last executing test programs: 5.496986997s ago: executing program 0 (id=25): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000980)=ANY=[@ANYBLOB="bcea"]) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f00000001c0)={0x50, 0xffff, 0x560c, {0x803, 0x5d5}, {0xfffa, 0x2}, @period={0x59, 0x2, 0x4, 0x6d, 0x9ee, {0x2, 0x7, 0xfffb, 0xa}, 0x0, 0x0}}) syz_usb_disconnect(r0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x24040800, 0x0, 0x0) 4.023737222s ago: executing program 0 (id=28): mmap(&(0x7f0000ada000/0x4000)=nil, 0x4000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x60}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f0000638000/0x1000)=nil, 0x6aa000, 0x2000, 0x3, &(0x7f00005c0000/0x2000)=nil) close(r0) 3.205935258s ago: executing program 0 (id=32): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r2, 0x0, r1, 0x0, 0x6, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000100)=0x3ff) sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c000000010605"], 0x2c}, 0x1, 0x0, 0x0, 0x40001d0}, 0x0) 3.205701048s ago: executing program 1 (id=33): r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000980)=ANY=[@ANYBLOB="bcea"]) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, 0x0, 0x0) setsockopt$sock_int(r2, 0x1, 0x12, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x2200c851, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f00000001c0)={0x51, 0xffff, 0x560c, {0x803, 0x5d5}, {0xfffa, 0x2}, @period={0x5a, 0x2, 0x4, 0x6d, 0x9ee, {0x2, 0x7, 0xfffb, 0xa}, 0x0, 0x0}}) 2.905067392s ago: executing program 1 (id=34): connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0) sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="010700000000000000006700000008003d"], 0x1c}}, 0x0) r2 = socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$inet6_int(r2, 0x29, 0x31, 0x0, 0x0) 2.553211047s ago: executing program 1 (id=35): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c0000004a008d2a00000000000000000a"], 0x1c}}, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 2.433717962s ago: executing program 1 (id=36): socket$inet6(0xa, 0xa, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000340)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x05\x8d\x15\xd2h\x93\xc9\xb57\xc3\xeaEb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\xf5O\xb1\x9f\xc5I\xect<\x8a\x00V\xcc\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\x11&\x1bM_\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k*5\xac\x9a\b}\xfb\xe1\x89)\x1eU\xb4', 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_elf64(r0, &(0x7f00000003c0)=ANY=[], 0x78) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) setitimer(0x0, &(0x7f0000000040)={{0x0, 0x2710}, {0x77359400}}, 0x0) 1.674541265s ago: executing program 0 (id=37): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0) setrlimit(0x40000000000008, &(0x7f0000000000)={0x4848, 0xfffffffffffff006}) capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080)) r0 = syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x0, 0x20e}, &(0x7f0000ff0000), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}], 0x2) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20) 1.256326564s ago: executing program 1 (id=38): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000bc0)=@newsa={0x140, 0x10, 0x1, 0x8000000, 0xfffffffd, {{@in=@remote, @in6=@loopback, 0x2, 0x0, 0x4e20, 0x50, 0x0, 0x20, 0x0, 0x16}, {@in6=@local, 0xfffffffc, 0x33}, @in=@rand_addr=0x64010101, {0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x5680000000, 0x0, 0x0, 0x10000}, {0x401, 0x9}, 0x0, 0x0, 0xa, 0x4, 0x0, 0x90}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}, @tfcpad={0x8, 0x16, 0xfff}]}, 0x140}}, 0x24000058) 1.077194112s ago: executing program 1 (id=39): openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) clock_gettime(0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b\x00\x00\x00'], 0x48) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) r4 = syz_open_dev$usbfs(&(0x7f0000000040), 0x80006f, 0x81501) ioctl$USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000240)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x4b5a9da54893e123, 0x3, 0x5, 0xffff}, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000001900)=ANY=[@ANYBLOB="61106800000000006113740000000000bfa00000000000000700000008ffffffd503010017740040950000000000000069163a0000000000bf67000000000000350607000fff07201706000020190000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004d83dde4c375000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f17540faf80250aa20c669a5e12814cb1cea5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369226066812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20ceddf4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f6746a9709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c1d926a0f6a5480a55c22fe3a5ac00000000000000000000000500002000000000fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e14d90deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b06ff7f0000000000007f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a1f37302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089e0b1c23c0f3cdad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a1a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631d22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4c6ea9604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a09d8be0fc5beecf153236c19740be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead000000000000000000000000000000000000000000000000001386866b311bd144bc32e059658c9f8342c90c1ade31b78072841b8b5a943d62a44cea6b050c42e3c205fad6a23fb43c93da0f49d911877265e6ee443e37397ecf89021e7f579e8d3a74c12b52938d91e9de07fc8eeeb9505f4a9c26266bf5449484ccc1317c7476"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48) 115.363475ms ago: executing program 0 (id=40): r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_buf(r0, 0x1, 0x2e, &(0x7f0000001e80)=""/50, &(0x7f0000001ec0)=0x32) 0s ago: executing program 0 (id=41): syz_emit_ethernet(0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd69000000001406fffe800000000000000000000000000039fe8084"], 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000040)=0xb, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) setxattr$incfs_metadata(0x0, &(0x7f0000000080), 0x0, 0x0, 0x2) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:59104' (ED25519) to the list of known hosts. syzkaller login: [ 130.100923][ T3311] cgroup: Unknown subsys name 'net' [ 130.410165][ T3311] cgroup: Unknown subsys name 'cpuset' [ 130.454271][ T3311] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 131.078897][ T3311] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 145.431578][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 145.542188][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 145.576932][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 145.679259][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.046903][ T3317] hsr_slave_0: entered promiscuous mode [ 147.060604][ T3317] hsr_slave_1: entered promiscuous mode [ 147.501361][ T3318] hsr_slave_0: entered promiscuous mode [ 147.513778][ T3318] hsr_slave_1: entered promiscuous mode [ 147.518485][ T3318] debugfs: 'hsr0' already exists in 'hsr' [ 147.519539][ T3318] Cannot create hsr debugfs directory [ 148.745065][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 148.803794][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 148.829952][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 148.890478][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 149.069390][ T3318] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 149.088060][ T3318] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 149.123500][ T3318] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 149.145288][ T3318] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 150.556425][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 150.821080][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.098777][ T3317] veth0_vlan: entered promiscuous mode [ 156.188317][ T3317] veth1_vlan: entered promiscuous mode [ 156.406049][ T3317] veth0_macvtap: entered promiscuous mode [ 156.434541][ T3317] veth1_macvtap: entered promiscuous mode [ 156.665293][ T39] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.666867][ T39] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.667115][ T39] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.667322][ T39] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 156.907782][ T3318] veth0_vlan: entered promiscuous mode [ 157.024468][ T3318] veth1_vlan: entered promiscuous mode [ 157.236109][ T3318] veth0_macvtap: entered promiscuous mode [ 157.306000][ T3318] veth1_macvtap: entered promiscuous mode [ 157.346906][ T3317] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 157.709571][ T2137] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.710317][ T2137] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.710654][ T2137] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.710995][ T2137] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.329228][ T3464] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 158.853674][ T30] audit: type=1326 audit(158.590:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3466 comm="syz.0.3" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa735b3a8 code=0x7ffc0000 [ 158.864307][ T30] audit: type=1326 audit(158.600:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3466 comm="syz.0.3" exe="/syz-executor" sig=0 arch=c00000b7 syscall=9 compat=0 ip=0xffffa735b3a8 code=0x7ffc0000 [ 158.871402][ T30] audit: type=1326 audit(158.600:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3466 comm="syz.0.3" exe="/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffffa735b3a8 code=0x7ffc0000 [ 160.447077][ T3479] capability: warning: `syz.1.7' uses deprecated v2 capabilities in a way that may be insecure [ 171.924341][ T3509] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 171.936761][ T3509] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 172.999496][ T3519] binder: 3517:3519 tried to acquire reference to desc 0, got 1 instead [ 173.010728][ T3519] binder: 3517:3519 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 173.053917][ T3092] binder: release 3517:3519 transaction 6 out, still active [ 173.054355][ T3092] binder: undelivered TRANSACTION_COMPLETE [ 173.079898][ T11] binder: release 3517:3519 transaction 6 in, still active [ 173.081164][ T11] binder: send failed reply for transaction 6, target dead [ 173.697454][ T3092] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 173.883692][ T3092] usb 1-1: Using ep0 maxpacket: 8 [ 173.912117][ T3092] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 173.916343][ T3092] usb 1-1: config 179 has no interface number 0 [ 173.921026][ T3092] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 173.931038][ T3092] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 173.936492][ T3092] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 173.940224][ T3092] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 173.945762][ T3092] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 173.950730][ T3092] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 173.954860][ T3092] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.046210][ T3527] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 174.505060][ T3461] usb 1-1: USB disconnect, device number 2 [ 174.505268][ C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 174.506457][ C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 174.538024][ T3092] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input1 [ 175.839425][ T3548] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.849060][ T3548] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 178.804495][ T3572] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 180.226582][ T3575] ================================================================== [ 180.229980][ T3575] BUG: KASAN: invalid-access in __memcpy+0xc/0x54 [ 180.232341][ T3575] Write at addr f5ff8000833757e7 by task syz.1.39/3575 [ 180.232969][ T3575] Pointer tag: [f5], memory tag: [fe] [ 180.233159][ T3575] [ 180.233945][ T3575] CPU: 0 UID: 0 PID: 3575 Comm: syz.1.39 Not tainted syzkaller #0 PREEMPT [ 180.234433][ T3575] Hardware name: linux,dummy-virt (DT) [ 180.234788][ T3575] Call trace: [ 180.235134][ T3575] show_stack+0x18/0x24 (C) [ 180.235611][ T3575] dump_stack_lvl+0x78/0x90 [ 180.235890][ T3575] print_report+0x108/0x61c [ 180.236078][ T3575] kasan_report+0x88/0xac [ 180.236295][ T3575] __do_kernel_fault+0x170/0x1c8 [ 180.236504][ T3575] do_bad_area+0x68/0x78 [ 180.236743][ T3575] do_tag_check_fault+0x34/0x44 [ 180.237020][ T3575] do_mem_abort+0x44/0x94 [ 180.237304][ T3575] el1_abort+0x44/0x68 [ 180.237522][ T3575] el1h_64_sync_handler+0x50/0xac [ 180.237740][ T3575] el1h_64_sync+0x6c/0x70 [ 180.238032][ T3575] __memcpy+0xc/0x54 (P) [ 180.238243][ T3575] convert_ctx_accesses+0x694/0xb28 [ 180.238443][ T3575] bpf_check+0x1338/0x2a24 [ 180.238638][ T3575] bpf_prog_load+0x63c/0xcd4 [ 180.238830][ T3575] __sys_bpf+0x2e0/0x1a88 [ 180.239028][ T3575] __arm64_sys_bpf+0x24/0x34 [ 180.239254][ T3575] invoke_syscall+0x48/0x110 [ 180.239476][ T3575] el0_svc_common.constprop.0+0x40/0xe0 [ 180.239694][ T3575] do_el0_svc+0x1c/0x28 [ 180.239914][ T3575] el0_svc+0x34/0x10c [ 180.240134][ T3575] el0t_64_sync_handler+0xa0/0xe4 [ 180.240359][ T3575] el0t_64_sync+0x1a4/0x1a8 [ 180.240802][ T3575] [ 180.241078][ T3575] The buggy address belongs to a 1-page vmalloc region starting at 0xf5ff800083375000 allocated at bpf_check+0x8c/0x2a24 [ 180.242759][ T3575] The buggy address belongs to the physical page: [ 180.243245][ T3575] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xf8f0000007aeda00 pfn:0x47aed [ 180.243699][ T3575] flags: 0x1ffe80000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xa) [ 180.244733][ T3575] raw: 01ffe80000000000 0000000000000000 dead000000000122 0000000000000000 [ 180.244930][ T3575] raw: f8f0000007aeda00 0000000000000000 00000001ffffffff 0000000000000000 [ 180.245178][ T3575] page dumped because: kasan: bad access detected [ 180.245300][ T3575] [ 180.245391][ T3575] Memory state around the buggy address: [ 180.245722][ T3575] ffff800083375500: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 [ 180.245920][ T3575] ffff800083375600: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 [ 180.246067][ T3575] >ffff800083375700: f5 f5 f5 f5 f5 f5 f5 f5 f5 fe fe fe fe fe fe fe [ 180.246219][ T3575] ^ [ 180.246552][ T3575] ffff800083375800: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 180.246686][ T3575] ffff800083375900: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 180.246851][ T3575] ================================================================== [ 180.248092][ T3575] Disabling lock debugging due to kernel taint SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 182.879055][ T107] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 182.987212][ T107] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.112108][ T107] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.229920][ T107] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 184.685871][ T107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 184.755114][ T107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 184.817016][ T107] bond0 (unregistering): Released all slaves [ 184.997527][ T107] hsr_slave_0: left promiscuous mode [ 185.006919][ T107] hsr_slave_1: left promiscuous mode [ 185.039151][ T107] veth1_macvtap: left promiscuous mode [ 185.041910][ T107] veth0_macvtap: left promiscuous mode [ 185.045359][ T107] veth1_vlan: left promiscuous mode [ 185.046012][ T107] veth0_vlan: left promiscuous mode [ 186.872314][ T107] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 186.990233][ T107] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.125564][ T107] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 187.282356][ T107] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 188.347968][ T107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 188.382044][ T107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 188.430816][ T107] bond0 (unregistering): Released all slaves [ 188.546892][ T107] hsr_slave_0: left promiscuous mode [ 188.551646][ T107] hsr_slave_1: left promiscuous mode [ 188.592043][ T107] veth1_macvtap: left promiscuous mode [ 188.592491][ T107] veth0_macvtap: left promiscuous mode [ 188.604096][ T107] veth1_vlan: left promiscuous mode [ 188.604986][ T107] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 05:00:44 Registers: info registers vcpu 0 CPU#0 PC=ffff80008017fe0c X00=0000000100010000 X01=f6f000000a838000 X02=00000000ffffd144 X03=ffff800082918000 X04=00000029e96e9e80 X05=0000000000000001 X06=0000000000000006 X07=ffff800082be0910 X08=f6f000000a838000 X09=ffff800082918000 X10=0000000000000000 X11=ffff800082be0000 X12=0000000000000017 X13=000000000000003a X14=0000000000000060 X15=ffffffffffffffff X16=ffff800082ce8000 X17=fff07ffffcfd3000 X18=ffff8000891c39e8 X19=000000000026973f X20=ffff800082c25000 X21=ffff800082918a80 X22=fff000007f8cfb60 X23=ffff8000891c3820 X24=00000029e8f04721 X25=00000000000000c0 X26=0000000000000001 X27=ffff8000801800e0 X28=0000000000000000 X29=ffff800082cebe10 X30=ffff80008017fe0c SP=ffff800082cebe10 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:e9b5dba5b5c0fbcf:71374491428a2f98 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ab1c5ed5923f82a4:59f111f13956c25b Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:550c7dc3243185be:12835b01d807aa98 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c19bf1749bdc06a7:80deb1fe72be5d74 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:240ca1cc0fc19dc6:efbe4786e49b69c1 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:76f988da5cb0a9dc:4a7484aa2de92c6f Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bf597fc7b00327c8:a831c66d983e5152 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:1429296706ca6351:d5a79147c6e00bf3 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:53380d134d2c6dfc:2e1b213827b70a85 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:92722c8581c2c92e:766a0abb650a7354 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c76c51a3c24b8b70:a81a664ba2bfe8a1 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:106aa070f40e3585:d6990624d192e819 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:34b0bcb52748774c:1e376c0819a4c116 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:682e6ff35b9cca4f:4ed8aa4a391c0cb3 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:8cc7020884c87814:78a5636f748f82ee Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c67178f2bef9a3f7:a4506ceb90befffa Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:76712901e6578931:06e7c6334f4b70b1 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:dffefb222a948e49:ea07b6a0f72b7c98 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f1afce4df6361aec:78037f1a408c79db Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:53cefac9f2faa379:cfbbedc9dc2cce21 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:638e466a248a0c14:fdb6ed455fe7b848 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:15232f2450b28be9:b76c2254a4fd022a Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:7e76d0557afe9300:f0a8e289b51bfcc9 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:1a4073bbb1f44770:740c5ab46cebce1b Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b3474cf69acf80a3:0a0b156b19a9b9e4 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b752482e468ac643:7c7dc2f04cb03268 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:99dde47334fac861:e2e7ea7712e4b691 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff8000809005f0 X00=0000000000000002 X01=0000000000000018 X02=ffff800082d15018 X03=ffff800082abef10 X04=f6f00000030e5880 X05=0000000000000061 X06=0000000000000035 X07=0000000000000000 X08=7f7f7f7f7f7f7f7f X09=ffff800082abef40 X10=0000000000000001 X11=ffff8000830ebe20 X12=ffff8000829ff3c0 X13=ffff8000830ebb8d X14=ffff8000830ebb98 X15=ffff8000830eba00 X16=ffff800082cf0000 X17=fff07ffffcfec000 X18=00000000ffffffff X19=f8f000000304301e X20=ffff800080900794 X21=f6f00000030e5880 X22=f8f000000304301e X23=ffff800080900794 X24=000000000000004c X25=0000000000000001 X26=f7f00000032bb840 X27=0000000000000000 X28=0000000000000000 X29=ffff8000830ebca0 X30=ffff8000809007bc SP=ffff8000830ebca0 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffa7576428:0000ffffa7576440 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffa7576438:0000ffffa7576480 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffa80dca20:0000ffffa7576420 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffa7576458:0000ffffa7576430 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffa7576468:0000ffffa7576460 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffa7576468:0000ffffa7576460 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffa7576478:0000ffffa7576470 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffe088b780:0000ffffe088b780 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffe088b750 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000