Warning: Permanently added '[localhost]:50874' (ECDSA) to the list of known hosts. 2020/10/18 12:52:23 fuzzer started 2020/10/18 12:52:23 dialing manager at 10.0.2.10:46467 2020/10/18 12:52:23 syscalls: 3440 2020/10/18 12:52:23 code coverage: enabled 2020/10/18 12:52:23 comparison tracing: enabled 2020/10/18 12:52:23 extra coverage: enabled 2020/10/18 12:52:23 setuid sandbox: enabled 2020/10/18 12:52:23 namespace sandbox: enabled 2020/10/18 12:52:23 Android sandbox: /sys/fs/selinux/policy does not exist 2020/10/18 12:52:23 fault injection: enabled 2020/10/18 12:52:23 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/10/18 12:52:23 net packet injection: enabled 2020/10/18 12:52:23 net device setup: enabled 2020/10/18 12:52:23 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/10/18 12:52:23 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/10/18 12:52:23 USB emulation: enabled 2020/10/18 12:52:23 hci packet injection: enabled 2020/10/18 12:52:23 wifi device emulation: enabled 12:53:32 executing program 0: mmap$perf(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000008, 0x8f1eb07a035c68f2, 0xffffffffffffffff, 0x0) 12:53:33 executing program 1: r0 = socket$unix(0x1, 0x5, 0x0) sendto$unix(r0, &(0x7f0000000040)="8dbab798e639e69edc538509f6c602519018fbbbd4700aaea7f32dd8ba60a3a69c4621efe3d00adcd608a9b32f5af8afc8b11a2ab4cf6841a1c6176a8e004ea2d29befd6cd49684b6f650f12c3d4164531e753f336500cc9c463df8d4387e03375084f309f2da8f8cb648bfbab80a5b305279c4d95cef99da78ce7770c0d34623032292a3a357e10003eb6f3baa30afe70b042542d68972da5f56f9e98c6cb4d426a8d856385c616c2ba444a77e077cf4b67c5b3c326a2fd7175018d4aa6e40800c76d4040b26ebe7f9b13dd80db1143bbf1a69ace15ffe2bcc85142788ad076ae17ac6a446ce230aac3c8a9d08bfeaaf1e4de927b12fb41d537c6a7f09151c4db0e4ab2a08438b10c13f93c9daba88a23bef4a0b8f1d2eda7c8eca2ccee30c1d04ea01ecc2dc0283cb9764cae2e4e2241328cc77fb796ead00d66e8ea5df5cfee3286981b0a89a66f51452f3725191c3457d41772c52af2a7", 0x0, 0x4c001, 0x0, 0xfffffdcc) 12:53:33 executing program 2: r0 = socket(0xa, 0x2, 0x0) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 12:53:33 executing program 3: r0 = socket(0x10, 0x2, 0x0) sendto$unix(r0, &(0x7f0000000040), 0x0, 0x20000801, 0x0, 0x0) syzkaller login: [ 189.335390][ T8340] IPVS: ftp: loaded support on port[0] = 21 [ 189.335962][ T8339] IPVS: ftp: loaded support on port[0] = 21 [ 189.570110][ T8342] IPVS: ftp: loaded support on port[0] = 21 [ 189.774143][ T8344] IPVS: ftp: loaded support on port[0] = 21 [ 189.853440][ T8339] chnl_net:caif_netlink_parms(): no params data found [ 189.909417][ T8340] chnl_net:caif_netlink_parms(): no params data found [ 190.042631][ T8339] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.053426][ T8339] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.068344][ T8339] device bridge_slave_0 entered promiscuous mode [ 190.093947][ T8339] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.103928][ T8339] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.115943][ T8339] device bridge_slave_1 entered promiscuous mode [ 190.132656][ T8342] chnl_net:caif_netlink_parms(): no params data found [ 190.186542][ T8339] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.207665][ T8339] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.232119][ T8340] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.243045][ T8340] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.255193][ T8340] device bridge_slave_0 entered promiscuous mode [ 190.276528][ T8340] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.288504][ T8340] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.304206][ T8340] device bridge_slave_1 entered promiscuous mode [ 190.346617][ T8339] team0: Port device team_slave_0 added [ 190.368073][ T8340] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.392938][ T8339] team0: Port device team_slave_1 added [ 190.408339][ T8340] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.452626][ T8339] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.460795][ T8339] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.494030][ T8339] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.522597][ T8339] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.532212][ T8339] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.566533][ T8339] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.583576][ T8340] team0: Port device team_slave_0 added [ 190.590319][ T8342] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.599568][ T8342] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.600967][ T8342] device bridge_slave_0 entered promiscuous mode [ 190.627578][ T8342] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.636267][ T8342] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.646602][ T8342] device bridge_slave_1 entered promiscuous mode [ 190.668993][ T8340] team0: Port device team_slave_1 added [ 190.699886][ T8342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.724782][ T8344] chnl_net:caif_netlink_parms(): no params data found [ 190.747990][ T8339] device hsr_slave_0 entered promiscuous mode [ 190.758367][ T8339] device hsr_slave_1 entered promiscuous mode [ 190.770442][ T8342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.812750][ T8340] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.821833][ T8340] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.852821][ T8340] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.899237][ T8340] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.908396][ T8340] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.939786][ T8340] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.974003][ T8342] team0: Port device team_slave_0 added [ 190.985226][ T8342] team0: Port device team_slave_1 added [ 191.020020][ T8342] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.028709][ T8342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.059075][ T8342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.119910][ T8340] device hsr_slave_0 entered promiscuous mode [ 191.122714][ T5] Bluetooth: hci0: command 0x0409 tx timeout [ 191.144764][ T8340] device hsr_slave_1 entered promiscuous mode [ 191.153737][ T8340] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 191.166325][ T8340] Cannot create hsr debugfs directory [ 191.176487][ T8342] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.188223][ T8342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.201893][ T5] Bluetooth: hci1: command 0x0409 tx timeout [ 191.223207][ T8342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.274581][ T8344] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.283643][ T8344] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.293190][ T8344] device bridge_slave_0 entered promiscuous mode [ 191.339513][ T8344] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.351621][ T8344] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.360431][ T8344] device bridge_slave_1 entered promiscuous mode [ 191.382559][ T8342] device hsr_slave_0 entered promiscuous mode [ 191.398899][ T8342] device hsr_slave_1 entered promiscuous mode [ 191.407225][ T8342] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 191.416395][ T8342] Cannot create hsr debugfs directory [ 191.479230][ T8344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.496010][ T8344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.522944][ T5] Bluetooth: hci2: command 0x0409 tx timeout [ 191.566794][ T8344] team0: Port device team_slave_0 added [ 191.580770][ T8344] team0: Port device team_slave_1 added [ 191.654692][ T8339] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 191.672738][ T8344] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.680779][ T8344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.681482][ T5] Bluetooth: hci3: command 0x0409 tx timeout [ 191.712450][ T8344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.742682][ T8339] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 191.754133][ T8344] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.762755][ T8344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.796465][ T8344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.816281][ T8339] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 191.831798][ T8339] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 191.885670][ T8344] device hsr_slave_0 entered promiscuous mode [ 191.894720][ T8344] device hsr_slave_1 entered promiscuous mode [ 191.903936][ T8344] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 191.913069][ T8344] Cannot create hsr debugfs directory [ 191.923998][ T8340] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 191.949823][ T8340] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 191.963147][ T8340] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 191.976512][ T8340] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 192.040847][ T8342] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 192.062030][ T8342] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 192.073751][ T8342] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 192.086429][ T8342] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 192.206165][ T8344] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 192.228844][ T8344] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 192.248252][ T8344] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 192.264401][ T8344] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 192.337614][ T8339] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.385940][ T8340] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.417390][ T1244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.441011][ T1244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.460381][ T8339] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.492044][ T3277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.510263][ T3277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.524729][ T3277] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.537778][ T3277] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.558425][ T3277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.584300][ T3277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.608264][ T3277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.621605][ T3277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.637947][ T3277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.648227][ T3277] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.661700][ T3277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.678944][ T8340] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.694410][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.714807][ T8342] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.747474][ T8342] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.756484][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.771887][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.787682][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.800610][ T8361] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.814423][ T8361] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.828617][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.839970][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.879234][ T8361] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.893410][ T8361] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.919112][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.939966][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.957958][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.973711][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.990392][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.017553][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.039231][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.055380][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.075004][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.093928][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.108390][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.126313][ T8344] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.145689][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.156679][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.176806][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.188209][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.198514][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.208806][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.219560][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.232169][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.243921][ T1247] Bluetooth: hci0: command 0x041b tx timeout [ 193.251585][ T1244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.263330][ T1244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.276583][ T1244] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.283324][ T5] Bluetooth: hci1: command 0x041b tx timeout [ 193.286431][ T1244] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.305270][ T1244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.319570][ T1244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.336225][ T1244] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.346409][ T1244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.357131][ T1244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.370834][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.387866][ T8344] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.410884][ T8340] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 193.427267][ T8340] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.448701][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.463080][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.486043][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.505923][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.520786][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.535085][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.546881][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.559572][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.571026][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.581502][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.593447][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.610263][ T8339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.620894][ T5] Bluetooth: hci2: command 0x041b tx timeout [ 193.644688][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.655374][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.666784][ T8372] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.675588][ T8372] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.685248][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.696459][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.709522][ T8372] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.720689][ T8372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.730881][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.744869][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.757859][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.771490][ T5] Bluetooth: hci3: command 0x041b tx timeout [ 193.771915][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.807830][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.822270][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.852410][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.868537][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.882489][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.894688][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.907844][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.917700][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 193.927313][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 193.938070][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.952393][ T8342] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.982301][ T8339] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.992838][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 194.008442][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 194.029157][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.039111][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.064932][ T8342] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.077923][ T8373] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 194.088665][ T8373] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 194.110046][ T8340] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.120013][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.132020][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.159840][ T8344] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 194.178114][ T8344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.192864][ T8373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.210535][ T8373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.230479][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 194.244150][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 194.266059][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 194.285134][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 194.323657][ T8339] device veth0_vlan entered promiscuous mode [ 194.350608][ T8339] device veth1_vlan entered promiscuous mode [ 194.377194][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 194.390119][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 194.403701][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 194.439319][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 194.451066][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 194.463548][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 194.474238][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 194.488166][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 194.503283][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 194.516286][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 194.528902][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 194.543897][ T8340] device veth0_vlan entered promiscuous mode [ 194.565213][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 194.576784][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 194.586295][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 194.597263][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 194.606468][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 194.620884][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 194.629897][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 194.642686][ T8342] device veth0_vlan entered promiscuous mode [ 194.654123][ T8344] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.678250][ T8340] device veth1_vlan entered promiscuous mode [ 194.696935][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 194.707411][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 194.720828][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 194.734803][ T8342] device veth1_vlan entered promiscuous mode [ 194.754029][ T8339] device veth0_macvtap entered promiscuous mode [ 194.765178][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 194.774748][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 194.783646][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 194.793753][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 194.805304][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 194.832695][ T8339] device veth1_macvtap entered promiscuous mode [ 194.850348][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 194.874080][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 194.896304][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 194.934171][ T1247] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 194.965831][ T8344] device veth0_vlan entered promiscuous mode [ 194.997327][ T8344] device veth1_vlan entered promiscuous mode [ 195.017827][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 195.049169][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 195.062853][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 195.091430][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 195.104389][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 195.130917][ T8340] device veth0_macvtap entered promiscuous mode [ 195.147270][ T8339] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.179136][ T8340] device veth1_macvtap entered promiscuous mode [ 195.189476][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 195.200246][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 195.209983][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 195.220774][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 195.237988][ T8339] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.260668][ T8339] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.272130][ T8339] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.283284][ T1247] Bluetooth: hci0: command 0x040f tx timeout [ 195.283580][ T8339] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.300874][ T8339] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.320119][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 195.333220][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 195.354888][ T8342] device veth0_macvtap entered promiscuous mode [ 195.366604][ T8371] Bluetooth: hci1: command 0x040f tx timeout [ 195.379495][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 195.390850][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 195.405238][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 195.466240][ T8342] device veth1_macvtap entered promiscuous mode [ 195.479661][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 195.500947][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 195.527259][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 195.559499][ T8340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 195.591153][ T8340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.618164][ T8340] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.645224][ T8340] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 195.665564][ T8340] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.687885][ T8340] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.692255][ T1247] Bluetooth: hci2: command 0x040f tx timeout [ 195.702348][ T8340] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.718519][ T8340] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.732330][ T8340] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.746537][ T8340] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.759947][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 195.773949][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 195.796410][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 195.815355][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 195.841572][ T5] Bluetooth: hci3: command 0x040f tx timeout [ 195.843060][ T8344] device veth0_macvtap entered promiscuous mode [ 195.903461][ T8342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 195.929039][ T8342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.943397][ T8342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 195.957634][ T8342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.977312][ T8342] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.990261][ T8344] device veth1_macvtap entered promiscuous mode [ 196.017908][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 196.030838][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 196.041904][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 196.052913][ T2559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 196.074439][ T8342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 196.108110][ T8342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.132926][ T8342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 196.153642][ T8342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.183396][ T8342] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.212897][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 196.226272][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 196.250582][ T8342] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.262546][ T8342] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.273854][ T8342] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.285172][ T8342] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.342414][ T8344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 196.360626][ T8344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.374612][ T8344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 196.388209][ T8344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.405022][ T8344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 196.422492][ T8344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.438031][ T8344] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.451962][ T2455] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.460778][ T2455] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.470439][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 196.483995][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 196.495185][ T8344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 196.508430][ T8344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.523435][ T8344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 196.535095][ T8344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.546139][ T8344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 196.558054][ T8344] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.571039][ T8344] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.595266][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 196.604060][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 196.615713][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 196.639091][ T8344] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.649599][ T8344] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.659677][ T8344] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.669252][ T8344] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.702303][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.712301][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.730132][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 196.748080][ T2455] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.762002][ T2455] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.798130][ T8361] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 196.855566][ T2455] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.859053][ T8366] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.869997][ T2455] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.871385][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 196.880790][ T8366] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.937293][ T2455] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.942385][ T8375] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 196.964410][ T2455] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.013756][ T8370] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 197.053853][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 197.055955][ T8339] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 197.064435][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.065407][ T8375] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 197.134378][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 197.166237][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.188152][ T8375] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 197.363569][ T8375] Bluetooth: hci0: command 0x0419 tx timeout 12:53:42 executing program 1: 12:53:42 executing program 3: 12:53:42 executing program 0: [ 197.451827][ T8375] Bluetooth: hci1: command 0x0419 tx timeout 12:53:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89a0, &(0x7f0000000000)={'syztnl2\x00', 0x0}) 12:53:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x8912, 0x0) 12:53:43 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendto$ax25(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 12:53:43 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) 12:53:43 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCADDRT(r0, 0x891c, &(0x7f0000000400)={0x0, @l2tp={0x2, 0x0, @local}, @isdn, @ethernet={0x0, @random="f0a40fac2d15"}}) 12:53:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89a0, &(0x7f0000000000)={'syztnl2\x00', 0x0}) 12:53:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x8980, &(0x7f0000000700)={'gre0\x00', 0x0}) 12:53:43 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000003280)={'team0\x00', 0x0}) sendmsg$inet(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x2, 0x4e22, @private}, 0x10, 0x0, 0x0, &(0x7f0000000040)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @loopback, @private}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast1}}}], 0x40}, 0x0) 12:53:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89a0, &(0x7f0000000000)={'syztnl2\x00', 0x0}) 12:53:43 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f00000016c0)={&(0x7f0000000040)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x10, &(0x7f0000001600)=[{0x0}, {0x0}, {&(0x7f00000001c0)='|', 0x1}], 0x3}, 0x8000) 12:53:43 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vxcan0\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000900)={0x3, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r1, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) [ 197.763810][ T8375] Bluetooth: hci2: command 0x0419 tx timeout 12:53:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89a0, &(0x7f0000000000)={'syztnl2\x00', 0x0}) 12:53:43 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@ip_retopts={{0x2}}, @ip_ttl={{0x14}}], 0x28}, 0x0) 12:53:43 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x8993, &(0x7f0000000700)={'gre0\x00', 0x0}) 12:53:43 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCADDRT(r0, 0x541b, &(0x7f0000000400)={0x0, @l2tp={0x2, 0x0, @local}, @isdn, @ethernet={0x0, @random="f0a40fac2d15"}}) 12:53:43 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x14, 0x0, 0x7, {[@ra={0x94, 0x4}]}}}], 0x18}, 0x0) 12:53:43 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000001400)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000001440)={0x20, 0x8, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xd]}) 12:53:43 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x2, 0x4e22, @private=0xe0000000}, 0x10, 0x0, 0x0, &(0x7f0000000380)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x10}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast1}}}], 0x38}, 0x0) [ 197.931627][ T8375] Bluetooth: hci3: command 0x0419 tx timeout 12:53:43 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x2, 0x4e22, @private}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ssrr={0x89, 0x8, 0x4, [@remote]}]}}}], 0x18}, 0x0) 12:53:43 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f00000000c0)={0x0, @l2tp={0x2, 0x0, @local}, @tipc, @nl=@unspec, 0x5, 0x0, 0x0, 0x0, 0x7ff, &(0x7f0000000080)='ip6gre0\x00'}) 12:53:43 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', 0x0}) sendmsg$inet(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x2, 0x4e22, @private}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}}}, @ip_retopts={{0x18, 0x0, 0x7, {[@cipso={0x86, 0x6}]}}}], 0x38}, 0x0) 12:53:43 executing program 1: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioperm(0x0, 0x8a0b, 0x8) 12:53:43 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x2, 0x4e22, @private}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ssrr={0x89, 0x8, 0x4, [@remote]}]}}}], 0x18}, 0x0) 12:53:43 executing program 0: request_key(&(0x7f0000000280)='keyring\x00', &(0x7f00000002c0)={'syz', 0x3}, &(0x7f0000000300)='/dev/infiniband/rdma_cm\x00', 0xfffffffffffffffb) 12:53:43 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000001400)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000001440)={0x20, 0x8, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0xd]}) 12:53:43 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x2, 0x4e22, @private}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@ssrr={0x89, 0x8, 0x4, [@remote]}]}}}], 0x18}, 0x0) 12:53:43 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000280)=[@ip_retopts={{0x14, 0x0, 0x7, {[@generic={0x0, 0x3, "04"}]}}}], 0x18}, 0x0) [ 198.147208][ T8468] ================================================================== [ 198.149257][ T8468] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x117f/0x1290 [ 198.149351][ T8468] Write of size 4 at addr ffffc90009d91000 by task syz-executor.3/8468 [ 198.149355][ T8468] [ 198.150944][ T8468] CPU: 2 PID: 8468 Comm: syz-executor.3 Not tainted 5.9.0-syzkaller #0 [ 198.151275][ T8468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 198.151275][ T8468] Call Trace: [ 198.151275][ T8468] dump_stack+0x198/0x1fb [ 198.151275][ T8468] ? sys_imageblit+0x117f/0x1290 [ 198.151275][ T8468] ? sys_imageblit+0x117f/0x1290 [ 198.151275][ T8468] print_address_description.constprop.0.cold+0x5/0x497 [ 198.151275][ T8468] ? check_preemption_disabled+0x50/0x130 [ 198.151275][ T8468] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 198.151275][ T8468] ? vprintk_func+0x95/0x1e0 [ 198.151275][ T8468] ? sys_imageblit+0x117f/0x1290 [ 198.151275][ T8468] ? sys_imageblit+0x117f/0x1290 [ 198.151275][ T8468] kasan_report.cold+0x1f/0x37 [ 198.151275][ T8468] ? sys_imageblit+0x117f/0x1290 [ 198.151275][ T8468] sys_imageblit+0x117f/0x1290 [ 198.151275][ T8468] drm_fb_helper_sys_imageblit+0x1c/0x180 [ 198.151275][ T8468] bit_putcs+0x6e1/0xd20 [ 198.151275][ T8468] ? bit_cursor+0x1720/0x1720 [ 198.151275][ T8468] ? wait_for_completion+0x260/0x260 [ 198.151275][ T8468] ? fb_get_color_depth+0x101/0x240 [ 198.151275][ T8468] ? fb_get_color_depth+0x11a/0x240 [ 198.151275][ T8468] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 198.151275][ T8468] ? bit_cursor+0x1720/0x1720 [ 198.151275][ T8468] fbcon_putcs+0x35a/0x450 [ 198.151275][ T8468] do_update_region+0x399/0x630 [ 198.151275][ T8468] ? con_get_trans_old+0x2a0/0x2a0 [ 198.151275][ T8468] ? fb_get_color_depth+0x11a/0x240 [ 198.151275][ T8468] ? fbcon_set_palette+0x422/0x620 [ 198.151275][ T8468] ? var_to_display+0x7f0/0x7f0 [ 198.151275][ T8468] redraw_screen+0x658/0x790 [ 198.151275][ T8468] ? vc_init+0x5a0/0x5a0 [ 198.151275][ T8468] ? fbcon_set_palette+0x422/0x620 [ 198.151275][ T8468] fbcon_modechanged+0x593/0x6d0 [ 198.151275][ T8468] fbcon_update_vcs+0x3a/0x50 [ 198.151275][ T8468] do_fb_ioctl+0x62e/0x690 [ 198.151275][ T8468] ? fb_set_suspend+0x1a0/0x1a0 [ 198.151275][ T8468] ? lock_downgrade+0x7a0/0x7a0 [ 198.151275][ T8468] ? check_preemption_disabled+0x50/0x130 [ 198.151275][ T8468] ? check_preemption_disabled+0x50/0x130 [ 198.151275][ T8468] ? kfree+0x212/0x2a0 [ 198.151275][ T8468] ? tomoyo_path_number_perm+0x441/0x590 [ 198.151275][ T8468] ? lockdep_hardirqs_on+0x60/0x110 [ 198.151275][ T8468] ? tomoyo_path_number_perm+0x24e/0x590 [ 198.151275][ T8468] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 198.151275][ T8468] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 198.151275][ T8468] ? do_vfs_ioctl+0x27d/0x1090 [ 198.151275][ T8468] ? generic_block_fiemap+0x60/0x60 [ 198.151275][ T8468] fb_compat_ioctl+0x17c/0xc10 [ 198.151275][ T8468] ? fb_open+0x430/0x430 [ 198.151275][ T8468] ? __fget_files+0x294/0x400 [ 198.151275][ T8468] ? bpf_lsm_file_ioctl+0x5/0x10 [ 198.151275][ T8468] ? fb_open+0x430/0x430 [ 198.151275][ T8468] __do_compat_sys_ioctl+0x1d3/0x230 [ 198.151275][ T8468] __do_fast_syscall_32+0x56/0x80 [ 198.151275][ T8468] do_fast_syscall_32+0x2f/0x70 [ 198.151275][ T8468] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 198.151275][ T8468] RIP: 0023:0xf7f73549 [ 198.154408][ T8468] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 198.154408][ T8468] RSP: 002b:00000000f556d0bc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 198.154408][ T8468] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 198.154408][ T8468] RDX: 0000000020001440 RSI: 0000000000000000 RDI: 0000000000000000 [ 198.154408][ T8468] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 198.154408][ T8468] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 198.154408][ T8468] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 198.154408][ T8468] [ 198.154408][ T8468] [ 198.154870][ T8468] Memory state around the buggy address: [ 198.154875][ T8468] ffffc90009d90f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 198.154875][ T8468] ffffc90009d90f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 198.154875][ T8468] >ffffc90009d91000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 198.154875][ T8468] ^ [ 198.154875][ T8468] ffffc90009d91080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 198.154875][ T8468] ffffc90009d91100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 198.154875][ T8468] ================================================================== [ 198.154875][ T8468] Disabling lock debugging due to kernel taint [ 198.177177][ T8468] Kernel panic - not syncing: panic_on_warn set ... [ 198.177258][ T8468] CPU: 2 PID: 8468 Comm: syz-executor.3 Tainted: G B 5.9.0-syzkaller #0 [ 198.177264][ T8468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 198.177325][ T8468] Call Trace: [ 198.177437][ T8468] dump_stack+0x198/0x1fb [ 198.177449][ T8468] ? sys_imageblit+0x1120/0x1290 [ 198.177458][ T8468] panic+0x382/0x7fb [ 198.177466][ T8468] ? __warn_printk+0xf3/0xf3 [ 198.177474][ T8468] ? preempt_schedule_common+0x59/0xc0 [ 198.177482][ T8468] ? sys_imageblit+0x117f/0x1290 [ 198.177490][ T8468] ? preempt_schedule_thunk+0x16/0x18 [ 198.177499][ T8468] ? trace_hardirqs_on+0x51/0x1c0 [ 198.177507][ T8468] ? sys_imageblit+0x117f/0x1290 [ 198.177518][ T8468] ? sys_imageblit+0x117f/0x1290 [ 198.177525][ T8468] end_report+0x58/0x5e [ 198.177536][ T8468] kasan_report.cold+0xd/0x37 [ 198.177544][ T8468] ? sys_imageblit+0x117f/0x1290 [ 198.177552][ T8468] sys_imageblit+0x117f/0x1290 [ 198.177563][ T8468] drm_fb_helper_sys_imageblit+0x1c/0x180 [ 198.177571][ T8468] bit_putcs+0x6e1/0xd20 [ 198.177580][ T8468] ? bit_cursor+0x1720/0x1720 [ 198.177587][ T8468] ? wait_for_completion+0x260/0x260 [ 198.177600][ T8468] ? fb_get_color_depth+0x101/0x240 [ 198.177608][ T8468] ? fb_get_color_depth+0x11a/0x240 [ 198.177617][ T8468] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 198.177625][ T8468] ? bit_cursor+0x1720/0x1720 [ 198.177631][ T8468] fbcon_putcs+0x35a/0x450 [ 198.177642][ T8468] do_update_region+0x399/0x630 [ 198.177650][ T8468] ? con_get_trans_old+0x2a0/0x2a0 [ 198.177656][ T8468] ? fb_get_color_depth+0x11a/0x240 [ 198.177663][ T8468] ? fbcon_set_palette+0x422/0x620 [ 198.177670][ T8468] ? var_to_display+0x7f0/0x7f0 [ 198.177677][ T8468] redraw_screen+0x658/0x790 [ 198.177685][ T8468] ? vc_init+0x5a0/0x5a0 [ 198.177692][ T8468] ? fbcon_set_palette+0x422/0x620 [ 198.177699][ T8468] fbcon_modechanged+0x593/0x6d0 [ 198.177707][ T8468] fbcon_update_vcs+0x3a/0x50 [ 198.177714][ T8468] do_fb_ioctl+0x62e/0x690 [ 198.177722][ T8468] ? fb_set_suspend+0x1a0/0x1a0 [ 198.177729][ T8468] ? lock_downgrade+0x7a0/0x7a0 [ 198.177736][ T8468] ? check_preemption_disabled+0x50/0x130 [ 198.177743][ T8468] ? check_preemption_disabled+0x50/0x130 [ 198.177750][ T8468] ? kfree+0x212/0x2a0 [ 198.177758][ T8468] ? tomoyo_path_number_perm+0x441/0x590 [ 198.177765][ T8468] ? lockdep_hardirqs_on+0x60/0x110 [ 198.177773][ T8468] ? tomoyo_path_number_perm+0x24e/0x590 [ 198.177781][ T8468] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 198.177792][ T8468] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 198.177798][ T8468] ? do_vfs_ioctl+0x27d/0x1090 [ 198.177805][ T8468] ? generic_block_fiemap+0x60/0x60 [ 198.177811][ T8468] fb_compat_ioctl+0x17c/0xc10 [ 198.177817][ T8468] ? fb_open+0x430/0x430 [ 198.177824][ T8468] ? __fget_files+0x294/0x400 [ 198.177832][ T8468] ? bpf_lsm_file_ioctl+0x5/0x10 [ 198.177849][ T8468] ? fb_open+0x430/0x430 [ 198.177856][ T8468] __do_compat_sys_ioctl+0x1d3/0x230 [ 198.177862][ T8468] __do_fast_syscall_32+0x56/0x80 [ 198.177868][ T8468] do_fast_syscall_32+0x2f/0x70 [ 198.177876][ T8468] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 198.177911][ T8468] RIP: 0023:0xf7f73549 [ 198.177919][ T8468] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 198.177927][ T8468] RSP: 002b:00000000f556d0bc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 198.177940][ T8468] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004601 [ 198.177944][ T8468] RDX: 0000000020001440 RSI: 0000000000000000 RDI: 0000000000000000 [ 198.177948][ T8468] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 198.177952][ T8468] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 198.177957][ T8468] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 198.181263][ T8468] Kernel Offset: disabled [ 198.181263][ T8468] Rebooting in 86400 seconds..