last executing test programs: 3.088798884s ago: executing program 0 (id=135): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000080)={'syztnl0\x00', &(0x7f0000000100)={'syztnl1\x00', 0x0, 0x0, 0x7800, 0x4000000, 0x2, {{0x5, 0x4, 0x0, 0x16, 0x14, 0x0, 0x0, 0x2, 0x4, 0x0, @empty, @local}}}}) 2.577428443s ago: executing program 0 (id=136): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) mmap$KVM_VCPU(&(0x7f0000000000/0x1000)=nil, 0x930, 0x0, 0x40032, 0xffffffffffffffff, 0x0) write$eventfd(r2, &(0x7f00000001c0), 0xff3c) 2.319037774s ago: executing program 0 (id=137): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x4, &(0x7f0000000140)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x100}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x37}, 0x94) 2.318459133s ago: executing program 1 (id=138): bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@cgroup, 0xa, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r0 = socket$kcm(0x2, 0x1, 0x84) setsockopt$sock_attach_bpf(r0, 0x84, 0x9, &(0x7f0000000380), 0x98) 2.051272285s ago: executing program 0 (id=139): r0 = socket$kcm(0x10, 0x400000002, 0x0) setsockopt$sock_attach_bpf(r0, 0x10e, 0xb, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000480)="d8000000180081064e81f7021d080006f6090000000000000015000400142603600e1208000f0000000401a8001600200008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a73536138f00001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683fb70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc50c4cde205a214d366bf196d6931e7cad55c86102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc00"/216, 0xd8}], 0x1}, 0x20004080) 1.752702829s ago: executing program 0 (id=140): r0 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0) socket$kcm(0xa, 0x5, 0x0) syz_open_procfs$namespace(r0, 0x0) 1.533073884s ago: executing program 1 (id=141): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a000000050000000200000004"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000dc0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000001340)=ANY=[@ANYBLOB="0b00000008000000020000000900000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000e80)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200000100000085000000a000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0) 967.295429ms ago: executing program 1 (id=142): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000001040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x5, [@struct={0x3, 0x1, 0x0, 0x4, 0x0, 0x3ff, [{0x2, 0x3, 0x2}]}]}, {0x0, [0x0, 0x0, 0x2e]}}, 0x0, 0x35, 0x0, 0x1, 0xfffffffd}, 0x28) 623.112769ms ago: executing program 1 (id=143): sendmsg$inet(0xffffffffffffffff, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000000000001001"], 0x20}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000001340)=@hci={0x1f, 0x0, 0x2c}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000000)='Gb', 0x5dc}], 0x1}, 0x480c0) 519.04274ms ago: executing program 0 (id=144): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8, 0x0, 0x0}) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) r4 = ioctl$KVM_CREATE_VM(r3, 0x894c, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) ioctl$KVM_ARM_VCPU_INIT(r7, 0x4020aeae, &(0x7f0000000080)={0x5, 0x1}) (async) ioctl$KVM_SET_ONE_REG(r7, 0x4010aeac, &(0x7f00000001c0)=@arm64_sys={0x6030000000138064, &(0x7f00000000c0)=0x8000}) ioctl$KVM_CREATE_VCPU(r4, 0xb702, 0x0) (async) openat$kvm(0x0, &(0x7f0000000080), 0x141001, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000100)) r8 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r9 = syz_kvm_setup_syzos_vm$arm64(r8, &(0x7f0000c00000/0x400000)=nil) r10 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x5, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) (async) r11 = syz_kvm_add_vcpu$arm64(r9, &(0x7f0000000100)={0x0, &(0x7f00000001c0)=[@irq_setup={0x5, 0x18}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r8, 0x2, 0x100) (async) ioctl$KVM_RUN(r11, 0xae80, 0x0) (async) ioctl$KVM_RUN(r10, 0xae80, 0x0) 297.414056ms ago: executing program 1 (id=145): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="180000000114010025bd7000fcdbdf25080001"], 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x4c044) 0s ago: executing program 1 (id=146): bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1802000008000092000000000000000084ffde004500000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:37604' (ED25519) to the list of known hosts. syzkaller login: [ 154.664498][ T3315] cgroup: Unknown subsys name 'net' [ 154.990446][ T3315] cgroup: Unknown subsys name 'cpuset' [ 155.038603][ T3315] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 155.908520][ T3315] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 174.175434][ T3322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.213525][ T3322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 174.656334][ T3323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 174.679979][ T3323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 176.474690][ T3322] hsr_slave_0: entered promiscuous mode [ 176.494143][ T3322] hsr_slave_1: entered promiscuous mode [ 176.990328][ T3323] hsr_slave_0: entered promiscuous mode [ 177.005301][ T3323] hsr_slave_1: entered promiscuous mode [ 177.015246][ T3323] debugfs: 'hsr0' already exists in 'hsr' [ 177.018917][ T3323] Cannot create hsr debugfs directory [ 178.513993][ T3322] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 178.575243][ T3322] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 178.650920][ T3322] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 178.686384][ T3322] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 178.947169][ T3323] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 179.028438][ T3323] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 179.062398][ T3323] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 179.107863][ T3323] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 180.860748][ T3322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 181.466188][ T3323] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.149574][ T3323] veth0_vlan: entered promiscuous mode [ 188.316322][ T3323] veth1_vlan: entered promiscuous mode [ 188.520927][ T3322] veth0_vlan: entered promiscuous mode [ 188.718030][ T3322] veth1_vlan: entered promiscuous mode [ 188.774415][ T3323] veth0_macvtap: entered promiscuous mode [ 188.836481][ T3323] veth1_macvtap: entered promiscuous mode [ 188.995801][ T3322] veth0_macvtap: entered promiscuous mode [ 189.023330][ T3322] veth1_macvtap: entered promiscuous mode [ 189.420306][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.433126][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.459706][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.460820][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.580699][ T14] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.582385][ T14] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.584239][ T14] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.585517][ T14] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.425286][ T3322] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 192.153551][ T3318] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 192.382997][ T3318] usb 1-1: Using ep0 maxpacket: 32 [ 192.482757][ T3318] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 192.483636][ T3318] usb 1-1: config 0 has no interface number 0 [ 192.486381][ T3318] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 192.487426][ T3318] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 192.489317][ T3318] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 192.489723][ T3318] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.536804][ T3318] usb 1-1: config 0 descriptor?? [ 193.150421][ T3318] hid-generic 0003:28BD:0094.0001: unknown main item tag 0x0 [ 193.153971][ T3318] hid-generic 0003:28BD:0094.0001: unknown main item tag 0x0 [ 193.158730][ T3318] hid-generic 0003:28BD:0094.0001: unknown main item tag 0x0 [ 193.159336][ T3318] hid-generic 0003:28BD:0094.0001: unknown main item tag 0x0 [ 193.159718][ T3318] hid-generic 0003:28BD:0094.0001: unknown main item tag 0x0 [ 193.160068][ T3318] hid-generic 0003:28BD:0094.0001: unknown main item tag 0x0 [ 193.160418][ T3318] hid-generic 0003:28BD:0094.0001: unknown main item tag 0x0 [ 193.223999][ T3318] hid-generic 0003:28BD:0094.0001: hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.0-1/input1 [ 195.384729][ T3476] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.390097][ T3476] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 203.391367][ T3098] usb 1-1: USB disconnect, device number 2 [ 222.683412][ T3318] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 222.922657][ T3318] usb 1-1: Using ep0 maxpacket: 32 [ 222.962351][ T3318] usb 1-1: config 0 has an invalid interface number: 12 but max is 0 [ 222.962738][ T3318] usb 1-1: config 0 has no interface number 0 [ 222.963718][ T3318] usb 1-1: config 0 interface 12 has no altsetting 0 [ 223.019523][ T3318] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 223.019963][ T3318] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.023657][ T3318] usb 1-1: Product: syz [ 223.023803][ T3318] usb 1-1: Manufacturer: syz [ 223.023920][ T3318] usb 1-1: SerialNumber: syz [ 223.044948][ T3318] usb 1-1: config 0 descriptor?? [ 225.663909][ T3318] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 225.664899][ T3318] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 225.665543][ T3318] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 225.668539][ T3318] f81534 1-1:0.12: probe with driver f81534 failed with error -71 [ 225.815972][ T3318] usb 1-1: USB disconnect, device number 3 [ 244.996924][ T3571] netlink: 24 bytes leftover after parsing attributes in process `syz.1.33'. [ 247.183748][ T3583] netlink: 28 bytes leftover after parsing attributes in process `syz.0.39'. [ 247.189693][ T3583] netlink: 'syz.0.39': attribute type 7 has an invalid length. [ 247.198792][ T3583] netlink: 'syz.0.39': attribute type 8 has an invalid length. [ 247.206994][ T3583] netlink: 4 bytes leftover after parsing attributes in process `syz.0.39'. [ 249.714180][ T3609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 249.719130][ T3609] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 261.088869][ T40] nci: nci_add_new_protocol: the target found does not have the desired protocol [ 273.027431][ T3742] binder: 3740:3742 tried to acquire reference to desc 0, got 1 instead [ 273.073251][ T3742] binder: 3740:3742 got transaction with invalid parent offset [ 273.074239][ T3742] binder: 3742:3740 failed to fixup parent [ 273.089548][ T3742] binder: 3740:3742 transaction call to 3740:0 failed 5/29201/-22, code 0 size 104-24 line 3698 [ 273.134304][ T3318] binder: undelivered TRANSACTION_ERROR: 29201 [ 274.003884][ T31] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 274.193708][ T31] usb 1-1: Using ep0 maxpacket: 32 [ 274.222325][ T31] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 274.228606][ T31] usb 1-1: config 0 has no interface number 0 [ 274.233418][ T31] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.243109][ T31] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.246558][ T31] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 274.250499][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.285735][ T31] usb 1-1: config 0 descriptor?? [ 274.856899][ T31] hid-generic 0003:28BD:0094.0002: unknown main item tag 0x0 [ 274.868066][ T31] hid-generic 0003:28BD:0094.0002: unknown main item tag 0x0 [ 274.873340][ T31] hid-generic 0003:28BD:0094.0002: unknown main item tag 0x0 [ 274.876355][ T31] hid-generic 0003:28BD:0094.0002: unknown main item tag 0x0 [ 274.879409][ T31] hid-generic 0003:28BD:0094.0002: unknown main item tag 0x0 [ 274.883158][ T31] hid-generic 0003:28BD:0094.0002: unknown main item tag 0x0 [ 274.886027][ T31] hid-generic 0003:28BD:0094.0002: unknown main item tag 0x0 [ 274.913936][ T31] hid-generic 0003:28BD:0094.0002: hidraw0: USB HID v0.00 Device [HID 28bd:0094] on usb-dummy_hcd.0-1/input1 [ 277.677314][ T3766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 277.685835][ T3766] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 278.397426][ T3772] binder: 3771:3772 tried to acquire reference to desc 0, got 1 instead [ 278.406818][ T3772] binder: 3771:3772 got transaction with invalid offset (28, min 0 max 49) or object. [ 278.413632][ T3772] binder: 3771:3772 transaction call to 3771:0 failed 10/29201/-22, code 0 size 49-24 line 3505 [ 278.422635][ T24] binder: undelivered TRANSACTION_ERROR: 29201 [ 278.644611][ T3774] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 278.656262][ T3774] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 281.171853][ C0] hrtimer: interrupt took 1252560 ns [ 281.560976][ T3791] kernel profiling enabled (shift: 63) [ 281.566606][ T3791] profiling shift: 63 too large [ 282.488735][ T3795] netlink: 'syz.1.111': attribute type 10 has an invalid length. [ 282.885421][ T3802] syz.1.113 uses obsolete (PF_INET,SOCK_PACKET) [ 282.917333][ T3802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.113'. [ 285.067260][ T3318] usb 1-1: USB disconnect, device number 4 [ 285.500007][ T3805] capability: warning: `syz.0.114' uses deprecated v2 capabilities in a way that may be insecure [ 285.512914][ T3805] ucma_write: process 123 (syz.0.114) changed security contexts after opening file descriptor, this is not allowed. [ 286.943452][ T3318] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 287.182619][ T3318] usb 1-1: Using ep0 maxpacket: 8 [ 287.335509][ T3318] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 287.336273][ T3318] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.336911][ T3318] usb 1-1: Product: syz [ 287.337099][ T3318] usb 1-1: Manufacturer: syz [ 287.337268][ T3318] usb 1-1: SerialNumber: syz [ 287.409168][ T3318] usb 1-1: config 0 descriptor?? [ 287.537871][ T3819] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 287.540433][ T3819] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 287.812391][ T3821] process 'syz.1.121' launched './file1' with NULL argv: empty string added [ 288.265635][ T3825] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 288.275599][ T3825] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.141329][ T3839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.144952][ T3839] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 297.486367][ T3857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 297.488229][ T3857] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 297.733565][ T3746] usb 1-1: USB disconnect, device number 5 [ 298.008346][ T3859] binder: 3858:3859 tried to acquire reference to desc 0, got 1 instead [ 298.017240][ T3859] binder: 3858:3859 got transaction with invalid offsets ptr [ 298.022903][ T3859] binder: 3858:3859 transaction call to 3858:0 failed 15/29201/-22, code 0 size 104-24 line 3734 [ 298.028876][ T3746] binder: undelivered TRANSACTION_ERROR: 29201 [ 298.574355][ T3318] atkbd serio0: keyboard reset failed on [ 301.564836][ T3891] ------------[ cut here ]------------ [ 301.568592][ T3891] WARNING: CPU: 0 PID: 3891 at arch/arm64/kvm/sys_regs.c:2353 kvm_set_vm_id_reg+0x60/0xf4 [ 301.578005][ T3891] Modules linked in: [ 301.581926][ T3891] CPU: 0 UID: 0 PID: 3891 Comm: syz.0.144 Not tainted syzkaller #0 PREEMPT [ 301.583446][ T3891] Hardware name: linux,dummy-virt (DT) [ 301.584453][ T3891] pstate: a1402009 (NzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 301.585335][ T3891] pc : kvm_set_vm_id_reg+0x60/0xf4 [ 301.585995][ T3891] lr : kvm_finalize_sys_regs+0x88/0x244 [ 301.586889][ T3891] sp : ffff800089f73ab0 [ 301.587474][ T3891] x29: ffff800089f73ab0 x28: f6f000000a51a580 x27: 0000000000000000 [ 301.588968][ T3891] x26: 0000000000000000 x25: fbf000000a5b9ca0 x24: 0000000000000000 [ 301.590262][ T3891] x23: fbf000000a5b9ce8 x22: 0000000000000000 x21: f8ff80008a075bd0 [ 301.591100][ T3891] x20: f8ff80008a075000 x19: fbf000000a5b9ca0 x18: 00000000ffffffff [ 301.592616][ T3891] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800089f73a90 [ 301.594070][ T3891] x14: ffff800089f73d98 x13: ffff800089f73d5a x12: 0000000000000000 [ 301.595255][ T3891] x11: 0000000000000000 x10: 0000000000000000 x9 : 000000000000006a [ 301.596360][ T3891] x8 : ffff800089f73da8 x7 : f8f000000505dffc x6 : 0000000000000069 [ 301.597493][ T3891] x5 : f6f000000a51a580 x4 : 0000000000000001 x3 : f8ff80008a075d18 [ 301.598480][ T3891] x2 : 1101001020110222 x1 : 0000000000000000 x0 : f8ff80008a075000 [ 301.599689][ T3891] Call trace: [ 301.600436][ T3891] kvm_set_vm_id_reg+0x60/0xf4 (P) [ 301.601649][ T3891] kvm_finalize_sys_regs+0x88/0x244 [ 301.602680][ T3891] kvm_arch_vcpu_run_pid_change+0x8c/0x36c [ 301.603398][ T3891] kvm_vcpu_ioctl+0x7f8/0x878 [ 301.604109][ T3891] __arm64_sys_ioctl+0xac/0x104 [ 301.604826][ T3891] invoke_syscall+0x48/0x110 [ 301.605682][ T3891] el0_svc_common.constprop.0+0x40/0xe0 [ 301.606455][ T3891] do_el0_svc+0x1c/0x28 [ 301.607160][ T3891] el0_svc+0x34/0x10c [ 301.607820][ T3891] el0t_64_sync_handler+0xa0/0xe4 [ 301.608541][ T3891] el0t_64_sync+0x1a4/0x1a8 [ 301.609465][ T3891] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 302.724066][ T40] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.920693][ T40] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.066575][ T40] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 303.319589][ T40] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.646843][ T40] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 304.705367][ T40] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 304.748824][ T40] bond0 (unregistering): Released all slaves [ 304.918065][ T40] hsr_slave_0: left promiscuous mode [ 304.924099][ T40] hsr_slave_1: left promiscuous mode [ 304.946059][ T40] veth1_macvtap: left promiscuous mode [ 304.946601][ T40] veth0_macvtap: left promiscuous mode [ 304.947361][ T40] veth1_vlan: left promiscuous mode [ 304.947799][ T40] veth0_vlan: left promiscuous mode [ 307.399186][ T40] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.509723][ T40] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.599479][ T40] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 307.700479][ T40] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.987652][ T40] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 309.046842][ T40] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 309.098703][ T40] bond0 (unregistering): Released all slaves [ 309.299079][ T40] hsr_slave_0: left promiscuous mode [ 309.307967][ T40] hsr_slave_1: left promiscuous mode [ 309.350653][ T40] veth1_macvtap: left promiscuous mode [ 309.352181][ T40] veth0_macvtap: left promiscuous mode [ 309.353010][ T40] veth1_vlan: left promiscuous mode [ 309.353484][ T40] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 02:01:18 Registers: info registers vcpu 0 CPU#0 PC=ffff8000801959e0 X00=ffff80008268a810 X01=f1f000000af9f240 X02=0000000000000000 X03=0000000000000000 X04=0000000000000000 X05=f6f000000a51a580 X06=00000000000affa8 X07=ffff8000829af978 X08=c0000000ffffdfff X09=000000000002ffe8 X10=0000000000000001 X11=0000000000000001 X12=ffff800082a5fa00 X13=ffff800089f735b8 X14=00000000ffffffea X15=ffff800089f73200 X16=0000000000000000 X17=0000000000000000 X18=00000000ffffffff X19=ffff800089f73970 X20=f6f000000a51ad40 X21=ffff80008268a810 X22=ffff80008006e120 X23=0000000000000009 X24=0000000000000000 X25=0000000000000f33 X26=0000000000000000 X27=000000000000001d X28=f6f000000a51a580 X29=ffff800089f73710 X30=ffff800081b3b364 SP=ffff800089f736e0 PSTATE=824023c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000018:0000000000000005 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb9176428:0000ffffb9176440 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb9176438:0000ffffb9176480 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb9cdca20:0000ffffb9176420 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb9176458:0000ffffb9176430 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb9176468:0000ffffb9176460 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb9176468:0000ffffb9176460 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb9176478:0000ffffb9176470 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffea3d0ff0:0000ffffea3d0ff0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffea3d0fc0 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff8000800122d4 X00=0000ffffb31ff360 X01=0000ffffb31fec20 X02=0000ffffb31ff430 X03=0000ffffb31ffaa0 X04=0000ffffb31ff430 X05=0000ffffb31ffaa0 X06=0000ffffb31ff430 X07=0000ffffb31d0000 X08=00000000000000dc X09=0000000000000000 X10=0000ffffb3338240 X11=00000000003d0f00 X12=0000ffffb31ff360 X13=0000fffff2c83560 X14=0000000000000001 X15=0000000000000000 X16=0000000000000001 X17=0000ffffb3349440 X18=0000000000003a98 X19=0000ffffb31ff360 X20=0000ffffb356e000 X21=0000fffff2c83cb0 X22=0000fffff2c83bb6 X23=0000000000000000 X24=0000fffff2c83bb7 X25=000000000002ec20 X26=0000ffffb31d0000 X27=0000ffffb31d0000 X28=0000ffffb31ff360 X29=0000000000000000 X30=0000ffffb335d01c SP=ffff80008a07c000 PSTATE=414023c9 -Z-- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb3576428:0000ffffb3576440 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb3576438:0000ffffb3576480 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb40dca20:0000ffffb3576420 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb3576458:0000ffffb3576430 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb3576468:0000ffffb3576460 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb3576468:0000ffffb3576460 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb3576478:0000ffffb3576470 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffff2c83f10:0000fffff2c83f10 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000fffff2c83ee0 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000