af1017e1ad49eef360d6bd26ca0e119c888536fcc2d585f31b431275737831cfd8ee9c27465734bd405ed2e5b956f1510b8658e8ecf6865ad4c0da8772c3cdcbc3c277de857fbccad134f10f2a28a324921279bb7960ab2e14f17ef821f349a2885ded9cf66a45b9113f00e2d7da4ea4af81ca8decefb3987d77c2186cfd198ad275bc8344195dff884143cc0eff13245084cd9c4f2fb98dc66c7dfb5d36f97504cf180e5866f051d1486ce3c9532cc9d9313b0a4e2ffa7411545f47cc5e6f99fa48a1864b43ab6448e9c58c83b7e80ccc4ca38e0438b2dea7032f75fffe5ee9662d1836462dff977805742789b7dbcc9a15713885dfbbe0ab142aea643b168bda2582d32b0690e04657ae6362b5981429774f81fd4039495613657a2582c8585b4f8f5deafe4144c15b31d262b886f6bdcdb3e55c09777edd8827b25357a2a28a0a01ba6b0f126c3690851fe114bfbbf72a131239abd462d8153551070cee149431514caf46ff041e11351f71dcc138acf50d563293834f676375cade72106445cc4631ebdd9f5fd684b8253bc1e8760b77c041a21d6a6bca240254690d59263b9f052bf2aba21744755513c399c201e27b2e03924a1b358e05d9a7ca5c0e62405b825844b32ec5da572c59133ba209fad7d50022a7ae72f293b3e5b5b1f9a953c0bd7d03778509f6efdb29fcbcc66dc5c493dd495378058ab89a0f49bdd6386077246bf1a75fc0e33ca58732c10945dca889a30cfcbfda6b2c8cb0d146f376f5e4ff08b6d5bf9e02aad0b4769a1b93b06856d33d1ddf99c1db5949c6a6d313e4c8178a964f1d23cacc6e9c03aa29f15c6f156f1ced2e363e6039ef2282576fcc0f0cc05c279f3439963c005f19a8779aca2d1322343a1a483187a897a3ab9927481c53ad6651c4ad3a482e20d0c41cea9eb4332772377320b00b2be8098cac39835646c15ee83ca0bb342d7c0d32ec39b55a7e8c9ed9b608c26d77070d3b4a5fd018256dd7032d758fe7b0811900bee40ae96e47f74bac3c9c6f99572cc5747fb65b1a1a7fa737b3365fc2e4c9d54a2d215d0cadbd054b7674ea395ff631cb3dddd2eb433aa5494ef79c64637587b0699c82739aec1c7014428471e5a15a048d7e2ed5e7b76108c430b80f68b952bfc39973034069b467a2311fd0b2d48482c0c89e9d003db4579f3502e201a1736e2956019d6a5230c938f4b6d3d81a350317de434175adcd748eecc39ca5bb9680e71c900a019671f5489e116183287103c6292817126379fb767903ea601e9a6967da2e785d24e42f4cd4ed9c86c2734f27eb5820423ade6e04a5cfed40a8c583d74d958ff195c1c152d60c3c396b22c61d8a0109c58ba2f8c83de2df53c846e83f6c264ab8f1266a90eb59c623927d468a2a3bd44ce7562130f5c1ab5a3fa3d1eb3ff8fd3885eb715bb68ac9cf3ef010e9334c4fb74fd449c0cb88aed322f714466ce064355f6f344f279e66c072d8c70cecf5c626c9b1f6c7419c98ac87ab54db637e517c952a539b77166ec16162a6808016767ac572aa567d5b1c8c7942494654a6e8f078423f0f39454ca0d7d9d4e64ec1f244c9121305dd7ce994e15f12aca082503d358738a11a9c95e298318c65e62447dfc135739f185287fc9fbc216b1dfd6534f1fd3ad7cfc3c99134317f327e65c4c87a48affbbb71f046afb4cfbf3d5b740e71701cce3e95f26f97179292e30ef1b790c9fa588ed66c55e1e2bc914a9d243effa6eb2950e57a82ff626e305cbfd3b10ab5d3a5d91a7997e8af68e43f5d6347835b77d13c20aab4e7ecdd544186b95b20c28c2d8fe307d6012a29c544b1d8ed9106dc0c2e428fbc0e6d56e45e914e3c398ce5c336d8207fc130bcd2f55a3dbd7175ed9237daf4c572fb2a0a367e99d024cdde8afb3afa3896ab90c7de8cc3337f11e81f41b7bb13be4480261940e92296c29136ab9da9c22788437169c15bde613927568a4f618aefe5ed90db7669089e3d4c69592a044e3558f425d9e965b09328d7a5bfe8055c80227dea0abafda2e9499c70d9b2c46b05a35ad5331bd017f84380a4b28f490a7cb3cbad027ed021dce5fe0891db3aad0518feae23ed10882886129869f05a95c6e5a9e6b961b087b7fb1c652c3b46981d68c9495ed51df8953902a89275a03c0a37d6543d60a09d25f15f1da1296152796bc32aead1774e1de214623acc1d72f9c847b3c74e76649089cf1aee0d955703f6adc30ba84a4063a41cd11cfdfbb2fd07bbe70ecaa6241493a6e254e235346844e76a0333b61fbc95289414c4093828a795c3142e441308c9d1b4a7f08add0bd28bec077e764992ca11b8d5125d1b9aef9430662fe7258f570168f322fce93543c0510f2cf3fe32f2d9c47fc8eb66b1dcd8753c4f632b233e7f5501dc747e9fc968d190f2ab76e52859d5b625529b45d989a896266099290c495e209b242b6a8e606c2f53bb06a9148718a526bdd3de927de5d36acdd1bd9c252beaf1edf951e851c6e41f96a185f1d2ec28f6cd7ac99c9a48ae239e98404535bd1982bb50f0daf713afb16e110d41c09eb29398f86a0bfda639dc880818173aa339a721fe55b6599151eb8c760a7cb220ff689094b971270983de5954f53649f5eb9694e36165ecfa4571112a7f8c64e203fe971d20469929f0bc8fd7e148c3b8781b9b0b62526cd975ec1cd51ae4d5fff636ad984a61b7e97e56bab0d5778e4891f6921f4c56c18a8aa3ed599a7dea3943e7e86fe5604ef7cfa9fd17cb107cd4fe7a00811242a4b6020083e33c0c5ec10cbcef33c320f082127a144139775f05735fe77a24894af26af205c2d35162d4ad82261310571f3be2995b5a43f67ee042a975f32bd3b856ce391b61f99441e513f04e6d1bced35b81e2c27feb2162ac9eec61d21e2471ce647e3a97dcc0eae74d628d3804bb87fa9280d34af70b4a5179ed409e1069ba21944964b08e2aafa393933ce8e4ff9c12f30173437127e1df5b4600adfd82ba86dfa0d7ef8ef8dedb6b8cd29f1b38ba295ae50e361cdfa9060c64501188e37083fa670aacb9f5aafd84958d95d4aa053427eb51ac5fe9fec40d8c8eb08ff725c292c8961d54f249aa468da88f27073ed05531c702ec41603e1b791b50b3ccca512a86c8b9adf4a5909908b32928a706b8e446148bad0ec006b19699fa054e0df80088c3a60c4b303517d17b8269b9b9b12251179419d5ba55f7a96c5c57d1a82f67d5978d4c1cbafea92e1027d00448f5a632643ea079e943c1886fed3784a0634e2c58a8a844f718d2f088a7aba8cd07f4c41864a3251e0a83718ef7c76428b74d4e867d5f7e24ef7837c11f308e4e8e8c621a214cb4559a95808d8dd135c5813289a3f835441309d528c1ca4998cb69a97d381835c3b5f85e27ddc379124c69dbc9f71c78dc7d5b99a55dbb1c868aaa5f827023c3f499e3a4a594e34b2d3b571fb4615b281109fe2c9d214821b701a8a1ec1d8b549ee83541da710af513028341665c478e5124633cb3963b964cf6ba0dba5ea90170ad1dac3513167b95807ba5011c2e70820eb73c5e2fe45cbd388b4ebb38991e9a94c12baaf0c8d92b44445410abb212030efd3ddf1851bca5c878d864ed639ec9f1b879a9b0226974bb4af52a16a04bfe3af5ffb1bb320d2807b2de636e921f07496b77ba6aac30f69a37faf987ecb506facc8da9849e4fe69f0a50a8a8c973de5f6799ee2becf2e9e41cc7a7c414b58e9a698ae3eea95ca4914763f4098e1998f0b1f537fbdfefba662fe8e41414d91fab025beb5fe27f010cdeeaaf13ef27c22ef649da436d24d7a71ef3c333ff4d73982d77e18e78e2e8402e5992f8d38209f165452d4a1ecbdc3de04979dcac83337a53c2147a8c43af3d5d69509d7926375730c88dc41f1f07d0f0221866189fac6e31b33acae7c081c9a867f6ad7b186f461b44cb0fbfdc8180cb54e4d88d8b6845da4ed43917d017fb99751c1297f372422a775830cc1e86f7f3fea01e9a58435a8bc02cd2d8c96f2da09009b6c3ae0b05ec8c99abc1801a20073aa10a7bdd4f3c613cf33cd466e9a7bd89118ea0c16f5bf175f905dc70f71607e0e836f5e62ddc0995a915fbf13bde8b4f2be6648e9ed15bf2f9d1262dfc08e073bb9cb1d311b0c2a27ddfa687bdc25bf30149b73af82a2f74e9e32646a7b85a2c702d736e4cb2a72e0af974fb736533810ee580b4a30e2dad046e5faea86972b8fd8a2e179513c78e06f893b79646e75e82911270392bd87b9fd7f39f90191926616c1655a393f1d52548e1a5a9b12f73933b2a0c399013d7471d1615fbd8e95cc852d68d226e73b865133076dd2a22b772702c2b739d86b5bfdf2f2bd29a3cffd263a1e918d67edd0e94c618144104ad5d4a1f0a056006c0d4424e6e4aead3a1ad382645bcc3424bbc7e077fb8a66ec2723a29157111680b2cbb15ffaa2efb", 0x1000}}, 0x1006) 17.577147513s ago: executing program 1 (id=138): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x6) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x20048010) r6 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x5}, 0x100) 13.959003639s ago: executing program 1 (id=150): syz_usb_connect$lan78xx(0x5, 0x3f, &(0x7f0000000140)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd7}}]}}, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bind$nfc_llcp(r0, &(0x7f0000000180)={0x27, 0x0, 0xffffffffffffffff, 0x5, 0xff, 0x5, "d92984bd1ca44c226af5160e961711a077609475b78411e88509de050000e5ff00f2170e65e3f50327e422000000000000000200800000001100", 0x2f}, 0x60) syz_usb_connect$lan78xx(0x4, 0x3f, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) setpriority(0x2, 0x0, 0x8) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/partitions\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x20000023896) close(0x3) 7.997229218s ago: executing program 0 (id=159): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x6) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x20}}, 0x20048010) r6 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x5}, 0x100) 4.308756159s ago: executing program 0 (id=160): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r0, &(0x7f0000000080)={0x5, 0x10, 0xfa00, {&(0x7f00000003c0), r1, 0xc15ced75b808877f}}, 0x18) 4.178657167s ago: executing program 0 (id=161): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000001, 0x3032, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='pagemap\x00') pread64(r0, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) 3.98985985s ago: executing program 0 (id=162): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/locks\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000025c0)={0x2020}, 0x2020) 3.889370846s ago: executing program 0 (id=163): syz_open_procfs(0x0, &(0x7f0000002100)='net/ip6_tables_names\x00') syz_open_procfs(0x0, &(0x7f00000031c0)='net/fib_trie\x00') 3.777999263s ago: executing program 0 (id=164): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x6) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x0, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) sendto(0xffffffffffffffff, 0x0, 0x0, 0x800, &(0x7f0000000600)=@l2tp6={0xa, 0x0, 0x7, @local, 0x5}, 0x80) r5 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001080)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x5}, 0x100) 0s ago: executing program 1 (id=165): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000350000000000000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, @fallback=0x2c}, 0x94) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x10, 0x20000227, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xa}, 0x54) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:44885' (ED25519) to the list of known hosts. syzkaller login: [ 83.794503][ T3310] cgroup: Unknown subsys name 'net' [ 83.978812][ T3310] cgroup: Unknown subsys name 'cpuset' [ 84.015400][ T3310] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.505543][ T3310] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 94.161477][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.169538][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.498221][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.557270][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 95.131082][ T3315] hsr_slave_0: entered promiscuous mode [ 95.138339][ T3315] hsr_slave_1: entered promiscuous mode [ 95.888010][ T3316] hsr_slave_0: entered promiscuous mode [ 95.896379][ T3316] hsr_slave_1: entered promiscuous mode [ 95.902384][ T3316] debugfs: 'hsr0' already exists in 'hsr' [ 95.905118][ T3316] Cannot create hsr debugfs directory [ 96.180830][ T3315] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.221318][ T3315] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.256719][ T3315] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.299977][ T3315] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.710192][ T3316] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.746337][ T3316] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.768641][ T3316] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.790744][ T3316] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 97.347977][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.660744][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.898276][ T3316] veth0_vlan: entered promiscuous mode [ 100.967741][ T3316] veth1_vlan: entered promiscuous mode [ 101.174454][ T3315] veth0_vlan: entered promiscuous mode [ 101.188307][ T3316] veth0_macvtap: entered promiscuous mode [ 101.242610][ T3316] veth1_macvtap: entered promiscuous mode [ 101.270887][ T3315] veth1_vlan: entered promiscuous mode [ 101.509379][ T1226] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.514292][ T1226] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.542929][ T1226] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.566521][ T1226] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.598287][ T3315] veth0_macvtap: entered promiscuous mode [ 101.671080][ T3315] veth1_macvtap: entered promiscuous mode [ 101.994381][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.994794][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.001806][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.006002][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.148342][ T3316] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 102.987049][ T3467] ipt_REJECT: TCP_RESET invalid for non-tcp [ 103.211845][ T3470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 103.218396][ T3470] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.324542][ T32] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 103.497964][ T32] usb 1-1: Using ep0 maxpacket: 8 [ 103.524180][ T32] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 103.535124][ T32] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 103.540004][ T32] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 103.540183][ T32] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 103.541036][ T32] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 103.541142][ T32] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.846082][ T32] usb 1-1: GET_CAPABILITIES returned 0 [ 103.846785][ T32] usbtmc 1-1:16.0: can't read capabilities [ 104.067539][ T32] usb 1-1: USB disconnect, device number 2 [ 106.611287][ T3501] faux_driver vkms: [drm] Unknown color mode 6; guessing buffer size. [ 106.985709][ T3505] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 112.193733][ T3462] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 113.263990][ T3462] usb 1-1: Using ep0 maxpacket: 16 [ 113.447284][ T3462] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 113.449445][ T3462] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 113.449643][ T3462] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 113.449746][ T3462] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.579316][ T3462] usb 1-1: config 0 descriptor?? [ 114.272147][ T3462] hid-generic 0003:045E:07DA.0001: item 0 4 0 8 parsing failed [ 114.276934][ T3462] hid-generic 0003:045E:07DA.0001: probe with driver hid-generic failed with error -22 [ 114.466921][ T785] usb 1-1: USB disconnect, device number 3 [ 117.880428][ T3553] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 117.992063][ T3553] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 123.782373][ T3577] netlink: 168 bytes leftover after parsing attributes in process `syz.0.40'. [ 124.030921][ T30] audit: type=1326 audit(123.820:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3580 comm="syz.0.42" exe="/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffacf5c3e8 code=0x0 [ 126.180205][ T3586] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1500) ! [ 131.046519][ T3605] netlink: 8 bytes leftover after parsing attributes in process `syz.0.47'. [ 131.066646][ T3605] netlink: 8 bytes leftover after parsing attributes in process `syz.0.47'. [ 133.863877][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 134.023506][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 134.047041][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [ 134.057032][ T9] usb 1-1: config 7 has an invalid interface number: 187 but max is 0 [ 134.057557][ T9] usb 1-1: config 7 has no interface number 0 [ 134.057900][ T9] usb 1-1: config 7 interface 187 altsetting 6 endpoint 0x3 has invalid maxpacket 1288, setting to 1024 [ 134.058065][ T9] usb 1-1: config 7 interface 187 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 1024 [ 134.058204][ T9] usb 1-1: config 7 interface 187 has no altsetting 0 [ 134.092436][ T9] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 134.092798][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.096696][ T9] usb 1-1: Product: syz [ 134.098457][ T9] usb 1-1: Manufacturer: syz [ 134.098809][ T9] usb 1-1: SerialNumber: syz [ 134.121882][ T3613] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 134.350759][ T9] usb 1-1: Unknown endpoint type found, address 0x07 [ 134.351075][ T9] usb 1-1: Not enough endpoints found in device, aborting! [ 134.558756][ T9] usb 1-1: USB disconnect, device number 4 [ 136.946817][ T3623] netlink: 20 bytes leftover after parsing attributes in process `syz.1.52'. [ 137.039704][ T30] audit: type=1326 audit(136.830:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3624 comm="syz.1.53" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 137.046397][ T30] audit: type=1326 audit(136.840:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3624 comm="syz.1.53" exe="/syz-executor" sig=0 arch=c00000b7 syscall=83 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 137.048793][ T30] audit: type=1326 audit(136.840:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3624 comm="syz.1.53" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 137.050215][ T30] audit: type=1326 audit(136.840:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3624 comm="syz.1.53" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 137.051532][ T30] audit: type=1326 audit(136.830:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3624 comm="syz.1.53" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 137.059667][ T30] audit: type=1326 audit(136.850:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3624 comm="syz.1.53" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 137.062455][ T30] audit: type=1326 audit(136.850:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3624 comm="syz.1.53" exe="/syz-executor" sig=0 arch=c00000b7 syscall=436 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 137.068098][ T30] audit: type=1326 audit(136.860:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3624 comm="syz.1.53" exe="/syz-executor" sig=0 arch=c00000b7 syscall=94 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 137.069345][ T30] audit: type=1326 audit(136.840:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3624 comm="syz.1.53" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 137.140199][ T3627] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 137.147983][ T3627] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 138.224619][ T3641] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 138.228309][ T3641] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 138.388029][ T3643] capability: warning: `syz.1.60' uses 32-bit capabilities (legacy support in use) [ 142.254133][ T32] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 142.394676][ T32] usb 1-1: device descriptor read/64, error -71 [ 142.644160][ T32] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 142.794113][ T32] usb 1-1: device descriptor read/64, error -71 [ 142.915085][ T32] usb usb1-port1: attempt power cycle [ 143.253834][ T32] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 143.279722][ T32] usb 1-1: device descriptor read/8, error -71 [ 143.288784][ T3660] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.290385][ T3660] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 143.534110][ T32] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 143.557314][ T32] usb 1-1: device descriptor read/8, error -71 [ 143.667781][ T32] usb usb1-port1: unable to enumerate USB device [ 150.549791][ T3682] syzkaller0: entered promiscuous mode [ 150.550364][ T3682] syzkaller0: entered allmulticast mode [ 150.759311][ T30] audit: type=1326 audit(150.550:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3684 comm="syz.1.74" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 150.772404][ T30] audit: type=1326 audit(150.550:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3684 comm="syz.1.74" exe="/syz-executor" sig=0 arch=c00000b7 syscall=172 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 150.776121][ T30] audit: type=1326 audit(150.550:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3684 comm="syz.1.74" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 150.779647][ T30] audit: type=1326 audit(150.550:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3684 comm="syz.1.74" exe="/syz-executor" sig=0 arch=c00000b7 syscall=434 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 150.788288][ T30] audit: type=1326 audit(150.560:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3684 comm="syz.1.74" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 150.792107][ T30] audit: type=1326 audit(150.560:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3684 comm="syz.1.74" exe="/syz-executor" sig=0 arch=c00000b7 syscall=268 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 150.796675][ T30] audit: type=1326 audit(150.560:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3684 comm="syz.1.74" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 150.799309][ T30] audit: type=1326 audit(150.570:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3684 comm="syz.1.74" exe="/syz-executor" sig=0 arch=c00000b7 syscall=444 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 150.802023][ T30] audit: type=1326 audit(150.570:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3684 comm="syz.1.74" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffb9b5c3e8 code=0x7ffc0000 [ 151.278973][ T3695] binder: 3694:3695 tried to acquire reference to desc 0, got 1 instead [ 151.280929][ T3695] binder: 3694:3695 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 151.284744][ T3695] binder: 3695 RLIMIT_NICE not set [ 151.797333][ T3695] binder: 3695 RLIMIT_NICE not set [ 151.813801][ T3462] binder: release 3694:3696 transaction 5 out, still active [ 151.814391][ T3462] binder: undelivered TRANSACTION_COMPLETE [ 151.825342][ T3462] binder: release 3694:3695 transaction 5 in, still active [ 151.825951][ T3462] binder: send failed reply for transaction 5, target dead [ 153.634541][ T3400] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 153.793558][ T3400] usb 1-1: Using ep0 maxpacket: 8 [ 153.806846][ T3400] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 153.807249][ T3400] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 153.807739][ T3400] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 153.807897][ T3400] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 153.808122][ T3400] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 153.808463][ T3400] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 153.808595][ T3400] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.908392][ T3400] usb 1-1: usb_control_msg returned -32 [ 154.908856][ T3400] usbtmc 1-1:16.0: can't read capabilities [ 156.277850][ T3719] netlink: 24 bytes leftover after parsing attributes in process `syz.1.86'. [ 156.280244][ T3719] netlink: 212 bytes leftover after parsing attributes in process `syz.1.86'. [ 156.285453][ T3719] netlink: 8 bytes leftover after parsing attributes in process `syz.1.86'. [ 159.967928][ T3731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 159.969104][ T3731] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.169812][ T1011] usb 1-1: USB disconnect, device number 9 [ 163.420984][ T3745] netlink: 4 bytes leftover after parsing attributes in process `syz.0.94'. [ 163.564858][ T3748] ======================================================= [ 163.564858][ T3748] WARNING: The mand mount option has been deprecated and [ 163.564858][ T3748] and is ignored by this kernel. Remove the mand [ 163.564858][ T3748] option from the mount to silence this warning. [ 163.564858][ T3748] ======================================================= [ 163.708011][ T3751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.710831][ T3751] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.835986][ T3756] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.837254][ T3756] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 164.050688][ T3762] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 164.075080][ T3762] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 164.235809][ T3768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 164.236900][ T3768] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 164.431547][ T3774] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 164.436511][ T3774] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 164.793889][ T3781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 164.795456][ T3781] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 165.079671][ T3785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.081094][ T3785] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 165.541885][ T3791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.545517][ T3791] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 165.825317][ T3795] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.826997][ T3795] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.228415][ T3809] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 172.188488][ T3857] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 173.879985][ T3867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 173.882127][ T3867] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.916420][ T3879] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 181.581544][ T3891] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 185.667454][ T3906] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 187.910506][ T3908] ================================================================== [ 187.914301][ T3908] BUG: KASAN: invalid-access in __memcpy+0xc/0x54 [ 187.916783][ T3908] Write at addr f9ff800086eaf2a0 by task syz.1.165/3908 [ 187.917293][ T3908] Pointer tag: [f9], memory tag: [fe] [ 187.917377][ T3908] [ 187.918190][ T3908] CPU: 1 UID: 0 PID: 3908 Comm: syz.1.165 Not tainted syzkaller #0 PREEMPT [ 187.918539][ T3908] Hardware name: linux,dummy-virt (DT) [ 187.918845][ T3908] Call trace: [ 187.919179][ T3908] show_stack+0x18/0x24 (C) [ 187.919514][ T3908] dump_stack_lvl+0x78/0x90 [ 187.919630][ T3908] print_report+0x108/0x61c [ 187.919692][ T3908] kasan_report+0x88/0xac [ 187.919743][ T3908] __do_kernel_fault+0x170/0x1c8 [ 187.919801][ T3908] do_bad_area+0x68/0x78 [ 187.919854][ T3908] do_tag_check_fault+0x34/0x44 [ 187.919948][ T3908] do_mem_abort+0x44/0x94 [ 187.920004][ T3908] el1_abort+0x44/0x68 [ 187.920074][ T3908] el1h_64_sync_handler+0x50/0xac [ 187.920129][ T3908] el1h_64_sync+0x6c/0x70 [ 187.920289][ T3908] __memcpy+0xc/0x54 (P) [ 187.920351][ T3908] do_misc_fixups+0x174/0x1afc [ 187.920409][ T3908] bpf_check+0x1384/0x293c [ 187.920463][ T3908] bpf_prog_load+0x63c/0xd40 [ 187.920513][ T3908] __sys_bpf+0x2e0/0x1a88 [ 187.920563][ T3908] __arm64_sys_bpf+0x24/0x34 [ 187.920638][ T3908] invoke_syscall+0x48/0x110 [ 187.920694][ T3908] el0_svc_common.constprop.0+0x40/0xe0 [ 187.920750][ T3908] do_el0_svc+0x1c/0x28 [ 187.920804][ T3908] el0_svc+0x34/0x128 [ 187.920856][ T3908] el0t_64_sync_handler+0xa0/0xe4 [ 187.920910][ T3908] el0t_64_sync+0x1a4/0x1a8 [ 187.921170][ T3908] [ 187.921438][ T3908] The buggy address belongs to a vmalloc virtual mapping [ 187.922857][ T3908] The buggy address belongs to the physical page: [ 187.923332][ T3908] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xf5f0000005a357e0 pfn:0x45a35 [ 187.923790][ T3908] flags: 0x1ffd80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x6) [ 187.924761][ T3908] raw: 01ffd80000000000 0000000000000000 dead000000000122 0000000000000000 [ 187.924832][ T3908] raw: f5f0000005a357e0 0000000000000000 00000001ffffffff 0000000000000000 [ 187.924972][ T3908] page dumped because: kasan: bad access detected [ 187.925038][ T3908] [ 187.925077][ T3908] Memory state around the buggy address: [ 187.925361][ T3908] ffff800086eaf000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 187.925468][ T3908] ffff800086eaf100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 fe fe [ 187.925536][ T3908] >ffff800086eaf200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 187.925604][ T3908] ^ [ 187.925879][ T3908] ffff800086eaf300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 187.925916][ T3908] ffff800086eaf400: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 187.925992][ T3908] ================================================================== [ 187.927154][ T3908] Disabling lock debugging due to kernel taint SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 188.828878][ T166] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.925153][ T166] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.009920][ T166] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.072262][ T166] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 189.717437][ T166] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 189.757882][ T166] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 189.787922][ T166] bond0 (unregistering): Released all slaves [ 189.888492][ T166] hsr_slave_0: left promiscuous mode [ 189.890990][ T166] hsr_slave_1: left promiscuous mode [ 189.902939][ T166] veth1_macvtap: left promiscuous mode [ 189.907650][ T166] veth0_macvtap: left promiscuous mode [ 189.908208][ T166] veth1_vlan: left promiscuous mode [ 189.908529][ T166] veth0_vlan: left promiscuous mode [ 190.990052][ T166] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.056607][ T166] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.134092][ T166] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.221516][ T166] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.876621][ T166] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 191.916788][ T166] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 191.958149][ T166] bond0 (unregistering): Released all slaves [ 192.069595][ T166] hsr_slave_0: left promiscuous mode [ 192.084319][ T166] hsr_slave_1: left promiscuous mode [ 192.116919][ T166] veth1_macvtap: left promiscuous mode [ 192.119839][ T166] veth0_macvtap: left promiscuous mode [ 192.122157][ T166] veth1_vlan: left promiscuous mode [ 192.124680][ T166] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 20:45:13 Registers: info registers vcpu 0 CPU#0 PC=ffff800080171420 X00=fff000007a7713f0 X01=ffff800082deaf70 X02=0000000000000027 X03=00000000cdd5713f X04=0000000000000003 X05=0000000000000008 X06=0000000000000008 X07=fbf000000449c89c X08=0000000000000138 X09=0000000000000009 X10=0000000000000001 X11=0000000000155cc0 X12=0000000000000000 X13=0000000000000001 X14=000000000000005b X15=ffff800081bd4430 X16=ffff800082de8000 X17=fff07ffffcef4000 X18=ffff800086e13b60 X19=faf00000086c8b00 X20=000000000006bf38 X21=f2f000000329d500 X22=ffff8000816c2f64 X23=000000000000ffff X24=0000000000000004 X25=f4f0000003ea2000 X26=0000000000000000 X27=f6f0000006f880ec X28=000000000003fcdc X29=ffff800082deb2d0 X30=0baf8000816e86dc SP=ffff800082deb2d0 PSTATE=20402009 --C- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ff96000000000300:000000000008ffff Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffa6000000000300:000000000008ffff Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffb6000000000300:000000000008ffff Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffc6000000000300:000000000008ffff Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffba000000000300:000000000008ffff Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000030000000000:00090000000cffff Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:cbf4be41d3938a5f:e51a52bd2ebd7a1c Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2a1f8d000b8cf815:2a309cf8e523a185 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:9f9347e929a7bf3d:8b1694425f415ffc Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:79c7375e86cb71c3:d302af3557364273 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f0d720929f6aa195:10448de494b44545 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:47f85d869ef745df:d0882a4cdf75b37b Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:5e9928e5cae81337:812dc92acafe260a Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:921eb341de2c8c7d:20ee013fffa0d499 info registers vcpu 1 CPU#1 PC=ffff800081b8683c X00=ffff800081b86838 X01=f5f000000323b180 X02=fff07ffffcf0d000 X03=0000000000000cf3 X04=0000000000000000 X05=f0f000000aeef200 X06=0000000000155cc0 X07=f7f00000030e3800 X08=000000128cc25ab1 X09=fff000007f8f0c00 X10=ffffffffff5ca4ea X11=0000000000155cc0 X12=0000000000000001 X13=0000000000000001 X14=00000000000002b2 X15=ffff8000831eba00 X16=ffff800082df0000 X17=fff07ffffcf0d000 X18=00000000ffffffff X19=0000000000000000 X20=ffff800082b11908 X21=ffff800082b11900 X22=0000000000000004 X23=0000000000000004 X24=ffff800082b11908 X25=0000000000000028 X26=0000000000000001 X27=fff07ffffcf0d000 X28=0000000000000000 X29=ffff800082df3ce0 X30=ffff800080187f58 SP=ffff800082df3ce0 PSTATE=404020c9 -Z-- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffff000000000000:ff00000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ff000000f0000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00000000ff000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3303330333033303:3303330333033303 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bcbcbcc0bcc030fc:bcbcbcc0bcc030fc Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaaae8f56c90 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaaae8f53f70 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffffbe65a40:0000fffffbe65a40 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000fffffbe65a10 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000