last executing test programs: 3.187878437s ago: executing program 0 (id=130): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x4000) syz_emit_ethernet(0x36, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr, @multicast1}, @timestamp}}}}, 0x0) 2.946278198s ago: executing program 0 (id=131): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240), 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@delchain={0x24, 0x66, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0x9, 0xffff}}}, 0x24}}, 0x810) 2.610933628s ago: executing program 0 (id=132): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000540)={@val={0x8, 0x800}, @val, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}, {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}, 0xfdef) 2.230176612s ago: executing program 0 (id=133): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r0, &(0x7f00000000c0), 0x10) sendto$l2tp(r0, &(0x7f0000000040)="e5786a0d000000000000c83b", 0xc, 0x0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10) recvfrom$l2tp(r0, 0x0, 0x0, 0x2020, 0x0, 0x0) 2.051418308s ago: executing program 0 (id=134): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x0, 0x9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x400000}, 0x48) ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040)) 1.102156702s ago: executing program 1 (id=136): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000640)={{r0}, &(0x7f00000005c0), &(0x7f0000000600)='%pI4 \x00'}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000009c0)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 768.077162ms ago: executing program 1 (id=137): r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b06d25a806c8c6f94f90424fc60640005000a000200053582c137153e3708000180040029000400", 0x33fe0}], 0x1}, 0x0) 547.113332ms ago: executing program 1 (id=138): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001180)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789c9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a85430600f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffd84}, 0x48) r1 = socket$kcm(0x11, 0x200000000000002, 0x300) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cgroup.controllers\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0x12, &(0x7f0000000100)=r2, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x22, 0x0, &(0x7f00000002c0)="b9ff03076808268cb89e14f008001be0ffff00fe4000632f77fbe0000001e0000001", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 460.607119ms ago: executing program 0 (id=139): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000006c0)=""/179, 0xb3}], 0x1}, 0x0) close(0x3) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)}, 0x0) 258.394927ms ago: executing program 1 (id=140): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0x0, 0xfad3, 0x0, 0x0, 0x0, "f6a6756c9832488c"}) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000400)="1876d4", 0x3}], 0x1) 134.328778ms ago: executing program 1 (id=141): socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="dc00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c000280050001000000000008000480040003800800084000000000080008400000000734000f8008000240000000050800024000000b8608000340000047510800034000000003080001400000001f08000340000000012400188008000340000000040800004000000003084300024000000005080003400000002034001980080002002000"], 0xdc}}, 0x0) 0s ago: executing program 1 (id=142): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'pim6reg1\x00', 0x400}) close(0x3) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:10801' (ED25519) to the list of known hosts. syzkaller login: [ 121.911077][ T3190] cgroup: Unknown subsys name 'net' [ 122.325726][ T3190] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 123.180405][ T3190] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 132.221317][ T3198] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 132.255159][ T3198] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 132.617437][ T3197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 132.649079][ T3197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 134.529055][ T3198] hsr_slave_0: entered promiscuous mode [ 134.575934][ T3198] hsr_slave_1: entered promiscuous mode [ 134.881214][ T3197] hsr_slave_0: entered promiscuous mode [ 134.944794][ T3197] hsr_slave_1: entered promiscuous mode [ 135.004082][ T3197] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 135.005288][ T3197] Cannot create hsr debugfs directory [ 136.404371][ T3198] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 136.439520][ T3198] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 136.468431][ T3198] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 136.487750][ T3198] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 136.760607][ T3197] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 136.798127][ T3197] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 136.846148][ T3197] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 136.885787][ T3197] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 138.188269][ T3198] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.686050][ T3197] 8021q: adding VLAN 0 to HW filter on device bond0 [ 144.590862][ T3198] veth0_vlan: entered promiscuous mode [ 144.686338][ T3198] veth1_vlan: entered promiscuous mode [ 144.911362][ T3198] veth0_macvtap: entered promiscuous mode [ 144.956812][ T3198] veth1_macvtap: entered promiscuous mode [ 145.197311][ T3198] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.198758][ T3198] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.200110][ T3198] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.201274][ T3198] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 145.587272][ T3197] veth0_vlan: entered promiscuous mode [ 145.642012][ T3197] veth1_vlan: entered promiscuous mode [ 145.902094][ T3197] veth0_macvtap: entered promiscuous mode [ 145.934912][ T3197] veth1_macvtap: entered promiscuous mode [ 146.330154][ T3197] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.331533][ T3197] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.346988][ T3197] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 146.348286][ T3197] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.726177][ T3354] netlink: 104 bytes leftover after parsing attributes in process `syz.0.8'. [ 155.227042][ T3410] wg2: entered promiscuous mode [ 155.227754][ T3410] wg2: entered allmulticast mode [ 172.938284][ T3594] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 172.948786][ T3594] x_tables: duplicate underflow at hook 1 [ 174.194042][ T3606] process 'syz.0.76' launched '/dev/fd/3' with NULL argv: empty string added [ 175.062389][ T3600] team_slave_0: entered promiscuous mode [ 175.065379][ T3600] team_slave_0: entered allmulticast mode [ 176.043387][ T3622] Zero length message leads to an empty skb [ 181.094500][ T2978] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 181.199146][ T3649] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 181.205808][ T3649] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 181.286240][ T2978] usb 1-1: Using ep0 maxpacket: 16 [ 181.369717][ T2978] usb 1-1: New USB device found, idVendor=17ef, idProduct=720c, bcdDevice=51.90 [ 181.370420][ T2978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.370951][ T2978] usb 1-1: Product: syz [ 181.371394][ T2978] usb 1-1: Manufacturer: syz [ 181.371804][ T2978] usb 1-1: SerialNumber: syz [ 181.425732][ T2978] r8152-cfgselector 1-1: Unknown version 0x0000 [ 181.427099][ T2978] r8152-cfgselector 1-1: config 0 descriptor?? [ 181.651181][ T2978] r8152-cfgselector 1-1: USB disconnect, device number 2 [ 182.119875][ T3655] netlink: 'syz.0.93': attribute type 1 has an invalid length. [ 182.120834][ T3655] netlink: 24 bytes leftover after parsing attributes in process `syz.0.93'. [ 183.018342][ T3660] dvmrp1: entered allmulticast mode [ 184.215079][ T3192] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 184.464260][ T3192] usb 1-1: Using ep0 maxpacket: 8 [ 184.651565][ T3192] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.654929][ T3192] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 184.661006][ T3192] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 184.664066][ T3192] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 184.665816][ T3192] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 184.666942][ T3192] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 184.713284][ C1] hrtimer: interrupt took 539584 ns [ 184.753811][ T3192] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 184.754895][ T3192] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.755811][ T3192] usb 1-1: Product: syz [ 184.756464][ T3192] usb 1-1: Manufacturer: syz [ 184.756922][ T3192] usb 1-1: SerialNumber: syz [ 185.014799][ T3192] cdc_ncm 1-1:1.0: bind() failure [ 185.086240][ T3192] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 185.087352][ T3192] cdc_ncm 1-1:1.1: bind() failure [ 185.121054][ T3192] usb 1-1: USB disconnect, device number 3 [ 185.649419][ T3192] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 185.874155][ T3192] usb 1-1: Using ep0 maxpacket: 8 [ 185.903706][ T3192] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 185.904605][ T3192] usb 1-1: config 179 has no interface number 0 [ 185.905230][ T3192] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 185.906017][ T3192] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 185.906680][ T3192] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 185.907352][ T3192] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 185.909768][ T3192] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 185.910638][ T3192] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 185.911349][ T3192] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.941625][ T3671] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 186.398788][ T2978] usb 1-1: USB disconnect, device number 4 [ 186.399019][ C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 186.401201][ C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 186.439765][ T30] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input1 [ 186.504499][ T2978] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 186.747876][ T3674] capability: warning: `syz.0.100' uses deprecated v2 capabilities in a way that may be insecure [ 191.410217][ T3716] netlink: 12 bytes leftover after parsing attributes in process `syz.1.120'. [ 192.207598][ T3719] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 192.210420][ T3719] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 192.679990][ T3723] netlink: 4 bytes leftover after parsing attributes in process `syz.0.123'. [ 195.116151][ T3743] syzkaller1: entered promiscuous mode [ 195.116923][ T3743] syzkaller1: entered allmulticast mode [ 195.865654][ T10] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 196.053554][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 196.079954][ T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 196.085354][ T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 196.087321][ T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 196.088908][ T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 196.090447][ T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 196.091553][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.328046][ T10] usb 1-1: usb_control_msg returned -32 [ 196.329314][ T10] usbtmc 1-1:16.0: can't read capabilities [ 196.952451][ T3192] usb 1-1: USB disconnect, device number 5 [ 197.364473][ T3761] [U] VÔ [ 197.488868][ T3764] netlink: 52 bytes leftover after parsing attributes in process `syz.1.141'. [ 197.732462][ T3760] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 197.738573][ T3760] Mem abort info: [ 197.740626][ T3760] ESR = 0x0000000096000006 [ 197.742329][ T3760] EC = 0x25: DABT (current EL), IL = 32 bits [ 197.744600][ T3760] SET = 0, FnV = 0 [ 197.746284][ T3760] EA = 0, S1PTW = 0 [ 197.746979][ T3760] FSC = 0x06: level 2 translation fault [ 197.752243][ T3760] Data abort info: [ 197.758325][ T3760] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 [ 197.759355][ T3760] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 197.760831][ T3760] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 197.761904][ T3760] user pgtable: 4k pages, 52-bit VAs, pgdp=0000000045a30f00 [ 197.770042][ T3760] [0000000000000000] pgd=08000000496cf003, p4d=08000000496d3003, pud=08000000467be003, pmd=0000000000000000 [ 197.781802][ T3760] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP [ 197.783545][ T3760] Modules linked in: [ 197.784613][ T3760] CPU: 1 PID: 3760 Comm: syz.0.139 Not tainted 6.10.0-rc7-syzkaller-00025-ga19ea421490d #0 [ 197.786061][ T3760] Hardware name: linux,dummy-virt (DT) [ 197.787224][ T3760] pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 197.788451][ T3760] pc : copy_page_to_iter+0xb0/0x150 [ 197.789500][ T3760] lr : sk_msg_recvmsg+0xf8/0x37c [ 197.790476][ T3760] sp : ffff800089f839f0 [ 197.791153][ T3760] x29: ffff800089f839f0 x28: 0000000000000000 x27: f4f0000009363c00 [ 197.792887][ T3760] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 [ 197.794270][ T3760] x23: 0000000000000000 x22: 00003e0040000000 x21: fff0000000000000 [ 197.795447][ T3760] x20: 0000000000001000 x19: ffff800089f83da0 x18: 0000000000000000 [ 197.796737][ T3760] x17: 0000000000000000 x16: 0000000000000000 x15: 0000ffffc63c4c48 [ 197.797905][ T3760] x14: 000000000000001f x13: 0000000000000000 x12: ffff800082600028 [ 197.799072][ T3760] x11: 0000000000000001 x10: c0ab56bcc0ba11ec x9 : 97a184b79737f16b [ 197.800963][ T3760] x8 : f6f0000009c5c898 x7 : 0000000000000000 x6 : f1f0000009362160 SYZFAIL: failed to recv rpc [ 197.802662][ T3760] x5 : 0000000000000001 x4 : 0000000000000000 x3 : ffff800089f83da0 [ 197.804067][ T3760] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff801000000000 [ 197.805604][ T3760] Call trace: [ 197.806446][ T3760] copy_page_to_iter+0xb0/0x150 [ 197.807305][ T3760] sk_msg_recvmsg+0xf8/0x37c [ 197.808025][ T3760] unix_bpf_recvmsg+0x13c/0x4f0 [ 197.808774][ T3760] unix_dgram_recvmsg+0x30/0x4c [ 197.809503][ T3760] ____sys_recvmsg+0x1d0/0x268 [ 197.810278][ T3760] ___sys_recvmsg+0x90/0xe8 [ 197.810976][ T3760] __sys_recvmsg+0x80/0xdc [ 197.811695][ T3760] __arm64_sys_recvmsg+0x24/0x30 [ 197.812497][ T3760] invoke_syscall+0x48/0x118 [ 197.813685][ T3760] el0_svc_common.constprop.0+0x40/0xe0 [ 197.814495][ T3760] do_el0_svc+0x1c/0x28 [ 197.815102][ T3760] el0_svc+0x34/0xf8 [ 197.815750][ T3760] el0t_64_sync_handler+0x100/0x12c [ 197.816579][ T3760] el0t_64_sync+0x19c/0x1a0 [ 197.817896][ T3760] Code: 8b160320 d346fc00 8b0032a0 d503201f (f9400323) [ 197.819562][ T3760] ---[ end trace 0000000000000000 ]--- [ 197.821360][ T3760] Kernel panic - not syncing: Oops: Fatal exception [ 197.822713][ T3760] SMP: stopping secondary CPUs [ 197.824324][ T3760] Kernel Offset: disabled [ 197.825000][ T3760] CPU features: 0x00,00000006,8f17bd7c,1767f6bf [ 197.826064][ T3760] Memory Limit: none [ 197.827057][ T3760] Rebooting in 86400 seconds.. VM DIAGNOSIS: 08:04:43 Registers: info registers vcpu 0 CPU#0 PC=ffff8000814d0878 X00=0000000000000001 X01=0000000000000002 X02=0000000000000100 X03=faf00000094f8900 X04=faf00000094f8a20 X05=0000000000000100 X06=00000000f0000000 X07=0000000000000000 X08=0000000000000128 X09=ffff8000817ec928 X10=fcf000000930dc00 X11=0000001fb58b909c X12=0000000025f78000 X13=0000000000000400 X14=fcf000000930dc00 X15=0000000000000002 X16=5b700000551fffff X17=db9f9298d2bad4c7 X18=ffff800089f43aa8 X19=0000000000000000 X20=0000000000000003 X21=f0f0000002c4eb00 X22=f6f00000093f4300 X23=f2f00000097b1240 X24=ffff800080002ff8 X25=ffff800080004000 X26=0000000000000036 X27=f0f0000002c4eb00 X28=f0f00000067d6d40 X29=ffff800080002f60 X30=ffff80008198ab00 SP=ffff800080002f60 PSTATE=80400009 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffbc296418:0000ffffbc296430 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffbc296428:0000ffffbc296470 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffbcdfca20:0000ffffbc296410 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffbc296448:0000ffffbc296420 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffbc296458:0000ffffbc296450 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffbc296458:0000ffffbc296450 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffbc296468:0000ffffbc296460 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffdf92d380:0000ffffdf92d380 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffdf92d350 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff80008195d700 X00=ffff80008262b020 X01=000000000000001e X02=ffff8000826e0008 X03=00000000ffffe350 X04=00003fffffffffff X05=00003fffffffffff X06=000000000000000d X07=0000000000000000 X08=ffff80008263d458 X09=ffff800089f83720 X10=ffff8000826db080 X11=fffffffffffc0000 X12=00000000000009f0 X13=fffffffffff8d83f X14=fffffffffffcd840 X15=0000000000000028 X16=0000000000000000 X17=0000000000000000 X18=fffffffffffcd818 X19=fff000007f8e3f69 X20=0000000000000000 X21=ffff800089f8350c X22=0000000000000000 X23=ffff800082178910 X24=0000000000000000 X25=000000000000001e X26=ffff800089f83720 X27=00000000ffffffc8 X28=000000000000001e X29=ffff800089f83360 X30=e69f800081984224 SP=ffff800089f83360 PSTATE=814000c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0200000000000000:0200000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000200000000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000002:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00d000a800000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000002 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000002:0000000000000002 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffc63c4d40:0000ffffc63c4d40 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffc63c4d10 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000