last executing test programs: 1h55m7.452060161s ago: executing program 0 (id=114): r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000007c0)=[{0x0}, {&(0x7f0000000740)=""/69, 0x45}], 0x2}, 0xd}], 0x1, 0x20, 0x0) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0xffe0) 1h55m2.413342743s ago: executing program 0 (id=116): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x1e3002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x0) ioctl$BLKFLSBUF(r0, 0x1261, 0x0) 1h54m51.837712216s ago: executing program 0 (id=118): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='sessionid\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000b40)=""/119, 0x77}], 0x1, 0x4f, 0x4e) 1h54m42.134835634s ago: executing program 0 (id=123): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e0001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_usb_connect(0x2, 0x0, 0x0, 0x0) 1h54m27.721557047s ago: executing program 0 (id=125): r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83) sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xf0, 0x32, 0x205, 0x70bd2d, 0x25dfdbfc, {}, [{0xc9}]}, 0xf0}, 0x1, 0x0, 0x0, 0x85}, 0x8000) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000)) mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103) 1h54m23.650053472s ago: executing program 0 (id=127): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x110b, 0x8000000000002}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f00000000c0)) 1h53m33.162269686s ago: executing program 32 (id=127): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x110b, 0x8000000000002}) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f00000000c0)) 3m4.75199834s ago: executing program 1 (id=1504): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000180)={0x14, 0x26, 0x1, 0x70bd25, 0x25dfdbfc, {0x7}}, 0x14}, 0x1, 0x0, 0x0, 0x2400c930}, 0x20048830) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x20008000) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x44, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, '\x00\x00\x00\x00'}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x9}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x44}}, 0x0) 2m50.473861771s ago: executing program 1 (id=1507): r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bond0\x00', 0x0}) setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r1, &(0x7f0000000280)={&(0x7f0000000440)=@xdp={0x2c, 0x0, r2, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}, {&(0x7f00000004c0)="f058050000007f8f", 0x300}], 0x2}, 0x5) 2m35.052205913s ago: executing program 1 (id=1510): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18) sendmsg$nl_route_sched_retired(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@deltclass={0x24, 0x29, 0x1, 0x70bd2d, 0x25dfdbf9, {0x0, 0x0, 0x0, 0x0, {0xffff, 0xffff}, {0x7, 0xd}, {0x7cceb53059bd106f, 0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x2004e811}, 0x4000050) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) 2m18.085809675s ago: executing program 1 (id=1512): r0 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) r2 = openat(r1, &(0x7f0000000340)='.\x00', 0x0, 0x0) lseek(r2, 0xfffffffffffffff9, 0x1) 2m4.738263528s ago: executing program 1 (id=1515): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x3) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a9646", 0x14, 0x6, 0x0, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000140)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8b0700", 0x18, 0x6, 0xff, @empty, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x4, 0x0, 0x0, 0x0, {[@generic={0xfe, 0x2}]}}}}}}}}, 0x0) 1m47.15865173s ago: executing program 1 (id=1518): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000080)=0x9, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 57.788445285s ago: executing program 33 (id=1518): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000080)=0x9, 0x4) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 56.685465286s ago: executing program 2 (id=1525): r0 = socket(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000000)="7800000018002507b9409b14ffff00000202be04200506050e130204430009003f0020480a0000000d0085a168d0bf46d32345653600648d27000b000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a3200040016000b000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) r1 = socket$inet6(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000019000100"], 0x2c}}, 0x0) sendto$inet6(r1, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 45.624953926s ago: executing program 2 (id=1526): mprotect(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x1) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000000c80)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aa00000000000000001c000000000000000000e8ff060000004404730001000000"], 0x40}, 0x0) read$char_usb(r1, &(0x7f0000000180)=""/147, 0xfdef) 30.786071216s ago: executing program 2 (id=1527): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r0, 0x7fc, 0x0) getdents64(r0, 0x0, 0x44) 19.174694507s ago: executing program 2 (id=1528): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @broadcast}, 0x10) sendto$inet(r0, &(0x7f0000000140)="ed", 0x1, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) shutdown(r0, 0x1) recvmmsg(r0, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}, 0x81}], 0x1, 0x10023, 0x0) 8.640290816s ago: executing program 2 (id=1529): mkdirat(0xffffffffffffff9c, &(0x7f00000007c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x21d000, 0x0) chroot(&(0x7f0000000140)='./file0/../file0\x00') pivot_root(&(0x7f00000002c0)='./file0/../file0/../file0\x00', &(0x7f00000000c0)='./file0/../file0/../file0\x00') 0s ago: executing program 2 (id=1530): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0x9, &(0x7f0000000100)=0xb3d, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x300, 0xfc}, 0x1c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[], 0x40}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:64420' (ED25519) to the list of known hosts. syzkaller login: [ 498.842056][ T3188] cgroup: Unknown subsys name 'net' [ 499.605270][ T3188] cgroup: Unknown subsys name 'cpuset' [ 499.786584][ T3188] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 582.640323][ T3188] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 712.191877][ T3195] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 712.796311][ T3195] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 712.877170][ T3197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 713.405651][ T3197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 726.836822][ T3195] hsr_slave_0: entered promiscuous mode [ 726.885463][ T3195] hsr_slave_1: entered promiscuous mode [ 730.188449][ T3197] hsr_slave_0: entered promiscuous mode [ 730.232852][ T3197] hsr_slave_1: entered promiscuous mode [ 730.257333][ T3197] debugfs: 'hsr0' already exists in 'hsr' [ 730.267304][ T3197] Cannot create hsr debugfs directory [ 738.387841][ T3195] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 738.570283][ T3195] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 738.765510][ T3195] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 739.216867][ T3195] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 741.244993][ T3197] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 741.360473][ T3197] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 741.604492][ T3197] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 741.694565][ T3197] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 755.418949][ T3195] 8021q: adding VLAN 0 to HW filter on device bond0 [ 755.836552][ T3197] 8021q: adding VLAN 0 to HW filter on device bond0 [ 803.068097][ T3195] veth0_vlan: entered promiscuous mode [ 803.532331][ T3195] veth1_vlan: entered promiscuous mode [ 805.762340][ T3195] veth0_macvtap: entered promiscuous mode [ 806.224495][ T3195] veth1_macvtap: entered promiscuous mode [ 808.459797][ T3197] veth0_vlan: entered promiscuous mode [ 809.416693][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.577696][ T3282] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.644679][ T3282] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.804620][ T3282] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 809.976482][ T3197] veth1_vlan: entered promiscuous mode [ 813.758789][ T3197] veth0_macvtap: entered promiscuous mode [ 814.368441][ T3197] veth1_macvtap: entered promiscuous mode [ 814.596746][ T3195] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 816.548645][ T975] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 816.615662][ T975] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 816.617364][ T975] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 816.618672][ T975] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.721820][ T3817] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2'. [ 836.690526][ T3829] faux_driver vgem: [drm] Unknown color mode 135165; guessing buffer size. [ 862.297235][ C1] IPv4: Oversized IP packet from 172.20.20.24 [ 956.200196][ T3928] netlink: 'syz.1.43': attribute type 13 has an invalid length. [ 956.227920][ T3928] netlink: 12 bytes leftover after parsing attributes in process `syz.1.43'. [ 956.326612][ T3928] macvtap0: refused to change device tx_queue_len [ 964.669039][ T3937] netlink: 32 bytes leftover after parsing attributes in process `syz.0.46'. [ 965.195313][ T3937] netlink: 32 bytes leftover after parsing attributes in process `syz.0.46'. [ 1021.975526][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 1071.450377][ T4015] netlink: 8 bytes leftover after parsing attributes in process `syz.0.76'. [ 1109.320069][ T4049] block nbd0: shutting down sockets [ 1114.658962][ T4058] Driver unsupported XDP return value 0 on prog (id 8) dev N/A, expect packet loss! [ 1149.618425][ T30] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1150.048252][ T30] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 1150.053707][ T30] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1150.055456][ T30] usb 1-1: Product: syz [ 1150.056727][ T30] usb 1-1: Manufacturer: syz [ 1150.058004][ T30] usb 1-1: SerialNumber: syz [ 1152.446326][ T30] rtl8150 1-1:1.0: couldn't reset the device [ 1152.489240][ T30] rtl8150 1-1:1.0: probe with driver rtl8150 failed with error -5 [ 1165.007313][ T3213] usb 1-1: USB disconnect, device number 2 [ 1189.753013][ T31] audit: type=1326 audit(1188.540:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4135 comm="syz.0.118" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb5733992 code=0x0 [ 1200.765339][ T4147] netlink: 12 bytes leftover after parsing attributes in process `syz.0.123'. [ 1201.938783][ T4147] netlink: 12 bytes leftover after parsing attributes in process `syz.0.123'. [ 1204.855712][ T4147] netlink: 12 bytes leftover after parsing attributes in process `syz.0.123'. [ 1282.917500][ T4197] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1284.579795][ T4197] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1285.928718][ T4197] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1287.168045][ T4197] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1299.420039][ T4197] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1299.549132][ T4197] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1299.735927][ T4197] bond0 (unregistering): Released all slaves [ 1301.883401][ T4197] hsr_slave_0: left promiscuous mode [ 1301.996382][ T4197] hsr_slave_1: left promiscuous mode [ 1302.711908][ T4197] veth1_macvtap: left promiscuous mode [ 1302.744659][ T4197] veth0_macvtap: left promiscuous mode [ 1302.754927][ T4197] veth1_vlan: left promiscuous mode [ 1302.758972][ T4197] veth0_vlan: left promiscuous mode [ 1323.386637][ T4239] netlink: 36 bytes leftover after parsing attributes in process `syz.1.149'. [ 1330.169087][ T4250] IPv6: addrconf: prefix option has invalid lifetime [ 1361.588925][ T4190] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1361.944821][ T4190] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1364.208518][ T4395] mmap: syz.1.155 (4395) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 1386.959902][ T4190] hsr_slave_0: entered promiscuous mode [ 1387.066867][ T4190] hsr_slave_1: entered promiscuous mode [ 1387.106434][ T4190] debugfs: 'hsr0' already exists in 'hsr' [ 1387.107669][ T4190] Cannot create hsr debugfs directory [ 1405.558434][ T4190] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1405.778901][ T4190] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1406.044906][ T4190] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1406.428399][ T4190] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1434.127321][ T4190] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1481.010139][ T4608] Zero length message leads to an empty skb [ 1498.268712][ T4625] hub 1-0:1.0: USB hub found [ 1498.468743][ T4625] hub 1-0:1.0: 1 port detected [ 1533.508914][ T4190] veth0_vlan: entered promiscuous mode [ 1534.516957][ T4190] veth1_vlan: entered promiscuous mode [ 1537.585279][ T4190] veth0_macvtap: entered promiscuous mode [ 1537.781407][ T4190] veth1_macvtap: entered promiscuous mode [ 1541.429564][ T4199] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1541.444441][ T4199] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1541.447536][ T4199] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1541.450133][ T4199] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1604.315772][ T4710] bond0: option mode: unable to set because the bond device has slaves [ 1610.348032][ T4715] fuse: Bad value for 'fd' [ 1610.663886][ T4714] ======================================================= [ 1610.663886][ T4714] WARNING: The mand mount option has been deprecated and [ 1610.663886][ T4714] and is ignored by this kernel. Remove the mand [ 1610.663886][ T4714] option from the mount to silence this warning. [ 1610.663886][ T4714] ======================================================= [ 1664.043693][ T4748] input: syz0 as /devices/virtual/input/input0 [ 1671.708457][ T4757] netlink: 'syz.1.211': attribute type 9 has an invalid length. [ 1689.438184][ T4767] netlink: 8 bytes leftover after parsing attributes in process `syz.2.214'. [ 1710.897687][ T4785] binder: 4784:4785 ioctl c0306201 200000000100 returned -14 [ 1746.177616][ T4805] input: syz0 as /devices/virtual/input/input1 [ 1789.603561][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 1790.035753][ T9] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1790.037495][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1790.305066][ T9] usb 2-1: config 0 descriptor?? [ 1790.490153][ T9] cp210x 2-1:0.0: cp210x converter detected [ 1792.336306][ T9] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 1792.339072][ T9] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 1792.935631][ T9] usb 2-1: cp210x converter now attached to ttyUSB0 [ 1793.266818][ T9] usb 2-1: USB disconnect, device number 2 [ 1793.898480][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1794.117785][ T9] cp210x 2-1:0.0: device disconnected [ 1845.776318][ T4892] netlink: 8 bytes leftover after parsing attributes in process `syz.2.252'. [ 1845.778707][ T4892] netlink: 'syz.2.252': attribute type 29 has an invalid length. [ 1845.780545][ T4892] netlink: 4 bytes leftover after parsing attributes in process `syz.2.252'. [ 1879.406818][ T4909] pimreg: entered allmulticast mode [ 1879.485412][ T4910] pimreg: left allmulticast mode [ 1927.648180][ T4940] hub 1-0:1.0: USB hub found [ 1927.722301][ T4940] hub 1-0:1.0: 1 port detected [ 1939.792310][ T31] audit: type=1800 audit(1938.580:3): pid=4952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.275" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=6730 res=0 errno=0 [ 1963.712202][ T4966] IPv6: addrconf: prefix option has invalid lifetime [ 1993.900302][ T4979] IPv6: addrconf: prefix option has invalid lifetime [ 2009.874582][ T4988] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 2009.882865][ T4988] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 2019.974106][ T50] block nbd0: Receive control failed (result -32) [ 2019.986311][ T864] block nbd0: Receive control failed (result -32) [ 2019.990264][ T864] block nbd0: Receive control failed (result -32) [ 2020.078553][ T4991] nbd0: detected capacity change from 0 to 127 [ 2029.204418][ T5000] nbd1: detected capacity change from 0 to 127 [ 2030.145080][ T4996] block nbd1: Receive control failed (result -32) [ 2107.028439][ T5069] Device tree not included in the provided image [ 2126.913665][ T31] audit: type=1326 audit(2125.680:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5081 comm="syz.1.318" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fff82f33992 code=0x0 [ 2147.269140][ T5091] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 2154.998598][ T5096] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 2284.685812][ T5172] ªªªªªª: renamed from vlan0 (while UP) [ 2299.695834][ T5182] netlink: 12 bytes leftover after parsing attributes in process `syz.2.357'. [ 2299.698691][ T5182] netlink: 12 bytes leftover after parsing attributes in process `syz.2.357'. [ 2380.027125][ T5234] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 2401.274791][ T5251] netlink: 8 bytes leftover after parsing attributes in process `syz.2.390'. [ 2401.280341][ T5251] netlink: 'syz.2.390': attribute type 5 has an invalid length. [ 2404.477310][ T5253] netlink: 28 bytes leftover after parsing attributes in process `syz.1.391'. [ 2404.479674][ T5253] netlink: 28 bytes leftover after parsing attributes in process `syz.1.391'. [ 2405.059074][ T5253] netlink: 28 bytes leftover after parsing attributes in process `syz.1.391'. [ 2405.084764][ T5253] netlink: 28 bytes leftover after parsing attributes in process `syz.1.391'. [ 2472.495285][ T5298] netlink: 8 bytes leftover after parsing attributes in process `syz.1.409'. [ 2472.496722][ T5298] netlink: 12 bytes leftover after parsing attributes in process `syz.1.409'. [ 2503.315310][ T5319] netlink: 16 bytes leftover after parsing attributes in process `syz.2.418'. [ 2576.539324][ T5370] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 2576.539324][ T5370] The task syz.1.438 (5370) triggered the difference, watch for misbehavior. [ 2595.472922][ T5380] input: syz0 as /devices/virtual/input/input2 [ 2604.995511][ T5388] CUSE: info not properly terminated [ 2605.819236][ T5390] netlink: 56 bytes leftover after parsing attributes in process `syz.2.446'. [ 2613.210293][ T5393] kernel profiling enabled (shift: 18) [ 2642.937339][ T5418] netlink: 36 bytes leftover after parsing attributes in process `syz.1.454'. [ 2702.540319][ T5453] netlink: 40 bytes leftover after parsing attributes in process `syz.2.467'. [ 2730.797285][ T31] audit: type=1326 audit(2729.610:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5464 comm="syz.2.471" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb7333992 code=0x7fc00000 [ 2835.093966][ T5507] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 2925.800430][ T5546] netlink: 'syz.2.507': attribute type 12 has an invalid length. [ 3012.619959][ T5590] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 3040.994983][ T5602] netlink: 76 bytes leftover after parsing attributes in process `syz.1.530'. [ 3127.568435][ T5653] netlink: 8 bytes leftover after parsing attributes in process `syz.1.548'. [ 3127.613667][ T5653] netlink: 4 bytes leftover after parsing attributes in process `syz.1.548'. [ 3127.616132][ T5653] netlink: 'syz.1.548': attribute type 18 has an invalid length. [ 3145.026477][ T5665] veth0: entered promiscuous mode [ 3145.084722][ T5665] veth0: left promiscuous mode [ 3226.803542][ T5714] netlink: 24 bytes leftover after parsing attributes in process `syz.2.573'. [ 3227.717460][ T5715] netlink: 24 bytes leftover after parsing attributes in process `syz.2.573'. [ 3229.056131][ C0] vcan0: j1939_tp_rxtimer: 0xffffaf802063e800: Timeout. Failed to send simple message. [ 3260.369419][ T5734] process 'syz.1.582' launched './file1' with NULL argv: empty string added [ 3289.620259][ T5750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.588'. [ 3303.733621][ T5756] misc userio: Can't change port type on an already running userio instance [ 3346.200322][ T5778] block nbd1: Dead connection, failed to find a fallback [ 3346.247056][ T5778] block nbd1: shutting down sockets [ 3346.369609][ T5778] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 3346.435966][ T5778] Buffer I/O error on dev nbd1, logical block 0, async page read [ 3346.478168][ T5778] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 3346.555557][ T5778] Buffer I/O error on dev nbd1, logical block 1, async page read [ 3346.627366][ T5778] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 3346.630345][ T5778] Buffer I/O error on dev nbd1, logical block 2, async page read [ 3346.636131][ T5778] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 3346.638509][ T5778] Buffer I/O error on dev nbd1, logical block 3, async page read [ 3346.700025][ T5778] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 3346.709502][ T5778] Buffer I/O error on dev nbd1, logical block 0, async page read [ 3346.774561][ T5778] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 3346.815420][ T5778] Buffer I/O error on dev nbd1, logical block 1, async page read [ 3346.819364][ T5778] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 3346.856873][ T5778] Buffer I/O error on dev nbd1, logical block 2, async page read [ 3346.884432][ T5778] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 3346.897648][ T5778] Buffer I/O error on dev nbd1, logical block 3, async page read [ 3346.900049][ T5778] nbd1: unable to read partition table [ 3348.546846][ T5778] block nbd1: Cannot use ioctl interface on a netlink controlled device. [ 3348.659518][ T5778] block nbd1: NBD_DISCONNECT [ 3348.723428][ T5778] block nbd1: Send disconnect failed -32 [ 3423.809959][ T5809] binder: 5808:5809 ioctl c0306201 200000000480 returned -14 [ 3524.208828][ T5858] netlink: 64 bytes leftover after parsing attributes in process `syz.1.631'. [ 3697.489451][ T5966] syz.2.679: vmalloc error: size 2037431678, exceeds total pages, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0 [ 3697.528503][ T5966] CPU: 0 UID: 0 PID: 5966 Comm: syz.2.679 Tainted: G L syzkaller #0 PREEMPT [ 3697.529428][ T5966] Tainted: [L]=SOFTLOCKUP [ 3697.529693][ T5966] Hardware name: riscv-virtio,qemu (DT) [ 3697.530347][ T5966] Call Trace: [ 3697.530883][ T5966] [] dump_backtrace+0x2e/0x3c [ 3697.531964][ T5966] [] show_stack+0x30/0x3c [ 3697.532535][ T5966] [] dump_stack_lvl+0x114/0x1ac [ 3697.533364][ T5966] [] dump_stack+0x1c/0x28 [ 3697.534183][ T5966] [] warn_alloc+0x188/0x2a4 [ 3697.534736][ T5966] [] __vmalloc_node_range_noprof+0x14fc/0x18e8 [ 3697.535491][ T5966] [] __kvmalloc_node_noprof+0x4b2/0xa14 [ 3697.536118][ T5966] [] drm_property_create_blob+0x7c/0x2f8 [ 3697.536793][ T5966] [] drm_mode_createblob_ioctl+0xf4/0x3d8 [ 3697.537485][ T5966] [] drm_ioctl_kernel+0x1de/0x370 [ 3697.538140][ T5966] [] drm_ioctl+0x4e6/0xb98 [ 3697.538783][ T5966] [] __riscv_sys_ioctl+0x17c/0x1e4 [ 3697.539392][ T5966] [] syscall_handler+0x92/0x114 [ 3697.540087][ T5966] [] do_trap_ecall_u+0x402/0x680 [ 3697.540775][ T5966] [] handle_exception+0x15e/0x16a [ 3697.665281][ T5966] Mem-Info: [ 3697.668153][ T5966] active_anon:3399 inactive_anon:0 isolated_anon:0 [ 3697.668153][ T5966] active_file:15361 inactive_file:35443 isolated_file:0 [ 3697.668153][ T5966] unevictable:768 dirty:37 writeback:0 [ 3697.668153][ T5966] slab_reclaimable:2823 slab_unreclaimable:27639 [ 3697.668153][ T5966] mapped:12497 shmem:807 pagetables:860 [ 3697.668153][ T5966] sec_pagetables:0 bounce:0 [ 3697.668153][ T5966] kernel_misc_reclaimable:0 [ 3697.668153][ T5966] free:203345 free_pcp:5732 free_cma:52672 [ 3697.695129][ T5966] Node 0 active_anon:13596kB inactive_anon:0kB active_file:61444kB inactive_file:141772kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:49988kB dirty:148kB writeback:0kB shmem:3228kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6336kB pagetables:3440kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 3697.699933][ T5966] Node 0 DMA32 free:813380kB boost:0kB min:22528kB low:28160kB high:33792kB reserved_highatomic:0KB free_highatomic:0KB active_anon:13596kB inactive_anon:0kB active_file:61444kB inactive_file:141772kB unevictable:3072kB writepending:148kB zspages:0kB present:2097152kB managed:1424720kB mlocked:0kB bounce:0kB free_pcp:22924kB local_pcp:12980kB free_cma:210688kB [ 3697.769199][ T5966] lowmem_reserve[]: 0 0 0 [ 3697.820380][ T5966] Node 0 DMA32: 1713*4kB (UM) 1128*8kB (UM) 518*16kB (UM) 219*32kB (UME) 132*64kB (UME) 47*128kB (UME) 13*256kB (UMC) 19*512kB (UMEC) 15*1024kB (UMEC) 9*2048kB (UMEC) 176*4096kB (MC) = 813380kB [ 3698.018260][ T5966] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 3698.020210][ T5966] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 3698.073311][ T5966] 51611 total pagecache pages [ 3698.074325][ T5966] 0 pages in swap cache [ 3698.075235][ T5966] Free swap = 124996kB [ 3698.076316][ T5966] Total swap = 124996kB [ 3698.077984][ T5966] 524288 pages RAM [ 3698.079308][ T5966] 0 pages HighMem/MovableOnly [ 3698.172161][ T5966] 168108 pages reserved [ 3698.173968][ T5966] 52736 pages cma reserved [ 3712.703400][ T5976] input: syz1 as /devices/virtual/input/input4 [ 3810.915902][ T6036] netlink: 16 bytes leftover after parsing attributes in process `syz.2.706'. [ 3812.427911][ T6038] netlink: 4 bytes leftover after parsing attributes in process `syz.1.707'. [ 3833.487118][ T6052] input: syz1 as /devices/virtual/input/input5 [ 3857.987536][ T6073] binder: 6072:6073 ioctl c018620c 200000000000 returned -22 [ 3876.993668][ T6086] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 3877.058157][ T6086] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 3942.084728][ T6128] netlink: 72 bytes leftover after parsing attributes in process `syz.1.736'. [ 4185.224929][ T6287] binder: 6286:6287 ioctl c018620c 200000000000 returned -1 [ 4216.258642][ T6309] netlink: 8 bytes leftover after parsing attributes in process `syz.2.809'. [ 4267.065443][ T6339] netlink: 'syz.1.821': attribute type 2 has an invalid length. [ 4267.068296][ T6339] netlink: 'syz.1.821': attribute type 1 has an invalid length. [ 4267.069450][ T6339] netlink: 2704 bytes leftover after parsing attributes in process `syz.1.821'. [ 4336.136638][ T6375] netlink: 8 bytes leftover after parsing attributes in process `syz.1.837'. [ 4408.914167][ T6420] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 4408.918947][ T6420] IPv6: NLM_F_CREATE should be set when creating new route [ 4408.922306][ T6420] IPv6: NLM_F_CREATE should be set when creating new route [ 4409.292399][ T6420] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.857'. [ 4430.247501][ T6432] netlink: 71 bytes leftover after parsing attributes in process `syz.2.862'. [ 4450.643350][ T6443] bond0: option lp_interval: invalid value (18446744073709551607) [ 4450.644954][ T6443] bond0: option lp_interval: allowed values 1 - 2147483647 [ 4475.105394][ T6461] netlink: 400 bytes leftover after parsing attributes in process `syz.1.873'. [ 4497.338576][ T6472] netlink: 8 bytes leftover after parsing attributes in process `syz.1.878'. [ 4498.347736][ T6477] netlink: 8 bytes leftover after parsing attributes in process `syz.1.878'. [ 4613.626996][ T6541] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 4613.628618][ T6541] IPv6: NLM_F_CREATE should be set when creating new route [ 4613.630070][ T6541] IPv6: NLM_F_CREATE should be set when creating new route [ 4613.632350][ T6541] IPv6: NLM_F_CREATE should be set when creating new route [ 4613.651282][ T6541] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 4674.679385][ T6582] capability: warning: `syz.1.920' uses deprecated v2 capabilities in a way that may be insecure [ 4818.179443][ T6656] sit0: entered promiscuous mode [ 4819.029552][ T6656] netlink: 'syz.1.954': attribute type 1 has an invalid length. [ 4819.104326][ T6656] netlink: 1 bytes leftover after parsing attributes in process `syz.1.954'. [ 4821.994982][ T6658] netlink: 8 bytes leftover after parsing attributes in process `syz.2.955'. [ 4821.998457][ T6658] netlink: 40 bytes leftover after parsing attributes in process `syz.2.955'. [ 4895.487373][ T6706] netlink: 44 bytes leftover after parsing attributes in process `syz.1.975'. [ 4897.226815][ T6708] netlink: 16255 bytes leftover after parsing attributes in process `syz.2.976'. [ 4903.954707][ T6714] netlink: 20 bytes leftover after parsing attributes in process `syz.1.977'. [ 4909.078855][ T6711] bond1: entered promiscuous mode [ 4965.975993][ T6785] netlink: 52 bytes leftover after parsing attributes in process `syz.2.993'. [ 4966.468029][ T6787] netlink: 20 bytes leftover after parsing attributes in process `syz.1.994'. [ 4967.405552][ T6790] netlink: 20 bytes leftover after parsing attributes in process `syz.1.994'. [ 4997.667742][ T6811] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1003'. [ 5012.143523][ T6821] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5012.145050][ T6821] Buffer I/O error on dev nbd1, logical block 0, async page read [ 5012.147000][ T6821] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5012.148461][ T6821] Buffer I/O error on dev nbd1, logical block 1, async page read [ 5012.150294][ T6821] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5012.178097][ T6821] Buffer I/O error on dev nbd1, logical block 2, async page read [ 5012.180344][ T6821] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5012.215768][ T6821] Buffer I/O error on dev nbd1, logical block 3, async page read [ 5012.218477][ T6821] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5012.219985][ T6821] Buffer I/O error on dev nbd1, logical block 0, async page read [ 5012.283145][ T6821] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5012.284729][ T6821] Buffer I/O error on dev nbd1, logical block 1, async page read [ 5012.286576][ T6821] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5012.287881][ T6821] Buffer I/O error on dev nbd1, logical block 2, async page read [ 5012.289605][ T6821] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 5012.352383][ T6821] Buffer I/O error on dev nbd1, logical block 3, async page read [ 5012.353897][ T6821] nbd1: unable to read partition table [ 5012.649320][ T6821] block nbd1: Cannot use ioctl interface on a netlink controlled device. [ 5029.188780][ T6832] macvlan1: entered promiscuous mode [ 5029.190082][ T6832] macvlan1: entered allmulticast mode [ 5030.323729][ T6832] veth1_vlan: entered allmulticast mode [ 5046.747498][ T6839] netlink: 136 bytes leftover after parsing attributes in process `syz.2.1015'. [ 5046.762794][ T6839] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 5116.899037][ T6880] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1032'. [ 5116.914699][ T6880] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1032'. [ 5170.853810][ T6912] binder: BC_ACQUIRE_RESULT not supported [ 5170.856484][ T6912] binder: 6911:6912 ioctl c0306201 2000000003c0 returned -22 [ 5249.687605][ T6961] input input6: cannot allocate more than FF_MAX_EFFECTS effects [ 5263.683232][ T6967] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1073'. [ 5296.670251][ T6984] binder: 6983:6984 ioctl c0306201 2000000003c0 returned -14 [ 5355.434176][ T31] audit: type=1326 audit(5354.180:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7012 comm="syz.2.1089" exe="/syz-executor" sig=31 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb7333992 code=0x0 [ 5378.425846][ T7025] netlink: 'syz.1.1092': attribute type 4 has an invalid length. [ 5488.300185][ T7065] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1110'. [ 5488.506359][ T7065] gretap0: entered promiscuous mode [ 5489.733560][ T7065] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1110'. [ 5489.745970][ T7065] 0ªî{X¹¦: renamed from gretap0 [ 5489.980020][ T7065] 0ªî{X¹¦: left promiscuous mode [ 5489.986485][ T7065] 0ªî{X¹¦: entered allmulticast mode [ 5490.222276][ T7065] A link change request failed with some changes committed already. Interface 30ªî{X¹¦ may have been left with an inconsistent configuration, please check. [ 5509.386510][ T7074] netdevsim netdevsim1 netdevsim1: entered allmulticast mode [ 5528.963697][ T7081] ./file0: Can't open blockdev [ 5561.686913][ T7100] input: syz1 as /devices/virtual/input/input7 [ 5626.340458][ T7138] block nbd2: shutting down sockets [ 5654.779049][ T7147] syzkaller1: entered promiscuous mode [ 5654.805072][ T7147] syzkaller1: entered allmulticast mode [ 5655.403097][ T7147] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 22 [ 5709.656527][ T7172] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 5718.286663][ T7175] TCP: TCP_TX_DELAY enabled [ 5829.966931][ T7211] batadv_slave_0: entered promiscuous mode [ 5932.454660][ T7260] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1180'. [ 6006.198508][ T7295] syzkaller1: entered promiscuous mode [ 6006.200147][ T7295] syzkaller1: entered allmulticast mode [ 6041.179495][ T7313] vcan0: tx address claim with different name [ 6058.248764][ T7321] syz.2.1202 uses obsolete (PF_INET,SOCK_PACKET) [ 6071.079966][ T7330] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1204'. [ 6095.403640][ T7340] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1209'. [ 6118.776616][ T31] audit: type=1326 audit(6117.560:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7354 comm="syz.2.1213" exe="/syz-executor" sig=9 arch=c00000f3 syscall=98 compat=0 ip=0x7fffb7333992 code=0x0 [ 6144.613453][ T7370] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1219'. [ 6144.903673][ T7370] netlink: 'syz.2.1219': attribute type 1 has an invalid length. [ 6144.905189][ T7370] netlink: 'syz.2.1219': attribute type 2 has an invalid length. [ 6205.966746][ T7397] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1228'. [ 6205.968373][ T7397] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1228'. [ 6380.635884][ T7459] lo: entered allmulticast mode [ 6380.785818][ T7459] lo: left allmulticast mode [ 6402.695013][ T7469] loop1: detected capacity change from 0 to 1024 [ 6416.817128][ T7479] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1252'. [ 6570.501706][ T7548] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1275'. [ 6621.954811][ T7576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6621.986727][ T7576] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6623.650727][ C0] hrtimer: interrupt took 4180900 ns [ 6664.634121][ T7597] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1291'. [ 6694.006982][ T7611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 6694.054147][ T7611] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 6827.328855][ T7680] netlink: 180 bytes leftover after parsing attributes in process `syz.2.1322'. [ 6855.654201][ T7695] batadv_slave_1: entered promiscuous mode [ 6855.827398][ T7694] batadv_slave_1: left promiscuous mode [ 6941.145267][ T7733] netlink: 'syz.2.1343': attribute type 4 has an invalid length. [ 6988.265780][ T7757] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1354'. [ 7017.125345][ T7773] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1356'. [ 7017.126999][ T7773] netlink: 'syz.2.1356': attribute type 30 has an invalid length. [ 7017.969715][ T7776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1356'. [ 7018.023200][ T7776] netlink: 'syz.2.1356': attribute type 30 has an invalid length. [ 7021.242382][ T6929] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 7021.244630][ T6929] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 7021.246303][ T6929] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 7021.296193][ T6929] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 7101.719115][ T7821] netlink: 63503 bytes leftover after parsing attributes in process `syz.2.1370'. [ 7119.978560][ T7831] netlink: 'syz.2.1373': attribute type 10 has an invalid length. [ 7120.067951][ T7831] syz_tun: entered promiscuous mode [ 7164.397318][ T7852] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 7180.234925][ T7859] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1384'. [ 7237.887462][ T7893] input: syz1 as /devices/virtual/input/input8 [ 7281.517063][ T7917] netlink: 'syz.1.1401': attribute type 29 has an invalid length. [ 7282.575677][ T7917] netlink: 'syz.1.1401': attribute type 29 has an invalid length. [ 7282.926437][ T7917] netlink: 500 bytes leftover after parsing attributes in process `syz.1.1401'. [ 7314.167117][ T7929] netlink: 'syz.1.1407': attribute type 2 has an invalid length. [ 7314.170304][ T7929] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1407'. [ 7372.648078][ T7970] netlink: 277 bytes leftover after parsing attributes in process `syz.2.1418'. [ 7492.439024][ T8026] loop1: detected capacity change from 0 to 4096 [ 7560.640368][ T8059] sock: sock_set_timeout: `syz.1.1449' (pid 8059) tries to set negative timeout [ 7573.944030][ T8063] netlink: 'syz.1.1451': attribute type 21 has an invalid length. [ 7573.945577][ T8063] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1451'. [ 7573.948942][ T8063] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1451'. [ 7574.226846][ T8063] netlink: 'syz.1.1451': attribute type 21 has an invalid length. [ 7574.228255][ T8063] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1451'. [ 7574.230009][ T8063] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1451'. [ 7654.195755][ T8096] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1463'. [ 7696.150092][ T8122] syzkaller1: entered promiscuous mode [ 7696.194601][ T8122] syzkaller1: entered allmulticast mode [ 7837.312685][ T8190] comedi: valid board names for 8255 driver are: [ 7837.316652][ T8190] 8255 [ 7837.318008][ T8190] comedi: valid board names for vmk80xx driver are: [ 7837.319532][ T8190] vmk80xx [ 7837.382289][ T8190] comedi: valid board names for usbduxsigma driver are: [ 7837.384300][ T8190] usbduxsigma [ 7837.385648][ T8190] comedi: valid board names for usbduxfast driver are: [ 7837.387236][ T8190] usbduxfast [ 7837.388511][ T8190] comedi: valid board names for usbdux driver are: [ 7837.389998][ T8190] usbdux [ 7837.436323][ T8190] comedi: valid board names for ni6501 driver are: [ 7837.438347][ T8190] ni6501 [ 7837.439737][ T8190] comedi: valid board names for dt9812 driver are: [ 7837.473080][ T8190] dt9812 [ 7837.474952][ T8190] comedi: valid board names for ni_labpc_cs driver are: [ 7837.476609][ T8190] ni_labpc_cs [ 7837.477922][ T8190] comedi: valid board names for ni_daq_700 driver are: [ 7837.479487][ T8190] ni_daq_700 [ 7837.507765][ T8190] comedi: valid board names for labpc_pci driver are: [ 7837.509657][ T8190] labpc_pci [ 7837.532604][ T8190] comedi: valid board names for adl_pci9118 driver are: [ 7837.534776][ T8190] pci9118dg [ 7837.536190][ T8190] pci9118hg [ 7837.537531][ T8190] pci9118hr [ 7837.538824][ T8190] comedi: valid board names for 8255_pci driver are: [ 7837.540474][ T8190] 8255_pci [ 7837.575033][ T8190] comedi: valid board names for comedi_parport driver are: [ 7837.576851][ T8190] comedi_parport [ 7837.578256][ T8190] comedi: valid board names for comedi_test driver are: [ 7837.579785][ T8190] comedi_test [ 7837.676109][ T8190] comedi: valid board names for comedi_bond driver are: [ 7837.679079][ T8190] comedi_bond [ 7871.343868][ T8212] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1499'. [ 7890.795785][ T8226] GUP no longer grows the stack in syz.2.1503 (8226): 200000006000-20000000a000 (200000002000) [ 7890.814917][ T8226] CPU: 0 UID: 0 PID: 8226 Comm: syz.2.1503 Tainted: G L syzkaller #0 PREEMPT [ 7890.815458][ T8226] Tainted: [L]=SOFTLOCKUP [ 7890.815565][ T8226] Hardware name: riscv-virtio,qemu (DT) [ 7890.815686][ T8226] Call Trace: [ 7890.815803][ T8226] [] dump_backtrace+0x2e/0x3c [ 7890.816313][ T8226] [] show_stack+0x30/0x3c [ 7890.816799][ T8226] [] dump_stack_lvl+0x114/0x1ac [ 7890.817577][ T8226] [] dump_stack+0x1c/0x28 [ 7890.818037][ T8226] [] gup_vma_lookup+0x1e6/0x1fc [ 7890.818396][ T8226] [] __get_user_pages+0x17c/0x2e0c [ 7890.818758][ T8226] [] get_user_pages_remote+0x340/0xa7c [ 7890.819120][ T8226] [] __access_remote_vm+0x262/0xc24 [ 7890.819614][ T8226] [] access_remote_vm+0x32/0x44 [ 7890.820067][ T8226] [] proc_pid_cmdline_read+0x474/0x798 [ 7890.820670][ T8226] [] vfs_readv+0x52e/0x730 [ 7890.821070][ T8226] [] do_preadv+0x1a6/0x258 [ 7890.821482][ T8226] [] __riscv_sys_preadv+0x88/0xd4 [ 7890.821859][ T8226] [] syscall_handler+0x92/0x114 [ 7890.822256][ T8226] [] do_trap_ecall_u+0x402/0x680 [ 7890.822682][ T8226] [] handle_exception+0x15e/0x16a [ 7948.849040][ T8250] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1513'. [ 7948.872911][ T8250] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1513'. [ 8028.567315][ T8275] netlink: 'syz.2.1525': attribute type 11 has an invalid length. [ 8029.189546][ T8275] netlink: 19 bytes leftover after parsing attributes in process `syz.2.1525'. [ 8085.079086][ C0] ------------[ cut here ]------------ [ 8085.079524][ C0] kernel BUG at [] mm/page_table_check.c:142! [ 8085.080968][ C0] Kernel BUG [#1] [ 8085.081303][ C0] Modules linked in: [ 8085.082006][ C0] CPU: 0 UID: 0 PID: 8047 Comm: syz.2.1444 Tainted: G L syzkaller #0 PREEMPT [ 8085.082704][ C0] Tainted: [L]=SOFTLOCKUP [ 8085.082896][ C0] Hardware name: riscv-virtio,qemu (DT) [ 8085.083250][ C0] epc : __page_table_check_zero+0x396/0x544 [ 8085.083916][ C0] ra : __page_table_check_zero+0x396/0x544 [ 8085.084524][ C0] epc : ffffffff80c4e452 ra : ffffffff80c4e452 sp : ffff8f80024e6f60 [ 8085.084918][ C0] gp : ffffffff8a22a0c0 tp : ffffaf8031434f80 t0 : ffff8f80024e6f00 [ 8085.085343][ C0] t1 : fffff5ef02803c09 t2 : 1ffff1f00049ce6c s0 : ffff8f80024e6fd0 [ 8085.085738][ C0] s1 : ffffaf801401e048 a0 : 0000000000000005 a1 : 0000000000000000 [ 8085.086111][ C0] a2 : 0000000000000002 a3 : ffffffff80c4e452 a4 : 0000000000000000 [ 8085.086518][ C0] a5 : ffffaf8031435f80 a6 : 0000000000000003 a7 : ffffaf801401e04b [ 8085.086902][ C0] s2 : 0000000000000001 s3 : 0000000000000000 s4 : ffffaf801401e000 [ 8085.087306][ C0] s5 : dfffffff00000000 s6 : 00000000000c0600 s7 : 0000000000000200 [ 8085.087704][ C0] s8 : 0000000000000009 s9 : 0000000000007fff s10: fffffffef1468fb0 [ 8085.088081][ C0] s11: ffffffff8a347d80 t3 : 0000000000000001 t4 : fffff5ef02803c09 [ 8085.088470][ C0] t5 : fffff5ef02803c0a t6 : 0000000000000002 ssp : 0000000000000000 [ 8085.088855][ C0] status: 0000000200000120 badaddr: ffffffff80c4e452 cause: 0000000000000003 [ 8085.089298][ C0] [] __page_table_check_zero+0x396/0x544 [ 8085.089946][ C0] [] free_unref_folios+0xa58/0x1ef4 [ 8085.090696][ C0] [] folios_put_refs+0x41c/0x61c [ 8085.091384][ C0] [] free_pages_and_swap_cache+0x29c/0x480 [ 8085.092061][ C0] [] __tlb_batch_free_encoded_pages+0xe4/0x25c [ 8085.092725][ C0] [] tlb_finish_mmu+0x188/0x824 [ 8085.093371][ C0] [] exit_mmap+0x416/0xccc [ 8085.093951][ C0] [] __mmput+0x106/0x3d0 [ 8085.094708][ C0] [] mmput+0x74/0x88 [ 8085.095468][ C0] [] do_exit+0x802/0x2ac4 [ 8085.096110][ C0] [] do_group_exit+0xca/0x258 [ 8085.096778][ C0] [] get_signal+0x1f7e/0x224c [ 8085.097498][ C0] [] arch_do_signal_or_restart+0xca0/0x1ddc [ 8085.098160][ C0] [] exit_to_user_mode_loop+0x8e/0x878 [ 8085.098786][ C0] [] do_trap_ecall_u+0x4e0/0x680 [ 8085.099433][ C0] [] handle_exception+0x15e/0x16a [ 8085.100974][ C0] Code: 4b00 8526 c0ef e7bf 8a2a b791 d097 ff8c 80e7 49e0 (9002) d097 [ 8085.102518][ C0] ---[ end trace 0000000000000000 ]--- [ 8085.104583][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 8085.105750][ C0] SMP: stopping secondary CPUs VM DIAGNOSIS: 19:51:54 Registers: info registers vcpu 0 CPU#0 V = 0 pc ffffffff80323f1a mhartid 0000000000000000 mstatus 0000000a000001a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000220 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f4b509 hedeleg 000000000000b10d mtvec 00000000800004f8 stvec ffffffff86459ff4 vstvec 0000000000000000 mepc ffffffff80090f72 sepc ffffffff80c4e452 vsepc 0000000000000000 mcause 0000000000000009 scause 0000000000000003 vscause 0000000000000000 mtval 0000000000000000 stval ffffffff80c4e452 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080049000 sscratch 0000000000000000 satp 90906000000ac50c x0/zero 0000000000000000 x1/ra ffffffff80323f16 x2/sp ffff8f80024e68f0 x3/gp ffffffff8a22a0c0 x4/tp ffffaf8031434f80 x5/t0 552030203a555043 x6/t1 fffffffef1445d1c x7/t2 49552030203a5550 x8/s0 ffff8f80024e6930 x9/s1 dfffffff00000000 x10/a0 0000000000000000 x11/a1 ffffffff86dda2c0 x12/a2 0000000000000007 x13/a3 ffffffff80323f16 x14/a4 0000000000000000 x15/a5 ffffaf8031434f80 x16/a6 0000000000ff0100 x17/a7 0000000000000003 x18/s2 0000000200000120 x19/s3 0000000000000000 x20/s4 1ffff1f00049cd62 x21/s5 1ffffffff11f9957 x22/s6 0000000000000000 x23/s7 ffffffff88fccab8 x24/s8 ffff8f80024e6b40 x25/s9 ffffffff88fcca60 x26/s10 0000000000000074 x27/s11 ffff8f80024e6b10 x28/t3 ffffffff81f85160 x29/t4 fffffffef1445d1c x30/t5 fffffffef1445d1d x31/t6 ffffffff913fc0b7 fcsr 0000000000000000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000 info registers vcpu 1 CPU#1 V = 0 pc ffffffff800875b6 mhartid 0000000000000001 mstatus 0000000a000001a0 hstatus 0000000200000000 vsstatus 0000000a00000000 mip 0000000000000020 mie 000000000000022a mideleg 0000000000001666 hideleg 0000000000000444 medeleg 0000000000f4b509 hedeleg 000000000000b10d mtvec 00000000800004f8 stvec ffffffff86459ff4 vstvec 0000000000000000 mepc ffffffff8007a9ac sepc ffffffff86455e9a vsepc 0000000000000000 mcause 8000000000000003 scause 8000000000000001 vscause 0000000000000000 mtval 0000000000000000 stval 0000000000000000 htval 0000000000000000 mtval2 0000000000000000 mscratch 0000000080047000 sscratch 0000000000000000 satp 90906000000ac50c x0/zero 0000000000000000 x1/ra ffffffff800875b2 x2/sp ffff8f8000017e10 x3/gp ffffffff8a22a0c0 x4/tp ffffaf80133dcf80 x5/t0 ffff8f8000010000 x6/t1 fffffffef1467930 x7/t2 ffffffff91601828 x8/s0 ffff8f8000017e40 x9/s1 ffffffff86a0cae8 x10/a0 0000000000000001 x11/a1 0000000000000004 x12/a2 0000000000000001 x13/a3 ffffffff800875b2 x14/a4 0000000000000000 x15/a5 ffffaf80133dcf80 x16/a6 fffffffef1467931 x17/a7 0000000000000003 x18/s2 0000000000000001 x19/s3 ffffffff86863000 x20/s4 ffffffff800872fc x21/s5 ffffaf8011d19000 x22/s6 0000000000000000 x23/s7 0000000000000001 x24/s8 0000000000000007 x25/s9 ffffffff91601828 x26/s10 ffffffff86a6e1c0 x27/s11 0000000000000004 x28/t3 ffffffff87fb2860 x29/t4 fffffffef1467930 x30/t5 fffffffef1467931 x31/t6 ffffffff8687a840 fcsr 0000000000000000 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000