last executing test programs: 6.891018698s ago: executing program 0 (id=134): sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB="2c000000090601020095654d49000600020000000900020073797a3100000700000004000780c62d68bbfe5d97cfc48b287f72858a78caf8cae4f989c4b73064f29cc013"], 0x2c}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[], 0x318c) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xf, "0040001e1d113c812e5d6000"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0) ioctl$TCSETSF(r1, 0x5404, &(0x7f0000000180)={0x38000, 0x8, 0x0, 0x6, 0x5, "aa32b73986bbee6bd231334cbfa0b758261a93"}) 5.508479528s ago: executing program 0 (id=140): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f00000008c0)={0xc01, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.322073911s ago: executing program 0 (id=142): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4) r5 = accept4(r4, 0x0, 0x0, 0x80800) sendmmsg$alg(r5, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x1cba8c72}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x177ffb498171ed1, 0x8040010) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1, 0x0, 0x0, 0xf5000000}, 0x0) 2.626439568s ago: executing program 0 (id=146): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@getchain={0x24, 0x66, 0x100, 0x70bd26, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x7, 0xe}, {0x5, 0xd}, {0xfff4, 0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000100)=ANY=[@ANYBLOB="380000001e00bd7000fedbdf2507000000000000b1", @ANYRES32=0x0, @ANYBLOB='\x00\x00'], 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x20000800) 2.626172308s ago: executing program 0 (id=147): r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x2000007, 0x401d031, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x200}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) syz_io_uring_complete(r0) read(r1, &(0x7f0000001600)=""/233, 0xe9) syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x110, &(0x7f0000000080)=0x80000001, 0x0, 0x4) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fdinfo/3\x00') read$eventfd(r2, &(0x7f0000000080), 0x8) 1.799140482s ago: executing program 1 (id=150): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x0) 1.67695772s ago: executing program 1 (id=151): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@newsa={0x140, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0x3fc}, 0x80, 0x0, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @tfcpad={0x8, 0x16, 0x800}]}, 0x140}}, 0x844) 1.654965071s ago: executing program 1 (id=152): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='uid=', @ANYRESHEX]) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000100)) 1.535816029s ago: executing program 1 (id=153): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f0000000200)='m', 0x1) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65) write$snddsp(r2, &(0x7f0000000340)="0411", 0x2) ioctl$SNDRV_PCM_IOCTL_REWIND(r2, 0x40084146, &(0x7f0000000140)=0xfff) 919.38172ms ago: executing program 1 (id=154): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=@newlink={0x30, 0x10, 0x1, 0x70bd28, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x1464f}, [@IFLA_TXQLEN={0x8, 0xd, 0x4}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x30, 0x10, 0x1, 0x70bd25, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, 0x48815, 0x40003}, [@IFLA_GROUP={0x8}, @IFLA_TXQLEN={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x46801}, 0x4000000) 229.9µs ago: executing program 1 (id=155): pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r1 = add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x0) keyctl$KEYCTL_WATCH_KEY(0x3, r1, 0xffffffffffffffff, 0x0) 0s ago: executing program 0 (id=156): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040)) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000000)) 0s ago: executing program 1 (id=157): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x25, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x34}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x80) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:7651' (ED25519) to the list of known hosts. syzkaller login: [ 81.530918][ T3311] cgroup: Unknown subsys name 'net' [ 81.694378][ T3311] cgroup: Unknown subsys name 'cpuset' [ 81.716641][ T3311] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.183220][ T3311] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 92.042362][ T3316] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.105772][ T3316] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.207967][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.270319][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.248861][ T3316] hsr_slave_0: entered promiscuous mode [ 93.257480][ T3316] hsr_slave_1: entered promiscuous mode [ 93.423015][ T3317] hsr_slave_0: entered promiscuous mode [ 93.426787][ T3317] hsr_slave_1: entered promiscuous mode [ 93.442868][ T3317] debugfs: 'hsr0' already exists in 'hsr' [ 93.443692][ T3317] Cannot create hsr debugfs directory [ 94.377762][ T3316] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.395732][ T3316] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.417699][ T3316] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.448415][ T3316] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.577542][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.604235][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.635037][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.653608][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.747022][ T3316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.776154][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.446511][ T3316] veth0_vlan: entered promiscuous mode [ 98.464294][ T3316] veth1_vlan: entered promiscuous mode [ 98.579192][ T3316] veth0_macvtap: entered promiscuous mode [ 98.625157][ T3316] veth1_macvtap: entered promiscuous mode [ 98.846816][ T756] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.847796][ T756] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.848005][ T756] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.848142][ T756] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.037852][ T3317] veth0_vlan: entered promiscuous mode [ 99.075224][ T3317] veth1_vlan: entered promiscuous mode [ 99.227056][ T3317] veth0_macvtap: entered promiscuous mode [ 99.266675][ T3317] veth1_macvtap: entered promiscuous mode [ 99.323626][ T3316] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 99.596412][ T2358] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.596919][ T2358] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.598525][ T2358] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.598674][ T2358] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.042804][ T3465] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2'. [ 100.047552][ T3465] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2'. [ 100.239266][ T3468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 100.251241][ T3468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 100.385785][ T3470] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 100.397769][ T3470] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 100.763467][ T3379] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 100.990850][ T3379] usb 1-1: config 0 has too many interfaces: 204, using maximum allowed: 32 [ 100.994102][ T3379] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 204 [ 100.995496][ T3379] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.995803][ T3379] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.996141][ T3379] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 100.996848][ T3379] usb 1-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00 [ 100.996970][ T3379] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.010550][ T3379] usb 1-1: config 0 descriptor?? [ 101.484799][ T3379] hid-generic 0003:28BD:0909.0001: unknown main item tag 0x0 [ 101.485231][ T3379] hid-generic 0003:28BD:0909.0001: unknown main item tag 0x0 [ 101.485311][ T3379] hid-generic 0003:28BD:0909.0001: unknown main item tag 0x0 [ 101.485421][ T3379] hid-generic 0003:28BD:0909.0001: unknown main item tag 0x0 [ 101.485501][ T3379] hid-generic 0003:28BD:0909.0001: unknown main item tag 0x0 [ 101.485576][ T3379] hid-generic 0003:28BD:0909.0001: unknown main item tag 0x0 [ 101.485682][ T3379] hid-generic 0003:28BD:0909.0001: unknown main item tag 0x0 [ 101.496340][ T3379] hid-generic 0003:28BD:0909.0001: hidraw0: USB HID v0.00 Device [HID 28bd:0909] on usb-dummy_hcd.0-1/input0 [ 101.754199][ T3379] usb 1-1: USB disconnect, device number 2 [ 108.898705][ T3500] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 108.900160][ T3500] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 109.204827][ T3506] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 109.330407][ T3508] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 109.339046][ T3508] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 116.972367][ T3474] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 117.134175][ T3474] usb 1-1: Using ep0 maxpacket: 32 [ 118.122483][ T3536] No control pipe specified [ 118.135004][ T3474] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 118.288645][ T3474] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 118.295755][ T3474] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 118.302070][ T3474] usb 1-1: Product: syz [ 118.307564][ T3474] usb 1-1: Manufacturer: syz [ 118.314841][ T3474] usb 1-1: SerialNumber: syz [ 119.159101][ T3474] usb 1-1: config 0 descriptor?? [ 119.175175][ T3533] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 119.396242][ T3474] usb 1-1: USB disconnect, device number 3 [ 119.803490][ T3544] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.807630][ T3544] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.389981][ T3556] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.391288][ T3556] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.582613][ T3474] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 120.752459][ T3474] usb 1-1: Using ep0 maxpacket: 32 [ 120.805705][ T3474] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 120.808394][ T3474] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 120.810501][ T3474] usb 1-1: Product: syz [ 120.812116][ T3474] usb 1-1: Manufacturer: syz [ 120.813173][ T3474] usb 1-1: SerialNumber: syz [ 120.825607][ T3474] usb 1-1: config 0 descriptor?? [ 121.789294][ T3583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.792365][ T3583] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 121.991054][ T3589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.995702][ T3589] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.007612][ T3589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 122.014662][ T3589] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.231273][ T3589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 122.232961][ T3589] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.534656][ T3595] veth0: entered promiscuous mode [ 122.537162][ T3595] netlink: 4 bytes leftover after parsing attributes in process `syz.1.49'. [ 122.578243][ T3595] veth0 (unregistering): left promiscuous mode [ 123.209459][ T3607] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 123.210966][ T3607] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 123.237716][ T3607] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 123.241150][ T3607] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 130.873421][ T3648] netlink: 4 bytes leftover after parsing attributes in process `syz.1.73'. [ 131.040226][ T3650] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 131.045207][ T3650] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 131.134533][ T783] usb 1-1: USB disconnect, device number 4 [ 131.209345][ T3655] tmpfs: Unknown parameter '׵+%4?,8' [ 132.282283][ T3464] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 132.432367][ T3464] usb 1-1: Using ep0 maxpacket: 16 [ 132.446934][ T3464] usb 1-1: config 1 has an invalid interface number: 105 but max is 0 [ 132.447335][ T3464] usb 1-1: config 1 has no interface number 0 [ 132.447708][ T3464] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 132.447949][ T3464] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 132.448128][ T3464] usb 1-1: config 1 interface 105 has no altsetting 0 [ 132.474631][ T3464] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 132.475008][ T3464] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.477547][ T3464] usb 1-1: Product: syz [ 132.477755][ T3464] usb 1-1: Manufacturer: syz [ 132.477890][ T3464] usb 1-1: SerialNumber: syz [ 132.505898][ T3673] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 132.508208][ T3673] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 133.935311][ T3673] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 133.953780][ T3673] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 134.799270][ T3464] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71 [ 134.800653][ T3464] aqc111 1-1:1.105: probe with driver aqc111 failed with error -71 [ 134.839222][ T3464] usb 1-1: USB disconnect, device number 5 [ 135.447932][ T3681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.449546][ T3681] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 138.007456][ T3708] netlink: 'syz.0.98': attribute type 1 has an invalid length. [ 138.011059][ T3708] netlink: 'syz.0.98': attribute type 2 has an invalid length. [ 146.218693][ T3741] netlink: 'syz.1.108': attribute type 13 has an invalid length. [ 150.328578][ T3778] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 150.330353][ T3778] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 151.517799][ T3793] netlink: 16 bytes leftover after parsing attributes in process `syz.1.129'. [ 153.134580][ T3796] netlink: 4 bytes leftover after parsing attributes in process `syz.0.130'. [ 154.029677][ T3806] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 154.034130][ T3806] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.079035][ T3843] netlink: 'syz.0.146': attribute type 13 has an invalid length. [ 159.129790][ T3856] autofs: Bad value for 'uid' [ 159.130094][ T3856] autofs: Bad value for 'uid' [ 160.926663][ T3868] ================================================================== [ 160.929934][ T3868] BUG: KASAN: invalid-access in __memcpy+0xc/0x54 [ 160.932828][ T3868] Write at addr faff800086dc523f by task syz.1.157/3868 [ 160.933395][ T3868] Pointer tag: [fa], memory tag: [fe] [ 160.933531][ T3868] [ 160.934482][ T3868] CPU: 0 UID: 0 PID: 3868 Comm: syz.1.157 Not tainted syzkaller #0 PREEMPT [ 160.934840][ T3868] Hardware name: linux,dummy-virt (DT) [ 160.935108][ T3868] Call trace: [ 160.935361][ T3868] show_stack+0x18/0x24 (C) [ 160.935683][ T3868] dump_stack_lvl+0x78/0x90 [ 160.935801][ T3868] print_report+0x108/0x61c [ 160.935850][ T3868] kasan_report+0x88/0xac [ 160.935908][ T3868] __do_kernel_fault+0x170/0x1c8 [ 160.935943][ T3868] do_bad_area+0x68/0x78 [ 160.936004][ T3868] do_tag_check_fault+0x34/0x44 [ 160.936091][ T3868] do_mem_abort+0x44/0x94 [ 160.936120][ T3868] el1_abort+0x44/0x68 [ 160.936149][ T3868] el1h_64_sync_handler+0x50/0xac [ 160.936216][ T3868] el1h_64_sync+0x6c/0x70 [ 160.936355][ T3868] __memcpy+0xc/0x54 (P) [ 160.936389][ T3868] convert_ctx_accesses+0x698/0xb2c [ 160.936479][ T3868] bpf_check+0x1374/0x293c [ 160.936533][ T3868] bpf_prog_load+0x63c/0xd40 [ 160.936606][ T3868] __sys_bpf+0x2e0/0x1a88 [ 160.936632][ T3868] __arm64_sys_bpf+0x24/0x34 SYZFAIL: failed to recv rpc [ 160.936656][ T3868] invoke_syscall+0x48/0x110 [ 160.936720][ T3868] el0_svc_common.constprop.0+0x40/0xe0 [ 160.936751][ T3868] do_el0_svc+0x1c/0x28 [ 160.936782][ T3868] el0_svc+0x34/0x128 [ 160.936850][ T3868] el0t_64_sync_handler+0xa0/0xe4 [ 160.936879][ T3868] el0t_64_sync+0x1a4/0x1a8 [ 160.937116][ T3868] [ 160.937367][ T3868] The buggy address belongs to a 1-page vmalloc region starting at 0xfaff800086dc5000 allocated at bpf_check+0x8c/0x293c [ 160.938783][ T3868] The buggy address belongs to the physical page: [ 160.939111][ T3868] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffffffff00000000 pfn:0x49091 [ 160.939503][ T3868] flags: 0x1ffd40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x5) [ 160.940667][ T3868] raw: 01ffd40000000000 0000000000000000 dead000000000122 0000000000000000 [ 160.940705][ T3868] raw: ffffffff00000000 0000000000000000 00000001ffffffff 0000000000000000 [ 160.940780][ T3868] page dumped because: kasan: bad access detected [ 160.940805][ T3868] fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 160.940828][ T3868] Memory state around the buggy address: [ 160.941073][ T3868] ffff800086dc5000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa [ 160.941190][ T3868] ffff800086dc5100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fe fe [ 160.941257][ T3868] >ffff800086dc5200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 160.941413][ T3868] ^ [ 160.941838][ T3868] ffff800086dc5300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 160.941871][ T3868] ffff800086dc5400: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 160.941956][ T3868] ================================================================== [ 160.943965][ T3868] Disabling lock debugging due to kernel taint [ 161.144836][ T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 161.352525][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 161.547818][ T9] usb 1-1: device descriptor read/all, error -71 [ 161.807454][ T756] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.888329][ T756] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 161.955092][ T756] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.030946][ T756] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.725595][ T756] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 162.783643][ T756] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 162.843218][ T756] bond0 (unregistering): Released all slaves [ 162.932802][ T756] hsr_slave_0: left promiscuous mode [ 162.936834][ T756] hsr_slave_1: left promiscuous mode [ 162.952686][ T756] veth1_macvtap: left promiscuous mode [ 162.953837][ T756] veth0_macvtap: left promiscuous mode [ 162.954807][ T756] veth1_vlan: left promiscuous mode [ 162.955672][ T756] veth0_vlan: left promiscuous mode [ 164.107385][ T756] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.190233][ T756] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.270261][ T756] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.341304][ T756] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.946903][ T756] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.993650][ T756] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 165.026849][ T756] bond0 (unregistering): Released all slaves [ 165.204265][ T756] hsr_slave_0: left promiscuous mode [ 165.207344][ T756] hsr_slave_1: left promiscuous mode [ 165.220829][ T756] veth1_macvtap: left promiscuous mode [ 165.224532][ T756] veth0_macvtap: left promiscuous mode [ 165.226430][ T756] veth1_vlan: left promiscuous mode [ 165.229276][ T756] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 22:13:53 Registers: info registers vcpu 0 CPU#0 PC=ffff800081b8683c X00=ffff800081b86838 X01=ffff800081462e40 X02=0000000000000000 X03=f1f00000070a0780 X04=fcf000000c28f128 X05=0000000000000000 X06=00000000009b8552 X07=0000000000000000 X08=0000000000000038 X09=0000000000000000 X10=0000000000000001 X11=ffff800082dae840 X12=000000000000dab3 X13=0000000000000000 X14=0000000000000000 X15=f3f0000009150100 X16=ffff800082de8000 X17=fff07ffffcef4000 X18=0000000000000000 X19=ffff800082d18cc0 X20=0000002540be4000 X21=0000000000007b90 X22=f1f00000070a07e2 X23=f1f00000070a07e2 X24=0000000000000000 X25=f1f00000070a07ce X26=ffff800082dae840 X27=f7f0000009052600 X28=fcf000000c28f100 X29=ffff800082deb7c0 X30=ffff800081462e58 SP=ffff800082deb7c0 PSTATE=61402009 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:5aba190a16feb066:91924f8cc101e696 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c8c986691b302bdd:bacd379888d3e2d5 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:45ebf4590d6663e5:f79068b6c0282ccd Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2be01fdc5a79be42:54b7f6a7965245a1 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:37896be21dff1dd0:c6af0ee5f897ab54 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3ba1827e5560a5f7:bdf7a7421aa928fa Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c741620a2c6ce189:f403de368057bfc8 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:10e5358e18eb0c71:c96f4e3d518b6f02 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:5aba190a16feb366:91924f8cc112e696 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c8c186691b3a2bd9:bacd379388dfe2df Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ea3a1a887e2176ae:656d9a604bd5a87d Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:1e79ef0a4ed38185:2a728d1f6b9c0b5e Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:e42344f668e5e11b:adad1ee8d6f63329 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bc2d86e26ff2b484:a8d61d92a4dd2bb1 info registers vcpu 1 CPU#1 PC=ffff80008092e420 X00=0000000000000002 X01=0000000000000030 X02=ffff800082e15030 X03=ffff800082badf28 X04=0000000000000001 X05=0a0a0a0a0a0a0a0a X06=0000000000000029 X07=0000000000000000 X08=7f7f7f7f7f7f7f7f X09=ffff800082badf58 X10=0000000000000001 X11=ffff8000831ebe20 X12=ffff800082adf268 X13=ffff8000831ebb8d X14=ffff8000831ebb98 X15=ffff8000831eba00 X16=0000000000000000 X17=0000000000000000 X18=00000000ffffffff X19=ffff8000831ebe20 X20=f4f00000030e5880 X21=0000000000000000 X22=0000000000000000 X23=0000000000000000 X24=0000000000000000 X25=fbf000000323b180 X26=0000000000000001 X27=0000000000000000 X28=0000000000000000 X29=ffff8000831ebce0 X30=ffff80008092e890 SP=ffff8000831ebce0 PSTATE=814020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffffffff0000:ffffffff00000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff00ffff0000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00302e7465676461:672d7761722f7372 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff0f00f000f0 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bcbcbcc0bcbc0000:bcbcbcc0bcbc0000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaaacbc68c90 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaaacbc65f70 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffff94d3150:0000fffff94d3150 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd8:0000fffff94d3120 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000