syzkaller login: [ 235.729668][ T2894] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 235.804587][ T2894] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 259.325452][ T2894] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:64798' (ECDSA) to the list of known hosts. 1970/01/01 00:04:39 fuzzer started 1970/01/01 00:04:49 dialing manager at localhost:43739 1970/01/01 00:04:53 syscalls: 2768 1970/01/01 00:04:53 code coverage: enabled 1970/01/01 00:04:53 comparison tracing: enabled 1970/01/01 00:04:53 extra coverage: enabled 1970/01/01 00:04:53 setuid sandbox: enabled 1970/01/01 00:04:53 namespace sandbox: enabled 1970/01/01 00:04:53 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:04:53 fault injection: enabled 1970/01/01 00:04:53 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:04:53 net packet injection: enabled 1970/01/01 00:04:53 net device setup: enabled 1970/01/01 00:04:53 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:04:53 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:04:53 USB emulation: enabled 1970/01/01 00:04:53 hci packet injection: /dev/vhci does not exist 1970/01/01 00:04:53 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:04:53 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:04:57 fetching corpus: 50, signal 18849/20527 (executing program) 1970/01/01 00:05:00 fetching corpus: 100, signal 27280/30331 (executing program) 1970/01/01 00:05:02 fetching corpus: 150, signal 38690/42598 (executing program) 1970/01/01 00:05:04 fetching corpus: 200, signal 42561/47525 (executing program) 1970/01/01 00:05:07 fetching corpus: 250, signal 45610/51548 (executing program) 1970/01/01 00:05:09 fetching corpus: 300, signal 48239/55057 (executing program) 1970/01/01 00:05:11 fetching corpus: 350, signal 52155/59623 (executing program) 1970/01/01 00:05:14 fetching corpus: 400, signal 54851/63033 (executing program) 1970/01/01 00:05:15 fetching corpus: 450, signal 56623/65534 (executing program) 1970/01/01 00:05:18 fetching corpus: 500, signal 57832/67512 (executing program) 1970/01/01 00:05:20 fetching corpus: 550, signal 59813/70051 (executing program) 1970/01/01 00:05:21 fetching corpus: 600, signal 61417/72244 (executing program) 1970/01/01 00:05:23 fetching corpus: 650, signal 63629/74849 (executing program) 1970/01/01 00:05:24 fetching corpus: 700, signal 64880/76592 (executing program) 1970/01/01 00:05:26 fetching corpus: 750, signal 66177/78376 (executing program) 1970/01/01 00:05:27 fetching corpus: 800, signal 67480/80099 (executing program) 1970/01/01 00:05:29 fetching corpus: 850, signal 68830/81771 (executing program) 1970/01/01 00:05:30 fetching corpus: 900, signal 70023/83367 (executing program) 1970/01/01 00:05:32 fetching corpus: 950, signal 71035/84752 (executing program) 1970/01/01 00:05:33 fetching corpus: 1000, signal 71752/85930 (executing program) 1970/01/01 00:05:36 fetching corpus: 1050, signal 75231/88824 (executing program) 1970/01/01 00:05:38 fetching corpus: 1100, signal 75979/89905 (executing program) 1970/01/01 00:05:40 fetching corpus: 1150, signal 77010/91127 (executing program) 1970/01/01 00:05:41 fetching corpus: 1200, signal 77738/92228 (executing program) 1970/01/01 00:05:43 fetching corpus: 1250, signal 78675/93336 (executing program) 1970/01/01 00:05:45 fetching corpus: 1300, signal 79354/94297 (executing program) 1970/01/01 00:05:47 fetching corpus: 1350, signal 81640/96018 (executing program) 1970/01/01 00:05:49 fetching corpus: 1400, signal 82642/97032 (executing program) 1970/01/01 00:05:51 fetching corpus: 1450, signal 83629/97986 (executing program) 1970/01/01 00:05:52 fetching corpus: 1500, signal 84469/98856 (executing program) 1970/01/01 00:05:54 fetching corpus: 1550, signal 85944/99984 (executing program) 1970/01/01 00:05:56 fetching corpus: 1600, signal 86714/100774 (executing program) 1970/01/01 00:05:59 fetching corpus: 1650, signal 87453/101484 (executing program) 1970/01/01 00:06:00 fetching corpus: 1700, signal 88159/102219 (executing program) 1970/01/01 00:06:02 fetching corpus: 1750, signal 88675/102869 (executing program) 1970/01/01 00:06:03 fetching corpus: 1800, signal 89342/103547 (executing program) 1970/01/01 00:06:05 fetching corpus: 1850, signal 89815/104130 (executing program) 1970/01/01 00:06:07 fetching corpus: 1900, signal 91451/105024 (executing program) 1970/01/01 00:06:10 fetching corpus: 1950, signal 92725/105758 (executing program) 1970/01/01 00:06:12 fetching corpus: 2000, signal 93472/106294 (executing program) 1970/01/01 00:06:16 fetching corpus: 2050, signal 94391/106845 (executing program) 1970/01/01 00:06:19 fetching corpus: 2100, signal 95492/107457 (executing program) 1970/01/01 00:06:21 fetching corpus: 2150, signal 96731/108035 (executing program) 1970/01/01 00:06:23 fetching corpus: 2200, signal 97432/108435 (executing program) 1970/01/01 00:06:25 fetching corpus: 2250, signal 98367/108883 (executing program) 1970/01/01 00:06:27 fetching corpus: 2300, signal 98925/109200 (executing program) 1970/01/01 00:06:29 fetching corpus: 2350, signal 99436/109503 (executing program) 1970/01/01 00:06:31 fetching corpus: 2400, signal 99986/109787 (executing program) 1970/01/01 00:06:33 fetching corpus: 2450, signal 100813/110095 (executing program) 1970/01/01 00:06:34 fetching corpus: 2468, signal 101022/110294 (executing program) 1970/01/01 00:06:34 fetching corpus: 2468, signal 101022/110498 (executing program) 1970/01/01 00:06:34 fetching corpus: 2468, signal 101022/110672 (executing program) 1970/01/01 00:06:34 fetching corpus: 2468, signal 101022/110893 (executing program) 1970/01/01 00:06:35 fetching corpus: 2468, signal 101022/111076 (executing program) 1970/01/01 00:06:35 fetching corpus: 2468, signal 101022/111247 (executing program) 1970/01/01 00:06:35 fetching corpus: 2468, signal 101022/111279 (executing program) 1970/01/01 00:06:35 fetching corpus: 2468, signal 101022/111279 (executing program) 1970/01/01 00:08:20 starting 2 fuzzer processes 00:08:36 executing program 0: ioctl$FITHAW(0xffffffffffffffff, 0xc0045878) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000080)={0x0, 0x73eb, 0xeee, 0x3, 0xb9, 0x2, 0x7, 0x8, {r0, @in6={{0xa, 0x4e20, 0x9, @rand_addr=' \x01\x00', 0x4}}, 0x1, 0x2, 0x10000, 0xb5, 0x1}}, &(0x7f0000000140)=0xb0) r3 = dup(0xffffffffffffffff) r4 = pidfd_getfd(r3, 0xffffffffffffffff, 0x0) r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000180)={[0x7f]}, 0x8, 0x81800) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x18, &(0x7f00000001c0)={r0, 0x7fff}, 0x8) sendto$l2tp(0xffffffffffffffff, &(0x7f0000000200)="01284e81441275bffd99622a08ed2d9f0cced2b6de988ecb06a1b2ff8cf5a23be2c9fb1a71a4f11e9c51c0de37de30247b6e", 0x32, 0x40, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x19}, 0x2}, 0x10) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000280)={r0, 0x2, 0x7, 0x2a}, &(0x7f00000002c0)=0x10) r7 = syz_open_procfs(0x0, &(0x7f0000000300)='timers\x00') fspick(r7, &(0x7f0000000340)='./file0\x00', 0x1) getsockopt$inet_sctp_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000380)={r1, 0x2, 0x8001, 0x200}, &(0x7f00000003c0)=0x10) setsockopt$inet_sctp_SCTP_ASSOCINFO(r5, 0x84, 0x1, &(0x7f0000000400)={r1, 0x4, 0x5, 0xfffffff7}, 0x14) utimensat(r4, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={{0x77359400}, {0x0, 0xea60}}, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000004c0)={0x7, 0x7, 0x8, 0x5, 0x4, 0x1000, 0x7ff, 0x2, r6}, &(0x7f0000000500)=0x20) ppoll(&(0x7f0000000540)=[{r5, 0x503}, {r3, 0xb408}, {r5, 0x1401}], 0x3, &(0x7f0000000580)={0x77359400}, &(0x7f00000005c0), 0x8) r8 = mq_open(&(0x7f0000000600)='@*\x00', 0x40, 0x123, &(0x7f0000000640)={0x9, 0x2, 0x0, 0x80000000}) fcntl$setownex(r8, 0xf, &(0x7f0000000680)={0x2}) r9 = openat$mice(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/input/mice\x00', 0x204001) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r9, 0x84, 0x19, &(0x7f0000001200)={r2, 0x3f}, 0x8) 00:08:58 executing program 1: recvmsg(0xffffffffffffffff, &(0x7f0000001500)={&(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000001440)=[{&(0x7f0000000080)=""/207, 0xcf}, {&(0x7f0000000180)=""/181, 0xb5}, {&(0x7f0000000240)=""/100, 0x64}, {&(0x7f00000002c0)=""/186, 0xba}, {&(0x7f0000000380)=""/108, 0x6c}, {&(0x7f0000000400)=""/25, 0x19}, {&(0x7f0000000440)=""/4096, 0x1000}], 0x7, &(0x7f00000014c0)=""/36, 0x24}, 0x10000) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001540)={0x7, 0x1, 0x0, 0x3, 0x272, 0x1, 0x400, [], 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x40) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000001580)='/dev/vcsu\x00', 0x213000, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001780)={0x4, 0xb, &(0x7f00000015c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xf9}, [@map_val={0x18, 0x2, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x20}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8dd4}, @map={0x18, 0x1, 0x1, 0x0, r2}, @initr0={0x18, 0x0, 0x0, 0x0, 0x3735, 0x0, 0x0, 0x0, 0x200}]}, &(0x7f0000001640)='GPL\x00', 0x0, 0x61, &(0x7f0000001680)=""/97, 0x40f00, 0x10, [], 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000001700)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000001740)={0x5, 0x5, 0x0, 0xaa9}, 0x10}, 0x78) bind$nfc_llcp(r2, &(0x7f0000001800)={0x27, 0x0, 0x2, 0x5, 0x9, 0x3f, "5ace8608eedbb341d8f2dc4e1a5a688c53592a3a3b6976109e94c4451882c26a941f4d2d3ab3421f97faac6f8b70317942ec333218d10654367db0b687e7cb", 0x9}, 0x60) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001a40)=@bpf_ext={0x1c, 0x9, &(0x7f0000001880)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xc6}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x200}, @ldst={0x2, 0x1, 0x1, 0x3, 0x0, 0x8, 0xfffffffffffffff0}, @generic={0x9, 0x3, 0xa, 0x9, 0x9}, @func={0x85, 0x0, 0x1, 0x0, 0x8}, @generic={0x0, 0x1, 0x5, 0x7df6, 0x8}]}, &(0x7f0000001900)='syzkaller\x00', 0xe34, 0x5c, &(0x7f0000001940)=""/92, 0x41100, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000019c0)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000001a00)={0x1, 0x8, 0x3, 0x101}, 0x10, 0x1106f, r3}, 0x78) write$tcp_congestion(r2, &(0x7f0000001ac0)='scalable\x00', 0x9) ioctl$SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, &(0x7f0000001b00)) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000001c00)={'syztnl1\x00', &(0x7f0000001b80)={'gre0\x00', 0x0, 0x40, 0x40, 0xfff, 0xfffffff1, {{0xc, 0x4, 0x3, 0x3, 0x30, 0x68, 0x0, 0x0, 0x4, 0x0, @empty, @broadcast, {[@timestamp_prespec={0x44, 0x14, 0x9d, 0x3, 0xf, [{@multicast1, 0x7fff}, {@loopback, 0x401}]}, @noop, @end, @lsrr={0x83, 0x3, 0x70}]}}}}}) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000001c40)={'wg2\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000001d00)={'syztnl0\x00', &(0x7f0000001c80)={'ip6tnl0\x00', 0x0, 0x0, 0xd3, 0x2, 0x5, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, 0x80, 0x1, 0x0, 0x1bc5635e}}) sendmsg$ETHTOOL_MSG_DEBUG_GET(r2, &(0x7f0000001ec0)={&(0x7f0000001b40)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001e80)={&(0x7f0000001d40)={0x114, 0x0, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}]}, @HEADER={0x4}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x114}, 0x1, 0x0, 0x0, 0xc815}, 0x4004004) sendto$packet(r2, &(0x7f0000001f00)="b41c8e89a6a1614ac59b058604512e9b0f86259ce7f6af9a99594b3173932b453f716bc3749a6501e4abcb31cf4e4fa0509ea849e15b75889163a99ce559e409037de719431f361ab55f2899b1cc9d693fb9601507538648856f691d505d9229447ebe3f6396926f2ac4e5a35980f51db6f606a9baa80ef4c2f18ccaf14ac9594b4d9e5bb45a6f8cc48a06527e1022d3b29093dd79279186c034cd1a075a78fc7418f0f22df1", 0xa6, 0x10, &(0x7f0000001fc0)={0x11, 0x17, r4, 0x1, 0x80, 0x6, @link_local}, 0x14) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r7, 0x8982, &(0x7f0000002600)={0x3, 'veth1_to_hsr\x00', {0x101}, 0xab6e}) ioctl$sock_FIOGETOWN(r7, 0x8903, &(0x7f0000002640)) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000002680)={@ipv4={[], [], @multicast1}, 0x7d, r5}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000002840)=@bpf_tracing={0x1a, 0x3, &(0x7f00000026c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x8}}, &(0x7f0000002700)='GPL\x00', 0xc0000000, 0x6e, &(0x7f0000002740)=""/110, 0x40f00, 0x0, [], r4, 0x1a, r2, 0x8, &(0x7f00000027c0)={0x1, 0x1}, 0x8, 0x10, &(0x7f0000002800)={0x4, 0x2, 0x8, 0x400}, 0x10, 0x2250f, r2}, 0x78) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000002ac0)={'tunl0\x00', &(0x7f00000029c0)={'syztnl2\x00', 0x0, 0x700, 0x1, 0x0, 0x101, {{0x36, 0x4, 0x1, 0x1, 0xd8, 0x65, 0x0, 0x6, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x38}, @empty, {[@lsrr={0x83, 0x1f, 0xb3, [@empty, @loopback, @private=0xa010100, @loopback, @dev={0xac, 0x14, 0x14, 0x36}, @multicast1, @rand_addr=0x64010100]}, @timestamp_prespec={0x44, 0xc, 0x11, 0x3, 0x5, [{@remote, 0x5}]}, @timestamp_addr={0x44, 0x4c, 0x20, 0x1, 0x6, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8}, {@broadcast, 0x1}, {@private=0xa010101, 0x3f}, {@rand_addr=0x64010101, 0x7fff}, {@empty, 0x101}, {@local, 0x869}, {@remote, 0x8}, {@broadcast, 0x8f}, {@multicast1, 0x9}]}, @timestamp={0x44, 0x28, 0xee, 0x0, 0xe, [0x3, 0x6, 0xbc3, 0x7, 0x8, 0x6, 0xffff, 0x9, 0x5]}, @timestamp_prespec={0x44, 0x24, 0x13, 0x3, 0x7, [{@loopback, 0xffffffff}, {@remote, 0x3}, {@multicast2, 0x300000}, {@rand_addr=0x64010102, 0x8}]}]}}}}}) [ 541.282565][ T3081] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 541.444666][ T3081] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 557.959492][ T3081] device hsr_slave_0 entered promiscuous mode [ 558.156640][ T3081] device hsr_slave_1 entered promiscuous mode [ 568.471315][ T3081] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 570.531225][ T3081] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 570.928408][ T3081] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 573.117760][ T3081] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 618.698875][ T3081] 8021q: adding VLAN 0 to HW filter on device bond0 [ 625.427305][ T1934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 625.629816][ T1934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 641.970721][ T3240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 642.406040][ T3240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 644.544735][ T1934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 644.769977][ T1934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 645.379989][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 645.451532][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 646.187196][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 647.009951][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 648.136988][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 648.242283][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 648.870206][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 648.958739][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 649.728858][ T3081] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 653.177826][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 653.237776][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 665.917123][ T3240] device hsr_slave_0 entered promiscuous mode [ 666.032685][ T3240] device hsr_slave_1 entered promiscuous mode [ 666.228688][ T3240] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 666.298428][ T3240] Cannot create hsr debugfs directory [ 678.937703][ T3240] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 679.389508][ T3240] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 679.968737][ T3240] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 680.987737][ T3240] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 688.823918][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 688.991807][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 722.431934][ T3240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 730.107094][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 730.341394][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 777.921359][ T45] device hsr_slave_0 left promiscuous mode [ 778.039207][ T45] device hsr_slave_1 left promiscuous mode [ 788.625311][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 788.987105][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 791.012715][ T45] bond0 (unregistering): Released all slaves [ 818.615473][ T45] device hsr_slave_0 left promiscuous mode [ 818.671773][ T45] device hsr_slave_1 left promiscuous mode [ 823.408622][ T45] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 823.597541][ T45] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 824.859851][ T45] bond0 (unregistering): Released all slaves [ 829.427457][ T3539] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 829.606763][ T3539] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 837.518557][ T3546] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 837.758544][ T3546] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 842.326782][ T3539] device hsr_slave_0 entered promiscuous mode [ 842.388481][ T3539] device hsr_slave_1 entered promiscuous mode [ 849.217042][ T3546] device hsr_slave_0 entered promiscuous mode [ 849.298217][ T3546] device hsr_slave_1 entered promiscuous mode [ 849.346703][ T3546] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 849.348331][ T3546] Cannot create hsr debugfs directory [ 857.091960][ T3539] 8021q: adding VLAN 0 to HW filter on device bond0 [ 857.496793][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 857.529229][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 863.042139][ T3546] 8021q: adding VLAN 0 to HW filter on device bond0 [ 864.146945][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 864.189232][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 864.611429][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 864.650403][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 864.919961][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 864.979203][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 866.139039][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 866.248018][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 866.586983][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 866.676152][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 867.041142][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 867.100331][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 867.299624][ T3539] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 868.298084][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 868.301946][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 872.240493][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 872.281710][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 872.587862][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 872.677541][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 873.120381][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 873.199790][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 873.987487][ T1934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 874.069103][ T1934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 874.532309][ T3546] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 874.591215][ T3546] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 874.788475][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 874.810909][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 875.531126][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 875.541546][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 891.047167][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 891.200272][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 900.764955][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 900.809517][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 902.135956][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 902.209321][ T3113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 902.460271][ T3539] device veth0_vlan entered promiscuous mode [ 902.917727][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 902.941824][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 903.007224][ T3539] device veth1_vlan entered promiscuous mode [ 904.390143][ T1934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 904.524698][ T1934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 904.862393][ T3539] device veth0_macvtap entered promiscuous mode [ 905.211248][ T3539] device veth1_macvtap entered promiscuous mode [ 905.465013][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 906.288115][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 906.358587][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 906.612815][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 906.708011][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 910.770757][ T3539] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 911.088488][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 911.160353][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 911.386262][ T3546] device veth0_vlan entered promiscuous mode [ 912.011738][ T3546] device veth1_vlan entered promiscuous mode [ 912.181621][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 912.227886][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 913.624993][ T3546] device veth0_macvtap entered promiscuous mode [ 913.895482][ T3546] device veth1_macvtap entered promiscuous mode [ 914.144210][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 914.181187][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 914.217237][ T3362] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 914.317800][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 915.277440][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 915.331994][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 915.764529][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 915.812067][ T3216] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 00:15:18 executing program 0: ioctl$FITHAW(0xffffffffffffffff, 0xc0045878) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000080)={0x0, 0x73eb, 0xeee, 0x3, 0xb9, 0x2, 0x7, 0x8, {r0, @in6={{0xa, 0x4e20, 0x9, @rand_addr=' \x01\x00', 0x4}}, 0x1, 0x2, 0x10000, 0xb5, 0x1}}, &(0x7f0000000140)=0xb0) r3 = dup(0xffffffffffffffff) r4 = pidfd_getfd(r3, 0xffffffffffffffff, 0x0) r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000180)={[0x7f]}, 0x8, 0x81800) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x18, &(0x7f00000001c0)={r0, 0x7fff}, 0x8) sendto$l2tp(0xffffffffffffffff, &(0x7f0000000200)="01284e81441275bffd99622a08ed2d9f0cced2b6de988ecb06a1b2ff8cf5a23be2c9fb1a71a4f11e9c51c0de37de30247b6e", 0x32, 0x40, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x19}, 0x2}, 0x10) getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000280)={r0, 0x2, 0x7, 0x2a}, &(0x7f00000002c0)=0x10) r7 = syz_open_procfs(0x0, &(0x7f0000000300)='timers\x00') fspick(r7, &(0x7f0000000340)='./file0\x00', 0x1) getsockopt$inet_sctp_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000380)={r1, 0x2, 0x8001, 0x200}, &(0x7f00000003c0)=0x10) setsockopt$inet_sctp_SCTP_ASSOCINFO(r5, 0x84, 0x1, &(0x7f0000000400)={r1, 0x4, 0x5, 0xfffffff7}, 0x14) utimensat(r4, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={{0x77359400}, {0x0, 0xea60}}, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000004c0)={0x7, 0x7, 0x8, 0x5, 0x4, 0x1000, 0x7ff, 0x2, r6}, &(0x7f0000000500)=0x20) ppoll(&(0x7f0000000540)=[{r5, 0x503}, {r3, 0xb408}, {r5, 0x1401}], 0x3, &(0x7f0000000580)={0x77359400}, &(0x7f00000005c0), 0x8) r8 = mq_open(&(0x7f0000000600)='@*\x00', 0x40, 0x123, &(0x7f0000000640)={0x9, 0x2, 0x0, 0x80000000}) fcntl$setownex(r8, 0xf, &(0x7f0000000680)={0x2}) r9 = openat$mice(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/input/mice\x00', 0x204001) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r9, 0x84, 0x19, &(0x7f0000001200)={r2, 0x3f}, 0x8) [ 923.081734][ T4069] Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000020002640 [ 923.138449][ T4069] Oops [#1] [ 923.139419][ T4069] Modules linked in: [ 923.140265][ T4069] CPU: 0 PID: 4069 Comm: syz-executor.1 Not tainted 5.12.0-rc5-syzkaller-00715-ga5e13c6df0e4 #0 [ 923.141448][ T4069] Hardware name: riscv-virtio,qemu (DT) [ 923.142308][ T4069] epc : sock_ioctl+0x4c4/0x66c [ 923.143827][ T4069] ra : sock_ioctl+0x4c4/0x66c [ 923.144674][ T4069] epc : ffffffe0020e60a2 ra : ffffffe0020e60a2 sp : ffffffe0222efda0 [ 923.145740][ T4069] gp : ffffffe004588b08 tp : ffffffe007070000 t0 : 0000000000000000 [ 923.147371][ T4069] t1 : 0000000000000001 t2 : 00000000000f4240 s0 : ffffffe0222efe30 [ 923.148755][ T4069] s1 : 0000000000040000 a0 : 0000000000000000 a1 : 0000000000000007 [ 923.150491][ T4069] a2 : 1ffffffc00e0e000 a3 : ffffffe002a94d2e a4 : 0000000000000000 [ 923.152079][ T4069] a5 : 0000000000000000 a6 : 0000000000f00000 a7 : ffffffe000084f3a [ 923.153545][ T4069] s2 : 0000000000000000 s3 : 0000000000008902 s4 : 0000000020002640 [ 923.154712][ T4069] s5 : ffffffe00458c0d0 s6 : ffffffe00d0e79c0 s7 : ffffffe00c185580 [ 923.155898][ T4069] s8 : 0000000000008903 s9 : ffffffe00d0e7a80 s10: 0000000000000000 [ 923.156893][ T4069] s11: 0000000000020000 t3 : 832191aa896b7a00 t4 : ffffffc4012f57b2 [ 923.158071][ T4069] t5 : ffffffc4012f57ba t6 : 0000000000040000 [ 923.159515][ T4069] status: 0000000000000120 badaddr: 0000000020002640 cause: 000000000000000f [ 923.161186][ T4069] Call Trace: [ 923.161812][ T4069] [] sock_ioctl+0x4c4/0x66c [ 923.163177][ T4069] [] sys_ioctl+0x5c2/0xd56 [ 923.164114][ T4069] [] ret_from_syscall+0x0/0x2 [ 923.224818][ T4069] ---[ end trace 5cb017a357c86189 ]--- [ 923.227878][ T4069] Kernel panic - not syncing: Fatal exception [ 923.228996][ T4069] SMP: stopping secondary CPUs [ 923.230355][ T4069] Rebooting in 86400 seconds.. VM DIAGNOSIS: 16:12:11 Registers: info registers vcpu 0 pc ffffffe0003bd542 mhartid 0000000000000000 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffe00000542c mepc ffffffe00000e9d4 sepc ffffffe000084430 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffe000084474 x2/sp ffffffe022723b90 x3/gp ffffffe004588b08 x4/tp ffffffe00d52af80 x5/t0 0000000000046000 x6/t1 0000000000000001 x7/t2 00000000000f4240 x8/s0 ffffffe022723b90 x9/s1 ffffffe00d52b928 x10/a0 0000000000000000 x11/a1 00000000000f0000 x12/a2 0000000000000002 x13/a3 ffffffe0000847b6 x14/a4 0000000000000000 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffe0012b7202 x18/s2 0000000000000000 x19/s3 ffffffe00432b2b8 x20/s4 ffffffe003697a18 x21/s5 0000000000000001 x22/s6 ffffffe0043e7a98 x23/s7 0000000000000000 x24/s8 0000000000000000 x25/s9 ffffffe0012b7202 x26/s10 0000000000000000 x27/s11 ffffffe00d52b978 x28/t3 832191aa896b7a00 x29/t4 ffffffc4012f57b2 x30/t5 ffffffc4012f57ba x31/t6 0000000000040000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffe0000d2e40 mhartid 0000000000000001 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffe00000542c mepc ffffffe00000e9d4 sepc 0000000000053684 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffe0000d3806 x2/sp ffffffe0074dbc20 x3/gp ffffffe004588b08 x4/tp ffffffe0070b8000 x5/t0 0000000000000000 x6/t1 0000000000000001 x7/t2 00000000000f4240 x8/s0 ffffffe0074dbcb0 x9/s1 0000000000001000 x10/a0 ffffffe0070b89c8 x11/a1 0000000000000007 x12/a2 1ffffffc008d408b x13/a3 ffffffe0000d0d22 x14/a4 0000000000000000 x15/a5 ffffffe00458c0d0 x16/a6 0000000000f00000 x17/a7 ffffffe000084f3a x18/s2 0000000000000000 x19/s3 ffffffe067d71ed8 x20/s4 ffffffe003697a18 x21/s5 ffffffe002e27840 x22/s6 ffffffe067d72980 x23/s7 ffffffe067d71ed8 x24/s8 ffffffe0050495a8 x25/s9 0000000000000001 x26/s10 ffffffe006d60600 x27/s11 000000d6ebacab80 x28/t3 832191aa896b7a00 x29/t4 ffffffc4012ea7b2 x30/t5 ffffffc4012ea7ba x31/t6 0000000000040000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000