Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.75' (ECDSA) to the list of known hosts. 2020/10/08 07:48:01 fuzzer started 2020/10/08 07:48:02 dialing manager at 10.128.0.26:40129 2020/10/08 07:48:02 syscalls: 1618 2020/10/08 07:48:02 code coverage: enabled 2020/10/08 07:48:02 comparison tracing: enabled 2020/10/08 07:48:02 extra coverage: enabled 2020/10/08 07:48:02 setuid sandbox: enabled 2020/10/08 07:48:02 namespace sandbox: enabled 2020/10/08 07:48:02 Android sandbox: /sys/fs/selinux/policy does not exist 2020/10/08 07:48:02 fault injection: enabled 2020/10/08 07:48:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/10/08 07:48:02 net packet injection: enabled 2020/10/08 07:48:02 net device setup: enabled 2020/10/08 07:48:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/10/08 07:48:02 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/10/08 07:48:02 USB emulation: enabled 2020/10/08 07:48:02 hci packet injection: enabled 2020/10/08 07:48:02 wifi device emulation: enabled 07:50:00 executing program 0: 07:50:00 executing program 1: 07:50:00 executing program 2: 07:50:00 executing program 3: 07:50:01 executing program 4: 07:50:01 executing program 5: syzkaller login: [ 179.677778][ T6879] IPVS: ftp: loaded support on port[0] = 21 [ 179.838273][ T6881] IPVS: ftp: loaded support on port[0] = 21 [ 179.922031][ T6879] chnl_net:caif_netlink_parms(): no params data found [ 180.006038][ T6879] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.016895][ T6879] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.027051][ T6879] device bridge_slave_0 entered promiscuous mode [ 180.085555][ T6883] IPVS: ftp: loaded support on port[0] = 21 [ 180.101752][ T6879] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.111134][ T6879] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.121313][ T6879] device bridge_slave_1 entered promiscuous mode [ 180.272850][ T6881] chnl_net:caif_netlink_parms(): no params data found [ 180.277940][ T6885] IPVS: ftp: loaded support on port[0] = 21 [ 180.297896][ T6879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 180.343078][ T6879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 180.413546][ T6879] team0: Port device team_slave_0 added [ 180.513986][ T6881] bridge0: port 1(bridge_slave_0) entered blocking state [ 180.536497][ T6881] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.545462][ T6881] device bridge_slave_0 entered promiscuous mode [ 180.557606][ T6879] team0: Port device team_slave_1 added [ 180.582816][ T6881] bridge0: port 2(bridge_slave_1) entered blocking state [ 180.604585][ T6881] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.613233][ T6881] device bridge_slave_1 entered promiscuous mode [ 180.668622][ T6879] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 180.676328][ T6879] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.706819][ T6879] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 180.722773][ T6879] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 180.728111][ T6887] IPVS: ftp: loaded support on port[0] = 21 [ 180.736228][ T6879] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.762650][ T6879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 180.783068][ T6881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 180.817186][ T6889] IPVS: ftp: loaded support on port[0] = 21 [ 180.835032][ T6881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 180.867688][ T6879] device hsr_slave_0 entered promiscuous mode [ 180.874688][ T6879] device hsr_slave_1 entered promiscuous mode [ 180.963021][ T6881] team0: Port device team_slave_0 added [ 181.031731][ T6881] team0: Port device team_slave_1 added [ 181.052591][ T6883] chnl_net:caif_netlink_parms(): no params data found [ 181.174846][ T6881] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 181.182636][ T6881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.209834][ T6881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 181.227055][ T6881] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 181.234186][ T6881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 181.260959][ T6881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 181.338117][ T6885] chnl_net:caif_netlink_parms(): no params data found [ 181.405510][ T6881] device hsr_slave_0 entered promiscuous mode [ 181.415198][ T6881] device hsr_slave_1 entered promiscuous mode [ 181.425711][ T6881] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 181.434071][ T6881] Cannot create hsr debugfs directory [ 181.487043][ T6887] chnl_net:caif_netlink_parms(): no params data found [ 181.525096][ T6883] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.533624][ T6883] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.542114][ T6883] device bridge_slave_0 entered promiscuous mode [ 181.577793][ T6883] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.586441][ T6883] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.595614][ T6883] device bridge_slave_1 entered promiscuous mode [ 181.630116][ T2639] Bluetooth: hci0: command 0x0409 tx timeout [ 181.718380][ T6885] bridge0: port 1(bridge_slave_0) entered blocking state [ 181.730753][ T6885] bridge0: port 1(bridge_slave_0) entered disabled state [ 181.740440][ T6885] device bridge_slave_0 entered promiscuous mode [ 181.766228][ T6883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 181.792533][ T6885] bridge0: port 2(bridge_slave_1) entered blocking state [ 181.800755][ T6885] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.808662][ T6885] device bridge_slave_1 entered promiscuous mode [ 181.821078][ T6883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 181.863667][ T6889] chnl_net:caif_netlink_parms(): no params data found [ 181.870852][ T3096] Bluetooth: hci1: command 0x0409 tx timeout [ 181.907899][ T6879] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 181.922028][ T6879] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 181.960042][ T6883] team0: Port device team_slave_0 added [ 181.983968][ T6879] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 181.996335][ T6885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.008970][ T6885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 182.019413][ T6883] team0: Port device team_slave_1 added [ 182.056316][ T6879] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 182.109351][ T2639] Bluetooth: hci2: command 0x0409 tx timeout [ 182.146754][ T6883] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 182.162812][ T6883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 182.190111][ T6883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 182.202162][ T6887] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.213818][ T6887] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.222791][ T6887] device bridge_slave_0 entered promiscuous mode [ 182.258581][ T6885] team0: Port device team_slave_0 added [ 182.265043][ T6883] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 182.272637][ T6883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 182.278881][ T3096] Bluetooth: hci3: command 0x0409 tx timeout [ 182.299108][ T6883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 182.315929][ T6887] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.327657][ T6887] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.335901][ T6887] device bridge_slave_1 entered promiscuous mode [ 182.368440][ T6885] team0: Port device team_slave_1 added [ 182.374470][ T6889] bridge0: port 1(bridge_slave_0) entered blocking state [ 182.384405][ T6889] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.394747][ T6889] device bridge_slave_0 entered promiscuous mode [ 182.432191][ T6889] bridge0: port 2(bridge_slave_1) entered blocking state [ 182.440669][ T6889] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.448370][ T6889] device bridge_slave_1 entered promiscuous mode [ 182.471285][ T6881] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 182.497960][ T6885] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 182.507731][ T6885] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 182.508853][ T17] Bluetooth: hci4: command 0x0409 tx timeout [ 182.543422][ T6885] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 182.566013][ T6887] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.580643][ T6887] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 182.596229][ T6881] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 182.609369][ T6885] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 182.616334][ T6885] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 182.642959][ T6885] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 182.664104][ T6889] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 182.668785][ T17] Bluetooth: hci5: command 0x0409 tx timeout [ 182.693292][ T6883] device hsr_slave_0 entered promiscuous mode [ 182.701716][ T6883] device hsr_slave_1 entered promiscuous mode [ 182.708245][ T6883] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 182.716834][ T6883] Cannot create hsr debugfs directory [ 182.723631][ T6881] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 182.739352][ T6889] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 182.773287][ T6881] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 182.804833][ T6887] team0: Port device team_slave_0 added [ 182.815203][ T6885] device hsr_slave_0 entered promiscuous mode [ 182.823135][ T6885] device hsr_slave_1 entered promiscuous mode [ 182.831887][ T6885] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 182.840483][ T6885] Cannot create hsr debugfs directory [ 182.861248][ T6889] team0: Port device team_slave_0 added [ 182.872015][ T6887] team0: Port device team_slave_1 added [ 182.893574][ T6889] team0: Port device team_slave_1 added [ 182.924230][ T6887] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 182.931507][ T6887] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 182.957944][ T6887] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 182.986622][ T6887] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 182.995662][ T6887] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.022555][ T6887] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 183.061531][ T6889] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 183.068500][ T6889] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.095493][ T6889] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 183.156467][ T6889] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 183.164072][ T6889] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 183.191081][ T6889] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 183.249899][ T6887] device hsr_slave_0 entered promiscuous mode [ 183.256853][ T6887] device hsr_slave_1 entered promiscuous mode [ 183.264575][ T6887] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 183.273288][ T6887] Cannot create hsr debugfs directory [ 183.332858][ T6879] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.390560][ T6889] device hsr_slave_0 entered promiscuous mode [ 183.399481][ T6889] device hsr_slave_1 entered promiscuous mode [ 183.406138][ T6889] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 183.414995][ T6889] Cannot create hsr debugfs directory [ 183.431019][ T6879] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.460528][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 183.471631][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 183.535822][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 183.549732][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 183.558157][ T2639] bridge0: port 1(bridge_slave_0) entered blocking state [ 183.565609][ T2639] bridge0: port 1(bridge_slave_0) entered forwarding state [ 183.575017][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 183.611242][ T6883] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 183.644932][ T6883] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 183.661180][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 183.673905][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 183.684140][ T2472] bridge0: port 2(bridge_slave_1) entered blocking state [ 183.691289][ T2472] bridge0: port 2(bridge_slave_1) entered forwarding state [ 183.710494][ T17] Bluetooth: hci0: command 0x041b tx timeout [ 183.731310][ T6883] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 183.758987][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 183.769207][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 183.777747][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 183.786794][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 183.795882][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 183.805322][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 183.818127][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 183.849670][ T6883] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 183.887713][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 183.897767][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 183.913344][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 183.924028][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 183.958091][ T17] Bluetooth: hci1: command 0x041b tx timeout [ 183.959362][ T6879] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.003592][ T6885] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 184.048115][ T6881] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.073054][ T6885] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 184.083540][ T6885] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 184.119300][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.127141][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.149264][ T6885] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 184.188874][ T17] Bluetooth: hci2: command 0x041b tx timeout [ 184.215332][ T6881] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.236982][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 184.245670][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 184.254047][ T6887] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 184.294302][ T6879] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 184.305428][ T6887] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 184.317592][ T6887] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 184.327465][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.337275][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.345934][ T2639] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.353052][ T2639] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.360973][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.370234][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.378585][ T2639] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.385726][ T2639] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.393785][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 184.418943][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.428006][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 184.438218][ T2639] Bluetooth: hci3: command 0x041b tx timeout [ 184.452473][ T6887] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 184.469980][ T6889] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 184.486963][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 184.496645][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 184.513560][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 184.543150][ T6889] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 184.553656][ T6889] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 184.568472][ T6889] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 184.585929][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 184.596945][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 184.606297][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 184.615291][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 184.624513][ T5] Bluetooth: hci4: command 0x041b tx timeout [ 184.633956][ T6883] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.655338][ T6881] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 184.673242][ T6881] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 184.684119][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 184.696359][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 184.706118][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 184.714834][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 184.737947][ T6883] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.759605][ T17] Bluetooth: hci5: command 0x041b tx timeout [ 184.781682][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 184.790630][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 184.825442][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 184.838221][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 184.847180][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.854300][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.866393][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 184.875479][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 184.887811][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 184.896902][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 184.910869][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.917913][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 184.941030][ T6879] device veth0_vlan entered promiscuous mode [ 184.959148][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 184.967816][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 184.981378][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 184.994918][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.036726][ T6879] device veth1_vlan entered promiscuous mode [ 185.049390][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 185.057426][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 185.066616][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 185.077210][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 185.094813][ T6881] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.116561][ T6885] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.142677][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 185.151346][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 185.162853][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 185.172761][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 185.183879][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 185.202331][ T6883] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 185.213398][ T6883] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 185.242751][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 185.257168][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 185.266064][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 185.276911][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 185.286008][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 185.294886][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.302791][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.311590][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 185.341575][ T6885] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.356746][ T6879] device veth0_macvtap entered promiscuous mode [ 185.382058][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 185.395138][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 185.405576][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 185.435839][ T6879] device veth1_macvtap entered promiscuous mode [ 185.444232][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 185.452563][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 185.465482][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 185.522283][ T6887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.532309][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 185.541629][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 185.550827][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 185.558294][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 185.565921][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 185.574853][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 185.583711][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.590866][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 185.599498][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 185.607286][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 185.615701][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 185.630520][ T6881] device veth0_vlan entered promiscuous mode [ 185.645955][ T6889] 8021q: adding VLAN 0 to HW filter on device bond0 [ 185.685727][ T6883] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 185.699957][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 185.711343][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 185.739126][ T4067] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.746229][ T4067] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.763473][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.773881][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.784959][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 185.788910][ T7841] Bluetooth: hci0: command 0x040f tx timeout [ 185.812716][ T6879] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 185.823494][ T6887] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.832355][ T6881] device veth1_vlan entered promiscuous mode [ 185.851173][ T6889] 8021q: adding VLAN 0 to HW filter on device team0 [ 185.859769][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 185.867829][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 185.877617][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 185.886084][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 185.895708][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 185.914103][ T6879] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 185.933858][ T6879] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.943118][ T6879] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.954802][ T6879] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.963991][ T6879] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 185.995456][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 186.003577][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 186.014203][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 186.024183][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.033452][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.043143][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.052358][ T7841] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.059495][ T7841] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.067112][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.076025][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.084895][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 186.093738][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 186.102657][ T7841] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.109802][ T7841] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.117769][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.126679][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.135385][ T7841] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.142539][ T7841] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.150603][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.159721][ T7841] Bluetooth: hci1: command 0x040f tx timeout [ 186.210147][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.220180][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.228130][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 186.242580][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.252053][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.261485][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.271534][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.281989][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 186.291057][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 186.300218][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.307266][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.315613][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.324566][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.333444][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.342881][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.352912][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.363135][ T17] Bluetooth: hci2: command 0x040f tx timeout [ 186.375467][ T6885] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.402030][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.409969][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 186.419179][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 186.427756][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 186.437576][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 186.446691][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 186.456088][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 186.465014][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 186.483024][ T6881] device veth0_macvtap entered promiscuous mode [ 186.520177][ T8184] Bluetooth: hci3: command 0x040f tx timeout [ 186.538719][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 186.547394][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 186.561534][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.570721][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.579675][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 186.590943][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 186.599974][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.608253][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.619097][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 186.636361][ T6881] device veth1_macvtap entered promiscuous mode [ 186.658646][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 186.673603][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 186.683898][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 186.691889][ T2472] Bluetooth: hci4: command 0x040f tx timeout [ 186.695642][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.707325][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.717353][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 186.725740][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 186.743124][ T6887] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.776256][ T6885] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.795371][ T6883] device veth0_vlan entered promiscuous mode [ 186.828167][ T6889] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 186.839453][ T2472] Bluetooth: hci5: command 0x040f tx timeout [ 186.847724][ T6889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 186.862139][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 186.884786][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 186.893685][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 186.902501][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 186.926864][ T6883] device veth1_vlan entered promiscuous mode [ 186.956640][ T6881] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 186.974324][ T6881] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 186.985836][ T6881] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 187.000125][ T6881] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 187.010582][ T6881] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.022475][ T6881] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 187.030728][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 187.039846][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 187.047544][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 187.056682][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 187.065798][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 187.075251][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 187.084456][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 187.122429][ T6881] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.132702][ T6881] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.142284][ T6881] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.152005][ T6881] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 187.169260][ T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.177259][ T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.197089][ T6889] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.242232][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 187.254247][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 187.263514][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 187.271215][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 187.278963][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 187.287591][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 187.328773][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 187.336302][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 187.366356][ T7] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.382913][ T7] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.404777][ T6887] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.430469][ T6885] device veth0_vlan entered promiscuous mode [ 187.437618][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 187.462120][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 187.480199][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 187.489095][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 187.497644][ T4067] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 187.512756][ T6883] device veth0_macvtap entered promiscuous mode [ 187.556469][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 187.577701][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 187.609277][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 187.620738][ T6883] device veth1_macvtap entered promiscuous mode 07:50:09 executing program 0: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r0) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x127) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)={0x14, r5, 0xc46dfc707e1df77d}, 0x14}}, 0x0) [ 187.659340][ T6885] device veth1_vlan entered promiscuous mode [ 187.711898][ T235] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.742577][ T235] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.786134][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 187.812552][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 187.840858][ T2639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready 07:50:09 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000000)={'mangle\x00', 0x2, [{}, {}]}, 0x48) [ 187.883640][ T2639] Bluetooth: hci0: command 0x0419 tx timeout [ 187.903700][ T6883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 187.916698][ T6883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.930938][ T6883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 187.942738][ T6883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.955834][ T6883] batman_adv: batadv0: Interface activated: batadv_slave_0 07:50:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r2, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB='d\x00\x00\x00,\x00\'\r\x00'/20, @ANYRES32=r2, @ANYBLOB="0000000000000000ffff000009000100666c6f77"], 0x64}}, 0x0) r3 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r3, &(0x7f0000000200), 0x4924924924926d3, 0x0) [ 187.977460][ T6883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 187.990354][ T6883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.018575][ T6883] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 188.031654][ T6883] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.050268][ T6883] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 188.079048][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 188.087774][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 188.101462][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 188.112458][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 188.123102][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 188.133634][ T8249] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.0'. [ 188.144039][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 188.154182][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 188.163062][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 188.173256][ T7] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 188.173897][ T8247] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 188.195007][ T7] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 188.197276][ T6889] device veth0_vlan entered promiscuous mode [ 188.203326][ T2639] Bluetooth: hci1: command 0x0419 tx timeout [ 188.226674][ T6885] device veth0_macvtap entered promiscuous mode [ 188.250564][ T6883] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.263233][ T6883] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.288471][ T6883] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.297199][ T6883] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.311350][ T8249] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.0'. [ 188.336509][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 188.345521][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 188.363297][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 188.372285][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 188.381825][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 188.411805][ T6885] device veth1_macvtap entered promiscuous mode [ 188.429632][ T3096] Bluetooth: hci2: command 0x0419 tx timeout [ 188.454659][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 188.464758][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 188.476340][ T6889] device veth1_vlan entered promiscuous mode [ 188.509700][ T8252] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.0'. [ 188.515001][ T8251] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 188.542840][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready 07:50:10 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000740)=ANY=[@ANYBLOB="5c0000000206050000000000000000000000000005000400000000000900020073797a3000000000050005000a00000005000100060000000c000780080006400000000016000300686173683a6e65742c706f72742c6e6574"], 0x5c}}, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)={0x28, 0x3, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x28}}, 0x0) [ 188.556089][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 188.575275][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 188.587668][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 188.599713][ T2639] Bluetooth: hci3: command 0x0419 tx timeout [ 188.612805][ T6887] device veth0_vlan entered promiscuous mode [ 188.649119][ T8252] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.0'. [ 188.679216][ T6885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 188.707178][ T6885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.723534][ T6885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 188.737406][ T6885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.750356][ T6885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 188.757328][ T2639] Bluetooth: hci4: command 0x0419 tx timeout [ 188.761616][ T6885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.784806][ T6885] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 188.814242][ T6887] device veth1_vlan entered promiscuous mode 07:50:10 executing program 1: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@multicast, @link_local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @multicast1}, @time_exceeded={0xb, 0x1, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback}}}}}}, 0x0) 07:50:10 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f00000002c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, 0x108) [ 188.836844][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 188.861132][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready 07:50:10 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}, @IFLA_ADDRESS={0xa, 0x1, @link_local}]}, 0x40}}, 0x0) [ 188.903431][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 188.918513][ T2639] Bluetooth: hci5: command 0x0419 tx timeout [ 188.934181][ T6885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 188.958672][ T6885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.971306][ T6885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 188.990983][ T6885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.007604][ T6885] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 189.026622][ T6885] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.044221][ T6885] batman_adv: batadv0: Interface activated: batadv_slave_1 07:50:10 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000380)='TIPCv2\x00') sendmsg$TIPC_NL_NET_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x20, r1, 0x301, 0x0, 0x0, {0x7}, [@TIPC_NLA_SOCK={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8}]}]}, 0x20}}, 0x0) [ 189.078045][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 189.092335][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 189.110875][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 189.130715][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 189.141641][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 189.182474][ T6889] device veth0_macvtap entered promiscuous mode [ 189.212098][ T6885] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.228141][ T6885] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.255877][ T6885] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.272395][ T6885] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.305753][ T6889] device veth1_macvtap entered promiscuous mode [ 189.426712][ T235] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.465458][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 189.475107][ T235] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.488493][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 189.499099][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 189.507786][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 189.517761][ T2472] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 189.543614][ T6889] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 189.564964][ T6889] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.583247][ T6889] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 189.593974][ T6889] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.604274][ T6889] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 189.617421][ T6889] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.627388][ T6889] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 189.638707][ T6889] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.651310][ T6889] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 189.661666][ T6887] device veth0_macvtap entered promiscuous mode [ 189.685085][ T6887] device veth1_macvtap entered promiscuous mode [ 189.692373][ T7] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.711381][ T7] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.723797][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 189.740325][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 189.756570][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 189.765531][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 189.775922][ T6889] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 189.791693][ T6889] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.802601][ T6889] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 189.813462][ T6889] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.824075][ T6889] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 189.834859][ T6889] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.844754][ T6889] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 189.855695][ T6889] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 189.867093][ T6889] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 189.885589][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 189.895994][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 189.938899][ T6889] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.947666][ T6889] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.972702][ T6889] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 07:50:11 executing program 2: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x50, 0x4, 0x3a0, 0xd0, 0x0, 0x0, 0xd0, 0x0, 0x2d0, 0x2d0, 0x2d0, 0x2d0, 0x2d0, 0x4, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xde], 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xc7}}, {{@ipv6={@mcast1, @mcast1, [], [], 'dummy0\x00', 'vcan0\x00'}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@frag={{0x30, 'frag\x00'}}, @common=@ipv6header={{0x28, 'ipv6header\x00'}}]}, @REJECT={0x28, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30, 'SET\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x400) [ 189.988704][ T6889] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.017886][ T6887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.030142][ T235] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.038150][ T235] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.056100][ T6887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.084605][ T6887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.114429][ T6887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.136381][ T6887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.156300][ T6887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.185686][ T6887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.210754][ T6887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.221325][ T6887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 190.232143][ T6887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.243941][ T6887] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 190.283553][ T6887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 190.294697][ T6887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.305380][ T6887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 190.317003][ T6887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.337299][ T6887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 190.361967][ T6887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.373295][ T6887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 190.383810][ T6887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.393743][ T6887] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 190.404248][ T6887] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 190.415516][ T6887] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 190.424061][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 190.434870][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 190.444319][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 190.453242][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 190.463183][ T7841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 190.506392][ T6887] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.516352][ T6887] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.525957][ T6887] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.535431][ T6887] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 190.570883][ T235] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.580212][ T235] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.594631][ T3096] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 07:50:12 executing program 3: r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) getsockopt$ax25_int(r0, 0x101, 0x2, &(0x7f0000000200), &(0x7f0000000240)=0x4) [ 190.722721][ T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.742878][ T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.816631][ T235] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.839053][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 190.850062][ T235] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.885807][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 190.902625][ T358] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 190.932402][ T358] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 190.950502][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 190.971891][ T358] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 191.000530][ T358] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 191.013003][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 07:50:12 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)='\x00@\x00\x00', 0x4) r1 = accept(r0, 0x0, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0xfffffd33}}, 0x0) recvmsg(r1, &(0x7f000000b680)={0x0, 0x0, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x5}], 0x1}, 0x0) 07:50:12 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="0a4800001a000515d25a80648c63940d0524fc60100006400a000000053582c137153e370907088000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 07:50:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r5, @ANYBLOB="0000400000000002280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="2800000014002101000000000000000002000000", @ANYRES32=r5, @ANYBLOB="08000400ffffffff08000200e0"], 0x28}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2000000014002101008000000000000002000000", @ANYRES32=r5, @ANYBLOB="08000200ac"], 0x20}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@ipv4_newaddr={0x20, 0x14, 0x121, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r5}, [@IFA_LOCAL={0x8, 0x2, @multicast2}]}, 0x20}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv4_deladdr={0x18, 0x15, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r5}}, 0x18}}, 0x0) 07:50:12 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x84, 0x81, 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x84, 0x81, 0x0, 0x0) r2 = accept4$rose(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x80000) r3 = accept(r2, &(0x7f0000000a00)=@x25, &(0x7f0000002f40)=0xfffffffffffffd1f) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0104000000000000000006"], 0x3}}, 0x0) sendmsg$L2TP_CMD_NOOP(r3, &(0x7f0000003040)={&(0x7f0000002f80)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000003000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="1c0000959c76147dc4b3ad5ef1743d9d22aa04cb7a1782f23c14b40697d11142c7f7066259a9b7516c755a8000", @ANYRESHEX=r1, @ANYBLOB="000229bd7000fcdbdf250000000008001900ac1414aa86051dba5835365c0a488d86293c011be29b152ccb587c7de6e6e4354344131853e3ff246fb1c771d3ceafc987ee0526dc7f8217c67977ae4a09074c9ae1fac18596fde28599c04b2db5aeda3d8c812bb14bcf0e3ff0cdff8ede148960c797dc5fd3944df19cbaed09f3aa59cd469253bb05a677e33c908329bb95"], 0x1c}, 0x1, 0x0, 0x0, 0x20040010}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f00000001c0)=ANY=[], 0x3af4701e) r7 = socket(0x10, 0x2, 0x0) r8 = socket(0x22, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000a80)={'syz_tun\x00'}) bind$packet(r8, &(0x7f0000000240)={0x11, 0x1b, 0x0, 0x1, 0x20, 0x6, @broadcast}, 0x14) getsockname$packet(r3, &(0x7f0000000980), &(0x7f00000009c0)=0xffffffffffffffa0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="300000001300010500000000fd000225000000008cbd4935f45db80fc769955f19626f8a508def9f618d10f4f67084403e29fd55f4718578b0165583ac6b41ef478082e2aaa835acb3e874b5fd81b685261c47d249451a3cc8794d4478e1e1857e7fc26de90998de73c528fc9cccfcc3fb5dc338c22905e6", @ANYRES32=0x0, @ANYBLOB="0000000000000000040016800a000100aaaaaaaaaabb0000"], 0x30}}, 0x40000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_DEL_KEY(r7, &(0x7f0000000380)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000d40)=ANY=[@ANYBLOB="c30000003d593c4fb49e9d474d487b46ac39347cd28157a22eaccb992cb88ffcf54a6ca3debb3dfb0e6a722e1ea02b0c15cc6f31ef1d100a9455569503e7364c9334cff786ffaf0340b157ed151901737114c0b0038364c8654180a40e8c4b46e674b171b33cb1039330f9a001d70b69697ca7171d0665eb51303dcf244b03551c184fdb9e7a7716ea1338fcab8427679e1ba51a6927404670677b84273f7eefff4a91f6dcf03604927cd1047e7a44d6990443ba8cc48900ece857313807e5716b9067512f1385290853b86bb12282088ab29a4e6a9ef7fc14d65497e5e5c08e", @ANYRES32=r0, @ANYRES64=0x0], 0x3}, 0x1, 0x0, 0x0, 0x48041}, 0x55) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r6, 0x0) getsockopt$bt_BT_VOICE(r6, 0x112, 0xb, &(0x7f00000000c0)=0x8000, &(0x7f0000000140)=0x2) socket$netlink(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x44031}, 0x40015) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r10, &(0x7f0000000000)='threaded\x00', 0xb1d000) getsockopt$bt_BT_POWER(r10, 0x112, 0x9, &(0x7f00000003c0)=0x4, &(0x7f0000000400)=0x1) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32=r11, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000002800210400"/20, @ANYRES32, @ANYBLOB="ac0c0000fffffffffffff0000c0080eb8600000075700000200002001c0004"], 0x3}}, 0x0) r12 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r12, &(0x7f0000000140), 0x5, 0x0) 07:50:12 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x63, 0x11, 0xc}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 07:50:12 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYBLOB="380000001000050700"/20, @ANYRES32=r3, @ANYBLOB="00000016010000001800120008000100736974000c00020008000300", @ANYRES32=r4], 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=@newlink={0x30, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0x4}}}]}, 0x30}}, 0x0) [ 191.163728][ T8369] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 07:50:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1) 07:50:13 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x43, &(0x7f00000001c0)=0xffffffff, 0x4) 07:50:13 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x58, 0x0, 0x9, 0x801, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_PRIV_DATA_LEN={0x8}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x8, 0x1, 0x1, 0x0, 0x1}}, @NFCTH_TUPLE={0x24, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @empty}}}]}]}, 0x58}}, 0x0) 07:50:13 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r0, &(0x7f0000000340)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1) 07:50:13 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x0, 0x0, @private2}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x4e24, 0x0, @empty}], 0x1c) [ 191.452631][ T8386] netlink: 'syz-executor.5': attribute type 2 has an invalid length. [ 191.476742][ T8386] netlink: 'syz-executor.5': attribute type 1 has an invalid length. 07:50:13 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000240)={0xffffffffffffffff, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@ipv6_newnexthop={0x3c, 0x68, 0x209, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r1}, @NHA_ENCAP={0x14, 0x8, 0x0, 0x1, @LWT_BPF_OUT={0x10, 0x2, 0x0, 0x1, @LWT_BPF_PROG_NAME={0xc, 0x2, 'batadv0\x00'}}}, @NHA_ENCAP_TYPE={0x6, 0x7, 0x2}]}, 0x3c}}, 0x0) 07:50:13 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r1 = accept4(r0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x1b, &(0x7f0000000000), &(0x7f0000000040)=0x10) [ 191.656972][ T8378] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 191.675540][ T8392] netlink: 'syz-executor.5': attribute type 2 has an invalid length. [ 191.726177][ T8374] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 07:50:13 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x84, 0x81, 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x84, 0x81, 0x0, 0x0) r2 = accept4$rose(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x80000) r3 = accept(r2, &(0x7f0000000a00)=@x25, &(0x7f0000002f40)=0xfffffffffffffd1f) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0104000000000000000006"], 0x3}}, 0x0) sendmsg$L2TP_CMD_NOOP(r3, &(0x7f0000003040)={&(0x7f0000002f80)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000003000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="1c0000959c76147dc4b3ad5ef1743d9d22aa04cb7a1782f23c14b40697d11142c7f7066259a9b7516c755a8000", @ANYRESHEX=r1, @ANYBLOB="000229bd7000fcdbdf250000000008001900ac1414aa86051dba5835365c0a488d86293c011be29b152ccb587c7de6e6e4354344131853e3ff246fb1c771d3ceafc987ee0526dc7f8217c67977ae4a09074c9ae1fac18596fde28599c04b2db5aeda3d8c812bb14bcf0e3ff0cdff8ede148960c797dc5fd3944df19cbaed09f3aa59cd469253bb05a677e33c908329bb95"], 0x1c}, 0x1, 0x0, 0x0, 0x20040010}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f00000001c0)=ANY=[], 0x3af4701e) r7 = socket(0x10, 0x2, 0x0) r8 = socket(0x22, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000a80)={'syz_tun\x00'}) bind$packet(r8, &(0x7f0000000240)={0x11, 0x1b, 0x0, 0x1, 0x20, 0x6, @broadcast}, 0x14) getsockname$packet(r3, &(0x7f0000000980), &(0x7f00000009c0)=0xffffffffffffffa0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="300000001300010500000000fd000225000000008cbd4935f45db80fc769955f19626f8a508def9f618d10f4f67084403e29fd55f4718578b0165583ac6b41ef478082e2aaa835acb3e874b5fd81b685261c47d249451a3cc8794d4478e1e1857e7fc26de90998de73c528fc9cccfcc3fb5dc338c22905e6", @ANYRES32=0x0, @ANYBLOB="0000000000000000040016800a000100aaaaaaaaaabb0000"], 0x30}}, 0x40000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_DEL_KEY(r7, &(0x7f0000000380)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000940)={&(0x7f0000000d40)=ANY=[@ANYBLOB="c30000003d593c4fb49e9d474d487b46ac39347cd28157a22eaccb992cb88ffcf54a6ca3debb3dfb0e6a722e1ea02b0c15cc6f31ef1d100a9455569503e7364c9334cff786ffaf0340b157ed151901737114c0b0038364c8654180a40e8c4b46e674b171b33cb1039330f9a001d70b69697ca7171d0665eb51303dcf244b03551c184fdb9e7a7716ea1338fcab8427679e1ba51a6927404670677b84273f7eefff4a91f6dcf03604927cd1047e7a44d6990443ba8cc48900ece857313807e5716b9067512f1385290853b86bb12282088ab29a4e6a9ef7fc14d65497e5e5c08e", @ANYRES32=r0, @ANYRES64=0x0], 0x3}, 0x1, 0x0, 0x0, 0x48041}, 0x55) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r6, 0x0) getsockopt$bt_BT_VOICE(r6, 0x112, 0xb, &(0x7f00000000c0)=0x8000, &(0x7f0000000140)=0x2) socket$netlink(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x44031}, 0x40015) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_type(r10, &(0x7f0000000000)='threaded\x00', 0xb1d000) getsockopt$bt_BT_POWER(r10, 0x112, 0x9, &(0x7f00000003c0)=0x4, &(0x7f0000000400)=0x1) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32=r11, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="500000002800210400"/20, @ANYRES32, @ANYBLOB="ac0c0000fffffffffffff0000c0080eb8600000075700000200002001c0004"], 0x3}}, 0x0) r12 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r12, &(0x7f0000000140), 0x5, 0x0) 07:50:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x20, r1, 0xb03, 0x0, 0x0, {0x13}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x5}]}]}, 0x20}}, 0x0) 07:50:13 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crct10dif-generic\x00'}, 0x58) r1 = accept(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000440)=[{0x0, 0x0, 0x0}], 0x1, 0x0) 07:50:13 executing program 5: r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000400)={'vxcan0\x00', 0x0}) connect(r0, &(0x7f0000000140)=@ll={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x80) sendmsg$can_bcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x1, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "b5d60cd4e5d3a158"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x1, 0x0, 0x0, {0x0, 0x2710}, {0x77359400}, {}, 0x1, @can={{}, 0x40, 0x0, 0x0, 0x0, "b5d60cd4e5d3a158"}}, 0x48}}, 0x0) [ 191.843919][ T8409] netlink: 'syz-executor.0': attribute type 2 has an invalid length. 07:50:13 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0xbf, @fixed, 0x0, 0x1}, 0xe) [ 191.888534][ T8411] netlink: 'syz-executor.0': attribute type 2 has an invalid length. 07:50:13 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in6=@local, @in6=@empty}, {@in=@dev, 0x0, 0x6c}, @in=@multicast1, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'lzs\x00'}}}]}, 0x138}}, 0x0) 07:50:13 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11, 0x1, 'bridge_slave\x00'}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_FAST_LEAVE={0x5, 0x7, 0x1}]}}}]}, 0x44}}, 0x0) 07:50:13 executing program 2: bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x2c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) [ 192.013860][ T8423] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. 07:50:13 executing program 3: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32, @ANYBLOB="02000000000080008000120008000100767469"], 0xa0}}, 0x0) r0 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 07:50:14 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0xfffffdba, &(0x7f0000000100)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x34, r1, 0x209, 0x0, 0x0, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @remote}, @FOU_ATTR_IFINDEX={0x8, 0xb, r3}, @FOU_ATTR_PEER_V4={0x8, 0x8, @multicast1}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e23}]}, 0x34}}, 0x0) 07:50:14 executing program 5: r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendmsg$xdp(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000580)="5c00c1eb9f8874b4237c09b4", 0xc}], 0x1}, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$alg(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x135}}], 0x4de, 0x0, 0x0) ppoll(&(0x7f00000001c0)=[{r0}], 0x1, 0x0, 0x0, 0x0) 07:50:14 executing program 3: r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90) 07:50:14 executing program 2: r0 = socket$inet6(0xa, 0x80003, 0x7) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x9effffff, &(0x7f0000000180)={&(0x7f0000000640)={0x14, 0x0, 0x0, 0x0, 0x0, {0xf}}, 0x14}, 0x1, 0x100000000000000}, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x88, 0x0, 0x0, 0x0, 0x0, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x88}}, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x2551, 0x4) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) recvmmsg(r0, &(0x7f00000010c0)=[{{0x0, 0x0, 0x0}}], 0x300, 0xff00, 0x0) 07:50:14 executing program 0: r0 = socket(0x1000000010, 0x80002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0xfffffffffffffcfd, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x5c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x4}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xae24}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc, 0x1, {{}, {0x514d}}}]}}]}]}]}}]}, 0x5c}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0) 07:50:14 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000100)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty={[0x45]}, @ipv4={[0x0, 0x2], [], @local}}}) 07:50:14 executing program 5: sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="300000001d00070f000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000a000200bbbbbbbbbbbb0000060005"], 0x30}}, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) 07:50:14 executing program 3: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x78, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8, 0x1, 'sfq\x00'}, {0x4c, 0x2, {{0x0, 0x0, 0x0, 0x3}}}}]}, 0x78}, 0x1, 0x4}, 0x0) 07:50:14 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0x800452d2, 0x0) 07:50:14 executing program 0: clock_gettime(0x0, &(0x7f0000000300)) 07:50:14 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in6=@rand_addr=' \x01\x00'}, {@in6=@mcast2, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {}, {}, {}, 0x0, 0x0, 0x2, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) 07:50:14 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb, 0x1, 'clsact\x00'}]}, 0x30}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x24, 0x64, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff2, 0xffff}}}, 0x24}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb, 0x1, 'clsact\x00'}]}, 0x30}}, 0x0) 07:50:14 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmsg$can_bcm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000300)=""/272, 0x110}], 0x1}, 0x0) 07:50:14 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'lo\x00', 0x0}) connect$can_bcm(r1, &(0x7f0000000500)={0x1d, r2}, 0x10) 07:50:14 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='pids.events\x00', 0x275a, 0x0) mmap(&(0x7f000028e000/0x2000)=nil, 0x2000, 0x0, 0x28011, r0, 0x0) 07:50:14 executing program 2: r0 = socket$inet6(0xa, 0x80003, 0x7) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x9effffff, &(0x7f0000000180)={&(0x7f0000000640)={0x14, 0x0, 0x0, 0x0, 0x0, {0xf}}, 0x14}, 0x1, 0x100000000000000}, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x88, 0x0, 0x0, 0x0, 0x0, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x88}}, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x2551, 0x4) sendmmsg(r0, &(0x7f00000092c0), 0x3fffffffffffe9f, 0x0) recvmmsg(r0, &(0x7f00000010c0)=[{{0x0, 0x0, 0x0}}], 0x300, 0xff00, 0x0) 07:50:14 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x4}, 0x6) write$binfmt_misc(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000020007"], 0xd) 07:50:14 executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, 0x0, &(0x7f0000002a00)) 07:50:14 executing program 5: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, 0x0, &(0x7f0000000300)) 07:50:14 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040), 0x6) write$bt_hci(r0, &(0x7f0000000000)={0x1, @read_clock={{0x1407, 0x3}}}, 0x7) 07:50:14 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x15, 0x10, 0x8000}, 0x40) 07:50:15 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_TDLS_OPER(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_TDLS_OPERATION={0x5}]}, 0x30}}, 0x0) 07:50:15 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000036000511d25a80648c63940d0224fc60100035400a000a000200000037153e370400088004000e00d1bd", 0x2e}], 0x1}, 0x0) 07:50:15 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000240)={'filter\x00', 0x7, 0x2, 0x3f0, 0x110, 0x0, 0x0, 0x220, 0x308, 0x308, 0x4, 0x0, {[{{@arp={@loopback, @rand_addr, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_to_hsr\x00', 'geneve1\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local, @mac=@broadcast, @dev, @private}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@local, @remote}}}, {{@arp={@private, @remote, 0x0, 0x0, 0x0, 0x0, {@mac=@broadcast}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_macvtap\x00', 'macsec0\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00'}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x440) 07:50:15 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x0, 0x0, 0xfffffffffffffffe) 07:50:15 executing program 4: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x1000, 0x1000}, 0x18) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x80, 0x4) r1 = socket(0x100000000011, 0x2, 0x0) bind(r1, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0}, &(0x7f00000002c0)=0xfeeb) bind$xdp(r0, &(0x7f0000000900)={0x2c, 0x0, r2}, 0x10) [ 193.371874][ T8515] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 193.405194][ T8515] __nla_validate_parse: 5 callbacks suppressed [ 193.405202][ T8515] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.3'. 07:50:15 executing program 0: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r0, 0x10c, 0x6, &(0x7f0000000100), &(0x7f0000000140)=0x4) 07:50:15 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000640)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="14050000", @ANYRES16=r2, @ANYBLOB="33a1cd96d754869700007e"], 0x1c}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendfile(r3, r1, 0x0, 0x100000001) 07:50:15 executing program 5: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="5500000020007fafb72d13b2a4a2719302000000030b43026c26236925000400fe7b31afdc1338d509000000000100005ae583de0dd7d8decc1e05eb3f0000bf0cec6bab91d400"/85, 0x55}], 0x1}, 0x0) 07:50:15 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000140)=ANY=[@ANYRESOCT, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES16, @ANYBLOB="ac21c241e2208d212b13cfeea5e6a1aa08e5a53981674c075034d4dd31a8216829ec8932f59f46de76a6cbb02dafeaa7fe8a3adc54da7b878208d8e0d7e7e9a711517e4995cd"], 0xb8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000080000000000000000000000000a20000000000a01000000000087a3db98000000000900010073797a300000000084000000080a8381933a000000000000000000000900010073797a30000000000c00024000000000000000032e000240"], 0x1}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendfile(r2, r1, 0x0, 0x100000001) 07:50:15 executing program 3: unshare(0x6c060000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x8031, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$fou(0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000100)={'nat\x00', 0x0, [0x0, 0x2]}, &(0x7f00000000c0)=0x54) 07:50:15 executing program 4: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x1000, 0x1000}, 0x18) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x80, 0x4) r1 = socket(0x100000000011, 0x2, 0x0) bind(r1, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000240)={0x11, 0x0, 0x0}, &(0x7f00000002c0)=0xfeeb) bind$xdp(r0, &(0x7f0000000900)={0x2c, 0x0, r2}, 0x10) 07:50:15 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@bridge_delneigh={0x28, 0x1c, 0xf07, 0x0, 0x0, {0x7, 0x0, 0x0, r3, 0x0, 0x87}, [@NDA_LLADDR={0xa, 0x2, @link_local={0x1, 0x0}}]}, 0x28}}, 0x0) [ 193.884402][ T8535] IPVS: ftp: loaded support on port[0] = 21 [ 193.889949][ T8540] netlink: 'syz-executor.5': attribute type 4 has an invalid length. [ 193.906517][ T29] audit: type=1804 audit(1602143415.652:2): pid=8538 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir664117990/syzkaller.SlMAw0/12/cgroup.controllers" dev="sda1" ino=15779 res=1 errno=0 07:50:15 executing program 4: r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f0000000080)={0x7a, "990000"}, 0x4) [ 193.914259][ T8540] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.5'. [ 193.957075][ T8538] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. 07:50:15 executing program 2: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2, 0x840000000000a132, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000140), 0xff4d) sendfile(r2, r1, 0x0, 0xffffffff800) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000100)) sendfile(r2, r1, &(0x7f0000000040), 0x100000001) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) 07:50:15 executing program 1: syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00\x00@', 0x14, 0x6, 0x0, @local, @mcast2, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 194.024985][ T8539] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. 07:50:15 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@ipv4={[], [], @dev}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in, 0x10000, 0x32}, 0x0, @in6=@remote, 0x0, 0x0, 0x3, 0xb7, 0x1fd, 0x9}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0xf0) 07:50:15 executing program 0: socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) pipe(&(0x7f0000000100)) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet(0x2, 0x80001, 0x0) socket$inet6(0xa, 0x5, 0x0) socket(0x10, 0x803, 0x0) socket$inet(0x2, 0x80001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0xa, 0x0) pipe(&(0x7f0000000100)) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="580000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="03020000000000002800128009000100766c616e000000001800028006000100000000000c0002000e0000000a00000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00'], 0x58}}, 0x0) 07:50:15 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000080)=ANY=[@ANYRES32=0x0], &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x7c, &(0x7f0000000100)=@assoc_value={r1, 0xa}, 0x8) 07:50:16 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000700)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "da6f5d29c3"}]}, 0x30}}, 0x0) [ 194.210667][ T29] audit: type=1804 audit(1602143415.962:3): pid=8565 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir963969402/syzkaller.OY3gzi/11/memory.events" dev="sda1" ino=15761 res=1 errno=0 [ 194.322675][ T29] audit: type=1800 audit(1602143415.992:4): pid=8565 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="memory.events" dev="sda1" ino=15761 res=0 errno=0 07:50:16 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000001280)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_TYPE={0x8}]}], {0x14}}, 0x7c}}, 0x0) [ 194.454604][ T29] audit: type=1804 audit(1602143415.992:5): pid=8565 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir963969402/syzkaller.OY3gzi/11/memory.events" dev="sda1" ino=15761 res=1 errno=0 07:50:16 executing program 1: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002d80)={&(0x7f0000002c80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5}]}}, &(0x7f0000002cc0)=""/157, 0x2a, 0x9d, 0x1}, 0x20) [ 194.990147][ T29] audit: type=1804 audit(1602143416.742:6): pid=8583 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir963969402/syzkaller.OY3gzi/11/memory.events" dev="sda1" ino=15761 res=1 errno=0 07:50:16 executing program 3: unshare(0x6c060000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x8031, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$fou(0x0) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000100)={'nat\x00', 0x0, [0x0, 0x2]}, &(0x7f00000000c0)=0x54) 07:50:16 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)={0x2, 0x7, 0x0, 0x0, 0x2}, 0x10}}, 0x0) sendmsg$key(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 07:50:16 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @any, 0x3, 0x2}, 0xe) 07:50:16 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@ipv4={[], [], @dev}, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in, 0x10000, 0x32}, 0x0, @in6=@remote, 0x0, 0x0, 0x3, 0xb7, 0x1fd, 0x9}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0xf0) 07:50:16 executing program 2: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2, 0x840000000000a132, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000140), 0xff4d) sendfile(r2, r1, 0x0, 0xffffffff800) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000100)) sendfile(r2, r1, &(0x7f0000000040), 0x100000001) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) [ 195.145777][ T29] audit: type=1800 audit(1602143416.742:7): pid=8583 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="memory.events" dev="sda1" ino=15761 res=0 errno=0 07:50:16 executing program 4: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2, 0x840000000000a132, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0xb00000000065808, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000140), 0xff4d) sendfile(r2, r1, 0x0, 0xffffffff800) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000100)) sendfile(r2, r1, &(0x7f0000000040), 0x100000001) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) [ 195.228365][ T12] Bluetooth: hci0: command 0x1407 tx timeout 07:50:17 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'hash\x00', 0x0, 0x0, 'tgr128\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000001300)=[{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000080)="879ee7", 0x3}, {&(0x7f0000000140)="27d3dd9229dc84881854ca9424d0cc1bfbcf97bac4929934744248f6941af004a4ad8b7c8f30f6e5b978a49c", 0x2c}, {&(0x7f00000000c0)="190d765d5dc4e31d5f8199e0a2005d2bc09a", 0x12}], 0x3}], 0x1, 0x0) [ 195.277635][ T8612] IPVS: ftp: loaded support on port[0] = 21 [ 195.315371][ T29] audit: type=1804 audit(1602143416.802:8): pid=8599 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir963969402/syzkaller.OY3gzi/11/memory.events" dev="sda1" ino=15761 res=1 errno=0 [ 195.492892][ T29] audit: type=1804 audit(1602143417.022:9): pid=8614 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir963969402/syzkaller.OY3gzi/12/memory.events" dev="sda1" ino=15794 res=1 errno=0 07:50:17 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x1000}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000006000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000000ef2d30ed9e9ae396fcc43020ed7dbc319c3fd06c3aed8a89b7085bd01433b0360341925d090efe0d2369c59c71aad05c6d0fe532bfa0abfab9686ba2050c64ef17096431429b00c92d1c105cab83a91537753b06f81a7a2ced6159b8161e81fbe6e51068017de70b90825cdc4dae5c5c807bd49093fb976ec196e2b721e03ae0105bedab2ec3328435ed198f80b82c02d9974adee7743c3924534a1ce29c10751eed6d9c5aeea67b4750af60eff7e99bf4f4f51aafa96b4cb76cc03b49d172cf77ae0cc07331e4e09bdf16e7865ec2bcff59f24a97e1fc2d7d91a591947d04e5c3d43f6a1c7d6b88ea19ce81fd3609ee714a1155a58d7652f03d6f12b9d2ffd9b1ea7e860f35856ad54c182c773174e31f613b179b9c2fa209dce42d02aad1011c1effcb5f91f217eb332b4e105fbccc5287e4f135ffceb563529aed06a9c0015d1d84c096eb9ea4d110d0c8a85cddfc07c24dd107d86982feec979db5209c7256d7827820f5c8b17f19b5b2d118c406b4e8368b2d29eb98a00f100e7b196360be847201c080000007f81459fbb22a4964c98812047248cf6802788b2b3f4bf6cf42e276476302d96c63d290ee4e59bde664c5becf971e9214f6bce3513789a7e75ce51bf797e106c76ca85abdbec1c0eaa5659238b14c5c23146321c6b604d4ce89ce87fcf8b647de74241c116f6ae2ec5ad87c8f31a4a4bf60341198ebcdb9c20c3b68ebf7d856eea12e0545c5f545e8814d2f6b0206713649947fa4059e040e1f2fc59df8dcad8abfbe08952b6eaeef47e17065c3000341fa87d695c6c9b058372b554b3ec77248a7846fee2266f30ac7d200f0fe23651b053d17c36827c894b80912af524ecf48b6dd350a5953b0a0d5d5b4242288f1f96fcc2ea8ad68903925492565b85abf9952355d9a228092c8064903852af9c606bbfbccc4ba50ad3c1121b27af5b9b4421efe029c56ed54a312adb9653a490bdd2b44e38a12235d7eb6adfd6f2e7e8539fcae286fdd106f925450e131d0dd7323cda7af3ada8767d530aada62c4e49c9978ff61736f8044352f0bd92180d1e2838ca165fdddf6136babab1d4aa2af869432f97e18c1d00000036861bd4256057141c8b86094fbcfe79f45757759b09b17ce2ed2797397d544ea2b50be03264306c5d68fbaa76bb756b0abb8a22324dbd08aff480e4fc773a2b1ae305e99fc19365217376c5d1bdf556a3200dbf106bc09b646d742137952b5655b9c44940ea6e05e34ad73896f7e438bd25a0b236625bb100000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x18000000000002e0, 0x16, 0x0, &(0x7f0000000280)="b95b03b700030005439e40f08847", 0x0, 0x1a4, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x40) 07:50:17 executing program 5: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000680003"], 0x20}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x3, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) [ 195.794147][ T29] audit: type=1800 audit(1602143417.022:10): pid=8614 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="memory.events" dev="sda1" ino=15794 res=0 errno=0 [ 195.908849][ T8660] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. [ 195.986685][ T29] audit: type=1804 audit(1602143417.042:11): pid=8614 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir963969402/syzkaller.OY3gzi/12/memory.events" dev="sda1" ino=15794 res=1 errno=0 07:50:18 executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="c40000000b06010100000000010bfdff1d000000070001"], 0x1}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) splice(r0, 0x0, r2, 0x0, 0x883715, 0x0) 07:50:18 executing program 1: r0 = socket$tipc(0x1e, 0x2, 0x0) ioctl$SIOCGETNODEID(r0, 0x89e1, &(0x7f0000000000)) 07:50:18 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="380000002400ffffff7f000000003c0005000000", @ANYRES32=r2, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xe}}, [@filter_kind_options=@f_flower={{0xb, 0x1, 'flower\x00'}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_IPV4_DST={0x8, 0x1d, @multicast2}]}}]}, 0x3c}}, 0x0) r3 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r3, &(0x7f0000000200), 0x10efe10675dec16, 0x0) [ 196.514915][ T8727] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 196.568733][ T8727] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.0'. [ 196.578086][ T8729] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 196.652978][ T8731] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 196.707326][ T8732] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 07:50:18 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 07:50:18 executing program 2: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000340)={&(0x7f0000000000)=@in={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f0000000300)=[{&(0x7f00000000c0)="af", 0x1}], 0x1}, 0x0) sendmsg$inet_sctp(r0, &(0x7f0000000240)={&(0x7f0000000180)=@in={0x2, 0x0, @private=0xa010100}, 0x10, &(0x7f0000000200)=[{&(0x7f00000001c0)="1e", 0x1}], 0x1}, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000140)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000040)=@assoc_value={r2}, 0x8) 07:50:18 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000dc0)=@mangle={'mangle\x00', 0x64, 0x6, 0x6e8, 0x408, 0x408, 0x338, 0x0, 0x0, 0x618, 0x618, 0x618, 0x618, 0x618, 0x6, 0x0, {[{{@ipv6={@loopback, @mcast1, [], [], 'syzkaller1\x00', 'veth0_to_bridge\x00'}, 0x0, 0xd0, 0x1f8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:random_device_t:s0\x00'}}}, {{@ipv6={@dev, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, [], [], 'veth1\x00', 'ip6tnl0\x00'}, 0x0, 0x100, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @common=@unspec=@mac={{0x30, 'mac\x00'}, {@local}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@local}}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @dev, [], [], 'gretap0\x00', 'veth0\x00'}, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@dev, @ipv6=@ipv4={[], [], @broadcast}}}}, {{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @unspec=@CHECKSUM={0x28, 'CHECKSUM\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x748) 07:50:18 executing program 4: r0 = socket(0x10, 0x802, 0x0) getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x4, &(0x7f0000000040), 0x20a154f6) 07:50:18 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_RESET_STATS(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={0x14, r1, 0x1, 0x0, 0x0, {0x3}}, 0x14}}, 0x0) 07:50:18 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[{0x18, 0x110, 0x1, 'w'}], 0x18}}], 0x1, 0x0) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r1, 0x110, 0x3) connect$rxrpc(r1, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x24) sendmmsg(r1, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[{0x18, 0x110, 0x1, 'w'}], 0x18}}], 0x1, 0x0) close(r1) close(r0) 07:50:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000150000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b09000000000000001a4ce875f2e340b7679500800010000000000101013c581103b34c0d6327ecce66fd792bbf0e5bf5ff1b0816e3f6db1c00010000000040000049740000000000000002ad8e5ecc326d3a09ffc2c65400"}, 0x80) getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000089a173d2000000", @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=@can_newroute={0x24, 0x18, 0xa03, 0x0, 0x0, {}, [@CGW_DST_IF={0x8, 0xa, r5}, @CGW_SRC_IF={0x8, 0x9, r2}]}, 0x24}}, 0x0) 07:50:18 executing program 3: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = socket$inet(0xa, 0x801, 0x84) listen(r2, 0x800000000000401) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000780)) 07:50:19 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f00000020c0)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={[], [], @empty}}, 0x1c, 0x0}}], 0x1, 0x0) [ 197.233754][ T8755] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. [ 197.308241][ C1] ================================================================== [ 197.308743][ T2639] Bluetooth: hci0: command 0x1407 tx timeout [ 197.316588][ C1] BUG: KASAN: use-after-free in rxrpc_put_bundle+0x1d/0x80 [ 197.329728][ C1] Write of size 4 at addr ffff888091907720 by task systemd-udevd/8596 [ 197.337879][ C1] [ 197.340221][ C1] CPU: 1 PID: 8596 Comm: systemd-udevd Not tainted 5.9.0-rc8-syzkaller #0 [ 197.348721][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.358780][ C1] Call Trace: [ 197.362067][ C1] [ 197.364927][ C1] dump_stack+0x198/0x1fd [ 197.369271][ C1] ? rxrpc_put_bundle+0x1d/0x80 [ 197.374263][ C1] ? rxrpc_put_bundle+0x1d/0x80 [ 197.379133][ C1] print_address_description.constprop.0.cold+0xae/0x497 [ 197.386174][ C1] ? rxrpc_put_bundle+0x1d/0x80 [ 197.391035][ C1] ? lockdep_hardirqs_off+0x96/0xd0 [ 197.396249][ C1] ? vprintk_func+0x95/0x1d4 [ 197.400867][ C1] ? rxrpc_put_bundle+0x1d/0x80 [ 197.405733][ C1] ? rxrpc_put_bundle+0x1d/0x80 [ 197.410599][ C1] kasan_report.cold+0x1f/0x37 [ 197.415379][ C1] ? skb_dequeue+0xb1/0x180 [ 197.419893][ C1] ? rxrpc_put_bundle+0x1d/0x80 [ 197.424757][ C1] check_memory_region+0x13d/0x180 [ 197.429878][ C1] rxrpc_put_bundle+0x1d/0x80 [ 197.434571][ C1] rxrpc_destroy_connection+0x150/0x2f0 [ 197.440135][ C1] rcu_core+0x5ca/0x1130 [ 197.444401][ C1] ? rcu_gp_kthread+0x1ca0/0x1ca0 [ 197.449459][ C1] ? lock_is_held_type+0xbb/0xf0 [ 197.454417][ C1] __do_softirq+0x1f8/0xb23 [ 197.459078][ C1] asm_call_irq_on_stack+0xf/0x20 [ 197.464104][ C1] [ 197.467059][ C1] do_softirq_own_stack+0x9b/0xd0 [ 197.472093][ C1] irq_exit_rcu+0x235/0x280 [ 197.476609][ C1] sysvec_apic_timer_interrupt+0x51/0xf0 [ 197.482254][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 197.488258][ C1] RIP: 0010:tomoyo_domain_quota_is_ok+0x32a/0x550 [ 197.494696][ C1] Code: 89 c6 e8 39 34 eb fd 45 85 ff 74 09 e8 cf 37 eb fd 41 83 c5 01 e8 c6 37 eb fd 8d 73 01 bf 10 00 00 00 83 c3 01 e8 d6 33 eb fd <83> fb 10 75 bd e9 bf fd ff ff 41 bc 01 00 00 00 eb 91 45 31 e4 eb [ 197.514314][ C1] RSP: 0018:ffffc900060b75b0 EFLAGS: 00000293 [ 197.520391][ C1] RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff838b504a [ 197.528374][ C1] RDX: 0000000000000002 RSI: ffff88805cd72480 RDI: 0000000000000001 [ 197.536357][ C1] RBP: ffff8880a79af080 R08: 0000000000000001 R09: ffffffff8d646dc7 [ 197.544342][ C1] R10: 0000000000000010 R11: 0000000000000000 R12: 0000000000000001 [ 197.552323][ C1] R13: 00000000000002f6 R14: dffffc0000000000 R15: 0000000000000000 [ 197.560324][ C1] ? tomoyo_domain_quota_is_ok+0x32a/0x550 [ 197.566158][ C1] tomoyo_supervisor+0x2f2/0xef0 [ 197.571116][ C1] ? tomoyo_profile+0x50/0x50 [ 197.575804][ C1] ? tomoyo_encode2.part.0+0xe9/0x3a0 [ 197.581190][ C1] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 197.586754][ C1] ? do_raw_spin_unlock+0x171/0x230 [ 197.591969][ C1] ? check_preemption_disabled+0x50/0x130 [ 197.597700][ C1] ? tomoyo_path_matches_pattern+0x110/0x280 [ 197.603694][ C1] ? tomoyo_check_path_acl+0x8b/0x1f0 [ 197.609083][ C1] ? tomoyo_same_mount_acl+0x450/0x450 [ 197.614560][ C1] tomoyo_path_permission+0x270/0x3a0 [ 197.619954][ C1] tomoyo_check_open_permission+0x33e/0x380 [ 197.625863][ C1] ? tomoyo_path_number_perm+0x590/0x590 [ 197.631551][ C1] ? lock_downgrade+0x830/0x830 [ 197.636413][ C1] ? do_raw_spin_lock+0x120/0x2b0 [ 197.641467][ C1] tomoyo_file_open+0xa3/0xd0 [ 197.646154][ C1] security_file_open+0x52/0x4f0 [ 197.651109][ C1] do_dentry_open+0x358/0x11b0 [ 197.655893][ C1] ? may_open+0x1e4/0x400 [ 197.660233][ C1] path_openat+0x1b9a/0x2730 [ 197.664850][ C1] ? path_lookupat+0x830/0x830 [ 197.669624][ C1] ? lock_is_held_type+0xbb/0xf0 [ 197.674593][ C1] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 197.680604][ C1] ? lock_is_held_type+0xbb/0xf0 [ 197.685551][ C1] ? page_idle_get_page+0x30/0x790 [ 197.690679][ C1] do_filp_open+0x17e/0x3c0 [ 197.695195][ C1] ? may_open_dev+0xf0/0xf0 [ 197.699724][ C1] ? do_raw_spin_lock+0x120/0x2b0 [ 197.704765][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 197.709732][ C1] ? _raw_spin_unlock+0x24/0x40 [ 197.714593][ C1] ? __alloc_fd+0x28d/0x600 [ 197.719141][ C1] do_sys_openat2+0x16d/0x420 [ 197.723836][ C1] ? build_open_flags+0x650/0x650 [ 197.728878][ C1] ? do_raw_spin_unlock+0x171/0x230 [ 197.734102][ C1] __x64_sys_open+0x119/0x1c0 [ 197.738794][ C1] ? do_sys_open+0x140/0x140 [ 197.743402][ C1] ? __secure_computing+0x104/0x360 [ 197.748622][ C1] do_syscall_64+0x2d/0x70 [ 197.753049][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 197.758946][ C1] RIP: 0033:0x7f4a8e57f6f0 [ 197.763374][ C1] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 19 30 2c 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe 9d 01 00 48 89 04 24 [ 197.782991][ C1] RSP: 002b:00007fff06d75188 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 197.791424][ C1] RAX: ffffffffffffffda RBX: 00005624ee97e6d0 RCX: 00007f4a8e57f6f0 [ 197.799409][ C1] RDX: 00000000000001b6 RSI: 0000000000080000 RDI: 00007fff06d75330 [ 197.807403][ C1] RBP: 0000000000000008 R08: 0000000000000008 R09: 0000000000000001 [ 197.815392][ C1] R10: 0000000000080000 R11: 0000000000000246 R12: 00005624ecab968a [ 197.823376][ C1] R13: 0000000000000001 R14: 00005624ee98ce00 R15: 00007fff06d753b0 [ 197.831379][ C1] [ 197.833718][ C1] Allocated by task 8753: [ 197.838061][ C1] kasan_save_stack+0x1b/0x40 [ 197.842749][ C1] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 197.848396][ C1] kmem_cache_alloc_trace+0x174/0x300 [ 197.853789][ C1] rxrpc_alloc_bundle+0x88/0x2c0 [ 197.858737][ C1] rxrpc_connect_call+0x85c/0x1580 [ 197.863859][ C1] rxrpc_new_client_call+0x961/0x1020 [ 197.869238][ C1] rxrpc_do_sendmsg+0xf14/0x136d [ 197.874185][ C1] rxrpc_sendmsg+0x420/0x630 [ 197.878778][ C1] sock_sendmsg+0xcf/0x120 [ 197.883196][ C1] ____sys_sendmsg+0x331/0x810 [ 197.887966][ C1] ___sys_sendmsg+0xf3/0x170 [ 197.892556][ C1] __sys_sendmmsg+0x195/0x480 [ 197.897229][ C1] __x64_sys_sendmmsg+0x99/0x100 [ 197.902164][ C1] do_syscall_64+0x2d/0x70 [ 197.906579][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 197.912458][ C1] [ 197.914779][ C1] Freed by task 7841: [ 197.918759][ C1] kasan_save_stack+0x1b/0x40 [ 197.923436][ C1] kasan_set_track+0x1c/0x30 [ 197.928023][ C1] kasan_set_free_info+0x1b/0x30 [ 197.932956][ C1] __kasan_slab_free+0xd8/0x120 [ 197.937809][ C1] kfree+0x10e/0x2b0 [ 197.941702][ C1] rxrpc_put_bundle+0x6b/0x80 [ 197.946383][ C1] rxrpc_unbundle_conn+0x1f8/0x3d0 [ 197.951497][ C1] rxrpc_clean_up_local_conns+0x38d/0x587 [ 197.957212][ C1] rxrpc_local_processor+0x38d/0x5e0 [ 197.962496][ C1] process_one_work+0x94c/0x1670 [ 197.967437][ C1] worker_thread+0x64c/0x1120 [ 197.972107][ C1] kthread+0x3b5/0x4a0 [ 197.976172][ C1] ret_from_fork+0x1f/0x30 [ 197.980575][ C1] [ 197.982899][ C1] The buggy address belongs to the object at ffff888091907700 [ 197.982899][ C1] which belongs to the cache kmalloc-192 of size 192 [ 197.996946][ C1] The buggy address is located 32 bytes inside of [ 197.996946][ C1] 192-byte region [ffff888091907700, ffff8880919077c0) [ 198.010125][ C1] The buggy address belongs to the page: [ 198.015759][ C1] page:000000007fe3d189 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888091907d00 pfn:0x91907 [ 198.027205][ C1] flags: 0xfffe0000000200(slab) [ 198.032059][ C1] raw: 00fffe0000000200 ffffea0002841788 ffffea0002403b08 ffff8880aa040000 [ 198.040647][ C1] raw: ffff888091907d00 ffff888091907000 000000010000000d 0000000000000000 [ 198.049232][ C1] page dumped because: kasan: bad access detected [ 198.055634][ C1] [ 198.057953][ C1] Memory state around the buggy address: [ 198.063578][ C1] ffff888091907600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 198.072509][ C1] ffff888091907680: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 198.080564][ C1] >ffff888091907700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 198.088617][ C1] ^ [ 198.093719][ C1] ffff888091907780: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 198.101796][ C1] ffff888091907800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 198.109845][ C1] ================================================================== [ 198.117893][ C1] Disabling lock debugging due to kernel taint [ 198.124085][ C1] Kernel panic - not syncing: panic_on_warn set ... [ 198.130672][ C1] CPU: 1 PID: 8596 Comm: systemd-udevd Tainted: G B 5.9.0-rc8-syzkaller #0 [ 198.140552][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 198.150604][ C1] Call Trace: [ 198.153887][ C1] [ 198.156750][ C1] dump_stack+0x198/0x1fd [ 198.161076][ C1] ? rxrpc_destroy_client_conn_ids+0x110/0x160 [ 198.167217][ C1] panic+0x382/0x7fb [ 198.171107][ C1] ? __warn_printk+0xf3/0xf3 [ 198.175694][ C1] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 198.181861][ C1] ? trace_hardirqs_on+0x55/0x220 [ 198.186891][ C1] ? rxrpc_put_bundle+0x1d/0x80 [ 198.191745][ C1] ? rxrpc_put_bundle+0x1d/0x80 [ 198.196612][ C1] end_report+0x4d/0x53 [ 198.200772][ C1] kasan_report.cold+0xd/0x37 [ 198.205450][ C1] ? skb_dequeue+0xb1/0x180 [ 198.209957][ C1] ? rxrpc_put_bundle+0x1d/0x80 [ 198.214814][ C1] check_memory_region+0x13d/0x180 [ 198.219931][ C1] rxrpc_put_bundle+0x1d/0x80 [ 198.224609][ C1] rxrpc_destroy_connection+0x150/0x2f0 [ 198.230158][ C1] rcu_core+0x5ca/0x1130 [ 198.234411][ C1] ? rcu_gp_kthread+0x1ca0/0x1ca0 [ 198.239439][ C1] ? lock_is_held_type+0xbb/0xf0 [ 198.245166][ C1] __do_softirq+0x1f8/0xb23 [ 198.249684][ C1] asm_call_irq_on_stack+0xf/0x20 [ 198.254699][ C1] [ 198.257647][ C1] do_softirq_own_stack+0x9b/0xd0 [ 198.262673][ C1] irq_exit_rcu+0x235/0x280 [ 198.267183][ C1] sysvec_apic_timer_interrupt+0x51/0xf0 [ 198.272818][ C1] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 198.278801][ C1] RIP: 0010:tomoyo_domain_quota_is_ok+0x32a/0x550 [ 198.285216][ C1] Code: 89 c6 e8 39 34 eb fd 45 85 ff 74 09 e8 cf 37 eb fd 41 83 c5 01 e8 c6 37 eb fd 8d 73 01 bf 10 00 00 00 83 c3 01 e8 d6 33 eb fd <83> fb 10 75 bd e9 bf fd ff ff 41 bc 01 00 00 00 eb 91 45 31 e4 eb [ 198.298257][ T8773] caif:caif_disconnect_client(): nothing to disconnect [ 198.304812][ C1] RSP: 0018:ffffc900060b75b0 EFLAGS: 00000293 [ 198.304824][ C1] RAX: 0000000000000000 RBX: 0000000000000002 RCX: ffffffff838b504a [ 198.304832][ C1] RDX: 0000000000000002 RSI: ffff88805cd72480 RDI: 0000000000000001 [ 198.304840][ C1] RBP: ffff8880a79af080 R08: 0000000000000001 R09: ffffffff8d646dc7 [ 198.304847][ C1] R10: 0000000000000010 R11: 0000000000000000 R12: 0000000000000001 [ 198.304854][ C1] R13: 00000000000002f6 R14: dffffc0000000000 R15: 0000000000000000 [ 198.304880][ C1] ? tomoyo_domain_quota_is_ok+0x32a/0x550 [ 198.363345][ C1] tomoyo_supervisor+0x2f2/0xef0 [ 198.368299][ C1] ? tomoyo_profile+0x50/0x50 [ 198.372985][ C1] ? tomoyo_encode2.part.0+0xe9/0x3a0 [ 198.378369][ C1] ? rcu_read_lock_sched_held+0x3a/0xb0 [ 198.383924][ C1] ? do_raw_spin_unlock+0x171/0x230 [ 198.389137][ C1] ? check_preemption_disabled+0x50/0x130 [ 198.394866][ C1] ? tomoyo_path_matches_pattern+0x110/0x280 [ 198.400858][ C1] ? tomoyo_check_path_acl+0x8b/0x1f0 [ 198.406239][ C1] ? tomoyo_same_mount_acl+0x450/0x450 [ 198.411702][ C1] tomoyo_path_permission+0x270/0x3a0 [ 198.417081][ C1] tomoyo_check_open_permission+0x33e/0x380 [ 198.422976][ C1] ? tomoyo_path_number_perm+0x590/0x590 [ 198.428630][ C1] ? lock_downgrade+0x830/0x830 [ 198.433481][ C1] ? do_raw_spin_lock+0x120/0x2b0 [ 198.438511][ C1] tomoyo_file_open+0xa3/0xd0 [ 198.443204][ C1] security_file_open+0x52/0x4f0 [ 198.448149][ C1] do_dentry_open+0x358/0x11b0 [ 198.452921][ C1] ? may_open+0x1e4/0x400 [ 198.457254][ C1] path_openat+0x1b9a/0x2730 [ 198.461855][ C1] ? path_lookupat+0x830/0x830 [ 198.466628][ C1] ? lock_is_held_type+0xbb/0xf0 [ 198.471571][ C1] ? lockdep_hardirqs_on_prepare+0x530/0x530 [ 198.477555][ C1] ? lock_is_held_type+0xbb/0xf0 [ 198.482493][ C1] ? page_idle_get_page+0x30/0x790 [ 198.487612][ C1] do_filp_open+0x17e/0x3c0 [ 198.492121][ C1] ? may_open_dev+0xf0/0xf0 [ 198.496631][ C1] ? do_raw_spin_lock+0x120/0x2b0 [ 198.501660][ C1] ? rwlock_bug.part.0+0x90/0x90 [ 198.506606][ C1] ? _raw_spin_unlock+0x24/0x40 [ 198.511458][ C1] ? __alloc_fd+0x28d/0x600 [ 198.515962][ C1] do_sys_openat2+0x16d/0x420 [ 198.520638][ C1] ? build_open_flags+0x650/0x650 [ 198.525654][ C1] ? do_raw_spin_unlock+0x171/0x230 [ 198.530832][ C1] __x64_sys_open+0x119/0x1c0 [ 198.535487][ C1] ? do_sys_open+0x140/0x140 [ 198.540058][ C1] ? __secure_computing+0x104/0x360 [ 198.545248][ C1] do_syscall_64+0x2d/0x70 [ 198.549645][ C1] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 198.555524][ C1] RIP: 0033:0x7f4a8e57f6f0 [ 198.559920][ C1] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 19 30 2c 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe 9d 01 00 48 89 04 24 [ 198.579517][ C1] RSP: 002b:00007fff06d75188 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 198.587904][ C1] RAX: ffffffffffffffda RBX: 00005624ee97e6d0 RCX: 00007f4a8e57f6f0 [ 198.595866][ C1] RDX: 00000000000001b6 RSI: 0000000000080000 RDI: 00007fff06d75330 [ 198.603814][ C1] RBP: 0000000000000008 R08: 0000000000000008 R09: 0000000000000001 [ 198.611769][ C1] R10: 0000000000080000 R11: 0000000000000246 R12: 00005624ecab968a [ 198.619717][ C1] R13: 0000000000000001 R14: 00005624ee98ce00 R15: 00007fff06d753b0 [ 198.628930][ C1] Kernel Offset: disabled [ 198.633254][ C1] Rebooting in 86400 seconds..