last executing test programs: 2m17.606156675s ago: executing program 0 (id=43): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000280)=@caif=@dgm={0x25, 0x6, 0x9}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000480)="62042700590200000000002f1eafbcf706e12b30087f5c582d26116642c47a5f8786ee601e65ab3c06d4b8bf4a81cb3e247345af215542f41ddf82f618438a34f90186cee8441e2305e495d04ad68ab8fef69df82de6456fbb48b63f60c9c9097be968ea872c4801e5d0711b4373c7224ed7a9cbd49d40f82bdb6afc0036824be26fc96e49a70e90797e6caa1b38ddacb3cb2b3eac7c068a185b644582f25edfa3d6a46e2a894ca809a422a6a29bd7145bb6e7992570484d6a5d0292ea0c3f97b7cbff701684b13c5593262534", 0xcd}, {&(0x7f0000000840)="294f28dfe56d2c8ba23606bc7ecd1f634665cb5bed07bac5684da6eb21da1d6926910c5a0c653b0106869a8049d2a44ce42557b2e72e2bd367e9d01a5e7380cc4fc8e7c9044cc4115b978ca7427d749beaefdf2e48b369cb169ad7b1ced26bb161297c7e56a3e83e91b379c179017f8b4657d1b22eca6bca33036d33e1a684059c5301001ca6637ac780ab2bcfc22a666cd4e5876f11e9aee4724b7cb59731c97e70ebd7f7483994eb07de2f5d6a9448c3206cff6d290b433f331c2399e99ee3bdecf5689eddc3e54908000000a933bbc47b65ca6e9d7efbee6e3b1dbe87313111e85336d6890002db17751b6044f964dc90ea466f90856112be7f0a54b39a3f66cc4c39544300093158af39cdde429f50d8c7fbc0efaccca18e94b87dc586ee60baa55469755ab00e92b607f2aeee00ad72fb29c1847f85b2f8ec3a34864b18eaaa131a4940c9af11606e5d9360c3f4a2c8308d50c34b1bbaac018469ac346dc2a539e20350297097e7bf21ea0c2a0aa083b2b3543af05c7fb5391a1c81304b520fafb941b2dc3cfb03c3dd8567a459752a5ca573ee7cf4f518af508d141c98dc9914df1521e9ee49decdf2418e7f74adea9fda805bc75906dafd279aee36397966427cdef205c67fbbb3", 0x1cb}, {&(0x7f0000000a40)="0a985d7879f1bb", 0x7}], 0x3}, 0x8045) 2m5.573240791s ago: executing program 1 (id=44): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0a41, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000140)={0x1, 0x6}, 0x4) setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0xd, 0xfffff034}, {0x50, 0x0, 0x5, 0xfffffffd}, {0x6, 0x0, 0x2, 0xffffffff}]}, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x300, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x3c, 0x8016, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @broadcast}, {{0xa200, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x1}}}}, 0xfdef) 2m4.556319952s ago: executing program 0 (id=45): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x2f, 0x20040040) dup3(r0, r1, 0x0) connect$unix(r1, &(0x7f0000000180)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 1m51.898310166s ago: executing program 1 (id=46): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x104, 0x80, 0x0, 0x6a8}, 'syz1\x00', 0x2f}) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x4) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1m51.808778636s ago: executing program 0 (id=47): unshare(0x62040200) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000080)={'raw\x00', 0x2, [{}, {}]}, 0x48) 1m36.358988354s ago: executing program 1 (id=48): socket$kcm(0x2, 0x1000000000000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, 0x0}, 0x94) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xf, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) io_uring_setup(0x1004dfb, &(0x7f0000000300)={0x0, 0x800039f7, 0x801, 0x2, 0x258}) keyctl$chown(0x4, 0x0, 0xee01, 0x0) keyctl$setperm(0x5, 0x0, 0x30925) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x4000000) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r5, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) ioctl$NS_GET_USERNS(0xffffffffffffffff, 0x8004b707, 0x0) 1m12.25945849s ago: executing program 0 (id=49): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000280)=@caif=@dgm={0x25, 0x6, 0x9}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000480)="62042700590200000000002f1eafbcf706e12b30087f5c582d26116642c47a5f8786ee601e65ab3c06d4b8bf4a81cb3e247345af215542f41ddf82f618438a34f90186cee8441e2305e495d04ad68ab8fef69df82de6456fbb48b63f60c9c9097be968ea872c4801e5d0711b4373c7224ed7a9cbd49d40f82bdb6afc0036824be26fc96e49a70e90797e6caa1b38ddacb3cb2b3eac7c068a185b644582f25edfa3d6a46e2a894ca809a422a6a29bd7145bb6e7992570484d6a5d0292ea0c3f97b7cbff701684b13c5593262534a7af9eab48f2ca", 0xd4}, {&(0x7f0000000840)="294f28dfe56d2c8ba23606bc7ecd1f634665cb5bed07bac5684da6eb21da1d6926910c5a0c653b0106869a8049d2a44ce42557b2e72e2bd367e9d01a5e7380cc4fc8e7c9044cc4115b978ca7427d749beaefdf2e48b369cb169ad7b1ced26bb161297c7e56a3e83e91b379c179017f8b4657d1b22eca6bca33036d33e1a684059c5301001ca6637ac780ab2bcfc22a666cd4e5876f11e9aee4724b7cb59731c97e70ebd7f7483994eb07de2f5d6a9448c3206cff6d290b433f331c2399e99ee3bdecf5689eddc3e54908000000a933bbc47b65ca6e9d7efbee6e3b1dbe87313111e85336d6890002db17751b6044f964dc90ea466f90856112be7f0a54b39a3f66cc4c39544300093158af39cdde429f50d8c7fbc0efaccca18e94b87dc586ee60baa55469755ab00e92b607f2aeee00ad72fb29c1847f85b2f8ec3a34864b18eaaa131a4940c9af11606e5d9360c3f4a2c8308d50c34b1bbaac018469ac346dc2a539e20350297097e7bf21ea0c2a0aa083b2b3543af05c7fb5391a1c81304b520fafb941b2dc3cfb03c3dd8567a459752a5ca573ee7cf4f518af508d141c98dc9914df1521e9ee49decdf2418e7f74adea9fda805bc75906dafd279aee36397966427cdef205c67fbbb3", 0x1cb}, {&(0x7f0000000a40)="0a985d7879f1bb", 0x7}], 0x3}, 0x8045) 54.411911181s ago: executing program 1 (id=50): r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000580)=@xdp={0x2c, 0x8, r2, 0x3e}, 0x80, &(0x7f0000002080)=[{&(0x7f0000000180)='\'', 0x1}], 0x1}, 0x0) 49.228348118s ago: executing program 0 (id=51): connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x20, @loopback, 0x23}, 0x1c) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000001500)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/65, 0x0, 0xeeef0000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000002bc0)={0x4, 0x0, [{0x5000, 0xae, &(0x7f0000000300)=""/174}, {0x0, 0x1000, &(0x7f0000001880)=""/4096}, {0xffff1000, 0x75, &(0x7f0000002880)=""/117}, {0xeeef0000, 0x35, &(0x7f0000002900)=""/53}]}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000400)=""/185, &(0x7f0000000140)=""/79, 0x9000}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f000012d000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00005a4000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xff03}, 0x68) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000000500)=""/4092}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000240)=0x1) 39.891474988s ago: executing program 1 (id=52): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() socketpair$unix(0x1, 0x5, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f000059b000/0x2000)=nil, 0x2000, 0x0, 0x20010, 0xffffffffffffffff, 0xd6fff000) timer_create(0x2, 0x0, &(0x7f0000bbdffc)) r4 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000340)=[{0x0}, {&(0x7f00000004c0)=""/168, 0xa8}, {&(0x7f0000000900)=""/106, 0x6a}, {&(0x7f00000000c0)=""/26, 0x1a}], 0x4}, 0x2000000}], 0x2, 0x101, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) 19.028535589s ago: executing program 0 (id=53): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) syz_clone(0x40001000, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='smaps_rollup\x00') socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) read$FUSE(r0, &(0x7f0000004900)={0x2020}, 0x2020) 0s ago: executing program 1 (id=54): r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x7fffffff, 0x1}}]}}]}, 0x48}}, 0x8d0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@newtfilter={0x34, 0x28, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xc}, {0xfff2}, {0xfff1, 0x6}}, [@filter_kind_options=@f_bpf={{0x8}, {0x8, 0x2, [@TCA_BPF_ACT={0x4}]}}]}, 0x34}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:38370' (ED25519) to the list of known hosts. syzkaller login: [ 609.620674][ T3210] cgroup: Unknown subsys name 'net' [ 610.741584][ T3210] cgroup: Unknown subsys name 'cpuset' [ 610.960834][ T3210] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 711.522310][ T3210] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 868.564546][ T3222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 869.205026][ T3222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 870.294324][ T3224] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 871.681556][ T3224] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 887.166496][ T3222] hsr_slave_0: entered promiscuous mode [ 887.239606][ T3222] hsr_slave_1: entered promiscuous mode [ 893.537623][ T3224] hsr_slave_0: entered promiscuous mode [ 893.611352][ T3224] hsr_slave_1: entered promiscuous mode [ 893.662740][ T3224] debugfs: 'hsr0' already exists in 'hsr' [ 893.666083][ T3224] Cannot create hsr debugfs directory [ 904.352446][ T3222] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 904.754191][ T3222] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 904.902730][ T3222] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 905.182369][ T3222] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 905.344061][ T3222] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 905.942796][ T3222] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 906.265334][ T3222] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 906.423650][ T3222] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 908.386760][ T3224] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 908.542798][ T3224] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 908.696974][ T3224] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 908.777439][ T3224] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 909.309572][ T3224] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 909.495916][ T3224] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 909.567411][ T3224] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 909.755743][ T3224] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 930.132166][ T3222] 8021q: adding VLAN 0 to HW filter on device bond0 [ 939.874810][ T3224] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1035.680663][ T3222] veth0_vlan: entered promiscuous mode [ 1037.491421][ T3222] veth1_vlan: entered promiscuous mode [ 1041.536632][ T3222] veth0_macvtap: entered promiscuous mode [ 1042.195395][ T3222] veth1_macvtap: entered promiscuous mode [ 1046.912877][ T3224] veth0_vlan: entered promiscuous mode [ 1047.915821][ T55] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1048.200205][ T55] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1048.225024][ T55] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1048.323853][ T55] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1049.589208][ T3224] veth1_vlan: entered promiscuous mode [ 1055.994566][ T3224] veth0_macvtap: entered promiscuous mode [ 1056.785112][ T3224] veth1_macvtap: entered promiscuous mode [ 1058.595096][ T3222] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1062.541673][ T55] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1062.715402][ T55] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1062.733356][ T55] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1063.066384][ T55] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1121.760960][ T3864] syzkaller0: entered promiscuous mode [ 1121.771335][ T3864] syzkaller0: entered allmulticast mode [ 1138.445510][ T3875] syzkaller0: entered promiscuous mode [ 1138.525976][ T3875] syzkaller0: entered allmulticast mode [ 1156.941336][ T3890] syz.0.11 uses obsolete (PF_INET,SOCK_PACKET) [ 1158.999817][ T3896] syz.1.12 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1209.876402][ T3916] nvme_fabrics: unknown parameter or missing value 'Ûw' in ctrl creation request [ 1283.537784][ T3951] netlink: 12 bytes leftover after parsing attributes in process `syz.1.29'. [ 1297.226027][ T3958] Zero length message leads to an empty skb [ 1317.175449][ T3964] syzkaller0: entered promiscuous mode [ 1317.210368][ T3964] syzkaller0: entered allmulticast mode [ 1333.023043][ T3992] capability: warning: `syz.1.34' uses deprecated v2 capabilities in a way that may be insecure [ 1403.867917][ T4030] syzkaller1: entered promiscuous mode [ 1403.895497][ T4030] syzkaller1: entered allmulticast mode [ 1417.016852][ T4040] input: syz1 as /devices/virtual/input/input0 [ 1534.114838][ C0] ------------[ cut here ]------------ [ 1534.115200][ C0] kernel BUG at [] mm/page_table_check.c:142! [ 1534.116080][ C0] Kernel BUG [#1] [ 1534.116302][ C0] Modules linked in: [ 1534.117081][ C0] CPU: 0 UID: 0 PID: 4091 Comm: syz.0.53 Tainted: G W syzkaller #0 PREEMPT [ 1534.117500][ C0] Tainted: [W]=WARN [ 1534.117608][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1534.117726][ C0] epc : __page_table_check_zero+0x386/0x534 [ 1534.118130][ C0] ra : __page_table_check_zero+0x386/0x534 [ 1534.118468][ C0] epc : ffffffff80c6a8b6 ra : ffffffff80c6a8b6 sp : ffff8f800afd6ad0 [ 1534.118655][ C0] gp : ffffffff8a24e5c0 tp : ffffaf801cfb0000 t0 : ffff8f800afd6a80 [ 1534.118831][ C0] t1 : fffff5ef02720809 t2 : ffffffff91627f80 s0 : ffff8f800afd6b40 [ 1534.119005][ C0] s1 : ffffaf8013904048 a0 : 0000000000000005 a1 : 0000000000000000 [ 1534.119186][ C0] a2 : 0000000000000002 a3 : ffffffff80c6a8b6 a4 : 0000000000000000 [ 1534.119352][ C0] a5 : ffffaf801cfb1000 a6 : 0000000000000003 a7 : ffffaf801390404b [ 1534.119520][ C0] s2 : 0000000000000001 s3 : 0000000000000000 s4 : ffffaf8013904000 [ 1534.119747][ C0] s5 : dfffffff00000000 s6 : 00000000000b3400 s7 : 0000000000000200 [ 1534.119920][ C0] s8 : 0000000000000009 s9 : 0000000000007fff s10: fffffffef146d78c [ 1534.120092][ C0] s11: ffffffff8a36bc60 t3 : 0000000000000001 t4 : fffff5ef02720809 [ 1534.120263][ C0] t5 : fffff5ef0272080a t6 : 0000000000000002 ssp : 0000000000000000 [ 1534.120428][ C0] status: 0000000200000120 badaddr: ffffffff80c6a8b6 cause: 0000000000000003 [ 1534.120611][ C0] [] __page_table_check_zero+0x386/0x534 [ 1534.121090][ C0] [] free_unref_folios+0xb1e/0x1ad0 [ 1534.121464][ C0] [] folios_put_refs+0x458/0x7c8 [ 1534.121745][ C0] [] free_pages_and_swap_cache+0x278/0x3c0 [ 1534.122070][ C0] [] __tlb_batch_free_encoded_pages+0xe4/0x25c [ 1534.122491][ C0] [] tlb_flush_mmu+0xdc/0x5f8 [ 1534.122879][ C0] [] __zap_vma_range+0x15e0/0x49f0 [ 1534.123208][ C0] [] unmap_vmas+0x24a/0x520 [ 1534.123504][ C0] [] exit_mmap+0x1fa/0xcc0 [ 1534.124103][ C0] [] __mmput+0x106/0x3d0 [ 1534.124538][ C0] [] mmput+0x74/0x88 [ 1534.124867][ C0] [] do_exit+0x876/0x2a18 [ 1534.125223][ C0] [] do_group_exit+0xca/0x258 [ 1534.125575][ C0] [] get_signal+0x1f56/0x2224 [ 1534.125956][ C0] [] arch_do_signal_or_restart+0x648/0x1e08 [ 1534.126308][ C0] [] exit_to_user_mode_loop+0x8e/0x9c4 [ 1534.126640][ C0] [] do_trap_ecall_u+0x4e4/0x61c [ 1534.127031][ C0] [] handle_exception+0x15e/0x16a [ 1534.128046][ C0] Code: f580 8526 d0ef 88af 8a2a b7a1 7097 ff8c 80e7 f460 (9002) 7097 [ 1534.128950][ C0] ---[ end trace 0000000000000000 ]--- [ 1534.129991][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 1534.130610][ C0] SMP: stopping secondary CPUs VM DIAGNOSIS: 07:42:55 Registers: info registers vcpu 0 CPU#0 V = 0 pc ffffffff86459ffe mhartid 0000000000000000 mstatus 0000000a000001a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000220 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000000 medeleg 0000000000f4b509 hedeleg 0000000000000000 mtvec 00000000800004f8 stvec ffffffff864ad2b4 vstvec 0000000000000000 mepc ffffffff800922c6 sepc ffffffff80c6a8b6 vsepc 0000000000000000 mcause 0000000000000009 scause 0000000000000003 vscause 0000000000000000 mtval 0000000000000000 stval ffffffff80c6a8b6 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080049000 sscratch 0000000000000000 satp 9013e000000afa42 x0/zero 0000000000000000 x1/ra ffffffff86460e3c x2/sp ffff8f800afd5c50 x3/gp ffffffff8a24e5c0 x4/tp ffffaf801cfb0000 x5/t0 ffffffff88266760 x6/t1 0000000041b58ab3 x7/t2 705f5f203a206370 x8/s0 ffff8f800afd5d40 x9/s1 ffffffffdfffffff x10/a0 ffff8f800afd61e1 x11/a1 0000000000000002 x12/a2 ffff8f808afd61dd x13/a3 00000006ffff0a00 x14/a4 0000000000000000 x15/a5 ffff8f800afd5ce0 x16/a6 ffff8f800afd5c80 x17/a7 0000000041b59000 x18/s2 ffff8f800afd60c3 x19/s3 ffff8f810afd60bf x20/s4 ffff8f800afd5de0 x21/s5 ffff8f808afd61dd x22/s6 ffff8f800afd5ce0 x23/s7 0000000000000002 x24/s8 000000000afd60bf x25/s9 0000000000000006 x26/s10 ffff8f808afd61dd x27/s11 0000000000000000 x28/t3 ffffffff86460c58 x29/t4 ffffffff882662a8 x30/t5 fffff1ef015fac3c x31/t6 ffff8f800afd61df fcsr 0000000000000000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 CPU#1 V = 0 pc ffffffff80088932 mhartid 0000000000000001 mstatus 0000000a000001a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000000 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000000 medeleg 0000000000f4b509 hedeleg 0000000000000000 mtvec 00000000800004f8 stvec ffffffff864ad2b4 vstvec 0000000000000000 mepc ffffffff8007be14 sepc ffffffff864a915e vsepc 0000000000000000 mcause 8000000000000003 scause 8000000000000001 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080047000 sscratch 0000000000000000 satp 9012e0000009dad9 x0/zero 0000000000000000 x1/ra ffffffff8008892e x2/sp ffff8f8000017e10 x3/gp ffffffff8a24e5c0 x4/tp ffffaf8013280000 x5/t0 ffff8f8000010000 x6/t1 fffffffef146c118 x7/t2 000000000000036e x8/s0 ffff8f8000017e40 x9/s1 ffffffff86a0caa8 x10/a0 0000000000000001 x11/a1 0000000000000004 x12/a2 0000000000000001 x13/a3 ffffffff8008892e x14/a4 0000000000000000 x15/a5 ffffaf8013280000 x16/a6 fffffffef146c119 x17/a7 0000000000000003 x18/s2 0000000000000001 x19/s3 ffffffff86867000 x20/s4 ffffffff80088678 x21/s5 ffffaf8011d18800 x22/s6 0000000000000000 x23/s7 0000000000000001 x24/s8 0000000000000007 x25/s9 ffffffff91627f88 x26/s10 ffffffff86a70600 x27/s11 0000000000000004 x28/t3 ffffffff88063548 x29/t4 fffffffef146c118 x30/t5 fffffffef146c119 x31/t6 ffffaf8032b2c026 fcsr 0000000000000000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000