last executing test programs: 39m18.988654768s ago: executing program 1 (id=72): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @random="08c82553c54d", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x4, 0x6, 0x0, @private=0xa010102, @local}, {{0x1, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x13, 0x12, "b3e480a7613088fd71106c027deb3b11"}]}}}}}}}, 0x0) 39m17.350784316s ago: executing program 0 (id=73): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xd, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001e000000850000000700000095"], &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000080)="0000090000980500000000000800", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 39m14.218030867s ago: executing program 1 (id=74): r0 = io_uring_setup(0x6ddd, &(0x7f00000002c0)) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xe, &(0x7f0000001180)={0x4, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x0, 0x4}, 0x20) 39m12.833393779s ago: executing program 0 (id=75): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000040)={0x14, r1, 0xf1aad47e89fb43b5, 0x0, 0x0, {0x26}}, 0x14}}, 0x0) 39m8.009773009s ago: executing program 1 (id=76): syz_io_uring_setup(0xfb, &(0x7f00000003c0), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps_rollup\x00') preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000000)=""/92, 0x5c}], 0x1, 0x0, 0x0) 39m7.167176658s ago: executing program 0 (id=77): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 39m5.234444612s ago: executing program 1 (id=78): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f00000001c0)=']', 0x1) getsockopt$inet_opts(r0, 0x0, 0x9, 0x0, &(0x7f0000000180)) 39m4.44966386s ago: executing program 0 (id=79): madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3011, 0x17) madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x14) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x3) 39m2.107214014s ago: executing program 1 (id=80): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x11, &(0x7f0000000080)=0x4, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1}, 0x1c) 39m0.763116415s ago: executing program 0 (id=81): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000040)={0x13, 0x10, 0xfa00, {&(0x7f0000000300), r1, 0x2}}, 0x18) 38m59.731793948s ago: executing program 1 (id=82): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x30004081) sendmsg$sock(r0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000013c0)=[@timestamping={{0x14, 0x1, 0x51, 0x7}}], 0x18}, 0x8000) 38m58.35393162s ago: executing program 0 (id=83): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x178b, &(0x7f0000000180)={0x0, 0x0, 0x13291}, &(0x7f0000000100), &(0x7f0000000080)) io_uring_enter(r0, 0x0, 0x0, 0x1, 0x0, 0x0) 31m5.488405219s ago: executing program 32 (id=83): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x200000c, 0x3032, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x178b, &(0x7f0000000180)={0x0, 0x0, 0x13291}, &(0x7f0000000100), &(0x7f0000000080)) io_uring_enter(r0, 0x0, 0x0, 0x1, 0x0, 0x0) 30m31.87494926s ago: executing program 33 (id=82): r0 = socket$kcm(0x2, 0x200000000000001, 0x0) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x30004081) sendmsg$sock(r0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000013c0)=[@timestamping={{0x14, 0x1, 0x51, 0x7}}], 0x18}, 0x8000) 1m7.378159107s ago: executing program 2 (id=833): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000200)) 57.073816766s ago: executing program 3 (id=834): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[], 0x58}}, 0x0) syz_io_uring_setup(0x2c0c, &(0x7f0000000400)={0x0, 0x0, 0x4002}, &(0x7f0000000480), &(0x7f00000004c0)) 45.611100035s ago: executing program 2 (id=835): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x200000f, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 43.852877097s ago: executing program 3 (id=836): mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x0, &(0x7f0000a00000/0x600000)=nil) r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080)) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x5, &(0x7f0000000040)=[{0x2}], 0x1, 0xe4, 0x0, 0x0, 0x0, 0x2}) 37.346330225s ago: executing program 3 (id=837): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r0, 0x2) ppoll(&(0x7f0000000100)=[{r0, 0x219c}], 0x1, 0x0, 0x0, 0x0) 35.06999253s ago: executing program 2 (id=838): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = gettid() sigaltstack(&(0x7f0000000200)={&(0x7f0000001200)=""/4090, 0x0, 0xffa}, 0x0) rt_sigqueueinfo(r0, 0x21, &(0x7f0000000000)) 31.159196655s ago: executing program 3 (id=839): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c) 30.09809798s ago: executing program 2 (id=840): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x10012, r0, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$ARPT_SO_GET_INFO(r1, 0x0, 0x60, &(0x7f0000001040), &(0x7f0000000200)=0x44) 12.890795967s ago: executing program 2 (id=841): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6}]}) sched_setscheduler(0x0, 0x1, 0x0) read$FUSE(r0, 0x0, 0x0) 12.099986056s ago: executing program 3 (id=842): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000400000014000500fc01000000000000000000000000000008000200050000000a0006"], 0x4c}}, 0x0) 1.62078743s ago: executing program 3 (id=843): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0) close(r0) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0200bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000011c0)={r0, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 0s ago: executing program 2 (id=844): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='veno\x00', 0x5) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:37653' (ED25519) to the list of known hosts. syzkaller login: [ 327.662498][ T3182] cgroup: Unknown subsys name 'net' [ 328.146282][ T3182] cgroup: Unknown subsys name 'cpuset' [ 328.259046][ T3182] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 383.160258][ T3182] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 451.786532][ T3190] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 451.881045][ T3190] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 455.278615][ T3188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 455.410245][ T3188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 462.825556][ T3190] hsr_slave_0: entered promiscuous mode [ 462.857977][ T3190] hsr_slave_1: entered promiscuous mode [ 465.744908][ T3188] hsr_slave_0: entered promiscuous mode [ 465.897068][ T3188] hsr_slave_1: entered promiscuous mode [ 465.930236][ T3188] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 465.935841][ T3188] Cannot create hsr debugfs directory [ 471.850884][ T3190] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 471.984904][ T3190] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 472.060495][ T3190] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 472.147862][ T3190] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 474.089267][ T3188] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 474.230329][ T3188] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 474.358677][ T3188] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 474.599865][ T3188] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 484.634432][ T3190] 8021q: adding VLAN 0 to HW filter on device bond0 [ 485.577768][ T3188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 524.341803][ T3190] veth0_vlan: entered promiscuous mode [ 524.673966][ T3190] veth1_vlan: entered promiscuous mode [ 525.387632][ T3190] veth0_macvtap: entered promiscuous mode [ 525.820766][ T3190] veth1_macvtap: entered promiscuous mode [ 526.050805][ T3188] veth0_vlan: entered promiscuous mode [ 526.844351][ T3188] veth1_vlan: entered promiscuous mode [ 527.696482][ T3190] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.700248][ T3190] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.711081][ T3190] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 527.718655][ T3190] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 530.588270][ T3188] veth0_macvtap: entered promiscuous mode [ 530.985590][ T3188] veth1_macvtap: entered promiscuous mode [ 531.819421][ T3188] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 531.827051][ T3188] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 531.829288][ T3188] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 531.847193][ T3188] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 532.421345][ T3190] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 562.668028][ T3913] ======================================================= [ 562.668028][ T3913] WARNING: The mand mount option has been deprecated and [ 562.668028][ T3913] and is ignored by this kernel. Remove the mand [ 562.668028][ T3913] option from the mount to silence this warning. [ 562.668028][ T3913] ======================================================= [ 562.678702][ T3913] hugetlbfs: Bad value 'A' for mount option 'nr_inodes' [ 562.678702][ T3913] [ 571.414033][ T35] audit: type=1326 audit(570.220:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3928 comm="syz.1.21" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x0 [ 576.287216][ T3936] netlink: 'syz.0.26': attribute type 2 has an invalid length. [ 576.348124][ T3938] sctp: [Deprecated]: syz.1.25 (pid 3938) Use of struct sctp_assoc_value in delayed_ack socket option. [ 576.348124][ T3938] Use struct sctp_sack_info instead [ 581.528875][ T3944] IPv6: sit1: Disabled Multicast RS [ 591.467748][ T3956] mmap: syz.0.34 (3956) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 592.898301][ T3957] netlink: 12 bytes leftover after parsing attributes in process `syz.1.33'. [ 596.569804][ T3959] capability: warning: `syz.0.35' uses deprecated v2 capabilities in a way that may be insecure [ 598.010680][ T3961] netlink: 'syz.1.36': attribute type 2 has an invalid length. [ 598.175899][ T3961] netlink: 132 bytes leftover after parsing attributes in process `syz.1.36'. [ 620.149962][ T3987] tmpfs: Cannot disable swap on remount [ 625.542167][ T3993] Illegal XDP return value 65536 on prog (id 3) dev N/A, expect packet loss! [ 645.704985][ T4015] Process accounting resumed [ 646.336273][ T4014] Process accounting resumed [ 654.208527][ T4023] RDS: rds_bind could not find a transport for fe80::, load rds_tcp or rds_rdma? [ 1216.400025][ T3475] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1217.629977][ T3475] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1219.419939][ T3475] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1220.947923][ T3475] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1232.470956][ T3475] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1232.664250][ T3475] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1232.819578][ T3475] bond0 (unregistering): Released all slaves [ 1234.464713][ T3475] hsr_slave_0: left promiscuous mode [ 1234.525941][ T3475] hsr_slave_1: left promiscuous mode [ 1235.089335][ T3475] veth1_macvtap: left promiscuous mode [ 1235.118608][ T3475] veth0_macvtap: left promiscuous mode [ 1235.138474][ T3475] veth1_vlan: left promiscuous mode [ 1235.186976][ T3475] veth0_vlan: left promiscuous mode [ 1253.443364][ T3475] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1254.503573][ T3475] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1255.508179][ T3475] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1256.195134][ T3475] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1264.779030][ T3475] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1264.906673][ T3475] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1265.008886][ T3475] bond0 (unregistering): Released all slaves [ 1266.185748][ T3475] hsr_slave_0: left promiscuous mode [ 1266.227907][ T3475] hsr_slave_1: left promiscuous mode [ 1266.387649][ T3475] veth1_macvtap: left promiscuous mode [ 1266.390922][ T3475] veth0_macvtap: left promiscuous mode [ 1266.408322][ T3475] veth1_vlan: left promiscuous mode [ 1266.410626][ T3475] veth0_vlan: left promiscuous mode [ 1299.623443][ T4085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1299.858012][ T4085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1303.627812][ T4108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1303.739271][ T4108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1316.922990][ T4085] hsr_slave_0: entered promiscuous mode [ 1316.946280][ T4085] hsr_slave_1: entered promiscuous mode [ 1319.824602][ T4108] hsr_slave_0: entered promiscuous mode [ 1319.874658][ T4108] hsr_slave_1: entered promiscuous mode [ 1319.904772][ T4108] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1319.907222][ T4108] Cannot create hsr debugfs directory [ 1327.327111][ T4085] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1327.453636][ T4085] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1327.555994][ T4085] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1327.644869][ T4085] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1329.335113][ T4108] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1329.844568][ T4108] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1330.139948][ T4108] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1330.409441][ T4108] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1347.137109][ T4085] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1347.779245][ T4108] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1398.838269][ T4108] veth0_vlan: entered promiscuous mode [ 1399.645495][ T4108] veth1_vlan: entered promiscuous mode [ 1403.347643][ T4108] veth0_macvtap: entered promiscuous mode [ 1403.747377][ T4108] veth1_macvtap: entered promiscuous mode [ 1405.368706][ T4108] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1405.427546][ T4108] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1405.430099][ T4108] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1405.460143][ T4108] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1407.229611][ T4085] veth0_vlan: entered promiscuous mode [ 1408.069032][ T4085] veth1_vlan: entered promiscuous mode [ 1410.667160][ T4085] veth0_macvtap: entered promiscuous mode [ 1410.995393][ T4085] veth1_macvtap: entered promiscuous mode [ 1419.604035][ T4085] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1419.607155][ T4085] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1419.609736][ T4085] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1419.644842][ T4085] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1428.950406][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x4 [ 1428.983859][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x2 [ 1428.988066][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 1428.989989][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 1429.065560][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 1429.068419][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 1429.070443][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 1429.147371][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 1429.172554][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 1429.194115][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 1429.197380][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 1429.199318][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 1429.201177][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 1429.215632][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 1429.217562][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 1429.235438][ T3768] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 1429.659403][ T3768] hid-generic 0000:3000000:0000.0001: hidraw0: HID v0.00 Device [sy] on syz0 [ 1464.606275][ T4922] ptrace attach of "/syz-executor exec"[4926] was attempted by "/syz-executor exec"[4922] [ 1535.288991][ T5025] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1538.081278][ T5027] block nbd2: not configured, cannot reconfigure [ 1558.668168][ T5051] netlink: 52 bytes leftover after parsing attributes in process `syz.3.120'. [ 1615.189644][ T5101] netlink: 72 bytes leftover after parsing attributes in process `syz.3.143'. [ 1615.225683][ T5101] netlink: 72 bytes leftover after parsing attributes in process `syz.3.143'. [ 1615.228050][ T5101] netlink: 32 bytes leftover after parsing attributes in process `syz.3.143'. [ 1615.906753][ T5102] netlink: 12 bytes leftover after parsing attributes in process `syz.2.142'. [ 1629.850411][ T5116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1629.884781][ T5116] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1670.230294][ T5148] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 1699.990660][ T5181] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 1708.043378][ T5208] netlink: 20 bytes leftover after parsing attributes in process `syz.2.181'. [ 1721.600211][ T5224] netlink: 8 bytes leftover after parsing attributes in process `syz.2.188'. [ 1721.604271][ T5224] netlink: 12 bytes leftover after parsing attributes in process `syz.2.188'. [ 1735.917621][ T5240] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1740.980945][ T5249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1741.046138][ T5249] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1791.556388][ T5302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.222'. [ 1791.557940][ T5302] netlink: 12 bytes leftover after parsing attributes in process `syz.3.222'. [ 1816.697459][ T5333] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1816.717635][ T5333] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1827.418819][ T5345] process 'syz.3.240' launched '/dev/fd/3' with NULL argv: empty string added [ 1832.508459][ T5350] geneve0: entered allmulticast mode [ 1859.016358][ T5372] lo speed is unknown, defaulting to 1000 [ 1859.058428][ T5372] lo speed is unknown, defaulting to 1000 [ 1859.334195][ T5372] lo speed is unknown, defaulting to 1000 [ 1859.799016][ T5372] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 1860.489384][ T5372] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 1861.393938][ T5372] lo speed is unknown, defaulting to 1000 [ 1861.506796][ T5372] lo speed is unknown, defaulting to 1000 [ 1863.364340][ T5378] netlink: 232 bytes leftover after parsing attributes in process `syz.3.251'. [ 1864.877657][ T5382] Invalid logical block size (768) [ 1866.755191][ T5384] nvme_fabrics: missing parameter 'transport=%s' [ 1866.757026][ T5384] nvme_fabrics: missing parameter 'nqn=%s' [ 1869.953352][ C1] IPv4: Oversized IP packet from 127.0.0.1 [ 1876.812953][ T5402] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1876.819873][ T5402] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1878.156815][ T5406] ALSA: mixer_oss: invalid OSS volume 'üÃÿ%‰¼I' [ 1907.626884][ T5435] Invalid ELF header magic: != ELF [ 1920.180504][ T5444] netlink: 4 bytes leftover after parsing attributes in process `syz.2.280'. [ 1944.651128][ T5480] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1946.069760][ T5481] can0: slcan on ptm0. [ 1946.915962][ T5480] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1947.570852][ T5479] can0 (unregistered): slcan off ptm0. [ 1948.088238][ T5480] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1949.887366][ T5480] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1953.465163][ T5480] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1953.724514][ T5480] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1954.062548][ T5480] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1954.373088][ T5480] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2005.222399][ T5570] netlink: 24 bytes leftover after parsing attributes in process `syz.2.328'. [ 2012.117444][ T5583] binder: 5582:5583 ioctl c018620c 20000140 returned -22 [ 2017.028960][ T5591] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.336' sets config #0 [ 2059.948537][ T5633] netlink: 12 bytes leftover after parsing attributes in process `syz.2.356'. [ 2079.336207][ T5653] dvmrp0: entered allmulticast mode [ 2079.579584][ T5653] dvmrp0: left allmulticast mode [ 2133.184645][ T5723] netlink: 16 bytes leftover after parsing attributes in process `syz.2.394'. [ 2133.188752][ T5723] netlink: 8 bytes leftover after parsing attributes in process `syz.2.394'. [ 2133.326912][ T5723] IPv6: sit1: Disabled Multicast RS [ 2133.345419][ T5723] sit1: entered allmulticast mode [ 2177.019575][ T4075] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 2177.083924][ T4075] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz0] on syz0 [ 2179.667453][ T5789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2179.701019][ T5789] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2181.522888][ T35] audit: type=1326 audit(2180.410:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5792 comm="syz.2.423" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x0 [ 2196.909979][ T5810] netlink: 8 bytes leftover after parsing attributes in process `syz.3.429'. [ 2196.912421][ T5810] netlink: 12 bytes leftover after parsing attributes in process `syz.3.429'. [ 2223.990874][ T5838] netlink: 40 bytes leftover after parsing attributes in process `syz.3.441'. [ 2226.667201][ T5842] Zero length message leads to an empty skb [ 2236.636473][ T5859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2236.720952][ T5859] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2244.410012][ T5870] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 2248.384569][ T5874] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2248.390944][ T5874] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2278.016493][ T5903] capability: warning: `syz.2.465' uses 32-bit capabilities (legacy support in use) [ 2291.930072][ T5923] netlink: 8 bytes leftover after parsing attributes in process `syz.2.476'. [ 2291.932549][ T5923] netlink: 'syz.2.476': attribute type 3 has an invalid length. [ 2310.664845][ T35] audit: type=1800 audit(2309.530:4): pid=5953 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.490" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 2346.407997][ T5991] netlink: 'syz.3.506': attribute type 3 has an invalid length. [ 2409.446647][ T6070] netlink: 8 bytes leftover after parsing attributes in process `syz.2.542'. [ 2409.448329][ T6070] netlink: 12 bytes leftover after parsing attributes in process `syz.2.542'. [ 2409.449762][ T6070] netlink: 'syz.2.542': attribute type 15 has an invalid length. [ 2412.124292][ T6074] syz.2.543 (6074): /proc/6073/oom_adj is deprecated, please use /proc/6073/oom_score_adj instead. [ 2417.776869][ T6076] lo speed is unknown, defaulting to 1000 [ 2432.129324][ T6114] netlink: 8 bytes leftover after parsing attributes in process `syz.2.550'. [ 2432.174317][ T6114] netlink: 12 bytes leftover after parsing attributes in process `syz.2.550'. [ 2432.177113][ T6114] netlink: 'syz.2.550': attribute type 20 has an invalid length. [ 2439.174767][ T6120] netlink: 71 bytes leftover after parsing attributes in process `syz.2.553'. [ 2449.393948][ T6128] netlink: 'syz.2.556': attribute type 5 has an invalid length. [ 2450.454364][ T6129] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2450.610876][ T6129] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2508.043303][ T6184] vlan3: entered allmulticast mode [ 2542.223251][ T35] audit: type=1400 audit(2541.085:5): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=6224 comm="syz.2.600" [ 2569.789276][ T6261] gtp0: entered promiscuous mode [ 2569.796948][ T6261] gtp0: entered allmulticast mode [ 2570.009815][ T6262] TCP: TCP_TX_DELAY enabled [ 2584.537658][ T6279] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2584.595427][ T6279] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2615.735108][ T6318] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -107 0 [ 2623.859535][ T6330] syz.3.646 uses obsolete (PF_INET,SOCK_PACKET) [ 2637.219745][ T6346] netlink: 8 bytes leftover after parsing attributes in process `syz.3.654'. [ 2637.253421][ T6346] netlink: 4 bytes leftover after parsing attributes in process `syz.3.654'. [ 2637.256553][ T6346] netlink: 'syz.3.654': attribute type 7 has an invalid length. [ 2648.500338][ T6352] syz.2.657 (6352): drop_caches: 2 [ 2659.625773][ T6367] netlink: 277 bytes leftover after parsing attributes in process `syz.2.664'. [ 2665.912188][ T6377] netlink: 64 bytes leftover after parsing attributes in process `syz.3.669'. [ 2684.139512][ T6403] netlink: 168 bytes leftover after parsing attributes in process `syz.2.681'. [ 2711.460162][ T6437] netlink: 4 bytes leftover after parsing attributes in process `syz.3.697'. [ 2726.206523][ T35] audit: type=1326 audit(2725.065:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6455 comm="syz.3.706" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7fc00000 [ 2777.707737][ T6532] ubi0: attaching mtd0 [ 2777.760047][ T6532] ubi0: scanning is finished [ 2777.762659][ T6532] ubi0: empty MTD device detected [ 2778.828092][ T6532] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 2778.829614][ T6532] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 2778.831250][ T6532] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 2778.832830][ T6532] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 2778.849352][ T6532] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 2778.850701][ T6532] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 2778.862895][ T6532] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1451663970 [ 2778.864584][ T6532] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 2778.868757][ T6536] ubi0: background thread "ubi_bgt0d" started, PID 6536 [ 2843.703417][ T6605] atomic_op ff60000034d82998 conn xmit_atomic 0000000000000000 [ 2858.539512][ T6623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2858.565292][ T6623] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2869.727220][ T6635] netlink: 71 bytes leftover after parsing attributes in process `syz.3.787'. [ 2875.426585][ T6646] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2875.444024][ T6646] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2889.757167][ T6659] netlink: 56 bytes leftover after parsing attributes in process `syz.3.797'. [ 2889.776844][ T6659] netlink: 16 bytes leftover after parsing attributes in process `syz.3.797'. [ 2890.739144][ T6661] xt_bpf: check failed: parse error [ 2899.319719][ T6674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2899.335260][ T6674] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2911.536632][ T6692] netlink: 8 bytes leftover after parsing attributes in process `syz.2.812'. [ 2911.538133][ T6692] netlink: 12 bytes leftover after parsing attributes in process `syz.2.812'. [ 2914.039500][ T6696] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2914.053465][ T6696] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2980.169778][ T35] audit: type=1326 audit(2978.005:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6740 comm="syz.2.833" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x7fc00000 [ 2980.208786][ T35] audit: type=1326 audit(2978.005:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6740 comm="syz.2.833" exe="/syz-executor" sig=0 arch=c00000f3 syscall=29 compat=0 ip=0xdb5be code=0x7fc00000 [ 3020.605861][ T35] audit: type=1326 audit(3019.305:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6759 comm="syz.2.841" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0xdb5be code=0x0 [ 3023.407579][ T6762] netlink: 16 bytes leftover after parsing attributes in process `syz.3.842'. [ 3643.345012][ T39] INFO: task syz.2.844:6767 blocked for more than 445 seconds. [ 3643.347285][ T39] Not tainted 6.13.0-rc3-syzkaller-g6f6ecce59d99 #0 [ 3643.348744][ T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3643.375060][ T39] task:syz.2.844 state:D stack:0 pid:6767 tgid:6764 ppid:4085 flags:0x0000000c [ 3643.377350][ T39] Call Trace: [ 3643.378344][ T39] [] __schedule+0xdaa/0x393a [ 3643.379796][ T39] [] schedule+0xc4/0x324 [ 3643.380856][ T39] [] schedule_preempt_disabled+0x16/0x28 [ 3643.473698][ T39] [] rwsem_down_read_slowpath+0x56a/0x91e [ 3643.475391][ T39] [] down_read+0xe4/0x45e [ 3643.476440][ T39] [] do_exit+0x810/0x296e [ 3643.477563][ T39] [] do_group_exit+0xd4/0x26c [ 3643.478644][ T39] [] get_signal+0x1f4c/0x22de [ 3643.479905][ T39] [] arch_do_signal_or_restart+0x98a/0x1d2c [ 3643.481002][ T39] [] syscall_exit_to_user_mode+0x29e/0x316 [ 3643.613817][ T39] [] do_trap_ecall_u+0x86/0x216 [ 3643.615081][ T39] [] handle_exception+0x146/0x152 [ 3643.616620][ T39] [ 3643.616620][ T39] Showing all locks held in the system: [ 3643.617944][ T39] 1 lock held by kthreadd/2: [ 3643.619194][ T39] 1 lock held by kworker/R-mm_pe/13: [ 3643.620154][ T39] 1 lock held by khungtaskd/39: [ 3643.621028][ T39] #0: ffffffff881d0d40 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x68/0x2e6 [ 3643.747574][ T39] 1 lock held by kswapd0/80: [ 3643.748510][ T39] 3 locks held by kworker/u9:4/946: [ 3643.749570][ T39] 1 lock held by klogd/2979: [ 3643.750405][ T39] 1 lock held by dhcpcd/3023: [ 3643.838042][ T39] 2 locks held by getty/3150: [ 3643.839253][ T39] #0: ff600000731800a0 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3a/0x46 [ 3643.912972][ T39] #1: ff2000000008b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0xd7c/0x129a [ 3643.915841][ T39] 3 locks held by syz-executor/3182: [ 3643.916710][ T39] #0: ff6000001d0d6d18 (&vma->vm_lock->lock){++++}-{4:4}, at: lock_vma_under_rcu+0x15a/0xa60 [ 3643.919240][ T39] #1: ff6000001d7b0518 (sb_pagefaults){.+.+}-{0:0}, at: ext4_page_mkwrite+0x1da/0x10cc [ 3644.091961][ T39] #2: ff60000073198958 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xdac/0x122e [ 3644.095236][ T39] 2 locks held by syz-executor/4085: [ 3644.096177][ T39] 1 lock held by syz-executor/4108: [ 3644.097248][ T39] 3 locks held by kworker/u9:5/4761: [ 3644.098339][ T39] 2 locks held by kworker/1:3/5048: [ 3644.099459][ T39] 5 locks held by kworker/u10:0/5440: [ 3644.100495][ T39] 2 locks held by kworker/u9:2/6112: [ 3644.223058][ T39] #0: ff6000005cdd3a58 (&rq->__lock){-.-.}-{2:2}, at: __schedule+0x278/0x393a [ 3644.226114][ T39] #1: ff6000005cdbf688 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x22c/0x71a [ 3644.228897][ T39] 4 locks held by kworker/0:2/6282: [ 3644.229931][ T39] 4 locks held by kworker/0:3/6719: [ 3644.231024][ T39] 3 locks held by syz.2.844/6764: [ 3644.335359][ T39] 1 lock held by syz.2.844/6767: [ 3644.336365][ T39] #0: ff60000011517390 (&mm->mmap_lock){++++}-{4:4}, at: do_exit+0x810/0x296e [ 3644.443528][ T39] [ 3644.444653][ T39] ============================================= [ 3644.444653][ T39] [ 3644.446221][ T39] NMI backtrace for cpu 0 [ 3644.447298][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted 6.13.0-rc3-syzkaller-g6f6ecce59d99 #0 [ 3644.448511][ T39] Hardware name: riscv-virtio,qemu (DT) [ 3644.449274][ T39] Call Trace: [ 3644.449904][ T39] [] dump_backtrace+0x2e/0x3c [ 3644.450980][ T39] [] show_stack+0x30/0x3c [ 3644.452151][ T39] [] dump_stack_lvl+0x12e/0x1a6 [ 3644.453229][ T39] [] dump_stack+0x1c/0x24 [ 3644.454275][ T39] [] nmi_cpu_backtrace+0x3b0/0x3b2 [ 3644.455318][ T39] [] nmi_trigger_cpumask_backtrace+0x2b6/0x458 [ 3644.456397][ T39] [] arch_trigger_cpumask_backtrace+0x2c/0x3e [ 3644.457702][ T39] [] watchdog+0xcee/0x1170 [ 3644.458698][ T39] [] kthread+0x28c/0x3a4 [ 3644.459793][ T39] [] ret_from_fork+0xe/0x18 [ 3644.462813][ T39] Sending NMI from CPU 0 to CPUs 1: [ 3644.464672][ C1] NMI backtrace for cpu 1 [ 3644.466856][ C1] CPU: 1 UID: 0 PID: 5048 Comm: kworker/1:3 Not tainted 6.13.0-rc3-syzkaller-g6f6ecce59d99 #0 [ 3644.468788][ C1] Hardware name: riscv-virtio,qemu (DT) [ 3644.470360][ C1] Workqueue: events free_obj_work [ 3644.472528][ C1] epc : kasan_quarantine_put+0x8a/0x1fa [ 3644.474254][ C1] ra : kasan_quarantine_put+0x198/0x1fa [ 3644.476004][ C1] epc : ffffffff80a1c03c ra : ffffffff80a1c14a sp : ff20000000017b50 [ 3644.477672][ C1] gp : ffffffff899f64c0 tp : ff6000001b2eb480 t0 : ff20000000017b30 [ 3644.479350][ C1] t1 : 0000000000000009 t2 : 0000000000000000 s0 : ff20000000017b90 [ 3644.480966][ C1] s1 : 000000000006ee10 a0 : 0000000000000001 a1 : ffffffff8663f920 [ 3644.482787][ C1] a2 : 0000000000000003 a3 : 0000000000000100 a4 : 0000000000000001 [ 3644.484531][ C1] a5 : 0000000000000000 a6 : ff6000001b2ebfe8 a7 : 1fec00000365d7fd [ 3644.486175][ C1] s2 : ff6000004ed66500 s3 : 0000000000000002 s4 : ff60000073074000 [ 3644.487918][ C1] s5 : 0000000000000000 s6 : ffffffff89b04b40 s7 : 0000000000000000 [ 3644.489583][ C1] s8 : 000003508a07929c s9 : 0000000000002710 s10: ffffffff89a34160 [ 3644.491319][ C1] s11: 1fec000009daccab t3 : ff6000001b2ebfa0 t4 : fffffffef21a90de [ 3644.493006][ C1] t5 : fffffffef21a90df t6 : 0000000000000002 [ 3644.494542][ C1] status: 0000000200000120 badaddr: 0000000000000000 cause: 8000000000000001 [ 3644.496352][ C1] [] kasan_quarantine_put+0x8a/0x1fa [ 3644.498408][ C1] [] __kasan_slab_free+0x56/0x68 [ 3644.500253][ C1] [] kmem_cache_free+0x20e/0x630 [ 3644.502728][ C1] [] dst_destroy+0x2aa/0x3cc [ 3644.504612][ C1] [] dst_destroy_rcu+0x1c/0x2e [ 3644.506360][ C1] [] rcu_core+0xa24/0x1ea0 [ 3644.508185][ C1] [] rcu_core_si+0xc/0x14 [ 3644.509901][ C1] [] handle_softirqs+0x4b2/0x132e [ 3644.512347][ C1] [] __irq_exit_rcu+0x18c/0x550 [ 3644.514212][ C1] [] irq_exit_rcu+0x10/0xf8 [ 3644.516042][ C1] [] handle_riscv_irq+0x40/0x4c [ 3644.517864][ C1] [] call_on_irq_stack+0x32/0x40 [ 3645.588220][ T39] Kernel panic - not syncing: hung_task: blocked tasks [ 3645.591073][ T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted 6.13.0-rc3-syzkaller-g6f6ecce59d99 #0 [ 3645.593306][ T39] Hardware name: riscv-virtio,qemu (DT) [ 3645.594521][ T39] Call Trace: [ 3645.595643][ T39] [] dump_backtrace+0x2e/0x3c [ 3645.597260][ T39] [] show_stack+0x30/0x3c [ 3645.598789][ T39] [] dump_stack_lvl+0x110/0x1a6 [ 3645.600889][ T39] [] dump_stack+0x1c/0x24 [ 3645.602532][ T39] [] panic+0x38c/0x870 [ 3645.604022][ T39] [] watchdog+0x772/0x1170 [ 3645.605500][ T39] [] kthread+0x28c/0x3a4 [ 3645.607095][ T39] [] ret_from_fork+0xe/0x18 [ 3645.609168][ T39] SMP: stopping secondary CPUs [ 3645.613636][ T39] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:15:58 Registers: info registers vcpu 0 CPU#0 V = 0 pc ffffffff81d00212 mhartid 0000000000000000 mstatus 0000000a000000a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000000 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b109 mtvec 00000000800004f0 stvec ffffffff861e5138 vstvec 0000000000000000 mepc ffffffff861e3e76 sepc ffffffff861e2e5a vsepc 0000000000000000 mcause 8000000000000003 scause 8000000000000005 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 000000008004a000 sscratch 0000000000000000 satp a00650000009d925 x0/zero 0000000000000000 x1/ra ffffffff81d001e8 x2/sp ff20000000317690 x3/gp ffffffff899f64c0 x4/tp ff60000014aecec0 x5/t0 05b71da01b09c4ea x6/t1 ffe3ffff00062ebc x7/t2 000000000000022b x8/s0 ff200000003176d0 x9/s1 ffffffff90d8caa0 x10/a0 ffffffff90d8cae8 x11/a1 000000000000001f x12/a2 0000000000000002 x13/a3 ffffffff81d001e8 x14/a4 1ffffffff21b195d x15/a5 ff2000000006d000 x16/a6 0000000000000003 x17/a7 0000000000000003 x18/s2 0000000000000065 x19/s3 0000000000000000 x20/s4 0000000000000000 x21/s5 0000000000000000 x22/s6 0000000000000000 x23/s7 ffffffff90baed01 x24/s8 dfffffff00000000 x25/s9 fffffffef21b195f x26/s10 0000000000000010 x27/s11 0000000000000010 x28/t3 ff60000014aed9e0 x29/t4 ffe3ffff00062ebc x30/t5 ffe3ffff00062ebd x31/t6 0000000000000007 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 4050045a20000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 7fefffffffffffff f15/fa5 4050045a20000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 CPU#1 V = 0 pc ffffffff802bdb6a mhartid 0000000000000001 mstatus 0000000a000001a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000000 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f0b509 hedeleg 000000000000b109 mtvec 00000000800004f0 stvec ffffffff861e5138 vstvec 0000000000000000 mepc ffffffff80083676 sepc ffffffff861ce2e6 vsepc 0000000000000000 mcause 0000000000000009 scause 8000000000000005 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080048000 sscratch 0000000000000000 satp a00650000009d925 x0/zero 0000000000000000 x1/ra ffffffff804b6d26 x2/sp ff200000000179d0 x3/gp ffffffff899f64c0 x4/tp ff6000001b2eb480 x5/t0 3df1592f76153240 x6/t1 fffffffef21ab6c4 x7/t2 0000000000000000 x8/s0 ff200000000179d0 x9/s1 ff20000000017b60 x10/a0 ff20000000017aa0 x11/a1 0000000000000000 x12/a2 0000000000f00000 x13/a3 ffffffff800714ea x14/a4 0000000000000000 x15/a5 ff6000001b2eb480 x16/a6 0000000000f00000 x17/a7 ffffffff90d5b623 x18/s2 0000000000000000 x19/s3 0000000000000001 x20/s4 ffffffff90da3020 x21/s5 0000000000000001 x22/s6 ffffffff8007139a x23/s7 0000000000000001 x24/s8 dfffffff00000000 x25/s9 0000000000007fff x26/s10 ffffffff861e5138 x27/s11 1fec000009d9790b x28/t3 ff6000001b2ebfa0 x29/t4 fffffffef21ab6c4 x30/t5 fffffffef21ab6c5 x31/t6 000000000000000b f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 4050045a20000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 7fefffffffffffff f15/fa5 4050045a20000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000