Warning: Permanently added '[localhost]:48747' (ECDSA) to the list of known hosts.
2020/10/21 22:28:09 fuzzer started
2020/10/21 22:28:10 dialing manager at 10.0.2.10:35517
2020/10/21 22:28:10 syscalls: 3441
2020/10/21 22:28:10 code coverage: enabled
2020/10/21 22:28:10 comparison tracing: enabled
2020/10/21 22:28:10 extra coverage: enabled
2020/10/21 22:28:10 setuid sandbox: enabled
2020/10/21 22:28:10 namespace sandbox: enabled
2020/10/21 22:28:10 Android sandbox: /sys/fs/selinux/policy does not exist
2020/10/21 22:28:10 fault injection: enabled
2020/10/21 22:28:10 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/10/21 22:28:10 net packet injection: enabled
2020/10/21 22:28:10 net device setup: enabled
2020/10/21 22:28:10 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/10/21 22:28:10 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/10/21 22:28:10 USB emulation: enabled
2020/10/21 22:28:10 hci packet injection: enabled
2020/10/21 22:28:10 wifi device emulation: enabled
22:29:10 executing program 0:
r0 = socket(0x11, 0xa, 0x0)
sendmsg$NL80211_CMD_SET_WOWLAN(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={0x0, 0x3b8}}, 0x0)

22:29:11 executing program 1:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000d80)=ANY=[], 0x9f4}}, 0x0)
recvmsg(r0, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x40)

22:29:11 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$inet(r0, &(0x7f00000041c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000800)

22:29:11 executing program 3:
inotify_init1(0x100000)

syzkaller login: [  157.740185][ T9215] IPVS: ftp: loaded support on port[0] = 21
[  157.868730][ T9217] IPVS: ftp: loaded support on port[0] = 21
[  157.879697][ T9215] chnl_net:caif_netlink_parms(): no params data found
[  157.994172][ T9215] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.031583][ T9215] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.088434][ T9215] device bridge_slave_0 entered promiscuous mode
[  158.115061][ T9215] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.149505][ T9215] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.170057][ T9215] device bridge_slave_1 entered promiscuous mode
[  158.209227][ T9215] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  158.228586][ T9215] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  158.245604][ T9219] IPVS: ftp: loaded support on port[0] = 21
[  158.275073][ T9215] team0: Port device team_slave_0 added
[  158.297671][ T9217] chnl_net:caif_netlink_parms(): no params data found
[  158.314339][ T9215] team0: Port device team_slave_1 added
[  158.376069][ T9215] batman_adv: batadv0: Adding interface: batadv_slave_0
[  158.391773][ T9215] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.433903][ T9215] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  158.471143][ T9221] IPVS: ftp: loaded support on port[0] = 21
[  158.486520][ T9215] batman_adv: batadv0: Adding interface: batadv_slave_1
[  158.497720][ T9215] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.542770][ T9215] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  158.568969][ T9217] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.580682][ T9217] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.592174][ T9217] device bridge_slave_0 entered promiscuous mode
[  158.604689][ T9217] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.619415][ T9217] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.634664][ T9217] device bridge_slave_1 entered promiscuous mode
[  158.668852][ T9215] device hsr_slave_0 entered promiscuous mode
[  158.685362][ T9215] device hsr_slave_1 entered promiscuous mode
[  158.716015][ T9217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  158.737375][ T9217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  158.804598][ T9217] team0: Port device team_slave_0 added
[  158.821522][ T9217] team0: Port device team_slave_1 added
[  158.865666][ T9217] batman_adv: batadv0: Adding interface: batadv_slave_0
[  158.879895][ T9217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  158.920064][ T9217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  158.961525][ T9217] batman_adv: batadv0: Adding interface: batadv_slave_1
[  158.975234][ T9217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  159.027237][ T9217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  159.051663][ T9219] chnl_net:caif_netlink_parms(): no params data found
[  159.101646][ T9217] device hsr_slave_0 entered promiscuous mode
[  159.150720][ T9217] device hsr_slave_1 entered promiscuous mode
[  159.161480][ T9217] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  159.176456][ T9217] Cannot create hsr debugfs directory
[  159.286158][ T9219] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.298687][ T9219] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.314671][ T9219] device bridge_slave_0 entered promiscuous mode
[  159.336791][ T9219] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.352802][ T9219] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.369915][ T9219] device bridge_slave_1 entered promiscuous mode
[  159.451247][ T9219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  159.523257][ T9221] chnl_net:caif_netlink_parms(): no params data found
[  159.561236][ T9219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  159.615984][ T9215] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  159.633428][ T9215] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  159.656185][ T9215] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  159.677999][ T9219] team0: Port device team_slave_0 added
[  159.705449][ T9219] team0: Port device team_slave_1 added
[  159.747858][    T5] Bluetooth: hci0: command 0x0409 tx timeout
[  159.785881][ T9215] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  159.872496][ T9219] batman_adv: batadv0: Adding interface: batadv_slave_0
[  159.886338][ T9219] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  159.893512][   T28] Bluetooth: hci1: command 0x0409 tx timeout
[  159.926984][ T9219] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  159.970349][ T9219] batman_adv: batadv0: Adding interface: batadv_slave_1
[  159.982215][ T9219] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  160.017253][ T9219] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  160.036081][ T9217] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  160.062524][ T9221] bridge0: port 1(bridge_slave_0) entered blocking state
[  160.076434][ T9221] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.090084][ T9221] device bridge_slave_0 entered promiscuous mode
[  160.103006][ T9221] bridge0: port 2(bridge_slave_1) entered blocking state
[  160.117058][ T9221] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.148673][ T9221] device bridge_slave_1 entered promiscuous mode
[  160.172399][ T9217] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  160.200564][ T9219] device hsr_slave_0 entered promiscuous mode
[  160.211326][ T9219] device hsr_slave_1 entered promiscuous mode
[  160.222153][ T9242] Bluetooth: hci2: command 0x0409 tx timeout
[  160.232237][ T9219] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  160.242817][ T9219] Cannot create hsr debugfs directory
[  160.253741][ T9217] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  160.272932][ T9221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  160.295925][ T9217] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  160.327816][ T9221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  160.372447][ T3473] Bluetooth: hci3: command 0x0409 tx timeout
[  160.379615][ T9221] team0: Port device team_slave_0 added
[  160.397460][ T9221] team0: Port device team_slave_1 added
[  160.443212][ T9221] batman_adv: batadv0: Adding interface: batadv_slave_0
[  160.452547][ T9221] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  160.488119][ T9221] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  160.511613][ T9221] batman_adv: batadv0: Adding interface: batadv_slave_1
[  160.523839][ T9221] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  160.579826][ T9221] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  160.647540][ T9221] device hsr_slave_0 entered promiscuous mode
[  160.666050][ T9221] device hsr_slave_1 entered promiscuous mode
[  160.684574][ T9221] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  160.715287][ T9221] Cannot create hsr debugfs directory
[  160.867867][ T9219] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  160.887165][ T9219] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  160.917031][ T9219] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  160.937392][ T9219] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  160.971260][ T9215] 8021q: adding VLAN 0 to HW filter on device bond0
[  161.027777][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  161.040234][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  161.075450][ T9215] 8021q: adding VLAN 0 to HW filter on device team0
[  161.100726][ T9221] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  161.115056][ T9221] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  161.129310][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  161.145838][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  161.161397][   T67] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.172029][   T67] bridge0: port 1(bridge_slave_0) entered forwarding state
[  161.189425][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  161.214068][ T9217] 8021q: adding VLAN 0 to HW filter on device bond0
[  161.225162][ T9221] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  161.239143][ T9221] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  161.250376][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  161.262820][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  161.275372][   T18] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.284970][   T18] bridge0: port 2(bridge_slave_1) entered forwarding state
[  161.304873][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  161.317433][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  161.343015][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  161.354715][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  161.365969][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  161.377059][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  161.392865][ T9217] 8021q: adding VLAN 0 to HW filter on device team0
[  161.405301][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  161.430519][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  161.444531][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  161.458623][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  161.470075][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  161.481947][ T1717] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.493927][ T1717] bridge0: port 1(bridge_slave_0) entered forwarding state
[  161.506757][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  161.519646][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  161.533803][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  161.552666][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  161.565643][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  161.577867][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  161.589819][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  161.601387][ T1720] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.610921][ T1720] bridge0: port 2(bridge_slave_1) entered forwarding state
[  161.629613][ T9215] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  161.649004][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  161.675013][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  161.697394][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  161.708812][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  161.728311][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  161.747003][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  161.773125][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  161.789569][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  161.802614][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  161.812425][ T3473] Bluetooth: hci0: command 0x041b tx timeout
[  161.826984][ T9215] 8021q: adding VLAN 0 to HW filter on device batadv0
[  161.844609][ T9219] 8021q: adding VLAN 0 to HW filter on device bond0
[  161.857065][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  161.867974][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  161.890079][ T9221] 8021q: adding VLAN 0 to HW filter on device bond0
[  161.909601][ T9217] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  161.929092][ T9217] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  161.946123][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  161.959761][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  161.972038][    T5] Bluetooth: hci1: command 0x041b tx timeout
[  161.986648][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  162.001017][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  162.014236][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  162.025854][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  162.050612][ T9219] 8021q: adding VLAN 0 to HW filter on device team0
[  162.061641][ T9221] 8021q: adding VLAN 0 to HW filter on device team0
[  162.081752][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  162.094056][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  162.107166][ T9242] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.117901][ T9242] bridge0: port 1(bridge_slave_0) entered forwarding state
[  162.129996][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  162.142824][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  162.153826][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  162.168166][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  162.183695][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  162.200084][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  162.210802][ T1717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  162.222125][ T1717] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.230775][ T1717] bridge0: port 2(bridge_slave_1) entered forwarding state
[  162.248501][ T9217] 8021q: adding VLAN 0 to HW filter on device batadv0
[  162.265098][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  162.276413][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  162.287475][ T1720] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.292222][   T28] Bluetooth: hci2: command 0x041b tx timeout
[  162.297200][ T1720] bridge0: port 1(bridge_slave_0) entered forwarding state
[  162.320821][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  162.334185][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  162.346600][ T1720] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.356097][ T1720] bridge0: port 2(bridge_slave_1) entered forwarding state
[  162.367585][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  162.379518][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  162.407397][ T9215] device veth0_vlan entered promiscuous mode
[  162.424248][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  162.438222][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  162.453620][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  162.466549][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  162.478007][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  162.493290][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  162.506403][   T67] Bluetooth: hci3: command 0x041b tx timeout
[  162.521138][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  162.531302][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  162.542665][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  162.553339][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  162.567726][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  162.580452][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  162.594985][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  162.607205][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  162.622415][ T9215] device veth1_vlan entered promiscuous mode
[  162.642378][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  162.652440][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  162.663079][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  162.673077][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  162.686236][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  162.699856][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  162.712439][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  162.738163][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  162.749816][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  162.761114][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  162.772037][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  162.788571][ T9221] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  162.807270][ T9217] device veth0_vlan entered promiscuous mode
[  162.822408][ T9217] device veth1_vlan entered promiscuous mode
[  162.833854][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  162.847324][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  162.859936][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  162.871151][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  162.883300][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  162.895348][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  162.906399][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  162.924175][ T9215] device veth0_macvtap entered promiscuous mode
[  162.937073][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  162.950125][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  162.963234][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  162.976182][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  162.989661][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  163.015687][ T9219] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  163.028579][ T9215] device veth1_macvtap entered promiscuous mode
[  163.061050][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  163.075201][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  163.098118][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  163.116114][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  163.132065][ T9217] device veth0_macvtap entered promiscuous mode
[  163.142786][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  163.154061][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  163.164453][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  163.182279][ T9217] device veth1_macvtap entered promiscuous mode
[  163.202960][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  163.224584][ T9221] 8021q: adding VLAN 0 to HW filter on device batadv0
[  163.240438][ T9215] batman_adv: batadv0: Interface activated: batadv_slave_0
[  163.251755][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  163.263026][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  163.273614][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  163.285116][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  163.304768][ T9215] batman_adv: batadv0: Interface activated: batadv_slave_1
[  163.319399][ T9219] 8021q: adding VLAN 0 to HW filter on device batadv0
[  163.334219][ T9217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  163.350759][ T9217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  163.367640][ T9217] batman_adv: batadv0: Interface activated: batadv_slave_0
[  163.380289][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  163.391753][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  163.402609][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  163.413986][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  163.426700][ T9215] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  163.438932][ T9215] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  163.450506][ T9215] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  163.462358][ T9215] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  163.490654][ T9217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  163.505426][ T9217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  163.520558][ T9217] batman_adv: batadv0: Interface activated: batadv_slave_1
[  163.550608][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  163.562827][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  163.574813][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  163.586101][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  163.603100][ T9217] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  163.616555][ T9217] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  163.628957][ T9217] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  163.640460][ T9217] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  163.668011][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  163.678929][ T9242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  163.740674][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  163.752689][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  163.763238][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  163.773855][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  163.784560][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  163.794369][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  163.804125][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  163.813821][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  163.824953][ T9219] device veth0_vlan entered promiscuous mode
[  163.843927][ T9221] device veth0_vlan entered promiscuous mode
[  163.865406][ T9238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  163.867743][ T9221] device veth1_vlan entered promiscuous mode
[  163.876668][ T9238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  163.892353][   T67] Bluetooth: hci0: command 0x040f tx timeout
[  163.909234][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  163.919524][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  163.946727][ T9219] device veth1_vlan entered promiscuous mode
[  163.963442][ T9238] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  163.974654][ T9238] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  163.987639][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  164.001740][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  164.017020][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  164.034343][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  164.061365][ T9245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  164.078522][ T9245] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  164.078532][    T5] Bluetooth: hci1: command 0x040f tx timeout
[  164.106009][ T9238] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  164.117416][ T9238] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  164.118103][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  164.138259][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  164.148753][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  164.159981][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  164.175195][ T9221] device veth0_macvtap entered promiscuous mode
[  164.190197][ T9221] device veth1_macvtap entered promiscuous mode
[  164.220837][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  164.238496][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  164.249719][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  164.263174][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  164.277400][ T9219] device veth0_macvtap entered promiscuous mode
[  164.293560][ T9221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  164.293775][ T9217] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[  164.309170][ T9221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.342533][ T9221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  164.364191][ T9221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.373802][ T9251] Bluetooth: hci2: command 0x040f tx timeout
[  164.390124][ T9221] batman_adv: batadv0: Interface activated: batadv_slave_0
[  164.428155][ T9219] device veth1_macvtap entered promiscuous mode
22:29:19 executing program 1:
r0 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x4, 0x3a8, 0xffffffff, 0x0, 0xd0, 0x1e8, 0xffffffff, 0xffffffff, 0x2d8, 0x2d8, 0x2d8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @mcast1, [], [], 'rose0\x00', 'veth1_virt_wifi\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@ipv6={@mcast1, @empty, [], [], 'veth0_to_bridge\x00', 'batadv0\x00'}, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@hbh={{0x48, 'hbh\x00'}}]}, @common=@unspec=@STANDARD={0x28}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@local}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x408)

[  164.463434][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  164.479424][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  164.495676][   T67] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
22:29:19 executing program 1:
r0 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000040)=@filter={'filter\x00', 0xe, 0x4, 0x388, 0xffffffff, 0x0, 0x1e8, 0x0, 0xffffffff, 0xffffffff, 0x2b8, 0x2b8, 0x2b8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @mcast1, [], [], 'rose0\x00', 'veth1_virt_wifi\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}, {{@ipv6={@mcast1, @empty, [], [], 'veth0_to_bridge\x00', 'batadv0\x00'}, 0x0, 0xf0, 0x118, 0x0, {}, [@common=@hbh={{0x48, 'hbh\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@ipv6={@private0, @ipv4={[], [], @loopback}, [], [], 'veth0_to_batadv\x00', 'veth1_vlan\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3e8)

[  164.519038][ T9221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  164.542775][ T9221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.545776][ T9250] Bluetooth: hci3: command 0x040f tx timeout
[  164.555395][ T9221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
22:29:19 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x9, 0x3, 0x280, 0x100, 0xffffffff, 0xffffffff, 0x100, 0xffffffff, 0x1e8, 0xffffffff, 0xffffffff, 0x1e8, 0xffffffff, 0x3, 0x0, {[{{@ip={@private, @multicast1, 0x0, 0x0, 'vlan0\x00', 'bridge_slave_1\x00'}, 0x0, 0x98, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xc0, 0xe8, 0x0, {}, [@common=@addrtype={{0x30, 'addrtype\x00'}}, @common=@socket0={{0x20, 'socket\x00'}}]}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e0)

[  164.588785][ T9221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.620928][ T9221] batman_adv: batadv0: Interface activated: batadv_slave_1
22:29:19 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x0, 0x0)
ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000000))

[  164.634198][ T9221] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
22:29:19 executing program 0:
r0 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000880)=@filter={'filter\x00', 0xe, 0x4, 0x368, 0xffffffff, 0x0, 0xb8, 0xb8, 0xffffffff, 0xffffffff, 0x2d0, 0x2d0, 0x2d0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x90, 0xb8, 0x0, {}, [@common=@socket0={{0x20, 'socket\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x31}}}, {{@uncond, 0x0, 0xc0, 0x120, 0x0, {}, [@common=@osf={{0x50, 'osf\x00'}, {'syz1\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}, {{@uncond, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@ttl={{0x28, 'ttl\x00'}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x3c8)

[  164.648157][ T9221] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  164.666531][ T9221] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  164.680323][ T9221] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
22:29:19 executing program 1:
r0 = syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000240)={0x53, 0x0, 0x6, 0x1f, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)="cdfff4a3f290", &(0x7f0000000080)=""/62, 0x0, 0x10014, 0x0, 0x0})

[  164.702930][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  164.715959][ T3473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  164.747144][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  164.766328][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.780909][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  164.797365][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.809353][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  164.823253][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.843567][ T9219] batman_adv: batadv0: Interface activated: batadv_slave_0
[  164.860649][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  164.873869][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.886616][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  164.901905][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.914413][ T9219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  164.927107][ T9219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.941659][ T9219] batman_adv: batadv0: Interface activated: batadv_slave_1
[  164.954115][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  164.964442][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  164.976597][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  164.986898][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  165.017997][ T9219] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  165.034680][ T9219] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  165.056265][ T9219] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  165.072841][ T9219] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  165.112621][ T9245] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  165.123215][ T9245] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  165.134500][ T9250] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  165.155719][ T2967] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  165.167452][ T2967] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  165.180514][ T1720] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  165.230309][ T2967] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  165.245616][ T9238] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  165.246520][ T2967] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  165.257761][ T9238] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  165.267330][ T9252] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  165.286136][ T9252] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
22:29:19 executing program 2:

22:29:19 executing program 0:
r0 = socket$l2tp(0x2, 0x2, 0x73)
getsockname(r0, 0x0, &(0x7f0000000080))

22:29:19 executing program 1:
r0 = syz_open_dev$vim2m(&(0x7f0000000100)='/dev/video#\x00', 0x0, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000000)={0x7})

22:29:20 executing program 3:

22:29:20 executing program 0:

22:29:20 executing program 1:
syz_open_dev$vim2m(&(0x7f00000000c0)='/dev/video#\x00', 0x0, 0x2)
select(0x40, &(0x7f0000000000), 0x0, &(0x7f00000000c0)={0xa}, 0x0)

22:29:20 executing program 2:
r0 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000580)=@security={'security\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x0, 0x1d8, 0x0, 0xffffffff, 0xffffffff, 0x2a8, 0x2a8, 0x2a8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@empty, @private0, [], [], 'batadv0\x00', 'lo\x00', {}, {}, 0x87}, 0x0, 0xd0, 0xf8, 0x0, {}, [@common=@mh={{0x28, 'mh\x00'}, {"f48d"}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00'}}, {{@ipv6={@private0, @private0, [], [], 'veth0_macvtap\x00', 'bond_slave_1\x00'}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@MARK={0x28, 'MARK\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8)

22:29:20 executing program 3:
r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xe6, &(0x7f0000000080)=""/230}, &(0x7f0000000180)="6c18183ce0d8", 0x0, 0x0, 0x0, 0x0, 0x0})

22:29:20 executing program 0:

22:29:20 executing program 1:

22:29:20 executing program 3:

22:29:20 executing program 2:

22:29:20 executing program 0:

22:29:20 executing program 1:

22:29:20 executing program 2:

22:29:20 executing program 3:

22:29:20 executing program 0:

22:29:20 executing program 1:

22:29:20 executing program 2:

22:29:20 executing program 1:

22:29:20 executing program 3:

22:29:20 executing program 0:

22:29:20 executing program 2:

22:29:20 executing program 0:

22:29:20 executing program 3:

22:29:20 executing program 1:

22:29:20 executing program 1:

22:29:20 executing program 2:

22:29:20 executing program 0:

22:29:20 executing program 3:
r0 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000140)=@mangle={'mangle\x00', 0x1f, 0x6, 0x688, 0x2f8, 0x458, 0x1c0, 0x1c0, 0x458, 0x5b8, 0x5b8, 0x5b8, 0x5b8, 0x5b8, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, 'veth0_macvtap\x00'}}}, {{@ipv6={@remote, @dev, [], [], 'veth1_to_batadv\x00', 'veth0_to_bond\x00'}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@uncond, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@unspec=@limit={{0x48, 'limit\x00'}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@empty, @ipv4=@multicast1}}}, {{@uncond, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90, 'srh\x00'}, {0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={[], [], @broadcast}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast2}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@uncond, 0x0, 0x118, 0x160, 0x0, {}, [@common=@hl={{0x28, 'hl\x00'}}, @common=@dst={{0x48, 'dst\x00'}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@mcast2, @ipv6=@dev}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6e8)

22:29:20 executing program 2:

22:29:20 executing program 1:

22:29:20 executing program 0:

22:29:20 executing program 3:

22:29:20 executing program 3:

22:29:20 executing program 1:

22:29:20 executing program 2:

22:29:20 executing program 3:

22:29:20 executing program 0:

22:29:20 executing program 3:

22:29:20 executing program 1:

22:29:20 executing program 2:

[  165.972192][ T3473] Bluetooth: hci0: command 0x0419 tx timeout
22:29:20 executing program 0:

22:29:20 executing program 3:

22:29:20 executing program 2:

22:29:20 executing program 1:

22:29:20 executing program 3:

22:29:20 executing program 0:

22:29:20 executing program 2:

22:29:20 executing program 3:

22:29:20 executing program 1:

22:29:20 executing program 0:

22:29:20 executing program 2:

22:29:20 executing program 3:

[  166.142603][ T1717] Bluetooth: hci1: command 0x0419 tx timeout
22:29:20 executing program 1:

22:29:20 executing program 2:

22:29:20 executing program 3:

22:29:20 executing program 0:

22:29:20 executing program 2:

22:29:20 executing program 3:

22:29:20 executing program 1:

22:29:20 executing program 0:

22:29:20 executing program 2:

22:29:20 executing program 1:

22:29:20 executing program 2:

22:29:20 executing program 0:

22:29:20 executing program 3:

22:29:20 executing program 1:

22:29:20 executing program 2:

22:29:21 executing program 0:

22:29:21 executing program 3:

22:29:21 executing program 1:

22:29:21 executing program 0:

22:29:21 executing program 2:

22:29:21 executing program 1:

22:29:21 executing program 0:

22:29:21 executing program 3:

[  166.452052][ T1717] Bluetooth: hci2: command 0x0419 tx timeout
22:29:21 executing program 2:

22:29:21 executing program 0:

22:29:21 executing program 1:

22:29:21 executing program 2:

22:29:21 executing program 3:

22:29:21 executing program 0:

22:29:21 executing program 2:

22:29:21 executing program 3:

22:29:21 executing program 1:

22:29:21 executing program 1:

22:29:21 executing program 2:

22:29:21 executing program 0:

[  166.612379][ T1717] Bluetooth: hci3: command 0x0419 tx timeout
22:29:21 executing program 3:

22:29:21 executing program 2:

22:29:21 executing program 1:

22:29:21 executing program 0:

22:29:21 executing program 3:

22:29:21 executing program 2:

22:29:21 executing program 1:

22:29:21 executing program 0:

22:29:21 executing program 3:

22:29:21 executing program 2:

22:29:21 executing program 0:

22:29:21 executing program 1:

22:29:21 executing program 3:

22:29:21 executing program 2:

22:29:21 executing program 1:

22:29:21 executing program 0:

22:29:21 executing program 2:

22:29:21 executing program 3:

22:29:21 executing program 0:

22:29:21 executing program 1:

22:29:21 executing program 1:

22:29:21 executing program 2:

22:29:21 executing program 3:

22:29:21 executing program 0:

22:29:21 executing program 2:

22:29:21 executing program 1:

22:29:21 executing program 3:

22:29:21 executing program 2:

22:29:21 executing program 0:

22:29:21 executing program 1:

22:29:21 executing program 3:

22:29:21 executing program 2:

22:29:21 executing program 0:

22:29:21 executing program 1:

22:29:21 executing program 3:

22:29:21 executing program 2:

22:29:21 executing program 0:

22:29:21 executing program 2:

22:29:21 executing program 3:

22:29:21 executing program 1:

22:29:21 executing program 0:

22:29:21 executing program 3:

22:29:21 executing program 1:

22:29:21 executing program 3:

22:29:21 executing program 2:

22:29:21 executing program 0:

22:29:21 executing program 1:

22:29:21 executing program 2:

22:29:21 executing program 3:

22:29:21 executing program 0:

22:29:22 executing program 1:

22:29:22 executing program 2:

22:29:22 executing program 3:

22:29:22 executing program 0:

22:29:22 executing program 1:

22:29:22 executing program 3:

22:29:22 executing program 0:

22:29:22 executing program 2:

22:29:22 executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4)

22:29:22 executing program 2:

22:29:22 executing program 0:

22:29:22 executing program 3:

22:29:22 executing program 2:

22:29:22 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=@acquire={0x130, 0x17, 0x1, 0x0, 0x0, {{@in6=@local}, @in=@dev, {@in6=@private0, @in6=@loopback}, {{@in6=@private0, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x6e6bb4}}, [@policy_type={0xa}]}, 0x130}}, 0x0)

22:29:22 executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c)

22:29:22 executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4)

22:29:22 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00')
recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x2)
sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)={0x14, r1, 0x131}, 0x14}}, 0x0)

22:29:22 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000440)={&(0x7f00000002c0), 0xc, &(0x7f0000000340)={&(0x7f00000003c0)={0x14, r1, 0x1}, 0x14}}, 0x0)

22:29:22 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=@acquire={0x130, 0x17, 0x1, 0x0, 0x0, {{@in6=@local}, @in=@dev, {@in6=@private0, @in6=@loopback}, {{@in6=@private0, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x6e6bb4}}, [@policy_type={0xa}]}, 0x130}}, 0x0)

22:29:22 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_MTU={0x8, 0x4, 0x7f}]}, 0x28}}, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f00000000c0)={@private0, 0x0, r4})

[  167.691270][ T9575] xt_CT: No such helper "pptp"
22:29:22 executing program 1:
r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x105082)
r1 = memfd_create(&(0x7f0000000100)='\xbb\x02\xb1\x91^\x00\x00\x01\x00\x00\x00\x00\x00\x00\xfa\xe3\xa0\xd42\x90YJ\x89]\xad\x01\xc3\\:;\x99\xbck\xf9=\xfa\xe8HB\xf7\x92\x16\xbc\x11\xc4\xff\xa1\xea\xf9l', 0x0)
pwritev(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)="c9", 0x1}], 0x1, 0x40ee5, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
mmap(&(0x7f0000009000/0xf000)=nil, 0xf000, 0x380010a, 0x100812, r0, 0x0)
write(r0, &(0x7f0000000000), 0x52698b21)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000040)={@initdev, @private, <r2=>0x0}, &(0x7f0000000140)=0xc)
ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f00000001c0)={0x0, @can={0x1d, r2}, @isdn={0x22, 0x1, 0x6, 0x9, 0xff}, @generic={0x9, "79d13e2b74a5766642126490fce2"}, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000180)='team0\x00', 0x4, 0x43f})

22:29:22 executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c)

[  167.766306][ T9588] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  167.786348][ T9593] xt_CT: No such helper "pptp"
22:29:22 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}, {[], [], [], 0x5}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c)

[  167.805712][ T9597] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
22:29:22 executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000000706010300000000ee000000000000000500010006"], 0x1c}}, 0x0)

22:29:22 executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c)

[  167.853556][ T9601] xt_CT: No such helper "pptp"
[  167.855994][ T9605] xt_CT: No such helper "pptp"
22:29:22 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_MTU={0x8, 0x4, 0x7f}]}, 0x28}}, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f00000000c0)={@private0, 0x0, r4})

22:29:22 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
bind(r0, &(0x7f0000003440)=@un=@abs={0x1}, 0x80)

22:29:22 executing program 2:
r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x202)
ioctl$LOOP_SET_CAPACITY(r0, 0x4c07)

22:29:22 executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c)

[  167.979867][ T9616] xt_CT: No such helper "pptp"
[  167.981416][ T9623] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
22:29:22 executing program 1:
r0 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r0, 0x107, 0x0, 0x0, &(0x7f0000000040)=0xffffff93)

22:29:22 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=@acquire={0x130, 0x17, 0x1, 0x0, 0x0, {{@in6=@local}, @in=@dev, {@in6=@private0, @in6=@loopback}, {{@in6=@private0, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, [@policy_type={0xa}]}, 0x130}}, 0x0)

22:29:22 executing program 3:
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c)

22:29:22 executing program 1:
syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x80082)

22:29:22 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_MTU={0x8, 0x4, 0x7f}]}, 0x28}}, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f00000000c0)={@private0, 0x0, r4})

22:29:22 executing program 2:
perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x11, 0x800000003, 0x0)
bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000640)=0x14)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7, 0x1, 'fq\x00'}, {0x4}}]}, 0x30}}, 0x0)

22:29:22 executing program 3:
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c)

22:29:22 executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f00000001c0)={0x0, 0x1}, 0x4)

[  168.122632][ T9645] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
22:29:22 executing program 3:
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c)

22:29:22 executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="850000000500000000000020020000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8d29847264fcbf5b}, 0x48)

22:29:22 executing program 3:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c)

22:29:22 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r4, @ANYBLOB="0000000000000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_MTU={0x8, 0x4, 0x7f}]}, 0x28}}, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f00000000c0)={@private0, 0x0, r4})

22:29:22 executing program 1:
r0 = socket$inet6(0xa, 0x803, 0x1)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x536, 0x0}}], 0x17, 0x0)

22:29:22 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=@acquire={0x1cc, 0x17, 0x1, 0x0, 0x0, {{@in6=@local}, @in=@dev, {@in6=@private0, @in6=@loopback}, {{@in6=@private0, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, [@policy={0xa8, 0x7, {{@in6=@private0, @in6=@private0}}}]}, 0x1cc}}, 0x0)

22:29:22 executing program 3:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c)

[  168.235555][ T9659] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
22:29:22 executing program 3:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x3d0, 0x21c, 0x118, 0x3e020005, 0x0, 0x188, 0x33c, 0x1d0, 0x1d0, 0x33c, 0x1d0, 0x5, 0x0, {[{{@ip={@multicast1=0xe0005100, @loopback, 0x0, 0x0, 'macvtap0\x00', 'netpci0\x00', {}, {}, 0x84}, 0x0, 0x1b4, 0x21c, 0x0, {}, [@common=@inet=@sctp={{0x144, 'sctp\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x0, 0xc0, 0x120, 0x0, {}, [@common=@addrtype={{0x2c, 'addrtype\x00'}}, @inet=@rpfilter={{0x24, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x94}, {0x24}}}}, 0x42c)

22:29:22 executing program 1:
r0 = socket$inet6(0xa, 0x803, 0x1)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x536, 0x0}}], 0x17, 0x0)

[  168.281426][ T9670] ==================================================================
[  168.292624][ T9670] BUG: KASAN: slab-out-of-bounds in xfrm_attr_cpy32+0x15a/0x1d0
[  168.292624][ T9670] Write of size 4 at addr ffff888013ef9dd4 by task syz-executor.2/9670
[  168.314635][ T9670] 
[  168.314635][ T9670] CPU: 0 PID: 9670 Comm: syz-executor.2 Not tainted 5.9.0-syzkaller #0
[  168.314635][ T9670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[  168.351939][ T9670] Call Trace:
[  168.351939][ T9670]  dump_stack+0x107/0x163
[  168.351939][ T9670]  ? xfrm_attr_cpy32+0x15a/0x1d0
[  168.351939][ T9670]  ? xfrm_attr_cpy32+0x15a/0x1d0
[  168.351939][ T9670]  print_address_description.constprop.0.cold+0xae/0x497
[  168.351939][ T9670]  ? _raw_spin_lock_irqsave+0x4e/0x50
[  168.351939][ T9670]  ? vprintk_func+0x95/0x1e0
[  168.351939][ T9670]  ? xfrm_attr_cpy32+0x15a/0x1d0
[  168.439976][ T9670]  ? xfrm_attr_cpy32+0x15a/0x1d0
[  168.439976][ T9670]  kasan_report.cold+0x1f/0x37
[  168.439976][ T9670]  ? xfrm_attr_cpy32+0x15a/0x1d0
[  168.459950][ T9670]  check_memory_region+0x13d/0x180
[  168.469382][ T9670]  memset+0x20/0x40
[  168.472107][ T9670]  xfrm_attr_cpy32+0x15a/0x1d0
[  168.486894][ T9670]  xfrm_user_rcv_msg_compat+0x76b/0x1040
[  168.492027][ T9670]  ? xfrm_alloc_compat+0x10d0/0x10d0
[  168.502131][ T9670]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  168.505843][ T9670]  ? mark_lock+0xf7/0x23a0
[  168.512022][ T9670]  ? security_capable+0x8f/0xc0
[  168.522254][ T9670]  ? xfrm_alloc_compat+0x10d0/0x10d0
[  168.525558][ T9670]  xfrm_user_rcv_msg+0x55b/0x8b0
[  168.538138][ T9670]  ? xfrm_do_migrate+0x800/0x800
[  168.545108][ T9670]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  168.552175][ T9670]  ? lock_release+0x710/0x710
[  168.562287][ T9670]  ? __local_bh_enable_ip+0x9c/0x110
[  168.565593][ T9670]  ? __mutex_lock+0x626/0x10e0
[  168.572006][ T9670]  netlink_rcv_skb+0x153/0x420
[  168.583267][ T9670]  ? xfrm_do_migrate+0x800/0x800
[  168.592015][ T9670]  ? netlink_ack+0xaa0/0xaa0
[  168.592015][ T9670]  xfrm_netlink_rcv+0x6b/0x90
[  168.605507][ T9670]  netlink_unicast+0x533/0x7d0
[  168.605507][ T9670]  ? netlink_attachskb+0x810/0x810
[  168.613828][ T9670]  ? __phys_addr_symbol+0x2c/0x70
[  168.625581][ T9670]  ? __check_object_size+0x171/0x3f0
[  168.642355][ T9670]  netlink_sendmsg+0x856/0xd90
[  168.664390][ T9670]  ? netlink_unicast+0x7d0/0x7d0
[  168.685484][ T9670]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  168.694745][ T9670]  ? netlink_unicast+0x7d0/0x7d0
[  168.708012][ T9670]  sock_sendmsg+0xcf/0x120
[  168.712550][ T9670]  ____sys_sendmsg+0x6e8/0x810
[  168.722323][ T9670]  ? kernel_sendmsg+0x50/0x50
[  168.732111][ T9670]  ? do_recvmmsg+0x6c0/0x6c0
[  168.732111][ T9670]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  168.755952][ T9670]  ___sys_sendmsg+0xf3/0x170
[  168.755952][ T9670]  ? sendmsg_copy_msghdr+0x160/0x160
[  168.777701][ T9670]  ? __fget_files+0x272/0x400
[  168.782021][ T9670]  ? lock_downgrade+0x6d0/0x6d0
[  168.795159][ T9670]  ? __fget_files+0x294/0x400
[  168.802068][ T9670]  ? __fget_light+0xea/0x280
[  168.802068][ T9670]  __sys_sendmsg+0xe5/0x1b0
[  168.815215][ T9670]  ? __sys_sendmsg_sock+0xb0/0xb0
[  168.821973][ T9670]  ? syscall_enter_from_user_mode_prepare+0x13/0x20
[  168.842215][ T9670]  __do_fast_syscall_32+0x56/0x80
[  168.852760][ T9670]  do_fast_syscall_32+0x2f/0x70
[  168.862047][ T9670]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  168.871988][ T9670] RIP: 0023:0xf7f6f549
[  168.878248][ T9670] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  168.902048][ T9670] RSP: 002b:00000000f55690bc EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  168.915214][ T9670] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000400
[  168.935485][ T9670] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  168.946754][ T9670] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  168.962038][ T9670] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  168.972059][ T9670] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  168.982085][ T9670] 
[  168.982085][ T9670] Allocated by task 9670:
[  168.982085][ T9670]  kasan_save_stack+0x1b/0x40
[  169.002093][ T9670]  __kasan_kmalloc.constprop.0+0xbf/0xd0
[  169.005260][ T9670]  kvmalloc_node+0x61/0xf0
[  169.012078][ T9670]  xfrm_user_rcv_msg_compat+0x3cd/0x1040
[  169.025054][ T9670]  xfrm_user_rcv_msg+0x55b/0x8b0
[  169.032004][ T9670]  netlink_rcv_skb+0x153/0x420
[  169.032004][ T9670]  xfrm_netlink_rcv+0x6b/0x90
[  169.045152][ T9670]  netlink_unicast+0x533/0x7d0
[  169.049190][ T9670]  netlink_sendmsg+0x856/0xd90
[  169.052003][ T9670]  sock_sendmsg+0xcf/0x120
[  169.062081][ T9670]  ____sys_sendmsg+0x6e8/0x810
[  169.065876][ T9670]  ___sys_sendmsg+0xf3/0x170
[  169.072083][ T9670]  __sys_sendmsg+0xe5/0x1b0
[  169.082080][ T9670]  __do_fast_syscall_32+0x56/0x80
[  169.085105][ T9670]  do_fast_syscall_32+0x2f/0x70
[  169.092282][ T9670]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  169.105184][ T9670] 
[  169.105184][ T9670] The buggy address belongs to the object at ffff888013ef9c00
[  169.105184][ T9670]  which belongs to the cache kmalloc-512 of size 512
[  169.132094][ T9670] The buggy address is located 468 bytes inside of
[  169.132094][ T9670]  512-byte region [ffff888013ef9c00, ffff888013ef9e00)
[  169.152886][ T9670] The buggy address belongs to the page:
[  169.162080][ T9670] page:00000000553ac9f8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13ef9
[  169.172603][ T9670] flags: 0xfff00000000200(slab)
[  169.185160][ T9670] raw: 00fff00000000200 ffffea0000779a88 ffffea0000881048 ffff888010040600
[  169.192000][ T9670] raw: 0000000000000000 ffff888013ef9000 0000000100000004 0000000000000000
[  169.205063][ T9670] page dumped because: kasan: bad access detected
[  169.212023][ T9670] 
[  169.223061][ T9670] Memory state around the buggy address:
[  169.225278][ T9670]  ffff888013ef9c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  169.242067][ T9670]  ffff888013ef9d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  169.252120][ T9670] >ffff888013ef9d80: 00 00 00 00 00 00 00 00 00 00 04 fc fc fc fc fc
[  169.262077][ T9670]                                                  ^
[  169.272064][ T9670]  ffff888013ef9e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  169.282072][ T9670]  ffff888013ef9e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  169.292026][ T9670] ==================================================================
[  169.305106][ T9670] Disabling lock debugging due to kernel taint
[  169.318145][ T9670] Kernel panic - not syncing: panic_on_warn set ...
[  169.329462][ T9670] CPU: 1 PID: 9670 Comm: syz-executor.2 Tainted: G    B             5.9.0-syzkaller #0
[  169.341962][ T9670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[  169.361937][ T9670] Call Trace:
[  169.361937][ T9670]  dump_stack+0x107/0x163
[  169.371901][ T9670]  ? xfrm_attr_cpy32+0x120/0x1d0
[  169.371901][ T9670]  panic+0x306/0x73d
[  169.381924][ T9670]  ? __warn_printk+0xf3/0xf3
[  169.391933][ T9670]  ? preempt_schedule_common+0x59/0xc0
[  169.402072][ T9670]  ? xfrm_attr_cpy32+0x15a/0x1d0
[  169.402072][ T9670]  ? preempt_schedule_thunk+0x16/0x18
[  169.412174][ T9670]  ? trace_hardirqs_on+0x51/0x1c0
[  169.422040][ T9670]  ? xfrm_attr_cpy32+0x15a/0x1d0
[  169.422040][ T9670]  ? xfrm_attr_cpy32+0x15a/0x1d0
[  169.442017][ T9670]  end_report+0x58/0x5e
[  169.442017][ T9670]  kasan_report.cold+0xd/0x37
[  169.451949][ T9670]  ? xfrm_attr_cpy32+0x15a/0x1d0
[  169.461966][ T9670]  check_memory_region+0x13d/0x180
[  169.471957][ T9670]  memset+0x20/0x40
[  169.481989][ T9670]  xfrm_attr_cpy32+0x15a/0x1d0
[  169.481989][ T9670]  xfrm_user_rcv_msg_compat+0x76b/0x1040
[  169.492548][ T9670]  ? xfrm_alloc_compat+0x10d0/0x10d0
[  169.501973][ T9670]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  169.511960][ T9670]  ? mark_lock+0xf7/0x23a0
[  169.522083][ T9670]  ? security_capable+0x8f/0xc0
[  169.522083][ T9670]  ? xfrm_alloc_compat+0x10d0/0x10d0
[  169.531956][ T9670]  xfrm_user_rcv_msg+0x55b/0x8b0
[  169.542208][ T9670]  ? xfrm_do_migrate+0x800/0x800
[  169.551977][ T9670]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  169.560668][ T9670]  ? lock_release+0x710/0x710
[  169.562215][ T9670]  ? __local_bh_enable_ip+0x9c/0x110
[  169.572260][ T9670]  ? __mutex_lock+0x626/0x10e0
[  169.582173][ T9670]  netlink_rcv_skb+0x153/0x420
[  169.582173][ T9670]  ? xfrm_do_migrate+0x800/0x800
[  169.591934][ T9670]  ? netlink_ack+0xaa0/0xaa0
[  169.591934][ T9670]  xfrm_netlink_rcv+0x6b/0x90
[  169.591934][ T9670]  netlink_unicast+0x533/0x7d0
[  169.611996][ T9670]  ? netlink_attachskb+0x810/0x810
[  169.622001][ T9670]  ? __phys_addr_symbol+0x2c/0x70
[  169.622001][ T9670]  ? __check_object_size+0x171/0x3f0
[  169.632163][ T9670]  netlink_sendmsg+0x856/0xd90
[  169.642026][ T9670]  ? netlink_unicast+0x7d0/0x7d0
[  169.652896][ T9670]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  169.661998][ T9670]  ? netlink_unicast+0x7d0/0x7d0
[  169.663278][ T9670]  sock_sendmsg+0xcf/0x120
[  169.672087][ T9670]  ____sys_sendmsg+0x6e8/0x810
[  169.681967][ T9670]  ? kernel_sendmsg+0x50/0x50
[  169.681967][ T9670]  ? do_recvmmsg+0x6c0/0x6c0
[  169.691977][ T9670]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[  169.701943][ T9670]  ___sys_sendmsg+0xf3/0x170
[  169.701943][ T9670]  ? sendmsg_copy_msghdr+0x160/0x160
[  169.712065][ T9670]  ? __fget_files+0x272/0x400
[  169.722098][ T9670]  ? lock_downgrade+0x6d0/0x6d0
[  169.732260][ T9670]  ? __fget_files+0x294/0x400
[  169.741931][ T9670]  ? __fget_light+0xea/0x280
[  169.752066][ T9670]  __sys_sendmsg+0xe5/0x1b0
[  169.752066][ T9670]  ? __sys_sendmsg_sock+0xb0/0xb0
[  169.765581][ T9670]  ? syscall_enter_from_user_mode_prepare+0x13/0x20
[  169.771942][ T9670]  __do_fast_syscall_32+0x56/0x80
[  169.781954][ T9670]  do_fast_syscall_32+0x2f/0x70
[  169.791948][ T9670]  entry_SYSENTER_compat_after_hwframe+0x4d/0x5c
[  169.801947][ T9670] RIP: 0023:0xf7f6f549
[  169.801947][ T9670] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
[  169.841966][ T9670] RSP: 002b:00000000f55690bc EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  169.851973][ T9670] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000400
[  169.867868][ T9670] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  169.872003][ T9670] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  169.882134][ T9670] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  169.901915][ T9670] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  169.912005][ T9670] Kernel Offset: disabled
[  169.912005][ T9670] Rebooting in 86400 seconds..