syzkaller login: [ 294.019634][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 294.065784][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 337.683196][ T1860] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:2820' (ECDSA) to the list of known hosts. 1970/01/01 00:06:09 fuzzer started 1970/01/01 00:06:24 dialing manager at localhost:43229 [ 390.813787][ T2045] cgroup: Unknown subsys name 'net' [ 392.109161][ T2045] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:06:31 syscalls: 2821 1970/01/01 00:06:31 code coverage: enabled 1970/01/01 00:06:31 comparison tracing: enabled 1970/01/01 00:06:31 extra coverage: enabled 1970/01/01 00:06:31 delay kcov mmap: mmap returned an invalid pointer 1970/01/01 00:06:31 setuid sandbox: enabled 1970/01/01 00:06:31 namespace sandbox: enabled 1970/01/01 00:06:31 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:06:31 fault injection: enabled 1970/01/01 00:06:31 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:06:31 net packet injection: enabled 1970/01/01 00:06:31 net device setup: enabled 1970/01/01 00:06:31 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:06:31 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:06:31 USB emulation: enabled 1970/01/01 00:06:31 hci packet injection: /dev/vhci does not exist 1970/01/01 00:06:31 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:06:31 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:06:32 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:06:37 fetching corpus: 50, signal 32907/36482 (executing program) 1970/01/01 00:06:41 fetching corpus: 100, signal 50299/55324 (executing program) 1970/01/01 00:06:45 fetching corpus: 150, signal 60219/66708 (executing program) 1970/01/01 00:06:48 fetching corpus: 200, signal 68816/76684 (executing program) 1970/01/01 00:06:50 fetching corpus: 250, signal 74750/83971 (executing program) 1970/01/01 00:06:52 fetching corpus: 300, signal 80667/91208 (executing program) 1970/01/01 00:06:55 fetching corpus: 349, signal 85648/97432 (executing program) 1970/01/01 00:06:58 fetching corpus: 399, signal 92326/105270 (executing program) 1970/01/01 00:07:02 fetching corpus: 449, signal 96248/110387 (executing program) 1970/01/01 00:07:06 fetching corpus: 499, signal 102879/117959 (executing program) 1970/01/01 00:07:08 fetching corpus: 549, signal 105206/121460 (executing program) 1970/01/01 00:07:13 fetching corpus: 599, signal 108328/125712 (executing program) 1970/01/01 00:07:16 fetching corpus: 649, signal 113224/131560 (executing program) 1970/01/01 00:07:19 fetching corpus: 699, signal 115940/135257 (executing program) 1970/01/01 00:07:21 fetching corpus: 749, signal 119154/139449 (executing program) 1970/01/01 00:07:24 fetching corpus: 799, signal 121679/142987 (executing program) 1970/01/01 00:07:27 fetching corpus: 849, signal 125450/147522 (executing program) 1970/01/01 00:07:30 fetching corpus: 899, signal 130192/152925 (executing program) 1970/01/01 00:07:32 fetching corpus: 949, signal 133481/157015 (executing program) 1970/01/01 00:07:35 fetching corpus: 998, signal 136679/160940 (executing program) 1970/01/01 00:07:38 fetching corpus: 1047, signal 142695/167275 (executing program) 1970/01/01 00:07:40 fetching corpus: 1097, signal 144577/169976 (executing program) 1970/01/01 00:07:44 fetching corpus: 1147, signal 147436/173543 (executing program) 1970/01/01 00:07:45 fetching corpus: 1197, signal 149227/176141 (executing program) 1970/01/01 00:07:49 fetching corpus: 1247, signal 151973/179551 (executing program) 1970/01/01 00:07:52 fetching corpus: 1297, signal 154950/183075 (executing program) 1970/01/01 00:07:56 fetching corpus: 1347, signal 157478/186219 (executing program) 1970/01/01 00:07:59 fetching corpus: 1396, signal 160064/189397 (executing program) 1970/01/01 00:08:03 fetching corpus: 1446, signal 161240/191319 (executing program) 1970/01/01 00:08:06 fetching corpus: 1496, signal 162223/193085 (executing program) 1970/01/01 00:08:09 fetching corpus: 1546, signal 163680/195269 (executing program) 1970/01/01 00:08:12 fetching corpus: 1596, signal 165072/197376 (executing program) 1970/01/01 00:08:15 fetching corpus: 1646, signal 167450/200201 (executing program) 1970/01/01 00:08:19 fetching corpus: 1696, signal 168908/202280 (executing program) 1970/01/01 00:08:22 fetching corpus: 1746, signal 170659/204587 (executing program) 1970/01/01 00:08:25 fetching corpus: 1796, signal 171860/206422 (executing program) 1970/01/01 00:08:27 fetching corpus: 1846, signal 173067/208254 (executing program) 1970/01/01 00:08:30 fetching corpus: 1895, signal 174007/209897 (executing program) 1970/01/01 00:08:33 fetching corpus: 1945, signal 176698/212801 (executing program) 1970/01/01 00:08:38 fetching corpus: 1995, signal 178009/214708 (executing program) 1970/01/01 00:08:41 fetching corpus: 2045, signal 179426/216664 (executing program) 1970/01/01 00:08:43 fetching corpus: 2095, signal 181169/218827 (executing program) 1970/01/01 00:08:47 fetching corpus: 2144, signal 182485/220703 (executing program) 1970/01/01 00:08:50 fetching corpus: 2194, signal 184013/222608 (executing program) 1970/01/01 00:08:54 fetching corpus: 2244, signal 185585/224554 (executing program) 1970/01/01 00:08:57 fetching corpus: 2294, signal 186622/226158 (executing program) 1970/01/01 00:09:01 fetching corpus: 2344, signal 187757/227811 (executing program) 1970/01/01 00:09:03 fetching corpus: 2394, signal 188814/229373 (executing program) 1970/01/01 00:09:05 fetching corpus: 2444, signal 190252/231218 (executing program) 1970/01/01 00:09:08 fetching corpus: 2494, signal 191232/232690 (executing program) 1970/01/01 00:09:11 fetching corpus: 2543, signal 192987/234688 (executing program) 1970/01/01 00:09:13 fetching corpus: 2593, signal 194162/236205 (executing program) 1970/01/01 00:09:15 fetching corpus: 2641, signal 194853/237469 (executing program) 1970/01/01 00:09:18 fetching corpus: 2691, signal 196157/239136 (executing program) 1970/01/01 00:09:21 fetching corpus: 2741, signal 199103/241790 (executing program) 1970/01/01 00:09:24 fetching corpus: 2791, signal 200191/243219 (executing program) 1970/01/01 00:09:26 fetching corpus: 2841, signal 200941/244512 (executing program) 1970/01/01 00:09:29 fetching corpus: 2891, signal 202268/246044 (executing program) 1970/01/01 00:09:31 fetching corpus: 2941, signal 202956/247221 (executing program) 1970/01/01 00:09:33 fetching corpus: 2991, signal 203855/248503 (executing program) 1970/01/01 00:09:36 fetching corpus: 3041, signal 204687/249762 (executing program) 1970/01/01 00:09:39 fetching corpus: 3091, signal 206150/251403 (executing program) 1970/01/01 00:09:42 fetching corpus: 3141, signal 207496/252930 (executing program) 1970/01/01 00:09:45 fetching corpus: 3191, signal 209033/254533 (executing program) 1970/01/01 00:09:47 fetching corpus: 3241, signal 210023/255807 (executing program) 1970/01/01 00:09:50 fetching corpus: 3290, signal 211136/257190 (executing program) 1970/01/01 00:09:52 fetching corpus: 3340, signal 211951/258351 (executing program) 1970/01/01 00:09:55 fetching corpus: 3390, signal 212575/259408 (executing program) 1970/01/01 00:10:01 fetching corpus: 3440, signal 213588/260665 (executing program) 1970/01/01 00:10:04 fetching corpus: 3489, signal 214334/261727 (executing program) 1970/01/01 00:10:06 fetching corpus: 3538, signal 215155/262844 (executing program) 1970/01/01 00:10:09 fetching corpus: 3588, signal 216451/264219 (executing program) 1970/01/01 00:10:12 fetching corpus: 3638, signal 217159/265245 (executing program) 1970/01/01 00:10:17 fetching corpus: 3688, signal 218387/266562 (executing program) 1970/01/01 00:10:20 fetching corpus: 3738, signal 219090/267614 (executing program) 1970/01/01 00:10:23 fetching corpus: 3788, signal 220082/268789 (executing program) 1970/01/01 00:10:27 fetching corpus: 3838, signal 221743/270514 (executing program) 1970/01/01 00:10:31 fetching corpus: 3888, signal 222918/271733 (executing program) 1970/01/01 00:10:33 fetching corpus: 3938, signal 224014/272917 (executing program) 1970/01/01 00:10:35 fetching corpus: 3988, signal 224905/273929 (executing program) 1970/01/01 00:10:38 fetching corpus: 4038, signal 225488/274771 (executing program) 1970/01/01 00:10:40 fetching corpus: 4087, signal 226043/275662 (executing program) 1970/01/01 00:10:42 fetching corpus: 4136, signal 226570/276454 (executing program) 1970/01/01 00:10:46 fetching corpus: 4186, signal 227308/277378 (executing program) 1970/01/01 00:10:48 fetching corpus: 4236, signal 227870/278222 (executing program) 1970/01/01 00:10:51 fetching corpus: 4286, signal 228843/279241 (executing program) 1970/01/01 00:10:53 fetching corpus: 4336, signal 229515/280113 (executing program) 1970/01/01 00:10:56 fetching corpus: 4386, signal 230518/281177 (executing program) 1970/01/01 00:11:01 fetching corpus: 4435, signal 231462/282170 (executing program) 1970/01/01 00:11:04 fetching corpus: 4485, signal 232249/283039 (executing program) 1970/01/01 00:11:06 fetching corpus: 4535, signal 232905/283871 (executing program) 1970/01/01 00:11:08 fetching corpus: 4585, signal 233421/284657 (executing program) 1970/01/01 00:11:10 fetching corpus: 4635, signal 234184/285524 (executing program) 1970/01/01 00:11:14 fetching corpus: 4685, signal 234742/286277 (executing program) 1970/01/01 00:11:17 fetching corpus: 4735, signal 237460/287845 (executing program) 1970/01/01 00:11:20 fetching corpus: 4785, signal 238008/288598 (executing program) 1970/01/01 00:11:22 fetching corpus: 4835, signal 238642/289370 (executing program) 1970/01/01 00:11:25 fetching corpus: 4885, signal 239987/290387 (executing program) 1970/01/01 00:11:27 fetching corpus: 4935, signal 240761/291194 (executing program) 1970/01/01 00:11:31 fetching corpus: 4985, signal 241445/291954 (executing program) 1970/01/01 00:11:33 fetching corpus: 5035, signal 242074/292696 (executing program) 1970/01/01 00:11:36 fetching corpus: 5085, signal 242747/293438 (executing program) 1970/01/01 00:12:13 fetching corpus: 5135, signal 243406/294171 (executing program) 1970/01/01 00:12:18 fetching corpus: 5181, signal 243913/294804 (executing program) 1970/01/01 00:12:21 fetching corpus: 5231, signal 244603/295581 (executing program) 1970/01/01 00:12:23 fetching corpus: 5280, signal 245932/296451 (executing program) 1970/01/01 00:12:25 fetching corpus: 5330, signal 246349/297035 (executing program) 1970/01/01 00:12:28 fetching corpus: 5380, signal 247347/297845 (executing program) 1970/01/01 00:12:31 fetching corpus: 5430, signal 248137/298548 (executing program) 1970/01/01 00:12:35 fetching corpus: 5480, signal 248684/299176 (executing program) 1970/01/01 00:12:38 fetching corpus: 5530, signal 249318/299795 (executing program) 1970/01/01 00:12:41 fetching corpus: 5579, signal 249796/300394 (executing program) 1970/01/01 00:12:44 fetching corpus: 5629, signal 252213/301541 (executing program) 1970/01/01 00:12:47 fetching corpus: 5679, signal 252880/302147 (executing program) 1970/01/01 00:12:49 fetching corpus: 5728, signal 253624/302785 (executing program) 1970/01/01 00:12:52 fetching corpus: 5778, signal 254178/303331 (executing program) 1970/01/01 00:12:57 fetching corpus: 5828, signal 254901/303876 (executing program) 1970/01/01 00:13:00 fetching corpus: 5878, signal 256224/304614 (executing program) 1970/01/01 00:13:02 fetching corpus: 5928, signal 256822/305156 (executing program) 1970/01/01 00:13:04 fetching corpus: 5978, signal 258344/305908 (executing program) 1970/01/01 00:13:07 fetching corpus: 6028, signal 259162/306496 (executing program) 1970/01/01 00:13:11 fetching corpus: 6078, signal 261019/307333 (executing program) 1970/01/01 00:13:16 fetching corpus: 6128, signal 261878/307918 (executing program) 1970/01/01 00:13:19 fetching corpus: 6178, signal 263612/308709 (executing program) 1970/01/01 00:13:21 fetching corpus: 6228, signal 264129/309165 (executing program) 1970/01/01 00:13:24 fetching corpus: 6277, signal 264609/309617 (executing program) 1970/01/01 00:13:27 fetching corpus: 6326, signal 265216/310066 (executing program) 1970/01/01 00:13:31 fetching corpus: 6376, signal 265629/310488 (executing program) 1970/01/01 00:13:34 fetching corpus: 6426, signal 266216/310955 (executing program) 1970/01/01 00:13:37 fetching corpus: 6475, signal 266717/311387 (executing program) 1970/01/01 00:13:40 fetching corpus: 6524, signal 267169/311802 (executing program) 1970/01/01 00:13:42 fetching corpus: 6574, signal 267626/312228 (executing program) 1970/01/01 00:13:45 fetching corpus: 6624, signal 268244/312675 (executing program) 1970/01/01 00:13:49 fetching corpus: 6674, signal 268703/313080 (executing program) 1970/01/01 00:13:52 fetching corpus: 6724, signal 269051/313480 (executing program) 1970/01/01 00:13:55 fetching corpus: 6774, signal 269498/313867 (executing program) 1970/01/01 00:13:58 fetching corpus: 6824, signal 270077/314280 (executing program) 1970/01/01 00:14:01 fetching corpus: 6874, signal 271290/314772 (executing program) 1970/01/01 00:14:03 fetching corpus: 6924, signal 272250/315208 (executing program) 1970/01/01 00:14:08 fetching corpus: 6974, signal 272730/315588 (executing program) 1970/01/01 00:14:11 fetching corpus: 7024, signal 273115/315960 (executing program) 1970/01/01 00:14:15 fetching corpus: 7073, signal 273711/316333 (executing program) 1970/01/01 00:14:17 fetching corpus: 7122, signal 274105/316726 (executing program) 1970/01/01 00:14:20 fetching corpus: 7172, signal 275739/317167 (executing program) 1970/01/01 00:14:22 fetching corpus: 7222, signal 276233/317515 (executing program) 1970/01/01 00:14:26 fetching corpus: 7272, signal 276797/317846 (executing program) 1970/01/01 00:14:29 fetching corpus: 7322, signal 277391/318206 (executing program) 1970/01/01 00:14:31 fetching corpus: 7372, signal 278450/318555 (executing program) 1970/01/01 00:14:34 fetching corpus: 7422, signal 278911/318860 (executing program) 1970/01/01 00:14:37 fetching corpus: 7472, signal 279529/319149 (executing program) 1970/01/01 00:14:39 fetching corpus: 7522, signal 280005/319454 (executing program) 1970/01/01 00:14:42 fetching corpus: 7572, signal 280503/319747 (executing program) 1970/01/01 00:14:44 fetching corpus: 7622, signal 280984/320010 (executing program) 1970/01/01 00:14:47 fetching corpus: 7672, signal 281513/320301 (executing program) 1970/01/01 00:14:51 fetching corpus: 7722, signal 281769/320534 (executing program) 1970/01/01 00:14:54 fetching corpus: 7772, signal 282158/320779 (executing program) 1970/01/01 00:14:57 fetching corpus: 7822, signal 282583/321047 (executing program) 1970/01/01 00:15:01 fetching corpus: 7871, signal 283097/321283 (executing program) 1970/01/01 00:15:05 fetching corpus: 7921, signal 283551/321537 (executing program) 1970/01/01 00:15:09 fetching corpus: 7971, signal 285060/321756 (executing program) 1970/01/01 00:15:12 fetching corpus: 8021, signal 285467/321758 (executing program) 1970/01/01 00:15:15 fetching corpus: 8071, signal 286202/321758 (executing program) 1970/01/01 00:15:18 fetching corpus: 8121, signal 286646/321762 (executing program) 1970/01/01 00:15:20 fetching corpus: 8171, signal 287168/321763 (executing program) 1970/01/01 00:15:22 fetching corpus: 8221, signal 287512/321763 (executing program) 1970/01/01 00:15:24 fetching corpus: 8271, signal 287902/321763 (executing program) 1970/01/01 00:15:27 fetching corpus: 8320, signal 288265/321765 (executing program) 1970/01/01 00:15:32 fetching corpus: 8370, signal 288718/321785 (executing program) 1970/01/01 00:15:35 fetching corpus: 8420, signal 289183/321785 (executing program) 1970/01/01 00:15:38 fetching corpus: 8470, signal 291015/321785 (executing program) 1970/01/01 00:15:41 fetching corpus: 8520, signal 291451/321785 (executing program) 1970/01/01 00:15:44 fetching corpus: 8570, signal 291879/321786 (executing program) 1970/01/01 00:15:46 fetching corpus: 8619, signal 292450/321786 (executing program) 1970/01/01 00:15:49 fetching corpus: 8669, signal 292743/321786 (executing program) 1970/01/01 00:15:52 fetching corpus: 8719, signal 293052/321786 (executing program) 1970/01/01 00:15:56 fetching corpus: 8768, signal 293903/321786 (executing program) 1970/01/01 00:15:58 fetching corpus: 8818, signal 294445/321811 (executing program) 1970/01/01 00:16:00 fetching corpus: 8868, signal 294730/321811 (executing program) 1970/01/01 00:16:03 fetching corpus: 8918, signal 295232/321811 (executing program) 1970/01/01 00:16:06 fetching corpus: 8968, signal 295636/321811 (executing program) 1970/01/01 00:16:09 fetching corpus: 9017, signal 296054/321811 (executing program) 1970/01/01 00:16:12 fetching corpus: 9067, signal 296679/321811 (executing program) 1970/01/01 00:16:15 fetching corpus: 9117, signal 297319/321817 (executing program) 1970/01/01 00:16:18 fetching corpus: 9166, signal 297821/321817 (executing program) 1970/01/01 00:16:20 fetching corpus: 9216, signal 298135/321817 (executing program) 1970/01/01 00:16:23 fetching corpus: 9266, signal 298709/321817 (executing program) 1970/01/01 00:16:25 fetching corpus: 9316, signal 299051/321817 (executing program) 1970/01/01 00:16:28 fetching corpus: 9366, signal 299915/321817 (executing program) 1970/01/01 00:16:30 fetching corpus: 9415, signal 300405/321821 (executing program) 1970/01/01 00:16:33 fetching corpus: 9465, signal 300626/321821 (executing program) 1970/01/01 00:16:36 fetching corpus: 9515, signal 301001/321821 (executing program) 1970/01/01 00:16:39 fetching corpus: 9565, signal 301939/321823 (executing program) 1970/01/01 00:16:42 fetching corpus: 9615, signal 302332/321823 (executing program) 1970/01/01 00:16:45 fetching corpus: 9664, signal 302810/321823 (executing program) 1970/01/01 00:16:46 fetching corpus: 9714, signal 303174/321823 (executing program) 1970/01/01 00:16:49 fetching corpus: 9764, signal 303587/321823 (executing program) 1970/01/01 00:16:52 fetching corpus: 9814, signal 304018/321823 (executing program) 1970/01/01 00:16:54 fetching corpus: 9864, signal 304428/321823 (executing program) 1970/01/01 00:16:58 fetching corpus: 9914, signal 304764/321823 (executing program) 1970/01/01 00:17:02 fetching corpus: 9963, signal 305156/321859 (executing program) 1970/01/01 00:17:05 fetching corpus: 10013, signal 305554/321859 (executing program) 1970/01/01 00:17:09 fetching corpus: 10063, signal 306174/321859 (executing program) 1970/01/01 00:17:13 fetching corpus: 10113, signal 306471/321859 (executing program) 1970/01/01 00:17:15 fetching corpus: 10163, signal 306970/321863 (executing program) 1970/01/01 00:17:19 fetching corpus: 10213, signal 307461/321863 (executing program) 1970/01/01 00:17:23 fetching corpus: 10262, signal 307774/321865 (executing program) 1970/01/01 00:17:26 fetching corpus: 10312, signal 308140/321865 (executing program) 1970/01/01 00:17:29 fetching corpus: 10361, signal 308594/321865 (executing program) 1970/01/01 00:17:32 fetching corpus: 10411, signal 309045/321867 (executing program) 1970/01/01 00:17:33 fetching corpus: 10461, signal 309448/321880 (executing program) 1970/01/01 00:17:35 fetching corpus: 10511, signal 309685/321880 (executing program) 1970/01/01 00:17:38 fetching corpus: 10561, signal 310125/321880 (executing program) 1970/01/01 00:17:40 fetching corpus: 10611, signal 310568/321883 (executing program) 1970/01/01 00:17:44 fetching corpus: 10661, signal 310861/321883 (executing program) 1970/01/01 00:17:48 fetching corpus: 10711, signal 311325/321883 (executing program) 1970/01/01 00:17:51 fetching corpus: 10761, signal 311701/321891 (executing program) 1970/01/01 00:17:55 fetching corpus: 10811, signal 312012/321891 (executing program) 1970/01/01 00:17:59 fetching corpus: 10861, signal 312405/321891 (executing program) 1970/01/01 00:18:02 fetching corpus: 10911, signal 312716/321897 (executing program) 1970/01/01 00:18:04 fetching corpus: 10961, signal 313043/321897 (executing program) 1970/01/01 00:18:06 fetching corpus: 11011, signal 313385/321897 (executing program) 1970/01/01 00:18:23 fetching corpus: 11061, signal 313812/321897 (executing program) 1970/01/01 00:18:26 fetching corpus: 11110, signal 314063/321906 (executing program) 1970/01/01 00:18:28 fetching corpus: 11160, signal 314355/321906 (executing program) 1970/01/01 00:18:31 fetching corpus: 11210, signal 314776/321906 (executing program) 1970/01/01 00:18:34 fetching corpus: 11260, signal 315080/321906 (executing program) 1970/01/01 00:18:38 fetching corpus: 11310, signal 315364/321920 (executing program) 1970/01/01 00:18:40 fetching corpus: 11359, signal 315641/321920 (executing program) 1970/01/01 00:18:42 fetching corpus: 11408, signal 315997/321920 (executing program) 1970/01/01 00:18:45 fetching corpus: 11458, signal 316405/321920 (executing program) 1970/01/01 00:18:47 fetching corpus: 11508, signal 316875/321933 (executing program) 1970/01/01 00:18:49 fetching corpus: 11558, signal 317368/321934 (executing program) 1970/01/01 00:18:52 fetching corpus: 11608, signal 317891/321934 (executing program) 1970/01/01 00:18:54 fetching corpus: 11658, signal 318395/321940 (executing program) 1970/01/01 00:18:57 fetching corpus: 11707, signal 318651/321943 (executing program) 1970/01/01 00:19:00 fetching corpus: 11744, signal 318844/321943 (executing program) 1970/01/01 00:19:00 fetching corpus: 11744, signal 318844/321943 (executing program) 1970/01/01 00:21:17 starting 2 fuzzer processes 00:21:17 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @dev}]}}}]}, 0x38}}, 0x0) 00:21:17 executing program 1: syz_io_uring_setup(0x76a9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000140)={0x8}, 0x0, 0x0, 0x0) [ 1321.851777][ T2066] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1322.031732][ T2066] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1325.755552][ T2068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1326.022425][ T2068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1338.668274][ T2066] device hsr_slave_0 entered promiscuous mode [ 1338.731887][ T2066] device hsr_slave_1 entered promiscuous mode [ 1340.582133][ T2068] device hsr_slave_0 entered promiscuous mode [ 1340.641404][ T2068] device hsr_slave_1 entered promiscuous mode [ 1340.678253][ T2068] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1340.682793][ T2068] Cannot create hsr debugfs directory [ 1348.392145][ T2066] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1348.574774][ T2066] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1348.821234][ T2066] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1349.193764][ T2066] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1350.249936][ T2068] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1350.525277][ T2068] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1350.733370][ T2068] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1350.988162][ T2068] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1360.910178][ T2066] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1361.853471][ T2696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1361.932799][ T2696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1362.510439][ T2068] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1363.115265][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1363.201728][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1368.479027][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1368.512652][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1368.745024][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1368.822949][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1369.063010][ T2696] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1369.283395][ T2124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1369.883447][ T84] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1369.998450][ T84] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1370.342734][ T2124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1370.370614][ T2124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1370.508461][ T84] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1370.558815][ T84] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1370.764650][ T2066] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1371.569937][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1371.608866][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1371.623987][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1371.800244][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1372.213947][ T2048] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1372.219552][ T2048] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1373.121087][ T2068] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1373.123337][ T2068] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1373.325712][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1373.421823][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1373.479001][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1373.520379][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1373.702714][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1374.619273][ T2124] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1374.624544][ T2124] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1396.193270][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1396.249558][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1397.122191][ T2124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1397.149208][ T2124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1408.078881][ T84] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1408.099300][ T84] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1408.120446][ T84] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1408.137915][ T84] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1408.512391][ T2066] device veth0_vlan entered promiscuous mode [ 1409.455085][ T2066] device veth1_vlan entered promiscuous mode [ 1411.623727][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1411.703258][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1411.951260][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1412.034921][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1412.103313][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1412.172707][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1412.372163][ T2068] device veth0_vlan entered promiscuous mode [ 1412.603562][ T2066] device veth0_macvtap entered promiscuous mode [ 1412.924623][ T2187] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1413.143111][ T2066] device veth1_macvtap entered promiscuous mode [ 1413.631095][ T2068] device veth1_vlan entered promiscuous mode [ 1414.711636][ T84] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1414.801630][ T84] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1415.292528][ T84] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1415.362804][ T84] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1415.733545][ T2066] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1415.783117][ T2066] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1415.784879][ T2066] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1415.791752][ T2066] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1416.639704][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1416.702889][ T2343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1417.044587][ T2068] device veth0_macvtap entered promiscuous mode [ 1418.179264][ T2068] device veth1_macvtap entered promiscuous mode [ 1418.299353][ T2048] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1419.989721][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1420.064489][ T2709] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1420.498727][ T84] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1420.562922][ T84] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1421.131512][ T2068] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1421.133531][ T2068] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1421.135342][ T2068] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1421.184569][ T2068] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:23:49 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @dev}]}}}]}, 0x38}}, 0x0) 00:23:52 executing program 1: syz_io_uring_setup(0x76a9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000140)={0x8}, 0x0, 0x0, 0x0) 00:23:54 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @dev}]}}}]}, 0x38}}, 0x0) 00:23:56 executing program 1: syz_io_uring_setup(0x76a9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000140)={0x8}, 0x0, 0x0, 0x0) 00:23:58 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @dev}]}}}]}, 0x38}}, 0x0) 00:24:00 executing program 1: syz_io_uring_setup(0x76a9, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f00000b0000)=nil, 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000140)={0x8}, 0x0, 0x0, 0x0) 00:24:06 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7}) 00:24:06 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) bind(r0, 0x0, 0x7) 00:24:10 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7}) 00:24:11 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) bind(r0, 0x0, 0x7) 00:24:14 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7}) 00:24:15 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) bind(r0, 0x0, 0x7) 00:24:18 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7}) 00:24:19 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000008c0)={0xffffffffffffffff, 0xffffffffffffffff}) bind(r0, 0x0, 0x7) 00:24:23 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000000500)=[{{&(0x7f0000001e40)={0xa, 0x2f, 0x0, @mcast2}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c, 0x0, 0x0, &(0x7f00000009c0)=[@pktinfo={{0x24, 0x29, 0x32, {@private2}}}], 0x28}}], 0x2, 0x0) 00:24:24 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x54, 0x0, 0x0, 0xfff}, {0x6}]}) [ 1468.425766][ T26] audit: type=1326 audit(1467.130:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=2797 comm="syz-executor.1" exe="/syz-executor.1" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x3a460 code=0x0 00:24:28 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000000500)=[{{&(0x7f0000001e40)={0xa, 0x2f, 0x0, @mcast2}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c, 0x0, 0x0, &(0x7f00000009c0)=[@pktinfo={{0x24, 0x29, 0x32, {@private2}}}], 0x28}}], 0x2, 0x0) 00:24:28 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x54, 0x0, 0x0, 0xfff}, {0x6}]}) [ 1472.264791][ T26] audit: type=1326 audit(1470.990:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=2801 comm="syz-executor.1" exe="/syz-executor.1" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x3a460 code=0x0 00:24:31 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000000500)=[{{&(0x7f0000001e40)={0xa, 0x2f, 0x0, @mcast2}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c, 0x0, 0x0, &(0x7f00000009c0)=[@pktinfo={{0x24, 0x29, 0x32, {@private2}}}], 0x28}}], 0x2, 0x0) 00:24:32 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x54, 0x0, 0x0, 0xfff}, {0x6}]}) [ 1476.273776][ T26] audit: type=1326 audit(1475.000:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=2805 comm="syz-executor.1" exe="/syz-executor.1" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x3a460 code=0x0 00:24:35 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000000500)=[{{&(0x7f0000001e40)={0xa, 0x2f, 0x0, @mcast2}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c, 0x0, 0x0, &(0x7f00000009c0)=[@pktinfo={{0x24, 0x29, 0x32, {@private2}}}], 0x28}}], 0x2, 0x0) 00:24:37 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000140)=[{0x54, 0x0, 0x0, 0xfff}, {0x6}]}) [ 1481.007978][ T26] audit: type=1326 audit(1479.750:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=2810 comm="syz-executor.1" exe="/syz-executor.1" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x3a460 code=0x0 00:24:41 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/block/loop7', 0x0, 0x0) mknodat$null(r0, &(0x7f0000000140)='./file1\x00', 0xffffc000, 0x103) 00:24:43 executing program 1: openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001ac0), 0x0, 0x0) pselect6(0x40, &(0x7f0000000180)={0x500}, 0x0, &(0x7f00000000c0)={0x1f}, 0x0, 0x0) 00:24:46 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/block/loop7', 0x0, 0x0) mknodat$null(r0, &(0x7f0000000140)='./file1\x00', 0xffffc000, 0x103) 00:24:46 executing program 1: openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001ac0), 0x0, 0x0) pselect6(0x40, &(0x7f0000000180)={0x500}, 0x0, &(0x7f00000000c0)={0x1f}, 0x0, 0x0) 00:24:48 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/block/loop7', 0x0, 0x0) mknodat$null(r0, &(0x7f0000000140)='./file1\x00', 0xffffc000, 0x103) 00:24:50 executing program 1: openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001ac0), 0x0, 0x0) pselect6(0x40, &(0x7f0000000180)={0x500}, 0x0, &(0x7f00000000c0)={0x1f}, 0x0, 0x0) 00:24:52 executing program 0: r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/block/loop7', 0x0, 0x0) mknodat$null(r0, &(0x7f0000000140)='./file1\x00', 0xffffc000, 0x103) 00:24:53 executing program 1: openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001ac0), 0x0, 0x0) pselect6(0x40, &(0x7f0000000180)={0x500}, 0x0, &(0x7f00000000c0)={0x1f}, 0x0, 0x0) 00:24:56 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) 00:24:57 executing program 1: setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000f00)={0x0, 0x0, 0xee00}, 0xc) r0 = getpid() process_vm_readv(r0, &(0x7f0000000f00), 0x2, &(0x7f0000000dc0)=[{&(0x7f0000000e40)=""/163, 0xa3}, {&(0x7f0000002ac0)=""/252, 0xfc}, {&(0x7f0000002bc0)=""/209, 0xd1}, {&(0x7f0000000b40)=""/228}, {&(0x7f0000000c40)=""/90}, {&(0x7f0000002f00)=""/4096}, {&(0x7f0000000cc0)=""/211}], 0x3, 0x0) [ 1499.209086][ T26] audit: type=1326 audit(1497.950:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=2828 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x3a460 code=0x0 00:25:00 executing program 1: setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000f00)={0x0, 0x0, 0xee00}, 0xc) r0 = getpid() process_vm_readv(r0, &(0x7f0000000f00), 0x2, &(0x7f0000000dc0)=[{&(0x7f0000000e40)=""/163, 0xa3}, {&(0x7f0000002ac0)=""/252, 0xfc}, {&(0x7f0000002bc0)=""/209, 0xd1}, {&(0x7f0000000b40)=""/228}, {&(0x7f0000000c40)=""/90}, {&(0x7f0000002f00)=""/4096}, {&(0x7f0000000cc0)=""/211}], 0x3, 0x0) 00:25:01 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) [ 1504.928439][ T26] audit: type=1326 audit(1503.660:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=2834 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x3a460 code=0x0 00:25:04 executing program 1: setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000f00)={0x0, 0x0, 0xee00}, 0xc) r0 = getpid() process_vm_readv(r0, &(0x7f0000000f00), 0x2, &(0x7f0000000dc0)=[{&(0x7f0000000e40)=""/163, 0xa3}, {&(0x7f0000002ac0)=""/252, 0xfc}, {&(0x7f0000002bc0)=""/209, 0xd1}, {&(0x7f0000000b40)=""/228}, {&(0x7f0000000c40)=""/90}, {&(0x7f0000002f00)=""/4096}, {&(0x7f0000000cc0)=""/211}], 0x3, 0x0) 00:25:07 executing program 1: setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000f00)={0x0, 0x0, 0xee00}, 0xc) r0 = getpid() process_vm_readv(r0, &(0x7f0000000f00), 0x2, &(0x7f0000000dc0)=[{&(0x7f0000000e40)=""/163, 0xa3}, {&(0x7f0000002ac0)=""/252, 0xfc}, {&(0x7f0000002bc0)=""/209, 0xd1}, {&(0x7f0000000b40)=""/228}, {&(0x7f0000000c40)=""/90}, {&(0x7f0000002f00)=""/4096}, {&(0x7f0000000cc0)=""/211}], 0x3, 0x0) 00:25:07 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) [ 1510.413694][ T26] audit: type=1326 audit(1509.160:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=2841 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x3a460 code=0x0 00:25:11 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x2000, 0x4) close(r1) 00:25:12 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000080)) 00:25:14 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x2000, 0x4) close(r1) [ 1516.254114][ T26] audit: type=1326 audit(1514.990:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=2847 comm="syz-executor.0" exe="/syz-executor.0" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x3a460 code=0x0 00:25:18 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x2000, 0x4) close(r1) 00:25:20 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x2000, 0x4) close(r1) 00:25:25 executing program 1: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x2000, 0x4) close(r1) 00:25:26 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x2000, 0x4) close(r1) 00:25:32 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0xe9002) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x2000, 0x4) close(r1) 00:25:32 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0xe, &(0x7f0000000140), 0x4) 00:25:36 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0xe, &(0x7f0000000140), 0x4) 00:25:37 executing program 0: prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='\x00') openat(0xffffffffffffff9c, &(0x7f0000001080)='./file0\x00', 0x24140, 0x0) [ 1541.091991][ T26] audit: type=1800 audit(1539.830:10): pid=2867 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="" name="file0" dev="vda" ino=644 res=0 errno=0 00:25:39 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0xe, &(0x7f0000000140), 0x4) 00:25:41 executing program 0: prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='\x00') openat(0xffffffffffffff9c, &(0x7f0000001080)='./file0\x00', 0x24140, 0x0) 00:25:42 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0xe, &(0x7f0000000140), 0x4) [ 1544.799524][ T26] audit: type=1800 audit(1543.540:11): pid=2871 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="" name="file0" dev="vda" ino=640 res=0 errno=0 00:25:45 executing program 0: prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='\x00') openat(0xffffffffffffff9c, &(0x7f0000001080)='./file0\x00', 0x24140, 0x0) 00:25:46 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000d40), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x28, r2, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0x28}}, 0x0) [ 1548.435386][ T26] audit: type=1800 audit(1547.180:12): pid=2875 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="" name="file0" dev="vda" ino=640 res=0 errno=0 00:25:48 executing program 0: prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='\x00') openat(0xffffffffffffff9c, &(0x7f0000001080)='./file0\x00', 0x24140, 0x0) 00:25:50 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000d40), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x28, r2, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0x28}}, 0x0) [ 1551.897782][ T26] audit: type=1800 audit(1550.640:13): pid=2879 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="" name="file0" dev="vda" ino=640 res=0 errno=0 00:25:54 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000d40), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x28, r2, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0x28}}, 0x0) 00:25:55 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000d40), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x28, r2, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0x28}}, 0x0) 00:25:58 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000d40), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x28, r2, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0x28}}, 0x0) 00:25:59 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000d40), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x28, r2, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0x28}}, 0x0) 00:26:02 executing program 0: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000d40), r1) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x28, r2, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0x28}}, 0x0) 00:26:04 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r2, &(0x7f00000000c0)=0xffffffffffffffff, 0x12) sendmsg$nl_route(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="48010000110000022cbd7000fcdbdf2507000000", @ANYRES32=0x0, @ANYBLOB="0200f6ff3f01000008001300", @ANYRES32, @ANYBLOB="080023000080000008001c00", @ANYRES32=r2, @ANYBLOB="04001400080023000010000008000f0001000000d800188014000180080002007674690005000600ff0000006c000180080001000400000014000400031cb8eae6c07a2b1a4dda32fec2bb5f14000500622ce08630927a2b6919d59dc12ee42e05000600fc000000140005009067644cd8e1895864b555c93fa3277e050006000200000014000500d94fbdd6f9540b04610eae1d319537433400018008000100a0000000140005008ec8a1798640b0dbb0f015c33eca5625140004008c55d2ff0d7cca3d5863132ea1adcb32200001800500020000000000140005000a0ad39e5ff866a35532e64f2f28bf3708001f0000040000050021000100000014000300776c616e3000"/272], 0x148}, 0x1, 0x0, 0x0, 0x800}, 0x4) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x70, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x48, 0x12, 0x0, 0x1, @vti={{0x8}, {0x3c, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8, 0x5, @rand_addr=0x64010102}, @IFLA_VTI_LOCAL={0x8, 0x4, @empty}, @IFLA_VTI_REMOTE={0x8}, @IFLA_VTI_REMOTE={0x8, 0x5, @multicast2}, @vti_common_policy=[@IFLA_VTI_IKEY={0x8, 0x2, 0x7}, @IFLA_VTI_FWMARK={0x8, 0x6, 0x3f}, @IFLA_VTI_LINK={0x8}]]}}}, @IFLA_MASTER={0x8}]}, 0x70}}, 0x0) [ 1567.036006][ C0] ================================================================== [ 1567.040057][ C0] BUG: KASAN: use-after-free in walk_stackframe+0x11c/0x260 [ 1567.041471][ C0] Read of size 8 at addr ffffaf801433bfe0 by task syz-executor.1/2893 [ 1567.042855][ C0] [ 1567.044578][ C0] CPU: 0 PID: 2893 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1567.046920][ C0] Hardware name: riscv-virtio,qemu (DT) [ 1567.048602][ C0] Call Trace: [ 1567.049607][ C0] [] dump_backtrace+0x2e/0x3c [ 1567.050871][ C0] [] show_stack+0x34/0x40 [ 1567.051990][ C0] [] dump_stack_lvl+0xe4/0x150 [ 1567.053223][ C0] [] print_address_description.constprop.0+0x2a/0x330 [ 1567.054653][ C0] [] kasan_report+0x184/0x1e0 [ 1567.056030][ C0] [] __asan_load8+0x6e/0x96 [ 1567.057982][ C0] [] walk_stackframe+0x11c/0x260 [ 1567.059235][ C0] [] arch_stack_walk+0x2c/0x3c [ 1567.060630][ C0] [ 1567.061334][ C0] The buggy address belongs to the page: [ 1567.062703][ C0] page:ffffaf807abf7898 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x9453b [ 1567.064279][ C0] flags: 0x9000000000(section=18|node=0|zone=0) [ 1567.066736][ C0] raw: 0000009000000000 ffffaf807fdf2640 ffffaf807b04d828 0000000000000000 [ 1567.068080][ C0] raw: 0000000000000000 0000000000000000 00000000ffffff7f 0000000000000000 [ 1567.069176][ C0] raw: 00000000000007ff [ 1567.070035][ C0] page dumped because: kasan: bad access detected [ 1567.071153][ C0] page_owner tracks the page as freed [ 1567.072012][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 2696, ts 1524469209000, free_ts 1552581738500 [ 1567.074488][ C0] __set_page_owner+0x48/0x136 [ 1567.075657][ C0] post_alloc_hook+0xd0/0x10a [ 1567.077136][ C0] get_page_from_freelist+0x8da/0x12d8 [ 1567.078607][ C0] __alloc_pages+0x150/0x3b6 [ 1567.079643][ C0] alloc_pages+0x132/0x2a6 [ 1567.080783][ C0] alloc_slab_page.constprop.0+0xc2/0xfa [ 1567.081978][ C0] new_slab+0x76/0x2cc [ 1567.082970][ C0] ___slab_alloc+0x56e/0x918 [ 1567.084586][ C0] __slab_alloc.constprop.0+0x50/0x8c [ 1567.086392][ C0] __kmalloc_node_track_caller+0x26c/0x362 [ 1567.088132][ C0] __alloc_skb+0xee/0x2e4 [ 1567.089223][ C0] nsim_dev_trap_report_work+0x1c2/0x5e4 [ 1567.090419][ C0] process_one_work+0x654/0xffe [ 1567.091484][ C0] worker_thread+0x360/0x8fa [ 1567.092473][ C0] kthread+0x19e/0x1fa [ 1567.093522][ C0] ret_from_exception+0x0/0x10 [ 1567.094685][ C0] page last free stack trace: [ 1567.095498][ C0] __reset_page_owner+0x4a/0xea [ 1567.097124][ C0] free_pcp_prepare+0x29c/0x45e [ 1567.098599][ C0] free_unref_page+0x6a/0x31e [ 1567.099625][ C0] __free_pages+0xe2/0x112 [ 1567.100595][ C0] __free_slab+0x122/0x27c [ 1567.101664][ C0] discard_slab+0x4c/0x7a [ 1567.102669][ C0] __unfreeze_partials+0x16a/0x18e [ 1567.103732][ C0] put_cpu_partial+0xf6/0x162 [ 1567.104777][ C0] __slab_free+0x166/0x29c [ 1567.105914][ C0] ___cache_free+0x17c/0x354 [ 1567.107311][ C0] qlist_free_all+0x7c/0x132 [ 1567.108360][ C0] kasan_quarantine_reduce+0x14c/0x1c8 [ 1567.109449][ C0] __kasan_slab_alloc+0x5c/0x98 [ 1567.110530][ C0] kmem_cache_alloc+0x338/0x3de [ 1567.111545][ C0] vm_area_dup+0xa4/0x224 [ 1567.112546][ C0] dup_mm+0x3e8/0xe10 [ 1567.113733][ C0] [ 1567.114421][ C0] Memory state around the buggy address: [ 1567.115641][ C0] ffffaf801433be80: 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff [ 1567.117527][ C0] ffffaf801433bf00: 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff [ 1567.119262][ C0] >ffffaf801433bf80: 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff [ 1567.120367][ C0] ^ [ 1567.121455][ C0] ffffaf801433c000: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 f3 [ 1567.122483][ C0] ffffaf801433c080: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 [ 1567.123575][ C0] ================================================================== [ 1567.124651][ C0] Disabling lock debugging due to kernel taint [ 1567.128115][ T2893] Kernel panic - not syncing: corrupted stack end detected inside scheduler [ 1567.129452][ T2893] CPU: 0 PID: 2893 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 [ 1567.131469][ T2893] Hardware name: riscv-virtio,qemu (DT) [ 1567.132172][ T2893] Call Trace: [ 1567.132690][ T2893] [] dump_backtrace+0x2e/0x3c [ 1567.133761][ T2893] [] show_stack+0x34/0x40 [ 1567.134686][ T2893] [] dump_stack_lvl+0xe4/0x150 [ 1567.135756][ T2893] [] dump_stack+0x1c/0x24 [ 1567.136927][ T2893] [] panic+0x24a/0x634 [ 1567.137897][ T2893] [] schedule+0x0/0x14c [ 1567.139380][ T2893] [] preempt_schedule_irq+0x4a/0x13e [ 1567.140521][ T2893] [] resume_kernel+0x16/0x18 [ 1567.142326][ T2893] SMP: stopping secondary CPUs [ 1567.144376][ T2893] Rebooting in 86400 seconds.. VM DIAGNOSIS: 14:34:21 Registers: info registers vcpu 0 pc ffffffff80dc337e mhartid 0000000000000000 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000022a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff80200a06 sepc ffffffff831a70f2 mcause 8000000000000007 scause 8000000000000009 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff80dc337e x2/sp ffffaf801433b9b0 x3/gp ffffffff85863ac0 x4/tp ffffaf800de01840 x5/t0 ffffffff86bcb657 x6/t1 4081a75e7659f200 x7/t2 0000000000000000 x8/s0 ffffaf801433b9e0 x9/s1 ffffffff86e58900 x10/a0 ffffffff86e58948 x11/a1 ffff8f800066c000 x12/a2 1ffffffff0dcb129 x13/a3 ffffffff80dc337e x14/a4 0000000000000000 x15/a5 ffffffff86e58948 x16/a6 ffffffff86e589f1 x17/a7 ffffffff80dcc9fe x18/s2 ffff8f800066c000 x19/s3 0000000000000035 x20/s4 ffffffff86e58900 x21/s5 ffffffff80dc333e x22/s6 0000000000000000 x23/s7 ffffffff86bcb658 x24/s8 0000000000000010 x25/s9 ffffffff86e58958 x26/s10 0000000000000010 x27/s11 0000000000000000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f0028676e4 x31/t6 ffffffff86bcb657 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffff8011208a mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffff800055d4 mepc ffffffff8000f97e sepc 00007fffb21a61b8 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffff8010ce7e x2/sp ffffaf800e93bc70 x3/gp ffffffff85863ac0 x4/tp ffffaf8008b80000 x5/t0 0000000000000438 x6/t1 4081a75e7659f200 x7/t2 ffffffffffffffff x8/s0 ffffaf800e93bd50 x9/s1 ffffaf8008b80000 x10/a0 ffffaf8008b80508 x11/a1 0000000000000003 x12/a2 0000000000000002 x13/a3 ffffffff80144860 x14/a4 0000000000f00000 x15/a5 ffffffff86c1a628 x16/a6 0000000000f00000 x17/a7 0000000000000087 x18/s2 0000000000000000 x19/s3 ffffffff84b73ec0 x20/s4 0000000000000001 x21/s5 ffffaf800bd21f18 x22/s6 0000000000000000 x23/s7 ffffaf8008b80000 x24/s8 ffffffff803ccf2c x25/s9 ffffffff85889780 x26/s10 0000000000000000 x27/s11 ffffaf8008b80000 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f001d27760 x31/t6 0000000002b1a5a2 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000