syzkaller login: [ 237.681250][ T2895] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 237.743257][ T2895] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 237.806234][ T2895] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 237.857391][ T2895] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:53995' (ECDSA) to the list of known hosts. 1970/01/01 00:04:40 fuzzer started 1970/01/01 00:04:52 dialing manager at localhost:37651 1970/01/01 00:04:56 syscalls: 2768 1970/01/01 00:04:56 code coverage: enabled 1970/01/01 00:04:56 comparison tracing: enabled 1970/01/01 00:04:56 extra coverage: enabled 1970/01/01 00:04:56 setuid sandbox: enabled 1970/01/01 00:04:56 namespace sandbox: enabled 1970/01/01 00:04:56 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:04:56 fault injection: enabled 1970/01/01 00:04:56 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:04:56 net packet injection: enabled 1970/01/01 00:04:56 net device setup: enabled 1970/01/01 00:04:56 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:04:56 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:04:56 USB emulation: enabled 1970/01/01 00:04:56 hci packet injection: /dev/vhci does not exist 1970/01/01 00:04:56 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:04:56 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:04:56 fetching corpus: 0, signal 0/2000 (executing program) 1970/01/01 00:04:59 fetching corpus: 50, signal 18865/22122 (executing program) 1970/01/01 00:05:03 fetching corpus: 100, signal 29764/34004 (executing program) 1970/01/01 00:05:05 fetching corpus: 150, signal 35634/40791 (executing program) 1970/01/01 00:05:07 fetching corpus: 200, signal 39380/45457 (executing program) 1970/01/01 00:05:10 fetching corpus: 250, signal 42829/49708 (executing program) 1970/01/01 00:05:12 fetching corpus: 300, signal 45850/53442 (executing program) 1970/01/01 00:05:14 fetching corpus: 350, signal 47972/56278 (executing program) 1970/01/01 00:05:16 fetching corpus: 400, signal 50450/59316 (executing program) 1970/01/01 00:05:18 fetching corpus: 450, signal 52845/62225 (executing program) 1970/01/01 00:05:20 fetching corpus: 500, signal 54636/64605 (executing program) 1970/01/01 00:05:23 fetching corpus: 550, signal 56186/66721 (executing program) 1970/01/01 00:05:25 fetching corpus: 600, signal 57910/68851 (executing program) 1970/01/01 00:05:27 fetching corpus: 650, signal 58775/70280 (executing program) 1970/01/01 00:05:29 fetching corpus: 700, signal 62350/73581 (executing program) 1970/01/01 00:05:31 fetching corpus: 750, signal 65232/76231 (executing program) 1970/01/01 00:05:33 fetching corpus: 800, signal 66402/77674 (executing program) 1970/01/01 00:05:36 fetching corpus: 850, signal 67298/78924 (executing program) 1970/01/01 00:05:37 fetching corpus: 900, signal 70135/81366 (executing program) 1970/01/01 00:05:39 fetching corpus: 950, signal 71573/82825 (executing program) 1970/01/01 00:05:42 fetching corpus: 1000, signal 72912/84207 (executing program) 1970/01/01 00:05:44 fetching corpus: 1050, signal 76391/86651 (executing program) 1970/01/01 00:05:46 fetching corpus: 1100, signal 77228/87546 (executing program) 1970/01/01 00:05:48 fetching corpus: 1150, signal 78323/88549 (executing program) 1970/01/01 00:05:49 fetching corpus: 1200, signal 79307/89479 (executing program) 1970/01/01 00:05:52 fetching corpus: 1250, signal 80019/90224 (executing program) 1970/01/01 00:05:53 fetching corpus: 1300, signal 80616/90908 (executing program) 1970/01/01 00:05:55 fetching corpus: 1350, signal 81229/91578 (executing program) 1970/01/01 00:05:57 fetching corpus: 1400, signal 82016/92282 (executing program) 1970/01/01 00:05:58 fetching corpus: 1449, signal 82722/92916 (executing program) 1970/01/01 00:06:01 fetching corpus: 1499, signal 83762/93670 (executing program) 1970/01/01 00:06:03 fetching corpus: 1549, signal 84315/94181 (executing program) 1970/01/01 00:06:04 fetching corpus: 1599, signal 85002/94721 (executing program) 1970/01/01 00:06:06 fetching corpus: 1649, signal 85771/95224 (executing program) 1970/01/01 00:06:08 fetching corpus: 1699, signal 88066/96238 (executing program) 1970/01/01 00:06:10 fetching corpus: 1749, signal 89265/96829 (executing program) 1970/01/01 00:06:11 fetching corpus: 1799, signal 89816/97183 (executing program) 1970/01/01 00:06:12 fetching corpus: 1849, signal 90812/97656 (executing program) 1970/01/01 00:06:14 fetching corpus: 1899, signal 91788/98058 (executing program) 1970/01/01 00:06:16 fetching corpus: 1949, signal 92570/98363 (executing program) 1970/01/01 00:06:18 fetching corpus: 1999, signal 93467/98661 (executing program) 1970/01/01 00:06:19 fetching corpus: 2049, signal 94260/98887 (executing program) 1970/01/01 00:06:21 fetching corpus: 2099, signal 94896/99101 (executing program) 1970/01/01 00:06:23 fetching corpus: 2149, signal 95319/99258 (executing program) 1970/01/01 00:06:24 fetching corpus: 2198, signal 95788/99362 (executing program) 1970/01/01 00:06:27 fetching corpus: 2248, signal 96277/99478 (executing program) 1970/01/01 00:06:29 fetching corpus: 2298, signal 96808/99587 (executing program) 1970/01/01 00:06:30 fetching corpus: 2348, signal 97607/99682 (executing program) 1970/01/01 00:06:33 fetching corpus: 2397, signal 98170/99741 (executing program) 1970/01/01 00:06:35 fetching corpus: 2447, signal 98703/99764 (executing program) 1970/01/01 00:06:36 fetching corpus: 2470, signal 98849/99764 (executing program) 1970/01/01 00:06:36 fetching corpus: 2470, signal 98849/99764 (executing program) 1970/01/01 00:08:10 starting 2 fuzzer processes 00:08:28 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000012b00)) 00:08:50 executing program 1: syz_open_dev$usbmon(&(0x7f0000000380)='/dev/usbmon#\x00', 0x0, 0x84701) [ 534.681726][ T3071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 534.781183][ T3071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 543.037492][ T3071] device hsr_slave_0 entered promiscuous mode [ 543.087160][ T3071] device hsr_slave_1 entered promiscuous mode [ 546.761589][ T3071] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 546.881086][ T3071] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 546.984242][ T3071] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 547.163413][ T3071] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 557.557784][ T3071] 8021q: adding VLAN 0 to HW filter on device bond0 [ 557.819288][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 557.881419][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 564.126804][ T3151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 564.206937][ T3151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 564.857698][ T3151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 564.908632][ T3151] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 565.049776][ T3230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 565.145438][ T3230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 565.748877][ T3151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 565.949653][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 566.569749][ T3184] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 566.628515][ T3184] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 566.807962][ T3274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 566.840614][ T3274] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 567.033810][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 568.031065][ T3184] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 568.047295][ T3184] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 575.397755][ T3230] device hsr_slave_0 entered promiscuous mode [ 575.442998][ T3230] device hsr_slave_1 entered promiscuous mode [ 575.488029][ T3230] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 575.492958][ T3230] Cannot create hsr debugfs directory [ 579.969036][ T3230] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 580.351739][ T3230] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 580.483467][ T3230] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 580.588426][ T3230] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 582.263217][ T3151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 582.290781][ T3151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 588.936645][ T3274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 588.952121][ T3274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 589.111118][ T1939] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 589.200564][ T1939] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 589.293603][ T3230] 8021q: adding VLAN 0 to HW filter on device bond0 [ 589.410028][ T3071] device veth0_vlan entered promiscuous mode [ 590.100331][ T3071] device veth1_vlan entered promiscuous mode [ 590.342602][ T3151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 590.399358][ T3151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 591.604116][ T3071] device veth0_macvtap entered promiscuous mode [ 591.873842][ T3071] device veth1_macvtap entered promiscuous mode [ 592.193522][ T3151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 592.300170][ T3151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 592.369045][ T3151] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 592.461048][ T3151] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 592.922142][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 592.983781][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 593.193264][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 593.243143][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 593.523687][ T3071] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.542635][ T3071] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.546791][ T3071] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 593.548355][ T3071] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 596.486793][ T3071] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 597.883438][ T3274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 597.942782][ T3274] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 598.060987][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 598.127381][ T3355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 598.292764][ T3377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 598.423464][ T3377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 599.779034][ T3506] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 599.793476][ T3230] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 599.900294][ T3230] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 600.091949][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 600.122260][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 600.228691][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 600.263829][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 600.381178][ T3377] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 601.146475][ T3506] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 601.472734][ T3184] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 601.479153][ T3184] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 00:10:02 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000012b00)) [ 606.138149][ T3520] EXT4-fs (loop0): VFS: Can't find ext4 filesystem 00:10:07 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000012b00)) [ 612.849356][ T3529] EXT4-fs (loop0): VFS: Can't find ext4 filesystem 00:10:14 executing program 0: syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000012b00)) [ 617.887319][ T3538] EXT4-fs (loop0): VFS: Can't find ext4 filesystem [ 618.608558][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 618.653102][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 627.768930][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 627.832891][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 627.914209][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 627.947993][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 628.106247][ T3230] device veth0_vlan entered promiscuous mode [ 628.468712][ T3230] device veth1_vlan entered promiscuous mode [ 629.647220][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 629.692723][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 629.970068][ T3230] device veth0_macvtap entered promiscuous mode [ 630.073922][ T3230] device veth1_macvtap entered promiscuous mode [ 630.229864][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 630.277243][ T1937] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 630.676341][ T3274] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 630.703334][ T3274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 631.023163][ T3274] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 631.053504][ T3274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 631.259741][ T3230] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 631.261712][ T3230] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 631.263448][ T3230] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 631.269820][ T3230] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 00:10:34 executing program 1: syz_open_dev$usbmon(&(0x7f0000000380)='/dev/usbmon#\x00', 0x0, 0x84701) 00:10:34 executing program 0: clock_settime(0x1, 0x0) 00:10:36 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f00000006c0)) 00:10:39 executing program 1: syz_open_dev$usbmon(&(0x7f0000000380)='/dev/usbmon#\x00', 0x0, 0x84701) 00:10:40 executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$sock_ifreq(r0, 0x891e, &(0x7f0000000dc0)={'tunl0\x00', @ifru_settings={0x0, 0x0, @te1=0x0}}) 00:10:43 executing program 1: syz_open_dev$usbmon(&(0x7f0000000380)='/dev/usbmon#\x00', 0x0, 0x84701) 00:10:44 executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001ac0)='/dev/sequencer2\x00', 0x0, 0x0) 00:10:48 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0)='l2tp\x00', 0xffffffffffffffff) 00:10:48 executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001ac0)='/dev/sequencer2\x00', 0x0, 0x0) 00:10:51 executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001ac0)='/dev/sequencer2\x00', 0x0, 0x0) 00:10:52 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0)='l2tp\x00', 0xffffffffffffffff) 00:10:55 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0)='l2tp\x00', 0xffffffffffffffff) 00:10:56 executing program 0: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001ac0)='/dev/sequencer2\x00', 0x0, 0x0) 00:10:59 executing program 1: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0)='l2tp\x00', 0xffffffffffffffff) 00:11:02 executing program 0: r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_GETBLKSIZE(r0, 0xc0045004, &(0x7f0000000080)) 00:11:06 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000180), &(0x7f0000000200)=0x4) 00:11:09 executing program 0: r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_GETBLKSIZE(r0, 0xc0045004, &(0x7f0000000080)) 00:11:09 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000180), &(0x7f0000000200)=0x4) 00:11:13 executing program 0: r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_GETBLKSIZE(r0, 0xc0045004, &(0x7f0000000080)) 00:11:14 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000180), &(0x7f0000000200)=0x4) 00:11:17 executing program 0: r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_GETBLKSIZE(r0, 0xc0045004, &(0x7f0000000080)) 00:11:18 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000180), &(0x7f0000000200)=0x4) 00:11:22 executing program 1: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000b40)='/proc/self/net/pfkey\x00', 0x212200, 0x0) 00:11:24 executing program 0: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/vcsa\x00', 0x0, 0x0) splice(r0, &(0x7f0000000540), r0, &(0x7f0000000580), 0x1f, 0x0) 00:11:27 executing program 1: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000b40)='/proc/self/net/pfkey\x00', 0x212200, 0x0) 00:11:27 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000000)={'IDLETIMER\x00'}, &(0x7f0000000040)=0x1e) 00:11:32 executing program 1: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000b40)='/proc/self/net/pfkey\x00', 0x212200, 0x0) 00:11:33 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x1, 0x0) close(r0) [ 698.286111][ C0] hrtimer: interrupt took 2097100 ns 00:11:36 executing program 1: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000b40)='/proc/self/net/pfkey\x00', 0x212200, 0x0) 00:11:38 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x1, 0x0) close(r0) 00:11:42 executing program 1: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) accept4(r0, 0x0, 0x0, 0x180800) 00:11:43 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x1, 0x0) close(r0) 00:11:45 executing program 1: r0 = socket$inet(0x2, 0xa, 0x0) accept(r0, 0x0, 0x0) 00:11:46 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x1, 0x0) close(r0) [ 709.794066][ T3619] syz-executor.1 uses obsolete (PF_INET,SOCK_PACKET) 00:11:50 executing program 1: r0 = socket$inet(0x2, 0xa, 0x0) accept(r0, 0x0, 0x0) 00:11:51 executing program 0: bpf$LINK_DETACH(0x22, 0x0, 0x0) 00:11:54 executing program 1: r0 = socket$inet(0x2, 0xa, 0x0) accept(r0, 0x0, 0x0) 00:11:54 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001680)='/dev/vhost-net\x00', 0x2, 0x0) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) dup3(r1, r0, 0x0) write$vhost_msg(r0, &(0x7f0000000440)={0x1, {0x0, 0x0, 0x0}}, 0x48) 00:11:58 executing program 1: r0 = socket$inet(0x2, 0xa, 0x0) accept(r0, 0x0, 0x0) 00:11:58 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001680)='/dev/vhost-net\x00', 0x2, 0x0) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) dup3(r1, r0, 0x0) write$vhost_msg(r0, &(0x7f0000000440)={0x1, {0x0, 0x0, 0x0}}, 0x48) 00:12:02 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001680)='/dev/vhost-net\x00', 0x2, 0x0) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) dup3(r1, r0, 0x0) write$vhost_msg(r0, &(0x7f0000000440)={0x1, {0x0, 0x0, 0x0}}, 0x48) 00:12:02 executing program 1: bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) 00:12:06 executing program 1: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001980)='/dev/autofs\x00', 0x0, 0x0) fdatasync(r0) 00:12:06 executing program 0: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001680)='/dev/vhost-net\x00', 0x2, 0x0) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) dup3(r1, r0, 0x0) write$vhost_msg(r0, &(0x7f0000000440)={0x1, {0x0, 0x0, 0x0}}, 0x48) 00:12:12 executing program 1: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x107203, 0x0) 00:12:13 executing program 0: mq_open(&(0x7f0000004080)='frag\x00', 0x0, 0x0, 0x0) 00:12:16 executing program 0: mq_open(&(0x7f0000004080)='frag\x00', 0x0, 0x0, 0x0) 00:12:18 executing program 1: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x107203, 0x0) 00:12:19 executing program 0: mq_open(&(0x7f0000004080)='frag\x00', 0x0, 0x0, 0x0) 00:12:23 executing program 1: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x107203, 0x0) 00:12:24 executing program 0: mq_open(&(0x7f0000004080)='frag\x00', 0x0, 0x0, 0x0) 00:12:27 executing program 0: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 00:12:28 executing program 1: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x107203, 0x0) 00:12:30 executing program 0: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 00:12:34 executing program 0: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 00:12:36 executing program 1: munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000ffc000/0x1000)=nil) 00:12:38 executing program 0: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 00:12:38 executing program 1: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:12:42 executing program 1: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:12:43 executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:12:45 executing program 1: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:12:46 executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:12:49 executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:12:49 executing program 1: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 00:12:54 executing program 0: r0 = socket$nl_rdma(0x10, 0x3, 0x14) ioctl$SIOCGSTAMP(r0, 0x8903, 0x0) 00:12:54 executing program 1: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001ac0)='/dev/sequencer2\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) [ 777.218314][ T3684] Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000000000000 [ 777.232104][ T3684] Oops [#1] [ 777.232928][ T3684] Modules linked in: [ 777.233926][ T3684] CPU: 0 PID: 3684 Comm: syz-executor.0 Not tainted 5.12.0-rc2-syzkaller #0 [ 777.236100][ T3684] Hardware name: riscv-virtio,qemu (DT) [ 777.237681][ T3684] epc : sock_ioctl+0x4c4/0x66c [ 777.238938][ T3684] ra : sock_ioctl+0x4c4/0x66c [ 777.240013][ T3684] epc : ffffffe0020e2068 ra : ffffffe0020e2068 sp : ffffffe007823da0 [ 777.242064][ T3684] gp : ffffffe004588910 tp : ffffffe007962f80 t0 : 0000000000000000 [ 777.243272][ T3684] t1 : 0000000000000001 t2 : 00000000000f4240 s0 : ffffffe007823e30 [ 777.244896][ T3684] s1 : 0000000000040000 a0 : 0000000000000000 a1 : 0000000000000007 [ 777.246158][ T3684] a2 : 1ffffffc00f2c5f0 a3 : ffffffe002a8f8e6 a4 : 0000000000000000 [ 777.247322][ T3684] a5 : 0000000000000000 a6 : 0000000000f00000 a7 : ffffffe000084ac8 [ 777.248572][ T3684] s2 : 0000000000000000 s3 : 0000000000008902 s4 : 0000000000000000 [ 777.250187][ T3684] s5 : ffffffe00458c0d0 s6 : ffffffe00ce91500 s7 : ffffffe00cc90000 [ 777.251399][ T3684] s8 : 0000000000008903 s9 : ffffffe00ce915c0 s10: 0000000000000000 [ 777.252853][ T3684] s11: 0000000000020000 t3 : b786b938b06ec200 t4 : ffffffc403a8b7b2 [ 777.253960][ T3684] t5 : ffffffc403a8b7ba t6 : 0000000000040000 [ 777.255438][ T3684] status: 0000000000000120 badaddr: 0000000000000000 cause: 000000000000000f [ 777.256955][ T3684] Call Trace: [ 777.257669][ T3684] [] sock_ioctl+0x4c4/0x66c [ 777.259512][ T3684] [] sys_ioctl+0x5c2/0xd56 [ 777.260708][ T3684] [] ret_from_syscall+0x0/0x2 [ 777.276680][ T3684] ---[ end trace 52ee0ef836a3ae81 ]--- [ 777.279322][ T3684] Kernel panic - not syncing: Fatal exception [ 777.280577][ T3684] SMP: stopping secondary CPUs [ 777.282317][ T3684] Rebooting in 86400 seconds.. VM DIAGNOSIS: 00:24:16 Registers: info registers vcpu 0 pc ffffffe000087ade mhartid 0000000000000000 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffe00000542c mepc ffffffe0001d09e6 sepc ffffffe0000054fa mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffe000087ade x2/sp ffffffe01d45b990 x3/gp ffffffe004588910 x4/tp ffffffe005ee0000 x5/t0 0000000000046000 x6/t1 6982105b76cfa000 x7/t2 0000000000000003 x8/s0 ffffffe01d45b9e0 x9/s1 ffffffe067d54e80 x10/a0 0000000000000001 x11/a1 00000000000f0000 x12/a2 0000000000010001 x13/a3 0000000000000000 x14/a4 0000000000000001 x15/a5 ffffffe067d43840 x16/a6 0000000000f00000 x17/a7 a9fc201df6600000 x18/s2 ffffffe002e38e80 x19/s3 0000000000000000 x20/s4 ffffffe005ee0000 x21/s5 ffffffe067d558a8 x22/s6 ffffffe0045896a0 x23/s7 ffffffe0050495a8 x24/s8 ffffffe067d54e98 x25/s9 ffffffe067d48a40 x26/s10 ffffffe067d48100 x27/s11 ffffffe00013bc88 x28/t3 b786b938b06ec200 x29/t4 ffffffc400a08107 x30/t5 ffffffc400a0810e x31/t6 00000001d337a7d7 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffe0000c9910 mhartid 0000000000000001 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffe00000542c mepc ffffffe0003ba9ac sepc ffffffe002a9604c mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffe002a8ae26 x2/sp ffffffe0205c73d0 x3/gp ffffffe004588910 x4/tp ffffffe009bfaf80 x5/t0 0000000000046000 x6/t1 0000000000000001 x7/t2 ffffffffbe029b34 x8/s0 ffffffe0205c73e0 x9/s1 0000000000001000 x10/a0 0000000000000120 x11/a1 ffffffffffffffff x12/a2 1ffffffc0137f5f1 x13/a3 ffffffe0001005e4 x14/a4 0000000000010004 x15/a5 0000000000000000 x16/a6 0000000000f00000 x17/a7 ffffffe000997c00 x18/s2 ffffffe067d65118 x19/s3 ffffffe00432b2b8 x20/s4 ffffffe00458c0d0 x21/s5 ffffffe002e27840 x22/s6 ffffffffffffffff x23/s7 ffffffe067d65368 x24/s8 ffffffe0050495a8 x25/s9 ffffffe067d65268 x26/s10 ffffffe067d65160 x27/s11 ffffffe067d65148 x28/t3 b786b938b06ec200 x29/t4 ffffffc400b16f67 x30/t5 ffffffc400b16f6f x31/t6 ffffffe0060ec026 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000