last executing test programs: 6.330716672s ago: executing program 1 (id=4770): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='io.stat\x00', 0x26e1, 0x0) close(r0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_LEAVE_IBSS(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x1, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3, 0x38}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x4811}, 0x4) 6.230685173s ago: executing program 1 (id=4771): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) ftruncate(r0, 0x5) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x51031, 0xffffffffffffffff, 0x0) 5.536601541s ago: executing program 0 (id=4772): syz_usb_connect$cdc_ecm(0x5, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) fsetxattr$security_evm(r0, &(0x7f0000000000), &(0x7f0000000100)=@md5={0x1, "417be39d5bef613f6ad0e39d2256d582"}, 0x11, 0x0) 4.942056879s ago: executing program 1 (id=4773): mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r0 = socket(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x43, 0x0, &(0x7f0000000040)) 3.491854803s ago: executing program 0 (id=4774): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) move_pages(r0, 0x1, &(0x7f0000000100)=[&(0x7f0000ffe000/0x1000)=nil], &(0x7f0000000180)=[0x1e], 0x0, 0x0) 2.5506793s ago: executing program 0 (id=4775): openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000040)={0x0, 0x10001, 0xb432, 0x0, 0xcb0}) 2.328704865s ago: executing program 0 (id=4776): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_GET_HW_INFO(r0, 0x3b8a, &(0x7f0000000380)={0x24, 0x0, r2, 0xffffffffffffffe2, &(0x7f00000003c0)=""/28}) 2.230285126s ago: executing program 0 (id=4777): syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) wait4(0x0, 0x0, 0x80000000, 0xffffffffffffffff) 1.088600806s ago: executing program 1 (id=4778): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x600040, 0x88) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x10, [{}, {0x0, 0x100000000000000}]}, 0x60) 298.927646ms ago: executing program 0 (id=4779): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) write$binfmt_misc(r0, &(0x7f0000000140), 0xfffffcdd) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='uid_map\x00') r2 = socket$inet6_icmp(0xa, 0x2, 0x3a) sendmmsg(r2, &(0x7f0000005bc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvfrom(r2, 0x0, 0x0, 0x0, 0x0, 0x0) shutdown(r2, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0xa9) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x0, &(0x7f0000ffd000/0x1000)=nil) timer_create(0x0, 0x0, 0x0) timer_create(0x0, 0x0, &(0x7f0000000240)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) 200.012707ms ago: executing program 1 (id=4780): openat$ptmx(0xffffffffffffff9c, &(0x7f0000001080), 0x121a41, 0x0) mkdirat$cgroup(0xffffffffffffff9c, &(0x7f0000000000)='syz0\x00', 0x1ff) r0 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000040)='syz0\x00', 0x200002, 0x0) close(r0) socket$inet6_icmp(0xa, 0x2, 0x3a) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, 0x0, 0x0) timerfd_create(0x0, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = inotify_init1(0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = dup3(r2, r1, 0x0) write$P9_RVERSION(r3, 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$KDADDIO(r4, 0x5450, 0x0) 0s ago: executing program 1 (id=4781): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$arm64(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) r4 = syz_kvm_add_vcpu$arm64(r2, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@irq_setup={0x46, 0x18, {0x1, 0x20}}], 0x18}, 0x0, 0x0) syz_kvm_vgic_v3_setup(r1, 0x2, 0x100) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) r6 = mmap$KVM_VCPU(&(0x7f0000009000/0x1000)=nil, r5, 0x3, 0x11, r3, 0x0) r7 = mmap$KVM_VCPU(&(0x7f000000a000/0x1000)=nil, r5, 0x3, 0x11, r4, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r7, 0xffffffffffffffff) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000180)={0x1010020, 0x1}) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_assert_syzos_uexit$arm64(r6, 0xfffffffffffffffe) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:52513' (ED25519) to the list of known hosts. syzkaller login: [ 87.888593][ T3313] cgroup: Unknown subsys name 'net' [ 88.208038][ T3313] cgroup: Unknown subsys name 'cpuset' [ 88.231452][ T3313] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 88.776634][ T3313] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 97.424425][ T3319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.486414][ T3319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 97.502408][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 97.565384][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.040653][ T3318] hsr_slave_0: entered promiscuous mode [ 99.045728][ T3318] hsr_slave_1: entered promiscuous mode [ 99.290991][ T3319] hsr_slave_0: entered promiscuous mode [ 99.293934][ T3319] hsr_slave_1: entered promiscuous mode [ 99.296045][ T3319] debugfs: 'hsr0' already exists in 'hsr' [ 99.296552][ T3319] Cannot create hsr debugfs directory [ 100.311480][ T3318] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 100.356307][ T3318] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 100.403406][ T3318] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 100.449643][ T3318] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 100.725933][ T3319] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 100.755278][ T3319] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 100.778671][ T3319] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 100.795713][ T3319] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 101.522617][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 101.730182][ T3319] 8021q: adding VLAN 0 to HW filter on device bond0 [ 104.842562][ T3318] veth0_vlan: entered promiscuous mode [ 104.941208][ T3318] veth1_vlan: entered promiscuous mode [ 104.965351][ T3319] veth0_vlan: entered promiscuous mode [ 105.033772][ T3319] veth1_vlan: entered promiscuous mode [ 105.136580][ T3318] veth0_macvtap: entered promiscuous mode [ 105.169233][ T3318] veth1_macvtap: entered promiscuous mode [ 105.308213][ T3319] veth0_macvtap: entered promiscuous mode [ 105.356546][ T3319] veth1_macvtap: entered promiscuous mode [ 105.388925][ T2165] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.391554][ T1193] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.415713][ T1193] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.613262][ T1193] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.878994][ T818] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.879545][ T818] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.879681][ T818] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 105.879821][ T818] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 106.076248][ T3318] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 115.958701][ T3407] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 116.118999][ T3407] usb 1-1: Using ep0 maxpacket: 32 [ 116.142216][ T3407] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.142612][ T3407] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.142984][ T3407] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 116.143412][ T3407] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 116.143480][ T3407] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.157982][ T3407] usb 1-1: config 0 descriptor?? [ 116.614995][ T3407] hid-generic 0003:1B96:000A.0001: unknown main item tag 0x0 [ 116.615760][ T3407] hid-generic 0003:1B96:000A.0001: unknown main item tag 0x0 [ 116.615849][ T3407] hid-generic 0003:1B96:000A.0001: unknown main item tag 0x0 [ 116.615921][ T3407] hid-generic 0003:1B96:000A.0001: unknown main item tag 0x0 [ 116.616017][ T3407] hid-generic 0003:1B96:000A.0001: unknown main item tag 0x0 [ 116.649860][ T3407] hid-generic 0003:1B96:000A.0001: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0 [ 118.733919][ T883] usb 1-1: USB disconnect, device number 2 [ 119.222227][ T3566] fuse: root generation should be zero [ 119.580845][ T3577] serio: Serial port pts0 [ 139.942753][ T3698] serio: Serial port pts1 [ 140.642893][ T3704] serio: Serial port pts0 [ 148.949539][ T3726] serio: Serial port pts1 [ 159.396993][ C1] hrtimer: interrupt took 90616889 ns [ 163.584006][ T3769] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 177.700912][ T3873] serio: Serial port pts0 [ 184.912946][ T3904] serio: Serial port pts1 [ 195.095943][ T3920] syz.1.169 uses obsolete (PF_INET,SOCK_PACKET) [ 204.019033][ T3931] nci: __nci_request: wait_for_completion_interruptible_timeout failed 0 [ 204.070353][ T3958] binder: 3957:3958 ioctl 40046205 0 returned -22 [ 204.073113][ T3958] binder: 3958 RLIMIT_NICE not set [ 227.364733][ T4139] serio: Serial port pts0 [ 231.622907][ T4146] input: syz0 as /devices/virtual/input/input1 [ 244.275189][ T4184] input: syz0 as /devices/virtual/input/input2 [ 248.278247][ T4213] serio: Serial port pts0 [ 282.669204][ T4267] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 287.929823][ T4304] Zero length message leads to an empty skb [ 289.945309][ T4327] netlink: 20 bytes leftover after parsing attributes in process `syz.0.316'. [ 317.963402][ T4542] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 317.965079][ T4542] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 352.443075][ T4785] fuse: Bad value for 'fd' [ 441.918476][ T5446] netlink: 4 bytes leftover after parsing attributes in process `syz.0.709'. [ 521.143273][ T6032] process 'syz.1.910' launched './file0' with NULL argv: empty string added [ 532.937644][ T6125] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 532.943820][ T6125] veth0: entered promiscuous mode [ 532.982555][ T6125] netlink: 4 bytes leftover after parsing attributes in process `syz.1.944'. [ 641.265068][ T6975] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1242'. [ 790.153643][ T8323] serio: Serial port pts0 [ 1008.173884][T10320] lo: entered promiscuous mode [ 1008.187220][T10320] lo: left promiscuous mode [ 1034.292979][T10526] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2485'. [ 1157.160798][T11398] "syz.0.2782" (11398) uses obsolete ecb(arc4) skcipher [ 1215.024436][T11896] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1215.025886][T11896] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1329.537095][ C0] vkms_vblank_simulate: vblank timer overrun [ 1330.377271][ C0] vkms_vblank_simulate: vblank timer overrun [ 1330.514317][ C0] vkms_vblank_simulate: vblank timer overrun [ 1331.377910][ C0] vkms_vblank_simulate: vblank timer overrun [ 1332.217935][ C0] vkms_vblank_simulate: vblank timer overrun [ 1332.245811][ C0] vkms_vblank_simulate: vblank timer overrun [ 1387.717907][T13061] : renamed from ipvlan1 (while UP) [ 1447.843721][T13502] Process accounting resumed [ 1516.407500][T13914] 8021q: VLANs not supported on ip6_vti0 [ 1519.055016][T13934] lo: entered promiscuous mode [ 1519.056288][T13933] lo: left promiscuous mode [ 1566.200339][T14308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1566.201575][T14308] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1593.882624][T14543] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3891'. [ 1596.586550][T14573] lo: entered promiscuous mode [ 1596.610808][T14571] lo: left promiscuous mode [ 1648.619202][T14953] cgroup: fork rejected by pids controller in /syz1 [ 1649.175827][ T40] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1649.270067][ T40] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1649.369041][ T40] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1649.463628][ T40] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1650.386104][ T40] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1650.415839][ T40] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1650.443559][ T40] bond0 (unregistering): Released all slaves [ 1650.606023][ T40] hsr_slave_0: left promiscuous mode [ 1650.613034][ T40] hsr_slave_1: left promiscuous mode [ 1650.636514][ T40] veth1_macvtap: left promiscuous mode [ 1650.640964][ T40] veth0_macvtap: left promiscuous mode [ 1650.642674][ T40] veth1_vlan: left promiscuous mode [ 1650.644668][ T40] veth0_vlan: left promiscuous mode [ 1654.211585][T14963] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1654.250274][T14963] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1655.918836][T14963] hsr_slave_0: entered promiscuous mode [ 1655.936195][T14963] hsr_slave_1: entered promiscuous mode [ 1655.946341][T14963] debugfs: 'hsr0' already exists in 'hsr' [ 1655.947113][T14963] Cannot create hsr debugfs directory [ 1657.332742][T14963] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1657.370621][T14963] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1657.390031][T14963] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1657.409214][T14963] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1658.482959][T14963] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1661.884180][T14963] veth0_vlan: entered promiscuous mode [ 1661.945227][T14963] veth1_vlan: entered promiscuous mode [ 1662.105035][T14963] veth0_macvtap: entered promiscuous mode [ 1662.134708][T14963] veth1_macvtap: entered promiscuous mode [ 1662.273519][ T55] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1662.275207][ T55] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1662.277323][ T55] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1662.280903][ T55] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1712.427740][T15471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1712.431380][T15471] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1756.382203][T15684] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4241'. [ 1767.718174][T15733] serio: Serial port pts0 [ 1824.541755][T16016] serio: Serial port pts0 [ 1866.444668][T16194] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4414'. [ 1866.563039][T16194] vxcan3: entered promiscuous mode [ 1867.094160][T16196] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4414'. [ 1878.262302][T16242] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4432'. [ 1913.222569][T16387] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4484'. [ 1932.862772][T16467] 8021q: VLANs not supported on vcan0 [ 1932.874279][ T30] audit: type=1326 audit(1932.550:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16473 comm="syz.1.4513" exe="/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9255b9e8 code=0x0 [ 1963.811089][T16591] fuse: Bad value for 'fd' [ 1987.075080][T16698] infiniband syz1: set active [ 1987.080488][T16698] infiniband syz1: added syz_tun [ 1987.217849][T16698] RDS/IB: syz1: added [ 1987.218905][T16698] smc: adding ib device syz1 with port count 1 [ 1987.219262][T16698] smc: ib device syz1 port 1 has no pnetid [ 1988.873674][T16700] smc: removing ib device syz1 [ 2020.030344][T16861] 8021q: VLANs not supported on vcan0 [ 2073.986007][T17065] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4719'. [ 2073.999996][T17065] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4719'. [ 2074.000201][T17065] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4719'. [ 2074.021366][T17065] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4719'. [ 2074.021673][T17065] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4719'. [ 2074.085761][T17065] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4719'. [ 2074.087192][T17065] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4719'. [ 2074.133601][T17065] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4719'. [ 2074.135473][T17065] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4719'. [ 2074.183808][T17065] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4719'. [ 2074.625913][T17071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2074.633037][T17071] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2076.376613][T12245] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2076.377500][T12245] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2076.377841][T12245] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2076.377995][T12245] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2078.131698][T17091] xt_hashlimit: size too large, truncated to 1048576 [ 2078.705214][ C0] vkms_vblank_simulate: vblank timer overrun [ 2078.914854][ C0] vkms_vblank_simulate: vblank timer overrun [ 2079.338727][T17106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2079.341202][T17106] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2080.114814][ C0] vkms_vblank_simulate: vblank timer overrun [ 2080.357517][ C0] vkms_vblank_simulate: vblank timer overrun [ 2080.403139][ C0] vkms_vblank_simulate: vblank timer overrun [ 2080.658431][T17104] mmap: syz.0.4734 (17104) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 2082.578939][ C0] vkms_vblank_simulate: vblank timer overrun [ 2083.702681][T17126] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2083.705670][T17126] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2091.443244][T17159] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2091.449744][T17159] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2100.341132][T17220] ------------[ cut here ]------------ [ 2100.348961][T17220] WARNING: CPU: 0 PID: 17220 at arch/arm64/kvm/sys_regs.c:2353 kvm_set_vm_id_reg+0x60/0xf4 [ 2100.364637][T17220] Modules linked in: [ 2100.366843][T17220] CPU: 0 UID: 0 PID: 17220 Comm: syz.1.4781 Not tainted syzkaller #0 PREEMPT [ 2100.367616][T17220] Hardware name: linux,dummy-virt (DT) [ 2100.368137][T17220] pstate: a1402009 (NzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 2100.368594][T17220] pc : kvm_set_vm_id_reg+0x60/0xf4 [ 2100.368884][T17220] lr : kvm_finalize_sys_regs+0x88/0x244 [ 2100.369199][T17220] sp : ffff80008aa6bab0 [ 2100.369431][T17220] x29: ffff80008aa6bab0 x28: fbf0000008ff0000 x27: 0000000000000000 [ 2100.370305][T17220] x26: 0000000000000000 x25: f8f000000ac28000 x24: 0000000000000000 [ 2100.370675][T17220] x23: f8f000000ac28048 x22: 0000000000000000 x21: f9ff8000898abbd0 [ 2100.370893][T17220] x20: f9ff8000898ab000 x19: f8f000000ac28000 x18: 00000000ffffffff [ 2100.371186][T17220] x17: 0000000000000000 x16: 0000000000000000 x15: ffff80008aa6ba90 [ 2100.371407][T17220] x14: ffff80008aa6bd98 x13: ffff80008aa6bd5a x12: 0000000000000000 [ 2100.371605][T17220] x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000028 [ 2100.371874][T17220] x8 : ffff80008aa6bda8 x7 : fcf0000003007dbc x6 : 0000000000000027 [ 2100.372192][T17220] x5 : fbf0000008ff0000 x4 : 0000000000000001 x3 : f9ff8000898abd18 [ 2100.372569][T17220] x2 : 1101001020110222 x1 : 0000000000000000 x0 : f9ff8000898ab000 [ 2100.373145][T17220] Call trace: [ 2100.373658][T17220] kvm_set_vm_id_reg+0x60/0xf4 (P) [ 2100.374153][T17220] kvm_finalize_sys_regs+0x88/0x244 [ 2100.385426][T17220] kvm_arch_vcpu_run_pid_change+0x8c/0x36c [ 2100.397643][T17220] kvm_vcpu_ioctl+0x7f8/0x878 [ 2100.398929][T17220] __arm64_sys_ioctl+0xac/0x104 [ 2100.400057][T17220] invoke_syscall+0x48/0x110 [ 2100.401163][T17220] el0_svc_common.constprop.0+0x40/0xe0 [ 2100.402468][T17220] do_el0_svc+0x1c/0x28 [ 2100.403491][T17220] el0_svc+0x34/0x10c [ 2100.404474][T17220] el0t_64_sync_handler+0xa0/0xe4 [ 2100.405714][T17220] el0t_64_sync+0x1a4/0x1a8 [ 2100.407380][T17220] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2101.245624][ T55] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2101.406051][ T55] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2101.512867][ T55] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2101.675471][ T55] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2103.165657][ T55] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2103.212295][ T55] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2103.242707][ T55] bond0 (unregistering): Released all slaves [ 2103.364499][ T55] hsr_slave_0: left promiscuous mode [ 2103.403794][ T55] hsr_slave_1: left promiscuous mode [ 2103.453453][ T55] veth1_macvtap: left promiscuous mode [ 2103.454778][ T55] veth0_macvtap: left promiscuous mode [ 2103.458757][ T55] veth1_vlan: left promiscuous mode [ 2103.460122][ T55] veth0_vlan: left promiscuous mode [ 2106.833927][ T55] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2106.875729][ T55] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2106.903568][ T55] bond0 (unregistering): Released all slaves [ 2107.075860][ T55] hsr_slave_0: left promiscuous mode [ 2107.088744][ T55] hsr_slave_1: left promiscuous mode VM DIAGNOSIS: 18:46:55 Registers: info registers vcpu 0 CPU#0 PC=ffff80008013c884 X00=0000000000000000 X01=fbf0000008ff0000 X02=0000000000000000 X03=0000000000000000 X04=0000000000000000 X05=ffff800082a5f9a8 X06=00000000000affa8 X07=ffff8000829af978 X08=c0000000ffffdfff X09=000000000002ffe8 X10=0000000000000001 X11=0000000000000001 X12=ffff800082a5fa00 X13=ffff80008aa6b608 X14=00000000ffffffea X15=ffff80008aa6b250 X16=0000000000000000 X17=0000000000000000 X18=00000000ffffffff X19=ffff800082b2e6f8 X20=ffff8000829af000 X21=0000000000000000 X22=0000000000000104 X23=00000000000003b3 X24=0000000000000000 X25=ffff8000829811e8 X26=00000000000003c0 X27=0000000000000000 X28=fbf0000008ff0000 X29=ffff80008aa6b650 X30=ffff80008013c934 SP=ffff80008aa6b650 PSTATE=424023c9 -Z-- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffff00000007 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000274000:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d503201fd503201f:d503201fd503201f Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d503201fd503201f:d503201fd503201f Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d503201fd503201f:d503201fd503201f Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:d503201fd503201f:d503201fd503201f Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffff92776468:0000ffff92776460 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffff92776478:0000ffff92776470 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffd67c02f0:0000ffffd67c02f0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffd67c02c0 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff80008018f768 X00=0000000000000011 X01=fff000007f8dc368 X02=ffff800082984560 X03=0000000000000000 X04=0000000000000000 X05=ffffffffffffffff X06=0000000000000001 X07=ffff800082983a98 X08=ffffffffffffffff X09=ffff800082964ac0 X10=0000000000000010 X11=fff000007f8d7b00 X12=0101010101010101 X13=0000000000000030 X14=0000000000000000 X15=0000000000000000 X16=0000000000000000 X17=0000000000000000 X18=0000000000000000 X19=0000000000000000 X20=0000000000000000 X21=ffff80008018f508 X22=0000000000000000 X23=0000000000000001 X24=0000000000000001 X25=fff000007f8f0ac0 X26=ffff8000829811e8 X27=0000000000000001 X28=0000000000000000 X29=ffff80008322bbb0 X30=ffff80008018fa24 SP=ffff80008322bbb0 PSTATE=41402009 -Z-- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6d766b2f7665642f Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffffffffffff:0000000000000000 Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffffff00000000 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ff00ff0000000000:ffffffffffffff00 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:f0f00000fffffff0 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ccccccccccccf000 Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000073:0000aaaacc0c5c90 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000074:0000aaaacc0c2f70 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffeaaf89b0:0000ffffeaaf89b0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd0:0000ffffeaaf8980 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000