last executing test programs: 5.467354707s ago: executing program 0 (id=1): syz_usb_connect$uac1(0x2, 0x71, &(0x7f0000000c80)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x8, 0x40, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0x9}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x80, 0x86, 0xf6, {0x7, 0x25, 0x1, 0x80, 0xf}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x9, 0xf9, 0x7, {0x7, 0x25, 0x1, 0x0, 0xbb, 0xe}}}}}}}]}}, &(0x7f0000000ec0)={0x0, 0x0, 0x1c, &(0x7f0000000dc0)={0x5, 0xf, 0x1c, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x1c, "cdf1e4c6bed34835c191ec87d73ff2e5"}, @ptm_cap={0x3}]}}) 4.538646139s ago: executing program 1 (id=3): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000004180)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010028bd7000ffdbdf434300000008000300", @ANYRES32=r2, @ANYBLOB='\f\x00X'], 0x28}, 0x1, 0x0, 0x0, 0x8040}, 0x80c4) 3.993433425s ago: executing program 1 (id=4): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="12000000020000000400000002"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1804000000000000000000000000040018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.820227076s ago: executing program 0 (id=5): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 3.786799409s ago: executing program 1 (id=6): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r0, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10) sendmmsg(r0, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) connect$llc(r0, &(0x7f0000000240)={0x1a, 0x309, 0x0, 0x9, 0x2, 0x7, @multicast}, 0x10) 633.900838ms ago: executing program 1 (id=7): timer_create(0x0, 0x0, &(0x7f0000bbdffc)) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = io_uring_setup(0xd71, &(0x7f0000000080)={0x0, 0x21d7, 0x1000, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0xa}, 0x20) 633.501877ms ago: executing program 0 (id=8): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x2, 0x80805, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$can_bcm(0x1d, 0x2, 0x2) sysinfo(&(0x7f0000000000)=""/196) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r4, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x1, 0x400000, 0x12, "3eccd8fd0000000000000010000000040100"}) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000700)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f0, 0x2e0, 0x940c, 0x3002, 0x0, 0x2c0, 0x418, 0x3d8, 0x3d8, 0x418, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1e8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x450) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) 170.793849ms ago: executing program 1 (id=9): syz_usb_connect$uac1(0x2, 0x0, 0x0, &(0x7f0000000ec0)={0x0, 0x0, 0x1c, &(0x7f0000000dc0)={0x5, 0xf, 0x1c, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x1c, "cdf1e4c6bed34835c191ec87d73ff2e5"}, @ptm_cap={0x3}]}}) 0s ago: executing program 1 (id=10): r0 = socket$kcm(0x29, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48) r2 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r2, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000040)={r2, r1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000880)="1a", 0x100000}], 0x1}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:27850' (ED25519) to the list of known hosts. syzkaller login: [ 73.708605][ T3310] cgroup: Unknown subsys name 'net' [ 73.891224][ T3310] cgroup: Unknown subsys name 'cpuset' [ 73.919607][ T3310] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.411203][ T3310] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.210271][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.266359][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.280128][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.336494][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.391770][ T3317] hsr_slave_0: entered promiscuous mode [ 85.395699][ T3317] hsr_slave_1: entered promiscuous mode [ 85.440884][ T3318] hsr_slave_0: entered promiscuous mode [ 85.445937][ T3318] hsr_slave_1: entered promiscuous mode [ 85.448203][ T3318] debugfs: 'hsr0' already exists in 'hsr' [ 85.450425][ T3318] Cannot create hsr debugfs directory [ 86.226987][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.260996][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.292724][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.337848][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.471037][ T3318] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 86.490401][ T3318] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 86.524264][ T3318] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 86.545351][ T3318] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 87.568710][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.616520][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.100619][ T3317] veth0_vlan: entered promiscuous mode [ 91.146585][ T3317] veth1_vlan: entered promiscuous mode [ 91.320863][ T3318] veth0_vlan: entered promiscuous mode [ 91.407102][ T3317] veth0_macvtap: entered promiscuous mode [ 91.424701][ T3318] veth1_vlan: entered promiscuous mode [ 91.483568][ T3317] veth1_macvtap: entered promiscuous mode [ 91.677460][ T3318] veth0_macvtap: entered promiscuous mode [ 91.737582][ T3318] veth1_macvtap: entered promiscuous mode [ 91.748039][ T40] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.750908][ T40] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.765015][ T40] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.772580][ T40] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.173005][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.184841][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.185386][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.185611][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.206520][ T3317] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 93.272906][ T3462] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 93.518100][ T3462] usb 1-1: not running at top speed; connect to a high speed hub [ 93.540882][ T3462] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 93.543611][ T3462] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 93.546626][ T3462] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 93.578636][ T3462] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 93.582156][ T3462] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.583950][ T3462] usb 1-1: Product: syz [ 93.585212][ T3462] usb 1-1: Manufacturer: syz [ 93.586828][ T3462] usb 1-1: SerialNumber: syz [ 93.887018][ T3462] usb 1-1: 0:2 : does not exist [ 93.973396][ T3462] usb 1-1: USB disconnect, device number 2 [ 94.437320][ T3464] udevd[3464]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 97.894811][ T3496] ================================================================== [ 97.898110][ T3496] BUG: KASAN: invalid-access in __memcpy+0xc/0x54 [ 97.900492][ T3496] Write at addr f4ff80008398d2a0 by task syz.1.10/3496 [ 97.900953][ T3496] Pointer tag: [f4], memory tag: [fe] [ 97.901026][ T3496] [ 97.901884][ T3496] CPU: 0 UID: 0 PID: 3496 Comm: syz.1.10 Not tainted syzkaller #0 PREEMPT [ 97.902186][ T3496] Hardware name: linux,dummy-virt (DT) [ 97.902467][ T3496] Call trace: [ 97.902751][ T3496] show_stack+0x18/0x24 (C) [ 97.903061][ T3496] dump_stack_lvl+0x78/0x90 [ 97.903164][ T3496] print_report+0x108/0x61c [ 97.903216][ T3496] kasan_report+0x88/0xac [ 97.903259][ T3496] __do_kernel_fault+0x170/0x1c8 [ 97.903307][ T3496] do_bad_area+0x68/0x78 [ 97.903352][ T3496] do_tag_check_fault+0x34/0x44 [ 97.903447][ T3496] do_mem_abort+0x44/0x94 [ 97.903495][ T3496] el1_abort+0x44/0x68 [ 97.903540][ T3496] el1h_64_sync_handler+0x50/0xac [ 97.903583][ T3496] el1h_64_sync+0x6c/0x70 [ 97.903733][ T3496] __memcpy+0xc/0x54 (P) [ 97.903789][ T3496] do_misc_fixups+0x174/0x1afc [ 97.903837][ T3496] bpf_check+0x1384/0x293c [ 97.903882][ T3496] bpf_prog_load+0x63c/0xd40 [ 97.903931][ T3496] __sys_bpf+0x2e0/0x1a88 [ 97.903972][ T3496] __arm64_sys_bpf+0x24/0x34 [ 97.904013][ T3496] invoke_syscall+0x48/0x110 [ 97.904060][ T3496] el0_svc_common.constprop.0+0x40/0xe0 [ 97.904112][ T3496] do_el0_svc+0x1c/0x28 [ 97.904162][ T3496] el0_svc+0x34/0x128 [ 97.904206][ T3496] el0t_64_sync_handler+0xa0/0xe4 [ 97.904250][ T3496] el0t_64_sync+0x1a4/0x1a8 [ 97.904483][ T3496] [ 97.904720][ T3496] The buggy address belongs to a 1-page vmalloc region starting at 0xf4ff80008398d000 allocated at bpf_check+0x8c/0x293c [ 97.906150][ T3496] The buggy address belongs to the physical page: [ 97.906510][ T3496] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x45f33 [ 97.906859][ T3496] flags: 0x1ffec0000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0xb) [ 97.907781][ T3496] raw: 01ffec0000000000 0000000000000000 dead000000000122 0000000000000000 [ 97.907851][ T3496] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 97.907971][ T3496] page dumped because: kasan: bad access detected [ 97.908012][ T3496] [ 97.908043][ T3496] Memory state around the buggy address: [ 97.908298][ T3496] ffff80008398d000: f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 [ 97.908395][ T3496] ffff80008398d100: f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 f4 fe fe [ 97.908462][ T3496] >ffff80008398d200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 97.908536][ T3496] ^ [ 97.908826][ T3496] ffff80008398d300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 97.908859][ T3496] ffff80008398d400: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 97.908934][ T3496] ================================================================== [ 97.910103][ T3496] Disabling lock debugging due to kernel taint SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 98.762331][ T40] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.846322][ T40] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.945037][ T40] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.060174][ T40] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 99.584353][ T40] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 99.627791][ T40] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 99.656078][ T40] bond0 (unregistering): Released all slaves [ 99.758185][ T40] hsr_slave_0: left promiscuous mode [ 99.762665][ T40] hsr_slave_1: left promiscuous mode [ 99.778891][ T40] veth1_macvtap: left promiscuous mode [ 99.780789][ T40] veth0_macvtap: left promiscuous mode [ 99.785744][ T40] veth1_vlan: left promiscuous mode [ 99.786981][ T40] veth0_vlan: left promiscuous mode [ 101.047073][ T40] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.139381][ T40] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.194052][ T40] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.274018][ T40] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 101.836628][ T40] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 101.853164][ T40] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 101.894948][ T40] bond0 (unregistering): Released all slaves [ 101.975643][ T40] hsr_slave_0: left promiscuous mode [ 101.978796][ T40] hsr_slave_1: left promiscuous mode [ 101.993117][ T40] veth1_macvtap: left promiscuous mode [ 101.993804][ T40] veth0_macvtap: left promiscuous mode [ 101.994576][ T40] veth1_vlan: left promiscuous mode [ 101.995239][ T40] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 17:04:23 Registers: info registers vcpu 0 CPU#0 PC=ffff800081729f38 X00=0000000000000003 X01=0000000000000000 X02=ffff800082debd80 X03=0000000000000000 X04=ffff800082debd7c X05=000000000000ffff X06=00000000fffffffe X07=00000000fffffffa X08=f9f0000006e43718 X09=0000000000000011 X10=f9f0000006e436e2 X11=000000000000005a X12=ffff800082adf268 X13=ffff8000831ebb8d X14=ffff8000831ebb98 X15=ffff8000831eba00 X16=ffff800082de8000 X17=fff07ffffcef4000 X18=00000000ffffffff X19=f6f00000059b9808 X20=0000000000000000 X21=0000000000000001 X22=f6f00000059b9848 X23=0000000000000000 X24=f2f000000323c200 X25=faf0000005c9f500 X26=fcf0000003eeca80 X27=0000000000000001 X28=faf0000005c9f500 X29=ffff800082debb80 X30=8ccf8000816ebf2c SP=ffff800082debb80 PSTATE=a0402009 N-C- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000003801000000:0000003801000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000038 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000028:0000000000000038 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6edc4d3a2914b135:d8e9c869e2695c88 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:b20fae707afde253:388e9c6c4fa85ca0 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffff8100a30:0000fffff8100a30 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000fffff8100a00 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff800080366924 X00=000f41ffc28b7dc0 X01=fcf000000b4e1080 X02=00000000000000c0 X03=0000000000000000 X04=0d1001f6b54c350c X05=ffffc1ffbf7c5d88 X06=ffffc1ffc0000000 X07=fff000007f8ebd40 X08=fff07ffffcf0d000 X09=0000000000000000 X10=0000000000000010 X11=f9f000000b4b74a8 X12=000000000006f0a5 X13=0000000000000003 X14=0000000000000003 X15=0000000000000000 X16=0372000000000000 X17=000000000000ffff X18=0000000000000001 X19=0000000000000014 X20=0000000020831000 X21=f4f00000030e8900 X22=fbf00000062cec00 X23=0000000000000000 X24=fdf0000006a2d840 X25=fff000000b7bf820 X26=0000000000000000 X27=0000000000000000 X28=fcf000000b4e1080 X29=ffff8000860f3b40 X30=ffff8000802b3c64 SP=ffff8000860f3b40 PSTATE=81402009 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb8d76438:0000ffffb8d76450 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb8d76448:0000ffffb8d76490 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb98dca20:0000ffffb8d76430 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb8d76468:0000ffffb8d76440 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb8d76478:0000ffffb8d76470 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb8d76478:0000ffffb8d76470 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb8d76488:0000ffffb8d76480 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffe64798f0:0000ffffe64798f0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffe64798c0 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000