Warning: Permanently added '[localhost]:48747' (ECDSA) to the list of known hosts. 2020/10/21 22:28:09 fuzzer started 2020/10/21 22:28:10 dialing manager at 10.0.2.10:35517 2020/10/21 22:28:10 syscalls: 3441 2020/10/21 22:28:10 code coverage: enabled 2020/10/21 22:28:10 comparison tracing: enabled 2020/10/21 22:28:10 extra coverage: enabled 2020/10/21 22:28:10 setuid sandbox: enabled 2020/10/21 22:28:10 namespace sandbox: enabled 2020/10/21 22:28:10 Android sandbox: /sys/fs/selinux/policy does not exist 2020/10/21 22:28:10 fault injection: enabled 2020/10/21 22:28:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/10/21 22:28:10 net packet injection: enabled 2020/10/21 22:28:10 net device setup: enabled 2020/10/21 22:28:10 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/10/21 22:28:10 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/10/21 22:28:10 USB emulation: enabled 2020/10/21 22:28:10 hci packet injection: enabled 2020/10/21 22:28:10 wifi device emulation: enabled 22:29:10 executing program 0: r0 = socket(0x11, 0xa, 0x0) sendmsg$NL80211_CMD_SET_WOWLAN(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={0x0, 0x3b8}}, 0x0) 22:29:11 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000d80)=ANY=[], 0x9f4}}, 0x0) recvmsg(r0, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x40) 22:29:11 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$inet(r0, &(0x7f00000041c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000800) 22:29:11 executing program 3: inotify_init1(0x100000) syzkaller login: [ 157.740185][ T9215] IPVS: ftp: loaded support on port[0] = 21 [ 157.868730][ T9217] IPVS: ftp: loaded support on port[0] = 21 [ 157.879697][ T9215] chnl_net:caif_netlink_parms(): no params data found [ 157.994172][ T9215] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.031583][ T9215] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.088434][ T9215] device bridge_slave_0 entered promiscuous mode [ 158.115061][ T9215] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.149505][ T9215] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.170057][ T9215] device bridge_slave_1 entered promiscuous mode [ 158.209227][ T9215] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 158.228586][ T9215] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 158.245604][ T9219] IPVS: ftp: loaded support on port[0] = 21 [ 158.275073][ T9215] team0: Port device team_slave_0 added [ 158.297671][ T9217] chnl_net:caif_netlink_parms(): no params data found [ 158.314339][ T9215] team0: Port device team_slave_1 added [ 158.376069][ T9215] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 158.391773][ T9215] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.433903][ T9215] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 158.471143][ T9221] IPVS: ftp: loaded support on port[0] = 21 [ 158.486520][ T9215] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 158.497720][ T9215] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.542770][ T9215] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 158.568969][ T9217] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.580682][ T9217] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.592174][ T9217] device bridge_slave_0 entered promiscuous mode [ 158.604689][ T9217] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.619415][ T9217] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.634664][ T9217] device bridge_slave_1 entered promiscuous mode [ 158.668852][ T9215] device hsr_slave_0 entered promiscuous mode [ 158.685362][ T9215] device hsr_slave_1 entered promiscuous mode [ 158.716015][ T9217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 158.737375][ T9217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 158.804598][ T9217] team0: Port device team_slave_0 added [ 158.821522][ T9217] team0: Port device team_slave_1 added [ 158.865666][ T9217] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 158.879895][ T9217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 158.920064][ T9217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 158.961525][ T9217] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 158.975234][ T9217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.027237][ T9217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 159.051663][ T9219] chnl_net:caif_netlink_parms(): no params data found [ 159.101646][ T9217] device hsr_slave_0 entered promiscuous mode [ 159.150720][ T9217] device hsr_slave_1 entered promiscuous mode [ 159.161480][ T9217] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 159.176456][ T9217] Cannot create hsr debugfs directory [ 159.286158][ T9219] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.298687][ T9219] bridge0: port 1(bridge_slave_0) entered disabled state [ 159.314671][ T9219] device bridge_slave_0 entered promiscuous mode [ 159.336791][ T9219] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.352802][ T9219] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.369915][ T9219] device bridge_slave_1 entered promiscuous mode [ 159.451247][ T9219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 159.523257][ T9221] chnl_net:caif_netlink_parms(): no params data found [ 159.561236][ T9219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 159.615984][ T9215] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 159.633428][ T9215] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 159.656185][ T9215] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 159.677999][ T9219] team0: Port device team_slave_0 added [ 159.705449][ T9219] team0: Port device team_slave_1 added [ 159.747858][ T5] Bluetooth: hci0: command 0x0409 tx timeout [ 159.785881][ T9215] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 159.872496][ T9219] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 159.886338][ T9219] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 159.893512][ T28] Bluetooth: hci1: command 0x0409 tx timeout [ 159.926984][ T9219] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 159.970349][ T9219] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 159.982215][ T9219] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.017253][ T9219] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 160.036081][ T9217] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 160.062524][ T9221] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.076434][ T9221] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.090084][ T9221] device bridge_slave_0 entered promiscuous mode [ 160.103006][ T9221] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.117058][ T9221] bridge0: port 2(bridge_slave_1) entered disabled state [ 160.148673][ T9221] device bridge_slave_1 entered promiscuous mode [ 160.172399][ T9217] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 160.200564][ T9219] device hsr_slave_0 entered promiscuous mode [ 160.211326][ T9219] device hsr_slave_1 entered promiscuous mode [ 160.222153][ T9242] Bluetooth: hci2: command 0x0409 tx timeout [ 160.232237][ T9219] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 160.242817][ T9219] Cannot create hsr debugfs directory [ 160.253741][ T9217] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 160.272932][ T9221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 160.295925][ T9217] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 160.327816][ T9221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 160.372447][ T3473] Bluetooth: hci3: command 0x0409 tx timeout [ 160.379615][ T9221] team0: Port device team_slave_0 added [ 160.397460][ T9221] team0: Port device team_slave_1 added [ 160.443212][ T9221] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 160.452547][ T9221] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.488119][ T9221] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 160.511613][ T9221] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 160.523839][ T9221] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 160.579826][ T9221] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 160.647540][ T9221] device hsr_slave_0 entered promiscuous mode [ 160.666050][ T9221] device hsr_slave_1 entered promiscuous mode [ 160.684574][ T9221] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 160.715287][ T9221] Cannot create hsr debugfs directory [ 160.867867][ T9219] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 160.887165][ T9219] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 160.917031][ T9219] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 160.937392][ T9219] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 160.971260][ T9215] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.027777][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 161.040234][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 161.075450][ T9215] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.100726][ T9221] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 161.115056][ T9221] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 161.129310][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 161.145838][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 161.161397][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.172029][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.189425][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 161.214068][ T9217] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.225162][ T9221] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 161.239143][ T9221] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 161.250376][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 161.262820][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 161.275372][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.284970][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.304873][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.317433][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 161.343015][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 161.354715][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 161.365969][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 161.377059][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 161.392865][ T9217] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.405301][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 161.430519][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 161.444531][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 161.458623][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 161.470075][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 161.481947][ T1717] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.493927][ T1717] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.506757][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 161.519646][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 161.533803][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 161.552666][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 161.565643][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 161.577867][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 161.589819][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 161.601387][ T1720] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.610921][ T1720] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.629613][ T9215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 161.649004][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.675013][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 161.697394][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 161.708812][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 161.728311][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 161.747003][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 161.773125][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 161.789569][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 161.802614][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 161.812425][ T3473] Bluetooth: hci0: command 0x041b tx timeout [ 161.826984][ T9215] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.844609][ T9219] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.857065][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 161.867974][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 161.890079][ T9221] 8021q: adding VLAN 0 to HW filter on device bond0 [ 161.909601][ T9217] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 161.929092][ T9217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 161.946123][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 161.959761][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 161.972038][ T5] Bluetooth: hci1: command 0x041b tx timeout [ 161.986648][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 162.001017][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 162.014236][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 162.025854][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 162.050612][ T9219] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.061641][ T9221] 8021q: adding VLAN 0 to HW filter on device team0 [ 162.081752][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 162.094056][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 162.107166][ T9242] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.117901][ T9242] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.129996][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 162.142824][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 162.153826][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 162.168166][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 162.183695][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 162.200084][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 162.210802][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 162.222125][ T1717] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.230775][ T1717] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.248501][ T9217] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 162.265098][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 162.276413][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 162.287475][ T1720] bridge0: port 1(bridge_slave_0) entered blocking state [ 162.292222][ T28] Bluetooth: hci2: command 0x041b tx timeout [ 162.297200][ T1720] bridge0: port 1(bridge_slave_0) entered forwarding state [ 162.320821][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 162.334185][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 162.346600][ T1720] bridge0: port 2(bridge_slave_1) entered blocking state [ 162.356097][ T1720] bridge0: port 2(bridge_slave_1) entered forwarding state [ 162.367585][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 162.379518][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 162.407397][ T9215] device veth0_vlan entered promiscuous mode [ 162.424248][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 162.438222][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 162.453620][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 162.466549][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 162.478007][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 162.493290][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 162.506403][ T67] Bluetooth: hci3: command 0x041b tx timeout [ 162.521138][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 162.531302][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 162.542665][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 162.553339][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 162.567726][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 162.580452][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 162.594985][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 162.607205][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 162.622415][ T9215] device veth1_vlan entered promiscuous mode [ 162.642378][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 162.652440][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 162.663079][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 162.673077][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 162.686236][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 162.699856][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 162.712439][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 162.738163][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 162.749816][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 162.761114][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 162.772037][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 162.788571][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 162.807270][ T9217] device veth0_vlan entered promiscuous mode [ 162.822408][ T9217] device veth1_vlan entered promiscuous mode [ 162.833854][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 162.847324][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 162.859936][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 162.871151][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 162.883300][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 162.895348][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 162.906399][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 162.924175][ T9215] device veth0_macvtap entered promiscuous mode [ 162.937073][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 162.950125][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 162.963234][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 162.976182][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 162.989661][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 163.015687][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 163.028579][ T9215] device veth1_macvtap entered promiscuous mode [ 163.061050][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 163.075201][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 163.098118][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 163.116114][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 163.132065][ T9217] device veth0_macvtap entered promiscuous mode [ 163.142786][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 163.154061][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 163.164453][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 163.182279][ T9217] device veth1_macvtap entered promiscuous mode [ 163.202960][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 163.224584][ T9221] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 163.240438][ T9215] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.251755][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 163.263026][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 163.273614][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 163.285116][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 163.304768][ T9215] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.319399][ T9219] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 163.334219][ T9217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 163.350759][ T9217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.367640][ T9217] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.380289][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 163.391753][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 163.402609][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 163.413986][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 163.426700][ T9215] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.438932][ T9215] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.450506][ T9215] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.462358][ T9215] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.490654][ T9217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 163.505426][ T9217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.520558][ T9217] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.550608][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 163.562827][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 163.574813][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 163.586101][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 163.603100][ T9217] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.616555][ T9217] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.628957][ T9217] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.640460][ T9217] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.668011][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 163.678929][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 163.740674][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 163.752689][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 163.763238][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 163.773855][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 163.784560][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 163.794369][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 163.804125][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 163.813821][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 163.824953][ T9219] device veth0_vlan entered promiscuous mode [ 163.843927][ T9221] device veth0_vlan entered promiscuous mode [ 163.865406][ T9238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.867743][ T9221] device veth1_vlan entered promiscuous mode [ 163.876668][ T9238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.892353][ T67] Bluetooth: hci0: command 0x040f tx timeout [ 163.909234][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 163.919524][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 163.946727][ T9219] device veth1_vlan entered promiscuous mode [ 163.963442][ T9238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 163.974654][ T9238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 163.987639][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 164.001740][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 164.017020][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 164.034343][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 164.061365][ T9245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.078522][ T9245] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.078532][ T5] Bluetooth: hci1: command 0x040f tx timeout [ 164.106009][ T9238] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.117416][ T9238] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.118103][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 164.138259][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 164.148753][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 164.159981][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 164.175195][ T9221] device veth0_macvtap entered promiscuous mode [ 164.190197][ T9221] device veth1_macvtap entered promiscuous mode [ 164.220837][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 164.238496][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 164.249719][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 164.263174][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 164.277400][ T9219] device veth0_macvtap entered promiscuous mode [ 164.293560][ T9221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 164.293775][ T9217] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 164.309170][ T9221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.342533][ T9221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 164.364191][ T9221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.373802][ T9251] Bluetooth: hci2: command 0x040f tx timeout [ 164.390124][ T9221] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 164.428155][ T9219] device veth1_macvtap entered promiscuous mode 22:29:19 executing program 1: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x4, 0x3a8, 0xffffffff, 0x0, 0xd0, 0x1e8, 0xffffffff, 0xffffffff, 0x2d8, 0x2d8, 0x2d8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @mcast1, [], [], 'rose0\x00', 'veth1_virt_wifi\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@ipv6={@mcast1, @empty, [], [], 'veth0_to_bridge\x00', 'batadv0\x00'}, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@hbh={{0x48, 'hbh\x00'}}]}, @common=@unspec=@STANDARD={0x28}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@local}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x408) [ 164.463434][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 164.479424][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 164.495676][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready 22:29:19 executing program 1: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000040)=@filter={'filter\x00', 0xe, 0x4, 0x388, 0xffffffff, 0x0, 0x1e8, 0x0, 0xffffffff, 0xffffffff, 0x2b8, 0x2b8, 0x2b8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @mcast1, [], [], 'rose0\x00', 'veth1_virt_wifi\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@ipv6={@mcast1, @empty, [], [], 'veth0_to_bridge\x00', 'batadv0\x00'}, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@hbh={{0x48, 'hbh\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@ipv6={@private0, @ipv4={[], [], @loopback}, [], [], 'veth0_to_batadv\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3e8) [ 164.519038][ T9221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 164.542775][ T9221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.545776][ T9250] Bluetooth: hci3: command 0x040f tx timeout [ 164.555395][ T9221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 22:29:19 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x9, 0x3, 0x280, 0x100, 0xffffffff, 0xffffffff, 0x100, 0xffffffff, 0x1e8, 0xffffffff, 0xffffffff, 0x1e8, 0xffffffff, 0x3, 0x0, {[{{@ip={@private, @multicast1, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_1\x00'}, 0x0, 0x98, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@addrtype={{0x30, 'addrtype\x00'}}, @common=@socket0={{0x20, 'socket\x00'}}]}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e0) [ 164.588785][ T9221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.620928][ T9221] batman_adv: batadv0: Interface activated: batadv_slave_1 22:29:19 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000000)) [ 164.634198][ T9221] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 22:29:19 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@filter={'filter\x00', 0xe, 0x4, 0x368, 0xffffffff, 0x0, 0xb8, 0xb8, 0xffffffff, 0xffffffff, 0x2d0, 0x2d0, 0x2d0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x90, 0xb8, 0x0, {}, [@common=@socket0={{0x20, 'socket\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x31}}}, {{@uncond, 0x0, 0xc0, 0x120, 0x0, {}, [@common=@osf={{0x50, 'osf\x00'}, {'syz1\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}, {{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@ttl={{0x28, 'ttl\x00'}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8) [ 164.648157][ T9221] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.666531][ T9221] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.680323][ T9221] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 22:29:19 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000240)={0x53, 0x0, 0x6, 0x1f, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)="cdfff4a3f290", &(0x7f0000000080)=""/62, 0x0, 0x10014, 0x0, 0x0}) [ 164.702930][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 164.715959][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 164.747144][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 164.766328][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.780909][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 164.797365][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.809353][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 164.823253][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.843567][ T9219] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 164.860649][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 164.873869][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.886616][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 164.901905][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.914413][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 164.927107][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 164.941659][ T9219] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 164.954115][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 164.964442][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 164.976597][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 164.986898][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 165.017997][ T9219] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.034680][ T9219] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.056265][ T9219] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.072841][ T9219] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 165.112621][ T9245] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.123215][ T9245] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.134500][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 165.155719][ T2967] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.167452][ T2967] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.180514][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 165.230309][ T2967] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.245616][ T9238] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 165.246520][ T2967] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.257761][ T9238] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 165.267330][ T9252] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 165.286136][ T9252] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 22:29:19 executing program 2: 22:29:19 executing program 0: r0 = socket$l2tp(0x2, 0x2, 0x73) getsockname(r0, 0x0, &(0x7f0000000080)) 22:29:19 executing program 1: r0 = syz_open_dev$vim2m(&(0x7f0000000100)='/dev/video#\x00', 0x0, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000000)={0x7}) 22:29:20 executing program 3: 22:29:20 executing program 0: 22:29:20 executing program 1: syz_open_dev$vim2m(&(0x7f00000000c0)='/dev/video#\x00', 0x0, 0x2) select(0x40, &(0x7f0000000000), 0x0, &(0x7f00000000c0)={0xa}, 0x0) 22:29:20 executing program 2: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000580)=@security={'security\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x0, 0x1d8, 0x0, 0xffffffff, 0xffffffff, 0x2a8, 0x2a8, 0x2a8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @private0, [], [], 'batadv0\x00', 'lo\x00', {}, {}, 0x87}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@mh={{0x28, 'mh\x00'}, {"f48d"}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00'}}, {{@ipv6={@private0, @private0, [], [], 'veth0_macvtap\x00', 'bond_slave_1\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@MARK={0x28, 'MARK\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8) 22:29:20 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xe6, &(0x7f0000000080)=""/230}, &(0x7f0000000180)="6c18183ce0d8", 0x0, 0x0, 0x0, 0x0, 0x0}) 22:29:20 executing program 0: 22:29:20 executing program 1: 22:29:20 executing program 3: 22:29:20 executing program 2: 22:29:20 executing program 0: 22:29:20 executing program 1: 22:29:20 executing program 2: 22:29:20 executing program 3: 22:29:20 executing program 0: 22:29:20 executing program 1: 22:29:20 executing program 2: 22:29:20 executing program 1: 22:29:20 executing program 3: 22:29:20 executing program 0: 22:29:20 executing program 2: 22:29:20 executing program 0: 22:29:20 executing program 3: 22:29:20 executing program 1: 22:29:20 executing program 1: 22:29:20 executing program 2: 22:29:20 executing program 0: 22:29:20 executing program 3: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000140)=@mangle={'mangle\x00', 0x1f, 0x6, 0x688, 0x2f8, 0x458, 0x1c0, 0x1c0, 0x458, 0x5b8, 0x5b8, 0x5b8, 0x5b8, 0x5b8, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'veth0_macvtap\x00'}}}, {{@ipv6={@remote, @dev, [], [], 'veth1_to_batadv\x00', 'veth0_to_bond\x00'}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@uncond, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@unspec=@limit={{0x48, 'limit\x00'}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@empty, @ipv4=@multicast1}}}, {{@uncond, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90, 'srh\x00'}, {0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={[], [], @broadcast}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast2}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@uncond, 0x0, 0x118, 0x160, 0x0, {}, [@common=@hl={{0x28, 'hl\x00'}}, @common=@dst={{0x48, 'dst\x00'}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@mcast2, @ipv6=@dev}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6e8) 22:29:20 executing program 2: 22:29:20 executing program 1: 22:29:20 executing program 0: 22:29:20 executing program 3: 22:29:20 executing program 3: 22:29:20 executing program 1: 22:29:20 executing program 2: 22:29:20 executing program 3: 22:29:20 executing program 0: 22:29:20 executing program 3: 22:29:20 executing program 1: 22:29:20 executing program 2: [ 165.972192][ T3473] Bluetooth: hci0: command 0x0419 tx timeout 22:29:20 executing program 0: 22:29:20 executing program 3: 22:29:20 executing program 2: 22:29:20 executing program 1: 22:29:20 executing program 3: 22:29:20 executing program 0: 22:29:20 executing program 2: 22:29:20 executing program 3: 22:29:20 executing program 1: 22:29:20 executing program 0: 22:29:20 executing program 2: 22:29:20 executing program 3: [ 166.142603][ T1717] Bluetooth: hci1: command 0x0419 tx timeout 22:29:20 executing program 1: 22:29:20 executing program 2: 22:29:20 executing program 3: 22:29:20 executing program 0: 22:29:20 executing program 2: 22:29:20 executing program 3: 22:29:20 executing program 1: 22:29:20 executing program 0: 22:29:20 executing program 2: 22:29:20 executing program 1: 22:29:20 executing program 2: 22:29:20 executing program 0: 22:29:20 executing program 3: 22:29:20 executing program 1: 22:29:20 executing program 2: 22:29:21 executing program 0: 22:29:21 executing program 3: 22:29:21 executing program 1: 22:29:21 executing program 0: 22:29:21 executing program 2: 22:29:21 executing program 1: 22:29:21 executing program 0: 22:29:21 executing program 3: [ 166.452052][ T1717] Bluetooth: hci2: command 0x0419 tx timeout 22:29:21 executing program 2: 22:29:21 executing program 0: 22:29:21 executing program 1: 22:29:21 executing program 2: 22:29:21 executing program 3: 22:29:21 executing program 0: 22:29:21 executing program 2: 22:29:21 executing program 3: 22:29:21 executing program 1: 22:29:21 executing program 1: 22:29:21 executing program 2: 22:29:21 executing program 0: [ 166.612379][ T1717] Bluetooth: hci3: command 0x0419 tx timeout 22:29:21 executing program 3: 22:29:21 executing program 2: 22:29:21 executing program 1: 22:29:21 executing program 0: 22:29:21 executing program 3: 22:29:21 executing program 2: 22:29:21 executing program 1: 22:29:21 executing program 0: 22:29:21 executing program 3: 22:29:21 executing program 2: 22:29:21 executing program 0: 22:29:21 executing program 1: 22:29:21 executing program 3: 22:29:21 executing program 2: 22:29:21 executing program 1: 22:29:21 executing program 0: 22:29:21 executing program 2: 22:29:21 executing program 3: 22:29:21 executing program 0: 22:29:21 executing program 1: 22:29:21 executing program 1: 22:29:21 executing program 2: 22:29:21 executing program 3: 22:29:21 executing program 0: 22:29:21 executing program 2: 22:29:21 executing program 1: 22:29:21 executing program 3: 22:29:21 executing program 2: 22:29:21 executing program 0: 22:29:21 executing program 1: 22:29:21 executing program 3: 22:29:21 executing program 2: 22:29:21 executing program 0: 22:29:21 executing program 1: 22:29:21 executing program 3: 22:29:21 executing program 2: 22:29:21 executing program 0: 22:29:21 executing program 2: 22:29:21 executing program 3: 22:29:21 executing program 1: 22:29:21 executing program 0: 22:29:21 executing program 3: 22:29:21 executing program 1: 22:29:21 executing program 3: 22:29:21 executing program 2: 22:29:21 executing program 0: 22:29:21 executing program 1: 22:29:21 executing program 2: 22:29:21 executing program 3: 22:29:21 executing program 0: 22:29:22 executing program 1: 22:29:22 executing program 2: 22:29:22 executing program 3: 22:29:22 executing program 0: 22:29:22 executing program 1: 22:29:22 executing program 3: 22:29:22 executing program 0: 22:29:22 executing program 2: 22:29:22 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) 22:29:22 executing program 2: 22:29:22 executing program 0: 22:29:22 executing program 3: 22:29:22 executing program 2: 22:29:22 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=@acquire={0x130, 0x17, 0x1, 0x0, 0x0, {{@in6=@local}, @in=@dev, {@in6=@private0, @in6=@loopback}, {{@in6=@private0, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x6e6bb4}}, [@policy_type={0xa}]}, 0x130}}, 0x0) 22:29:22 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c) 22:29:22 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) 22:29:22 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x2) sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)={0x14, r1, 0x131}, 0x14}}, 0x0) 22:29:22 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000440)={&(0x7f00000002c0), 0xc, &(0x7f0000000340)={&(0x7f00000003c0)={0x14, r1, 0x1}, 0x14}}, 0x0) 22:29:22 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=@acquire={0x130, 0x17, 0x1, 0x0, 0x0, {{@in6=@local}, @in=@dev, {@in6=@private0, @in6=@loopback}, {{@in6=@private0, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x6e6bb4}}, [@policy_type={0xa}]}, 0x130}}, 0x0) 22:29:22 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_MTU={0x8, 0x4, 0x7f}]}, 0x28}}, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f00000000c0)={@private0, 0x0, r4}) [ 167.691270][ T9575] xt_CT: No such helper "pptp" 22:29:22 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x105082) r1 = memfd_create(&(0x7f0000000100)='\xbb\x02\xb1\x91^\x00\x00\x01\x00\x00\x00\x00\x00\x00\xfa\xe3\xa0\xd42\x90YJ\x89]\xad\x01\xc3\\:;\x99\xbck\xf9=\xfa\xe8HB\xf7\x92\x16\xbc\x11\xc4\xff\xa1\xea\xf9l', 0x0) pwritev(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)="c9", 0x1}], 0x1, 0x40ee5, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) mmap(&(0x7f0000009000/0xf000)=nil, 0xf000, 0x380010a, 0x100812, r0, 0x0) write(r0, &(0x7f0000000000), 0x52698b21) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000040)={@initdev, @private, 0x0}, &(0x7f0000000140)=0xc) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f00000001c0)={0x0, @can={0x1d, r2}, @isdn={0x22, 0x1, 0x6, 0x9, 0xff}, @generic={0x9, "79d13e2b74a5766642126490fce2"}, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000180)='team0\x00', 0x4, 0x43f}) 22:29:22 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c) [ 167.766306][ T9588] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 167.786348][ T9593] xt_CT: No such helper "pptp" 22:29:22 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}, {[], [], [], 0x5}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c) [ 167.805712][ T9597] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 22:29:22 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000000706010300000000ee000000000000000500010006"], 0x1c}}, 0x0) 22:29:22 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c) [ 167.853556][ T9601] xt_CT: No such helper "pptp" [ 167.855994][ T9605] xt_CT: No such helper "pptp" 22:29:22 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_MTU={0x8, 0x4, 0x7f}]}, 0x28}}, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f00000000c0)={@private0, 0x0, r4}) 22:29:22 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) bind(r0, &(0x7f0000003440)=@un=@abs={0x1}, 0x80) 22:29:22 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x202) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) 22:29:22 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c) [ 167.979867][ T9616] xt_CT: No such helper "pptp" [ 167.981416][ T9623] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 22:29:22 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_int(r0, 0x107, 0x0, 0x0, &(0x7f0000000040)=0xffffff93) 22:29:22 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=@acquire={0x130, 0x17, 0x1, 0x0, 0x0, {{@in6=@local}, @in=@dev, {@in6=@private0, @in6=@loopback}, {{@in6=@private0, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, [@policy_type={0xa}]}, 0x130}}, 0x0) 22:29:22 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c) 22:29:22 executing program 1: syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x80082) 22:29:22 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_MTU={0x8, 0x4, 0x7f}]}, 0x28}}, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f00000000c0)={@private0, 0x0, r4}) 22:29:22 executing program 2: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000640)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7, 0x1, 'fq\x00'}, {0x4}}]}, 0x30}}, 0x0) 22:29:22 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c) 22:29:22 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000001c0)={0x0, 0x1}, 0x4) [ 168.122632][ T9645] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 22:29:22 executing program 3: setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c) 22:29:22 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="850000000500000000000020020000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8d29847264fcbf5b}, 0x48) 22:29:22 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c) 22:29:22 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_MTU={0x8, 0x4, 0x7f}]}, 0x28}}, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f00000000c0)={@private0, 0x0, r4}) 22:29:22 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x1) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x536, 0x0}}], 0x17, 0x0) 22:29:22 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=@acquire={0x1cc, 0x17, 0x1, 0x0, 0x0, {{@in6=@local}, @in=@dev, {@in6=@private0, @in6=@loopback}, {{@in6=@private0, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, [@policy={0xa8, 0x7, {{@in6=@private0, @in6=@private0}}}]}, 0x1cc}}, 0x0) 22:29:22 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c) [ 168.235555][ T9659] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 22:29:22 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c) 22:29:22 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x1) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x536, 0x0}}], 0x17, 0x0) [ 168.281426][ T9670] ================================================================== [ 168.292624][ T9670] BUG: KASAN: slab-out-of-bounds in xfrm_attr_cpy32+0x15a/0x1d0 [ 168.292624][ T9670] Write of size 4 at addr ffff888013ef9dd4 by task syz-executor.2/9670 [ 168.314635][ T9670] [ 168.314635][ T9670] CPU: 0 PID: 9670 Comm: syz-executor.2 Not tainted 5.9.0-syzkaller #0 [ 168.314635][ T9670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 168.351939][ T9670] Call Trace: [ 168.351939][ T9670] dump_stack+0x107/0x163 [ 168.351939][ T9670] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 168.351939][ T9670] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 168.351939][ T9670] print_address_description.constprop.0.cold+0xae/0x497 [ 168.351939][ T9670] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 168.351939][ T9670] ? vprintk_func+0x95/0x1e0 [ 168.351939][ T9670] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 168.439976][ T9670] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 168.439976][ T9670] kasan_report.cold+0x1f/0x37 [ 168.439976][ T9670] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 168.459950][ T9670] check_memory_region+0x13d/0x180 [ 168.469382][ T9670] memset+0x20/0x40 [ 168.472107][ T9670] xfrm_attr_cpy32+0x15a/0x1d0 [ 168.486894][ T9670] xfrm_user_rcv_msg_compat+0x76b/0x1040 [ 168.492027][ T9670] ? xfrm_alloc_compat+0x10d0/0x10d0 [ 168.502131][ T9670] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 168.505843][ T9670] ? mark_lock+0xf7/0x23a0 [ 168.512022][ T9670] ? security_capable+0x8f/0xc0 [ 168.522254][ T9670] ? xfrm_alloc_compat+0x10d0/0x10d0 [ 168.525558][ T9670] xfrm_user_rcv_msg+0x55b/0x8b0 [ 168.538138][ T9670] ? xfrm_do_migrate+0x800/0x800 [ 168.545108][ T9670] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 168.552175][ T9670] ? lock_release+0x710/0x710 [ 168.562287][ T9670] ? __local_bh_enable_ip+0x9c/0x110 [ 168.565593][ T9670] ? __mutex_lock+0x626/0x10e0 [ 168.572006][ T9670] netlink_rcv_skb+0x153/0x420 [ 168.583267][ T9670] ? xfrm_do_migrate+0x800/0x800 [ 168.592015][ T9670] ? netlink_ack+0xaa0/0xaa0 [ 168.592015][ T9670] xfrm_netlink_rcv+0x6b/0x90 [ 168.605507][ T9670] netlink_unicast+0x533/0x7d0 [ 168.605507][ T9670] ? netlink_attachskb+0x810/0x810 [ 168.613828][ T9670] ? __phys_addr_symbol+0x2c/0x70 [ 168.625581][ T9670] ? __check_object_size+0x171/0x3f0 [ 168.642355][ T9670] netlink_sendmsg+0x856/0xd90 [ 168.664390][ T9670] ? netlink_unicast+0x7d0/0x7d0 [ 168.685484][ T9670] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 168.694745][ T9670] ? netlink_unicast+0x7d0/0x7d0 [ 168.708012][ T9670] sock_sendmsg+0xcf/0x120 [ 168.712550][ T9670] ____sys_sendmsg+0x6e8/0x810 [ 168.722323][ T9670] ? kernel_sendmsg+0x50/0x50 [ 168.732111][ T9670] ? do_recvmmsg+0x6c0/0x6c0 [ 168.732111][ T9670] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 168.755952][ T9670] ___sys_sendmsg+0xf3/0x170 [ 168.755952][ T9670] ? sendmsg_copy_msghdr+0x160/0x160 [ 168.777701][ T9670] ? __fget_files+0x272/0x400 [ 168.782021][ T9670] ? lock_downgrade+0x6d0/0x6d0 [ 168.795159][ T9670] ? __fget_files+0x294/0x400 [ 168.802068][ T9670] ? __fget_light+0xea/0x280 [ 168.802068][ T9670] __sys_sendmsg+0xe5/0x1b0 [ 168.815215][ T9670] ? __sys_sendmsg_sock+0xb0/0xb0 [ 168.821973][ T9670] ? syscall_enter_from_user_mode_prepare+0x13/0x20 [ 168.842215][ T9670] __do_fast_syscall_32+0x56/0x80 [ 168.852760][ T9670] do_fast_syscall_32+0x2f/0x70 [ 168.862047][ T9670] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 168.871988][ T9670] RIP: 0023:0xf7f6f549 [ 168.878248][ T9670] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 168.902048][ T9670] RSP: 002b:00000000f55690bc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 168.915214][ T9670] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000400 [ 168.935485][ T9670] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 168.946754][ T9670] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 168.962038][ T9670] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 168.972059][ T9670] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 168.982085][ T9670] [ 168.982085][ T9670] Allocated by task 9670: [ 168.982085][ T9670] kasan_save_stack+0x1b/0x40 [ 169.002093][ T9670] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 169.005260][ T9670] kvmalloc_node+0x61/0xf0 [ 169.012078][ T9670] xfrm_user_rcv_msg_compat+0x3cd/0x1040 [ 169.025054][ T9670] xfrm_user_rcv_msg+0x55b/0x8b0 [ 169.032004][ T9670] netlink_rcv_skb+0x153/0x420 [ 169.032004][ T9670] xfrm_netlink_rcv+0x6b/0x90 [ 169.045152][ T9670] netlink_unicast+0x533/0x7d0 [ 169.049190][ T9670] netlink_sendmsg+0x856/0xd90 [ 169.052003][ T9670] sock_sendmsg+0xcf/0x120 [ 169.062081][ T9670] ____sys_sendmsg+0x6e8/0x810 [ 169.065876][ T9670] ___sys_sendmsg+0xf3/0x170 [ 169.072083][ T9670] __sys_sendmsg+0xe5/0x1b0 [ 169.082080][ T9670] __do_fast_syscall_32+0x56/0x80 [ 169.085105][ T9670] do_fast_syscall_32+0x2f/0x70 [ 169.092282][ T9670] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 169.105184][ T9670] [ 169.105184][ T9670] The buggy address belongs to the object at ffff888013ef9c00 [ 169.105184][ T9670] which belongs to the cache kmalloc-512 of size 512 [ 169.132094][ T9670] The buggy address is located 468 bytes inside of [ 169.132094][ T9670] 512-byte region [ffff888013ef9c00, ffff888013ef9e00) [ 169.152886][ T9670] The buggy address belongs to the page: [ 169.162080][ T9670] page:00000000553ac9f8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13ef9 [ 169.172603][ T9670] flags: 0xfff00000000200(slab) [ 169.185160][ T9670] raw: 00fff00000000200 ffffea0000779a88 ffffea0000881048 ffff888010040600 [ 169.192000][ T9670] raw: 0000000000000000 ffff888013ef9000 0000000100000004 0000000000000000 [ 169.205063][ T9670] page dumped because: kasan: bad access detected [ 169.212023][ T9670] [ 169.223061][ T9670] Memory state around the buggy address: [ 169.225278][ T9670] ffff888013ef9c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 169.242067][ T9670] ffff888013ef9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 169.252120][ T9670] >ffff888013ef9d80: 00 00 00 00 00 00 00 00 00 00 04 fc fc fc fc fc [ 169.262077][ T9670] ^ [ 169.272064][ T9670] ffff888013ef9e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 169.282072][ T9670] ffff888013ef9e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 169.292026][ T9670] ================================================================== [ 169.305106][ T9670] Disabling lock debugging due to kernel taint [ 169.318145][ T9670] Kernel panic - not syncing: panic_on_warn set ... [ 169.329462][ T9670] CPU: 1 PID: 9670 Comm: syz-executor.2 Tainted: G B 5.9.0-syzkaller #0 [ 169.341962][ T9670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 169.361937][ T9670] Call Trace: [ 169.361937][ T9670] dump_stack+0x107/0x163 [ 169.371901][ T9670] ? xfrm_attr_cpy32+0x120/0x1d0 [ 169.371901][ T9670] panic+0x306/0x73d [ 169.381924][ T9670] ? __warn_printk+0xf3/0xf3 [ 169.391933][ T9670] ? preempt_schedule_common+0x59/0xc0 [ 169.402072][ T9670] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 169.402072][ T9670] ? preempt_schedule_thunk+0x16/0x18 [ 169.412174][ T9670] ? trace_hardirqs_on+0x51/0x1c0 [ 169.422040][ T9670] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 169.422040][ T9670] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 169.442017][ T9670] end_report+0x58/0x5e [ 169.442017][ T9670] kasan_report.cold+0xd/0x37 [ 169.451949][ T9670] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 169.461966][ T9670] check_memory_region+0x13d/0x180 [ 169.471957][ T9670] memset+0x20/0x40 [ 169.481989][ T9670] xfrm_attr_cpy32+0x15a/0x1d0 [ 169.481989][ T9670] xfrm_user_rcv_msg_compat+0x76b/0x1040 [ 169.492548][ T9670] ? xfrm_alloc_compat+0x10d0/0x10d0 [ 169.501973][ T9670] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 169.511960][ T9670] ? mark_lock+0xf7/0x23a0 [ 169.522083][ T9670] ? security_capable+0x8f/0xc0 [ 169.522083][ T9670] ? xfrm_alloc_compat+0x10d0/0x10d0 [ 169.531956][ T9670] xfrm_user_rcv_msg+0x55b/0x8b0 [ 169.542208][ T9670] ? xfrm_do_migrate+0x800/0x800 [ 169.551977][ T9670] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 169.560668][ T9670] ? lock_release+0x710/0x710 [ 169.562215][ T9670] ? __local_bh_enable_ip+0x9c/0x110 [ 169.572260][ T9670] ? __mutex_lock+0x626/0x10e0 [ 169.582173][ T9670] netlink_rcv_skb+0x153/0x420 [ 169.582173][ T9670] ? xfrm_do_migrate+0x800/0x800 [ 169.591934][ T9670] ? netlink_ack+0xaa0/0xaa0 [ 169.591934][ T9670] xfrm_netlink_rcv+0x6b/0x90 [ 169.591934][ T9670] netlink_unicast+0x533/0x7d0 [ 169.611996][ T9670] ? netlink_attachskb+0x810/0x810 [ 169.622001][ T9670] ? __phys_addr_symbol+0x2c/0x70 [ 169.622001][ T9670] ? __check_object_size+0x171/0x3f0 [ 169.632163][ T9670] netlink_sendmsg+0x856/0xd90 [ 169.642026][ T9670] ? netlink_unicast+0x7d0/0x7d0 [ 169.652896][ T9670] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 169.661998][ T9670] ? netlink_unicast+0x7d0/0x7d0 [ 169.663278][ T9670] sock_sendmsg+0xcf/0x120 [ 169.672087][ T9670] ____sys_sendmsg+0x6e8/0x810 [ 169.681967][ T9670] ? kernel_sendmsg+0x50/0x50 [ 169.681967][ T9670] ? do_recvmmsg+0x6c0/0x6c0 [ 169.691977][ T9670] ? lockdep_hardirqs_on_prepare+0x410/0x410 [ 169.701943][ T9670] ___sys_sendmsg+0xf3/0x170 [ 169.701943][ T9670] ? sendmsg_copy_msghdr+0x160/0x160 [ 169.712065][ T9670] ? __fget_files+0x272/0x400 [ 169.722098][ T9670] ? lock_downgrade+0x6d0/0x6d0 [ 169.732260][ T9670] ? __fget_files+0x294/0x400 [ 169.741931][ T9670] ? __fget_light+0xea/0x280 [ 169.752066][ T9670] __sys_sendmsg+0xe5/0x1b0 [ 169.752066][ T9670] ? __sys_sendmsg_sock+0xb0/0xb0 [ 169.765581][ T9670] ? syscall_enter_from_user_mode_prepare+0x13/0x20 [ 169.771942][ T9670] __do_fast_syscall_32+0x56/0x80 [ 169.781954][ T9670] do_fast_syscall_32+0x2f/0x70 [ 169.791948][ T9670] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 169.801947][ T9670] RIP: 0023:0xf7f6f549 [ 169.801947][ T9670] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 169.841966][ T9670] RSP: 002b:00000000f55690bc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 169.851973][ T9670] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000400 [ 169.867868][ T9670] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 169.872003][ T9670] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 169.882134][ T9670] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 169.901915][ T9670] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 169.912005][ T9670] Kernel Offset: disabled [ 169.912005][ T9670] Rebooting in 86400 seconds..