syzkaller login: [ 364.129970][ T2921] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 364.163930][ T2921] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 364.218937][ T2921] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:15487' (ECDSA) to the list of known hosts. 1970/01/01 00:06:41 fuzzer started 1970/01/01 00:06:45 connecting to host at localhost:46715 1970/01/01 00:06:45 checking machine... 1970/01/01 00:06:45 checking revisions... 1970/01/01 00:06:48 testing simple program... executing program executing program executing program executing program executing program executing program executing program executing program [ 431.418581][ T3083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 431.480024][ T3083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link executing program [ 435.084802][ T3083] device hsr_slave_0 entered promiscuous mode [ 435.102853][ T3083] device hsr_slave_1 entered promiscuous mode executing program [ 437.048809][ T3083] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 437.111849][ T3083] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 437.154991][ T3083] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 437.205055][ T3083] netdevsim netdevsim0 netdevsim3: renamed from eth3 executing program [ 440.775626][ T3083] 8021q: adding VLAN 0 to HW filter on device bond0 [ 440.951035][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 440.975556][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready executing program [ 443.385171][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 443.394190][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 443.475553][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 443.502105][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 443.601534][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 443.692076][ T1950] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 443.940640][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 443.964142][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 444.032949][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 444.041018][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 444.123018][ T3083] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 444.402873][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 444.405168][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready executing program executing program [ 449.012473][ T3288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 449.029253][ T3288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready executing program [ 451.514442][ T3288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 451.523603][ T3288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 451.550017][ T3288] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 451.559326][ T3288] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 451.622028][ T3083] device veth0_vlan entered promiscuous mode [ 451.779985][ T3083] device veth1_vlan entered promiscuous mode [ 452.230067][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 452.251340][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 452.371708][ T3083] device veth0_macvtap entered promiscuous mode [ 452.481463][ T3083] device veth1_macvtap entered promiscuous mode [ 452.524199][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 452.544684][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 452.784710][ T3288] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 452.794974][ T3288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 452.913532][ T3288] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 452.923767][ T3288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 453.012445][ T3083] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.014479][ T3083] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.015510][ T3083] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 453.019486][ T3083] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.035764][ T3083] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation executing program 1970/01/01 00:07:35 building call list... executing program [ 458.241375][ T9] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 458.550696][ T9] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.098175][ T9] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 459.601791][ T9] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 executing program executing program [ 465.141417][ T9] device hsr_slave_0 left promiscuous mode [ 465.169472][ T9] device hsr_slave_1 left promiscuous mode [ 465.319855][ T9] device veth1_macvtap left promiscuous mode [ 465.323045][ T9] device veth0_macvtap left promiscuous mode [ 465.339190][ T9] device veth1_vlan left promiscuous mode [ 465.342027][ T9] device veth0_vlan left promiscuous mode executing program executing program executing program [ 473.291166][ T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 473.474329][ T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 475.022296][ T9] bond0 (unregistering): Released all slaves executing program executing program [ 480.500284][ T3309] Unable to handle kernel paging request at virtual address 1ffffffff07aa547 [ 480.502951][ T3309] Oops [#1] [ 480.503387][ T3309] Modules linked in: [ 480.504794][ T3309] CPU: 0 PID: 3309 Comm: kworker/0:5 Not tainted 5.14.0-syzkaller #0 [ 480.506418][ T3309] Hardware name: riscv-virtio,qemu (DT) [ 480.507754][ T3309] Workqueue: events nsim_dev_trap_report_work [ 480.508690][ T3309] epc : __kmalloc_node_track_caller+0xb0/0x3d2 [ 480.509574][ T3309] ra : __kmalloc_node_track_caller+0x70/0x3d2 [ 480.510291][ T3309] epc : ffffffff803e2a20 ra : ffffffff803e29e0 sp : ffffffe0095c3b20 [ 480.511040][ T3309] gp : ffffffff83f967d8 tp : ffffffe00ba397c0 t0 : ffffffe008b544a8 [ 480.511774][ T3309] t1 : 0000000000000001 t2 : ffffffffeddd472a s0 : ffffffe0095c3bc0 [ 480.512457][ T3309] s1 : ffffffe005602140 a0 : 0000000000000000 a1 : 0000000000000007 [ 480.513129][ T3309] a2 : 1ffffffff07aa51f a3 : ffffffff80a9711a a4 : 0000000004000000 [ 480.513820][ T3309] a5 : 0000000000000000 a6 : 0000000000f00000 a7 : 78e919c5cf7e2f00 [ 480.514496][ T3309] s2 : ffffffff83f96adc s3 : 0000000000082a20 s4 : 0000000000001000 [ 480.515168][ T3309] s5 : ffffffffffffffff s6 : ffffffff81538164 s7 : ffffffff83f9a0d0 [ 480.515914][ T3309] s8 : 0000000000000000 s9 : 0000000000082a20 s10: 0000000000000000 [ 480.517082][ T3309] s11: ffffffe008b545c8 t3 : 78e919c5cf7e2f00 t4 : ffffffc40116a8bb [ 480.517763][ T3309] t5 : ffffffc40116a8bc t6 : ffffffe00eede026 [ 480.518319][ T3309] status: 0000000000000120 badaddr: 1ffffffff07aa547 cause: 000000000000000f [ 480.519077][ T3309] [] __kmalloc_node_track_caller+0xb0/0x3d2 [ 480.519913][ T3309] [] __alloc_skb+0xee/0x2e2 [ 480.520594][ T3309] [] nsim_dev_trap_report_work+0x1cc/0x5e6 [ 480.521359][ T3309] [] process_one_work+0x5e0/0xf82 [ 480.522083][ T3309] [] worker_thread+0x356/0x8e6 [ 480.522802][ T3309] [] kthread+0x25c/0x2c6 [ 480.523447][ T3309] [] ret_from_exception+0x0/0x14 [ 480.525174][ T3309] ---[ end trace fa569262b4bfae4f ]--- [ 480.526269][ T3309] Kernel panic - not syncing: Fatal exception [ 480.526976][ T3309] SMP: stopping secondary CPUs [ 480.528007][ T3309] Rebooting in 86400 seconds.. VM DIAGNOSIS: 10:11:54 Registers: info registers vcpu 0 pc ffffffff80c82284 mhartid 0000000000000000 mstatus 00000000000001a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff80005004 mepc ffffffff800084e2 sepc ffffffff803e2a20 mcause 8000000000000003 scause 000000000000000f mtval 0000000000000000 stval 1ffffffff07aa547 x0/zero 0000000000000000 x1/ra ffffffff80c82284 x2/sp ffffffe0095c3500 x3/gp ffffffff83f967d8 x4/tp ffffffe00ba397c0 x5/t0 ffffffff852b2bc7 x6/t1 ffffffc7f0a56578 x7/t2 0000000000000000 x8/s0 ffffffe0095c3520 x9/s1 ffffffff8552e4d8 x10/a0 ffffffd010695001 x11/a1 0000000000000007 x12/a2 1ffffffff0aa5ca4 x13/a3 ffffffff80c82284 x14/a4 0000000000000000 x15/a5 ffffffff8552e520 x16/a6 0000000000f00000 x17/a7 ffffffff852b2bc6 x18/s2 0000000000000001 x19/s3 0000000000000120 x20/s4 0000000000000000 x21/s5 ffffffff852b2bb0 x22/s6 000000000000005a x23/s7 0000000000000001 x24/s8 0000000000000001 x25/s9 ffffffff83f9a0d0 x26/s10 ffffffff83da87f8 x27/s11 ffffffff8552e528 x28/t3 0000000000000043 x29/t4 ffffffc7f0a56576 x30/t5 ffffffc7f0a56579 x31/t6 ffffffff852b2bc7 f0/ft0 3f37b112f5e3964a f1/ft1 40337d14f28c65e7 f2/ft2 40dbcc0000000000 f3/ft3 41bacfa55c000000 f4/ft4 3ff799999999999a f5/ft5 3fde666666666666 f6/ft6 3fec4429d60f6d7c f7/ft7 3fda21ed45b87492 f8/fs0 3feaaaaaaaaaaaab f9/fs1 3f3d03f2996b7800 f10/fa0 3fda1be1c88328d9 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff803e8aa6 mhartid 0000000000000001 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff80005004 mepc ffffffff803e8aa6 sepc ffffffff8000f030 mcause 8000000000000007 scause 8000000000000001 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff800d36fc x2/sp ffffffe0057b3ae0 x3/gp ffffffff83f967d8 x4/tp ffffffe0057f97c0 x5/t0 ffffffe0057b3a88 x6/t1 ffffffc7f07a8188 x7/t2 0000000000000009 x8/s0 ffffffe0057b3b50 x9/s1 ffffffe0057f97c0 x10/a0 ffffffe0057f97c8 x11/a1 0000000000000003 x12/a2 1ffffffc00aff2f9 x13/a3 ffffffff800d36d8 x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 ffffffff800a7552 x17/a7 ffffffff83d40c47 x18/s2 0000000000000001 x19/s3 0000000000000000 x20/s4 ffffffff83f9a1f0 x21/s5 0000000000000000 x22/s6 0000000000000000 x23/s7 ffffffff800a7552 x24/s8 ffffffe0057f9a38 x25/s9 ffffffe05adf4b00 x26/s10 ffffffe0057f97e8 x27/s11 ffffffe05adf4b80 x28/t3 78e919c5cf7e2f00 x29/t4 ffffffc7f07a8188 x30/t5 ffffffc7f07a8189 x31/t6 7365722f65740000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000