syzkaller login: [ 379.382229][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 379.480258][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 379.572703][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 379.635441][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 440.524793][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:60913' (ECDSA) to the list of known hosts. 1970/01/01 00:07:43 fuzzer started 1970/01/01 00:08:00 dialing manager at localhost:41129 [ 488.943194][ T2044] cgroup: Unknown subsys name 'net' [ 490.140786][ T2044] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:08:09 syscalls: 2818 1970/01/01 00:08:09 code coverage: enabled 1970/01/01 00:08:09 comparison tracing: enabled 1970/01/01 00:08:09 extra coverage: enabled 1970/01/01 00:08:09 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:08:09 setuid sandbox: enabled 1970/01/01 00:08:09 namespace sandbox: enabled 1970/01/01 00:08:09 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:08:09 fault injection: enabled 1970/01/01 00:08:09 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:08:09 net packet injection: enabled 1970/01/01 00:08:09 net device setup: enabled 1970/01/01 00:08:09 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:08:09 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:08:09 USB emulation: enabled 1970/01/01 00:08:09 hci packet injection: /dev/vhci does not exist 1970/01/01 00:08:09 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:08:09 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:08:10 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:08:16 fetching corpus: 50, signal 33496/36877 (executing program) 1970/01/01 00:08:20 fetching corpus: 100, signal 44690/49500 (executing program) 1970/01/01 00:08:27 fetching corpus: 150, signal 53862/59925 (executing program) 1970/01/01 00:08:33 fetching corpus: 200, signal 62488/69682 (executing program) 1970/01/01 00:08:36 fetching corpus: 250, signal 68633/76962 (executing program) 1970/01/01 00:08:40 fetching corpus: 300, signal 73393/82800 (executing program) 1970/01/01 00:08:43 fetching corpus: 350, signal 78784/89148 (executing program) 1970/01/01 00:08:46 fetching corpus: 400, signal 82218/93595 (executing program) 1970/01/01 00:08:49 fetching corpus: 450, signal 85898/98211 (executing program) 1970/01/01 00:08:51 fetching corpus: 500, signal 88671/101980 (executing program) 1970/01/01 00:08:56 fetching corpus: 550, signal 92519/106613 (executing program) 1970/01/01 00:09:03 fetching corpus: 600, signal 95350/110287 (executing program) 1970/01/01 00:09:07 fetching corpus: 650, signal 97815/113567 (executing program) 1970/01/01 00:09:11 fetching corpus: 700, signal 100629/117153 (executing program) 1970/01/01 00:09:15 fetching corpus: 750, signal 103237/120501 (executing program) 1970/01/01 00:09:18 fetching corpus: 800, signal 105352/123395 (executing program) 1970/01/01 00:09:22 fetching corpus: 850, signal 107060/125915 (executing program) 1970/01/01 00:09:25 fetching corpus: 900, signal 108572/128222 (executing program) 1970/01/01 00:09:28 fetching corpus: 950, signal 112088/132225 (executing program) 1970/01/01 00:09:31 fetching corpus: 1000, signal 113855/134676 (executing program) 1970/01/01 00:09:34 fetching corpus: 1050, signal 115690/137117 (executing program) 1970/01/01 00:09:37 fetching corpus: 1100, signal 117614/139604 (executing program) 1970/01/01 00:09:40 fetching corpus: 1150, signal 119724/142189 (executing program) 1970/01/01 00:09:42 fetching corpus: 1200, signal 121396/144419 (executing program) 1970/01/01 00:09:45 fetching corpus: 1250, signal 124441/147692 (executing program) 1970/01/01 00:09:47 fetching corpus: 1300, signal 125709/149549 (executing program) 1970/01/01 00:09:51 fetching corpus: 1350, signal 127282/151634 (executing program) 1970/01/01 00:09:53 fetching corpus: 1400, signal 128966/153751 (executing program) 1970/01/01 00:09:56 fetching corpus: 1450, signal 130527/155759 (executing program) 1970/01/01 00:09:59 fetching corpus: 1500, signal 131594/157354 (executing program) 1970/01/01 00:10:02 fetching corpus: 1550, signal 133349/159437 (executing program) 1970/01/01 00:10:05 fetching corpus: 1600, signal 134961/161397 (executing program) 1970/01/01 00:10:07 fetching corpus: 1650, signal 135973/162909 (executing program) 1970/01/01 00:10:10 fetching corpus: 1700, signal 137524/164739 (executing program) 1970/01/01 00:10:13 fetching corpus: 1750, signal 138315/166031 (executing program) 1970/01/01 00:10:15 fetching corpus: 1800, signal 139214/167412 (executing program) 1970/01/01 00:10:18 fetching corpus: 1850, signal 140430/168937 (executing program) 1970/01/01 00:10:21 fetching corpus: 1900, signal 141743/170550 (executing program) 1970/01/01 00:10:24 fetching corpus: 1950, signal 142992/172078 (executing program) 1970/01/01 00:10:27 fetching corpus: 2000, signal 144776/173901 (executing program) 1970/01/01 00:10:30 fetching corpus: 2050, signal 145892/175315 (executing program) 1970/01/01 00:10:33 fetching corpus: 2100, signal 147093/176725 (executing program) 1970/01/01 00:10:36 fetching corpus: 2150, signal 148284/178142 (executing program) 1970/01/01 00:10:41 fetching corpus: 2200, signal 149299/179429 (executing program) 1970/01/01 00:10:45 fetching corpus: 2250, signal 151078/181136 (executing program) 1970/01/01 00:10:51 fetching corpus: 2300, signal 151901/182264 (executing program) 1970/01/01 00:10:54 fetching corpus: 2350, signal 153299/183739 (executing program) 1970/01/01 00:10:57 fetching corpus: 2400, signal 154449/184996 (executing program) 1970/01/01 00:11:01 fetching corpus: 2450, signal 155406/186140 (executing program) 1970/01/01 00:11:06 fetching corpus: 2500, signal 156529/187314 (executing program) 1970/01/01 00:11:08 fetching corpus: 2550, signal 157263/188318 (executing program) 1970/01/01 00:11:12 fetching corpus: 2600, signal 158580/189676 (executing program) 1970/01/01 00:11:16 fetching corpus: 2650, signal 159741/190900 (executing program) 1970/01/01 00:11:19 fetching corpus: 2700, signal 160748/191953 (executing program) 1970/01/01 00:11:22 fetching corpus: 2750, signal 161748/193029 (executing program) 1970/01/01 00:11:25 fetching corpus: 2800, signal 162971/194207 (executing program) 1970/01/01 00:11:27 fetching corpus: 2850, signal 163725/195124 (executing program) 1970/01/01 00:11:30 fetching corpus: 2900, signal 164608/196050 (executing program) 1970/01/01 00:11:33 fetching corpus: 2950, signal 165900/197175 (executing program) 1970/01/01 00:11:35 fetching corpus: 3000, signal 167182/198281 (executing program) 1970/01/01 00:11:39 fetching corpus: 3050, signal 168044/199191 (executing program) 1970/01/01 00:11:41 fetching corpus: 3100, signal 168683/199971 (executing program) 1970/01/01 00:11:44 fetching corpus: 3150, signal 169444/200823 (executing program) 1970/01/01 00:11:47 fetching corpus: 3200, signal 170061/201539 (executing program) 1970/01/01 00:11:50 fetching corpus: 3250, signal 170799/202313 (executing program) 1970/01/01 00:11:52 fetching corpus: 3300, signal 171644/203146 (executing program) 1970/01/01 00:11:55 fetching corpus: 3350, signal 172503/203953 (executing program) 1970/01/01 00:11:58 fetching corpus: 3400, signal 173120/204651 (executing program) 1970/01/01 00:12:01 fetching corpus: 3450, signal 173768/205351 (executing program) 1970/01/01 00:12:04 fetching corpus: 3500, signal 174582/206091 (executing program) 1970/01/01 00:12:06 fetching corpus: 3550, signal 175586/206918 (executing program) 1970/01/01 00:12:08 fetching corpus: 3600, signal 176246/207588 (executing program) 1970/01/01 00:12:12 fetching corpus: 3650, signal 177064/208355 (executing program) 1970/01/01 00:12:16 fetching corpus: 3700, signal 177752/208992 (executing program) 1970/01/01 00:12:18 fetching corpus: 3750, signal 178289/209582 (executing program) 1970/01/01 00:12:21 fetching corpus: 3800, signal 179013/210224 (executing program) 1970/01/01 00:12:25 fetching corpus: 3850, signal 179822/210872 (executing program) 1970/01/01 00:12:28 fetching corpus: 3900, signal 180517/211487 (executing program) 1970/01/01 00:12:30 fetching corpus: 3950, signal 181386/212141 (executing program) 1970/01/01 00:12:33 fetching corpus: 4000, signal 182089/212737 (executing program) 1970/01/01 00:12:38 fetching corpus: 4050, signal 182779/213301 (executing program) 1970/01/01 00:12:41 fetching corpus: 4100, signal 183452/213878 (executing program) 1970/01/01 00:12:45 fetching corpus: 4150, signal 184158/214410 (executing program) 1970/01/01 00:12:49 fetching corpus: 4200, signal 184765/214916 (executing program) 1970/01/01 00:12:52 fetching corpus: 4250, signal 185361/215393 (executing program) 1970/01/01 00:12:55 fetching corpus: 4300, signal 186050/215886 (executing program) 1970/01/01 00:13:00 fetching corpus: 4350, signal 187082/216457 (executing program) 1970/01/01 00:13:07 fetching corpus: 4400, signal 187726/216905 (executing program) 1970/01/01 00:13:10 fetching corpus: 4450, signal 188346/217346 (executing program) 1970/01/01 00:13:13 fetching corpus: 4500, signal 189118/217822 (executing program) 1970/01/01 00:13:15 fetching corpus: 4550, signal 189744/218273 (executing program) 1970/01/01 00:13:19 fetching corpus: 4600, signal 190525/218735 (executing program) 1970/01/01 00:13:23 fetching corpus: 4650, signal 191135/219135 (executing program) 1970/01/01 00:13:26 fetching corpus: 4700, signal 191682/219517 (executing program) 1970/01/01 00:13:29 fetching corpus: 4750, signal 192440/219915 (executing program) 1970/01/01 00:13:31 fetching corpus: 4800, signal 193002/220290 (executing program) 1970/01/01 00:13:33 fetching corpus: 4850, signal 193845/220675 (executing program) 1970/01/01 00:13:37 fetching corpus: 4900, signal 194367/221003 (executing program) 1970/01/01 00:13:40 fetching corpus: 4950, signal 194874/221318 (executing program) 1970/01/01 00:13:43 fetching corpus: 5000, signal 195508/221643 (executing program) 1970/01/01 00:13:46 fetching corpus: 5050, signal 196279/221984 (executing program) 1970/01/01 00:13:50 fetching corpus: 5100, signal 196823/222280 (executing program) 1970/01/01 00:13:54 fetching corpus: 5150, signal 197397/222579 (executing program) 1970/01/01 00:13:57 fetching corpus: 5200, signal 198180/222892 (executing program) 1970/01/01 00:14:01 fetching corpus: 5250, signal 198863/223168 (executing program) 1970/01/01 00:14:04 fetching corpus: 5300, signal 199383/223420 (executing program) 1970/01/01 00:14:07 fetching corpus: 5350, signal 199935/223673 (executing program) 1970/01/01 00:14:10 fetching corpus: 5400, signal 200492/223919 (executing program) 1970/01/01 00:14:13 fetching corpus: 5450, signal 201073/224174 (executing program) 1970/01/01 00:14:16 fetching corpus: 5500, signal 201587/224372 (executing program) 1970/01/01 00:14:18 fetching corpus: 5550, signal 202088/224575 (executing program) 1970/01/01 00:14:21 fetching corpus: 5600, signal 202690/224625 (executing program) 1970/01/01 00:14:25 fetching corpus: 5650, signal 203434/224629 (executing program) 1970/01/01 00:14:29 fetching corpus: 5700, signal 204009/224629 (executing program) 1970/01/01 00:14:32 fetching corpus: 5750, signal 204532/224629 (executing program) 1970/01/01 00:14:34 fetching corpus: 5800, signal 205131/224632 (executing program) 1970/01/01 00:14:36 fetching corpus: 5850, signal 205640/224632 (executing program) 1970/01/01 00:14:39 fetching corpus: 5900, signal 206106/224632 (executing program) 1970/01/01 00:14:43 fetching corpus: 5950, signal 206436/224632 (executing program) 1970/01/01 00:14:49 fetching corpus: 6000, signal 207070/224632 (executing program) 1970/01/01 00:14:57 fetching corpus: 6050, signal 207476/224632 (executing program) 1970/01/01 00:15:01 fetching corpus: 6100, signal 208109/224632 (executing program) 1970/01/01 00:15:04 fetching corpus: 6150, signal 208557/224632 (executing program) 1970/01/01 00:15:07 fetching corpus: 6200, signal 209053/224632 (executing program) 1970/01/01 00:15:11 fetching corpus: 6250, signal 209597/224632 (executing program) 1970/01/01 00:15:13 fetching corpus: 6300, signal 210039/224632 (executing program) 1970/01/01 00:15:16 fetching corpus: 6350, signal 210532/224632 (executing program) 1970/01/01 00:15:20 fetching corpus: 6400, signal 211064/224632 (executing program) 1970/01/01 00:15:26 fetching corpus: 6450, signal 211773/224632 (executing program) 1970/01/01 00:15:31 fetching corpus: 6500, signal 212274/224632 (executing program) 1970/01/01 00:15:33 fetching corpus: 6550, signal 212821/224632 (executing program) 1970/01/01 00:15:38 fetching corpus: 6600, signal 213196/224632 (executing program) 1970/01/01 00:15:42 fetching corpus: 6650, signal 213652/224632 (executing program) 1970/01/01 00:15:46 fetching corpus: 6700, signal 214108/224637 (executing program) 1970/01/01 00:15:49 fetching corpus: 6750, signal 214737/224637 (executing program) 1970/01/01 00:15:53 fetching corpus: 6800, signal 215158/224637 (executing program) 1970/01/01 00:15:56 fetching corpus: 6850, signal 215601/224637 (executing program) 1970/01/01 00:15:59 fetching corpus: 6900, signal 216060/224637 (executing program) 1970/01/01 00:16:03 fetching corpus: 6950, signal 216510/224644 (executing program) 1970/01/01 00:16:06 fetching corpus: 7000, signal 216899/224644 (executing program) 1970/01/01 00:16:11 fetching corpus: 7050, signal 217358/224644 (executing program) 1970/01/01 00:16:16 fetching corpus: 7100, signal 217673/224644 (executing program) 1970/01/01 00:16:19 fetching corpus: 7150, signal 218218/224644 (executing program) 1970/01/01 00:16:22 fetching corpus: 7200, signal 218612/224650 (executing program) 1970/01/01 00:16:24 fetching corpus: 7250, signal 219000/224650 (executing program) 1970/01/01 00:16:28 fetching corpus: 7300, signal 219451/224652 (executing program) 1970/01/01 00:16:32 fetching corpus: 7350, signal 219893/224652 (executing program) 1970/01/01 00:16:36 fetching corpus: 7400, signal 220478/224652 (executing program) 1970/01/01 00:16:40 fetching corpus: 7450, signal 220929/224652 (executing program) 1970/01/01 00:16:43 fetching corpus: 7500, signal 221333/224652 (executing program) 1970/01/01 00:16:45 fetching corpus: 7535, signal 221616/224652 (executing program) 1970/01/01 00:16:45 fetching corpus: 7535, signal 221616/224652 (executing program) 1970/01/01 00:19:12 starting 2 fuzzer processes 00:19:12 executing program 0: clock_adjtime(0x0, &(0x7f0000000000)={0xde2f}) 00:19:12 executing program 1: prctl$PR_SET_VMA(0x23, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0) [ 1207.885603][ T2063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1207.999611][ T2063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1211.719472][ T2064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1211.921649][ T2064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1223.505885][ T2063] device hsr_slave_0 entered promiscuous mode [ 1223.565358][ T2063] device hsr_slave_1 entered promiscuous mode [ 1226.980191][ T2064] device hsr_slave_0 entered promiscuous mode [ 1227.048939][ T2064] device hsr_slave_1 entered promiscuous mode [ 1227.082399][ T2064] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1227.092655][ T2064] Cannot create hsr debugfs directory [ 1235.776312][ T2063] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1236.121491][ T2063] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1236.256012][ T2063] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1236.762682][ T2063] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1238.224922][ T2064] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1238.605793][ T2064] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1238.861925][ T2064] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1239.160091][ T2064] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1257.885101][ T2063] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1258.239025][ T2064] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1259.094542][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1259.204584][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1259.428508][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1259.505911][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1268.791025][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1268.862012][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1269.170726][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1269.240157][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1269.582176][ T2126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1270.055500][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1270.982582][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1271.043919][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1271.261632][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1271.311801][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1272.140486][ T2063] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1272.341736][ T2128] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1272.381444][ T2128] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1272.419066][ T2128] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1272.444397][ T2128] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1272.803039][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1273.296225][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1273.856237][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1273.902408][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1274.492020][ T2128] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1274.552773][ T2128] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1274.713141][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1274.770734][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1275.120028][ T2064] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1277.242022][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1277.299900][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1319.905912][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1319.969007][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1320.382785][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1320.483216][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1329.650473][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1329.716350][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1329.850793][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1329.890901][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1330.002713][ T2064] device veth0_vlan entered promiscuous mode [ 1330.789393][ T2064] device veth1_vlan entered promiscuous mode [ 1331.165320][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1331.313477][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1331.704645][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1331.755722][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1332.081906][ T2063] device veth0_vlan entered promiscuous mode [ 1332.943571][ T2063] device veth1_vlan entered promiscuous mode [ 1333.578765][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1333.645028][ T2694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1333.971984][ T2064] device veth0_macvtap entered promiscuous mode [ 1334.411194][ T2064] device veth1_macvtap entered promiscuous mode [ 1334.749023][ T2046] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1336.153253][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1336.215083][ T2692] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1336.490367][ T2063] device veth0_macvtap entered promiscuous mode [ 1337.852902][ T2691] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1367.025767][ T856] ================================================================== [ 1367.030896][ T856] BUG: KASAN: use-after-free in kernfs_active+0x6e/0xea [ 1367.034889][ T856] Read of size 8 at addr ffffaf80227a00e8 by task kworker/u4:5/856 [ 1367.037096][ T856] [ 1367.038770][ T856] CPU: 0 PID: 856 Comm: kworker/u4:5 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1367.040515][ T856] Hardware name: riscv-virtio,qemu (DT) [ 1367.041927][ T856] Workqueue: netns cleanup_net [ 1367.043769][ T856] Call Trace: [ 1367.044836][ T856] [] dump_backtrace+0x2e/0x3c [ 1367.046354][ T856] [] show_stack+0x34/0x40 [ 1367.048348][ T856] [] dump_stack_lvl+0xe4/0x150 [ 1367.049891][ T856] [] print_address_description.constprop.0+0x2a/0x330 [ 1367.051591][ T856] [] kasan_report+0x184/0x1e0 [ 1367.052957][ T856] [] __asan_load8+0x6e/0x96 [ 1367.054291][ T856] [] kernfs_active+0x6e/0xea [ 1367.055623][ T856] [] __kernfs_remove+0x1a8/0x804 [ 1367.057694][ T856] [] kernfs_remove+0x56/0x70 [ 1367.059451][ T856] [] sysfs_remove_group+0x80/0xee [ 1367.060789][ T856] [] sysfs_remove_groups+0x50/0x78 [ 1367.062618][ T856] [] device_remove_attrs+0xa0/0x10a [ 1367.064057][ T856] [] device_del+0x328/0x730 [ 1367.065418][ T856] [] netdev_unregister_kobject+0x118/0x12c [ 1367.067707][ T856] [] unregister_netdevice_many+0xa2e/0xf50 [ 1367.069770][ T856] [] ip_tunnel_delete_nets+0x348/0x4e2 [ 1367.071380][ T856] [] vti_exit_batch_net+0x2a/0x34 [ 1367.072770][ T856] [] ops_exit_list+0xcc/0xe8 [ 1367.074034][ T856] [] cleanup_net+0x430/0x732 [ 1367.075345][ T856] [] process_one_work+0x654/0xffe [ 1367.077242][ T856] [] worker_thread+0x360/0x8fa [ 1367.079099][ T856] [] kthread+0x19e/0x1fa [ 1367.080554][ T856] [] ret_from_exception+0x0/0x10 [ 1367.082352][ T856] [ 1367.083304][ T856] The buggy address belongs to the page: [ 1367.084936][ T856] page:ffffaf807affb500 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xa29a0 [ 1367.086962][ T856] flags: 0xa000000000(section=20|node=0|zone=0) [ 1367.089865][ T856] raw: 000000a000000000 ffffaf807af8e428 ffffaf807aac8828 0000000000000000 [ 1367.091534][ T856] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 1367.092909][ T856] raw: 00000000000007ff [ 1367.093968][ T856] page dumped because: kasan: bad access detected [ 1367.095436][ T856] page_owner tracks the page as freed [ 1367.096611][ T856] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), pid 2067, ts 1355774348100, free_ts 1355933418600 [ 1367.100509][ T856] __set_page_owner+0x48/0x136 [ 1367.101910][ T856] post_alloc_hook+0xd0/0x10a [ 1367.103161][ T856] get_page_from_freelist+0x8da/0x12d8 [ 1367.104457][ T856] __alloc_pages+0x150/0x3b6 [ 1367.105673][ T856] copy_process+0x482/0x3c34 [ 1367.107545][ T856] kernel_clone+0xee/0x920 [ 1367.109363][ T856] kernel_thread+0xf8/0x130 [ 1367.110601][ T856] call_usermodehelper_exec_work+0xc8/0x122 [ 1367.111985][ T856] process_one_work+0x654/0xffe [ 1367.113183][ T856] worker_thread+0x360/0x8fa [ 1367.114375][ T856] kthread+0x19e/0x1fa [ 1367.115609][ T856] ret_from_exception+0x0/0x10 [ 1367.117226][ T856] page last free stack trace: [ 1367.118555][ T856] __reset_page_owner+0x4a/0xea [ 1367.119887][ T856] free_pcp_prepare+0x29c/0x45e [ 1367.121101][ T856] free_unref_page+0x6a/0x31e [ 1367.122363][ T856] __free_pages+0xe2/0x112 [ 1367.123580][ T856] put_task_stack+0x1d0/0x2b0 [ 1367.124884][ T856] finish_task_switch.isra.0+0x3ce/0x420 [ 1367.126296][ T856] __schedule+0x58e/0x118e [ 1367.127971][ T856] preempt_schedule_common+0x4e/0xde [ 1367.129799][ T856] preempt_schedule+0x34/0x36 [ 1367.131058][ T856] _raw_spin_unlock+0x60/0x6a [ 1367.132300][ T856] nsim_dev_trap_report_work+0x556/0x5e4 [ 1367.133693][ T856] process_one_work+0x654/0xffe [ 1367.134946][ T856] worker_thread+0x360/0x8fa [ 1367.136124][ T856] kthread+0x19e/0x1fa [ 1367.137567][ T856] ret_from_exception+0x0/0x10 [ 1367.139478][ T856] [ 1367.140204][ T856] Memory state around the buggy address: [ 1367.141702][ T856] ffffaf802279ff80: fc fc fc fc 00 00 00 00 00 00 00 00 fc fc fc fc [ 1367.143091][ T856] ffffaf80227a0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1367.144407][ T856] >ffffaf80227a0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1367.145640][ T856] ^ [ 1367.147557][ T856] ffffaf80227a0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1367.149735][ T856] ffffaf80227a0180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1367.151313][ T856] ================================================================== [ 1367.152471][ T856] Disabling lock debugging due to kernel taint [ 1367.578827][ T856] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000140 [ 1367.581593][ T856] Oops [#1] [ 1367.583316][ T856] Modules linked in: [ 1367.585404][ T856] CPU: 1 PID: 856 Comm: kworker/u4:5 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1367.588661][ T856] Hardware name: riscv-virtio,qemu (DT) [ 1367.589797][ T856] Workqueue: netns cleanup_net [ 1367.591220][ T856] epc : up_write+0x50/0x250 [ 1367.592324][ T856] ra : up_write+0x50/0x250 [ 1367.593962][ T856] epc : ffffffff801085ec ra : ffffffff801085ec sp : ffffaf800e25f530 [ 1367.595344][ T856] gp : ffffffff85863ac0 tp : ffffaf800e49e100 t0 : ffffaf800e6ef640 [ 1367.596797][ T856] t1 : fffff5ef044f3fd0 t2 : 0000000000000001 s0 : ffffaf800e25f590 [ 1367.598036][ T856] s1 : 00000000000000d8 a0 : 0000000000000000 a1 : 0000000000000008 [ 1367.599347][ T856] a2 : 0000000000000000 a3 : ffffffff801085ec a4 : ffffffff85892ec8 [ 1367.600641][ T856] a5 : 0000000000000001 a6 : 0000000000f00000 a7 : ffffaf802279fe87 [ 1367.601895][ T856] s2 : 00000000000000e0 s3 : ffffffff85899680 s4 : 0000000000000140 [ 1367.603192][ T856] s5 : 0000000000000000 s6 : ffffaf800e25f5f0 s7 : ffffaf802279feb0 [ 1367.604371][ T856] s8 : ffffaf800d4d9f18 s9 : 00000000000000d8 s10: ffffaf800c396a24 [ 1367.605568][ T856] s11: ffffaf805a9f5c90 t3 : 0000000000000c89 t4 : fffff5ef044f3fd0 [ 1367.607953][ T856] t5 : fffff5ef044f3fd1 t6 : 0000000000000002 [ 1367.609780][ T856] status: 0000000000000120 badaddr: 0000000000000140 cause: 000000000000000d [ 1367.611396][ T856] [] __kernfs_remove+0x354/0x804 [ 1367.613104][ T856] [] kernfs_remove+0x56/0x70 [ 1367.614351][ T856] [] sysfs_remove_group+0x80/0xee [ 1367.615621][ T856] [] sysfs_remove_groups+0x50/0x78 [ 1367.617826][ T856] [] device_remove_attrs+0xa0/0x10a [ 1367.619185][ T856] [] device_del+0x328/0x730 [ 1367.620410][ T856] [] netdev_unregister_kobject+0x118/0x12c [ 1367.622652][ T856] [] unregister_netdevice_many+0xa2e/0xf50 [ 1367.624275][ T856] [] ip_tunnel_delete_nets+0x348/0x4e2 [ 1367.625699][ T856] [] vti_exit_batch_net+0x2a/0x34 [ 1367.627782][ T856] [] ops_exit_list+0xcc/0xe8 [ 1367.629139][ T856] [] cleanup_net+0x430/0x732 [ 1367.630523][ T856] [] process_one_work+0x654/0xffe [ 1367.631879][ T856] [] worker_thread+0x360/0x8fa [ 1367.633212][ T856] [] kthread+0x19e/0x1fa [ 1367.634383][ T856] [] ret_from_exception+0x0/0x10 [ 1367.798681][ T856] ---[ end trace 0000000000000000 ]--- [ 1367.800703][ T856] Kernel panic - not syncing: Fatal exception [ 1367.801831][ T856] SMP: stopping secondary CPUs [ 1367.803856][ T856] Rebooting in 86400 seconds.. VM DIAGNOSIS: 03:00:01 Registers: info registers vcpu 0 pc 000000008000060c mhartid 0000000000000000 mstatus 0000000000000820 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff831a24bc sepc ffffffff829bdb4a mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff831a24bc x2/sp 0000000080018ee8 x3/gp ffffffff85863ac0 x4/tp ffffaf800c1b3080 x5/t0 ffffffff831a24bc x6/t1 5dd0031985dbb000 x7/t2 ffffffff80469750 x8/s0 ffffaf801153f960 x9/s1 0000000000000001 x10/a0 0000000000000000 x11/a1 00000000000f0000 x12/a2 0000000000000002 x13/a3 ffffffff831a24bc x14/a4 ffffaf800c1b4080 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffff80093b44 x18/s2 0000000000000001 x19/s3 ffffffff836290e0 x20/s4 ffffffff838a0620 x21/s5 ffffffff831a2658 x22/s6 ffffffffffffffff x23/s7 0000000000000022 x24/s8 ffffffff86c1a620 x25/s9 0000000000000003 x26/s10 ffffffff84b73e00 x27/s11 ffffffff829be0f6 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0022a7f14 x31/t6 ffffaf801153f8d8 f0/ft0 3f8ec8f36cf08556 f1/ft1 4279c28c3f4e0000 f2/ft2 43e0000000000000 f3/ft3 43e0000000000000 f4/ft4 3ff799999999999a f5/ft5 4000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff80dc337e mhartid 0000000000000001 mstatus 00000000000000a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80475986 sepc ffffffff8010b26a mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc337e x2/sp ffffaf800e25efb0 x3/gp ffffffff85863ac0 x4/tp ffffaf800e49e100 x5/t0 ffffffff86bcb657 x6/t1 5dd0031985dbb000 x7/t2 0000000000000000 x8/s0 ffffaf800e25efe0 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58948 x11/a1 ffff8f800066c000 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc9fe x18/s2 ffff8f800066c000 x19/s3 000000000000005d x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb658 x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001c4bda4 x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 402c0ec284ad3df2 f2/ft2 40df4c0000000000 f3/ft3 43e0000000000000 f4/ft4 3ffe000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000