last executing test programs: 10.618927029s ago: executing program 1 (id=5232): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x26e1, 0x0) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff}) sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[], 0x33fe0}}, 0x0) r2 = io_uring_setup(0x68e7, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x3c9, 0x0, r0}) sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x8010}, 0x0) close(r1) close(0xffffffffffffffff) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.numa_stat\x00', 0x26e1, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) setsockopt$sock_timeval(r3, 0x1, 0x15, &(0x7f0000000040)={0x0, 0xea60}, 0x10) sendmsg$nl_xfrm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[], 0x33fe0}}, 0x0) close(r2) 9.774280246s ago: executing program 1 (id=5233): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)=';', 0xfffffdef}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000400)="bb", 0x1}], 0x1}}], 0x2, 0x16da) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xc8, 0x0, 0xc000000) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd1, &(0x7f0000000080)=0x1, 0x4) close_range(r0, 0xffffffffffffffff, 0x2) 9.578158819s ago: executing program 1 (id=5234): r0 = fcntl$getown(0xffffffffffffffff, 0x9) r1 = openat$dir(0xffffffffffffff9c, 0x0, 0x541, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, 0x0, 0x0) r2 = openat$dlm_control(0xffffff9c, 0x0, 0x0, 0x0) close(r2) openat$iommufd(0xffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, 0x0) prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0xa, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) r3 = syz_clone(0x88200, 0x0, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0xe, 0x0, 0x0) getpgid(r3) 8.2571401s ago: executing program 1 (id=5236): getsockname(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f00000001c0)) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0x5451, 0x0) mlockall(0x1) r1 = signalfd4(0xffffffffffffffff, &(0x7f00000000c0), 0x8, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r1, 0x5450, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCGIFADDR(r2, 0x8915, &(0x7f0000000240)={'lo\x00', {0x2, 0x0, @multicast1}}) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x980, 0x0) ioctl$KDGKBENT(r3, 0x5401, 0x0) 7.059353408s ago: executing program 0 (id=5237): r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) write$binfmt_script(r1, &(0x7f0000000340), 0xffffff46) r2 = dup3(r1, r0, 0x0) write$P9_RRENAME(r2, &(0x7f0000000000)={0x7, 0x15, 0x1}, 0x7) close(r0) close(0xffffffffffffffff) r3 = socket$l2tp6(0xa, 0x2, 0x73) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) dup3(r4, r3, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x0, @tid=0xffffffffffffffff}, &(0x7f00000000c0)) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x13}, &(0x7f0000000140)=0x0) timer_settime(r5, 0x0, &(0x7f00000010c0)={{}, {0x0, 0x989680}}, 0x0) 5.74083769s ago: executing program 0 (id=5238): openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x98000, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000000)={r0}) r2 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000002080), 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) ioctl$BTRFS_IOC_BALANCE_V2(r2, 0x5450, 0x0) getsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000080), &(0x7f0000000100)=0x4) ioctl$TUNSETQUEUE(r1, 0x5452, &(0x7f00000002c0)={'ipvlan0\x00'}) r3 = socket$nl_route(0x10, 0x3, 0x0) openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder-control\x00', 0x0, 0x0) recvmsg(r3, &(0x7f0000000180)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}, 0x0) close(r4) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0x5450, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 3.067900577s ago: executing program 0 (id=5239): r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x880841, 0x0) write$FUSE_DIRENT(r0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) dup(0xffffffffffffffff) openat$tun(0xffffffffffffff9c, 0x0, 0x441, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = memfd_create(&(0x7f0000002bc0)='bridge_slave_0\x00', 0x0) write$P9_RVERSION(r1, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002280), 0x2, 0x0) syz_socket_connect_nvme_tcp() openat$urandom(0xffffffffffffff9c, &(0x7f0000002240), 0x400, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r2 = mq_open(&(0x7f0000001100)='trusted.overlay.redirect\x00', 0x40, 0x1, &(0x7f0000001140)={0x20000000000000, 0x6, 0x7ffe}) read$char_usb(r2, 0x0, 0x0) 2.900285916s ago: executing program 0 (id=5240): ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0x5451, 0x0) syz_open_dev$ttys(0xc, 0x2, 0x1) r0 = epoll_create1(0x0) pipe2$9p(0x0, 0x0) write$P9_RSETATTR(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)) fcntl$lock(r1, 0x7, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system', 0x0, 0x0) r2 = socket(0x1, 0x3, 0x0) recvmsg$inet_nvme(r2, &(0x7f00000014c0)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0}, 0x0) close(r3) timer_settime(0x0, 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x5450, 0x0) 2.699755939s ago: executing program 1 (id=5241): r0 = io_uring_setup(0x6a0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0xfffffffe}) r1 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000600)={0x1d, r2, 0x5}, 0x18) sendmsg$NL80211_CMD_REQ_SET_REG(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x14}}, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x1, 0x0, 0x0) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @dev}, 0x10) r4 = fcntl$dupfd(r3, 0x0, r3) write$P9_RREADDIR(r4, 0x0, 0x0) recvfrom$inet(r4, 0x0, 0x0, 0x0, 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) 251.798291ms ago: executing program 0 (id=5242): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x1800) r1 = semget$private(0x0, 0x4, 0x0) semctl$GETZCNT(r1, 0x0, 0xf, &(0x7f0000000000)=""/72) ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000080)={0x0, 0x0, 0x5}) socket$inet_udp(0x2, 0x2, 0x0) eventfd2(0x0, 0x0) socket$inet6(0xa, 0x1, 0x0) ioctl$FITHAW(0xffffffffffffffff, 0x5450) openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) msgctl$IPC_STAT(r1, 0x2, &(0x7f0000002c40)=""/133) getcwd(&(0x7f0000000080)=""/4096, 0x1000) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x541b, &(0x7f0000000040)) socket$inet_tcp(0x2, 0x1, 0x0) 108.704938ms ago: executing program 0 (id=5243): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$NS_GET_OWNER_UID(r1, 0x8901, &(0x7f0000000040)) r2 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$FITRIM(r2, 0x5450, 0x0) r3 = openat$cgroup_pressure(r0, &(0x7f0000000040)='cpu.pressure\x00', 0xe0, 0x0) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff) recvmsg(r4, &(0x7f0000000180)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}, 0x0) close(r5) ioctl$SIOCGSKNS(r3, 0x5451, 0x0) 0s ago: executing program 1 (id=5244): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x11, r3, 0x0) r7 = mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r5, 0x3, 0x11, r4, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r7, 0xffffffffffffffff) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1}) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r6, 0xfffffffffffffffe) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:13287' (ED25519) to the list of known hosts. syzkaller login: [ 134.421461][ T3312] cgroup: Unknown subsys name 'net' [ 134.685229][ T3312] cgroup: Unknown subsys name 'cpuset' [ 134.716286][ T3312] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 135.387577][ T3312] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 151.515669][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 151.530217][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 151.821906][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 151.846244][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 152.971374][ T3318] hsr_slave_0: entered promiscuous mode [ 152.987999][ T3318] hsr_slave_1: entered promiscuous mode [ 153.414185][ T3317] hsr_slave_0: entered promiscuous mode [ 153.418647][ T3317] hsr_slave_1: entered promiscuous mode [ 153.427158][ T3317] debugfs: 'hsr0' already exists in 'hsr' [ 153.427985][ T3317] Cannot create hsr debugfs directory [ 154.880604][ T3318] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 154.960825][ T3318] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 155.043432][ T3318] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 155.091126][ T3318] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 155.417269][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 155.451407][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 155.482816][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 155.520564][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 157.162167][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.492437][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 162.912052][ T3318] veth0_vlan: entered promiscuous mode [ 163.012766][ T3318] veth1_vlan: entered promiscuous mode [ 163.356897][ T3318] veth0_macvtap: entered promiscuous mode [ 163.455058][ T3317] veth0_vlan: entered promiscuous mode [ 163.477126][ T3318] veth1_macvtap: entered promiscuous mode [ 163.607295][ T3317] veth1_vlan: entered promiscuous mode [ 163.812703][ T1156] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.813827][ T1156] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.814221][ T1156] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.818092][ T1156] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.158442][ T3317] veth0_macvtap: entered promiscuous mode [ 164.292670][ T3317] veth1_macvtap: entered promiscuous mode [ 164.706159][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.722889][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.723652][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.728333][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.753985][ T3318] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 167.135817][ T3472] serio: Serial port pts0 [ 173.937651][ T3499] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 174.164324][ T3501] input: syz0 as /devices/virtual/input/input1 [ 195.268490][ T3528] serio: Serial port pts0 [ 211.516721][ T3583] serio: Serial port pts0 [ 219.796287][ T3627] input: syz0 as /devices/virtual/input/input2 [ 244.570768][ T3703] fuse: root generation should be zero [ 252.995441][ T3775] serio: Serial port pts0 [ 268.036277][ T3810] capability: warning: `syz.1.127' uses deprecated v2 capabilities in a way that may be insecure [ 268.145538][ T3811] serio: Serial port pts0 [ 270.003165][ T3822] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 282.471222][ T3850] input: syz0 as /devices/virtual/input/input3 [ 311.177622][ T3920] serio: Serial port pts0 [ 326.700462][ T3969] serio: Serial port pts0 [ 331.378420][ T3985] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 334.429240][ T4003] input: syz0 as /devices/virtual/input/input4 [ 353.335358][ T4014] serio: Serial port pts0 [ 374.516978][ T4045] serio: Serial port pts0 [ 396.876771][ T4133] serio: Serial port pts0 [ 398.153188][ T4142] serio: Serial port pts1 [ 418.517953][ T4206] serio: Serial port pts0 [ 419.849135][ T795] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 419.964050][ T795] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.100626][ T795] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 420.257955][ T795] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 421.582521][ T795] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 421.638997][ T795] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 421.690393][ T795] bond0 (unregistering): Released all slaves [ 421.976270][ T795] hsr_slave_0: left promiscuous mode [ 421.986448][ T795] hsr_slave_1: left promiscuous mode [ 422.023930][ T795] veth1_macvtap: left promiscuous mode [ 422.029836][ T795] veth0_macvtap: left promiscuous mode [ 422.033740][ T795] veth1_vlan: left promiscuous mode [ 422.038071][ T795] veth0_vlan: left promiscuous mode [ 427.480958][ T4213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 427.519595][ T4213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 429.900116][ T4213] hsr_slave_0: entered promiscuous mode [ 429.911769][ T4213] hsr_slave_1: entered promiscuous mode [ 429.920473][ T4213] debugfs: 'hsr0' already exists in 'hsr' [ 429.923553][ T4213] Cannot create hsr debugfs directory [ 431.938713][ T4213] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 431.963463][ T4213] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 431.988826][ T4213] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 432.015694][ T4213] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 433.889265][ T4213] 8021q: adding VLAN 0 to HW filter on device bond0 [ 441.462500][ T4213] veth0_vlan: entered promiscuous mode [ 441.550576][ T4213] veth1_vlan: entered promiscuous mode [ 441.877937][ T4213] veth0_macvtap: entered promiscuous mode [ 441.927140][ T4213] veth1_macvtap: entered promiscuous mode [ 442.171578][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.172394][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.172733][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.173049][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 452.626925][ T4387] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 454.032294][ T4415] input: syz0 as /devices/virtual/input/input5 [ 466.616606][ T4469] input: syz0 as /devices/virtual/input/input6 [ 475.556526][ T4478] input: syz0 as /devices/virtual/input/input7 [ 490.542498][ T4496] input: syz0 as /devices/virtual/input/input8 [ 493.321741][ T4503] input: syz0 as /devices/virtual/input/input9 [ 502.390001][ T4547] input: syz0 as /devices/virtual/input/input10 [ 517.205637][ T4584] syz.0.350 uses obsolete (PF_INET,SOCK_PACKET) [ 522.110620][ T4601] serio: Serial port pts0 [ 527.719447][ T4629] input: syz0 as /devices/virtual/input/input11 [ 573.980534][ T4743] input: syz0 as /devices/virtual/input/input12 [ 585.369492][ T4777] input: syz0 as /devices/virtual/input/input13 [ 606.193460][ T4810] serio: Serial port pts0 [ 642.562808][ T4995] Zero length message leads to an empty skb [ 694.395669][ T5243] serio: Serial port pts0 [ 697.312617][ T5256] input: syz0 as /devices/virtual/input/input15 [ 710.243548][ T5349] input: syz0 as /devices/virtual/input/input16 [ 712.921765][ T5371] input: syz0 as /devices/virtual/input/input17 [ 713.793616][ T5377] input: syz0 as /devices/virtual/input/input18 [ 739.213010][ T5477] input: syz0 as /devices/virtual/input/input19 [ 741.394649][ C0] hrtimer: interrupt took 623230 ns [ 765.783975][ T5590] input: syz0 as /devices/virtual/input/input20 [ 766.754191][ T5596] serio: Serial port pts0 [ 790.099026][ T5646] input: syz0 as /devices/virtual/input/input21 [ 797.149387][ T5670] input: syz0 as /devices/virtual/input/input22 [ 804.973117][ T5694] input: syz0 as /devices/virtual/input/input23 [ 1204.822020][ T8288] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1204.834019][ T8288] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1379.140881][ T9431] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2071'. [ 1553.116310][T10520] "syz.1.2447" (10520) uses obsolete ecb(arc4) skcipher [ 1694.432660][T11396] lo: entered promiscuous mode [ 1694.480549][T11395] lo: left promiscuous mode [ 1908.725412][T12989] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1908.732223][T12989] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1929.710182][T13147] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3354'. [ 1972.764448][T13421] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 1972.785205][T13421] veth0: entered promiscuous mode [ 1972.850588][T13421] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3449'. [ 1983.688596][T13493] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3474'. [ 2045.147800][T13926] dvmrp1: entered allmulticast mode [ 2079.332752][T14180] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3716'. [ 2147.869080][T14524] 8021q: VLANs not supported on ip6_vti0 [ 2153.401661][T14579] : renamed from ipvlan1 [ 2162.582661][T14624] syz_tun: entered allmulticast mode [ 2162.592511][T14623] syz_tun: left allmulticast mode [ 2172.400359][T14703] lo: entered promiscuous mode [ 2172.427045][T14703] lo: left promiscuous mode [ 2236.529955][T15177] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4066'. [ 2371.219737][T14200] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2371.220567][T14200] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2371.220893][T14200] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2371.221316][T14200] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2385.675982][T16056] lo: entered promiscuous mode [ 2385.681102][T16055] lo: left promiscuous mode [ 2413.514089][T16165] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4418'. [ 2467.777456][T16384] serio: Serial port pts0 [ 2482.593769][T16441] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN [ 2486.669200][T16484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2486.678773][T16484] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2603.686485][ T4735] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 2603.717753][ T4735] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 2644.678797][T17301] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2644.689367][T17301] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2674.212620][T17399] process 'syz.1.4834' launched '/dev/fd/5' with NULL argv: empty string added [ 2718.903798][T17560] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4889'. [ 2719.040906][T17560] vxcan3: entered promiscuous mode [ 2719.602167][T17561] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4889'. [ 2760.961189][T17704] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4939'. [ 2786.940863][T17800] serio: Serial port pts0 [ 2801.981840][T17850] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2801.993321][T17850] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2844.730687][T17993] infiniband syz1: set down [ 2844.741766][T17993] infiniband syz1: added syz_tun [ 2845.039548][T17993] RDS/IB: syz1: added [ 2845.046347][T17993] smc: adding ib device syz1 with port count 1 [ 2845.057444][T17993] smc: ib device syz1 port 1 has no pnetid [ 2847.800977][T17994] smc: removing ib device syz1 [ 2875.826258][T18075] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 2999.080579][T18467] 8021q: VLANs not supported on vcan0 [ 3038.052268][T18625] ------------[ cut here ]------------ [ 3038.056038][T18625] WARNING: CPU: 0 PID: 18625 at arch/arm64/kvm/sys_regs.c:2353 kvm_set_vm_id_reg+0x60/0xf4 [ 3038.066425][T18625] Modules linked in: [ 3038.069989][T18625] CPU: 0 UID: 0 PID: 18625 Comm: syz.1.5244 Not tainted syzkaller #0 PREEMPT [ 3038.072432][T18625] Hardware name: linux,dummy-virt (DT) [ 3038.074216][T18625] pstate: a1402009 (NzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 3038.076373][T18625] pc : kvm_set_vm_id_reg+0x60/0xf4 [ 3038.077279][T18625] lr : kvm_finalize_sys_regs+0x88/0x244 [ 3038.078325][T18625] sp : ffff80008330bab0 [ 3038.078861][T18625] x29: ffff80008330bab0 x28: f4f00000054e92c0 x27: 0000000000000000 [ 3038.080487][T18625] x26: 0000000000000000 x25: f6f0000011781ca0 x24: 0000000000000000 [ 3038.081706][T18625] x23: f6f0000011781ce8 x22: 0000000000000000 x21: faff80008823dbd0 [ 3038.082907][T18625] x20: faff80008823d000 x19: f6f0000011781ca0 x18: 00000000ffffffff [ 3038.084080][T18625] x17: 0000000000000000 x16: 0000000000000000 x15: ffff80008330ba90 [ 3038.085624][T18625] x14: ffff80008330bd98 x13: ffff80008330bd5a x12: 0000000000000000 [ 3038.086733][T18625] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000058 [ 3038.087888][T18625] x8 : ffff80008330bda8 x7 : fdf0000004cfbb9c x6 : 0000000000000057 [ 3038.088821][T18625] x5 : f4f00000054e92c0 x4 : 0000000000000001 x3 : faff80008823dd18 [ 3038.089913][T18625] x2 : 1101001020110222 x1 : 0000000000000000 x0 : faff80008823d000 [ 3038.091104][T18625] Call trace: [ 3038.091832][T18625] kvm_set_vm_id_reg+0x60/0xf4 (P) [ 3038.092960][T18625] kvm_finalize_sys_regs+0x88/0x244 [ 3038.093899][T18625] kvm_arch_vcpu_run_pid_change+0x8c/0x36c [ 3038.095254][T18625] kvm_vcpu_ioctl+0x7f8/0x878 [ 3038.096127][T18625] __arm64_sys_ioctl+0xac/0x104 [ 3038.096837][T18625] invoke_syscall+0x48/0x110 [ 3038.097559][T18625] el0_svc_common.constprop.0+0x40/0xe0 [ 3038.098248][T18625] do_el0_svc+0x1c/0x28 [ 3038.098829][T18625] el0_svc+0x34/0x10c [ 3038.099397][T18625] el0t_64_sync_handler+0xa0/0xe4 [ 3038.100031][T18625] el0t_64_sync+0x1a4/0x1a8 [ 3038.100951][T18625] ---[ end trace 0000000000000000 ]--- VM DIAGNOSIS: 05:56:31 Registers: info registers vcpu 0 CPU#0 PC=ffff8000800b4f10 X00=0000000000000000 X01=f4f00000054e92c0 X02=0000000000000000 X03=0000000000000140 X04=ffff800082c50510 X05=0000000000000000 X06=00000000000affa8 X07=ffff8000829af978 X08=c0000000ffffdfff X09=000000000002ffe8 X10=0000000000000001 X11=0000000000000001 X12=ffff800082a5fa00 X13=ffff80008330b5b8 X14=00000000ffffffea X15=ffff80008330b200 X16=0000000000000000 X17=0000000000000000 X18=00000000ffffffff X19=ffff80008330b970 X20=f4f00000054e9a80 X21=ffff800082c504d8 X22=ffff80008268a940 X23=0000000000000009 X24=0000000000000000 X25=00000000000048c1 X26=0000000000000000 X27=ffff80008268a940 X28=f4f00000054e92c0 X29=ffff80008330b660 X30=c59f8000800b5970 SP=ffff80008330b660 PSTATE=624023c9 -ZC- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffff00000007 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000274000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d503201fd503201f:d503201fd503201f Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d503201fd503201f:d503201fd503201f Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d503201fd503201f:d503201fd503201f Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d503201fd503201f:d503201fd503201f Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb1176468:0000ffffb1176460 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffb1176478:0000ffffb1176470 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffeaf490d0:0000ffffeaf490d0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffeaf490a0 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff8000800122d4 X00=0000000000000000 X01=0000fffff1b90acc X02=0000000040000001 X03=0000000000000000 X04=0000ffff97577498 X05=00000000fffffffa X06=00000000000f4240 X07=0000ffff9756d878 X08=0000000000000104 X09=0000000000000017 X10=0018701a80000000 X11=00ffffffffffffff X12=000002c36dc07ba4 X13=0000fffff1b902b0 X14=0000000000000001 X15=0000000000000000 X16=0000ffff97570018 X17=0000ffff97349440 X18=0000000000003a98 X19=0000000040000001 X20=ffffffffffffffff X21=00000000001b7740 X22=0000fffff1b90b20 X23=0000ffff97590000 X24=0000ffff97590000 X25=00000000002e5980 X26=00000000000001f4 X27=000000000000000b X28=0000000000003a98 X29=0000fffff1b90a10 X30=0000ffff97260ce0 SP=ffff80008af7c000 PSTATE=414023c9 -Z-- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00524f5252450040:0000000000000000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00524f5252450040:0000000000000000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6161616161616161:6161616161616161 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6161616161616161:6161616161616161 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000fffff1b90a40:0000fffff1b90a40 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000fffff1b90a10 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000