syzkaller login: [ 201.580482][ T2895] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 201.627147][ T2895] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 201.695373][ T2895] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 201.765524][ T2895] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:53336' (ECDSA) to the list of known hosts. 1970/01/01 00:04:17 fuzzer started 1970/01/01 00:04:26 dialing manager at localhost:45919 1970/01/01 00:04:29 syscalls: 2768 1970/01/01 00:04:29 code coverage: enabled 1970/01/01 00:04:29 comparison tracing: enabled 1970/01/01 00:04:29 extra coverage: enabled 1970/01/01 00:04:29 setuid sandbox: enabled 1970/01/01 00:04:29 namespace sandbox: enabled 1970/01/01 00:04:29 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:04:29 fault injection: enabled 1970/01/01 00:04:29 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:04:29 net packet injection: enabled 1970/01/01 00:04:29 net device setup: enabled 1970/01/01 00:04:29 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:04:29 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:04:29 USB emulation: enabled 1970/01/01 00:04:29 hci packet injection: /dev/vhci does not exist 1970/01/01 00:04:29 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:04:29 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:04:33 fetching corpus: 50, signal 22521/24256 (executing program) 1970/01/01 00:04:35 fetching corpus: 100, signal 28563/31875 (executing program) 1970/01/01 00:04:36 fetching corpus: 150, signal 33760/38517 (executing program) 1970/01/01 00:04:38 fetching corpus: 200, signal 39160/45249 (executing program) 1970/01/01 00:04:40 fetching corpus: 250, signal 44482/51778 (executing program) 1970/01/01 00:04:41 fetching corpus: 300, signal 46719/55327 (executing program) 1970/01/01 00:04:43 fetching corpus: 350, signal 48197/58134 (executing program) 1970/01/01 00:04:45 fetching corpus: 400, signal 50687/61850 (executing program) 1970/01/01 00:04:47 fetching corpus: 450, signal 53497/65766 (executing program) 1970/01/01 00:04:48 fetching corpus: 500, signal 55420/68849 (executing program) 1970/01/01 00:04:49 fetching corpus: 550, signal 57561/72087 (executing program) 1970/01/01 00:04:51 fetching corpus: 600, signal 58952/74606 (executing program) 1970/01/01 00:04:52 fetching corpus: 650, signal 60323/77106 (executing program) 1970/01/01 00:04:54 fetching corpus: 700, signal 62103/79902 (executing program) 1970/01/01 00:04:55 fetching corpus: 750, signal 63419/82246 (executing program) 1970/01/01 00:04:56 fetching corpus: 800, signal 65872/85488 (executing program) 1970/01/01 00:04:58 fetching corpus: 850, signal 67298/87870 (executing program) 1970/01/01 00:05:00 fetching corpus: 900, signal 68278/89839 (executing program) 1970/01/01 00:05:02 fetching corpus: 950, signal 69989/92311 (executing program) 1970/01/01 00:05:03 fetching corpus: 1000, signal 70955/94226 (executing program) 1970/01/01 00:05:04 fetching corpus: 1050, signal 72047/96215 (executing program) 1970/01/01 00:05:06 fetching corpus: 1100, signal 73005/98081 (executing program) 1970/01/01 00:05:08 fetching corpus: 1150, signal 74535/100329 (executing program) 1970/01/01 00:05:10 fetching corpus: 1200, signal 75628/102197 (executing program) 1970/01/01 00:05:11 fetching corpus: 1250, signal 76479/103916 (executing program) 1970/01/01 00:05:12 fetching corpus: 1300, signal 77473/105668 (executing program) 1970/01/01 00:05:15 fetching corpus: 1350, signal 78027/107139 (executing program) 1970/01/01 00:05:16 fetching corpus: 1400, signal 78505/108541 (executing program) 1970/01/01 00:05:17 fetching corpus: 1450, signal 79575/110301 (executing program) 1970/01/01 00:05:19 fetching corpus: 1500, signal 80250/111806 (executing program) 1970/01/01 00:05:20 fetching corpus: 1550, signal 81283/113542 (executing program) 1970/01/01 00:05:22 fetching corpus: 1600, signal 82394/115252 (executing program) 1970/01/01 00:05:23 fetching corpus: 1650, signal 83537/116962 (executing program) 1970/01/01 00:05:24 fetching corpus: 1700, signal 84146/118362 (executing program) 1970/01/01 00:05:25 fetching corpus: 1750, signal 84772/119741 (executing program) 1970/01/01 00:05:27 fetching corpus: 1800, signal 86440/121695 (executing program) 1970/01/01 00:05:28 fetching corpus: 1850, signal 87121/123063 (executing program) 1970/01/01 00:05:30 fetching corpus: 1900, signal 87824/124424 (executing program) 1970/01/01 00:05:32 fetching corpus: 1950, signal 88999/126055 (executing program) 1970/01/01 00:05:33 fetching corpus: 2000, signal 89646/127368 (executing program) 1970/01/01 00:05:34 fetching corpus: 2050, signal 90088/128550 (executing program) 1970/01/01 00:05:36 fetching corpus: 2100, signal 91040/130001 (executing program) 1970/01/01 00:05:37 fetching corpus: 2150, signal 91617/131175 (executing program) 1970/01/01 00:05:38 fetching corpus: 2200, signal 92202/132372 (executing program) 1970/01/01 00:05:39 fetching corpus: 2250, signal 92777/133549 (executing program) 1970/01/01 00:05:41 fetching corpus: 2300, signal 93404/134758 (executing program) 1970/01/01 00:05:42 fetching corpus: 2350, signal 94422/136090 (executing program) 1970/01/01 00:05:44 fetching corpus: 2400, signal 94985/137230 (executing program) 1970/01/01 00:05:46 fetching corpus: 2450, signal 96480/138735 (executing program) 1970/01/01 00:05:47 fetching corpus: 2500, signal 97201/139833 (executing program) 1970/01/01 00:05:49 fetching corpus: 2550, signal 97763/140881 (executing program) 1970/01/01 00:05:50 fetching corpus: 2600, signal 98431/141959 (executing program) 1970/01/01 00:05:51 fetching corpus: 2650, signal 99336/143127 (executing program) 1970/01/01 00:05:53 fetching corpus: 2700, signal 99804/144129 (executing program) 1970/01/01 00:05:54 fetching corpus: 2750, signal 100241/145097 (executing program) 1970/01/01 00:05:56 fetching corpus: 2800, signal 100924/146123 (executing program) 1970/01/01 00:05:57 fetching corpus: 2850, signal 101240/147070 (executing program) 1970/01/01 00:05:59 fetching corpus: 2900, signal 101893/148068 (executing program) 1970/01/01 00:06:01 fetching corpus: 2950, signal 103093/149257 (executing program) 1970/01/01 00:06:03 fetching corpus: 3000, signal 103598/150203 (executing program) 1970/01/01 00:06:04 fetching corpus: 3050, signal 104307/151160 (executing program) 1970/01/01 00:06:05 fetching corpus: 3100, signal 104594/151982 (executing program) 1970/01/01 00:06:07 fetching corpus: 3150, signal 104950/152872 (executing program) 1970/01/01 00:06:08 fetching corpus: 3200, signal 105335/153729 (executing program) 1970/01/01 00:06:09 fetching corpus: 3250, signal 105591/154546 (executing program) 1970/01/01 00:06:10 fetching corpus: 3300, signal 106208/155475 (executing program) 1970/01/01 00:06:13 fetching corpus: 3350, signal 107231/156461 (executing program) 1970/01/01 00:06:15 fetching corpus: 3400, signal 107559/157245 (executing program) 1970/01/01 00:06:17 fetching corpus: 3450, signal 108595/158107 (executing program) 1970/01/01 00:06:18 fetching corpus: 3500, signal 109167/158949 (executing program) 1970/01/01 00:06:20 fetching corpus: 3550, signal 109747/159722 (executing program) 1970/01/01 00:06:22 fetching corpus: 3600, signal 110165/160502 (executing program) 1970/01/01 00:06:23 fetching corpus: 3650, signal 110623/161257 (executing program) 1970/01/01 00:06:24 fetching corpus: 3700, signal 110921/161934 (executing program) 1970/01/01 00:06:25 fetching corpus: 3729, signal 111171/162671 (executing program) 1970/01/01 00:06:25 fetching corpus: 3729, signal 111171/163358 (executing program) 1970/01/01 00:06:26 fetching corpus: 3729, signal 111171/164061 (executing program) 1970/01/01 00:06:26 fetching corpus: 3729, signal 111171/164746 (executing program) 1970/01/01 00:06:26 fetching corpus: 3729, signal 111171/165492 (executing program) 1970/01/01 00:06:26 fetching corpus: 3729, signal 111171/166169 (executing program) 1970/01/01 00:06:26 fetching corpus: 3729, signal 111171/166843 (executing program) 1970/01/01 00:06:26 fetching corpus: 3729, signal 111171/167512 (executing program) 1970/01/01 00:06:26 fetching corpus: 3729, signal 111171/168214 (executing program) 1970/01/01 00:06:26 fetching corpus: 3729, signal 111171/168888 (executing program) 1970/01/01 00:06:26 fetching corpus: 3729, signal 111171/169308 (executing program) 1970/01/01 00:06:26 fetching corpus: 3729, signal 111171/169308 (executing program) 1970/01/01 00:07:43 starting 2 fuzzer processes 00:07:59 executing program 0: openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000000)='net_prio.ifpriomap\x00', 0x2, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x200000, 0x0) r1 = perf_event_open$cgroup(&(0x7f0000000080)={0x1, 0x70, 0x8, 0x80, 0x7f, 0xe1, 0x0, 0x9, 0x15008, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x2, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0xffff, 0x1, @perf_bp={&(0x7f0000000040), 0xb}, 0x810, 0x5, 0xffff, 0x8, 0x7, 0x80000001, 0x6}, 0xffffffffffffffff, 0xa, r0, 0xa) r2 = openat$cgroup_freezer_state(r0, &(0x7f0000000140)='freezer.state\x00', 0x2, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ttyS3\x00', 0x319382, 0x0) ioctl$int_out(r3, 0x2a30, &(0x7f00000001c0)) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000200)=[r1, r1], 0x2) ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f0000000240)) mmap$IORING_OFF_SQES(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1000000, 0x1010, r0, 0x10000000) finit_module(r2, &(0x7f0000000280)='*\xa1\xaa($-+-\\@\x00', 0x0) ioctl$TIOCSBRK(r0, 0x5427) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000002c0)=0xb) ioctl$FS_IOC_READ_VERITY_METADATA(r2, 0xc0286687, &(0x7f0000000400)={0x1, 0xdf, 0xda, &(0x7f0000000300)=""/218}) ioctl$KIOCSOUND(r0, 0x4b2f, 0x0) r4 = fspick(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r4, &(0x7f0000000480)) sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, 0x0, 0x8, 0x70bd29, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000000) r5 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCCONS(r5, 0x541d) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, &(0x7f0000000640)=0x4) 00:08:21 executing program 1: getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0xffff7fff}, &(0x7f0000000040)=0x8) r1 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x6, 0x100) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000000c0)={r0, 0x76}, &(0x7f0000000100)=0x8) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000180)={r2, 0x7ff, 0x40, 0x4}, &(0x7f00000001c0)=0x10) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000200)={r4, 0x8}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000280)={r0, 0xd3, 0x1, [0x5]}, &(0x7f00000002c0)=0xa) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000300)={r0, 0x9}, 0x8) setsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000340)={r6, 0x80}, 0x8) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f0000000380)={0xa6}, 0x1) r7 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/null\x00', 0x10101, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f0000000400)={0x8, 0x2, 0x9, 0xc8c0000, r4}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000480)={r0, 0x3}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000500)={0x4, 0x88f9, 0x8000, 0x4, 0x3ff, 0x9a, 0x7, 0x4, r8}, 0x20) r9 = fcntl$getown(r1, 0x9) ioctl$TIOCSPGRP(r7, 0x5410, &(0x7f0000000540)=r9) r10 = syz_open_dev$vcsa(&(0x7f0000000580)='/dev/vcsa#\x00', 0x4, 0x42000) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r10, 0x84, 0x6, &(0x7f00000005c0)={r5, @in6={{0xa, 0x4e24, 0xffffff80, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x5}}}, 0x84) getsockopt$inet_sctp_SCTP_MAXSEG(r10, 0x84, 0xd, &(0x7f0000000680)=@assoc_id=r0, &(0x7f00000006c0)=0x4) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000780)=0x80000000, 0xbc4, 0x0) [ 503.677326][ T3070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 503.798734][ T3070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 510.775753][ T3070] device hsr_slave_0 entered promiscuous mode [ 510.811469][ T3070] device hsr_slave_1 entered promiscuous mode [ 514.967961][ T3070] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 515.105567][ T3070] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 515.184632][ T3070] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 515.308357][ T3070] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 524.001985][ T3070] 8021q: adding VLAN 0 to HW filter on device bond0 [ 524.480627][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 524.591385][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 529.464799][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 529.485942][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 529.640276][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 529.687500][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 529.966104][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 530.616218][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 530.844543][ T3242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 530.994341][ T3242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 531.744240][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 531.796506][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 532.040286][ T1939] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 532.101638][ T1939] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 532.315111][ T3070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 532.880452][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 532.897270][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 538.951434][ T3242] device hsr_slave_0 entered promiscuous mode [ 538.999670][ T3242] device hsr_slave_1 entered promiscuous mode [ 539.026445][ T3242] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 539.029882][ T3242] Cannot create hsr debugfs directory [ 542.795404][ T3242] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 542.978888][ T3242] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 543.050882][ T3242] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 543.216071][ T3242] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 543.987774][ T1939] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 544.032102][ T1939] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 549.616372][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 549.659791][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 549.774763][ T1939] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 549.808456][ T1939] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 549.954755][ T3070] device veth0_vlan entered promiscuous mode [ 550.467897][ T3070] device veth1_vlan entered promiscuous mode [ 551.858172][ T3242] 8021q: adding VLAN 0 to HW filter on device bond0 [ 551.978971][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 552.030269][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 552.280760][ T3070] device veth0_macvtap entered promiscuous mode [ 552.507852][ T1939] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 552.551180][ T1939] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 552.580248][ T1939] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 552.671652][ T3070] device veth1_macvtap entered promiscuous mode [ 553.688443][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 553.731794][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 553.971206][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 554.017760][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 554.249705][ T3070] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.252425][ T3070] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.260880][ T3070] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 554.262288][ T3070] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 557.070883][ T3070] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 558.754868][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 558.779587][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 559.147069][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 559.179201][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 559.708593][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 559.774928][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 560.552055][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 560.581428][ T3183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 561.055693][ T3242] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 561.094431][ T3242] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 561.392111][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 561.418196][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 561.949430][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 561.960572][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 00:09:21 executing program 0: ioctl$RTC_IRQP_SET(0xffffffffffffffff, 0x4008700c, 0x1738) r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/pid_for_children\x00') preadv(r0, &(0x7f0000000180)=[{&(0x7f0000000040)=""/60, 0x3c}, {&(0x7f00000000c0)}, {&(0x7f0000000100)=""/56, 0x38}, {&(0x7f0000000140)=""/36, 0x24}], 0x4, 0x5, 0x7fff) fsetxattr$system_posix_acl(r0, &(0x7f0000000080)='system.posix_acl_access\x00', 0x0, 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000001240)='/dev/full\x00', 0x0, 0x0) getsockname$llc(r0, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f00000001c0)=0x10) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000001240)='/dev/full\x00', 0x0, 0x0) read$FUSE(r2, &(0x7f0000003b00)={0x2020}, 0x2020) ioctl$RTC_WIE_ON(r2, 0x700f) read$FUSE(r1, &(0x7f0000003b00)={0x2020}, 0x2020) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000001240)='/dev/full\x00', 0x2800, 0x0) read$FUSE(r3, &(0x7f0000003b00)={0x2020}, 0x2020) ioctl$SNDCTL_SYNTH_INFO(r3, 0xc08c5102, &(0x7f0000000200)={"785c2f5a8cd2c77d96ba5b6aaf92ac34e07f2c656369867690da38dbf92e", 0x2, 0x2, 0x401, 0x63, 0x7, 0x0, 0x644, 0x0, [0x5, 0x7fff, 0x1, 0x2, 0x10000, 0x5, 0x80000000, 0x20, 0x2, 0x2, 0x1, 0x0, 0x8, 0x6, 0x8c27, 0x80, 0x7fff, 0x80, 0x5]}) ioctl$SNDCTL_TMR_METRONOME(r1, 0x40045407) 00:09:25 executing program 0: r0 = syz_io_uring_setup(0x1fa3, &(0x7f0000000000), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000080), &(0x7f00000000c0)) r1 = io_uring_setup(0x4ab3, &(0x7f0000000180)={0x0, 0x8d89, 0x8, 0x0, 0xa}) syz_io_uring_setup(0x46c2, &(0x7f0000000200)={0x0, 0xd1f7, 0x10, 0x0, 0x268, 0x0, r1}, &(0x7f0000fef000/0x11000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000000280), &(0x7f00000002c0)) syz_io_uring_setup(0xc89, &(0x7f0000000100)={0x0, 0x0, 0x2}, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x0, 0x0) io_uring_enter(r0, 0x63bd, 0x0, 0x0, 0x0, 0x0) syz_io_uring_setup(0x124a, &(0x7f0000000300)={0x0, 0x9744, 0x2, 0x0, 0xef, 0x0, r1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000380), &(0x7f00000003c0)) [ 573.569713][ T3150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 573.619877][ T3150] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 579.782050][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 579.811472][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 579.926712][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 579.967742][ T3540] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 580.116438][ T3242] device veth0_vlan entered promiscuous mode [ 580.522135][ T3242] device veth1_vlan entered promiscuous mode [ 581.575086][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 581.600420][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 581.749214][ T3242] device veth0_macvtap entered promiscuous mode [ 581.922306][ T3242] device veth1_macvtap entered promiscuous mode [ 582.006317][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 582.059562][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 582.649258][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 582.728425][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 583.083726][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 583.115163][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 583.411121][ T3242] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 583.434262][ T3242] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 583.436172][ T3242] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 583.438377][ T3242] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:09:49 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0/file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000000)=""/1016, 0x4dc282670b830459) getdents64(r0, 0x0, 0x0) 00:09:52 executing program 1: ioctl$RTC_ALM_READ(0xffffffffffffffff, 0x80247008, &(0x7f0000000080)) r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "aa01640bdcca6b4cbb63e4e91f65bbc47f5a7f"}) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f00000000c0)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, &(0x7f0000000000)={0xc5}) [ 595.147267][ T3548] EXT4-fs warning (device vda): verify_group_input:131: Cannot add at group 197 (only 8 groups) 00:09:54 executing program 1: ioctl$RTC_ALM_READ(0xffffffffffffffff, 0x80247008, &(0x7f0000000080)) r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "aa01640bdcca6b4cbb63e4e91f65bbc47f5a7f"}) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f00000000c0)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, &(0x7f0000000000)={0xc5}) [ 598.035705][ T3552] EXT4-fs warning (device vda): verify_group_input:131: Cannot add at group 197 (only 8 groups) [ 1008.110754][ T899] INFO: task syz-executor.0:3522 blocked for more than 430 seconds. [ 1008.120184][ T899] Not tainted 5.12.0-rc2-syzkaller-00467-g0d7588ab9ef9 #0 [ 1008.121240][ T899] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1008.122246][ T899] task:syz-executor.0 state:D stack: 0 pid: 3522 ppid: 3070 flags:0x00000004 [ 1008.129797][ T899] Call Trace: [ 1008.130879][ T899] [] __schedule+0x478/0xdec [ 1008.134313][ T899] [] schedule+0x64/0x166 [ 1008.135697][ T899] [] schedule_timeout+0x124/0x15a [ 1008.137141][ T899] [] __wait_for_common+0xd8/0x198 [ 1008.138562][ T899] [] wait_for_completion+0x1a/0x22 [ 1008.139934][ T899] [] io_sq_thread_finish+0x76/0x40c [ 1008.141383][ T899] [] io_uring_setup+0x1500/0x1c74 [ 1008.144244][ T899] [] sys_io_uring_setup+0x22/0x2e [ 1008.145671][ T899] [] ret_from_syscall+0x0/0x2 [ 1008.147796][ T899] [ 1008.147796][ T899] Showing all locks held in the system: [ 1008.149270][ T899] 1 lock held by rcu_preempt/13: [ 1008.150477][ T899] #0: ffffffe067d71e98 (&rq->lock){-.-.}-{2:2}, at: __schedule+0x136/0xdec [ 1008.156394][ T899] 1 lock held by khungtaskd/899: [ 1008.157475][ T899] #0: ffffffe00432b1e8 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x32/0x1fa [ 1008.160804][ T899] 1 lock held by klogd/2852: [ 1008.161892][ T899] 2 locks held by getty/3023: [ 1008.174524][ T899] #0: ffffffe007a16098 (&tty->ldisc_sem){++++}-{0:0}, at: ldsem_down_read+0x3c/0x48 [ 1008.177942][ T899] #1: ffffffd010a8b2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x9ac/0xb08 [ 1008.181138][ T899] 3 locks held by kworker/0:0/3183: [ 1008.191550][ T899] [ 1008.194192][ T899] ============================================= [ 1008.194192][ T899] [ 1008.195866][ T899] Kernel panic - not syncing: hung_task: blocked tasks [ 1008.197729][ T899] CPU: 0 PID: 899 Comm: khungtaskd Not tainted 5.12.0-rc2-syzkaller-00467-g0d7588ab9ef9 #0 [ 1008.199281][ T899] Hardware name: riscv-virtio,qemu (DT) [ 1008.200300][ T899] Call Trace: [ 1008.201078][ T899] [] walk_stackframe+0x0/0x23c [ 1008.202955][ T899] SMP: stopping secondary CPUs [ 1008.205489][ T899] Dumping ftrace buffer: [ 1008.209052][ T899] (ftrace buffer empty) [ 1008.211494][ T899] Rebooting in 1 seconds.. Connection to localhost closed by remote host. VM DIAGNOSIS: 01:09:32 Registers: info registers vcpu 0 pc ffffffe002a87f22 mhartid 0000000000000000 mstatus 00000000000000a0 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffe00000542c mepc ffffffe00000e98c sepc ffffffe0000db9d6 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffe0001a07c2 x2/sp ffffffe0075c7ad0 x3/gp ffffffe0045885a0 x4/tp ffffffe007605d00 x5/t0 ffffffe004ffdb77 x6/t1 34b284225ea36000 x7/t2 0000000000000000 x8/s0 ffffffe0075c7bb0 x9/s1 ffffffe067d43840 x10/a0 000000000000c8ea x11/a1 0000000000000003 x12/a2 1ffffffc0cfaab1a x13/a3 ffffffe002a886d8 x14/a4 fffffffffff00000 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 0b0285d785400000 x18/s2 0000000000001000 x19/s3 0000000000000004 x20/s4 0000000000000001 x21/s5 ffffffe00432f880 x22/s6 0000000002bd93e8 x23/s7 ffffffe00432f8b0 x24/s8 0000000000000015 x25/s9 ffffffe0076063a0 x26/s10 ffffffe007605d28 x27/s11 ffffffe00383cd08 x28/t3 fc7eb480215da200 x29/t4 ffffffc400eb8f5b x30/t5 ffffffc400eb8f5d x31/t6 ffffffe0075c7ae8 f0/ft0 3f844d65ef44e0de f1/ft1 3f847ae147ae147b f2/ft2 41b1459a8c044029 f3/ft3 41464d2e00000000 f4/ft4 3ff0000000000000 f5/ft5 4000000000000000 f6/ft6 3fe0000000000000 f7/ft7 3f999999999999a0 f8/fs0 3feaaaaaaaaaaaab f9/fs1 bfde1f9e0980ca7a f10/fa0 3fdab3f2a184ed00 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffe0014dac2e mhartid 0000000000000001 mstatus 00000000000000a2 mip 0000000000000000 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffe00000542c mepc ffffffe00000e98c sepc ffffffe002a92a62 mcause 0000000000000009 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffe002a8be06 x2/sp ffffffe00dee3a40 x3/gp ffffffe0045885a0 x4/tp ffffffe00a181740 x5/t0 ffffffc405f003ad x6/t1 0000000000000001 x7/t2 0000000040e445a9 x8/s0 ffffffe00dee3ba0 x9/s1 ffffffe002e38e80 x10/a0 0000000000000001 x11/a1 00000000000f0000 x12/a2 0000000000000002 x13/a3 ffffffe002a886fc x14/a4 ffffffc400a092ae x15/a5 0000000064f39000 x16/a6 0000000000f00000 x17/a7 fc7eb480215da200 x18/s2 ffffffe00458c228 x19/s3 0000000000000001 x20/s4 ffffffe004550bb0 x21/s5 ffffffe005049568 x22/s6 ffffffe004589320 x23/s7 ffffffe0044bfecb x24/s8 ffffffe005049568 x25/s9 0000000000000003 x26/s10 ffffffe00a181768 x27/s11 ffffffe02f801d48 x28/t3 fc7eb480215da200 x29/t4 ffffffc401bdc767 x30/t5 ffffffc401bdc76f x31/t6 ffffffe020abc026 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 4120000000000000 f3/ft3 40e05f6ef1cae31d f4/ft4 412b4e7000000000 f5/ft5 40363f782d7204d0 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000