syzkaller login: [  292.420831][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  300.214952][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  300.294917][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  300.350749][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  300.441141][ T1858] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:38846' (ECDSA) to the list of known hosts.
1970/01/01 00:06:14 fuzzer started
1970/01/01 00:06:26 dialing manager at localhost:42735
[  392.703829][ T2026] cgroup: Unknown subsys name 'net'
[  393.815225][ T2026] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:06:33 syscalls: 2918
1970/01/01 00:06:33 code coverage: enabled
1970/01/01 00:06:33 comparison tracing: enabled
1970/01/01 00:06:33 extra coverage: enabled
1970/01/01 00:06:33 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:06:33 setuid sandbox: enabled
1970/01/01 00:06:33 namespace sandbox: enabled
1970/01/01 00:06:33 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:06:33 fault injection: enabled
1970/01/01 00:06:33 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:06:33 net packet injection: enabled
1970/01/01 00:06:33 net device setup: enabled
1970/01/01 00:06:33 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:06:33 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:06:33 NIC VF setup: PCI device 0000:00:11.0 is not available
1970/01/01 00:06:33 USB emulation: enabled
1970/01/01 00:06:33 hci packet injection: /dev/vhci does not exist
1970/01/01 00:06:33 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:06:33 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:06:33 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:06:38 fetching corpus: 50, signal 34851/37778 (executing program)
1970/01/01 00:06:41 fetching corpus: 97, signal 46300/50125 (executing program)
1970/01/01 00:06:46 fetching corpus: 147, signal 55108/59549 (executing program)
1970/01/01 00:06:49 fetching corpus: 195, signal 63999/68805 (executing program)
1970/01/01 00:06:51 fetching corpus: 245, signal 70943/76102 (executing program)
1970/01/01 00:06:56 fetching corpus: 293, signal 75888/81332 (executing program)
1970/01/01 00:06:58 fetching corpus: 341, signal 81235/86757 (executing program)
1970/01/01 00:07:02 fetching corpus: 391, signal 86702/92099 (executing program)
1970/01/01 00:07:05 fetching corpus: 440, signal 89551/95131 (executing program)
1970/01/01 00:07:07 fetching corpus: 489, signal 93858/99254 (executing program)
1970/01/01 00:07:09 fetching corpus: 539, signal 95939/101489 (executing program)
1970/01/01 00:07:12 fetching corpus: 589, signal 98726/104089 (executing program)
1970/01/01 00:07:15 fetching corpus: 638, signal 100949/106230 (executing program)
1970/01/01 00:07:18 fetching corpus: 688, signal 103575/108605 (executing program)
1970/01/01 00:07:21 fetching corpus: 737, signal 106114/110787 (executing program)
1970/01/01 00:07:25 fetching corpus: 787, signal 109197/113342 (executing program)
1970/01/01 00:07:29 fetching corpus: 836, signal 111189/114986 (executing program)
1970/01/01 00:07:35 fetching corpus: 885, signal 114923/117862 (executing program)
1970/01/01 00:07:38 fetching corpus: 935, signal 116828/119296 (executing program)
1970/01/01 00:07:41 fetching corpus: 983, signal 119774/121451 (executing program)
1970/01/01 00:07:44 fetching corpus: 1033, signal 121832/122874 (executing program)
1970/01/01 00:07:46 fetching corpus: 1069, signal 123117/123745 (executing program)
1970/01/01 00:07:47 fetching corpus: 1069, signal 123143/123796 (executing program)
1970/01/01 00:07:47 fetching corpus: 1069, signal 123143/123825 (executing program)
1970/01/01 00:07:47 fetching corpus: 1069, signal 123143/123843 (executing program)
1970/01/01 00:07:47 fetching corpus: 1069, signal 123143/123874 (executing program)
1970/01/01 00:07:48 fetching corpus: 1070, signal 123156/123912 (executing program)
1970/01/01 00:07:48 fetching corpus: 1070, signal 123156/123944 (executing program)
1970/01/01 00:07:49 fetching corpus: 1070, signal 123156/123972 (executing program)
1970/01/01 00:07:49 fetching corpus: 1070, signal 123156/123999 (executing program)
1970/01/01 00:07:49 fetching corpus: 1070, signal 123162/124022 (executing program)
1970/01/01 00:07:49 fetching corpus: 1071, signal 123164/124050 (executing program)
1970/01/01 00:07:50 fetching corpus: 1071, signal 123164/124081 (executing program)
1970/01/01 00:07:50 fetching corpus: 1071, signal 123164/124107 (executing program)
1970/01/01 00:07:50 fetching corpus: 1071, signal 123164/124139 (executing program)
1970/01/01 00:07:50 fetching corpus: 1071, signal 123164/124167 (executing program)
1970/01/01 00:07:50 fetching corpus: 1071, signal 123164/124205 (executing program)
1970/01/01 00:07:50 fetching corpus: 1071, signal 123164/124245 (executing program)
1970/01/01 00:07:50 fetching corpus: 1071, signal 123164/124277 (executing program)
1970/01/01 00:07:51 fetching corpus: 1071, signal 123164/124304 (executing program)
1970/01/01 00:07:51 fetching corpus: 1071, signal 123164/124330 (executing program)
1970/01/01 00:07:51 fetching corpus: 1071, signal 123164/124352 (executing program)
1970/01/01 00:07:51 fetching corpus: 1071, signal 123164/124378 (executing program)
1970/01/01 00:07:51 fetching corpus: 1071, signal 123164/124402 (executing program)
1970/01/01 00:07:51 fetching corpus: 1071, signal 123164/124442 (executing program)
1970/01/01 00:07:52 fetching corpus: 1071, signal 123164/124477 (executing program)
1970/01/01 00:07:52 fetching corpus: 1071, signal 123164/124515 (executing program)
1970/01/01 00:07:52 fetching corpus: 1071, signal 123164/124542 (executing program)
1970/01/01 00:07:52 fetching corpus: 1071, signal 123164/124575 (executing program)
1970/01/01 00:07:52 fetching corpus: 1071, signal 123164/124606 (executing program)
1970/01/01 00:07:52 fetching corpus: 1071, signal 123164/124636 (executing program)
1970/01/01 00:07:52 fetching corpus: 1071, signal 123164/124676 (executing program)
1970/01/01 00:07:53 fetching corpus: 1071, signal 123164/124706 (executing program)
1970/01/01 00:07:53 fetching corpus: 1071, signal 123164/124739 (executing program)
1970/01/01 00:07:53 fetching corpus: 1071, signal 123164/124762 (executing program)
1970/01/01 00:07:53 fetching corpus: 1071, signal 123164/124788 (executing program)
1970/01/01 00:07:53 fetching corpus: 1071, signal 123164/124818 (executing program)
1970/01/01 00:07:53 fetching corpus: 1071, signal 123164/124845 (executing program)
1970/01/01 00:07:54 fetching corpus: 1071, signal 123164/124872 (executing program)
1970/01/01 00:07:54 fetching corpus: 1071, signal 123164/124902 (executing program)
1970/01/01 00:07:54 fetching corpus: 1071, signal 123164/124927 (executing program)
1970/01/01 00:07:54 fetching corpus: 1071, signal 123164/124936 (executing program)
1970/01/01 00:07:54 fetching corpus: 1071, signal 123164/124936 (executing program)
1970/01/01 00:09:40 starting 2 fuzzer processes
00:09:40 executing program 0:
r0 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

00:09:40 executing program 1:
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1000, 0x103)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)

[  611.601542][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  612.163610][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  612.256539][ T2040] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  612.803753][ T2040] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  623.964163][ T2039] device hsr_slave_0 entered promiscuous mode
[  623.984506][ T2039] device hsr_slave_1 entered promiscuous mode
[  625.552092][ T2040] device hsr_slave_0 entered promiscuous mode
[  625.605849][ T2040] device hsr_slave_1 entered promiscuous mode
[  625.645903][ T2040] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  625.651994][ T2040] Cannot create hsr debugfs directory
[  632.599821][ T2039] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  632.841926][ T2039] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  633.023978][ T2039] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  633.241201][ T2039] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  633.883561][ T2040] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  634.184588][ T2040] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  634.313204][ T2040] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  634.411947][ T2040] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  644.040477][ T2040] 8021q: adding VLAN 0 to HW filter on device bond0
[  644.490524][ T2039] 8021q: adding VLAN 0 to HW filter on device bond0
[  644.694989][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  644.786330][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  645.279907][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  645.293042][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  651.040748][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  651.111144][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  651.392693][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  651.485936][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  651.735992][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  651.935984][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  652.486873][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  652.514126][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  653.121736][ T2040] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  653.123448][ T2040] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  653.381152][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  653.410887][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  653.444314][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  653.461630][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  653.482527][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  653.500486][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  653.513099][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  653.534932][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  653.755456][ T2427] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  654.655857][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  654.715524][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  654.970808][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  655.011404][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  655.285534][ T2039] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  660.210985][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  660.216151][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  660.846819][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  660.851750][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  672.973663][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  673.044991][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  674.452410][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  674.493076][ T2028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  680.117123][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  680.180597][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  680.252151][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  680.292111][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  680.398372][ T2040] device veth0_vlan entered promiscuous mode
[  681.391690][ T2040] device veth1_vlan entered promiscuous mode
[  681.524196][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  681.565656][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  681.630065][ T2039] device veth0_vlan entered promiscuous mode
[  681.771027][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  681.836647][ T2665] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  682.383996][ T2039] device veth1_vlan entered promiscuous mode
[  682.944850][ T2427] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  683.006080][ T2427] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  683.210981][ T2040] device veth0_macvtap entered promiscuous mode
[  683.394821][ T2040] device veth1_macvtap entered promiscuous mode
[  684.026185][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  684.046324][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  684.075804][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  684.542478][ T2039] device veth0_macvtap entered promiscuous mode
[  684.821466][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  684.874087][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  684.898391][   T83] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  685.177195][ T2039] device veth1_macvtap entered promiscuous mode
[  685.367159][ T2722] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  685.413100][ T2722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  685.755294][ T2040] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  685.791059][ T2040] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  685.792858][ T2040] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  685.794084][ T2040] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  686.485788][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  686.566279][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  687.245798][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  687.305768][ T2029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  687.929495][ T2039] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  687.932622][ T2039] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  687.934702][ T2039] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  688.003181][ T2039] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
00:11:32 executing program 0:
r0 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

00:11:34 executing program 1:
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1000, 0x103)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)

00:11:35 executing program 0:
r0 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

00:11:40 executing program 1:
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1000, 0x103)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)

00:11:41 executing program 0:
r0 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

00:11:47 executing program 0:
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1000, 0x103)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)

00:11:47 executing program 1:
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1000, 0x103)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)

00:11:53 executing program 0:
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1000, 0x103)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)

00:11:55 executing program 1:
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1000, 0x103)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)

00:12:00 executing program 1:
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1000, 0x103)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)

00:12:01 executing program 0:
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1000, 0x103)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)

00:12:03 executing program 1:
mknodat$null(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1000, 0x103)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x5, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)

00:12:05 executing program 0:
r0 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

00:12:08 executing program 0:
r0 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

00:12:10 executing program 1:
r0 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

00:12:13 executing program 0:
r0 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

00:12:14 executing program 1:
r0 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

00:12:18 executing program 0:
r0 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

00:12:18 executing program 1:
r0 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

00:12:21 executing program 0:
r0 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

00:12:23 executing program 1:
r0 = timerfd_create(0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
r2 = fcntl$dupfd(r1, 0x0, r0)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x1406, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x8}]}, 0x18}}, 0x0)

[  746.922398][ T2781] netlink: 'syz-executor.1': attribute type 8 has an invalid length.
00:12:26 executing program 0:
r0 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

00:12:27 executing program 1:
r0 = timerfd_create(0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
r2 = fcntl$dupfd(r1, 0x0, r0)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x1406, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x8}]}, 0x18}}, 0x0)

[  750.642642][ T2785] netlink: 'syz-executor.1': attribute type 8 has an invalid length.
00:12:30 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto(r0, &(0x7f0000000040)='\x00', 0x1, 0x0, &(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0x7ffff000}, 0x3ff}, 0x80)
listen(r0, 0x4bbe)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0)
accept4(r0, &(0x7f00000001c0)=@qipcrtr, 0x0, 0x0)

00:12:30 executing program 1:
r0 = timerfd_create(0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
r2 = fcntl$dupfd(r1, 0x0, r0)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x1406, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x8}]}, 0x18}}, 0x0)

[  754.659293][ T2791] netlink: 'syz-executor.1': attribute type 8 has an invalid length.
00:12:35 executing program 1:
r0 = timerfd_create(0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
r2 = fcntl$dupfd(r1, 0x0, r0)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x1406, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x8}]}, 0x18}}, 0x0)

[  756.393992][ T2789] sctp: failed to load transform for md5: -2
00:12:37 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto(r0, &(0x7f0000000040)='\x00', 0x1, 0x0, &(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0x7ffff000}, 0x3ff}, 0x80)
listen(r0, 0x4bbe)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0)
accept4(r0, &(0x7f00000001c0)=@qipcrtr, 0x0, 0x0)

[  759.115710][ T2798] netlink: 'syz-executor.1': attribute type 8 has an invalid length.
00:12:39 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto(r0, &(0x7f0000000040)='\x00', 0x1, 0x0, &(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0x7ffff000}, 0x3ff}, 0x80)
listen(r0, 0x4bbe)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0)
accept4(r0, &(0x7f00000001c0)=@qipcrtr, 0x0, 0x0)

[  763.554997][ T2802] sctp: failed to load transform for md5: -4
00:12:45 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto(r0, &(0x7f0000000040)='\x00', 0x1, 0x0, &(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0x7ffff000}, 0x3ff}, 0x80)
listen(r0, 0x4bbe)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0)
accept4(r0, &(0x7f00000001c0)=@qipcrtr, 0x0, 0x0)

00:12:46 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto(r0, &(0x7f0000000040)='\x00', 0x1, 0x0, &(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0x7ffff000}, 0x3ff}, 0x80)
listen(r0, 0x4bbe)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0)
accept4(r0, &(0x7f00000001c0)=@qipcrtr, 0x0, 0x0)

00:12:49 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto(r0, &(0x7f0000000040)='\x00', 0x1, 0x0, &(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0x7ffff000}, 0x3ff}, 0x80)
listen(r0, 0x4bbe)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0)
accept4(r0, &(0x7f00000001c0)=@qipcrtr, 0x0, 0x0)

00:12:51 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto(r0, &(0x7f0000000040)='\x00', 0x1, 0x0, &(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0x7ffff000}, 0x3ff}, 0x80)
listen(r0, 0x4bbe)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0)
accept4(r0, &(0x7f00000001c0)=@qipcrtr, 0x0, 0x0)

00:12:55 executing program 0:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f0000000880)={{0x1, 0x1, 0x17}, './file0\x00'})

00:12:59 executing program 0:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f0000000880)={{0x1, 0x1, 0x17}, './file0\x00'})

00:12:59 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {}, [@FRA_FLOW={0x8}]}, 0x24}}, 0x0)

00:13:01 executing program 0:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f0000000880)={{0x1, 0x1, 0x17}, './file0\x00'})

00:13:03 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {}, [@FRA_FLOW={0x8}]}, 0x24}}, 0x0)

00:13:04 executing program 0:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f0000000880)={{0x1, 0x1, 0x17}, './file0\x00'})

00:13:05 executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {}, [@FRA_FLOW={0x8}]}, 0x24}}, 0x0)

00:13:06 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {}, [@FRA_FLOW={0x8}]}, 0x24}}, 0x0)

[  789.146587][ T2842] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[  789.149308][ T2842] CPU: 0 PID: 2842 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  789.151106][ T2842] Hardware name: riscv-virtio,qemu (DT)
[  789.152979][ T2842] Call Trace:
[  789.153903][ T2842] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  789.155308][ T2842] [<ffffffff831668cc>] show_stack+0x34/0x40
[  789.156504][ T2842] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  789.158254][ T2842] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  789.159519][ T2842] [<ffffffff83166fa8>] panic+0x24a/0x634
[  789.160662][ T2842] [<ffffffff831a688a>] schedule+0x0/0x14c
[  789.161891][ T2842] [<ffffffff831a6c62>] preempt_schedule_notrace+0x9c/0x19a
[  789.163193][ T2842] [<ffffffff8010f014>] trace_lock_acquire+0xd6/0x1fc
[  789.164576][ T2842] [<ffffffff801167fe>] lock_acquire+0x28/0x6a
[  789.166367][ T2842] [<ffffffff80468f2a>] percpu_ref_put_many.constprop.0+0x36/0x144
[  789.168280][ T2842] [<ffffffff8046ae5c>] memcg_slab_post_alloc_hook+0x24a/0x492
[  789.169722][ T2842] [<ffffffff8047081c>] kmem_cache_alloc+0x158/0x3de
[  789.170941][ T2842] [<ffffffff82bf196a>] fib_trie_unmerge+0x1d6/0x71e
[  789.172143][ T2842] [<ffffffff82bd3816>] fib_unmerge+0x9c/0x272
[  789.173313][ T2842] [<ffffffff82c1feda>] fib4_rule_configure+0x80/0x582
[  789.174526][ T2842] [<ffffffff827c71b0>] fib_nl_newrule+0x248/0xf34
[  789.175810][ T2842] [<ffffffff8276b46c>] rtnetlink_rcv_msg+0x338/0x9a0
[  789.177133][ T2842] [<ffffffff8296ded2>] netlink_rcv_skb+0xf8/0x2be
[  789.178831][ T2842] [<ffffffff827624f4>] rtnetlink_rcv+0x26/0x30
[  789.180073][ T2842] [<ffffffff8296cbcc>] netlink_unicast+0x40e/0x5fe
[  789.181294][ T2842] [<ffffffff8296d29c>] netlink_sendmsg+0x4e0/0x994
[  789.182476][ T2842] [<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4
[  789.184161][ T2842] [<ffffffff826d4dd4>] ____sys_sendmsg+0x46e/0x484
[  789.185425][ T2842] [<ffffffff826d8bca>] ___sys_sendmsg+0x16c/0x1f6
[  789.186646][ T2842] [<ffffffff826d8e78>] __sys_sendmsg+0xba/0x150
[  789.188338][ T2842] [<ffffffff826d8f3a>] sys_sendmsg+0x2c/0x3a
[  789.189629][ T2842] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[  789.191403][ T2842] SMP: stopping secondary CPUs
[  789.193628][ T2842] Rebooting in 86400 seconds..

VM DIAGNOSIS:
16:23:43  Registers:
info registers vcpu 0
 pc       ffffffff801165d6
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      00000000000002a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff804757c0
 sepc     ffffffff8010b26a
 mcause   8000000000000007
 scause   8000000000000009
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff801165c2 x2/sp ffffaf80211ee5d0 x3/gp ffffffff85863ac0
 x4/tp ffffaf8009ac1840 x5/t0 ffffffff86bcb657 x6/t1 97c0b6948f19de00 x7/t2 0000000000000000
 x8/s0 ffffaf80211ee730 x9/s1 ffffffff8343c840 x10/a0 ffffaf805a9c8840 x11/a1 0000000000000003
 x12/a2 1ffff5f00b539108 x13/a3 ffffffff801165c2 x14/a4 0000000000000000 x15/a5 0000000000000020
 x16/a6 0000000000f00000 x17/a7 ffffffff8011edca x18/s2 ffffffff86c1a620 x19/s3 ffffaf805a9c8840
 x20/s4 0000000000000000 x21/s5 ffffffff84a888e0 x22/s6 0000000000000000 x23/s7 ffffaf8009ac1840
 x24/s8 ffffffff8011edca x25/s9 ffffffff85889780 x26/s10 1ffff5f00423dcc4 x27/s11 0000000000000000
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f00423dca0 x31/t6 ffffffff86bcb657
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff831afc6a
 mhartid  0000000000000001
 mstatus  00000000000001a2
 mip      0000000000000000
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f97e
 sepc     ffffffff80475986
 mcause   0000000000000009
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff826eda1a x2/sp ffffaf800f717b10 x3/gp ffffffff85863ac0
 x4/tp ffffaf800c0548c0 x5/t0 ffffaf800f717a80 x6/t1 fffff5ef01fce26b x7/t2 0000000046b15f31
 x8/s0 ffffaf800f717b50 x9/s1 ffffaf800fe71280 x10/a0 0000000000000000 x11/a1 ffffaf800c0558c0
 x12/a2 0000000000000002 x13/a3 ffffffff826fef2a x14/a4 ffffaf800c0558c0 x15/a5 ffffaf800fe71344
 x16/a6 0000000000f00000 x17/a7 ffffaf800fe7135f x18/s2 ffffaf800fe71344 x19/s3 ffffaf800b25cec0
 x20/s4 ffffaf800fe71280 x21/s5 ffffaf800b25cef0 x22/s6 ffffffffffffffff x23/s7 ffffaf800b25cec2
 x24/s8 ffffaf800fe712fe x25/s9 ffffaf800fe71348 x26/s10 0000000000000000 x27/s11 ffffaf800fe71348
 x28/t3 fffffffff3f3f300 x29/t4 fffff5ef01fce26b x30/t5 fffff5ef01fce26c x31/t6 ffffaf800b25c026
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000