syzkaller login: [  221.031270][ T2894] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  221.098805][ T2894] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  221.151364][ T2894] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  221.235046][ T2894] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:34488' (ECDSA) to the list of known hosts.
1970/01/01 00:04:18 fuzzer started
1970/01/01 00:04:27 dialing manager at localhost:43739
1970/01/01 00:04:31 syscalls: 2768
1970/01/01 00:04:31 code coverage: enabled
1970/01/01 00:04:31 comparison tracing: enabled
1970/01/01 00:04:31 extra coverage: enabled
1970/01/01 00:04:31 setuid sandbox: enabled
1970/01/01 00:04:31 namespace sandbox: enabled
1970/01/01 00:04:31 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:04:31 fault injection: enabled
1970/01/01 00:04:31 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:04:31 net packet injection: enabled
1970/01/01 00:04:31 net device setup: enabled
1970/01/01 00:04:31 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:04:31 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:04:31 USB emulation: enabled
1970/01/01 00:04:31 hci packet injection: /dev/vhci does not exist
1970/01/01 00:04:31 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:04:31 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:04:35 fetching corpus: 50, signal 17708/19515 (executing program)
1970/01/01 00:04:37 fetching corpus: 100, signal 30775/34103 (executing program)
1970/01/01 00:04:39 fetching corpus: 150, signal 36693/41476 (executing program)
1970/01/01 00:04:42 fetching corpus: 200, signal 40553/46764 (executing program)
1970/01/01 00:04:44 fetching corpus: 250, signal 43535/51102 (executing program)
1970/01/01 00:04:47 fetching corpus: 300, signal 46538/55423 (executing program)
1970/01/01 00:04:49 fetching corpus: 350, signal 49610/59721 (executing program)
1970/01/01 00:04:50 fetching corpus: 400, signal 51535/62890 (executing program)
1970/01/01 00:04:52 fetching corpus: 450, signal 53245/65815 (executing program)
1970/01/01 00:04:54 fetching corpus: 500, signal 54757/68541 (executing program)
1970/01/01 00:04:56 fetching corpus: 550, signal 57280/72164 (executing program)
1970/01/01 00:04:57 fetching corpus: 600, signal 58583/74658 (executing program)
1970/01/01 00:05:00 fetching corpus: 650, signal 60922/78003 (executing program)
1970/01/01 00:05:02 fetching corpus: 700, signal 62944/81057 (executing program)
1970/01/01 00:05:03 fetching corpus: 750, signal 64442/83623 (executing program)
1970/01/01 00:05:06 fetching corpus: 800, signal 66787/86894 (executing program)
1970/01/01 00:05:08 fetching corpus: 850, signal 69937/90708 (executing program)
1970/01/01 00:05:09 fetching corpus: 900, signal 71747/93405 (executing program)
1970/01/01 00:05:11 fetching corpus: 950, signal 73285/95792 (executing program)
1970/01/01 00:05:12 fetching corpus: 1000, signal 74699/98081 (executing program)
1970/01/01 00:05:13 fetching corpus: 1050, signal 75638/99943 (executing program)
1970/01/01 00:05:15 fetching corpus: 1100, signal 76956/102054 (executing program)
1970/01/01 00:05:17 fetching corpus: 1150, signal 77897/103882 (executing program)
1970/01/01 00:05:18 fetching corpus: 1200, signal 79361/106068 (executing program)
1970/01/01 00:05:21 fetching corpus: 1250, signal 80178/107762 (executing program)
1970/01/01 00:05:23 fetching corpus: 1300, signal 80968/109389 (executing program)
1970/01/01 00:05:24 fetching corpus: 1350, signal 81634/110947 (executing program)
1970/01/01 00:05:26 fetching corpus: 1400, signal 82839/112886 (executing program)
1970/01/01 00:05:28 fetching corpus: 1450, signal 83941/114651 (executing program)
1970/01/01 00:05:30 fetching corpus: 1500, signal 86169/117138 (executing program)
1970/01/01 00:05:32 fetching corpus: 1550, signal 87088/118799 (executing program)
1970/01/01 00:05:33 fetching corpus: 1600, signal 88049/120411 (executing program)
1970/01/01 00:05:35 fetching corpus: 1650, signal 89143/122064 (executing program)
1970/01/01 00:05:37 fetching corpus: 1700, signal 90872/124100 (executing program)
1970/01/01 00:05:38 fetching corpus: 1750, signal 91423/125437 (executing program)
1970/01/01 00:05:40 fetching corpus: 1800, signal 92472/127018 (executing program)
1970/01/01 00:05:42 fetching corpus: 1850, signal 93124/128356 (executing program)
1970/01/01 00:05:44 fetching corpus: 1900, signal 94228/129927 (executing program)
1970/01/01 00:05:46 fetching corpus: 1950, signal 95190/131408 (executing program)
1970/01/01 00:05:47 fetching corpus: 2000, signal 97082/133357 (executing program)
1970/01/01 00:05:49 fetching corpus: 2050, signal 98304/134914 (executing program)
1970/01/01 00:05:50 fetching corpus: 2100, signal 99175/136256 (executing program)
1970/01/01 00:05:53 fetching corpus: 2150, signal 100076/137579 (executing program)
1970/01/01 00:05:55 fetching corpus: 2200, signal 100445/138629 (executing program)
1970/01/01 00:05:58 fetching corpus: 2250, signal 101072/139836 (executing program)
1970/01/01 00:06:00 fetching corpus: 2300, signal 101784/141037 (executing program)
1970/01/01 00:06:02 fetching corpus: 2350, signal 102288/142132 (executing program)
1970/01/01 00:06:04 fetching corpus: 2400, signal 103151/143400 (executing program)
1970/01/01 00:06:05 fetching corpus: 2450, signal 103930/144528 (executing program)
1970/01/01 00:06:06 fetching corpus: 2500, signal 104309/145549 (executing program)
1970/01/01 00:06:08 fetching corpus: 2550, signal 104789/146568 (executing program)
1970/01/01 00:06:09 fetching corpus: 2600, signal 105149/147544 (executing program)
1970/01/01 00:06:11 fetching corpus: 2650, signal 105487/148475 (executing program)
1970/01/01 00:06:13 fetching corpus: 2700, signal 106544/149690 (executing program)
1970/01/01 00:06:15 fetching corpus: 2750, signal 106989/150674 (executing program)
1970/01/01 00:06:16 fetching corpus: 2800, signal 107339/151596 (executing program)
1970/01/01 00:06:17 fetching corpus: 2850, signal 107725/152522 (executing program)
1970/01/01 00:06:18 fetching corpus: 2900, signal 108296/153491 (executing program)
1970/01/01 00:06:20 fetching corpus: 2950, signal 108911/154469 (executing program)
1970/01/01 00:06:22 fetching corpus: 3000, signal 109579/155471 (executing program)
1970/01/01 00:06:24 fetching corpus: 3037, signal 109974/156334 (executing program)
1970/01/01 00:06:24 fetching corpus: 3037, signal 109974/157099 (executing program)
1970/01/01 00:06:24 fetching corpus: 3037, signal 109974/157836 (executing program)
1970/01/01 00:06:25 fetching corpus: 3037, signal 109974/158554 (executing program)
1970/01/01 00:06:25 fetching corpus: 3037, signal 109974/159345 (executing program)
1970/01/01 00:06:25 fetching corpus: 3037, signal 109974/160117 (executing program)
1970/01/01 00:06:25 fetching corpus: 3037, signal 109974/160877 (executing program)
1970/01/01 00:06:25 fetching corpus: 3037, signal 109974/161651 (executing program)
1970/01/01 00:06:25 fetching corpus: 3037, signal 109974/162436 (executing program)
1970/01/01 00:06:25 fetching corpus: 3037, signal 109974/163186 (executing program)
1970/01/01 00:06:26 fetching corpus: 3037, signal 109974/163943 (executing program)
1970/01/01 00:06:26 fetching corpus: 3037, signal 109974/164705 (executing program)
1970/01/01 00:06:26 fetching corpus: 3037, signal 109974/165439 (executing program)
1970/01/01 00:06:26 fetching corpus: 3037, signal 109974/166225 (executing program)
1970/01/01 00:06:26 fetching corpus: 3037, signal 109974/167025 (executing program)
1970/01/01 00:06:26 fetching corpus: 3037, signal 109974/167792 (executing program)
1970/01/01 00:06:26 fetching corpus: 3037, signal 109974/168554 (executing program)
1970/01/01 00:06:27 fetching corpus: 3037, signal 109974/169291 (executing program)
1970/01/01 00:06:27 fetching corpus: 3037, signal 109974/170061 (executing program)
1970/01/01 00:06:27 fetching corpus: 3037, signal 109974/170846 (executing program)
1970/01/01 00:06:27 fetching corpus: 3037, signal 109974/171615 (executing program)
1970/01/01 00:06:27 fetching corpus: 3037, signal 109974/172398 (executing program)
1970/01/01 00:06:27 fetching corpus: 3037, signal 109974/173168 (executing program)
1970/01/01 00:06:27 fetching corpus: 3037, signal 109974/173941 (executing program)
1970/01/01 00:06:27 fetching corpus: 3037, signal 109974/174746 (executing program)
1970/01/01 00:06:28 fetching corpus: 3037, signal 109974/175535 (executing program)
1970/01/01 00:06:28 fetching corpus: 3037, signal 109974/176260 (executing program)
1970/01/01 00:06:28 fetching corpus: 3037, signal 109974/177013 (executing program)
1970/01/01 00:06:28 fetching corpus: 3037, signal 109974/177111 (executing program)
1970/01/01 00:06:28 fetching corpus: 3037, signal 109974/177111 (executing program)
1970/01/01 00:07:46 starting 2 fuzzer processes
00:08:02 executing program 0:
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000000)={<r0=>0x0, 0x6}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={<r1=>r0, 0x6}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000100)={r1, 0x7fff, 0x52}, 0x8)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000180)={<r3=>r0, 0x2}, &(0x7f00000001c0)=0x8)
recvmsg$can_j1939(r2, &(0x7f0000000a80)={&(0x7f0000000200)=@pppol2tpv3={0x18, 0x1, {0x0, <r4=>0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000000900)=[{&(0x7f0000000280)=""/184, 0xb8}, {&(0x7f0000000340)=""/206, 0xce}, {&(0x7f0000000440)=""/99, 0x63}, {&(0x7f00000004c0)=""/56, 0x38}, {&(0x7f0000000500)=""/219, 0xdb}, {&(0x7f0000000600)=""/199, 0xc7}, {&(0x7f0000000700)=""/245, 0xf5}, {&(0x7f0000000800)=""/86, 0x56}, {&(0x7f0000000880)=""/68, 0x44}], 0x9, &(0x7f00000009c0)=""/183, 0xb7}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000ac0)={<r5=>r3, 0x6}, &(0x7f0000000b00)=0x8)
setsockopt$inet_sctp6_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f0000000b40)=@assoc_id=r5, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f0000000b80)={r5, @in={{0x2, 0x4e24, @local}}, 0x0, 0x4981}, 0x90)
setsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000c40)={r1, 0x9, 0x1, [0x8]}, 0xa)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000c80)={r0, 0x8, 0x9, 0x0, 0xf6, 0x100}, &(0x7f0000000cc0)=0x14)
r6 = signalfd4(r4, &(0x7f0000000d00)={[0x2]}, 0x8, 0x800)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x6, &(0x7f0000000d40)={r1, @in={{0x2, 0x4e24, @multicast2}}}, 0x84)
bind(r4, &(0x7f0000000e00)=@ll={0x11, 0x2, 0x0, 0x1, 0x5, 0x6, @dev={[], 0x30}}, 0x80)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000e80)={<r8=>r3, @in6={{0xa, 0x4e20, 0xc02, @private2={0xfc, 0x2, [], 0x1}}}, 0x5, 0x1, 0x1, 0x6, 0xed, 0xd99, 0x36}, &(0x7f0000000f40)=0x9c)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f0000000f80)=@sack_info={<r9=>r8, 0x1, 0x694}, &(0x7f0000000fc0)=0xc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000001000)={<r10=>r9, 0x9}, &(0x7f0000001040)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000001080)=@sack_info={r10, 0x1f, 0x7646cd44}, 0xc)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000001180)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xd}}}, 0x9, 0x2}, &(0x7f0000001240)=0x90)

00:08:23 executing program 1:
ioctl$BLKPG(0xffffffffffffffff, 0x1269, &(0x7f00000000c0)={0x385, 0x1819, 0xc0, &(0x7f0000000000)="cff73b6857720bfb7778913311a36b97637a4b35096f94b8e516360aba442d5c54d16c2d65591ba02b437708bcd549923c488521aa8c8cfde79ad83b29d3377eb412c12e16541dec694199c5d4f6ac61b5355deb6f7d487d65ed13cbfc07c68427b8eb01581f39a6532dfb42875ff9f3036cf32ba775aafe8e3f3a921c0c5225c4f0e0bef09297e4fac09992c1808d8e56f359a23eff39108b08fa35e4184e6f1d413a26bb28fb7cec0b1c1f90698fa8f70806a7f63c1aa8f317401c0ec7340c"})
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, &(0x7f0000000100)=0x7)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x28000, 0x0)
ioctl$BLKFLSBUF(r0, 0x1261, &(0x7f0000000180)=0xfff)
setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x6, &(0x7f00000001c0)={0x1, 0x1, 0x4, 0x4}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)={0x4, 0xfffffa97, 0x5, 0x5, 0x800, r0, 0x4, [], 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x5}, 0x40)
ioctl$BTRFS_IOC_BALANCE_CTL(r1, 0x40049421, 0x3)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'syzkaller0\x00', <r2=>0x0})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x4, &(0x7f0000000240)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffc6}, @map={0x18, 0x5, 0x1, 0x0, r0}], &(0x7f0000000280)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x1c, [], r2, 0x17, r0, 0x8, &(0x7f0000000300)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000340)={0x5, 0x4, 0x0, 0x8}, 0x10, 0x13830, r0}, 0x78)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000400)=@raw=[@call={0x85, 0x0, 0x0, 0x14}, @ldst={0x2, 0x2, 0x6, 0x0, 0x6, 0x50, 0x10}, @alu={0x7, 0x0, 0xc, 0x8, 0xb, 0xfffffffffffffff0, 0xfffffffffffffffc}], &(0x7f0000000440)='syzkaller\x00', 0x4, 0xe0, &(0x7f0000000480)=""/224, 0x41000, 0x28, [], 0x0, 0xa, r0, 0x8, &(0x7f0000000580)={0x6, 0x5}, 0x8, 0x10, &(0x7f00000005c0)={0x5, 0x5, 0x9, 0x1}, 0x10, 0xffffffffffffffff, r0}, 0x78)
r4 = syz_io_uring_complete(0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000880)={r4, 0xc0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=0x7, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x2, 0x3}, 0x0, 0x0, &(0x7f0000000700)={0x1, 0x2, 0x10000, 0x1}, &(0x7f0000000740)=0x9, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=0xff}}, 0x10)
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/autofs\x00', 0x111000, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000900)={@map=r5, r3, 0x19}, 0x10)
r6 = syz_open_dev$vcsu(&(0x7f0000000940)='/dev/vcsu#\x00', 0x1, 0x880)
ioctl$IOC_PR_RESERVE(r6, 0x401070c9, &(0x7f0000000980)={0x5, 0x5})
r7 = dup(r4)
ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r7, 0x8008f512, &(0x7f00000009c0))
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000a40)={&(0x7f0000000a00)=[0x101, 0xff, 0x7, 0x8, 0x7, 0x17, 0x6, 0x100, 0x7, 0x1f], 0xa, 0x800, 0x0, <r8=>0xffffffffffffffff})
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000a80)={r8, r4, 0x4, r7}, 0x10)

[  507.927324][ T3071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  508.075600][ T3071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  515.341381][ T3071] device hsr_slave_0 entered promiscuous mode
[  515.415446][ T3071] device hsr_slave_1 entered promiscuous mode
[  519.120740][ T3071] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  519.229292][ T3071] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  519.319629][ T3071] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  519.400938][ T3071] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  528.345440][ T3071] 8021q: adding VLAN 0 to HW filter on device bond0
[  528.747607][ T1924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  528.829179][ T1924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  533.727373][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  533.774789][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  533.929242][ T3141] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  533.970497][ T3141] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  534.215313][ T3351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  534.754851][ T3351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  535.077843][ T3214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  535.243718][ T3214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  535.949945][ T3351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  536.009501][ T3351] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  536.300878][ T3351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  536.340587][ T3351] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  536.564741][ T3071] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  537.444866][ T3141] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  537.449149][ T3141] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  543.900500][ T3214] device hsr_slave_0 entered promiscuous mode
[  543.944172][ T3214] device hsr_slave_1 entered promiscuous mode
[  543.969320][ T3214] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  543.984287][ T3214] Cannot create hsr debugfs directory
[  548.234230][ T3214] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  548.328740][ T3214] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  548.461437][ T3214] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  548.608020][ T3214] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  549.088507][ T1924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  549.113650][ T1924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  554.018724][ T1924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  554.050510][ T1924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  554.164832][ T3351] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  554.223634][ T3351] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  554.318746][ T3071] device veth0_vlan entered promiscuous mode
[  554.815074][ T3071] device veth1_vlan entered promiscuous mode
[  555.953952][ T1924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  555.996456][ T1924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  556.258628][ T3071] device veth0_macvtap entered promiscuous mode
[  556.631350][ T3071] device veth1_macvtap entered promiscuous mode
[  557.564902][ T3214] 8021q: adding VLAN 0 to HW filter on device bond0
[  557.790100][ T3351] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  557.838615][ T3351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  558.089397][ T3500] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  558.129972][ T3500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  558.154665][ T3500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  558.181381][ T3500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  558.458380][ T3071] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  558.476056][ T3071] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  558.477787][ T3071] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  558.479363][ T3071] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  561.238491][ T3071] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[  564.818296][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  564.880880][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  565.106083][ T3487] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  565.148706][ T3487] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  565.441343][ T3487] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  565.738523][ T3185] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
00:09:24 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040)='/dev/fuse\x00', 0x2, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x0, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000040)=r2)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000), 0x4)
getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, 0x0, 0x0)

[  566.589499][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  566.655952][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  566.855057][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  566.918234][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  567.153517][ T3214] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  568.166793][ T1924] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  568.171270][ T1924] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
00:09:29 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040)='/dev/fuse\x00', 0x2, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x0, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000040)=r2)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000), 0x4)
getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, 0x0, 0x0)

00:09:32 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040)='/dev/fuse\x00', 0x2, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x0, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000040)=r2)
setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000), 0x4)
getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, 0x0, 0x0)

[  579.581446][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  579.609057][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  584.089066][ T1924] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  584.136181][ T1924] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  584.204767][ T1924] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  584.237213][ T1924] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  584.308988][ T3214] device veth0_vlan entered promiscuous mode
[  584.709972][ T3214] device veth1_vlan entered promiscuous mode
[  586.467951][ T3393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  586.507305][ T3393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  586.840133][ T3214] device veth0_macvtap entered promiscuous mode
[  587.109573][ T3214] device veth1_macvtap entered promiscuous mode
[  587.616802][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  588.120321][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  588.159869][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  588.585217][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  588.680092][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  589.034137][ T3214] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  589.036374][ T3214] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  589.038049][ T3214] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  589.073645][ T3214] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
00:09:55 executing program 0:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x1, &(0x7f00000000c0)=ANY=[])
openat(r0, &(0x7f0000000040)='./file0\x00', 0x100, 0xa0)

00:09:56 executing program 1:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x30)
chdir(&(0x7f0000000000)='./file0\x00')

[  599.318076][ T3545] EXT4-fs (loop0): VFS: Can't find ext4 filesystem
[  600.116475][ T3545] EXT4-fs (loop0): VFS: Can't find ext4 filesystem
00:10:00 executing program 1:
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0xf49841, 0x0)
read$dsp(r0, &(0x7f00000000c0)=""/26, 0x1a)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040)='/dev/fuse\x00', 0x2, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x0, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000040)=r2)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040)='/dev/fuse\x00', 0x2, 0x0)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x0, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r3, 0x8004e500, &(0x7f0000000040)=r4)
ioctl$SNDCTL_DSP_GETBLKSIZE(r4, 0xc0045004, &(0x7f0000000000))

00:10:01 executing program 0:
prctl$PR_SET_SECUREBITS(0x1c, 0x6)
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dsp1\x00', 0x900, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x3c)
read$dsp(r0, &(0x7f0000000000)=""/126, 0xfffffe27)

00:10:04 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10)
finit_module(r0, &(0x7f0000000040)='\x00', 0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x200002, 0x194)
getresuid(&(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180))

00:10:08 executing program 0:
prctl$PR_SET_SECUREBITS(0x1c, 0x6)
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dsp1\x00', 0x900, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x3c)
read$dsp(r0, &(0x7f0000000000)=""/126, 0xfffffe27)

00:10:09 executing program 1:
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000000))

00:10:12 executing program 1:
flock(0xffffffffffffffff, 0x4)
syz_mount_image$tmpfs(0x0, &(0x7f0000004d80)='./file0\x00', 0x0, 0x0, 0x0, 0x300040c, 0x0)
pivot_root(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040)='/dev/fuse\x00', 0x2, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040)='/dev/fuse\x00', 0x2, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x0, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000040)=r2)
mount$bpf(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='bpf\x00', 0xb01880, &(0x7f0000000340)={[{@mode={'mode', 0x3d, 0x1}}, {@mode={'mode', 0x3d, 0xffffffff}}, {@mode={'mode', 0x3d, 0x7}}, {@mode={'mode', 0x3d, 0x9}}, {@mode={'mode', 0x3d, 0x5}}, {@mode={'mode', 0x3d, 0x1}}, {@mode={'mode', 0x3d, 0x100000000}}, {@mode={'mode', 0x3d, 0xa651}}, {@mode={'mode', 0x3d, 0x100}}, {@mode={'mode', 0x3d, 0x3}}], [{@dont_appraise='dont_appraise'}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}]})
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000000c0)={<r3=>0x0, 0x18000, 0x10}, &(0x7f0000000100)=0xc)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000140)={r3, @in6={{0xa, 0x4e24, 0x8, @rand_addr=' \x01\x00', 0x100}}}, &(0x7f0000000200)=0x84)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x0, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000000040)=r4)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r4, 0x4, &(0x7f0000000040)='\x00', &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff)

00:10:12 executing program 0:
prctl$PR_SET_SECUREBITS(0x1c, 0x6)
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dsp1\x00', 0x900, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x3c)
read$dsp(r0, &(0x7f0000000000)=""/126, 0xfffffe27)

00:10:15 executing program 0:
prctl$PR_SET_SECUREBITS(0x1c, 0x6)
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dsp1\x00', 0x900, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x3c)
read$dsp(r0, &(0x7f0000000000)=""/126, 0xfffffe27)

00:10:17 executing program 1:
flock(0xffffffffffffffff, 0x4)
syz_mount_image$tmpfs(0x0, &(0x7f0000004d80)='./file0\x00', 0x0, 0x0, 0x0, 0x300040c, 0x0)
pivot_root(&(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040)='/dev/fuse\x00', 0x2, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040)='/dev/fuse\x00', 0x2, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x0, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000040)=r2)
mount$bpf(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='bpf\x00', 0xb01880, &(0x7f0000000340)={[{@mode={'mode', 0x3d, 0x1}}, {@mode={'mode', 0x3d, 0xffffffff}}, {@mode={'mode', 0x3d, 0x7}}, {@mode={'mode', 0x3d, 0x9}}, {@mode={'mode', 0x3d, 0x5}}, {@mode={'mode', 0x3d, 0x1}}, {@mode={'mode', 0x3d, 0x100000000}}, {@mode={'mode', 0x3d, 0xa651}}, {@mode={'mode', 0x3d, 0x100}}, {@mode={'mode', 0x3d, 0x3}}], [{@dont_appraise='dont_appraise'}, {@uid_eq={'uid', 0x3d, 0xee00}}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}]})
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000000c0)={<r3=>0x0, 0x18000, 0x10}, &(0x7f0000000100)=0xc)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000140)={r3, @in6={{0xa, 0x4e24, 0x8, @rand_addr=' \x01\x00', 0x100}}}, &(0x7f0000000200)=0x84)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x0, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000000040)=r4)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r4, 0x4, &(0x7f0000000040)='\x00', &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff)

00:10:20 executing program 0:
prctl$PR_SET_SECUREBITS(0x1c, 0x6)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dsp1\x00', 0x900, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x3c)

00:10:21 executing program 1:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
readv(r0, &(0x7f0000000000), 0x0)

00:10:24 executing program 0:
prctl$PR_SET_SECUREBITS(0x1c, 0x6)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000480)='/dev/dsp1\x00', 0x900, 0x0)

00:10:27 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040)='/dev/fuse\x00', 0x2, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ubi_ctrl\x00', 0x0, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, &(0x7f0000000040)=r2)
sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, 0x1, 0x4, 0x201, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFULA_CFG_MODE={0xa, 0x2, {0x1}}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}, @NFULA_CFG_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x80)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000))
sendmsg$nl_netfilter(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001100010800000000fcdbdf2502000000ec3e85e8054a95e19932c2a73a029ad109bc74cecdcf77aa73e82b600cacd939044b2b51b45b20812eed361e4cbcf8fc9f30b65b76d0f34bf82e6589e3225d2640702d281a8e2cff0e4950ddc10647b8a0141920010a40152ecd2a63eaebbeb5cfa1be987d02884691e57949ee811e89ca89fabbe0e6d400521632c8da69e6828b418ee2ddfec097356cac2b10b9800621847398c8f13194fcd9bb61100f811f0f34568c004fd992a674aa46eac77f6f4a76973d35491aec732c9577542cd45cec51ef86fce012227c32229a3f827d8f6907d909ab052bd9a3fe71d77e11a4c0d86ebdce68daf5fd35ae9a2c6ac627bc3005e6a3a5100a610fb3bbf11731495f85c966133f36b48ef42da24cb91d5c3b0f04cfff32bba010e01382cadd36694fd00b2f00d67c07af114619e9bbcea071de79a27549a93d47459c4c42c877ca53369154054669619eba6bad5a05acf03928cf1b40a7c0a5ce3f00df2318dcfda943e942e9ba82ac047ced6d073a08fdb3d9365d50eb37b2b4e4586792e6cd7f6b765b79f4dd884f45c4a72429208b9b07fe7b5ad1853b90b717215b5e3ddc50a98a5c04c570444dbb9c5dfb02963244f54d138f3b9a61be803ff338aca58dce1cf07d1d5fa0337cfd98329c5378b8d0dba970f6c6c8d9db4f531b104019ee5d3ddf45095271dc0ab1372908aad43c72091cf1312f793919f662506350ee3084d9a8e1d418bebf152115211fdfe42ccda4b26fd622876ccbc08e4b394c9fb848e04c6ff00d851bc1eba5c1adb48c84706beaa214ec75a54ad626bcba02151bdb4c4a177eeea19b5e9867c7cb3a78e7c4864c323184bca2e032920663dbc08e9013974f108c6ecfdb34fa3f0f2873f59d04f1fc8a5702db84b644911b3a329df2e9728e68381d3b3da15a5d1ba01d3f066f8a301c35ff3c2420139e0f2b4a897fe6f81cff700f962e156411ce81492a34f2539f7c2ef172723287f9e26288091214970cab0c3d22a74f66b83c272dc41698a5eb39fd457533cf14cafa76bc5e3a5b1d3753d3c4887111bc004720f99af47fc152ded143a371068af28b18b9555b823d737e327e53ccc06a0c974e176ea0cf50401f0961d9ab884daa99740cb988b9f5a1f6d202998f47f2b1e578ce1d47b1e725799c13b0f564e916992cc6314549d9a7707dc66aa27f85c0e825c83cd80b5231bb24ffabfd6d4c23b9e36bc2474950b24670bb7131d45f34531df91cca9f18674f43480fdfbb487d09ec5fdc446e0f20fc60d30a8b95fd5e7ad709d30fd0631404b2e15b82833ea6a0e418e7933c00de36639f61dadf8bc0f914d83ac2a8b5145ca630b4646d164334e65e47d477db968937b09d77ef1ff4001c6a85bdeb4af55c9744efd68ca8cd4b23f5ac2f8cf41ee0178694baf87739f31b01586639d77709d80f55408832175f84fd49437edbc5174f16905e0d6485f5214afd4ba995cdae18933dd30bb3a3b83ddbe58a914d6d9fc03dded643bbeafe112cdd94322aec67bfacdee9e36303f1ff662c5a27f7f178ea781d612c8ef1c16d69383a623b0ad7eab6e06104d0e811d7554d1580ed26497ae314cc128f6c039d0f3866f9b926d4cddd8631c01f9880f2d541fd160f0875d45e09fa857df5319670d0472f10230d71051de1b152b76090f3e52059e8e103a54d3ff3ea4a0ae019cbdc6edf6f3163f2057f936ce6ef9cbaa2684e5af8c6a0cb750ce95fac256ca7dcfc4bc67465ed8b133553bc803b2f32b95c6e2f7ab32d7ad2819131eac36e6862fb1cbabc1054df53abb4cd9786643da4813e5f56d6e7186e3d6aa4990099a8af313c971e58f409c189c3e60646e87d2a5d12e3b640d9ec3a3b8d3ac3f0cae602f17e307c876be43571aeeb0db660bb706738b1697dbf2c471defa6e4aa23eb995aab1c79d6c3bb8eea23ec1e190a7ac3c5bb78d5b93c553d82a0cc1168372845f61c66c00c30ab548f9c1abd28e00f5798f25c9ab0f9d7676ccd247205104f101df3e53c88a58884536ee39c1621f7c7b61920d781a0d3dca89d66723adc29cccbf0728ba40502514bad400d03ee4bdb1326be92b5a21f633753f2a0390c96d66c0766c14709e9da54c731dcb511cb83216b5ae770c5c1969eca511afb123906c82dd1447e650ed55405d0d78aa8864ff6371c99f273f3402d8b408e909a3c786729f473b37c18cdd3aa81e7cee7f8ef84a9172da790a5a63978e3da07625202e7485dd812d71ddc11c735080e14c093317d734f5c9ff279ef69252400d16113d7a110287355cf8187a521bd432f2034ddd987e19125d94becf78872133a54780e6e504584d2d093118d546fcaa5120ecf876ad360cd6d8a2bd25804bb3a0dedebca1d48026fa5b5515030276304777c6a44ebd6b4721ea5e67ffdd55d848b300218552bae6b56b33eac6e4f84113276e24cdd99d41ee8161d5d3cad11a1fd84420ce0e467837fa595f7738b212ce1d7d383176f361c67f3d4da44260e4b829ccb507b7df4e2cbdf77501d087a8b061e262216b24723b34ec93f4fdbb8a37463bdd6a74efde57973d39a712f2b4a3da5c6c122ba147ef124b63357a65475c3f43a4a1d7d1b33a3dafaf5f91e0a3a1caf7116c210058da99f6e42b2f9767676bbafec3a83a33bf29d2ebd00ac883e76e35136f7e60f8cc40ceb2b3f2257ebdf517074f8e0d69ae7630fd2fece5a9165b18bf225901f700d0b204b51453ab0a7038c0003f13f4402df3916e00e6577ab75259c349a082eb7c2a4f734db4a4e9dd22786bdc199700108c9d39e16dfd84750eb7aee0f6704a9d9540abed686ac562893410deac9807377b3381a648e20f896779ea791de3eebec73b969789b703cffcbb8c09f14bea1bb61b8765b48061338b6eb27fd1ec7bf737cddc357e4a458d10e98adbab84974fefb0a4c53c9037f878a7c685cf01c49b0c7c53aab3cc121a9ad2c8269c4fe5846ebe8100db820f9e45f95318e43ddc941a54b0ff5314340e5dd435b41751463fea53e1a3ca1fdc66df3cc852cf7977c20286e4c9047c5b6dd0c45aaaa63285998b76d130d0a4fdb63fa88a29f707b4020dcf2ad0531ad944cfae8ca37683d4d1ed356546059fb44d980ff4f609031bef2485f3ae1dfc68a821635c5a7f0d7af3e68c6b5770b6a837aabaf684ee773bbed005146b251345156bf3bc072e13897ba67a97a897c98bb26affe1c6db8370b9e4a0b3dd69f9b0de46194e7a90083f43c3ca4e0cd7d13eca743b68f75123264883a5e8dd4dfd43615510b16d568757bfd20eb2d4769161a3a1eec3182d9a060925b38b75df5c788c1936a61d0e06fc1dea83a505bd71e99f52dc49bb9852cf12d21300e1e593abcc434db1326700ebc4091c2538a8137616608f3f6a26428632d3df51ad2e0166084439b1a8212710a4fba999e77db846b7d9f2e00bf28554c10cb0f136783ce4416ae1705bed313553a15d510b73f4d5d0563bdf8d0c512ddbb61854fcad6d0b7f3c6bb83f39c83ceecaf480bc31f56aadbb90d1cd533b5e49b6aa7e90c63eabcf4efa48f3ee9ced7cbc0fe20a143b6e6dc48e4ccdfe3ee44b806b8eeb53a239c4827b3ef5bb2ba1645b42a1aa24d4a113381952fefd8b7469933717f2a1c1ae5142e017828e5133a2d5bd9756dac27242290401a7ed9114ed007dfc1b3f4c03fae822bd7fb034c1814cb769c457eee5dff603afb3f0ecb5c349711b3eccc141d64aeee64b07726e752e5978c57256c7372b05cd831ed2f81391e551a382ed90970feb5aeaeecd9275f378a48e3d65f9dea00acf80a9f5b22d115f544da39fc2e18aa2298c5bd819b38f8db1ccb877db2a4abe0a6489b9c55fb8624cb42fa80323a48befe6ee5291082fa7bc2f1c89d3dabbf4be87b8a18a4f75bfcd95389d633b62163b87ffd8d4d9c087eb5f35c3f4eb77d924400ba29efb3bd6d04514ed703e1c4131c351d300d170e5a1848b07efd1d487614808c70ac5ea4ee0bfa69d7cd2869463d1fc787f6ae5fe8e98b959f9591c49750609ca1013a7fa18cc7a1fe7ee35e50b3fbb771ccb57982683d4cafe6efac9e988f320feb6320084d3ce18cd2be9347e4fcc3030898d877de30ffb8bb601b3d6376e2dbae22b1736c6b2b5b82c57ec73241a6692da2244c9c834f4913275d3038884f4c6b8297eee83eaa5e203155617cd87a6039ca0c66511cf9d2f25bdc46db1ef1aeaebd6807fa75064441e780be06165658dde7bdd9af4c7a5ce63a2e3f61639749564e77144ea20728218046dacefaed95675f91f973b5d7f453d3e52223e0d5499e19ab1ce539c2a155fdcf825017130f640489ce24439facdd679ebde4e147faec6e9d5e25ef186772c3d8cc6ab0045b5d5ca7b0b22b5013b38636861c71d5ac23615649f44c765294853553d5392f736cc1399f43d07d88dac6c72b3096eafb29d26e6837a261e8f80da29cf94a4a49549f8d3aab9a86f2c05354c237bcb4099c3b0a58a2fa4be5cde99ce5bbe18a1d090afc27e01893507e120598460b53f53a3581e6ff91438ef79653352c3cd5686137f93434662c085d816c51a08ba4d695d1dbbf521d301637a04941f65345d9019454f45f1fe279b6f24458f0f446d891fc3cd712dd2583cde5f0dded4d3dbea88dd9c0f72401a513212d3ee56d560f677c54d6d4adb2050cfef57ee7e062718196f4c8e76db6744501dd75cbecb4680bea2954111fc4d2e726259d2cca0a587de6ea5f50ed8c5512310fc047f5c8a852b85881033b0183cad5eaee0619fe22492cdf0c3d518bc4091118795390631e262a2e3df192a881699fdae4604dc7f713382d86b0e7205e054084b71c86bbf7a8f98e99341472541a2a9a91e2ff44abb8fc23f3e4389ae1769180b2f402ea8b5888ac88ee82171133dc63b894fd7d1faab4b7e9234c402a7da334ebc55f4cc0cb813f467015f3ffc7f1c8504d638eac6f6e49baf052d6ec7752ddadb7d92ff4fbb308c0608b7b653e35b9769a965e747ab648d85b612638ab2b1629653c9aa8413f7cc1fea28222d66882a9175fce90d974e2a5f2cd7fa460e944d09cd98f112eea9eef3eedb2f85cc5bfe48b2145924fc8c4d8a08b7caa0d15658701c31361a7f4fb39025716add6580bdeba358a3007e3b2cc36da2f5556b0f80dcfdb639c3bf548c545fff2e1c1d893689167a0c722aff95281913e85e8085dbfc6a848b466b0965276c94e9222dd0cef6720e118534fa940c4842826db50b0b603b7ab680c0f4518405a8a2f66ace556eb2375574c9128ef586b0af1d8fb08944f7ef8a6f2191cef8b85343838203f2e360fa8a16059bbebe1f708b3531bb3ff0d026d2be879c7ecb53c38a3d6d9e743f642f638fef7dae8d9f3dbfa7744cdff82ed8c98a9fb9c48699eef1dcffe6042663ba5fbe03a74b0272baadfa342ba2335bb366361b53435c323e4b644aa2a3a23e1b291a683dffd0f216769eaa11eb0d8d2fad78e8ca0d6b5c60f498ffef252d43e82bbef80b5f35d03fc29cf0396f04c1144f2ad5cba8779e8e03b534c2ee0ee314ce53330bd3033fb7438e29f4d5f5545d0abb24c040a72456325ac0ea68989d100c59b5110e640021e61c4319e54e430c934d1acd1ac7bc608f2fcc53fb7d001daf494ec1b836acb1e94407e2539e74f419c827bce1a8100ed7391b2df68e117760bde209fcdd6abe33a79bdd75cb5f106519aeef2f0ff544c23deedad96ff52ad26270b6dab24501dae34578bdb46e1ce4ec1ab80c86bf0050fd7dbfd62fcff0c374c61e5c094aac96dc103ea25a1b2fc707d2081e4c61b2a71d16c930786c468a5d2aa702488990f5b092158e21453d6ae44ae433f898b86a69ea317b8473646758dd764fb37dcffba74a628588f6ee7c3fb6b41b395df26d39251adad501aa11e669002ac55f98c4025981ccbb9000086007b000000"], 0x1b}}, 0x4004001)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000002140)={0x1d, r4, 0x0, {0x0, 0x0, 0x4}}, 0x18)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000001480)=ANY=[@ANYBLOB="ec000000", @ANYRES16=0x0, @ANYBLOB="00022bbd7000ffdbdf2502000000080003000700000014000180050002006b00000008000700", @ANYRES32=r4, @ANYBLOB="400001800800030064010101050002000900000014000400000000000000000000000000000000010600010002000000060005004e22000008000600000000003800018008000700", @ANYRES32=0x0, @ANYBLOB="05f8d9eb240000001400040020ffff00000000000000000000000001050002001c000000060005004e200000040001802800018014000400fe8000000000000000989f2bf99a4c09eccf6b1c95c73c0f5a000000000000bb0500020080000000080006000200000008e8996a0003000500000008300300010000000800020004"], 0xec}, 0x1, 0x0, 0x0, 0x200688c0}, 0x8000)

[  630.471433][ T3583] Unable to handle kernel access to user memory without uaccess routines at virtual address 0000000020000000
[  630.475738][ T3583] Oops [#1]
[  630.476326][ T3583] Modules linked in:
[  630.477047][ T3583] CPU: 1 PID: 3583 Comm: syz-executor.1 Not tainted 5.12.0-rc5-syzkaller-00715-ga5e13c6df0e4 #0
[  630.478759][ T3583] Hardware name: riscv-virtio,qemu (DT)
[  630.479917][ T3583] epc : sock_ioctl+0x4c4/0x66c
[  630.480747][ T3583]  ra : sock_ioctl+0x4c4/0x66c
[  630.481450][ T3583] epc : ffffffe0020e60a2 ra : ffffffe0020e60a2 sp : ffffffe008e67da0
[  630.482812][ T3583]  gp : ffffffe004588b08 tp : ffffffe0067b4740 t0 : ffffffc4010fc000
[  630.483687][ T3583]  t1 : 0000000000000001 t2 : 00000000000f4240 s0 : ffffffe008e67e30
[  630.484457][ T3583]  s1 : 0000000000040000 a0 : 0000000000000000 a1 : 0000000000000007
[  630.485344][ T3583]  a2 : 1ffffffc00cf68e8 a3 : ffffffe002a94d2e a4 : 0000000000000000
[  630.486174][ T3583]  a5 : 0000000000000000 a6 : 0000000000f00000 a7 : ffffffe00036923e
[  630.487018][ T3583]  s2 : 0000000000000000 s3 : 0000000000008902 s4 : 0000000020000000
[  630.487798][ T3583]  s5 : ffffffe00458c0d0 s6 : ffffffe00ce88540 s7 : ffffffe00a229c80
[  630.488564][ T3583]  s8 : 0000000000008904 s9 : ffffffe00ce88600 s10: 0000000000000000
[  630.489366][ T3583]  s11: 0000000000020000 t3 : a2a67dfe0b160300 t4 : 0000000000000908
[  630.490130][ T3583]  t5 : ffffffc4010fbf17 t6 : 0000000000000001
[  630.490794][ T3583] status: 0000000000000120 badaddr: 0000000020000000 cause: 000000000000000f
[  630.492045][ T3583] Call Trace:
[  630.492652][ T3583] [<ffffffe0020e60a2>] sock_ioctl+0x4c4/0x66c
[  630.493575][ T3583] [<ffffffe00042239a>] sys_ioctl+0x5c2/0xd56
[  630.494397][ T3583] [<ffffffe000005572>] ret_from_syscall+0x0/0x2
00:10:28 executing program 0:
prctl$PR_SET_SECUREBITS(0x1c, 0x6)

[  630.515622][ T3583] ---[ end trace 5851e70393c8cd7a ]---
[  630.518051][ T3583] Kernel panic - not syncing: Fatal exception
[  630.519122][ T3583] SMP: stopping secondary CPUs
[  630.520390][ T3583] Rebooting in 86400 seconds..

VM DIAGNOSIS:
19:00:15  Registers:
info registers vcpu 0
 pc       ffffffe00000eeae
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      0000000000000000
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffe00000542c
 mepc     ffffffe00000e9d4
 sepc     0000000000081dfc
 mcause   0000000000000009
 scause   0000000000000008
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffe00000ee98 x2/sp ffffffe00a627a20 x3/gp ffffffe004588b08
 x4/tp ffffffe007465f00 x5/t0 ffffffe00a627a78 x6/t1 ffffffc4014c4f4e x7/t2 0000000000000000
 x8/s0 ffffffe00a627a70 x9/s1 0000000000000008 x10/a0 0000000000000001 x11/a1 0000000000000001
 x12/a2 0000000000000000 x13/a3 0000000000000000 x14/a4 0000000000000000 x15/a5 0000000000000000
 x16/a6 0000000000000000 x17/a7 0000000000735049 x18/s2 0000000000000001 x19/s3 ffffffe00a627a70
 x20/s4 0000000000000001 x21/s5 0000000000000001 x22/s6 ffffffe00458c0d0 x23/s7 ffffffe0050495b0
 x24/s8 0000000000000008 x25/s9 ffffffe0050495b0 x26/s10 0000000000000000 x27/s11 0000000000000001
 x28/t3 000000000001fffe x29/t4 ffffffc4014c4f4e x30/t5 ffffffc4014c4f4f x31/t6 00000000000823b4
 f0/ft0 3f83fc71bcf7bd32 f1/ft1 3f847ae147ae147b f2/ft2 41a1b5f4644bcf3b f3/ft3 41373ae000000000
 f4/ft4 4014000000000000 f5/ft5 4024000000000000 f6/ft6 3fe0000000000000 f7/ft7 3fc4ca23f72660d2
 f8/fs0 3feee4db9143f1ac f9/fs1 3fc3c951fac04c62 f10/fa0 3f8afe4f05c34970 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffe000c198ca
 mhartid  0000000000000001
 mstatus  00000000000000a0
 mip      0000000000000002
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffe00000542c
 mepc     ffffffe000c1a84a
 sepc     ffffffe0000dfb28
 mcause   8000000000000003
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffe000c198ca x2/sp ffffffe008e676f0 x3/gp ffffffe004588b08
 x4/tp ffffffe0067b4740 x5/t0 ffffffe004ffdbb7 x6/t1 ffffffc4009ffb76 x7/t2 0000000000000000
 x8/s0 ffffffe008e67710 x9/s1 ffffffe005230480 x10/a0 ffffffd000633005 x11/a1 0000000000000007
 x12/a2 1ffffffc00a46099 x13/a3 ffffffe000c198ca x14/a4 0000000000000000 x15/a5 ffffffe0052304c8
 x16/a6 0000000000f00000 x17/a7 ffffffe004ffdbb6 x18/s2 0000000000000005 x19/s3 0000000000002710
 x20/s4 ffffffe0052304d0 x21/s5 0000000000000020 x22/s6 ffffffe005230718 x23/s7 ffffffe0052304d8
 x24/s8 0000000000000001 x25/s9 ffffffe00458c0d0 x26/s10 ffffffe005230708 x27/s11 ffffffe0052304d0
 x28/t3 0000000000000048 x29/t4 ffffffc4009ffb74 x30/t5 ffffffc4009ffb77 x31/t6 ffffffe004ffdbb7
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000