last executing test programs: 10.837515046s ago: executing program 0 (id=332): r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002880)=[{&(0x7f0000000880)=""/4124, 0x101c}, {&(0x7f0000000300)=""/243, 0xf3}, {&(0x7f00000004c0)=""/219, 0xdb}, {&(0x7f0000000240)=""/186, 0xba}, {&(0x7f0000000600)=""/195, 0xc3}, {&(0x7f0000000700)=""/264, 0x108}], 0x6}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000000c0)="1400000035000b63d25a80648c2594f90224fc60", 0x14}], 0x1}, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 10.130322939s ago: executing program 0 (id=334): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x40000}, [@call={0x85, 0x0, 0x0, 0x20}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 9.928752957s ago: executing program 0 (id=335): r0 = socket(0x15, 0x5, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @dev}, 0x1c) 9.659001741s ago: executing program 0 (id=336): prlimit64(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x44, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_COUNTERS={0x4}]}], {0x14, 0x10}}, 0x8c}}, 0x0) 9.418404142s ago: executing program 0 (id=337): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r1 = inotify_init1(0x0) ioctl$AUTOFS_IOC_CATATONIC(r1, 0x9362, 0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) syz_open_procfs(r2, &(0x7f0000000600)='fd/4\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) semtimedop(0x0, &(0x7f0000000640)=[{0x0, 0xafc}, {0x4, 0x0, 0x1800}, {}], 0x3, 0x0) semop(0x0, &(0x7f0000000680)=[{0x4, 0x7d}], 0x1f4) 2.336632472s ago: executing program 1 (id=344): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB="54020000160001000000000000000000ac1414000000000000000000000000007f0000010000000000000000000000004e220000000000000000200000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa000000000000000000000000000000003200000000000000000000000000fffffffffffffcffffffffffffff010000000000000000000000000000000e000000000000000700000000000000800000000000200000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000008000000ffffff7f000000000000000000000000000003000000000000000000080000000008000014000d"], 0x254}}, 0x0) 2.193525965s ago: executing program 1 (id=345): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@ipv6_newroute={0x38, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_OIF={0x8, 0x4, r1}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_TC={0x5}}]}, 0x38}}, 0x0) 1.914589419s ago: executing program 1 (id=346): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) r3 = syz_open_procfs(r2, &(0x7f0000000600)='fd/4\x00') ioctl$EXT4_IOC_GROUP_EXTEND(r3, 0x40305829, &(0x7f0000000240)) 1.549857822s ago: executing program 1 (id=347): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r1, 0x26, 0x0, 0x0, @prog_id}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000007c0)={{r3}, &(0x7f0000000480), &(0x7f0000000780)=r0}, 0x20) 1.218831901s ago: executing program 1 (id=348): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000006c0)=""/179, 0xb3}], 0x1}, 0x0) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000280)='>', 0x1}, {&(0x7f00000008c0)="41900790eb29dcb0471b09df36f800f71718f5a827f93d5dee598c85037116ab762cb9d03ec04fe4ff2888ea5d1a274c7a3dd7db4569be3dbc42360120f063a49201f80d86ec9954dd8441c7d9060e1329309f3656055ca276f821083b7d5b80ceb2144f3a2ada10c8", 0x69}, {&(0x7f0000002780)="ba24f630f2182c6ce7ae6b2992ebb8e482fa817bab1d94f9c30c7451aa3a5eff6227d03d8b3b383453ba1ff75bce4a9197d71d924d96277a999d46c8b241035c343e5278e14551cc58", 0x49}], 0x3}, 0x0) 343.492429ms ago: executing program 1 (id=349): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000006c0)=""/179, 0xb3}], 0x1}, 0x0) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0) 0s ago: executing program 0 (id=350): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000006c0)=""/179, 0xb3}], 0x1}, 0x0) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000280)='>', 0x1}, {&(0x7f00000008c0)="41900790eb29dcb0471b09df36f800f71718f5a827f93d5dee598c85037116ab762cb9d03ec04fe4ff2888ea5d1a274c7a3dd7db4569be3dbc42360120f063a49201f80d86ec9954dd8441c7d9060e1329309f3656055ca276f821083b7d5b80ceb2144f3a2ada10c8", 0x69}, {&(0x7f0000002780)="ba24f630f2182c6ce7ae6b2992ebb8e482fa817bab1d94f9c30c7451aa3a5eff6227d03d8b3b383453ba1ff75bce4a9197d71d924d96277a999d46c8b241035c343e5278e14551cc5843", 0x4a}], 0x3}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:27094' (ED25519) to the list of known hosts. syzkaller login: [ 120.504873][ T3189] cgroup: Unknown subsys name 'net' [ 120.941185][ T3189] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 121.969133][ T3189] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 129.914454][ T3195] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 129.947207][ T3195] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 130.371154][ T3196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 130.421552][ T3196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 131.925398][ T3195] hsr_slave_0: entered promiscuous mode [ 131.956694][ T3195] hsr_slave_1: entered promiscuous mode [ 132.549282][ T3196] hsr_slave_0: entered promiscuous mode [ 132.595354][ T3196] hsr_slave_1: entered promiscuous mode [ 132.643540][ T3196] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 132.644970][ T3196] Cannot create hsr debugfs directory [ 133.765984][ T3195] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 133.823806][ T3195] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 133.845612][ T3195] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 133.873861][ T3195] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 134.098095][ T3196] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 134.124760][ T3196] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 134.149852][ T3196] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 134.193447][ T3196] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 135.955085][ T3195] 8021q: adding VLAN 0 to HW filter on device bond0 [ 136.110288][ T3196] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.695150][ T3195] veth0_vlan: entered promiscuous mode [ 142.772811][ T3195] veth1_vlan: entered promiscuous mode [ 143.051250][ T3195] veth0_macvtap: entered promiscuous mode [ 143.113713][ T3195] veth1_macvtap: entered promiscuous mode [ 143.441713][ T3196] veth0_vlan: entered promiscuous mode [ 143.517716][ T3195] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.519292][ T3195] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.520514][ T3195] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.521600][ T3195] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 143.655159][ T3196] veth1_vlan: entered promiscuous mode [ 143.968307][ T3196] veth0_macvtap: entered promiscuous mode [ 144.035623][ T3196] veth1_macvtap: entered promiscuous mode [ 144.341919][ T3196] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.353913][ T3196] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.355893][ T3196] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.357521][ T3196] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.164335][ T3377] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies. [ 157.965981][ T3391] syz.1.26 uses obsolete (PF_INET,SOCK_PACKET) [ 158.059888][ T3391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.068405][ T3391] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.215663][ T3190] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 158.542675][ C0] hrtimer: interrupt took 681328 ns [ 158.568512][ T3190] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 158.569705][ T3190] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.570681][ T3190] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.571594][ T3190] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 158.603984][ T3190] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 158.604755][ T3190] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 158.605509][ T3190] usb 1-1: Manufacturer: syz [ 158.634342][ T3190] usb 1-1: config 0 descriptor?? [ 158.829029][ T3391] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.844551][ T3391] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.135286][ T3190] hid-generic 0003:05AC:8243.0001: unknown main item tag 0x0 [ 159.164594][ T3190] hid-generic 0003:05AC:8243.0001: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 168.693171][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::ffff:172.20.20.170]:2. Sending cookies. [ 169.381849][ T3191] usb 1-1: USB disconnect, device number 2 [ 170.116888][ T3430] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 173.674216][ T3190] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 173.923038][ T3190] usb 1-1: Using ep0 maxpacket: 8 [ 173.956355][ T3190] usb 1-1: config 0 has no interfaces? [ 173.956968][ T3190] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 173.957590][ T3190] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.980251][ T3190] usb 1-1: config 0 descriptor?? [ 178.958057][ T3470] netlink: 40 bytes leftover after parsing attributes in process `syz.1.52'. [ 181.872620][ C1] sched: RT throttling activated [ 183.266314][ T3472] netlink: 20 bytes leftover after parsing attributes in process `syz.1.53'. [ 187.661871][ T3502] vlan2: entered promiscuous mode [ 188.039360][ T10] usb 1-1: USB disconnect, device number 3 [ 188.339190][ T3511] netlink: 'syz.0.70': attribute type 19 has an invalid length. [ 189.789204][ T29] audit: type=1326 audit(189.570:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=3532 comm="syz.0.81" exe="/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffab341e28 code=0x0 [ 192.204989][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 197.711426][ T3555] could not allocate digest TFM handle crct10dif-pclmul [ 200.603562][ T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 200.943392][ T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 200.945175][ T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 200.976553][ T10] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 200.977900][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 200.978966][ T10] usb 1-1: SerialNumber: syz [ 201.278101][ T10] usb 1-1: 0:2 : does not exist [ 201.281282][ T10] usb 1-1: unit 5 not found! [ 201.431491][ T10] usb 1-1: USB disconnect, device number 4 [ 201.634013][ T3576] netlink: 8 bytes leftover after parsing attributes in process `syz.0.92'. [ 202.139175][ T3571] udevd[3571]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 205.461369][ T3585] could not allocate digest TFM handle crct10dif-pclmul [ 216.421317][ T3603] could not allocate digest TFM handle crct10dif-pclmul [ 218.063899][ T3611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.101'. [ 223.197473][ T3629] could not allocate digest TFM handle crct10dif-pclmul [ 231.871369][ T3652] could not allocate digest TFM handle crct10dif-pclmul [ 233.803745][ T3281] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 234.109302][ T3281] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 234.206479][ T3281] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 234.207291][ T3281] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 234.208846][ T3281] usb 1-1: config 0 interface 0 has no altsetting 0 [ 234.219530][ T3281] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 234.220294][ T3281] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 234.221242][ T3281] usb 1-1: config 0 interface 0 has no altsetting 0 [ 234.284195][ T3281] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 234.284927][ T3281] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 234.285561][ T3281] usb 1-1: config 0 interface 0 has no altsetting 0 [ 234.320456][ T3281] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 234.321329][ T3281] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 234.324413][ T3281] usb 1-1: config 0 interface 0 has no altsetting 0 [ 234.364611][ T3281] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 234.365827][ T3281] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 234.367230][ T3281] usb 1-1: config 0 interface 0 has no altsetting 0 [ 234.468233][ T3281] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 234.469940][ T3281] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 234.471268][ T3281] usb 1-1: config 0 interface 0 has no altsetting 0 [ 234.496391][ T3281] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 234.497834][ T3281] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 234.499249][ T3281] usb 1-1: config 0 interface 0 has no altsetting 0 [ 234.515817][ T3281] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 234.517315][ T3281] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 234.518526][ T3281] usb 1-1: config 0 interface 0 has no altsetting 0 [ 234.567081][ T3281] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 234.568954][ T3281] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 234.570125][ T3281] usb 1-1: Product: syz [ 234.570782][ T3281] usb 1-1: Manufacturer: syz [ 234.571551][ T3281] usb 1-1: SerialNumber: syz [ 234.612010][ T3281] usb 1-1: config 0 descriptor?? [ 234.784193][ T3281] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0 [ 234.885652][ T3281] usb 1-1: USB disconnect, device number 5 [ 234.917526][ T3281] yurex 1-1:0.0: USB YUREX #0 now disconnected [ 236.425783][ T3675] Zero length message leads to an empty skb [ 240.974763][ T3720] netlink: 8 bytes leftover after parsing attributes in process `syz.1.139'. [ 242.731312][ T3733] could not allocate digest TFM handle crct10dif-pclmul [ 242.886905][ C0] vcan0: j1939_tp_rxtimer: 0x000000006cb77021: rx timeout, send abort [ 243.390955][ C0] vcan0: j1939_tp_rxtimer: 0x000000006cb77021: abort rx timeout. Force session deactivation [ 246.450924][ T3757] could not allocate digest TFM handle crct10dif-pclmul [ 249.225094][ T3190] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 249.433012][ T3190] usb 1-1: Using ep0 maxpacket: 8 [ 249.697108][ T3190] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 249.698750][ T3190] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.740475][ T3190] usb 1-1: config 0 descriptor?? [ 251.413786][ T3771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 251.425419][ T3771] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 252.859440][ T3190] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 252.861142][ T3190] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 252.870867][ T3190] asix 1-1:0.0: probe with driver asix failed with error -71 [ 252.908393][ T3190] usb 1-1: USB disconnect, device number 6 [ 253.157357][ T3782] netlink: 176 bytes leftover after parsing attributes in process `syz.0.158'. [ 254.505635][ T3786] could not allocate digest TFM handle crct10dif-pclmul [ 255.948757][ T3801] vcan0 speed is unknown, defaulting to 1000 [ 256.238882][ T3801] vcan0 speed is unknown, defaulting to 1000 [ 256.763354][ T3801] vcan0 speed is unknown, defaulting to 1000 [ 258.780685][ T3801] infiniband syz1: set active [ 258.781573][ T3283] vcan0 speed is unknown, defaulting to 1000 [ 258.783077][ T3801] infiniband syz1: added vcan0 [ 258.805162][ T3801] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR [ 258.819783][ T3801] infiniband syz1: Couldn't open port 1 [ 259.015312][ T3801] RDS/IB: syz1: added [ 259.016190][ T3801] smc: adding ib device syz1 with port count 1 [ 259.016748][ T3801] smc: ib device syz1 port 1 has pnetid [ 259.021342][ T3283] vcan0 speed is unknown, defaulting to 1000 [ 259.046675][ T3801] vcan0 speed is unknown, defaulting to 1000 [ 260.210242][ T3801] vcan0 speed is unknown, defaulting to 1000 [ 262.879270][ T3811] could not allocate digest TFM handle crct10dif-pclmul [ 266.339458][ T3831] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 267.751066][ T3836] could not allocate digest TFM handle crct10dif-pclmul [ 268.439240][ T3845] netlink: 12 bytes leftover after parsing attributes in process `syz.0.176'. [ 276.254232][ T3865] could not allocate digest TFM handle crct10dif-pclmul [ 283.834211][ T3879] nbd0: detected capacity change from 0 to 12 [ 283.859655][ T3879] block nbd0: Send control failed (result -89) [ 283.875890][ T3879] block nbd0: Request send failed, requeueing [ 283.880893][ T48] block nbd0: Receive control failed (result -32) [ 283.881025][ T1712] block nbd0: Dead connection, failed to find a fallback [ 283.884541][ T1712] block nbd0: shutting down sockets [ 283.887601][ T1712] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 283.889339][ T1712] Buffer I/O error on dev nbd0, logical block 0, async page read [ 283.896213][ T3879] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 283.900685][ T3879] Buffer I/O error on dev nbd0, logical block 0, async page read [ 283.903105][ T3879] nbd0: unable to read partition table [ 283.919506][ T3878] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 283.924317][ T3878] Buffer I/O error on dev nbd0, logical block 0, async page read [ 283.926518][ T3878] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 283.927689][ T3878] Buffer I/O error on dev nbd0, logical block 0, async page read [ 283.928849][ T3878] nbd0: unable to read partition table [ 283.967266][ T3878] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 283.969059][ T3878] Buffer I/O error on dev nbd0, logical block 0, async page read [ 283.970878][ T3878] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 283.972070][ T3878] Buffer I/O error on dev nbd0, logical block 0, async page read [ 283.977108][ T3878] nbd0: unable to read partition table [ 283.997244][ T3878] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 284.000300][ T3878] Buffer I/O error on dev nbd0, logical block 0, async page read [ 284.007476][ T3878] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 284.008940][ T3878] Buffer I/O error on dev nbd0, logical block 0, async page read [ 284.013545][ T3878] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 284.014899][ T3878] Buffer I/O error on dev nbd0, logical block 0, async page read [ 284.017027][ T3878] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 284.018497][ T3878] Buffer I/O error on dev nbd0, logical block 0, async page read [ 285.921683][ T3888] could not allocate digest TFM handle crct10dif-pclmul [ 286.363466][ T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 286.563854][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 286.713354][ T10] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 286.714985][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 287.022008][ T10] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 287.023755][ T10] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 287.024951][ T10] usb 1-1: Product: syz [ 287.025690][ T10] usb 1-1: Manufacturer: syz [ 287.026455][ T10] usb 1-1: SerialNumber: syz [ 287.160767][ T10] usb 1-1: config 0 descriptor?? [ 287.390978][ T10] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 287.422132][ T10] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 287.586493][ T3283] usb 1-1: USB disconnect, device number 7 [ 287.614021][ T3283] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 292.064470][ T3906] could not allocate digest TFM handle crct10dif-pclmul [ 296.680976][ T3923] could not allocate digest TFM handle crct10dif-pclmul [ 300.193761][ T3939] could not allocate digest TFM handle crct10dif-pclmul [ 310.053306][ T3963] netlink: 8 bytes leftover after parsing attributes in process `syz.1.206'. [ 312.475765][ T3969] could not allocate digest TFM handle crct10dif-pclmul [ 318.118415][ T3988] could not allocate digest TFM handle crct10dif-pclmul [ 320.320908][ T4004] netlink: 4 bytes leftover after parsing attributes in process `syz.1.220'. [ 320.528951][ T4008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 320.531485][ T4008] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 320.666373][ T4008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 320.668725][ T4008] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 321.799216][ T4005] team_slave_0: entered promiscuous mode [ 321.800380][ T4005] team_slave_0: entered allmulticast mode [ 322.853641][ T4025] netlink: 176 bytes leftover after parsing attributes in process `syz.0.225'. [ 323.510326][ T4019] could not allocate digest TFM handle crct10dif-pclmul [ 324.513201][ T1820] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 324.773925][ T1820] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 324.775543][ T1820] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 324.778699][ T1820] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 324.780237][ T1820] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 324.781310][ T1820] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.027274][ T1820] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 325.130765][ T1820] usb 1-1: USB disconnect, device number 8 [ 325.837082][ T4037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 325.855520][ T4037] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 326.066156][ T3977] udevd[3977]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 330.545059][ T4048] could not allocate digest TFM handle crct10dif-pclmul [ 334.115473][ T4058] netlink: 24 bytes leftover after parsing attributes in process `syz.0.235'. [ 336.900120][ T4071] netlink: 104 bytes leftover after parsing attributes in process `syz.1.239'. [ 339.669515][ T4080] could not allocate digest TFM handle crct10dif-pclmul [ 354.345330][ T4102] could not allocate digest TFM handle crct10dif-pclmul [ 363.301755][ T4130] could not allocate digest TFM handle crct10dif-pclmul [ 367.885112][ T4146] ALSA: seq fatal error: cannot create timer (-19) [ 370.719534][ T4160] could not allocate digest TFM handle crct10dif-pclmul [ 375.551042][ T4168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 375.572038][ T4168] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 376.817786][ T4176] netlink: 8 bytes leftover after parsing attributes in process `syz.0.265'. [ 382.859812][ T4189] could not allocate digest TFM handle crct10dif-pclmul [ 394.041195][ T4212] could not allocate digest TFM handle crct10dif-pclmul [ 398.646631][ T4225] netlink: 12 bytes leftover after parsing attributes in process `syz.0.280'. [ 407.008807][ T4273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.011651][ T4273] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 417.430119][ T4327] vlan0: entered promiscuous mode [ 417.468367][ T4327] vlan0 (unregistering): left promiscuous mode [ 417.933367][ T4332] input: syz1 as /devices/virtual/input/input1 [ 423.027496][ T4366] netlink: 'syz.0.331': attribute type 29 has an invalid length. [ 423.029463][ T4366] netlink: 'syz.0.331': attribute type 29 has an invalid length. [ 423.062947][ T4366] netlink: 'syz.0.331': attribute type 29 has an invalid length. [ 423.073088][ T4366] netlink: 3447 bytes leftover after parsing attributes in process `syz.0.331'. [ 423.074450][ T4366] netlink: 3447 bytes leftover after parsing attributes in process `syz.0.331'. [ 423.810181][ T4371] netlink: 'syz.0.332': attribute type 29 has an invalid length. [ 423.820483][ T4371] netlink: 'syz.0.332': attribute type 29 has an invalid length. [ 425.686194][ T4381] binder: 4369:4381 ioctl c0306201 0 returned -14 [ 430.264406][ T4390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 430.267103][ T4390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 430.298957][ T4390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 430.301455][ T4390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 430.753620][ T4390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 430.756566][ T4390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 431.350788][ T4396] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 431.352851][ T4396] IPv6: NLM_F_CREATE should be set when creating new route [ 431.768538][ T4400] netlink: 328 bytes leftover after parsing attributes in process `syz.1.344'. [ 434.431887][ T4411] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 434.434054][ T4411] Mem abort info: [ 434.434642][ T4411] ESR = 0x0000000096000006 [ 434.439972][ T4411] EC = 0x25: DABT (current EL), IL = 32 bits [ 434.441677][ T4411] SET = 0, FnV = 0 [ 434.453733][ T4411] EA = 0, S1PTW = 0 [ 434.454553][ T4411] FSC = 0x06: level 2 translation fault [ 434.455537][ T4411] Data abort info: [ 434.456327][ T4411] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 [ 434.457394][ T4411] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 434.458311][ T4411] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 434.459453][ T4411] user pgtable: 4k pages, 52-bit VAs, pgdp=00000000461e1480 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 434.460422][ T4411] [0000000000000000] pgd=08000000492de003, p4d=080000004ba74003, pud=080000004bb18003, pmd=0000000000000000 [ 434.476671][ T4411] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP [ 434.477945][ T4411] Modules linked in: [ 434.479133][ T4411] CPU: 0 PID: 4411 Comm: syz.1.349 Not tainted 6.10.0-rc6-syzkaller-00163-g661e504db04c #0 [ 434.480491][ T4411] Hardware name: linux,dummy-virt (DT) [ 434.481502][ T4411] pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 434.482918][ T4411] pc : copy_page_to_iter+0xb0/0x150 [ 434.484354][ T4411] lr : sk_msg_recvmsg+0xf8/0x37c [ 434.485203][ T4411] sp : ffff80008ba3b9f0 [ 434.486036][ T4411] x29: ffff80008ba3b9f0 x28: 0000000000000000 x27: faf0000009e57000 [ 434.487882][ T4411] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 [ 434.489234][ T4411] x23: 0000000000000000 x22: 00003e0040000000 x21: fff0000000000000 [ 434.491046][ T4411] x20: 0000000000001000 x19: ffff80008ba3bda0 x18: 0000000000000000 [ 434.492580][ T4411] x17: 0000000000000000 x16: 0000000000000000 x15: 0000fffff0716218 [ 434.494456][ T4411] x14: 00000000000001e1 x13: 0000000000000000 x12: ffff800082610028 [ 434.496077][ T4411] x11: 0000000000000001 x10: 306a4287d4592c9e x9 : 3575cd4ed7cd1fb1 [ 434.497724][ T4411] x8 : f8f0000006766d18 x7 : 0000000000000000 x6 : f7f00000091d2160 [ 434.499125][ T4411] x5 : 0000000000000001 x4 : 0000000000000000 x3 : ffff80008ba3bda0 [ 434.500386][ T4411] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff801000000000 [ 434.502017][ T4411] Call trace: [ 434.502680][ T4411] copy_page_to_iter+0xb0/0x150 [ 434.503625][ T4411] sk_msg_recvmsg+0xf8/0x37c [ 434.504356][ T4411] unix_bpf_recvmsg+0x13c/0x4f0 [ 434.505427][ T4411] unix_dgram_recvmsg+0x30/0x4c [ 434.506248][ T4411] ____sys_recvmsg+0x1d0/0x268 [ 434.507137][ T4411] ___sys_recvmsg+0x90/0xe8 [ 434.508033][ T4411] __sys_recvmsg+0x80/0xdc [ 434.509020][ T4411] __arm64_sys_recvmsg+0x24/0x30 [ 434.509747][ T4411] invoke_syscall+0x48/0x118 [ 434.510549][ T4411] el0_svc_common.constprop.0+0x40/0xe0 [ 434.511441][ T4411] do_el0_svc+0x1c/0x28 [ 434.512544][ T4411] el0_svc+0x34/0xf8 [ 434.513450][ T4411] el0t_64_sync_handler+0x100/0x12c [ 434.514270][ T4411] el0t_64_sync+0x19c/0x1a0 [ 434.515602][ T4411] Code: 8b160320 d346fc00 8b0032a0 d503201f (f9400323) [ 434.517258][ T4411] ---[ end trace 0000000000000000 ]--- [ 434.518982][ T4411] Kernel panic - not syncing: Oops: Fatal exception [ 434.520279][ T4411] SMP: stopping secondary CPUs [ 434.521678][ T4411] Kernel Offset: disabled [ 434.522513][ T4411] CPU features: 0x00,00000006,8f17bd7c,1767f6bf [ 434.524372][ T4411] Memory Limit: none [ 434.525922][ T4411] Rebooting in 86400 seconds.. VM DIAGNOSIS: 06:55:33 Registers: info registers vcpu 0 CPU#0 PC=ffff80008198ecbc X00=ffff80008198ecb8 X01=ffff8000812a3ed8 X02=0000000000000000 X03=f9f0000009cabc00 X04=00000000c5ff35e9 X05=0000000000000000 X06=0000000000e292ee X07=0000000000000000 X08=0000000000000000 X09=0000000000000038 X10=0000000000000001 X11=0000000000000000 X12=0000000000007e8a X13=0000000000000000 X14=0000000000000002 X15=1850e935ffc5ee92 X16=bab100004b9bffff X17=1f3ed4d43565867c X18=0000000000000001 X19=ffff8000828c5400 X20=0000000000014ef6 X21=000000650c6a7400 X22=f9f0000009cabc62 X23=0000000000000001 X24=0000000000000000 X25=f9f0000009cabc4e X26=f1f000000763ae40 X27=ffff800082943700 X28=f1f000000ba98e00 X29=ffff800080003870 X30=ffff8000812a3ef0 SP=ffff800080003870 PSTATE=60400009 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0d00000000000000:0d00000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000d00000000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000000000000d:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00d000a800000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000002 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000000000000d:0000000000000002 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffff0716230:0000fffff0716230 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000fffff0716200 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff80008198ecbc X00=ffff80008198ecb8 X01=0000000000000004 X02=0000000000000001 X03=0000000000000000 X04=0000000000000003 X05=0000000000000002 X06=000000000000ef07 X07=0000000000000000 X08=fff000007f8e3d80 X09=0000000000001217 X10=0000000000000001 X11=0000000000000002 X12=0000000000000000 X13=0000000000000000 X14=0000000000000002 X15=0000ffffd3023288 X16=0000000000000000 X17=0000000000000000 X18=0000000000000000 X19=ffff80008271d688 X20=ffff80008271d680 X21=0000000000000000 X22=0000000000000004 X23=ffff80008271d688 X24=0000000000000028 X25=fff000007f8d6340 X26=f0f0000002d3f540 X27=ffff800082613300 X28=ffff8000825ed340 X29=ffff800088c73970 X30=ffff80008198e4d0 SP=ffff800088c73970 PSTATE=214000c9 --C- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0100000000000000:0100000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000100000000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000001:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00d000a800000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000002 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000001:0000000000000002 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffd30232a0:0000ffffd30232a0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffd3023270 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000