last executing test programs: 1m44.817355779s ago: executing program 1 (id=306): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume_offset', 0x21102, 0x28) sendfile(r0, r0, 0x0, 0x6) 1m26.937236048s ago: executing program 1 (id=308): r0 = semget(0x0, 0x1, 0x248) semctl$SEM_STAT(r0, 0x0, 0x12, &(0x7f0000000640)=""/1) 1m20.387643863s ago: executing program 0 (id=309): capset(&(0x7f0000000000)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x3, 0x7, 0x3}) clock_adjtime(0x0, &(0x7f0000000700)={0x100000000006500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x240e}) 1m13.17164878s ago: executing program 1 (id=310): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0xc, 0xfffffffe) 1m8.646772823s ago: executing program 0 (id=311): futex_waitv(&(0x7f0000000180)=[{0x0, &(0x7f0000000000), 0x2}, {0x3, &(0x7f0000000040)=0x3, 0x2}], 0x2, 0x0, 0x0, 0x0) futex(&(0x7f0000000140), 0x5, 0x0, 0x0, &(0x7f0000000000), 0x0) 56.555328352s ago: executing program 1 (id=312): munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) get_mempolicy(0x0, 0x0, 0x300, &(0x7f0000005000/0x2000)=nil, 0x2) 54.82777634s ago: executing program 0 (id=313): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680)) getrlimit(0xa, 0x0) 40.52336103s ago: executing program 1 (id=314): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x4400, &(0x7f0000000200)={[{@mpol={'mpol', 0x3d, {'bind', '', @void}}}]}) 37.559702264s ago: executing program 0 (id=315): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="a4000000140095942fbd7000ffdbdf250a1720ff", @ANYRES32=0x0, @ANYBLOB="080008001800000014000100200100000000000000000000000000000800090202000000140006"], 0xa4}, 0x1, 0x0, 0x0, 0x20048090}, 0x20000840) 23.356674382s ago: executing program 1 (id=316): prctl$PR_SET_IO_FLUSHER(0x41, 0x3) syz_clone(0x22180, 0x0, 0xa42f, 0x0, 0x0, 0x0) 16.276281954s ago: executing program 0 (id=317): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x1e, 0x305, 0x0, 0x25dfdbfe, {}, [@typed={0x8, 0x3ffe, 0x0, 0x0, @pid}, @typed={0x8, 0x9, 0x0, 0x0, @fd}]}, 0x24}, 0x1, 0x8000000, 0x0, 0xc880}, 0x0) 0s ago: executing program 0 (id=318): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000840)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @private=0xa010101}, @in=@remote}, {@in=@dev={0xac, 0x14, 0x14, 0x1b}, 0x4d3, 0x33}, @in=@multicast1, {0x3}, {0x0, 0x0, 0x0, 0x4000}, {0x0, 0x22}, 0x80000000, 0x3503, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x13c}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:6610' (ED25519) to the list of known hosts. syzkaller login: [ 708.009764][ T3214] cgroup: Unknown subsys name 'net' [ 709.101879][ T3214] cgroup: Unknown subsys name 'cpuset' [ 709.249869][ T3214] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 824.674998][ T3214] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 1057.532353][ T3223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1058.696001][ T3223] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1060.972718][ T3221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1061.294601][ T3221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1091.940143][ T3221] hsr_slave_0: entered promiscuous mode [ 1092.073345][ T3221] hsr_slave_1: entered promiscuous mode [ 1094.500498][ T3223] hsr_slave_0: entered promiscuous mode [ 1094.560361][ T3223] hsr_slave_1: entered promiscuous mode [ 1094.612995][ T3223] debugfs: 'hsr0' already exists in 'hsr' [ 1094.615626][ T3223] Cannot create hsr debugfs directory [ 1126.745089][ T3223] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1127.159273][ T3223] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1127.258630][ T3223] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1127.378612][ T3223] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1127.433696][ T3223] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1127.596038][ T3223] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1127.682754][ T3223] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1128.510495][ T3223] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1134.642367][ T3221] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1135.269809][ T3221] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1135.364160][ T3221] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1136.978299][ T3221] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1137.152516][ T3221] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1138.461842][ T3221] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1139.547348][ T3221] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1140.240322][ T3221] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1168.810668][ T3223] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1175.869383][ T3221] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1282.791093][ T3223] veth0_vlan: entered promiscuous mode [ 1284.780095][ T3223] veth1_vlan: entered promiscuous mode [ 1289.794219][ T3223] veth0_macvtap: entered promiscuous mode [ 1290.908974][ T3223] veth1_macvtap: entered promiscuous mode [ 1295.637582][ T3221] veth0_vlan: entered promiscuous mode [ 1298.072840][ T3305] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1298.350602][ T3305] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1298.414457][ T3305] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1298.474365][ T3305] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1298.958226][ T3221] veth1_vlan: entered promiscuous mode [ 1307.884476][ T3221] veth0_macvtap: entered promiscuous mode [ 1309.244611][ T3221] veth1_macvtap: entered promiscuous mode [ 1313.690382][ T3223] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1316.529004][ T3785] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1316.549573][ T3785] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1316.700423][ T3785] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1316.718431][ T3785] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1492.040502][ T3881] netlink: 'syz.0.15': attribute type 21 has an invalid length. [ 1492.084054][ T3881] netlink: 8 bytes leftover after parsing attributes in process `syz.0.15'. [ 1514.118374][ T3888] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 1557.761584][ T3900] netlink: 'syz.1.24': attribute type 3 has an invalid length. [ 1584.352809][ T3909] netlink: 64 bytes leftover after parsing attributes in process `syz.1.28'. [ 1603.358739][ T3914] tmpfs: Bad value for 'mpol' [ 1956.192284][ T4044] syz.0.71 uses obsolete (PF_INET,SOCK_PACKET) [ 1995.978869][ T4054] trusted_key: encrypted_key: keyword 'newpž'B' not recognized [ 2037.546238][ T4067] netlink: 'syz.1.82': attribute type 21 has an invalid length. [ 2065.104853][ T4077] netlink: 20 bytes leftover after parsing attributes in process `syz.0.87'. [ 2270.989047][ T4135] netlink: 12 bytes leftover after parsing attributes in process `syz.1.111'. [ 2271.185678][ T4135] netlink: 12 bytes leftover after parsing attributes in process `syz.1.111'. [ 2364.106198][ T4161] tmpfs: Bad value for 'mpol' [ 2376.982326][ T4165] netlink: 8 bytes leftover after parsing attributes in process `syz.1.125'. [ 2403.631232][ T4171] netlink: 20 bytes leftover after parsing attributes in process `syz.0.128'. [ 2456.403228][ T4187] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 2456.405812][ T4187] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 2562.511934][ T4214] netlink: 'syz.1.148': attribute type 21 has an invalid length. [ 2562.531580][ T4214] netlink: 128 bytes leftover after parsing attributes in process `syz.1.148'. [ 2562.535917][ T4214] netlink: 'syz.1.148': attribute type 4 has an invalid length. [ 2562.583475][ T4214] netlink: 'syz.1.148': attribute type 3 has an invalid length. [ 2562.673695][ T4214] netlink: 3 bytes leftover after parsing attributes in process `syz.1.148'. [ 2592.420985][ T4220] misc userio: Invalid payload size [ 2603.054087][ T4222] netlink: 44 bytes leftover after parsing attributes in process `syz.1.152'. [ 2603.070697][ T4222] netlink: 51 bytes leftover after parsing attributes in process `syz.1.152'. [ 2603.109929][ T4222] netlink: 'syz.1.152': attribute type 4 has an invalid length. [ 2691.759498][ T4248] netlink: 830 bytes leftover after parsing attributes in process `syz.1.160'. [ 2734.621350][ T4260] ======================================================= [ 2734.621350][ T4260] WARNING: The mand mount option has been deprecated and [ 2734.621350][ T4260] and is ignored by this kernel. Remove the mand [ 2734.621350][ T4260] option from the mount to silence this warning. [ 2734.621350][ T4260] ======================================================= [ 2749.522727][ T4264] netlink: 12 bytes leftover after parsing attributes in process `syz.0.167'. [ 2918.210944][ T4078] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 2919.921729][ T4078] usb 2-1: config index 0 descriptor too short (expected 39, got 27) [ 2919.958684][ T4078] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 2919.992509][ T4078] usb 2-1: config 0 interface 0 has no altsetting 0 [ 2924.263347][ T4078] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 2924.272979][ T4078] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 2924.277990][ T4078] usb 2-1: Product: syz [ 2924.285664][ T4078] usb 2-1: Manufacturer: syz [ 2924.313790][ T4078] usb 2-1: SerialNumber: syz [ 2924.940035][ T4078] usb 2-1: config 0 descriptor?? [ 2926.227414][ T4078] hub 2-1:0.0: bad descriptor, ignoring hub [ 2926.259059][ T4078] hub 2-1:0.0: probe with driver hub failed with error -5 [ 2926.974173][ T4078] usb 2-1: selecting invalid altsetting 0 [ 2935.306097][ T4078] usb 2-1: USB disconnect, device number 2 [ 2978.621778][ T4354] netlink: 'syz.0.194': attribute type 21 has an invalid length. [ 2978.625745][ T4354] IPv6: NLM_F_CREATE should be specified when creating new route [ 3107.600843][ T4389] capability: warning: `syz.1.209' uses 32-bit capabilities (legacy support in use) [ 3112.304195][ T4391] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 3221.601879][ T4416] capability: warning: `syz.0.219' uses deprecated v2 capabilities in a way that may be insecure [ 3238.608169][ T4420] : renamed from bond0 (while UP) [ 3241.655380][ T30] audit: type=1326 audit(3240.220:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.222" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff98b33a7e code=0x7ffc0000 [ 3241.705030][ T30] audit: type=1326 audit(3240.230:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.222" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff98b33a7e code=0x7ffc0000 [ 3242.882175][ T30] audit: type=1326 audit(3241.400:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.222" exe="/syz-executor" sig=0 arch=c00000f3 syscall=72 compat=0 ip=0x7fff98b33a7e code=0x7ffc0000 [ 3243.125279][ T30] audit: type=1326 audit(3241.540:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.222" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff98b33a7e code=0x7ffc0000 [ 3243.429168][ T30] audit: type=1326 audit(3241.730:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4421 comm="syz.1.222" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff98b33a7e code=0x7ffc0000 [ 3276.384542][ T4429] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 3291.526191][ T4433] netlink: 'syz.1.228': attribute type 64 has an invalid length. [ 3291.541425][ T4433] netlink: 152 bytes leftover after parsing attributes in process `syz.1.228'. [ 3449.168839][ T4474] netlink: 8 bytes leftover after parsing attributes in process `syz.0.247'. [ 3498.506097][ T4489] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 3534.836069][ T4503] x_tables: ip_tables: REDIRECT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 3635.986144][ T4533] netlink: 64 bytes leftover after parsing attributes in process `syz.0.273'. [ 3643.198367][ T4535] tmpfs: Bad value for 'mpol' [ 3843.469165][ T4586] xt_connbytes: Forcing CT accounting to be enabled [ 3921.334495][ T4609] netlink: 40 bytes leftover after parsing attributes in process `syz.1.304'. [ 3967.651626][ T30] audit: type=1326 audit(3966.140:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4622 comm="syz.1.310" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff98b33a7e code=0x7ffc0000 [ 3969.983613][ T30] audit: type=1326 audit(3966.250:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4622 comm="syz.1.310" exe="/syz-executor" sig=0 arch=c00000f3 syscall=98 compat=0 ip=0x7fff98b33a7e code=0x7ffc0000 [ 3999.467966][ T4634] tmpfs: Bad value for 'mpol' [ 4037.790075][ C0] ------------[ cut here ]------------ [ 4037.790540][ C0] WARNING: [!valid_signal(sig)] kernel/signal.c:2174 at do_notify_parent+0xe1c/0xfc0, CPU#0: syz.1.316/4643 [ 4037.791862][ C0] Modules linked in: [ 4037.792784][ C0] CPU: 0 UID: 0 PID: 4643 Comm: syz.1.316 Tainted: G W syzkaller #0 PREEMPT [ 4037.793684][ C0] Tainted: [W]=WARN [ 4037.793894][ C0] Hardware name: riscv-virtio,qemu (DT) [ 4037.794131][ C0] epc : do_notify_parent+0xe1c/0xfc0 [ 4037.794963][ C0] ra : do_notify_parent+0xe1c/0xfc0 [ 4037.795720][ C0] epc : ffffffff80196b64 ra : ffffffff80196b64 sp : ffff8f800a077790 [ 4037.796097][ C0] gp : ffffffff8a2739a0 tp : ffffaf801adeb500 t0 : ffff8f800a0776e0 [ 4037.796494][ C0] t1 : 0000000041b58ab3 t2 : ffffffff9164ab80 s0 : ffff8f800a077920 [ 4037.796878][ C0] s1 : ffffaf801adeb500 a0 : 0000000000000007 a1 : 0000000000000040 [ 4037.797237][ C0] a2 : 0000000000000002 a3 : ffffffff80196b64 a4 : 0000000000000000 [ 4037.797587][ C0] a5 : ffffaf801adec500 a6 : 0000000000000003 a7 : fffffffff1f1f1f1 [ 4037.797937][ C0] s2 : ffff8f800a0778a0 s3 : 0000000000000080 s4 : ffff8f800a077830 [ 4037.798332][ C0] s5 : dfffffff00000000 s6 : 0000000000000001 s7 : ffffaf8016a70000 [ 4037.798703][ C0] s8 : 1ffff1f00140eef8 s9 : ffff8f800a0779a0 s10: 0000000000000001 [ 4037.799064][ C0] s11: ffff8f800a077ba0 t3 : ffffffff80195d48 t4 : ffffffff88075c30 [ 4037.799430][ C0] t5 : fffff1ef0140ef0d t6 : 0000000000000002 ssp : 0000000000000000 [ 4037.799768][ C0] status: 0000000200000100 badaddr: ffffffff80196b64 cause: 0000000000000003 [ 4037.800140][ C0] [] do_notify_parent+0xe1c/0xfc0 [ 4037.801123][ C0] [] do_exit+0x1810/0x2a18 [ 4037.801880][ C0] [] do_group_exit+0xca/0x258 [ 4037.802692][ C0] [] get_signal+0x1f56/0x2224 [ 4037.803549][ C0] [] arch_do_signal_or_restart+0xf4/0x1e08 [ 4037.804308][ C0] [] irqentry_exit+0x540/0x11ac [ 4037.805028][ C0] [] do_page_fault+0x3e/0x58 [ 4037.805711][ C0] [] handle_exception+0x168/0x174 [ 4037.807613][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 4037.808685][ C0] CPU: 0 UID: 0 PID: 4643 Comm: syz.1.316 Tainted: G W syzkaller #0 PREEMPT [ 4037.809453][ C0] Tainted: [W]=WARN [ 4037.809661][ C0] Hardware name: riscv-virtio,qemu (DT) [ 4037.809961][ C0] Call Trace: [ 4037.810208][ C0] [] dump_backtrace+0x2e/0x3c [ 4037.811020][ C0] [] show_stack+0x30/0x3c [ 4037.811618][ C0] [] dump_stack_lvl+0x114/0x1ac [ 4037.812501][ C0] [] dump_stack+0x1c/0x28 [ 4037.813450][ C0] [] vpanic+0x32e/0x75c [ 4037.814044][ C0] [] panic+0xa0/0xa4 [ 4037.814703][ C0] [] check_panic_on_warn+0xc0/0xe4 [ 4037.815392][ C0] [] __warn+0x216/0x630 [ 4037.815982][ C0] [] __report_bug+0x1d4/0x2ac [ 4037.816895][ C0] [] report_bug+0xd8/0x28c [ 4037.817421][ C0] [] handle_break+0x13a/0x30c [ 4037.818180][ C0] [] do_trap_break+0x22e/0x458 [ 4037.818894][ C0] [] handle_exception+0x168/0x174 [ 4037.819603][ C0] [] do_notify_parent+0xe1c/0xfc0 [ 4037.820433][ C0] [] do_exit+0x1810/0x2a18 [ 4037.821210][ C0] [] do_group_exit+0xca/0x258 [ 4037.822019][ C0] [] get_signal+0x1f56/0x2224 [ 4037.822912][ C0] [] arch_do_signal_or_restart+0xf4/0x1e08 [ 4037.823686][ C0] [] irqentry_exit+0x540/0x11ac [ 4037.824412][ C0] [] do_page_fault+0x3e/0x58 [ 4037.825135][ C0] [] handle_exception+0x168/0x174 [ 4037.826425][ C0] SMP: stopping secondary CPUs