last executing test programs: 1.319563413s ago: executing program 1 (id=2): add_key$user(0x0, &(0x7f0000000000), 0x0, 0x0, 0xfffffffffffffffe) syz_usb_connect$uac1(0x0, 0x96, &(0x7f0000000740)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x84, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@selector_unit={0x7, 0x24, 0x5, 0x0, 0x0, '\x00\x00'}, @input_terminal={0xc, 0x24, 0x2, 0x1, 0x206, 0x6, 0x4, 0xe80, 0x5, 0x9}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x1}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x6f, 0x2, 0x0, 0x1, "8b7e", "8e"}, @as_header={0x7}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x81}}}}}}}]}}, 0x0) 1.080170349s ago: executing program 0 (id=1): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f50009"], 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000080)=ANY=[@ANYBLOB="6b0ee0b3d41b1b", @ANYRES8]) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 494.654718ms ago: executing program 1 (id=3): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='hrtimer_start\x00', r1}, 0x18) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000210018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r4}, 0x10) r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r5}, 0x8) write$cgroup_int(r6, &(0x7f00000001c0), 0xfffffdef) 290.128251ms ago: executing program 1 (id=4): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'pim6reg1\x00', 0x2}) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1], 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='qdisc_create\x00', r4}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @broadcast}) 0s ago: executing program 1 (id=5): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002180)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000480000000820000095000000000000002ba7e1d30c04aa8b3382022ce2a1d97411a0f6b599e83f24a3aa81d36bb7019c13bd23212fb56f040026fbfefc4a056bdc17487902317142fac7e7be168c1886d0d4d94f2f4eb45c652fbc1626cca2a28d67893547db51ee988e6e06c8cedf7ceb9fc40400ae5e4aa74c92c6a51cbf9b0a4def23d410f6accd3641130bfc4e90a6341865c3f5ab3e89cf6c662ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0c18ce7400dae15cb7947c491b8bea3fd2f73902ebcfcf4982277d9800011b405bbf7b02433a9bcd715f5888b2007f000000001c000000010000000000000600000000309329170ee5b567e70f000006a10f58fa64533500000000000000000000000031000000000000001208e75a89faffbfb11b7dc6ea31001e846c12423a169f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a80d0900f4d433623c850af895abba14f6fbd7fbad1f98e26ad4deaf1a4f294b2a431ab9142f3a06d54740a4bc5e3abd378af7c9676a08e774c48785f895b4ec8d1141d5e8744d7f09ab4df6027bf48cabecead649f96ea24d32872c494160cb7f46ce680eeb80157eb23f9902519ac655fa73103170cbc496d7122034b85e7e87a2db762cbb253fbd76b9117c1a11d18aa2040c5f0c289906000000000000005ffe91ff799a11d9b219c00c369a12bf8685b862d0dbdd956cbda1bae489bcef5ae59136aaadc59609f4d42617c0e6066938b521a0f2e2467a6c435ad5b800262a5da053ced5e95394e500000072737638ac44fb61310e2df511c60b3c88113996a81fb64bce5eb95ce91738640ff7ae6ed6b62086e699955926934389cdf9bcffff3ffd86fe9ce05268bfca3958f2206cdc7095682c14f10ba1075832956762b2dcc6251e7b74cb1da627e332765511c58215bf84d263e8778e6e8ffe4ea50b076446f35efffc806b340658342d2d9e1ef68c6ef3e98407d2fcefb34a0000000000000000895ddbb76122b1222e4da37177fe833e4fcaa67997e92a206ebd085bd9f90008d3fdd528efe6c1dca17f45ba5e8bd311a40030f9ffce75ffff996a80153a0077bb43f8a63dd390d18f0239b41da1a52383a4c6768ca1bb66b8fb3c5000f6f246fd20356a60769b461b6cdf133de073b1df08ae09268b0073bb97d88d741a5546e76caf4b6b1387ff37ec13d262dae0260be74cdf7bb6d3107597430ef5bbd476bb9d69b2aef9f3cb644b4bf01ccf16d40720939daf2af469bdfb361b8ee8d414e757b6cce3c66f5c343afb78a7cfd852f3e05c089887d7df2ff4f9982030019421af6b78ff9c444a17091875cfe4eab0e7f50eb69c860b1613a6b4f5af04f9c635d8d646c89f8b85f820ce7464c731deba39f9ff7b815f7b0acba754c01ed8bf1bba0010a8c6a2b966d861f9dd547abf2e9b23e5607f00f80b5e749bf5271efd93ce76e67758fd76e4bc46c84799aa792cdaeb6cfb858e577dacff607ba513250e13ae696cd6ed7d318190a93b9ee07927efca6b8d1f5980994690bbe002db5146439d906a0d4aef065214b15666cdca81091b69acee2c7ce0821fc19e0891f0b53469f935c5ac420100010000000000fb53faf4420638489e6a1c696d8c414a87b60000000000080000b6be1557951854c01dbc2d061827ae6349a045b780893771524a424335b9fc34616ee9f09141057262530b7c2f7c9b969938779736ece7b470078ac0b1b4b528000000009866e9994ca9096672ec9f3800c2fc35ba6516e542624c47bdba76a816c3a3dd6c3fa87a3ec91df199a9af91a7babf2b8d0e7b77e6dfb4bbc9817847b705000000a1000000000000ab8353f3800f045b90b0eaab6d731199c9447eabbc8c740183aff5389742e47de5000000826a570d14310700cf2ae3366ebdb7f1000000000000333c00e6addbf4c71ffad6bfb5babb49109f92a5a52042c425190a6e3f1a8a3abfe6059da9c952cf35c98ce7616355493d280f2d0be99e18fd0900c769e7eb4edc1c03a33676590bd2047229e0237c1e34641848531712ff09e89fb062a3e66f4fced0ae679733830039cb61ea0691f0b4e0b33194404e643243c3841e1e7fe301f7f47a7f89512d92e83624e3de705bdfbfd0e5e381398e9d5428a00cc8a6d097d97e6ac8bd09b1a5577920a650114a522c1e2dcdc4f606fcbcee91770a9fada34d38cd7976a9228a0a0dd8661be8162e966aac26bea4c11458cd6ce22ddf7054cdd0a60ef3ec000000000000000000425cb75dc7ec92e9a5d29f9c99697d2a98ae0a9f35e4196c3faeb7a60a0290bf897846f6f0f1c163d6075119169d55d10da9ad0e4b2c636d200000009baaf94e2b2c48e70d8453f832eecfb1de2a3f38a5c986de9e37737dac74db251d5e9ea2b8ed39e91a7a17d01b49f7aaff7c4c73c3484bdcab362838ed940035b239a3646ef55b9f070ae14466b3acef9f8b28fb938a237e2e068ae4a6bce4407b54cc14614c2cdf877f000000000000000000000000bdcf23144e6c16b9235552aed83b6428f34d88c258a9ad16386bba51b60838fb11bc193a206b5a25b7233b222e4e68e0d1e88f26b9a45b6c29469530a37ea92aaf421cdcc1f594ecfaff9a79b56f8b38038002d29142a369b14607b5e48987541ed2cb5a3512a877da93174aa5bf4ee9fbf1bd0f42d221d7cbfec3feff2ef0a1d3316421ee72754aea5b5abb253295c2d87aeb468bd4f73d391c07a4831b4b0bf962e6cfa0f0445ba37524c8c062c4787f9bff922b012e833c08ff0c365c289657b88ff8aa4c26260956f6e9b640f90cacb464007c3717fd9ec6d618bd3ff950b9dc4d7f9c94205db3b47bdded6a47911088f1a1d06649c3ac08c7f6194604786d0a1fe96667fcf082caac73dda1b9c0dda7dd90c38107b8a016132b63ec21a988cc2788efc9d5f6fbfd7ddbe800a5382bbc4b2624a4b9976b2c5f4c611e88370a5dff77de5d0960a3bd91321a8e0b27a48cbc2607a4c6c406cd4ac5d5a18ba185ad620beeb77f1c6bc1697151600bd3491d5a8358ef635d50d54af5b24d11d52eb75c970ab41ee0afbd2a01d249fabacc95695efc923da1800f1439d385bbb00ac0d7c8043f4e2661ffec2eafbac5b483885d76ff5b2358986923a5fa8aad707a0aba60e4fae6dd3decf94ead2dfb52fd0be70d5d14a5f6c6a6786b0ce6a5eeeae8fb8c6ed627c348d9bf64a7aa47e02b8dd67c12141bfd5efb2b05501f57bcf3f0660dd63cb4f4912fd386647f9a9e32f5e7f00f21063f4d262bc29e8a4edd8cba7ee7fd9cf4a21cb93a9eb232acbce357044d3c99154e4ba0ed25e2ecbad23b08b2073a8a7de2c6dac3cfcab3fd33b082ddc278776963c5ad1fa244360716dc571d6e95a767ad6bf69d4c8d132155ad94b610d4a42161e7532dd5fe80556dc149d70f002ce4006bbac4549e4b48f8360e1b2353cf636ca348db1c5e8335066efe415560683c7b5eadcffe56a58093756d20609a1ea83831a430818d1e5090b2608290469eede3f81e0e4f402b63c2b54374af37aafcae614bb3936cf952f2f944f5740c4c2c629a7935eb86abb14cfcdde8b371119f1ccda5850d8c6194775b8a5f8de7000000000000a1c7e2233be2fe4254f6a9c1fc414252a4ceefd417f37b4a1507da7b4d870f3fea9757a8c24e6a72e9e3a41da13496e27952b373c776a939540527c01661ed7d0026ad4b6ee543cfac2b7f48916212dddb2eca1e2ab0861ab94a693f6b9fc9a9c2ec231588ecef2907c47fe1344eee20d3c1024ebbfbe50d6bf4543db64f8cc0d82c532d75479ad8afe72cffbd569f448d6f2f88d88b9f12ce5b56cb0731ee8e5c70598f5608726a0a5a7d57352a996722"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x57, 0x10, &(0x7f0000000000), 0xffffffffffffffc9}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r0, 0x4) close(0x4) sendmsg$inet(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000200)="fa82", 0x37fe0}], 0x1}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:55623' (ED25519) to the list of known hosts. syzkaller login: [ 91.366216][ T3312] cgroup: Unknown subsys name 'net' [ 91.605893][ T3312] cgroup: Unknown subsys name 'cpuset' [ 91.629146][ T3312] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 92.133854][ T3312] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 102.518791][ T3318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.536305][ T3318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 102.768150][ T3317] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 102.785409][ T3317] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 103.483907][ T3318] hsr_slave_0: entered promiscuous mode [ 103.489201][ T3318] hsr_slave_1: entered promiscuous mode [ 103.690581][ T3317] hsr_slave_0: entered promiscuous mode [ 103.693348][ T3317] hsr_slave_1: entered promiscuous mode [ 103.697211][ T3317] debugfs: 'hsr0' already exists in 'hsr' [ 103.698978][ T3317] Cannot create hsr debugfs directory [ 104.511358][ T3318] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 104.542678][ T3318] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 104.597974][ T3318] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 104.646332][ T3318] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 104.788481][ T3317] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 104.815858][ T3317] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 104.839412][ T3317] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 104.882182][ T3317] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 105.862362][ T3318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 106.012819][ T3317] 8021q: adding VLAN 0 to HW filter on device bond0 [ 108.865872][ T3318] veth0_vlan: entered promiscuous mode [ 108.910295][ T3318] veth1_vlan: entered promiscuous mode [ 109.089864][ T3318] veth0_macvtap: entered promiscuous mode [ 109.130154][ T3318] veth1_macvtap: entered promiscuous mode [ 109.311720][ T3317] veth0_vlan: entered promiscuous mode [ 109.333496][ T1198] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.338105][ T1198] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.339288][ T1198] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.341691][ T1198] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.390889][ T3317] veth1_vlan: entered promiscuous mode [ 109.573398][ T3317] veth0_macvtap: entered promiscuous mode [ 109.601178][ T3317] veth1_macvtap: entered promiscuous mode [ 109.780241][ T981] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.780697][ T981] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.780840][ T981] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.780970][ T981] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.797142][ T3318] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 110.792579][ T3468] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.796999][ T3468] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.046515][ T3404] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 111.164784][ T3474] pim6reg1: entered promiscuous mode [ 111.166719][ T3474] pim6reg1: entered allmulticast mode [ 111.215177][ T3404] usb 1-1: Using ep0 maxpacket: 32 [ 111.231570][ T3404] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 111.236148][ T3404] usb 1-1: config 0 has no interface number 0 [ 111.238764][ T3404] usb 1-1: config 0 interface 51 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 111.277451][ T3404] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 111.283420][ T3404] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.286385][ T3404] usb 1-1: Product: syz [ 111.287493][ T3404] usb 1-1: Manufacturer: syz [ 111.288743][ T3404] usb 1-1: SerialNumber: syz [ 111.307094][ T3404] usb 1-1: config 0 descriptor?? [ 111.333773][ T3404] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 111.548877][ T3404] usb 1-1: qt2_setup_urbs - submit read urb failed -8 [ 111.551756][ T3404] quatech2 1-1:0.51: probe with driver quatech2 failed with error -8 [ 111.649860][ T3476] ================================================================== [ 111.653388][ T3476] BUG: KASAN: invalid-access in __memcpy+0xc/0x54 [ 111.655579][ T3476] Write at addr f6ff8000837452a0 by task syz.1.5/3476 [ 111.656034][ T3476] Pointer tag: [f6], memory tag: [fe] [ 111.656102][ T3476] [ 111.656855][ T3476] CPU: 1 UID: 0 PID: 3476 Comm: syz.1.5 Not tainted syzkaller #0 PREEMPT [ 111.657164][ T3476] Hardware name: linux,dummy-virt (DT) [ 111.657436][ T3476] Call trace: [ 111.657723][ T3476] show_stack+0x18/0x24 (C) [ 111.658015][ T3476] dump_stack_lvl+0x78/0x90 [ 111.658115][ T3476] print_report+0x108/0x61c [ 111.658180][ T3476] kasan_report+0x88/0xac [ 111.658225][ T3476] __do_kernel_fault+0x170/0x1c8 [ 111.658280][ T3476] do_bad_area+0x68/0x78 [ 111.658328][ T3476] do_tag_check_fault+0x34/0x44 [ 111.658424][ T3476] do_mem_abort+0x44/0x94 [ 111.658471][ T3476] el1_abort+0x44/0x68 [ 111.658518][ T3476] el1h_64_sync_handler+0x50/0xac [ 111.658567][ T3476] el1h_64_sync+0x6c/0x70 [ 111.658707][ T3476] __memcpy+0xc/0x54 (P) [ 111.658757][ T3476] do_misc_fixups+0x174/0x1afc [ 111.658807][ T3476] bpf_check+0x1384/0x293c [ 111.658855][ T3476] bpf_prog_load+0x63c/0xd40 [ 111.658898][ T3476] __sys_bpf+0x2e0/0x1a88 [ 111.658947][ T3476] __arm64_sys_bpf+0x24/0x34 [ 111.658991][ T3476] invoke_syscall+0x48/0x110 [ 111.659039][ T3476] el0_svc_common.constprop.0+0x40/0xe0 [ 111.659088][ T3476] do_el0_svc+0x1c/0x28 [ 111.659187][ T3476] el0_svc+0x34/0x128 [ 111.659240][ T3476] el0t_64_sync_handler+0xa0/0xe4 [ 111.659287][ T3476] el0t_64_sync+0x1a4/0x1a8 [ 111.659552][ T3476] [ 111.659772][ T3476] The buggy address belongs to a 1-page vmalloc region starting at 0xf6ff800083745000 allocated at bpf_check+0x8c/0x293c [ 111.661148][ T3476] The buggy address belongs to the physical page: [ 111.661510][ T3476] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4bad7 [ 111.661846][ T3476] flags: 0x1ffe40000000000(node=0|zone=0|lastcpupid=0x7ff|kasantag=0x9) [ 111.662730][ T3476] raw: 01ffe40000000000 0000000000000000 dead000000000122 0000000000000000 [ 111.662787][ T3476] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 111.662897][ T3476] page dumped because: kasan: bad access detected [ 111.662937][ T3476] [ 111.662966][ T3476] Memory state around the buggy address: [ 111.663226][ T3476] ffff800083745000: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 [ 111.663319][ T3476] ffff800083745100: f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 f6 fe fe [ 111.663371][ T3476] >ffff800083745200: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 111.663429][ T3476] ^ [ 111.663661][ T3476] ffff800083745300: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 111.663691][ T3476] ffff800083745400: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 111.663758][ T3476] ================================================================== [ 111.665006][ T3476] Disabling lock debugging due to kernel taint SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 111.893369][ T3417] usb 1-1: USB disconnect, device number 2 [ 112.713624][ T1198] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.788669][ T1198] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.873708][ T1198] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.961973][ T1198] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.511450][ T1198] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 113.557459][ T1198] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 113.578709][ T1198] bond0 (unregistering): Released all slaves [ 113.676655][ T1198] hsr_slave_0: left promiscuous mode [ 113.679881][ T1198] hsr_slave_1: left promiscuous mode [ 113.690561][ T1198] veth1_macvtap: left promiscuous mode [ 113.691685][ T1198] veth0_macvtap: left promiscuous mode [ 113.692898][ T1198] veth1_vlan: left promiscuous mode [ 113.693812][ T1198] veth0_vlan: left promiscuous mode [ 114.670292][ T1198] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.723731][ T1198] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.782096][ T1198] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.852677][ T1198] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.352550][ T1198] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 115.379964][ T1198] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 115.408469][ T1198] bond0 (unregistering): Released all slaves [ 115.477994][ T1198] hsr_slave_0: left promiscuous mode [ 115.480449][ T1198] hsr_slave_1: left promiscuous mode [ 115.492768][ T1198] veth1_macvtap: left promiscuous mode [ 115.493837][ T1198] veth0_macvtap: left promiscuous mode [ 115.497597][ T1198] veth1_vlan: left promiscuous mode [ 115.498824][ T1198] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 22:25:53 Registers: info registers vcpu 0 CPU#0 PC=ffff800081b8683c X00=ffff800081b86838 X01=f6f0000006a38000 X02=0000000000000001 X03=fff07ffffcf0d000 X04=0000000000000001 X05=0000000000000000 X06=0000000000000011 X07=f4f000000724d800 X08=0000000000000a1b X09=ffff800082a04000 X10=0000000000000001 X11=ffff800082dae840 X12=0000000000003ab3 X13=0000000000000001 X14=000000000000010e X15=ffff800081bd4430 X16=ffff800082de8000 X17=fff07ffffcef4000 X18=0000000000000000 X19=0000000000000000 X20=ffff800082b11908 X21=ffff800082b11900 X22=0000000000000098 X23=0000000000000004 X24=ffff800082b11908 X25=0000000000000028 X26=0000000000000001 X27=fff07ffffcf0d000 X28=f8f0000006029500 X29=ffff800082deb590 X30=ffff800080187f58 SP=ffff800082deb590 PSTATE=404020c9 -Z-- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:2525252525252525:2525252525252525 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6572207265767265:730073250a0d0a0d Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3d3d3d3d3d3d3d3d:3d3d3d3d3d3d3d3d Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:00ff00ff00000000 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:000000000f0f0000 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3d3d3d3d3d3d3d3d:3d3d3d3d3d3d3d3d Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:6863657461755120:3a31352e303a312d Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:206f742042535520:6e656720646e3220 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000ffffcb2205b0:0000ffffcb2205b0 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ffffff80ffffffd8:0000ffffcb220580 Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 info registers vcpu 1 CPU#1 PC=ffff80008092e420 X00=0000000000000002 X01=0000000000000018 X02=ffff800082e15018 X03=ffff800082badf28 X04=fdf00000030e5880 X05=000000000000004d X06=0000000000000020 X07=0000000000000000 X08=7f7f7f7f7f7f7f7f X09=ffff800082badf58 X10=0000000000000001 X11=ffff8000831ebe20 X12=ffff800082adf268 X13=ffff8000831ebb8d X14=ffff8000831ebb98 X15=ffff8000831eba00 X16=0000000000006400 X17=0000000000000000 X18=00000000ffffffff X19=f6f000000304305b X20=ffff80008092e5c4 X21=fdf00000030e5880 X22=f6f000000304305b X23=ffff80008092e5c4 X24=000000000000005f X25=f7f000000323b180 X26=0000000000000001 X27=0000000000000000 X28=0000000000000000 X29=ffff8000831ebca0 X30=ffff80008092e5ec SP=ffff8000831ebca0 PSTATE=804020c9 N--- EL2h SVCR=00000000 -- BTYPE=0 FPCR=00000000 FPSR=00000000 P00=0000000000000000 P01=0000000000000000 P02=0000000000000000 P03=0000000000000000 P04=0000000000000000 P05=0000000000000000 P06=0000000000000000 P07=0000000000000000 P08=0000000000000000 P09=0000000000000000 P10=0000000000000000 P11=0000000000000000 P12=0000000000000000 P13=0000000000000000 P14=0000000000000000 P15=0000000000000000 FFR=0000000000000000 Z00=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:e9b5dba5b5c0fbcf:71374491428a2f98 Z01=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ab1c5ed5923f82a4:59f111f13956c25b Z02=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:550c7dc3243185be:12835b01d807aa98 Z03=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c19bf1749bdc06a7:80deb1fe72be5d74 Z04=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:240ca1cc0fc19dc6:efbe4786e49b69c1 Z05=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:76f988da5cb0a9dc:4a7484aa2de92c6f Z06=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:bf597fc7b00327c8:a831c66d983e5152 Z07=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:1429296706ca6351:d5a79147c6e00bf3 Z08=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:53380d134d2c6dfc:2e1b213827b70a85 Z09=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:92722c8581c2c92e:766a0abb650a7354 Z10=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c76c51a3c24b8b70:a81a664ba2bfe8a1 Z11=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:106aa070f40e3585:d6990624d192e819 Z12=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:34b0bcb52748774c:1e376c0819a4c116 Z13=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:682e6ff35b9cca4f:4ed8aa4a391c0cb3 Z14=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:8cc7020884c87814:78a5636f748f82ee Z15=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:c67178f2bef9a3f7:a4506ceb90befffa Z16=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:503a27aa13d567d5:af66fb773bf6d649 Z17=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ea849821339f235a:2ef4b61d3886435c Z18=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:9b6f8e2872f3078b:15b0895ff83e7118 Z19=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:72c35c48a231ff83:a1fd62886f927b2c Z20=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:5fa8069a0f55d6fd:0ca632347a366a93 Z21=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:a83f23c13048d789:30be06da15ead3ae Z22=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:28369030f7bb7f9f:8e55ecce6ccdf406 Z23=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:3934d53a612ba37a:464dcf7300517b26 Z24=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:ba581160d2e6e38b:513e83af102c842c Z25=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:4c5e56a810c4fdde:95b89e4ec4dc812f Z26=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:baf5ba47bdfc8404:724d2c46ba6a1509 Z27=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z28=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z29=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z30=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000 Z31=0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000:0000000000000000