syzkaller login: [ 239.957152][ T2894] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 239.993275][ T2894] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 240.093854][ T2894] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. [ 240.153841][ T2894] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'. Warning: Permanently added '[localhost]:64616' (ECDSA) to the list of known hosts. 1970/01/01 00:04:40 fuzzer started 1970/01/01 00:04:51 dialing manager at localhost:43611 1970/01/01 00:04:55 syscalls: 2768 1970/01/01 00:04:55 code coverage: enabled 1970/01/01 00:04:55 comparison tracing: enabled 1970/01/01 00:04:55 extra coverage: enabled 1970/01/01 00:04:55 setuid sandbox: enabled 1970/01/01 00:04:55 namespace sandbox: enabled 1970/01/01 00:04:55 Android sandbox: /sys/fs/selinux/policy does not exist 1970/01/01 00:04:55 fault injection: enabled 1970/01/01 00:04:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 1970/01/01 00:04:55 net packet injection: enabled 1970/01/01 00:04:55 net device setup: enabled 1970/01/01 00:04:55 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 1970/01/01 00:04:55 devlink PCI setup: PCI device 0000:00:10.0 is not available 1970/01/01 00:04:55 USB emulation: enabled 1970/01/01 00:04:55 hci packet injection: /dev/vhci does not exist 1970/01/01 00:04:55 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist 1970/01/01 00:04:55 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist 1970/01/01 00:05:00 fetching corpus: 50, signal 19135/20776 (executing program) 1970/01/01 00:05:04 fetching corpus: 100, signal 29500/32405 (executing program) 1970/01/01 00:05:08 fetching corpus: 150, signal 37558/41478 (executing program) 1970/01/01 00:05:10 fetching corpus: 200, signal 40050/45117 (executing program) 1970/01/01 00:05:12 fetching corpus: 250, signal 43259/49243 (executing program) 1970/01/01 00:05:14 fetching corpus: 300, signal 44853/51859 (executing program) 1970/01/01 00:05:17 fetching corpus: 350, signal 46969/54844 (executing program) 1970/01/01 00:05:19 fetching corpus: 400, signal 49561/58152 (executing program) 1970/01/01 00:05:22 fetching corpus: 450, signal 51500/60866 (executing program) 1970/01/01 00:05:24 fetching corpus: 500, signal 53562/63617 (executing program) 1970/01/01 00:05:27 fetching corpus: 550, signal 55195/65945 (executing program) 1970/01/01 00:05:29 fetching corpus: 600, signal 57069/68441 (executing program) 1970/01/01 00:05:31 fetching corpus: 650, signal 58352/70353 (executing program) 1970/01/01 00:05:33 fetching corpus: 700, signal 59849/72326 (executing program) 1970/01/01 00:05:35 fetching corpus: 750, signal 61853/74705 (executing program) 1970/01/01 00:05:38 fetching corpus: 800, signal 63203/76521 (executing program) 1970/01/01 00:05:40 fetching corpus: 850, signal 64643/78363 (executing program) 1970/01/01 00:05:42 fetching corpus: 900, signal 65986/80048 (executing program) 1970/01/01 00:05:44 fetching corpus: 950, signal 67188/81652 (executing program) 1970/01/01 00:05:46 fetching corpus: 1000, signal 67755/82742 (executing program) 1970/01/01 00:05:48 fetching corpus: 1050, signal 69059/84286 (executing program) 1970/01/01 00:05:50 fetching corpus: 1100, signal 69859/85440 (executing program) 1970/01/01 00:05:52 fetching corpus: 1150, signal 72075/87424 (executing program) 1970/01/01 00:05:54 fetching corpus: 1200, signal 73003/88594 (executing program) 1970/01/01 00:05:57 fetching corpus: 1250, signal 74248/89914 (executing program) 1970/01/01 00:05:59 fetching corpus: 1300, signal 75672/91258 (executing program) 1970/01/01 00:06:01 fetching corpus: 1350, signal 76660/92363 (executing program) 1970/01/01 00:06:03 fetching corpus: 1400, signal 77653/93508 (executing program) 1970/01/01 00:06:05 fetching corpus: 1450, signal 78443/94484 (executing program) 1970/01/01 00:06:07 fetching corpus: 1500, signal 79220/95382 (executing program) 1970/01/01 00:06:10 fetching corpus: 1550, signal 80058/96265 (executing program) 1970/01/01 00:06:12 fetching corpus: 1600, signal 81457/97335 (executing program) 1970/01/01 00:06:14 fetching corpus: 1650, signal 83622/98702 (executing program) 1970/01/01 00:06:16 fetching corpus: 1700, signal 84039/99303 (executing program) 1970/01/01 00:06:18 fetching corpus: 1750, signal 84852/100071 (executing program) 1970/01/01 00:06:21 fetching corpus: 1800, signal 85851/100814 (executing program) 1970/01/01 00:06:24 fetching corpus: 1850, signal 86776/101523 (executing program) 1970/01/01 00:06:26 fetching corpus: 1900, signal 87506/102161 (executing program) 1970/01/01 00:06:28 fetching corpus: 1927, signal 87817/102637 (executing program) 1970/01/01 00:06:28 fetching corpus: 1927, signal 87817/102999 (executing program) 1970/01/01 00:06:28 fetching corpus: 1927, signal 87817/103376 (executing program) 1970/01/01 00:06:28 fetching corpus: 1927, signal 87817/103796 (executing program) 1970/01/01 00:06:28 fetching corpus: 1927, signal 87817/104157 (executing program) 1970/01/01 00:06:28 fetching corpus: 1927, signal 87817/104534 (executing program) 1970/01/01 00:06:29 fetching corpus: 1927, signal 87817/104927 (executing program) 1970/01/01 00:06:29 fetching corpus: 1927, signal 87817/105348 (executing program) 1970/01/01 00:06:29 fetching corpus: 1927, signal 87817/105744 (executing program) 1970/01/01 00:06:29 fetching corpus: 1927, signal 87817/106122 (executing program) 1970/01/01 00:06:29 fetching corpus: 1927, signal 87817/106526 (executing program) 1970/01/01 00:06:31 fetching corpus: 1927, signal 87817/106909 (executing program) 1970/01/01 00:06:31 fetching corpus: 1927, signal 87817/107282 (executing program) 1970/01/01 00:06:31 fetching corpus: 1927, signal 87817/107663 (executing program) 1970/01/01 00:06:32 fetching corpus: 1927, signal 87817/108030 (executing program) 1970/01/01 00:06:32 fetching corpus: 1927, signal 87817/108426 (executing program) 1970/01/01 00:06:32 fetching corpus: 1927, signal 87817/108486 (executing program) 1970/01/01 00:06:32 fetching corpus: 1927, signal 87817/108486 (executing program) 1970/01/01 00:08:12 starting 2 fuzzer processes 00:08:32 executing program 0: read(0xffffffffffffffff, &(0x7f0000000000)=""/112, 0x70) ioctl$HIDIOCGREPORTINFO(0xffffffffffffffff, 0xc00c4809, &(0x7f0000000080)={0x2, 0x200, 0x800}) r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, &(0x7f00000001c0)=0x1c) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f0000000280)={'ip6tnl0\x00', &(0x7f0000000200)={'ip6gre0\x00', 0x0, 0x29, 0x0, 0x80, 0x7, 0x8, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @local, 0x10, 0x80, 0x400, 0x8}}) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f00000002c0)={@private0={0xfc, 0x0, [], 0xc0}, 0x3c, r1}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x1, 0x0, 0x6, 0x0, &(0x7f0000000300)="55ff8e5445fca877cf6a95a2a5d515d35c10875e61fd456f2eaa76fbd266033b2d5c3e4c571d485ddfa1eefeaee0a21c3999d38612060fbf6e395c1bc87750f1ba0ae0213e35270b58eedd71c2383e46725e2e743ab8936ec32be6ccd358a4a1ed872b1867b4d1020ebd3fe5c611d11a35e3110e7324d13a4645f1333a590fa01040678207690f0397c00b33708acb759d45648f0878842afc672cab21f9f17f1e94a333ea3a58a061e679a154a38bf97958de6503ce907c7f88dbf0a16d79559c2e1f4a98229c5ed57176372a816a4a11d18f1540f11c13c6", 0x7, 0x0, 0x0, {0x1}}, 0x5a) r2 = socket$alg(0x26, 0x5, 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000440)) setsockopt$inet6_tcp_int(r0, 0x6, 0x7, &(0x7f0000000480)=0x9, 0x4) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r3, 0x8982, &(0x7f00000004c0)) sendmsg$NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x28, 0x0, 0x400, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x67}, @void, @val={0xc, 0x99, {0x3, 0x13}}}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x28}}, 0x4000004) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000600)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) connect$unix(r4, &(0x7f0000000640)=@file={0x0, './file0\x00'}, 0x6e) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x3800006, 0x100010, r4, 0x8000000) syz_genetlink_get_family_id$batadv(&(0x7f00000006c0)='batadv\x00', 0xffffffffffffffff) r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000700)='/dev/vcsa\x00', 0x54c40, 0x0) sendmsg$NL80211_CMD_SET_NOACK_MAP(r5, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000800)={&(0x7f0000000780)={0x68, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x7fffffff, 0x65}}}}, [@NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x3ff}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x4}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x6}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x5}, @NL80211_ATTR_NOACK_MAP={0x6}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x7fff}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x9}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x5}, @NL80211_ATTR_NOACK_MAP={0x6, 0x95, 0x1}]}, 0x68}, 0x1, 0x0, 0x0, 0x4048800}, 0x1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r5, &(0x7f0000000a00)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000900)={0x84, 0x0, 0x200, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x6, 0x33}}}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "c8ec0560120f2a9ddf4d25d8ef05b7f6"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_SSID={0xf, 0x34, @random="37f1e39e60b339bcdca1e0"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_SSID={0x12, 0x34, @random="839b5318cf2952f6c8b319a0d5c3"}]}, 0x84}, 0x1, 0x0, 0x0, 0x4000800}, 0x40) 00:09:31 executing program 1: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x200100, 0x0) ioctl$TIOCEXCL(r0, 0x540c) r1 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x7, 0xa04301) ioctl$BTRFS_IOC_INO_LOOKUP(r1, 0xd0009412, &(0x7f0000000080)) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000001080)) r2 = mq_open(&(0x7f00000010c0)='/dev/midi#\x00', 0x40, 0x100, &(0x7f0000001100)={0x100000000, 0x4, 0x1, 0x1}) finit_module(r2, &(0x7f0000001140)='+\x00', 0x0) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000001180)='/dev/dlm-monitor\x00', 0x103000, 0x0) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r2) r4 = pidfd_getfd(r0, r3, 0x0) ftruncate(r4, 0x200) mmap$snddsp(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x300000f, 0x10010, r3, 0xd000) bind(r0, &(0x7f00000011c0)=@rc={0x1f, @any, 0x9}, 0x80) r5 = socket$alg(0x26, 0x5, 0x0) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000001240)=0x1000, 0x4) r6 = syz_io_uring_complete(0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000001280)='SEG6\x00', r6) ioctl$int_in(r2, 0x5452, &(0x7f00000012c0)=0x100) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001480)={0x18, 0x9, &(0x7f0000001300)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x7}, @jmp={0x5, 0x0, 0x3, 0x2, 0x3, 0x100, 0xffffffffffffffff}, @alu={0x7, 0x1, 0x0, 0x9, 0xb, 0xfffffffffffffff0, 0xffffffffffffffff}, @ldst={0x3, 0x1, 0x6, 0x1, 0x4, 0x100, 0x1}, @generic={0xff, 0x1, 0xc, 0x0, 0x2}, @jmp={0x5, 0x0, 0x8a8b2c94e9703e35, 0xf, 0x1, 0xfffffffffffffff4, 0x1}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x20}], &(0x7f0000001380)='GPL\x00', 0x2, 0x3e, &(0x7f00000013c0)=""/62, 0x41000, 0x1, [], 0x0, 0x0, r0, 0x8, &(0x7f0000001400)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000001440)={0x4, 0x10, 0x0, 0x3}, 0x10}, 0x78) ioctl$F2FS_IOC_DEFRAGMENT(r7, 0xc010f508, &(0x7f0000001500)={0x4, 0x3}) [ 581.628563][ T3070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 582.192248][ T3070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 604.010595][ T3070] device hsr_slave_0 entered promiscuous mode [ 604.151916][ T3070] device hsr_slave_1 entered promiscuous mode [ 622.121307][ T3070] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 622.983162][ T3070] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 623.403672][ T3070] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 624.673755][ T3070] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 662.014477][ C1] hrtimer: interrupt took 30147800 ns [ 662.820057][ T3070] 8021q: adding VLAN 0 to HW filter on device bond0 [ 664.651789][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 664.933754][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 678.077641][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 678.133359][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 678.203196][ T3221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 678.394719][ T3221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 678.733609][ T2708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 678.774178][ T2708] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 679.407971][ T3345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 679.590168][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 680.211386][ T2708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 680.284283][ T2708] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 680.799755][ T3070] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 681.243654][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 681.284377][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 681.707070][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 681.711311][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 688.269854][ T3221] device hsr_slave_0 entered promiscuous mode [ 688.319793][ T3221] device hsr_slave_1 entered promiscuous mode [ 688.361898][ T3221] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 688.370117][ T3221] Cannot create hsr debugfs directory [ 693.212985][ T3221] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 693.353321][ T3221] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 693.480395][ T3221] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 693.672349][ T3221] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 695.010455][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 695.044556][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 701.728287][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 701.818035][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 701.940990][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 701.979700][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 702.069818][ T3070] device veth0_vlan entered promiscuous mode [ 702.690525][ T3070] device veth1_vlan entered promiscuous mode [ 704.190309][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 704.253727][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 704.540690][ T3070] device veth0_macvtap entered promiscuous mode [ 704.784568][ T3221] 8021q: adding VLAN 0 to HW filter on device bond0 [ 705.022255][ T3070] device veth1_macvtap entered promiscuous mode [ 705.273751][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 705.781019][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 705.840888][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 706.479337][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 706.541649][ T3227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 706.872099][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 706.939665][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 707.183907][ T3070] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.211305][ T3070] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.213227][ T3070] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.234159][ T3070] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 710.739840][ T3070] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 714.562816][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 714.602295][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 714.938363][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 715.007178][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 715.353850][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 715.704298][ T2708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 717.234012][ T3120] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 718.413407][ T3120] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 719.220621][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 719.243579][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 719.728863][ T3120] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 720.059359][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 720.130678][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 720.807296][ T3120] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 721.220078][ T3221] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 723.421702][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 723.429009][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 733.559135][ T3120] device hsr_slave_0 left promiscuous mode [ 733.711059][ T3120] device hsr_slave_1 left promiscuous mode [ 734.042303][ T3120] device veth1_macvtap left promiscuous mode [ 734.063286][ T3120] device veth0_macvtap left promiscuous mode [ 734.128752][ T3120] device veth1_vlan left promiscuous mode [ 734.134152][ T3120] device veth0_vlan left promiscuous mode [ 746.052288][ T3120] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 746.247438][ T3120] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 748.483153][ T3120] bond0 (unregistering): Released all slaves [ 760.771210][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 760.834350][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 771.582769][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 771.634513][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 771.769195][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 771.849329][ T3101] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 771.954008][ T3221] device veth0_vlan entered promiscuous mode [ 772.527534][ T3221] device veth1_vlan entered promiscuous mode [ 773.856963][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 773.884306][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 774.683128][ T3221] device veth0_macvtap entered promiscuous mode [ 775.693902][ T3221] device veth1_macvtap entered promiscuous mode [ 786.174542][ T3536] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 786.418345][ T3536] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 797.152454][ T24] device hsr_slave_0 left promiscuous mode [ 797.201668][ T24] device hsr_slave_1 left promiscuous mode [ 797.414667][ T24] device veth1_macvtap left promiscuous mode [ 797.439644][ T24] device veth0_macvtap left promiscuous mode [ 797.443366][ T24] device veth1_vlan left promiscuous mode [ 797.468613][ T24] device veth0_vlan left promiscuous mode [ 806.931793][ T24] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 807.246467][ T24] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 809.071068][ T24] bond0 (unregistering): Released all slaves [ 814.531750][ T3536] device hsr_slave_0 entered promiscuous mode [ 814.598278][ T3536] device hsr_slave_1 entered promiscuous mode [ 834.824638][ T3536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 836.002990][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 836.083872][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 842.420230][ T3724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 842.562923][ T3724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 845.113438][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 845.164249][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 845.348161][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 845.372961][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 845.659543][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 846.820771][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 846.899664][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 846.922477][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 847.219058][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 847.301482][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 847.607715][ T3536] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 848.569153][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 848.607600][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 856.319453][ T3724] device hsr_slave_0 entered promiscuous mode [ 856.369080][ T3724] device hsr_slave_1 entered promiscuous mode [ 856.443988][ T3724] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 856.448793][ T3724] Cannot create hsr debugfs directory [ 872.202660][ T3724] 8021q: adding VLAN 0 to HW filter on device bond0 [ 873.234633][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 873.308888][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 874.553488][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 874.610509][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 881.193101][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 881.234554][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 881.582555][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 881.647613][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 881.960491][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 882.287192][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 883.438340][ T3345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 883.501314][ T3345] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 883.780898][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 883.884098][ T1936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 884.001703][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 884.051876][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 884.112850][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 884.162140][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 884.351577][ T3536] device veth0_vlan entered promiscuous mode [ 884.430422][ T3724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 885.093439][ T3536] device veth1_vlan entered promiscuous mode [ 885.964567][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 885.970094][ T3508] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 887.242362][ T3345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 887.302405][ T3345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 887.652715][ T3536] device veth0_macvtap entered promiscuous mode [ 888.003270][ T3536] device veth1_macvtap entered promiscuous mode [ 888.333763][ T3407] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 889.164030][ T3345] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 889.200219][ T3345] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 890.078377][ T3345] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 890.131272][ T3345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 895.864465][ T4051] Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000020000440 [ 895.913088][ T4051] Oops [#1] [ 895.914074][ T4051] Modules linked in: [ 895.915314][ T4051] CPU: 0 PID: 4051 Comm: syz-executor.0 Not tainted 5.12.0-rc2-syzkaller-00474-ga5406a7ff56e #0 [ 895.917032][ T4051] Hardware name: riscv-virtio,qemu (DT) [ 895.918243][ T4051] epc : sock_ioctl+0x4c4/0x66c [ 895.919613][ T4051] ra : sock_ioctl+0x4c4/0x66c [ 895.920836][ T4051] epc : ffffffe0020e2068 ra : ffffffe0020e2068 sp : ffffffe00c613da0 [ 895.922089][ T4051] gp : ffffffe004588910 tp : ffffffe00c59c740 t0 : 0000000000000000 [ 895.923318][ T4051] t1 : 0000000000000001 t2 : 00000000000f4240 s0 : ffffffe00c613e30 [ 895.924598][ T4051] s1 : 0000000000040000 a0 : 0000000000000000 a1 : 0000000000000007 [ 895.926569][ T4051] a2 : 1ffffffc018b38e8 a3 : ffffffe002a8f8e6 a4 : 0000000000000000 [ 895.927826][ T4051] a5 : 0000000000000000 a6 : 0000000000f00000 a7 : ffffffe000084ac8 [ 895.929880][ T4051] s2 : 0000000000000000 s3 : 0000000000008902 s4 : 0000000020000440 [ 895.931120][ T4051] s5 : ffffffe00458c0d0 s6 : ffffffe00d115500 s7 : ffffffe00d79b900 [ 895.932345][ T4051] s8 : 0000000000008903 s9 : ffffffe00d1155c0 s10: 0000000000000000 [ 895.933571][ T4051] s11: 0000000000020000 t3 : 56c37ca58116a900 t4 : ffffffc4038dc7b2 [ 895.934985][ T4051] t5 : ffffffc4038dc7ba t6 : 0000000000040000 [ 895.936255][ T4051] status: 0000000000000120 badaddr: 0000000020000440 cause: 000000000000000f [ 895.937630][ T4051] Call Trace: [ 895.938449][ T4051] [] sock_ioctl+0x4c4/0x66c [ 895.940052][ T4051] [] sys_ioctl+0x5c2/0xd56 [ 895.941430][ T4051] [] ret_from_syscall+0x0/0x2 [ 895.996913][ T4051] ---[ end trace 2f4c5c54d905ae38 ]--- [ 895.999981][ T4051] Kernel panic - not syncing: Fatal exception [ 896.001231][ T4051] SMP: stopping secondary CPUs [ 896.002958][ T4051] Rebooting in 86400 seconds.. VM DIAGNOSIS: 20:44:21 Registers: info registers vcpu 0 pc ffffffe0003ba81c mhartid 0000000000000000 mstatus 00000000000000a0 mip 0000000000000080 mie 00000000000002aa mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffe00000542c mepc ffffffe00000e9d4 sepc 0000000000053684 mcause 0000000000000009 scause 0000000000000008 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffe000084c5c x2/sp ffffffe00e823a80 x3/gp ffffffe004588910 x4/tp ffffffe007980000 x5/t0 0000000000000000 x6/t1 0000000000006000 x7/t2 00000000000f4240 x8/s0 ffffffe00e823ad0 x9/s1 ffffffe067d54e80 x10/a0 ffffffe067d51700 x11/a1 0000000000000007 x12/a2 1ffffffc00a092b5 x13/a3 ffffffe000084c4c x14/a4 0000000000000000 x15/a5 ffffffe0050495a8 x16/a6 0000000000f00000 x17/a7 ffffffe0000c5d94 x18/s2 0000000000000000 x19/s3 ffffffe0071297c0 x20/s4 ffffffe067d51700 x21/s5 0000000000000001 x22/s6 ffffffe0050495a8 x23/s7 ffffffe0050495a8 x24/s8 ffffffe067d54e98 x25/s9 0000000000000000 x26/s10 ffffffe0074f6000 x27/s11 000000d096fcc968 x28/t3 56c37ca58116a900 x29/t4 ffffffc4038dc7b2 x30/t5 ffffffc4038dc7ba x31/t6 0000000000040000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 pc ffffffe0000d359e mhartid 0000000000000001 mstatus 00000000000001a0 mip 00000000000000a0 mie 000000000000020a mideleg 0000000000000222 medeleg 000000000000b109 mtvec 0000000080000540 stvec ffffffe00000542c mepc ffffffe0000c9910 sepc ffffffe0000c994e mcause 8000000000000007 scause 8000000000000005 mtval 0000000000000000 stval 0000000000000000 x0/zero 0000000000000000 x1/ra ffffffe0000d358a x2/sp ffffffe006b3b560 x3/gp ffffffe004588910 x4/tp ffffffe007014740 x5/t0 0000000000046000 x6/t1 0000000000000001 x7/t2 0000000000000018 x8/s0 ffffffe006b3b620 x9/s1 ffffffe002e27840 x10/a0 ffffffe067d60840 x11/a1 0000000000000003 x12/a2 1ffffffc0cfac108 x13/a3 ffffffe0000d358a x14/a4 0000000000000000 x15/a5 0000000000000120 x16/a6 0000000000f00000 x17/a7 ffffffe00013be2a x18/s2 ffffffe0050495a8 x19/s3 ffffffe067d60840 x20/s4 0000000000000001 x21/s5 0000000000000000 x22/s6 ffffffe00420b5d8 x23/s7 0000000000000000 x24/s8 0000000000000000 x25/s9 ffffffe00013be2a x26/s10 ffffffe00458c0d0 x27/s11 0000000000000000 x28/t3 56c37ca58116a900 x29/t4 0000000000000002 x30/t5 ffffffc403c7983a x31/t6 0000000000000007 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000