last executing test programs: 29.633981394s ago: executing program 1 (id=710): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet_udp(0x2, 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x18) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 29.633614984s ago: executing program 0 (id=711): ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2d50, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x33, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000001300)=ANY=[@ANYBLOB="000457"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 29.444141692s ago: executing program 1 (id=712): r0 = syz_io_uring_setup(0x2b06, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfffffffd}, &(0x7f0000ffd000), &(0x7f0000000600)) io_uring_register$IORING_REGISTER_FILES(r0, 0x14, &(0x7f00000003c0), 0x2) 29.193949571s ago: executing program 1 (id=713): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 28.916770263s ago: executing program 1 (id=714): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x1f, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000014c0)={0x0, 0x0, 0x0}, 0x0) r5 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x1, 0x81, 0x1ff, 0x801, 0x1}, 0x1c) sendmmsg(r5, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvfrom$unix(r5, &(0x7f0000000a40)=""/58, 0x3a, 0x12000, 0x0, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff) 22.447700844s ago: executing program 1 (id=715): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x25, &(0x7f0000000000)={0x1}) fcntl$lock(r1, 0x7, &(0x7f00000006c0)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x5f, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) 19.81913702s ago: executing program 1 (id=716): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="09000000070000000080000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="150000001000000008000000000001", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) open(0x0, 0x802, 0x116) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) mlock(&(0x7f000049d000/0x4000)=nil, 0x4000) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_rr_get_interval(r1, &(0x7f0000000180)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) clock_gettime(0x1, &(0x7f0000000000)={0x0, 0x0}) clock_settime(0x0, &(0x7f0000000040)={r5, r6+10000000}) r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r8 = ioctl$LOOP_CTL_GET_FREE(r7, 0x4c82) ioctl$LOOP_CTL_REMOVE(r7, 0x4c81, r8) 16.543332832s ago: executing program 0 (id=717): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x70bd2b, 0x0, {0x7, r1}, [@MDBA_SET_ENTRY={0x20, 0x1, {r1, 0x0, 0x0, 0x8002, {@ip4=@broadcast, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x4040) 15.901598028s ago: executing program 0 (id=718): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b708000000000000"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000380), 0x1a1a01, 0x0) ioctl$AUTOFS_IOC_FAIL(r4, 0x4c80, 0xffffffffffffffb6) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=ANY=[@ANYBLOB="840000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00300000000000005400128009000100766c616e0000000044000280060001"], 0x84}, 0x1, 0xba01}, 0x0) bind$inet(r6, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10) connect$inet(r6, 0x0, 0x0) sendfile(r6, r5, 0x0, 0x20000023893) 12.803914533s ago: executing program 0 (id=719): openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x2041, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x4d) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r5) r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) getdents64(r6, &(0x7f0000000240)=""/87, 0x57) 6.583610294s ago: executing program 0 (id=720): pipe2$9p(&(0x7f0000000240), 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(r4, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) getresuid(&(0x7f0000000540), &(0x7f0000000580), &(0x7f00000005c0)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ffffffff850000002d000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000001c0)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0xfffffffb}, 0x48, 0xffffffffffffffff) r5 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) r6 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc2}, &(0x7f00000002c0)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd780bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138", 0x18}, 0x48, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x4, r6, r5, r5, 0x0) 0s ago: executing program 0 (id=721): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000008c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000e868495fb58d00b6ad1f50ad32d6ad25dfd73a015e0ca6a0f68a7d007dc6751dfb265a0e3ccae669e173a64bc1cfd514600650a58f145ff1205fc9ddaa275e687d452d64e7cc957d77578f4c25235138d5521f9453559c35da860e8efbc64e57cbb7aee976f2b54421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983cd44c05bd0a48dfe3e26e7a23129d6606ed28a69989d552af6d9a9df2c3af36e0360070011bbecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f163d1a1a83109753f54b21cd027edd68149ee99eebc6f7d6dd4aed4af7588c8e1b44ccb19e810879b81a7000000e7ffffff00000000d7900a820b63278f4e9a217b98ef7042ad2a928903000000cbe43a1ed25268816b00000000000009d27d753a30a147b24a48435bd8a568669596e9e0867958e1dd7a0defb6670c06054002238260000000000040587c1ed797aa21a38e1e389f640a0b8b0000000000a835ad0f61ba739cd0c31b05c00fba8a4aee676d7caa2e53b91a68ff2e60da7b01a2e5785a238afa4aba70c08b0d71b6f72d6a8d87fb08533d97ad96d3943c4cc8306dac433a5cdf78b04963d679d5a5d07e618a1ef9057fec00f9e93021f5a8d30e716de8cde9c6000000000c3b64d10f0939b42b33ab2a8717096c58bb3bb1d457d8bb96870f5a7e2ba31fd69bb80235d957eaa9a40b764e5381ffa604aaafb76a980e72b408f686b185736693089213b4e140f8f38e5589663115093889deb646122a5dc5a9e5ba4d37749a36b880110e2bf524b79bc91105f1d3f7d0de694a9417d68694f17ba5e27ea1cec518b93fadcfe0de010ae9be3273ff73c34b5695080a35bfa5c69e3b533e1b939c81b3beda037b7191cb0000000000000000000010e5d683b8938db5c305cf7e6e62a6890ba9e1f4ee64f8202b59de5036569febfaa95f4633db108b2f786333ec7bacc927f4a1785165b5d2444b4c022bb5cff472e6a0c8ee9d6d8df83b704669147b732ac508c9b9f0ca0a1ce45319d43d4643eb285835daf2065b57bebd61ad6671296c27253a5f9688d57c91ccd40ffe2dbc5dd1613a2e6f5b363cc8d205ce6ef3c3c6ded7dd3dfdb39008d8997213f68cdc971c1d6fdacb7729a5560880a77525e9cfb94ef1735dfe74e6b948697f7e3580436b532a82e315d56b17a5dba98436cc24babaae409f0aab0b40af116001bc85492455956e853ead08b5793d4ecf72378a3dfd9cc837b1c66212d9a2be8fd6341c2f837c7fe09924a51ec42912856cce3d3b2d092c80813aad03e1e63a655f4138730f302df339f30a4fbd453c9a0fba381d071ad7cb80a52bec572e29b0b9b55c235806b97e166609f8083ce776075c"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x2, 0x1, 0x3c}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:51109' (ED25519) to the list of known hosts. syzkaller login: [ 142.814503][ T3308] cgroup: Unknown subsys name 'net' [ 143.013618][ T3308] cgroup: Unknown subsys name 'cpuset' [ 143.054164][ T3308] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 143.664237][ T3308] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 160.125776][ T3314] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 160.155388][ T3314] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 160.541238][ T3313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 160.577688][ T3313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 162.037513][ T3314] hsr_slave_0: entered promiscuous mode [ 162.050903][ T3314] hsr_slave_1: entered promiscuous mode [ 162.710191][ T3313] hsr_slave_0: entered promiscuous mode [ 162.717510][ T3313] hsr_slave_1: entered promiscuous mode [ 162.721336][ T3313] debugfs: 'hsr0' already exists in 'hsr' [ 162.728138][ T3313] Cannot create hsr debugfs directory [ 163.792189][ T3314] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 163.877948][ T3314] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 163.917292][ T3314] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 163.952451][ T3314] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 164.293433][ T3313] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 164.329699][ T3313] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 164.392179][ T3313] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 164.431058][ T3313] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 165.959780][ T3314] 8021q: adding VLAN 0 to HW filter on device bond0 [ 166.376069][ T3313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.468280][ T3314] veth0_vlan: entered promiscuous mode [ 171.513203][ T3314] veth1_vlan: entered promiscuous mode [ 171.818210][ T3314] veth0_macvtap: entered promiscuous mode [ 171.846008][ T3314] veth1_macvtap: entered promiscuous mode [ 172.153914][ T1722] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.164190][ T1722] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.165010][ T1722] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.165474][ T1722] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.396394][ T3313] veth0_vlan: entered promiscuous mode [ 172.468904][ T3313] veth1_vlan: entered promiscuous mode [ 172.848815][ T3313] veth0_macvtap: entered promiscuous mode [ 172.900270][ T3313] veth1_macvtap: entered promiscuous mode [ 173.107769][ T3314] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 173.206516][ T1722] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.208195][ T1722] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.208752][ T1722] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 173.209119][ T1722] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.789579][ T3467] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1'. [ 176.377991][ T3475] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5'. [ 193.500969][ T3508] netlink: 'syz.1.13': attribute type 1 has an invalid length. [ 207.374282][ T3413] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 207.564742][ T3413] usb 1-1: Using ep0 maxpacket: 32 [ 207.649342][ T3413] usb 1-1: config 0 has an invalid interface number: 132 but max is 0 [ 207.654690][ T3413] usb 1-1: config 0 has no interface number 0 [ 207.658410][ T3413] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 207.717449][ T3413] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 207.721303][ T3413] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.725557][ T3413] usb 1-1: Product: syz [ 207.727685][ T3413] usb 1-1: Manufacturer: syz [ 207.729915][ T3413] usb 1-1: SerialNumber: syz [ 207.755971][ T3413] usb 1-1: config 0 descriptor?? [ 208.441520][ T3624] binder: 3615:3624 ioctl 4018620d 0 returned -22 [ 218.051701][ T1908] usb 1-1: USB disconnect, device number 2 [ 224.061262][ T3648] Zero length message leads to an empty skb [ 224.373863][ T3401] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 224.410651][ T3657] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.418911][ T3657] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.573797][ T3401] usb 1-1: Using ep0 maxpacket: 16 [ 224.611698][ T3659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.623690][ T3659] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.734257][ T3401] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 224.734901][ T3401] usb 1-1: config 0 has no interface number 0 [ 224.773956][ T3659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 224.785326][ T3659] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 224.809563][ T3401] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 224.810209][ T3401] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.810471][ T3401] usb 1-1: Product: syz [ 224.810671][ T3401] usb 1-1: Manufacturer: syz [ 224.810897][ T3401] usb 1-1: SerialNumber: syz [ 224.836921][ T3401] usb 1-1: config 0 descriptor?? [ 225.030688][ T3659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.038552][ T3659] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 229.788706][ T3668] fuse: Bad value for 'fd' [ 231.787403][ T3680] fuse: Bad value for 'fd' [ 231.927067][ T3682] syz.1.44 uses obsolete (PF_INET,SOCK_PACKET) [ 232.873643][ T3689] netlink: 452 bytes leftover after parsing attributes in process `syz.1.46'. [ 233.058737][ T3691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 233.068831][ T3691] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 233.210381][ T3693] fuse: Bad value for 'fd' [ 234.469189][ T3706] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.471730][ T3706] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 235.125935][ T1908] usb 1-1: USB disconnect, device number 3 [ 235.823814][ T3720] netlink: 32 bytes leftover after parsing attributes in process `syz.1.59'. [ 236.014771][ T3720] netlink: 32 bytes leftover after parsing attributes in process `syz.1.59'. [ 247.275559][ T3756] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 247.277162][ T3756] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 256.508470][ T3786] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 256.528524][ T3786] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 256.800030][ T3788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 256.806878][ T3788] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 257.053855][ T3788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 257.061023][ T3788] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 257.295370][ T3788] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 257.297657][ T3788] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 265.732222][ T3811] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 270.996947][ T3832] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 270.999511][ T3832] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 271.403802][ T1908] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 271.691416][ T1908] usb 1-1: config 1 interface 0 has no altsetting 0 [ 271.765102][ T1908] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 271.765833][ T1908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.766053][ T1908] usb 1-1: Product: syz [ 271.766251][ T1908] usb 1-1: Manufacturer: syz [ 271.766482][ T1908] usb 1-1: SerialNumber: syz [ 272.319252][ T1908] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 275.818152][ T3850] syz_tun: entered allmulticast mode [ 275.841100][ T3850] syz_tun: left allmulticast mode [ 275.959218][ T3852] fuse: Bad value for 'group_id' [ 275.964309][ T3852] fuse: Bad value for 'group_id' [ 276.836433][ T3857] mmap: syz.1.108 (3857) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 277.450372][ C1] usblp0: nonzero write bulk status received: -71 [ 277.458286][ T11] usb 1-1: USB disconnect, device number 4 [ 277.499163][ T3860] syzkaller0: entered promiscuous mode [ 277.499921][ T3860] syzkaller0: entered allmulticast mode [ 277.630692][ T3860] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 277.637933][ T3829] usblp0: removed [ 278.190140][ T3866] fuse: Bad value for 'group_id' [ 278.190840][ T3866] fuse: Bad value for 'group_id' [ 280.936283][ T3875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 280.939186][ T3875] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 281.926211][ T3872] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 281.929282][ T3872] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 304.834943][ T3932] fuse: Unknown parameter 'grou00000000000000000000' [ 306.930740][ T3945] fuse: Unknown parameter 'group_i00000000000000000000' [ 308.110907][ T3955] fuse: Unknown parameter 'group_i00000000000000000000' [ 309.127599][ T3966] fuse: Unknown parameter 'group_i00000000000000000000' [ 312.696958][ T3993] fuse: Unknown parameter 'group_id00000000000000000000' [ 323.715380][ T4016] fuse: Unknown parameter 'group_id00000000000000000000' [ 324.317884][ T4020] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 324.320652][ T4020] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 325.683619][ T4030] fuse: Bad value for 'user_id' [ 325.684232][ T4030] fuse: Bad value for 'user_id' [ 332.898956][ T11] binder: undelivered freeze notification, 0000000000000000 [ 333.321343][ T4044] fuse: Bad value for 'user_id' [ 333.344561][ T4044] fuse: Bad value for 'user_id' [ 334.050057][ T4006] hid-generic FF00:0000:0013.0001: item fetching failed at offset 4/5 [ 334.058873][ T4006] hid-generic FF00:0000:0013.0001: probe with driver hid-generic failed with error -22 [ 334.591399][ T4054] fuse: Bad value for 'user_id' [ 334.591993][ T4054] fuse: Bad value for 'user_id' [ 335.979315][ T4070] fuse: Bad value for 'fd' [ 337.339751][ T4081] vxcan1: entered allmulticast mode [ 337.431361][ T32] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 337.594659][ T32] usb 1-1: Using ep0 maxpacket: 8 [ 337.619506][ T32] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 337.620377][ T32] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 337.620618][ T32] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.656153][ T32] usb 1-1: config 0 descriptor?? [ 337.900047][ T32] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 338.139568][ C0] iowarrior 1-1:0.0: iowarrior_callback - usb_submit_urb failed with result -19 [ 338.145020][ T11] usb 1-1: USB disconnect, device number 5 [ 338.556159][ T4084] fuse: Bad value for 'fd' [ 339.303600][ T11] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 339.513595][ T11] usb 1-1: unable to get BOS descriptor or descriptor too short [ 339.527351][ T11] usb 1-1: config 1 has an invalid interface number: 4 but max is 2 [ 339.527922][ T11] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 339.530999][ T11] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 339.531289][ T11] usb 1-1: config 1 has no interface number 1 [ 339.531852][ T11] usb 1-1: config 1 interface 4 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 339.532131][ T11] usb 1-1: config 1 interface 4 has no altsetting 0 [ 339.557322][ T11] usb 1-1: language id specifier not provided by device, defaulting to English [ 339.593518][ T11] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 339.594099][ T11] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.594720][ T11] usb 1-1: Product: syz [ 339.595037][ T11] usb 1-1: Manufacturer: 샜穀箽蔜ᩛ᭚놐淓㬷唴㠧虤果ﳥᨑ嚀 [ 339.595375][ T11] usb 1-1: SerialNumber: syz [ 339.917106][ T11] usb 1-1: 0:2 : does not exist [ 340.077864][ T11] usb 1-1: USB disconnect, device number 6 [ 340.632004][ T4072] udevd[4072]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 347.175900][ T4098] fuse: Bad value for 'fd' [ 347.355655][ C1] vxcan1: j1939_tp_rxtimer: 0x000000002dc20601: Timeout. Failed to send simple message. [ 349.096740][ T4111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 349.099504][ T4111] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 349.549122][ T4113] fuse: Bad value for 'fd' [ 361.713739][ T4128] netlink: 120 bytes leftover after parsing attributes in process `syz.0.202'. [ 362.585441][ T4136] fuse: Bad value for 'fd' [ 363.845936][ T4146] fuse: Bad value for 'fd' [ 371.929456][ T4157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 371.939409][ T4157] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 372.117548][ T4159] fuse: Invalid rootmode [ 373.447059][ T4169] syz.1.218 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 373.658319][ T4171] fuse: Invalid rootmode [ 374.670953][ T4181] fuse: Invalid rootmode [ 380.846790][ T4194] fuse: Bad value for 'rootmode' [ 384.290583][ T4207] fuse: Bad value for 'rootmode' [ 392.709841][ T4233] fuse: Bad value for 'rootmode' [ 399.668515][ T4243] netlink: 12 bytes leftover after parsing attributes in process `syz.1.243'. [ 400.317023][ T4250] fuse: Unknown parameter 'use00000000000000000000' [ 401.174452][ T4255] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 401.177292][ T4255] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 402.125251][ T4262] fuse: Unknown parameter 'use00000000000000000000' [ 402.564521][ T32] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 402.753154][ T32] usb 1-1: Using ep0 maxpacket: 8 [ 402.872081][ T32] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 402.874466][ T32] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.874714][ T32] usb 1-1: Product: syz [ 402.874922][ T32] usb 1-1: Manufacturer: syz [ 402.875115][ T32] usb 1-1: SerialNumber: syz [ 403.198416][ T32] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 417.037170][ T1908] usb 1-1: USB disconnect, device number 7 [ 417.127753][ T1908] usblp0: removed [ 417.536594][ T4285] binder: 4283:4285 tried to acquire reference to desc 0, got 1 instead [ 417.571263][ T4285] binder: 4283:4285 got transaction with invalid offsets ptr [ 417.589823][ T4285] binder: 4283:4285 transaction call to 4283:0 failed 15/29201/-14, code 0 size 0-8192 line 3374 [ 417.626990][ T1908] binder: release 4283:4285 transaction 8 out, still active [ 417.629652][ T1908] binder: undelivered TRANSACTION_COMPLETE [ 417.640342][ T1908] binder: undelivered TRANSACTION_ERROR: 29201 [ 417.645345][ T1908] binder: send failed reply for transaction 8, target dead [ 420.317563][ T4298] VFS: Mount too revealing [ 424.898133][ T4312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 424.904594][ T4312] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 426.885441][ T4320] trusted_key: syz.1.269 sent an empty control message without MSG_MORE. [ 443.241120][ T4343] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 452.598906][ T3234] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 452.793448][ T3234] usb 1-1: Using ep0 maxpacket: 16 [ 453.003826][ T3234] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 453.004584][ T3234] usb 1-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00 [ 453.005174][ T3234] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 453.099013][ T3234] usb 1-1: config 0 descriptor?? [ 454.697070][ T3234] hid-generic 0003:04D8:F372.0002: hidraw0: USB HID v10.00 Device [HID 04d8:f372] on usb-dummy_hcd.0-1/input0 [ 454.826373][ T3234] usb 1-1: USB disconnect, device number 8 [ 456.882066][ T4379] fuse: Unknown parameter '0x0000000000000003' [ 457.138085][ T4370] fido_id[4370]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 466.320106][ T4398] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 466.331377][ T4398] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 466.499801][ T4401] fuse: Unknown parameter '0x0000000000000003' [ 467.907912][ T4416] fuse: Unknown parameter '0x0000000000000003' [ 483.847547][ T4438] fuse: Unknown parameter '0x0000000000000003' [ 488.200526][ T4444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 488.206396][ T4444] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 492.184239][ T4455] fuse: Unknown parameter '0x0000000000000003' [ 493.290055][ T4467] fuse: Unknown parameter '0x0000000000000003' [ 500.844259][ T4483] fuse: Unknown parameter 'fd0x0000000000000003' [ 507.628588][ T4496] fuse: Unknown parameter 'fd0x0000000000000003' [ 508.920350][ T4511] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 508.929731][ T4511] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.115111][ T4514] fuse: Unknown parameter 'fd0x0000000000000003' [ 509.868776][ T4516] batadv_slave_0: entered promiscuous mode [ 528.927873][ T4568] netlink: 8 bytes leftover after parsing attributes in process `syz.1.345'. [ 532.702005][ T4575] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 532.715273][ T4575] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 544.789401][ T4595] bond0: (slave macvlan2): Error -98 calling set_mac_address [ 545.875814][ T31] audit: type=1326 audit(545.640:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=4599 comm="syz.0.356" exe="/syz-executor" sig=31 arch=c00000b7 syscall=172 compat=0 ip=0xffffac553b4c code=0x0 [ 552.781325][ T4616] netlink: 16 bytes leftover after parsing attributes in process `syz.1.361'. [ 558.164474][ T4625] syz.1.364: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 558.184295][ T4625] CPU: 0 UID: 0 PID: 4625 Comm: syz.1.364 Not tainted syzkaller #0 PREEMPT [ 558.184752][ T4625] Hardware name: linux,dummy-virt (DT) [ 558.185243][ T4625] Call trace: [ 558.185842][ T4625] show_stack+0x18/0x24 (C) [ 558.186344][ T4625] dump_stack_lvl+0x78/0x90 [ 558.186661][ T4625] dump_stack+0x18/0x24 [ 558.186892][ T4625] warn_alloc+0x124/0x1a8 [ 558.187104][ T4625] __vmalloc_node_range_noprof+0x7e4/0x804 [ 558.187314][ T4625] vmalloc_user_noprof+0x98/0xa8 [ 558.187527][ T4625] xskq_create+0x64/0x98 [ 558.187743][ T4625] xsk_setsockopt+0x1f4/0x320 [ 558.187951][ T4625] do_sock_setsockopt+0xa0/0x18c [ 558.188199][ T4625] __sys_setsockopt+0x80/0xfc [ 558.188462][ T4625] __arm64_sys_setsockopt+0x28/0x38 [ 558.188710][ T4625] invoke_syscall+0x48/0x110 [ 558.188964][ T4625] el0_svc_common.constprop.0+0x40/0xe0 [ 558.189228][ T4625] do_el0_svc+0x1c/0x28 [ 558.189481][ T4625] el0_svc+0x34/0x10c [ 558.189722][ T4625] el0t_64_sync_handler+0xa0/0xe4 [ 558.189952][ T4625] el0t_64_sync+0x1a4/0x1a8 [ 558.224453][ T4625] Mem-Info: [ 558.227292][ T4625] active_anon:13 inactive_anon:5839 isolated_anon:0 [ 558.227292][ T4625] active_file:2012 inactive_file:11732 isolated_file:0 [ 558.227292][ T4625] unevictable:768 dirty:16 writeback:0 [ 558.227292][ T4625] slab_reclaimable:3390 slab_unreclaimable:8158 [ 558.227292][ T4625] mapped:2646 shmem:3210 pagetables:458 [ 558.227292][ T4625] sec_pagetables:0 bounce:0 [ 558.227292][ T4625] kernel_misc_reclaimable:0 [ 558.227292][ T4625] free:455490 free_pcp:4522 free_cma:8000 [ 558.243582][ T4625] Node 0 active_anon:52kB inactive_anon:23356kB active_file:8048kB inactive_file:46928kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:10584kB dirty:64kB writeback:0kB shmem:12840kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:3040kB pagetables:1832kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 558.260761][ T4625] Node 0 DMA free:1821960kB boost:0kB min:22528kB low:28160kB high:33792kB reserved_highatomic:0KB free_highatomic:0KB active_anon:52kB inactive_anon:23356kB active_file:8048kB inactive_file:46928kB unevictable:3072kB writepending:64kB present:2097152kB managed:1988836kB mlocked:0kB bounce:0kB free_pcp:18080kB local_pcp:5300kB free_cma:32000kB [ 558.274514][ T4625] lowmem_reserve[]: 0 0 0 0 0 [ 558.283964][ T4625] Node 0 DMA: 324*4kB (UME) 192*8kB (UME) 167*16kB (UM) 100*32kB (UM) 53*64kB (UME) 44*128kB (UME) 54*256kB (UMEC) 33*512kB (UME) 20*1024kB (UMEC) 16*2048kB (UMEC) 420*4096kB (UMC) = 1822016kB [ 558.315292][ T4625] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 558.319706][ T4625] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=32768kB [ 558.325574][ T4625] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 558.326261][ T4625] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=64kB [ 558.326592][ T4625] 16936 total pagecache pages [ 558.326735][ T4625] 0 pages in swap cache [ 558.326829][ T4625] Free swap = 124996kB [ 558.326955][ T4625] Total swap = 124996kB [ 558.327202][ T4625] 524288 pages RAM [ 558.327311][ T4625] 0 pages HighMem/MovableOnly [ 558.327398][ T4625] 27079 pages reserved [ 558.327497][ T4625] 8192 pages cma reserved [ 558.327617][ T4625] 0 pages hwpoisoned [ 558.598716][ T4630] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 558.600756][ T4630] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 560.978698][ T4641] process 'syz.1.369' launched './file1' with NULL argv: empty string added [ 580.826653][ T4669] random: crng reseeded on system resumption [ 583.176333][ T4680] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 583.196301][ T4680] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 594.738329][ T4699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 594.755408][ T4699] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 596.258946][ T4709] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 596.278150][ T4709] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 597.175905][ T4714] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 597.181885][ T4714] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 605.874910][ T4724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 605.877286][ T4724] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 610.535847][ T4734] netlink: 8 bytes leftover after parsing attributes in process `syz.1.397'. [ 611.239644][ T4736] netlink: 8 bytes leftover after parsing attributes in process `syz.0.398'. [ 614.765585][ T4747] netlink: 4 bytes leftover after parsing attributes in process `syz.0.402'. [ 614.786175][ T4747] netlink: 16 bytes leftover after parsing attributes in process `syz.0.402'. [ 622.014138][ T1908] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 622.203702][ T1908] usb 1-1: Using ep0 maxpacket: 16 [ 622.218299][ T1908] usb 1-1: config 0 has no interfaces? [ 622.235918][ T1908] usb 1-1: config 0 has no interfaces? [ 622.248636][ T1908] usb 1-1: config 0 has no interfaces? [ 622.285786][ T1908] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 622.286554][ T1908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 622.287077][ T1908] usb 1-1: Product: syz [ 622.287382][ T1908] usb 1-1: Manufacturer: syz [ 622.287666][ T1908] usb 1-1: SerialNumber: syz [ 622.341737][ T1908] r8152-cfgselector 1-1: Unknown version 0x0000 [ 622.350300][ T1908] r8152-cfgselector 1-1: config 0 descriptor?? [ 632.703824][ T1908] r8152-cfgselector 1-1: USB disconnect, device number 9 [ 635.874180][ T24] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 636.033810][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 636.087248][ T24] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 636.087893][ T24] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 636.116306][ T24] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 636.116864][ T24] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 636.117450][ T24] usb 1-1: Product: syz [ 636.117621][ T24] usb 1-1: Manufacturer: syz [ 636.176839][ T24] hub 1-1:4.0: USB hub found [ 636.412099][ T24] hub 1-1:4.0: 5 ports detected [ 636.419982][ T24] hub 1-1:4.0: insufficient power available to use all downstream ports [ 636.634894][ T24] hub 1-1:4.0: hub_hub_status failed (err = -71) [ 636.635797][ T24] hub 1-1:4.0: config failed, can't get hub status (err -71) [ 636.785788][ T24] usb 1-1: USB disconnect, device number 10 [ 646.443558][ T3234] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 646.653948][ T3234] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 646.658621][ T3234] usb 1-1: config 0 interface 0 has no altsetting 0 [ 646.661772][ T3234] usb 1-1: New USB device found, idVendor=044e, idProduct=1215, bcdDevice= 0.00 [ 646.667386][ T3234] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 646.706855][ T3234] usb 1-1: config 0 descriptor?? [ 647.214960][ T3234] hid-generic 0003:044E:1215.0003: hidraw0: USB HID v0.04 Device [HID 044e:1215] on usb-dummy_hcd.0-1/input0 [ 647.384956][ T4788] usb 1-1: USB disconnect, device number 11 [ 648.177050][ T4830] fido_id[4830]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 651.211554][ T4844] netlink: 56 bytes leftover after parsing attributes in process `syz.0.436'. [ 658.033772][ T4788] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 658.223527][ T4788] usb 1-1: Using ep0 maxpacket: 16 [ 658.360164][ T4788] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 658.364385][ T4788] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 658.369492][ T4788] usb 1-1: Product: syz [ 658.373106][ T4788] usb 1-1: Manufacturer: syz [ 658.377159][ T4788] usb 1-1: SerialNumber: syz [ 658.466840][ T4788] r8152-cfgselector 1-1: Unknown version 0x0000 [ 658.467215][ T4788] r8152-cfgselector 1-1: config 0 descriptor?? [ 659.013869][ T4788] r8152-cfgselector 1-1: USB disconnect, device number 12 [ 663.350090][ T4867] binder: 4866:4867 context manager tried to acquire desc 0 [ 663.364990][ T4867] binder: 4866:4867 ioctl c0306201 20004a40 returned -22 [ 668.878185][ T4788] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 669.053488][ T4788] usb 1-1: Using ep0 maxpacket: 32 [ 669.215379][ T4788] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 669.220305][ T4788] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 669.359583][ T4788] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 669.364401][ T4788] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.377600][ T4788] usb 1-1: Product: syz [ 669.380224][ T4788] usb 1-1: Manufacturer: syz [ 669.388662][ T4788] usb 1-1: SerialNumber: syz [ 670.033933][ T4788] usb 1-1: 0:2 : does not exist [ 670.115586][ T4788] usb 1-1: 5:0: failed to get current value for ch 1 (-22) [ 670.285319][ T4788] usb 1-1: 5:0: cannot get min/max values for control 2 (id 5) [ 670.393505][ T4788] usb 1-1: 5:0: cannot get min/max values for control 2 (id 5) [ 670.468838][ T4788] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 670.537124][ T4788] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 670.604480][ T4788] usb 1-1: 5:0: cannot get min/max values for control 4 (id 5) [ 670.677324][ T4788] usb 1-1: 5:0: cannot get min/max values for control 5 (id 5) [ 670.741144][ T4788] usb 1-1: 5:0: failed to get current value for ch 1 (-22) [ 670.913739][ T4788] usb 1-1: 5:0: cannot get min/max values for control 8 (id 5) [ 670.978802][ T4788] usb 1-1: 5:0: failed to get current value for ch 1 (-22) [ 676.535052][ T4788] usb 1-1: 5:0: failed to get current value for ch 1 (-22) [ 680.864837][ T4788] usb 1-1: 5:0: cannot get min/max values for control 3 (id 5) [ 680.914266][ T4788] usb 1-1: 5:0: cannot get min/max values for control 5 (id 5) [ 680.964863][ T4788] usb 1-1: USB disconnect, device number 13 [ 681.137330][ T4894] netlink: 4 bytes leftover after parsing attributes in process `syz.0.451'. [ 682.080620][ T4894] netlink: 12 bytes leftover after parsing attributes in process `syz.0.451'. [ 682.895996][ T4857] udevd[4857]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 684.976090][ T4906] pim6reg1: entered promiscuous mode [ 684.976611][ T4906] pim6reg1: entered allmulticast mode [ 686.984311][ T11] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 687.173880][ T11] usb 1-1: Using ep0 maxpacket: 32 [ 687.228945][ T11] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 687.375491][ T11] usb 1-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=2c.d1 [ 687.376044][ T11] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.376247][ T11] usb 1-1: Product: syz [ 687.376430][ T11] usb 1-1: Manufacturer: syz [ 687.376617][ T11] usb 1-1: SerialNumber: syz [ 687.415410][ T11] usb 1-1: config 0 descriptor?? [ 687.915250][ T11] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 687.916188][ T11] asix 1-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 687.935393][ T11] asix 1-1:0.0: probe with driver asix failed with error -71 [ 688.025713][ T11] usb 1-1: USB disconnect, device number 14 [ 695.013109][ T9] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 695.200315][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 695.200807][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 695.201324][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 695.201601][ T9] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 695.201838][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 695.237617][ T9] usb 1-1: config 0 descriptor?? [ 695.713885][ T9] hid-generic 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 695.714238][ T9] hid-generic 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 695.714662][ T9] hid-generic 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 695.714777][ T9] hid-generic 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 695.714903][ T9] hid-generic 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 695.715036][ T9] hid-generic 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 695.715147][ T9] hid-generic 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 695.715286][ T9] hid-generic 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 695.715397][ T9] hid-generic 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 695.715507][ T9] hid-generic 0003:047F:FFFF.0004: unknown main item tag 0x0 [ 695.746190][ T9] hid-generic 0003:047F:FFFF.0004: hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 695.957567][ T9] usb 1-1: USB disconnect, device number 15 [ 696.684649][ T4933] fido_id[4933]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 712.251549][ T3596] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 712.389922][ T3596] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 712.555396][ T3596] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 712.730469][ T3596] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 714.391702][ T3596] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 714.441976][ T3596] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 714.509313][ T3596] bond0 (unregistering): Released all slaves [ 714.785621][ T3596] hsr_slave_0: left promiscuous mode [ 714.797635][ T3596] hsr_slave_1: left promiscuous mode [ 714.881859][ T3596] veth1_macvtap: left promiscuous mode [ 714.897513][ T3596] veth0_macvtap: left promiscuous mode [ 714.898772][ T3596] veth1_vlan: left promiscuous mode [ 714.899413][ T3596] veth0_vlan: left promiscuous mode [ 723.581778][ T4966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 723.648773][ T4966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 728.951758][ T4966] hsr_slave_0: entered promiscuous mode [ 728.980614][ T4966] hsr_slave_1: entered promiscuous mode [ 729.001495][ T4966] debugfs: 'hsr0' already exists in 'hsr' [ 729.011343][ T4966] Cannot create hsr debugfs directory [ 732.254945][ T5043] can: request_module (can-proto-5) failed. [ 732.387958][ T4966] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 732.451698][ T4966] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 732.482004][ T4966] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 732.562024][ T4966] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 733.988537][ T4966] 8021q: adding VLAN 0 to HW filter on device bond0 [ 749.001444][ T4966] veth0_vlan: entered promiscuous mode [ 749.101130][ T4966] veth1_vlan: entered promiscuous mode [ 749.455425][ T4966] veth0_macvtap: entered promiscuous mode [ 749.545147][ T4966] veth1_macvtap: entered promiscuous mode [ 749.977305][ T53] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 749.989471][ T53] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.010033][ T53] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 750.017594][ T53] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 754.503101][ T5132] random: crng reseeded on system resumption [ 756.239939][ T5133] netlink: 4 bytes leftover after parsing attributes in process `syz.0.484'. [ 770.673668][ T31] audit: type=1107 audit(768.230:3): pid=5152 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 817.751889][ T5215] netlink: 'syz.0.510': attribute type 1 has an invalid length. [ 827.814777][ T4788] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 828.095349][ T4788] usb 1-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 828.096015][ T4788] usb 1-1: config 0 interface 0 has no altsetting 0 [ 828.096719][ T4788] usb 1-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00 [ 828.096919][ T4788] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 828.141492][ T4788] usb 1-1: config 0 descriptor?? [ 828.725720][ T4788] hid-generic 0003:04D8:F372.0005: hidraw0: USB HID v80.00 Device [HID 04d8:f372] on usb-dummy_hcd.0-1/input0 [ 828.883709][ T4038] usb 1-1: USB disconnect, device number 16 [ 829.655520][ T5232] fido_id[5232]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 836.484054][ T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 836.738406][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 836.744140][ T9] usb 1-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00 [ 836.747800][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 836.769411][ T9] usb 1-1: config 0 descriptor?? [ 837.273872][ T9] usbhid 1-1:0.0: can't add hid device: -71 [ 837.277629][ T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 837.306116][ T9] usb 1-1: USB disconnect, device number 17 [ 840.506480][ T5271] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 840.524331][ T5271] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 853.584795][ T5292] Driver unsupported XDP return value 0 on prog (id 17) dev N/A, expect packet loss! [ 865.495081][ T5312] veth0_vlan: entered allmulticast mode [ 868.854280][ T5312] veth0_vlan: left promiscuous mode [ 868.860893][ T5312] veth0_vlan: entered promiscuous mode [ 887.147478][ T5330] random: crng reseeded on system resumption [ 916.921154][ T5361] netlink: 'syz.1.553': attribute type 12 has an invalid length. [ 943.270710][ T5407] veth0_vlan: left allmulticast mode [ 948.104312][ T4788] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 948.339087][ T4788] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 948.343816][ T4788] usb 1-1: New USB device found, idVendor=05a4, idProduct=2000, bcdDevice= 0.00 [ 948.349446][ T4788] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 948.380977][ T4788] usb 1-1: config 0 descriptor?? [ 948.866937][ T4788] hid-generic 0003:05A4:2000.0006: item fetching failed at offset 5/7 [ 948.875040][ T4788] hid-generic 0003:05A4:2000.0006: probe with driver hid-generic failed with error -22 [ 949.057390][ T5320] usb 1-1: USB disconnect, device number 18 [ 953.691873][ T32] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 953.948223][ T32] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 953.951295][ T32] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 953.986141][ T32] usb 1-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7 [ 953.988989][ T32] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 953.993583][ T32] usb 1-1: Product: syz [ 954.002467][ T32] usb 1-1: Manufacturer: syz [ 954.012695][ T32] usb 1-1: SerialNumber: syz [ 954.048349][ T32] usb 1-1: config 0 descriptor?? [ 954.147211][ T32] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 954.308450][ T32] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 954.358857][ T32] usb 1-1: USB disconnect, device number 19 [ 955.901892][ T5410] udevd[5410]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 961.612874][ T31] audit: type=1326 audit(1217.382:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5448 comm="syz.1.582" exe="/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffffbd55c068 code=0x0 [ 969.526672][ T5465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 969.545499][ T5465] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 969.885251][ T5468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 969.890824][ T5468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 970.771671][ T5474] netlink: 'syz.1.590': attribute type 3 has an invalid length. [ 970.775040][ T5474] netlink: 'syz.1.590': attribute type 3 has an invalid length. [ 985.056431][ T5505] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 985.073201][ T5505] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1038.742672][ T5616] netlink: 40 bytes leftover after parsing attributes in process `syz.0.634'. [ 1038.743898][ T5616] netlink: 48 bytes leftover after parsing attributes in process `syz.0.634'. [ 1042.697608][ T5625] binder: 5621:5625 BC_CLEAR_DEATH_NOTIFICATION invalid ref 3 [ 1042.699972][ T5625] binder: 5621:5625 DecRefs 0 refcount change on invalid ref 3 ret -22 [ 1042.701412][ T5625] binder: 5621:5625 got transaction to invalid handle, 2 [ 1042.701759][ T5625] binder: 5621:5625 cannot find target node [ 1042.702061][ T5625] binder: 5621:5625 transaction call to 0:0 failed 17/29201/-22, code 0 size 96-24 line 3151 [ 1047.224469][ T5320] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 1047.407818][ T5320] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1047.410955][ T5320] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1047.411492][ T5320] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1047.411784][ T5320] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 1047.411971][ T5320] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1047.440479][ T5320] usb 1-1: config 0 descriptor?? [ 1048.017488][ T5320] hid_parser_main: 5 callbacks suppressed [ 1048.024421][ T5320] hid-generic 0003:1A34:0802.0007: unknown main item tag 0x0 [ 1048.026814][ T5320] hid-generic 0003:1A34:0802.0007: unknown main item tag 0x0 [ 1048.028363][ T5320] hid-generic 0003:1A34:0802.0007: unknown main item tag 0x0 [ 1048.030704][ T5320] hid-generic 0003:1A34:0802.0007: unknown main item tag 0x0 [ 1048.034579][ T5320] hid-generic 0003:1A34:0802.0007: unknown main item tag 0x0 [ 1048.050019][ T5320] hid-generic 0003:1A34:0802.0007: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.0-1/input0 [ 1048.210903][ T24] usb 1-1: USB disconnect, device number 20 [ 1048.308954][ T5638] fido_id[5638]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 1061.338982][ T5656] pim6reg1: entered promiscuous mode [ 1061.339303][ T5656] pim6reg1: entered allmulticast mode [ 1067.628316][ T5677] netlink: 20 bytes leftover after parsing attributes in process `syz.0.653'. [ 1073.468674][ T12] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1073.469389][ T12] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1073.472214][ T12] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1073.472729][ T12] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1078.129400][ T11] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 1078.335648][ T11] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1078.340259][ T11] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1078.340996][ T11] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 1078.341238][ T11] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1078.369445][ T11] usb 1-1: config 0 descriptor?? [ 1080.700752][ T11] usbhid 1-1:0.0: can't add hid device: -71 [ 1080.701761][ T11] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 1081.705873][ T11] usb 1-1: USB disconnect, device number 21 [ 1084.819103][ T5719] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1085.065712][ T5719] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1085.066300][ T5719] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1085.091202][ T5719] veth1_vlan: left promiscuous mode [ 1085.100093][ T5719] veth0_vlan: left promiscuous mode [ 1085.106590][ T5719] veth0_vlan: entered promiscuous mode [ 1085.130770][ T5719] veth1_vlan: entered promiscuous mode [ 1085.166616][ T5719] veth1_macvtap: left promiscuous mode [ 1085.174599][ T5719] veth0_macvtap: left promiscuous mode [ 1085.183622][ T5719] veth0_macvtap: entered promiscuous mode [ 1085.192478][ T5719] veth1_macvtap: entered promiscuous mode [ 1085.665761][ T4865] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1085.666724][ T4865] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1085.680947][ T4865] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1085.681917][ T4865] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1104.475060][ T5758] vlan2: entered allmulticast mode [ 1104.496249][ T5758] bridge_slave_0: entered allmulticast mode [ 1123.537704][ T5807] netlink: 32 bytes leftover after parsing attributes in process `syz.1.696'. [ 1123.538218][ T5807] netlink: 40 bytes leftover after parsing attributes in process `syz.1.696'. [ 1130.067886][ T5828] Restarting kernel threads ... [ 1130.069370][ T5828] Done restarting kernel threads. [ 1139.019258][ T24] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 1139.203675][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1139.204273][ T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1139.204963][ T24] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 1139.205322][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1139.241098][ T24] usb 1-1: config 0 descriptor?? [ 1140.504544][ T24] hid-generic 0003:1E7D:2D50.0008: unknown main item tag 0x0 [ 1140.508336][ T24] hid-generic 0003:1E7D:2D50.0008: unknown main item tag 0x0 [ 1140.511635][ T24] hid-generic 0003:1E7D:2D50.0008: unknown main item tag 0x0 [ 1140.514301][ T24] hid-generic 0003:1E7D:2D50.0008: unknown main item tag 0x0 [ 1140.518017][ T24] hid-generic 0003:1E7D:2D50.0008: unknown main item tag 0x0 [ 1140.661576][ T24] hid-generic 0003:1E7D:2D50.0008: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.0-1/input0 [ 1151.318070][ T24] usb 1-1: USB disconnect, device number 22 [ 1153.925338][ T5875] netlink: 16 bytes leftover after parsing attributes in process `syz.0.718'. [ 1153.925844][ T5875] netlink: 56 bytes leftover after parsing attributes in process `syz.0.718'. [ 1168.399351][ T5886] ------------[ cut here ]------------ [ 1168.399683][ T5886] verifier bug: error during ctx access conversion (0)(1) [ 1168.402605][ T5886] WARNING: CPU: 0 PID: 5886 at kernel/bpf/verifier.c:21452 convert_ctx_accesses+0x9b0/0xb04 [ 1168.412741][ T5886] Modules linked in: [ 1168.416095][ T5886] CPU: 0 UID: 0 PID: 5886 Comm: syz.0.721 Not tainted syzkaller #0 PREEMPT [ 1168.417332][ T5886] Hardware name: linux,dummy-virt (DT) [ 1168.418137][ T5886] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1168.419051][ T5886] pc : convert_ctx_accesses+0x9b0/0xb04 [ 1168.419731][ T5886] lr : convert_ctx_accesses+0x9b0/0xb04 [ 1168.420460][ T5886] sp : ffff800083ea39e0 [ 1168.421056][ T5886] x29: ffff800083ea39e0 x28: f4f0000011f90000 x27: 0000000000000002 [ 1168.422368][ T5886] x26: f1ff80008866d058 x25: 0000000000000000 x24: 0000000000000000 [ 1168.423842][ T5886] x23: ffff8000816c4744 x22: 0000000000000004 x21: 0000000000000002 [ 1168.424886][ T5886] x20: 0000000000000004 x19: ffff80008242a948 x18: 0000000000000000 [ 1168.425951][ T5886] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 1168.427021][ T5886] x14: 00000000000001a5 x13: 0000000000000000 x12: ffff800082911258 [ 1168.428078][ T5886] x11: 00000000000000c0 x10: ed3303a985b85455 x9 : ed1ba6434a8d4c16 [ 1168.429248][ T5886] x8 : faf0000008b3b6f8 x7 : 0000000000000004 x6 : 0000006be677d62d [ 1168.430327][ T5886] x5 : 0000000000000002 x4 : fbffff3fffffffff x3 : 000000000000ffff [ 1168.431401][ T5886] x2 : 0000000000000000 x1 : 0000000000000000 x0 : faf0000008b3a500 [ 1168.432680][ T5886] Call trace: [ 1168.433473][ T5886] convert_ctx_accesses+0x9b0/0xb04 (P) [ 1168.434588][ T5886] bpf_check+0x12f8/0x2aac [ 1168.435294][ T5886] bpf_prog_load+0x634/0xb74 [ 1168.435931][ T5886] __sys_bpf+0x2e0/0x1a3c [ 1168.436463][ T5886] __arm64_sys_bpf+0x24/0x34 [ 1168.437103][ T5886] invoke_syscall+0x48/0x110 [ 1168.437790][ T5886] el0_svc_common.constprop.0+0x40/0xe0 [ 1168.438570][ T5886] do_el0_svc+0x1c/0x28 [ 1168.439180][ T5886] el0_svc+0x34/0x10c [ 1168.439797][ T5886] el0t_64_sync_handler+0xa0/0xe4 [ 1168.440494][ T5886] el0t_64_sync+0x1a4/0x1a8 [ 1168.441406][ T5886] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1169.287132][ T3596] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1169.525150][ T3596] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1169.636466][ T3596] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1169.889160][ T3596] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1171.216110][ T3596] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1171.283023][ T3596] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1171.324741][ T3596] bond0 (unregistering): Released all slaves [ 1171.485644][ T3596] hsr_slave_0: left promiscuous mode [ 1171.490513][ T3596] hsr_slave_1: left promiscuous mode [ 1171.511103][ T3596] veth1_macvtap: left promiscuous mode [ 1171.515889][ T3596] veth0_macvtap: left promiscuous mode [ 1171.517607][ T3596] veth1_vlan: left promiscuous mode [ 1171.519155][ T3596] veth0_vlan: left promiscuous mode [ 1173.084222][ T3596] ------------[ cut here ]------------ [ 1173.084941][ T3596] WARNING: CPU: 1 PID: 3596 at net/ipv6/xfrm6_tunnel.c:341 xfrm6_tunnel_net_exit+0x60/0xb4 [ 1173.086506][ T3596] Modules linked in: [ 1173.087397][ T3596] CPU: 1 UID: 0 PID: 3596 Comm: kworker/u8:10 Tainted: G W syzkaller #0 PREEMPT [ 1173.088521][ T3596] Tainted: [W]=WARN [ 1173.089007][ T3596] Hardware name: linux,dummy-virt (DT) [ 1173.090080][ T3596] Workqueue: netns cleanup_net [ 1173.091169][ T3596] pstate: 61402009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1173.092077][ T3596] pc : xfrm6_tunnel_net_exit+0x60/0xb4 [ 1173.092709][ T3596] lr : xfrm6_tunnel_net_exit+0x40/0xb4 [ 1173.093341][ T3596] sp : ffff800089253c70 [ 1173.093830][ T3596] x29: ffff800089253c70 x28: 0000000000000000 x27: 0000000000000000 [ 1173.094838][ T3596] x26: ffff800082b74940 x25: 0000000000000001 x24: 0000000000000001 [ 1173.095828][ T3596] x23: ffff800082b85218 x22: ffff800082b749b8 x21: ffff800082b749b8 [ 1173.096985][ T3596] x20: f1f0000008b4ac00 x19: fdf000000aaaa000 x18: 0000000000000000 [ 1173.098075][ T3596] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081b63cd0 [ 1173.099183][ T3596] x14: 000000000000015b x13: 0000000000000000 x12: ffff800082911258 [ 1173.100263][ T3596] x11: 00000000000000c0 x10: b559979e6145dcd5 x9 : c4198e59574e2433 [ 1173.101781][ T3596] x8 : f5f0000008b391f8 x7 : 0000000000000004 x6 : ffff80008293d7f0 [ 1173.102952][ T3596] x5 : 0000000000000002 x4 : fbffff3fffffffff x3 : 0000000000000000 [ 1173.104172][ T3596] x2 : 0000000000000000 x1 : faf00000064e9b00 x0 : 0000000000000000 [ 1173.105115][ T3596] Call trace: [ 1173.105518][ T3596] xfrm6_tunnel_net_exit+0x60/0xb4 (P) [ 1173.106317][ T3596] ops_undo_list+0xec/0x23c [ 1173.107248][ T3596] cleanup_net+0x1f4/0x3cc [ 1173.107885][ T3596] process_one_work+0x178/0x2cc [ 1173.108484][ T3596] worker_thread+0x250/0x358 [ 1173.109020][ T3596] kthread+0x130/0x1fc [ 1173.109517][ T3596] ret_from_fork+0x10/0x20 [ 1173.110141][ T3596] ---[ end trace 0000000000000000 ]--- [ 1173.132572][ T3596] ------------[ cut here ]------------ [ 1173.132764][ T3596] WARNING: CPU: 1 PID: 3596 at net/ipv6/xfrm6_tunnel.c:344 xfrm6_tunnel_net_exit+0x94/0xb4 [ 1173.134386][ T3596] Modules linked in: [ 1173.135118][ T3596] CPU: 1 UID: 0 PID: 3596 Comm: kworker/u8:10 Tainted: G W syzkaller #0 PREEMPT [ 1173.136235][ T3596] Tainted: [W]=WARN [ 1173.136730][ T3596] Hardware name: linux,dummy-virt (DT) [ 1173.137342][ T3596] Workqueue: netns cleanup_net [ 1173.138141][ T3596] pstate: 81402009 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1173.139064][ T3596] pc : xfrm6_tunnel_net_exit+0x94/0xb4 [ 1173.139755][ T3596] lr : xfrm6_tunnel_net_exit+0x40/0xb4 [ 1173.140336][ T3596] sp : ffff800089253c70 [ 1173.140883][ T3596] x29: ffff800089253c70 x28: 0000000000000000 x27: 0000000000000000 [ 1173.141950][ T3596] x26: ffff800082b74940 x25: 0000000000000001 x24: 0000000000000001 [ 1173.143051][ T3596] x23: ffff800082b85218 x22: ffff800082b749b8 x21: ffff800082b749b8 [ 1173.144128][ T3596] x20: f1f0000008b4ac00 x19: fdf000000aaaa000 x18: 0000000000000000 [ 1173.145073][ T3596] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081b63cd0 [ 1173.146079][ T3596] x14: 000000000000015b x13: 0000000000000000 x12: ffff800082911258 [ 1173.147147][ T3596] x11: 00000000000000c0 x10: b559979e6145dcd5 x9 : c4198e59574e2433 [ 1173.148189][ T3596] x8 : f5f0000008b391f8 x7 : 0000000000000004 x6 : ffff80008293d7f0 [ 1173.149239][ T3596] x5 : 0000000000000002 x4 : fbffff3fffffffff x3 : 0000000000000000 [ 1173.150307][ T3596] x2 : 0000000000000000 x1 : faf00000064e9b10 x0 : 0000000000000001 [ 1173.151551][ T3596] Call trace: [ 1173.151977][ T3596] xfrm6_tunnel_net_exit+0x94/0xb4 (P) [ 1173.152722][ T3596] ops_undo_list+0xec/0x23c [ 1173.153341][ T3596] cleanup_net+0x1f4/0x3cc [ 1173.153967][ T3596] process_one_work+0x178/0x2cc [ 1173.154584][ T3596] worker_thread+0x250/0x358 [ 1173.155275][ T3596] kthread+0x130/0x1fc [ 1173.155899][ T3596] ret_from_fork+0x10/0x20 [ 1173.156564][ T3596] ---[ end trace 0000000000000000 ]--- [ 1173.228947][ T3596] ------------[ cut here ]------------ [ 1173.229110][ T3596] WARNING: CPU: 1 PID: 3596 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0xc0/0x164 [ 1173.230643][ T3596] Modules linked in: [ 1173.231263][ T3596] CPU: 1 UID: 0 PID: 3596 Comm: kworker/u8:10 Tainted: G W syzkaller #0 PREEMPT [ 1173.232291][ T3596] Tainted: [W]=WARN [ 1173.232750][ T3596] Hardware name: linux,dummy-virt (DT) [ 1173.233406][ T3596] Workqueue: netns cleanup_net [ 1173.234065][ T3596] pstate: 21402009 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 1173.234849][ T3596] pc : xfrm_state_fini+0xc0/0x164 [ 1173.235411][ T3596] lr : xfrm_state_fini+0x3c/0x164 [ 1173.235990][ T3596] sp : ffff800089253c50 [ 1173.236480][ T3596] x29: ffff800089253c50 x28: 0000000000000000 x27: 0000000000000000 [ 1173.237442][ T3596] x26: ffff800082b74940 x25: 0000000000000001 x24: 0000000000000001 [ 1173.238409][ T3596] x23: ffff800082b81e00 x22: ffff800082b749b8 x21: ffff800082b749b8 [ 1173.239529][ T3596] x20: f1f0000008b4ac00 x19: f1f0000008b4ac00 x18: 0000000000000000 [ 1173.240624][ T3596] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000040 [ 1173.241822][ T3596] x14: 00000000000003f8 x13: 0000000000000000 x12: ffff800082911258 [ 1173.242992][ T3596] x11: 0000000000000040 x10: ffff800082939d50 x9 : ffff800082939d48 [ 1173.244101][ T3596] x8 : f1f0000003400028 x7 : 0000000000000000 x6 : 0000000000000000 [ 1173.245151][ T3596] x5 : f1f0000003400000 x4 : f1f0000003400058 x3 : 0000000000000000 [ 1173.246249][ T3596] x2 : 0000000000000000 x1 : f6f000000de5c418 x0 : f1f0000008b4b880 [ 1173.247366][ T3596] Call trace: [ 1173.247884][ T3596] xfrm_state_fini+0xc0/0x164 (P) [ 1173.248652][ T3596] xfrm_net_exit+0x30/0x50 [ 1173.249284][ T3596] ops_undo_list+0xec/0x23c [ 1173.249949][ T3596] cleanup_net+0x1f4/0x3cc [ 1173.250642][ T3596] process_one_work+0x178/0x2cc [ 1173.251378][ T3596] worker_thread+0x250/0x358 [ 1173.252107][ T3596] kthread+0x130/0x1fc [ 1173.252764][ T3596] ret_from_fork+0x10/0x20 [ 1173.253493][ T3596] ---[ end trace 0000000000000000 ]--- VM DIAGNOSIS: 07:08:16 Registers: info registers vcpu 0 CPU#0 PC=ffff8000808edc48 X00=0000000000000002 X01=0000000000000018 X02=ffff800082ce5018 X03=ffff800082aaf170 X04=f2f00000032d4080 X05=0000000000000064 X06=000000000000003a X07=0000000000000000 X08=7f7f7f7f7f7f7f7f X09=ffff800082aaf1a0 X10=0000000000000001 X11=ffff800083ea34d0 X12=ffff8000829ef238 X13=ffff800083ea329d X14=ffff800083ea32a8 X15=ffff800083ea3110 X16=0000000000000000 X17=0000000000000000 X18=00000000ffffffff X19=f4f00000032c1025 X20=ffff8000808edcf8 X21=f2f00000032d4080 X22=f4f00000032c102a X23=0000000000000000 X24=0000000000000000 X25=ffff8000829111f0 X26=00000000000003c0 X27=0000000000000000 X28=faf0000008b3a500 X29=ffff800083ea33c0 X30=ffff8000808edd20 SP=ffff800083ea33c0 PSTATE=824023c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2525252525252525:2525252525252525 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:65642f000a732520:7325207334362e25 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6320737365636361:2078746320676e69 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000ff0000ff00:00ff0000000000ff Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000f00f00f00000f Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6361207874632067:6e6972756420726f Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:207265766f746665:6c20736574796220 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:746120676e697372:6170207265746661 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffff78109c0:0000fffff78109c0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000fffff7810990 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff800081b1acb0 X00=f8f000000af48200 X01=f7f000000502a348 X02=ffff800083ebbd50 X03=0000000000000000 X04=0000000000000000 X05=ffff800081674370 X06=0000000000000000 X07=f8f0000005e6a500 X08=0000000000000000 X09=0000000000000000 X10=3577e95b63a6fb44 X11=f8f0000005e6a500 X12=ffff800082911258 X13=00000000000003e0 X14=0000000000000000 X15=0000000020f51bc0 X16=0000000000000000 X17=0000000000000000 X18=0000000000000000 X19=f6f0000004f99040 X20=f7f0000005029f80 X21=f7f000000502a2b0 X22=0000000000000000 X23=0000000000000002 X24=ffff800083ebbd40 X25=ffffffffffffffff X26=f6f0000004f99040 X27=0000000000000002 X28=000000000003d45d X29=ffff800083ebba00 X30=8ebf80008190d5e4 SP=ffff800083ebbab0 PSTATE=81402009 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2525252525252525:2525252525252525 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000756c6c2570:6f6f6c2f7665642f Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000f0000000f0 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff000000ff00:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:fff000f000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bb448243222c92da:e3914ed4e87380b0 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffffce78760:0000fffffce78760 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000fffffce78730 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000