syzkaller login: [ 288.560241][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 288.589142][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 288.609274][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 299.110326][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:53079' (ECDSA) to the list of known hosts. 1970/01/01 00:05:36 fuzzer started 1970/01/01 00:05:48 dialing manager at localhost:39875 [ 354.746345][ T2026] cgroup: Unknown subsys name 'net' [ 355.791074][ T2026] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:05:55 syscalls: 2870 1970/01/01 00:05:55 code coverage: enabled 1970/01/01 00:05:55 comparison tracing: enabled 1970/01/01 00:05:55 extra coverage: enabled 1970/01/01 00:05:55 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:05:55 setuid sandbox: enabled 1970/01/01 00:05:55 namespace sandbox: enabled 1970/01/01 00:05:55 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:05:55 fault injection: enabled 1970/01/01 00:05:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:05:55 net packet injection: enabled 1970/01/01 00:05:55 net device setup: enabled 1970/01/01 00:05:55 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:05:55 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:05:55 NIC VF setup: PCI device 0000:00:11.0 is not available 1970/01/01 00:05:55 USB emulation: enabled 1970/01/01 00:05:55 hci packet injection: /dev/vhci does not exist 1970/01/01 00:05:55 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:05:55 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:55 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:05:59 fetching corpus: 50, signal 25065/28288 (executing program) 1970/01/01 00:06:03 fetching corpus: 100, signal 44236/48244 (executing program) 1970/01/01 00:06:07 fetching corpus: 149, signal 56974/61665 (executing program) 1970/01/01 00:06:10 fetching corpus: 199, signal 62381/67833 (executing program) 1970/01/01 00:06:12 fetching corpus: 248, signal 65855/72105 (executing program) 1970/01/01 00:06:15 fetching corpus: 298, signal 71864/78549 (executing program) 1970/01/01 00:06:18 fetching corpus: 348, signal 77022/84062 (executing program) 1970/01/01 00:06:21 fetching corpus: 397, signal 80676/88115 (executing program) 1970/01/01 00:06:23 fetching corpus: 446, signal 84375/92102 (executing program) 1970/01/01 00:06:25 fetching corpus: 496, signal 87291/95342 (executing program) 1970/01/01 00:06:28 fetching corpus: 545, signal 91129/99256 (executing program) 1970/01/01 00:06:30 fetching corpus: 594, signal 94403/102565 (executing program) 1970/01/01 00:06:34 fetching corpus: 643, signal 98267/106215 (executing program) 1970/01/01 00:06:37 fetching corpus: 693, signal 100864/108864 (executing program) 1970/01/01 00:06:40 fetching corpus: 743, signal 102697/110826 (executing program) 1970/01/01 00:06:43 fetching corpus: 792, signal 105292/113349 (executing program) 1970/01/01 00:06:46 fetching corpus: 842, signal 107904/115770 (executing program) 1970/01/01 00:06:49 fetching corpus: 892, signal 109264/117197 (executing program) 1970/01/01 00:06:52 fetching corpus: 942, signal 111338/119033 (executing program) 1970/01/01 00:06:54 fetching corpus: 991, signal 112989/120591 (executing program) 1970/01/01 00:06:56 fetching corpus: 1041, signal 114841/122211 (executing program) 1970/01/01 00:06:58 fetching corpus: 1091, signal 116040/123345 (executing program) 1970/01/01 00:07:01 fetching corpus: 1140, signal 117560/124688 (executing program) 1970/01/01 00:07:03 fetching corpus: 1190, signal 120863/127104 (executing program) 1970/01/01 00:07:06 fetching corpus: 1240, signal 122474/128385 (executing program) 1970/01/01 00:07:09 fetching corpus: 1290, signal 124619/129944 (executing program) 1970/01/01 00:07:11 fetching corpus: 1340, signal 127759/132039 (executing program) 1970/01/01 00:07:13 fetching corpus: 1390, signal 130063/133536 (executing program) 1970/01/01 00:07:16 fetching corpus: 1440, signal 131464/134475 (executing program) 1970/01/01 00:07:18 fetching corpus: 1490, signal 133046/135414 (executing program) 1970/01/01 00:07:20 fetching corpus: 1540, signal 134572/136349 (executing program) 1970/01/01 00:07:22 fetching corpus: 1577, signal 135848/137099 (executing program) 1970/01/01 00:07:22 fetching corpus: 1577, signal 135850/137137 (executing program) 1970/01/01 00:07:22 fetching corpus: 1577, signal 135850/137180 (executing program) 1970/01/01 00:07:22 fetching corpus: 1577, signal 135850/137211 (executing program) 1970/01/01 00:07:22 fetching corpus: 1577, signal 135850/137242 (executing program) 1970/01/01 00:07:22 fetching corpus: 1577, signal 135850/137284 (executing program) 1970/01/01 00:07:23 fetching corpus: 1577, signal 135850/137324 (executing program) 1970/01/01 00:07:23 fetching corpus: 1577, signal 135850/137362 (executing program) 1970/01/01 00:07:23 fetching corpus: 1577, signal 135850/137406 (executing program) 1970/01/01 00:07:23 fetching corpus: 1577, signal 135850/137442 (executing program) 1970/01/01 00:07:23 fetching corpus: 1577, signal 135850/137486 (executing program) 1970/01/01 00:07:23 fetching corpus: 1577, signal 135850/137529 (executing program) 1970/01/01 00:07:23 fetching corpus: 1577, signal 135850/137575 (executing program) 1970/01/01 00:07:23 fetching corpus: 1577, signal 135850/137623 (executing program) 1970/01/01 00:07:23 fetching corpus: 1577, signal 135850/137658 (executing program) 1970/01/01 00:07:24 fetching corpus: 1577, signal 135850/137700 (executing program) 1970/01/01 00:07:24 fetching corpus: 1577, signal 135850/137747 (executing program) 1970/01/01 00:07:24 fetching corpus: 1577, signal 135850/137788 (executing program) 1970/01/01 00:07:24 fetching corpus: 1577, signal 135850/137821 (executing program) 1970/01/01 00:07:24 fetching corpus: 1577, signal 135850/137866 (executing program) 1970/01/01 00:07:24 fetching corpus: 1577, signal 135850/137898 (executing program) 1970/01/01 00:07:24 fetching corpus: 1577, signal 135850/137940 (executing program) 1970/01/01 00:07:24 fetching corpus: 1577, signal 135850/137978 (executing program) 1970/01/01 00:07:25 fetching corpus: 1577, signal 135850/138014 (executing program) 1970/01/01 00:07:25 fetching corpus: 1577, signal 135850/138056 (executing program) 1970/01/01 00:07:25 fetching corpus: 1577, signal 135850/138094 (executing program) 1970/01/01 00:07:25 fetching corpus: 1578, signal 135869/138135 (executing program) 1970/01/01 00:07:25 fetching corpus: 1578, signal 135869/138176 (executing program) 1970/01/01 00:07:25 fetching corpus: 1578, signal 135869/138209 (executing program) 1970/01/01 00:07:26 fetching corpus: 1578, signal 135869/138239 (executing program) 1970/01/01 00:07:26 fetching corpus: 1578, signal 135869/138285 (executing program) 1970/01/01 00:07:26 fetching corpus: 1578, signal 135869/138319 (executing program) 1970/01/01 00:07:26 fetching corpus: 1578, signal 135869/138362 (executing program) 1970/01/01 00:07:26 fetching corpus: 1578, signal 135869/138391 (executing program) 1970/01/01 00:07:26 fetching corpus: 1578, signal 135869/138421 (executing program) 1970/01/01 00:07:26 fetching corpus: 1578, signal 135869/138465 (executing program) 1970/01/01 00:07:27 fetching corpus: 1578, signal 135869/138504 (executing program) 1970/01/01 00:07:27 fetching corpus: 1578, signal 135870/138513 (executing program) 1970/01/01 00:07:27 fetching corpus: 1578, signal 135870/138513 (executing program) 1970/01/01 00:09:03 starting 2 fuzzer processes 00:09:04 executing program 0: syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a44000010203010902440001010000000904e3ff0202090000052406000005240000000d240f0100000000000000008009058103"], 0x0) 00:09:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x9}]}, 0x10) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=@ipv6_newrule={0x1c, 0x20, 0x984}, 0x1c}}, 0x0) 00:09:08 executing program 1: r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$ttynull(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x11) ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 574.212231][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 574.348901][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 585.250570][ T2039] device hsr_slave_0 entered promiscuous mode [ 585.319265][ T2039] device hsr_slave_1 entered promiscuous mode [ 594.191395][ T2039] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 594.429496][ T2039] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 594.597782][ T2039] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 594.787455][ T2039] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 605.938245][ T2221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 606.221997][ T2221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 609.641548][ T2039] 8021q: adding VLAN 0 to HW filter on device bond0 [ 610.105029][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 610.249635][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 616.782517][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 616.832179][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 617.030947][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 617.051747][ T25] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 617.992529][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 618.034738][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 619.407159][ T2221] device hsr_slave_0 entered promiscuous mode [ 619.447845][ T2221] device hsr_slave_1 entered promiscuous mode [ 619.471642][ T2221] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 619.477968][ T2221] Cannot create hsr debugfs directory [ 620.088759][ T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 620.137203][ T831] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 620.351902][ T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 620.380050][ T831] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 620.516956][ T2039] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 625.320894][ T2221] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 625.399415][ T2221] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 625.530120][ T2221] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 625.640905][ T2221] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 626.297506][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 626.301221][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 634.589598][ T2221] 8021q: adding VLAN 0 to HW filter on device bond0 [ 635.132124][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 635.192258][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 640.216613][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 640.300670][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 642.276646][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 642.311085][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 642.527031][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 642.582054][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 642.856994][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 643.501200][ T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 643.909106][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 643.948194][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 644.258340][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 644.311706][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 644.641261][ T2221] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 647.750237][ T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 647.806092][ T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 647.901590][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 647.940362][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 648.034557][ T2039] device veth0_vlan entered promiscuous mode [ 648.391834][ T2039] device veth1_vlan entered promiscuous mode [ 649.440563][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 649.487059][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 649.705539][ T2039] device veth0_macvtap entered promiscuous mode [ 649.908026][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 650.000368][ T2039] device veth1_macvtap entered promiscuous mode [ 651.132498][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 651.138982][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 651.331980][ T831] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 651.381886][ T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 651.930948][ T2039] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 651.945151][ T2039] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 651.946722][ T2039] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 651.948125][ T2039] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 652.129319][ T831] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 652.197507][ T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 659.958511][ T2706] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 660.316680][ T2706] usb 1-1: Using ep0 maxpacket: 16 [ 660.509508][ T2706] usb 1-1: config 1 has an invalid interface number: 227 but max is 0 [ 660.512215][ T2706] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 660.524441][ T2706] usb 1-1: config 1 has no interface number 0 [ 660.526006][ T2706] usb 1-1: config 1 interface 227 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 660.527557][ T2706] usb 1-1: config 1 interface 227 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0 [ 660.528788][ T2706] usb 1-1: config 1 interface 227 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 660.531573][ T2706] usb 1-1: config 1 interface 227 has no altsetting 0 [ 660.748510][ T2706] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 660.750473][ T2706] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 660.752192][ T2706] usb 1-1: Product: syz [ 660.778577][ T2706] usb 1-1: Manufacturer: syz [ 660.780044][ T2706] usb 1-1: SerialNumber: syz [ 661.435873][ T2706] cdc_wdm 1-1:1.227: cdc-wdm0: USB WDM device [ 661.799650][ T831] usb 1-1: USB disconnect, device number 2 00:11:03 executing program 0: syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a44000010203010902440001010000000904e3ff0202090000052406000005240000000d240f0100000000000000008009058103"], 0x0) [ 666.476751][ T2027] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 666.785268][ T2027] usb 1-1: Using ep0 maxpacket: 16 [ 666.978258][ T2027] usb 1-1: config 1 has an invalid interface number: 227 but max is 0 [ 666.980042][ T2027] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 666.981624][ T2027] usb 1-1: config 1 has no interface number 0 [ 666.997051][ T2027] usb 1-1: config 1 interface 227 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 666.999296][ T2027] usb 1-1: config 1 interface 227 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0 [ 667.001025][ T2027] usb 1-1: config 1 interface 227 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 667.030955][ T2027] usb 1-1: config 1 interface 227 has no altsetting 0 [ 667.382135][ T2027] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 667.386045][ T2027] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 667.387605][ T2027] usb 1-1: Product: syz [ 667.389174][ T2027] usb 1-1: Manufacturer: syz [ 667.390379][ T2027] usb 1-1: SerialNumber: syz [ 667.816211][ T2027] cdc_wdm 1-1:1.227: cdc-wdm0: USB WDM device [ 668.586987][ T2027] usb 1-1: USB disconnect, device number 3 [ 672.320078][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 672.406052][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready 00:11:12 executing program 0: syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a44000010203010902440001010000000904e3ff0202090000052406000005240000000d240f0100000000000000008009058103"], 0x0) [ 676.066771][ T5] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 676.387734][ T5] usb 1-1: Using ep0 maxpacket: 16 [ 676.536483][ T5] usb 1-1: config 1 has an invalid interface number: 227 but max is 0 [ 676.538077][ T5] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 676.539487][ T5] usb 1-1: config 1 has no interface number 0 [ 676.541137][ T5] usb 1-1: config 1 interface 227 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 676.566187][ T5] usb 1-1: config 1 interface 227 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0 [ 676.568013][ T5] usb 1-1: config 1 interface 227 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 676.569900][ T5] usb 1-1: config 1 interface 227 has no altsetting 0 [ 676.876265][ T5] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 676.877565][ T5] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 676.878740][ T5] usb 1-1: Product: syz [ 676.879632][ T5] usb 1-1: Manufacturer: syz [ 676.880499][ T5] usb 1-1: SerialNumber: syz [ 677.576847][ T5] cdc_wdm 1-1:1.227: cdc-wdm0: USB WDM device [ 678.880115][ T20] usb 1-1: USB disconnect, device number 4 00:11:21 executing program 0: syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a44000010203010902440001010000000904e3ff0202090000052406000005240000000d240f0100000000000000008009058103"], 0x0) [ 683.861695][ T20] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 684.136305][ T20] usb 1-1: Using ep0 maxpacket: 16 [ 684.270717][ T20] usb 1-1: config 1 has an invalid interface number: 227 but max is 0 [ 684.272410][ T20] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 684.278400][ T20] usb 1-1: config 1 has no interface number 0 [ 684.280184][ T20] usb 1-1: config 1 interface 227 altsetting 255 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 684.281914][ T20] usb 1-1: config 1 interface 227 altsetting 255 endpoint 0x81 has invalid wMaxPacketSize 0 [ 684.311043][ T20] usb 1-1: config 1 interface 227 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 684.338280][ T20] usb 1-1: config 1 interface 227 has no altsetting 0 [ 684.503705][ T20] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 684.504971][ T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 684.505882][ T20] usb 1-1: Product: syz [ 684.506594][ T20] usb 1-1: Manufacturer: syz [ 684.507286][ T20] usb 1-1: SerialNumber: syz [ 684.991335][ T20] cdc_wdm 1-1:1.227: cdc-wdm0: USB WDM device [ 685.347943][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 685.395506][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 685.491783][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 685.560914][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 685.609308][ T2029] usb 1-1: USB disconnect, device number 5 [ 685.717463][ T2221] device veth0_vlan entered promiscuous mode [ 686.470678][ T2221] device veth1_vlan entered promiscuous mode [ 688.130254][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 688.221905][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 688.398101][ T2221] device veth0_macvtap entered promiscuous mode [ 688.680280][ T2221] device veth1_macvtap entered promiscuous mode [ 689.509701][ T2221] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 689.514521][ T2221] CPU: 0 PID: 2221 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 689.518393][ T2221] Hardware name: riscv-virtio,qemu (DT) [ 689.519836][ T2221] Call Trace: [ 689.520949][ T2221] [] dump_backtrace+0x2e/0x3c [ 689.522533][ T2221] [] show_stack+0x34/0x40 [ 689.524682][ T2221] [] dump_stack_lvl+0xe4/0x150 [ 689.526182][ T2221] [] dump_stack+0x1c/0x24 [ 689.527515][ T2221] [] panic+0x24a/0x634 [ 689.528794][ T2221] [] schedule+0x0/0x14c [ 689.530188][ T2221] [] preempt_schedule_common+0x4e/0xde [ 689.531624][ T2221] [] preempt_schedule+0x34/0x36 [ 689.533507][ T2221] [] _raw_spin_unlock_irqrestore+0x8c/0x98 [ 689.536074][ T2221] [] debug_check_no_obj_freed+0x14c/0x24a [ 689.537607][ T2221] [] free_pcp_prepare+0x24e/0x45e [ 689.538923][ T2221] [] free_unref_page+0x6a/0x31e [ 689.540325][ T2221] [] __free_pages+0xe2/0x112 [ 689.541687][ T2221] [] __free_slab+0x122/0x27c [ 689.543660][ T2221] [] discard_slab+0x4c/0x7a [ 689.545170][ T2221] [] __unfreeze_partials+0x16a/0x18e [ 689.546612][ T2221] [] put_cpu_partial+0xf6/0x162 [ 689.547971][ T2221] [] __slab_free+0x166/0x29c [ 689.549458][ T2221] [] ___cache_free+0x17c/0x354 [ 689.550856][ T2221] [] qlist_free_all+0x7c/0x132 [ 689.552217][ T2221] [] kasan_quarantine_reduce+0x14c/0x1c8 [ 689.554641][ T2221] [] __kasan_slab_alloc+0x5c/0x98 [ 689.556102][ T2221] [] kmem_cache_alloc_node+0x368/0x41c [ 689.557584][ T2221] [] __alloc_skb+0x234/0x2e4 [ 689.558946][ T2221] [] rtmsg_fib+0x108/0x2be [ 689.560196][ T2221] [] fib_table_insert+0x52a/0xebe [ 689.561555][ T2221] [] fib_magic+0x3f4/0x438 [ 689.563205][ T2221] [] fib_add_ifaddr+0xd2/0x2e2 [ 689.565164][ T2221] [] fib_inetaddr_event+0xfe/0x19e [ 689.566465][ T2221] [] notifier_call_chain+0xb8/0x188 [ 689.567865][ T2221] [] blocking_notifier_call_chain+0x50/0x78 [ 689.569357][ T2221] [] __inet_insert_ifa+0x6ca/0x7e4 [ 689.570673][ T2221] [] inet_rtm_newaddr+0x7c2/0xbc2 [ 689.572106][ T2221] [] rtnetlink_rcv_msg+0x338/0x9a0 [ 689.574550][ T2221] [] netlink_rcv_skb+0xf8/0x2be [ 689.575911][ T2221] [] rtnetlink_rcv+0x26/0x30 [ 689.577283][ T2221] [] netlink_unicast+0x40e/0x5fe [ 689.578636][ T2221] [] netlink_sendmsg+0x4e0/0x994 [ 689.579958][ T2221] [] sock_sendmsg+0xa0/0xc4 [ 689.581398][ T2221] [] __sys_sendto+0x1f2/0x2e0 [ 689.582779][ T2221] [] sys_sendto+0x3e/0x52 [ 689.584236][ T2221] [] ret_from_syscall+0x0/0x2 [ 689.585904][ T2221] SMP: stopping secondary CPUs [ 689.588691][ T2221] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:10:30 Registers: info registers vcpu 0 pc ffffffff826da7ec mhartid 0000000000000000 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 000000000003c20c mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80115c08 x2/sp ffffaf800e663960 x3/gp ffffffff85863ac0 x4/tp ffffaf800ba76100 x5/t0 ffffaf800e7af250 x6/t1 acb744b8e6e1a600 x7/t2 00007ffffbba91b7 x8/s0 ffffaf800e663b40 x9/s1 ffffaf800e7af240 x10/a0 ffffffff80162904 x11/a1 00000000000f0000 x12/a2 0000000000000000 x13/a3 ffffffff8000a062 x14/a4 0000000000000003 x15/a5 ffffaf800e663868 x16/a6 0000000000f00000 x17/a7 acb744b8e6e1a600 x18/s2 0000000000000000 x19/s3 ffffffff80162ac8 x20/s4 ffffaf800e6638f0 x21/s5 ffffffff80473abe x22/s6 0000000000003fff x23/s7 ffffaf800e663900 x24/s8 ffffffff80473abe x25/s9 ffffffffffffc000 x26/s10 ffffaf800e663860 x27/s11 0000000000000008 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001ccc710 x31/t6 0000000000000002 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80dc337e mhartid 0000000000000001 mstatus 00000000000000a0 mip 00000000000002a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475986 sepc ffffffff831afd22 mcause 8000000000000007 scause 8000000000000009 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc337e x2/sp ffffaf801d4fa040 x3/gp ffffffff85863ac0 x4/tp ffffaf800ca13080 x5/t0 ffffffff86bcb657 x6/t1 acb744b8e6e1a600 x7/t2 0000000000000000 x8/s0 ffffaf801d4fa070 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58948 x11/a1 ffff8f800066c000 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc2ca x18/s2 ffff8f800066c001 x19/s3 0000000000000005 x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb6b5 x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f003a9f3b8 x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000