syzkaller login: [   93.291929][ T2050] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[   93.299865][ T2050] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[   97.284236][ T2050] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:43749' (ECDSA) to the list of known hosts.
1970/01/01 00:02:16 fuzzer started
1970/01/01 00:02:21 dialing manager at localhost:41551
[  143.415785][ T2209] cgroup: Unknown subsys name 'net'
[  143.851836][ T2209] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:02:23 syscalls: 2935
1970/01/01 00:02:23 code coverage: CONFIG_KCOV is not enabled
1970/01/01 00:02:23 comparison tracing: CONFIG_KCOV is not enabled
1970/01/01 00:02:23 extra coverage: CONFIG_KCOV is not enabled
1970/01/01 00:02:23 delay kcov mmap: CONFIG_KCOV is not enabled
1970/01/01 00:02:23 setuid sandbox: enabled
1970/01/01 00:02:23 namespace sandbox: enabled
1970/01/01 00:02:23 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:02:23 fault injection: enabled
1970/01/01 00:02:23 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:02:23 net packet injection: enabled
1970/01/01 00:02:23 net device setup: enabled
1970/01/01 00:02:23 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:02:23 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:02:23 NIC VF setup: PCI device 0000:00:11.0 is not available
1970/01/01 00:02:23 USB emulation: enabled
1970/01/01 00:02:23 hci packet injection: /dev/vhci does not exist
1970/01/01 00:02:23 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:02:23 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:02:23 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:02:23 fetching corpus: 0, signal 0/2968 (executing program)
1970/01/01 00:02:23 fetching corpus: 0, signal 0/2968 (executing program)
1970/01/01 00:02:56 starting 2 fuzzer processes
00:02:56 executing program 0:
r0 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000440)={'veth0_virt_wifi\x00', {0x2, 0x0, @empty}})

00:02:56 executing program 1:
r0 = msgget$private(0x0, 0x0)
msgsnd(r0, &(0x7f0000000640)={0x2}, 0x4, 0x0)
msgrcv(r0, &(0x7f0000000000)={0x0, ""/193}, 0xc5, 0x3, 0x3000)

[  184.814641][ T2212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  184.868632][ T2215] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  184.889123][ T2212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  185.033644][ T2215] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  188.458246][ T2212] device hsr_slave_0 entered promiscuous mode
[  188.514986][ T2212] device hsr_slave_1 entered promiscuous mode
[  188.615248][ T2215] device hsr_slave_0 entered promiscuous mode
[  188.674706][ T2215] device hsr_slave_1 entered promiscuous mode
[  188.711699][ T2215] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  188.712678][ T2215] Cannot create hsr debugfs directory
[  191.074403][ T2212] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  191.184537][ T2212] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  191.272811][ T2212] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  191.484828][ T2212] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  191.934614][ T2215] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  192.038448][ T2215] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  192.146572][ T2215] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  192.249869][ T2215] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  193.886242][ T2212] 8021q: adding VLAN 0 to HW filter on device bond0
[  194.053895][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  194.066335][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  194.424425][ T2215] 8021q: adding VLAN 0 to HW filter on device bond0
[  194.539833][ T2210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  194.549439][ T2210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  195.533806][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  195.557824][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  195.623118][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  195.629812][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  195.694046][   T91] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  195.773386][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  195.967690][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  195.974952][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  196.015409][  T888] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  196.024170][  T888] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  196.112553][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  196.128255][   T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  196.197911][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  196.207275][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  196.225308][ T2212] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  196.415833][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  196.508342][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  196.754122][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  196.759708][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  196.821670][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  196.826610][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  196.884406][ T2215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  197.529529][ T2837] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  197.534687][ T2837] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  198.039893][ T2210] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  198.042786][ T2210] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  200.841108][ T2210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  200.846778][ T2210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  200.925853][ T2837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  200.937894][ T2837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  202.461969][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  202.481926][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  202.498865][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  202.514856][ T2820] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  202.663523][ T2212] device veth0_vlan entered promiscuous mode
[  202.687369][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  202.703548][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  202.799276][ T2210] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  202.809512][ T2210] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  202.824923][ T2215] device veth0_vlan entered promiscuous mode
[  202.973943][ T2212] device veth1_vlan entered promiscuous mode
[  203.102411][ T2215] device veth1_vlan entered promiscuous mode
[  203.432137][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  203.438310][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  203.455715][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  203.468190][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  203.567197][ T2212] device veth0_macvtap entered promiscuous mode
[  203.685987][ T2210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  203.698759][ T2210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  203.716008][ T2212] device veth1_macvtap entered promiscuous mode
[  203.789310][ T2215] device veth0_macvtap entered promiscuous mode
[  203.878963][ T2215] device veth1_macvtap entered promiscuous mode
[  204.095501][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  204.109368][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  204.117210][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  204.128852][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  204.177733][ T2210] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  204.192865][ T2210] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  204.281525][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  204.286707][   T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  204.423540][ T2212] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  204.424884][ T2212] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  204.425439][ T2212] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  204.425938][ T2212] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  204.525032][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  204.559817][ T2894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  204.705059][ T2215] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  204.705916][ T2215] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  204.706412][ T2215] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  204.706864][ T2215] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
00:03:26 executing program 0:
r0 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000440)={'veth0_virt_wifi\x00', {0x2, 0x0, @empty}})

00:03:26 executing program 1:
r0 = msgget$private(0x0, 0x0)
msgsnd(r0, &(0x7f0000000640)={0x2}, 0x4, 0x0)
msgrcv(r0, &(0x7f0000000000)={0x0, ""/193}, 0xc5, 0x3, 0x3000)

[  207.682800][ T2820] Unable to handle kernel paging request at virtual address ffff70000b978a00
[  207.683963][ T2820] KASAN: maybe wild-memory-access in range [0xffff80005cbc5000-0xffff80005cbc5007]
[  207.684585][ T2820] Mem abort info:
[  207.684947][ T2820]   ESR = 0x0000000096000006
[  207.685445][ T2820]   EC = 0x25: DABT (current EL), IL = 32 bits
[  207.686273][ T2820]   SET = 0, FnV = 0
[  207.687473][ T2820]   EA = 0, S1PTW = 0
[  207.688361][ T2820]   FSC = 0x06: level 2 translation fault
[  207.688799][ T2820] Data abort info:
[  207.689281][ T2820]   ISV = 0, ISS = 0x00000006
[  207.689682][ T2820]   CM = 0, WnR = 0
[  207.691816][ T2820] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000045dfb000
[  207.692334][ T2820] [ffff70000b978a00] pgd=00000000bfbeb003, p4d=00000000bfbeb003, pud=00000000bfbea003, pmd=0000000000000000
[  207.694798][ T2820] Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
[  207.695350][ T2820] Modules linked in:
[  207.695754][ T2820] CPU: 0 PID: 2820 Comm: kworker/0:3 Tainted: G        W          6.1.0-rc1-syzkaller-00025-gaae703b02f92 #0
[  207.696137][ T2820] Hardware name: linux,dummy-virt (DT)
[  207.696607][ T2820] Workqueue: events free_ipc
[  207.696936][ T2820] pstate: 10000005 (nzcV daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[  207.697262][ T2820] pc : percpu_counter_add_batch+0x78/0x2f0
[  207.697510][ T2820] lr : percpu_counter_add_batch+0x44/0x2f0
[  207.697756][ T2820] sp : ffff8000120979c0
[  207.697945][ T2820] x29: ffff8000120979c0 x28: ffff0000151ff800 x27: 1fffe00002a3ff24
[  207.698319][ T2820] x26: ffff80005cbc5000 x25: ffff00000eeac7b0 x24: 1fffe00001dd58f6
[  207.698719][ T2820] x23: 000000007fffffff x22: ffff80000cc4e800 x21: 0000000000000000
[  207.699082][ T2820] x20: 0000000000000000 x19: ffff00000eeac758 x18: ffff00006a9cbbc0
[  207.699432][ T2820] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800008d9c830
[  207.699792][ T2820] x14: ffff800008d78ecc x13: ffff800008d752d4 x12: ffff600002a3ff01
[  207.700341][ T2820] x11: 1fffe00002a3ff00 x10: ffff600002a3ff00 x9 : dfff800000000000
[  207.700922][ T2820] x8 : ffff0000151ff800 x7 : 00000000f1f1f1f1 x6 : dfff800000000000
[  207.701315][ T2820] x5 : ffff700002412f32 x4 : 1ffff000020ef1ac x3 : 1ffff0000b978a00
[  207.701941][ T2820] x2 : dfff800000000000 x1 : 0000000000000003 x0 : ffff80005cbc5000
[  207.702379][ T2820] Call trace:
[  207.702563][ T2820]  percpu_counter_add_batch+0x78/0x2f0
[  207.702937][ T2820]  freeque+0x20c/0x364
[  207.703148][ T2820]  free_ipcs+0xa0/0x160
[  207.703344][ T2820]  msg_exit_ns+0x38/0x60
[  207.703576][ T2820]  free_ipc+0xd0/0x1c0
[  207.703827][ T2820]  process_one_work+0x780/0x184c
[  207.704153][ T2820]  worker_thread+0x3cc/0xc40
[  207.704364][ T2820]  kthread+0x23c/0x2a0
[  207.704590][ T2820]  ret_from_fork+0x10/0x20
[  207.705121][ T2820] Code: f2fbffe2 92400801 d343fc03 11000c21 (38e26862) 
[  207.706254][ T2820] ---[ end trace 0000000000000000 ]---
[  207.707080][ T2820] Kernel panic - not syncing: Oops: Fatal exception
[  207.707795][ T2820] SMP: stopping secondary CPUs
[  207.709149][ T2820] Kernel Offset: disabled
[  207.709371][ T2820] CPU features: 0x22000,20234080,0000421b
[  207.710135][ T2820] Memory Limit: none
[  207.710951][ T2820] Rebooting in 86400 seconds..

VM DIAGNOSIS:
07:05:07  Registers:
info registers vcpu 0
 PC=ffff8000096b0290 X00=0000000000000002 X01=0000000000000002
X02=ffff000009ade172 X03=dfff800000000000 X04=1fffe0000135bc2e
X05=0000000000000000 X06=00000000f3f3f3f3 X07=1fffe0000431515a
X08=ffff0000218a8ad0 X09=00000000000000c8 X10=ffff0000218a89cc
X11=0000000000000004 X12=1fffe00004315139 X13=1fffe0000431515a
X14=1ffff00002412e00 X15=0000000000000000 X16=0000000000000000
X17=0000000000000000 X18=ffff00006a9cbbc0 X19=ffff000009ade080
X20=ffff800010aad030 X21=ffff80000e574020 X22=0000000000000000
X23=1fffe0000135bc58 X24=00000000000000c0 X25=0000000000000001
X26=ffff000009ade080 X27=1ffff00002412e94 X28=000000000000002a
X29=ffff800012097180 X30=ffff8000096bc978  SP=ffff800012097180
PSTATE=800000c5 N--- EL1h     FPCR=00000000 FPSR=00000010
Q00=0000000000000000:0000000000000000 Q01=0000000000000000:414fffffe0000000
Q02=d0f4af9142966bd5:3b43978aa57a5000 Q03=0000000040000000:0000000000000000
Q04=4010040140100401:4000000000000000 Q05=4010040140100401:4010040140100401
Q06=5555400000400000:5555400000400000 Q07=0000000000000000:0000000000000000
Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000
Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000
Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000
Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000
Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000
Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000
Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000
Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000
Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000
Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000
Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000
Q30=0000000000000010:0000001f5bea3dc0 Q31=0000000000000000:0000000000000000
info registers vcpu 1
 PC=ffff80000b461ec8 X00=ffff80000b461ec0 X01=0000000000000000
X02=0000000000000001 X03=ffff0000092d8010 X04=dfff800000000000
X05=ffff0000092d8000 X06=0000000000000001 X07=00009ffffeda5000
X08=ffff0000092d8007 X09=dfff800000000000 X10=ffff60000125b000
X11=1fffe0000125b000 X12=ffff60000125b001 X13=1fffe0000125b146
X14=1ffff00002188f3e X15=ffff8000087d22f0 X16=ffff8000087d9d38
X17=ffff80000c2ca63c X18=ffff00006a9eabc0 X19=ffff80000e071fb0
X20=0000000000000000 X21=0000000000000003 X22=0000000000000028
X23=ffff80000e072040 X24=dfff800000000000 X25=ffff80000e071f80
X26=0000000000000004 X27=ffff80000e071fb0 X28=ffff0000092d8720
X29=ffff800010c47b80 X30=ffff8000083926e8  SP=ffff800010c47b80
PSTATE=100000c5 ---V EL1h     FPCR=00000000 FPSR=00000000
Q00=0000000000000000:0000000000000000 Q01=0000000000000000:0000000000000000
Q02=0000000000000000:0000000000000000 Q03=0000000000000000:0000000000000000
Q04=0000000000000000:0000000000000000 Q05=0000000000000000:0000000000000000
Q06=0000000000000000:0000000000000000 Q07=0000000000000000:0000000000000000
Q08=0000000000000000:0000000000000000 Q09=0000000000000000:0000000000000000
Q10=0000000000000000:0000000000000000 Q11=0000000000000000:0000000000000000
Q12=0000000000000000:0000000000000000 Q13=0000000000000000:0000000000000000
Q14=0000000000000000:0000000000000000 Q15=0000000000000000:0000000000000000
Q16=0000000000000000:0000000000000000 Q17=0000000000000000:0000000000000000
Q18=0000000000000000:0000000000000000 Q19=0000000000000000:0000000000000000
Q20=0000000000000000:0000000000000000 Q21=0000000000000000:0000000000000000
Q22=0000000000000000:0000000000000000 Q23=0000000000000000:0000000000000000
Q24=0000000000000000:0000000000000000 Q25=0000000000000000:0000000000000000
Q26=0000000000000000:0000000000000000 Q27=0000000000000000:0000000000000000
Q28=0000000000000000:0000000000000000 Q29=0000000000000000:0000000000000000
Q30=0000000000000000:0000000000000000 Q31=0000000000000000:0000000000000000