Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '[localhost]:33224' (ECDSA) to the list of known hosts. 2020/11/24 20:28:21 fuzzer started 2020/11/24 20:28:21 dialing manager at 10.0.2.10:41377 2020/11/24 20:28:22 syscalls: 3441 2020/11/24 20:28:22 code coverage: enabled 2020/11/24 20:28:22 comparison tracing: enabled 2020/11/24 20:28:22 extra coverage: enabled 2020/11/24 20:28:22 setuid sandbox: enabled 2020/11/24 20:28:22 namespace sandbox: enabled 2020/11/24 20:28:22 Android sandbox: /sys/fs/selinux/policy does not exist 2020/11/24 20:28:22 fault injection: enabled 2020/11/24 20:28:22 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/11/24 20:28:22 net packet injection: enabled 2020/11/24 20:28:22 net device setup: enabled 2020/11/24 20:28:22 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/11/24 20:28:22 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/11/24 20:28:22 USB emulation: enabled 2020/11/24 20:28:22 hci packet injection: enabled 2020/11/24 20:28:22 wifi device emulation: enabled 20:29:48 executing program 0: 20:29:48 executing program 1: 20:29:48 executing program 2: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) r1 = ioctl$TIOCGPTPEER(r0, 0x5421, 0xa073fb) write$cgroup_netprio_ifpriomap(r1, &(0x7f0000000040)=ANY=[], 0x10) 20:29:49 executing program 3: r0 = socket$l2tp(0x2, 0x2, 0x73) sendto$inet(r0, &(0x7f0000000040)="b9", 0x1, 0x0, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) syzkaller login: [ 197.873884][ T9167] IPVS: ftp: loaded support on port[0] = 21 [ 197.959414][ T9169] IPVS: ftp: loaded support on port[0] = 21 [ 198.103458][ T9167] chnl_net:caif_netlink_parms(): no params data found [ 198.240639][ T9169] chnl_net:caif_netlink_parms(): no params data found [ 198.301443][ T9167] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.327302][ T9167] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.346000][ T9167] device bridge_slave_0 entered promiscuous mode [ 198.378845][ T9167] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.394305][ T9167] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.409526][ T9167] device bridge_slave_1 entered promiscuous mode [ 198.446943][ T9171] IPVS: ftp: loaded support on port[0] = 21 [ 198.469018][ T9167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.491011][ T9169] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.512639][ T9169] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.537409][ T9169] device bridge_slave_0 entered promiscuous mode [ 198.558326][ T9167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.600634][ T9169] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.601304][ T9172] IPVS: ftp: loaded support on port[0] = 21 [ 198.614503][ T9169] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.640069][ T9169] device bridge_slave_1 entered promiscuous mode [ 198.679308][ T9167] team0: Port device team_slave_0 added [ 198.699089][ T9167] team0: Port device team_slave_1 added [ 198.726825][ T9169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 198.756598][ T9169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 198.790633][ T9167] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 198.804773][ T9167] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.843499][ T9167] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.872466][ T9167] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.883890][ T9167] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.926582][ T9167] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.985983][ T9169] team0: Port device team_slave_0 added [ 199.011972][ T9169] team0: Port device team_slave_1 added [ 199.066920][ T9169] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 199.085245][ T9169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 199.133995][ T9169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 199.158630][ T9169] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 199.173258][ T9169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 199.226248][ T9169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 199.280350][ T9167] device hsr_slave_0 entered promiscuous mode [ 199.301856][ T9167] device hsr_slave_1 entered promiscuous mode [ 199.348667][ T9169] device hsr_slave_0 entered promiscuous mode [ 199.359773][ T9169] device hsr_slave_1 entered promiscuous mode [ 199.377567][ T9169] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 199.398378][ T9169] Cannot create hsr debugfs directory [ 199.483620][ T9171] chnl_net:caif_netlink_parms(): no params data found [ 199.636641][ T9171] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.650080][ T9171] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.667597][ T9171] device bridge_slave_0 entered promiscuous mode [ 199.688191][ T9171] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.704521][ T9171] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.731285][ T9171] device bridge_slave_1 entered promiscuous mode [ 199.793132][ T9172] chnl_net:caif_netlink_parms(): no params data found [ 199.812099][ T18] Bluetooth: hci0: command 0x0409 tx timeout [ 199.839830][ T9171] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 199.869609][ T9171] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 199.941898][ T9171] team0: Port device team_slave_0 added [ 199.961190][ T18] Bluetooth: hci1: command 0x0409 tx timeout [ 199.987275][ T9171] team0: Port device team_slave_1 added [ 200.013548][ T9172] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.025783][ T9172] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.037715][ T9172] device bridge_slave_0 entered promiscuous mode [ 200.050461][ T9167] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 200.081491][ T9171] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.095048][ T9171] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.145012][ T9171] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.171698][ T9172] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.188614][ T9172] bridge0: port 2(bridge_slave_1) entered disabled state [ 200.207787][ T9172] device bridge_slave_1 entered promiscuous mode [ 200.236434][ T9167] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 200.257102][ T9167] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 200.275040][ T9171] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.294013][ T9171] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.349103][ T9171] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 200.371913][ T28] Bluetooth: hci2: command 0x0409 tx timeout [ 200.385604][ T9172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 200.414308][ T9167] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 200.445646][ T9172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 200.486540][ T9169] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 200.509764][ T9169] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 200.538538][ T9169] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 200.582526][ T9172] team0: Port device team_slave_0 added [ 200.596452][ T9169] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 200.602500][ T18] Bluetooth: hci3: command 0x0409 tx timeout [ 200.636943][ T9171] device hsr_slave_0 entered promiscuous mode [ 200.648144][ T9171] device hsr_slave_1 entered promiscuous mode [ 200.663166][ T9171] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 200.677974][ T9171] Cannot create hsr debugfs directory [ 200.692469][ T9172] team0: Port device team_slave_1 added [ 200.723711][ T9172] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 200.753957][ T9172] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.798597][ T9172] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.854865][ T9172] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.866283][ T9172] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.903844][ T9172] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 200.964709][ T9172] device hsr_slave_0 entered promiscuous mode [ 200.975484][ T9172] device hsr_slave_1 entered promiscuous mode [ 200.985534][ T9172] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 200.996503][ T9172] Cannot create hsr debugfs directory [ 201.148262][ T9171] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 201.164574][ T9171] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 201.181479][ T9171] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 201.209837][ T9171] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 201.265685][ T9172] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 201.277053][ T9172] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 201.294479][ T9167] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.306561][ T9172] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 201.319699][ T9172] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 201.370410][ T9169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 201.385750][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.399127][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.416540][ T9167] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.437042][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.450457][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.466530][ T3082] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.476747][ T3082] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.502524][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.535705][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.565156][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.586768][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.600801][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.632917][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 201.644152][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 201.654433][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 201.673406][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 201.689272][ T9169] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.707760][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 201.722400][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 201.737796][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 201.757033][ T1724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 201.769733][ T1724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 201.781500][ T1724] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.793725][ T1724] bridge0: port 1(bridge_slave_0) entered forwarding state [ 201.807258][ T1724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.821933][ T1724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.843162][ T67] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 201.867054][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 201.886421][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 201.905649][ T3085] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.926107][ T3085] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.949163][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.972627][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.998262][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.017983][ T3085] Bluetooth: hci0: command 0x041b tx timeout [ 202.039339][ T9167] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.058962][ T9201] Bluetooth: hci1: command 0x041b tx timeout [ 202.064738][ T9167] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.087807][ T9171] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.108455][ T9172] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.121371][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.135028][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.161819][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.173959][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.186651][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.199356][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.212710][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.227762][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.247534][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.262044][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.277066][ T9171] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.300028][ T9172] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.310408][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 202.319511][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 202.331009][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 202.340138][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 202.351227][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 202.361368][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 202.378724][ T9167] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 202.398803][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.411482][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.422651][ T3085] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.431784][ T3085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.444334][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.460019][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.475337][ T3085] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.490456][ T3085] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.501863][ T18] Bluetooth: hci2: command 0x041b tx timeout [ 202.509208][ T9169] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 202.530464][ T9169] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 202.547187][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 202.558419][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 202.574765][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 202.587150][ T3085] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.597921][ T3085] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.609746][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 202.622317][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 202.633606][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.646337][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 202.662947][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.682217][ T18] Bluetooth: hci3: command 0x041b tx timeout [ 202.691065][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 202.691501][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 202.691787][ T3486] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.691825][ T3486] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.692088][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 202.776621][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 202.787925][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 202.800187][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 202.813712][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 202.829072][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 202.845391][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 202.859373][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 202.874508][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 202.885886][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 202.898236][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 202.908667][ T3082] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 202.936134][ T9167] device veth0_vlan entered promiscuous mode [ 202.949505][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 202.966571][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 202.980295][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 202.996725][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 203.008535][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 203.023159][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 203.043143][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 203.059952][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 203.078942][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 203.094915][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 203.118877][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 203.135741][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 203.147705][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 203.168574][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 203.190268][ T9171] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 203.217742][ T9172] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 203.243416][ T9172] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 203.264194][ T9169] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.288802][ T9167] device veth1_vlan entered promiscuous mode [ 203.303777][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 203.315250][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 203.329381][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 203.344777][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 203.357227][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 203.383584][ T9171] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.413322][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 203.427737][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 203.443879][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 203.474871][ T9172] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 203.493436][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 203.512560][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 203.541939][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 203.568682][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 203.603631][ T9167] device veth0_macvtap entered promiscuous mode [ 203.620205][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 203.634642][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 203.655691][ T9167] device veth1_macvtap entered promiscuous mode [ 203.676372][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 203.693768][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 203.713435][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 203.730294][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 203.762157][ T9169] device veth0_vlan entered promiscuous mode [ 203.798720][ T9167] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.820835][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 203.841956][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 203.865005][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 203.897033][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 203.924458][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 203.947093][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 203.967855][ T9169] device veth1_vlan entered promiscuous mode [ 203.980581][ T9167] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.001916][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 204.026931][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 204.041347][ T3085] Bluetooth: hci0: command 0x040f tx timeout [ 204.051166][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 204.072670][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 204.105137][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 204.121599][ T3085] Bluetooth: hci1: command 0x040f tx timeout [ 204.139557][ T9171] device veth0_vlan entered promiscuous mode [ 204.170815][ T9167] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.196428][ T9167] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.215819][ T9167] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.237025][ T9167] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.311445][ T9171] device veth1_vlan entered promiscuous mode [ 204.342916][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 204.364308][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 204.382596][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 204.401233][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 204.421405][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 204.451872][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 204.472446][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 204.501789][ T9172] device veth0_vlan entered promiscuous mode [ 204.521238][ T18] Bluetooth: hci2: command 0x040f tx timeout [ 204.534095][ T9171] device veth0_macvtap entered promiscuous mode [ 204.568147][ T9172] device veth1_vlan entered promiscuous mode [ 204.590168][ T1724] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 204.611187][ T1724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 204.674551][ T1724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 204.692363][ T1724] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 204.707522][ T1724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 204.722920][ T1724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 204.743356][ T9171] device veth1_macvtap entered promiscuous mode [ 204.761463][ T18] Bluetooth: hci3: command 0x040f tx timeout [ 204.798209][ T9171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 204.819919][ T9171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 204.856138][ T9171] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.885521][ T9169] device veth0_macvtap entered promiscuous mode [ 204.908263][ T1724] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 204.925749][ T1724] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 204.941269][ T1724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 204.963954][ T9171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 204.986043][ T9171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.007552][ T9171] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.031509][ T9169] device veth1_macvtap entered promiscuous mode [ 205.047126][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 205.059499][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 205.075749][ T9171] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.096624][ T9171] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.118012][ T9171] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.145217][ T9171] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.191488][ T9172] device veth0_macvtap entered promiscuous mode [ 205.208952][ T9202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 205.226975][ T9202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 205.246782][ T9202] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 205.283248][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.301365][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.319910][ T9172] device veth1_macvtap entered promiscuous mode [ 205.338613][ T9169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 205.359762][ T9169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.378202][ T9169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 205.411425][ T9169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.435670][ T9169] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 205.452748][ T9202] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 205.472167][ T9202] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 205.487839][ T9202] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 205.509493][ T9202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 205.555735][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.579906][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.584212][ T9169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 205.636074][ T9169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.656491][ T9169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 205.680991][ T9169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.704013][ T9169] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 205.730400][ T9169] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.756147][ T9169] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.776083][ T9169] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.794569][ T9169] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.818227][ T87] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 205.834149][ T87] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 205.849767][ T87] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 205.872085][ T9172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 205.891249][ T9172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.910299][ T9172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 205.931209][ T9172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.947828][ T9172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 205.966877][ T9172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 205.984251][ T9172] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 206.021261][ T9202] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 206.054870][ T9202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 206.095218][ T9167] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 206.099760][ T9172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 206.138460][ T3085] Bluetooth: hci0: command 0x0419 tx timeout 20:29:58 executing program 0: [ 206.138517][ T9172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.185990][ T9172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 20:29:58 executing program 0: [ 206.218370][ T9172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 206.221352][ T87] Bluetooth: hci1: command 0x0419 tx timeout 20:29:58 executing program 0: [ 206.243949][ T9172] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 20:29:58 executing program 0: [ 206.283763][ T9172] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 20:29:58 executing program 0: [ 206.311761][ T9172] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 206.345567][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.365313][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.383182][ T9198] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.389968][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 206.403375][ T9198] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.418556][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 206.454039][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 206.466754][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 206.482354][ T9172] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.503409][ T9172] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.530183][ T9172] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.543866][ T9172] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 206.601480][ T3085] Bluetooth: hci2: command 0x0419 tx timeout [ 206.625466][ T9188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.647503][ T9188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.678410][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 206.740471][ T9188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.763702][ T9189] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.769580][ T9188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.782660][ T9198] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 206.782689][ T9198] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.784509][ T3486] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 206.792740][ T9189] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 206.807959][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 206.841195][ T9202] Bluetooth: hci3: command 0x0419 tx timeout [ 206.847347][ T3085] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 20:29:59 executing program 0: 20:29:59 executing program 2: 20:29:59 executing program 3: 20:29:59 executing program 1: 20:29:59 executing program 2: 20:29:59 executing program 0: 20:29:59 executing program 1: 20:29:59 executing program 3: 20:29:59 executing program 2: 20:29:59 executing program 0: 20:29:59 executing program 3: 20:29:59 executing program 1: 20:29:59 executing program 0: 20:29:59 executing program 2: 20:29:59 executing program 3: 20:29:59 executing program 2: 20:29:59 executing program 1: 20:29:59 executing program 3: 20:29:59 executing program 0: 20:29:59 executing program 2: 20:29:59 executing program 1: 20:29:59 executing program 3: 20:29:59 executing program 1: 20:29:59 executing program 0: 20:29:59 executing program 2: 20:29:59 executing program 3: 20:29:59 executing program 1: 20:29:59 executing program 0: 20:29:59 executing program 2: 20:29:59 executing program 3: 20:29:59 executing program 1: 20:29:59 executing program 2: 20:29:59 executing program 0: 20:29:59 executing program 3: 20:29:59 executing program 1: 20:29:59 executing program 2: 20:29:59 executing program 0: 20:29:59 executing program 3: 20:29:59 executing program 1: 20:29:59 executing program 0: 20:29:59 executing program 1: 20:29:59 executing program 2: 20:29:59 executing program 3: 20:29:59 executing program 0: 20:29:59 executing program 2: 20:29:59 executing program 3: 20:29:59 executing program 1: 20:29:59 executing program 2: 20:29:59 executing program 0: 20:29:59 executing program 1: 20:29:59 executing program 2: 20:29:59 executing program 0: 20:29:59 executing program 3: 20:29:59 executing program 1: 20:30:00 executing program 0: 20:30:00 executing program 2: 20:30:00 executing program 1: 20:30:00 executing program 0: 20:30:00 executing program 2: 20:30:00 executing program 3: 20:30:00 executing program 1: 20:30:00 executing program 0: 20:30:00 executing program 1: 20:30:00 executing program 0: 20:30:00 executing program 2: 20:30:00 executing program 3: 20:30:00 executing program 1: 20:30:00 executing program 2: 20:30:00 executing program 0: 20:30:00 executing program 3: 20:30:00 executing program 1: 20:30:00 executing program 2: 20:30:00 executing program 0: 20:30:00 executing program 0: 20:30:00 executing program 3: 20:30:00 executing program 2: 20:30:00 executing program 1: 20:30:00 executing program 3: 20:30:00 executing program 0: 20:30:00 executing program 1: 20:30:00 executing program 3: 20:30:00 executing program 2: 20:30:00 executing program 0: 20:30:00 executing program 3: 20:30:00 executing program 1: 20:30:00 executing program 2: 20:30:00 executing program 0: 20:30:00 executing program 3: 20:30:00 executing program 1: 20:30:00 executing program 3: 20:30:00 executing program 2: 20:30:00 executing program 0: 20:30:00 executing program 1: 20:30:00 executing program 1: 20:30:00 executing program 2: 20:30:00 executing program 3: 20:30:00 executing program 0: 20:30:00 executing program 2: 20:30:00 executing program 3: 20:30:00 executing program 0: 20:30:00 executing program 1: 20:30:00 executing program 3: 20:30:00 executing program 2: 20:30:00 executing program 0: 20:30:00 executing program 1: 20:30:00 executing program 0: 20:30:00 executing program 3: 20:30:00 executing program 3: 20:30:00 executing program 2: 20:30:00 executing program 0: 20:30:00 executing program 1: 20:30:00 executing program 2: 20:30:00 executing program 3: 20:30:00 executing program 0: 20:30:00 executing program 1: 20:30:00 executing program 3: 20:30:00 executing program 2: 20:30:00 executing program 0: 20:30:00 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{}, 'syz0\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) 20:30:00 executing program 3: 20:30:00 executing program 2: 20:30:00 executing program 0: [ 208.640423][ T9438] input: syz0 as /devices/virtual/input/input5 20:30:00 executing program 2: 20:30:00 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000040)=0x5aba, 0x4) 20:30:00 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) [ 208.733519][ T9448] input: syz0 as /devices/virtual/input/input6 20:30:01 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0xe, 0x4, 0x3fc, 0xffffffff, 0x0, 0x250, 0x250, 0xffffffff, 0xffffffff, 0x334, 0x334, 0x334, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x164, 0x188, 0x0, {}, [@common=@unspec=@string={{0xc0, 'string\x00'}, {0x0, 0x0, 'bm\x00', "0d3abfc0decee011440a9a9120f2e615c13e1822a74304304e99fcac21b255189531afc28410d063e94c368a54c2065c5975a196cec7ccd102a5f4ac65f2337e9ed3b86d4cf4ff51a6ad5b8282304fd700c5307df521ae639d003fbe62e719a227f86764417ccb597d10234f0b7a3c2b93b3033e7a2f4801fedefcd7469293be", 0x80}}]}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2, [], [], 'ip6tnl0\x00', 'lo\x00'}, 0x0, 0xa4, 0xe4}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x458) 20:30:01 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0xe, 0x4, 0x3e4, 0xffffffff, 0x0, 0x0, 0x254, 0xffffffff, 0xffffffff, 0x31c, 0x31c, 0x31c, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @remote, [], [], 'team_slave_0\x00', 'rose0\x00'}, 0x0, 0x164, 0x18c, 0x0, {}, [@common=@unspec=@string={{0xc0, 'string\x00'}, {0x0, 0x0, 'bm\x00', "43c121f135f458947e5cc0b49b36518521dbcb0ef7292f1a4442678c5ba8b443bd998fd5234d5baf065feed4c6f26bbedcec84d4db5666dded8ff748435a2e1d880a4ad8c0eb579415fb338e9b0027497a1277891653c7aa3717ded77def066a71d466758ff0f25e95d43048c16b956fc2b0d10f4d16c2c751d9d31aaf60b77e", 0x36, 0x3}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x5}}}, {{@ipv6={@mcast2, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'syzkaller0\x00', 'batadv_slave_1\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@ipv6={@mcast2, @remote, [], [], 'geneve0\x00', 'veth0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0xfffffffffffffdd1) 20:30:01 executing program 0: syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x4042) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) openat$procfs(0xffffff9c, &(0x7f0000000000)='/proc/sysvipc/sem\x00', 0x0, 0x0) [ 208.798189][ T9460] x_tables: duplicate underflow at hook 2 20:30:01 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@bridge_delneigh={0x30, 0x1d, 0x1, 0x0, 0x0, {0x2}, [@NDA_DST_IPV6={0x14, 0x1, @private0}]}, 0x30}}, 0x0) 20:30:01 executing program 3: r0 = socket(0x2, 0x1, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0xe, &(0x7f0000000000)="0a84d2a9dbdc44f99c64312b2ad90312dd1235229d2a46cb1eb554c3b1012ae6305f240f36137404e2ff112c31290aaf5e6b0a5fb9afa39f9ff07f93cecce7bffe8448c2da6f6f5365d5d5154af110f96de63eeaeae2d8d6385c64a32e4bb1bf9419cad8686d5a0257bc2502cfe1d1c9264d7a09fa96f207cda2fe39f074d5f209302964bcaebc0c0a944b0c230f32452e33567b7c65020a0c801d37e03a1ba190bd3771843a559ee5b06be6cc6ad3dc97fc627c163442a9a4158c732c54e7a4ef7a1fa3996db3debad6bc8b1592c66a537ae71646d6a597", 0xd8) 20:30:01 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040), 0x4) 20:30:01 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0xe, 0x4, 0x394, 0xffffffff, 0x0, 0x0, 0x190, 0xffffffff, 0xffffffff, 0x2cc, 0x2cc, 0x2cc, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @loopback, [], [], 'ip6gre0\x00', 'vlan0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xfc, 0x13c, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'vlan1\x00', {0x0, 0x0, 0x7, 0x0, 0x0, 0xff, 0x80000001}}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3f0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000480)=@filter={'filter\x00', 0xe, 0x4, 0x368, 0xffffffff, 0x0, 0x0, 0xf4, 0xffffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xd0, 0xf4, 0x0, {}, [@common=@unspec=@realm={{0x2c, 'realm\x00'}}]}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, [], [], 'ip6tnl0\x00', 'lo\x00'}, 0x0, 0xa4, 0xe4}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x104) 20:30:01 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0xe, 0x4, 0x36c, 0xffffffff, 0x0, 0x0, 0x1b8, 0xffffffff, 0xffffffff, 0x2a4, 0x2a4, 0x2a4, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [], [], 'team_slave_0\x00', 'rose0\x00'}, 0x0, 0xcc, 0xf0, 0x0, {}, [@common=@unspec=@cpu={{0x28, 'cpu\x00'}}]}, @common=@unspec=@NFQUEUE1={0x24, 'NFQUEUE\x00', 0x1, {0x0, 0x8001}}}, {{@ipv6={@mcast2, @mcast1, [], [], 'team0\x00', 'hsr0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@ipv6={@local, @private2, [], [], 'geneve0\x00', 'veth0\x00'}, 0x0, 0xa4, 0xec}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'veth0_to_team\x00'}}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3c8) [ 208.887418][ T9476] x_tables: duplicate underflow at hook 2 20:30:01 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x4, 0x484, 0xffffffff, 0x104, 0x2d0, 0x0, 0xffffffff, 0xffffffff, 0x3bc, 0x3bc, 0x3bc, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @local, [], [], 'team_slave_0\x00', 'rose0\x00'}, 0x0, 0xe0, 0x104, 0x0, {}, [@common=@unspec=@limit={{0x3c, 'limit\x00'}, {0x0, 0x2}}]}, @REJECT={0x24, 'REJECT\x00'}}, {{@ipv6={@mcast2, @private1, [], [], 'team0\x00', 'hsr0\x00'}, 0x0, 0x1a8, 0x1cc, 0x0, {}, [@common=@inet=@recent1={{0x104, 'recent\x00'}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}]}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xec}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'veth0_to_team\x00'}}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x4e0) [ 208.914661][ T9476] x_tables: duplicate underflow at hook 2 [ 208.933676][ T9481] x_tables: duplicate underflow at hook 2 [ 208.942636][ T9476] x_tables: duplicate underflow at hook 2 20:30:01 executing program 1: r0 = openat$loop_ctrl(0xffffff9c, &(0x7f0000000040)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 20:30:01 executing program 0: syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0xb65, 0x0) 20:30:01 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$SOCK_DESTROY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x14, 0x15, 0x1}, 0x14}}, 0x0) [ 208.996534][ T9488] x_tables: duplicate underflow at hook 2 20:30:01 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0xe, 0x4, 0x374, 0xffffffff, 0xc8, 0x1c8, 0x0, 0xffffffff, 0xffffffff, 0x2ac, 0x2ac, 0x2ac, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @ipv4={[], [], @loopback}, [], [], 'bridge0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@ipv6={@empty, @loopback, [], [], 'netpci0\x00', 'gretap0\x00'}, 0x0, 0xdc, 0x100, 0x0, {}, [@common=@unspec=@quota={{0x38, 'quota\x00'}}]}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xe4}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3d0) 20:30:01 executing program 0: 20:30:01 executing program 2: 20:30:01 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x2) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x8001) [ 209.065907][ T9499] x_tables: duplicate underflow at hook 2 20:30:01 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0xe, 0x4, 0x33c, 0xffffffff, 0x0, 0xc8, 0x0, 0xffffffff, 0xffffffff, 0x274, 0x274, 0x274, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @loopback, [], [], 'ip6gre0\x00', 'vlan0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x6}}}, {{@uncond, 0x0, 0xa4, 0xe4}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x398) 20:30:01 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0xc8, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x2b0, 0x2b0, 0x2b0, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @ipv4={[], [], @loopback}, [], [], 'bridge0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xe0, 0x104, 0x0, {}, [@common=@unspec=@limit={{0x3c, 'limit\x00'}, {0x0, 0x1000}}]}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xe4}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3d4) 20:30:01 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xa) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x24, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8}], @NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}, @NL80211_ATTR_CSA_IES={0x4}]}, 0x24}}, 0x0) [ 209.124387][ T9507] x_tables: duplicate underflow at hook 2 20:30:01 executing program 3: syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0xb65, 0x4042) [ 209.146545][ T9510] x_tables: duplicate underflow at hook 2 20:30:01 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0xe, 0x4, 0x360, 0xffffffff, 0x1b4, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x298, 0x298, 0x298, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xc8, 0xec, 0x0, {}, [@common=@hl={{0x24, 'hl\x00'}}]}, @REJECT={0x24, 'REJECT\x00'}}, {{@ipv6={@local, @local, [], [], 'virt_wifi0\x00', 'batadv0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@ipv6={@private1, @loopback, [], [], 'ip6tnl0\x00', 'ip6erspan0\x00'}, 0x0, 0xa4, 0xe4}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3bc) 20:30:01 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000080)=""/204, &(0x7f0000000000)=0xcc) 20:30:01 executing program 3: r0 = socket(0x11, 0x3, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f0000000240)={0x0, 0xfc}}, 0x0) 20:30:01 executing program 0: r0 = socket(0x2, 0x1, 0x0) sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x20000800) [ 209.236567][ T9521] x_tables: duplicate underflow at hook 2 20:30:01 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000024000100000000000100000000000000060001"], 0x1c}}, 0x0) 20:30:01 executing program 2: socket(0x2, 0x0, 0x50b) 20:30:01 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0xe, 0x4, 0xb1c, 0xffffffff, 0x0, 0xc8, 0x190, 0xffffffff, 0xffffffff, 0xa54, 0xa54, 0xa54, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @loopback, [], [], 'ip6gre0\x00', 'vlan0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0x884, 0x8c4, 0x0, {}, [@common=@unspec=@u32={{0x7e0, 'u32\x00'}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0xb78) 20:30:01 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0xe, 0x4, 0x394, 0xffffffff, 0x0, 0x0, 0x190, 0xffffffff, 0xffffffff, 0x2cc, 0x2cc, 0x2cc, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @loopback, [], [], 'ip6gre0\x00', 'vlan0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xfc, 0x13c, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'vlan1\x00', {0x24, 0x5, 0x0, 0xa7, 0x9, 0xff, 0x80000001}}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3f0) 20:30:01 executing program 3: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_SET_FD(r0, 0x4c00, 0xffffffffffffffff) 20:30:01 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0xe, 0x4, 0x378, 0xffffffff, 0x0, 0x0, 0x190, 0xffffffff, 0xffffffff, 0x2b0, 0x2b0, 0x2b0, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @loopback, [], [], 'ip6gre0\x00', 'vlan0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xfc, 0x120, 0x0, {}, [@common=@inet=@hashlimit1={{0x58, 'hashlimit\x00'}, {'vlan1\x00', {0x24, 0x5, 0x0, 0x0, 0x0, 0xff, 0x80000001}}}]}, @common=@unspec=@STANDARD={0x24, '\x00', 0x0, 0xfffffffffffffffc}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3d4) 20:30:01 executing program 3: sched_getattr(0x0, &(0x7f0000000000)={0x38}, 0x38, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000040)) 20:30:01 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000880)=@filter={'filter\x00', 0xe, 0x4, 0x56c, 0xffffffff, 0x0, 0x0, 0x3c0, 0xffffffff, 0xffffffff, 0x4a4, 0x4a4, 0x4a4, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x2d4, 0x2f8, 0x0, {}, [@common=@unspec=@bpf1={{0x230, 'bpf\x00'}}]}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, [], [], 'ip6tnl0\x00', 'lo\x00'}, 0x0, 0xa4, 0xe4}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x5c8) 20:30:01 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0xe, 0x4, 0xb1c, 0xffffffff, 0x0, 0xc8, 0x190, 0xffffffff, 0xffffffff, 0xa54, 0xa54, 0xa54, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @loopback, [], [], 'ip6gre0\x00', 'vlan0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0x884, 0x8c4, 0x0, {}, [@common=@unspec=@u32={{0x7e0, 'u32\x00'}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0xb78) 20:30:01 executing program 2: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0xb65, 0x4042) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) 20:30:01 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000480)=@filter={'filter\x00', 0xe, 0x4, 0x368, 0xffffffff, 0x0, 0x0, 0xf4, 0xffffffff, 0xffffffff, 0x2a0, 0x2a0, 0x2a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xd0, 0xf4, 0x0, {}, [@common=@unspec=@realm={{0x2c, 'realm\x00'}}]}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, [], [], 'ip6tnl0\x00', 'lo\x00'}, 0x0, 0xa4, 0xe4}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x104) 20:30:01 executing program 0: syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x800, 0x0) 20:30:01 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0xe, 0x4, 0xb1c, 0xffffffff, 0x0, 0xc8, 0x190, 0xffffffff, 0xffffffff, 0xa54, 0xa54, 0xa54, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @loopback, [], [], 'ip6gre0\x00', 'vlan0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0x884, 0x8c4, 0x0, {}, [@common=@unspec=@u32={{0x7e0, 'u32\x00'}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0xb78) 20:30:01 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0xe, 0x4, 0x344, 0xffffffff, 0x0, 0xec, 0xec, 0xffffffff, 0xffffffff, 0x27c, 0x27c, 0x27c, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'team_slave_0\x00', 'wg0\x00'}, 0x0, 0xc8, 0xec, 0x0, {}, [@common=@inet=@dscp={{0x24, 'dscp\x00'}}]}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @common=@unspec=@AUDIT={0x24, 'AUDIT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3a0) 20:30:01 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=@polexpire={0x160, 0x1b, 0x1, 0x0, 0x0, {{{@in6=@empty, @in6=@loopback}}}, [@policy={0xa8, 0x7, {{@in6=@private0, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee01}}}]}, 0x160}}, 0x0) 20:30:01 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0xe, 0x4, 0xb1c, 0xffffffff, 0x0, 0xc8, 0x190, 0xffffffff, 0xffffffff, 0xa54, 0xa54, 0xa54, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @loopback, [], [], 'ip6gre0\x00', 'vlan0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0x884, 0x8c4, 0x0, {}, [@common=@unspec=@u32={{0x7e0, 'u32\x00'}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0xb78) 20:30:01 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0xe, 0x4, 0x3bc, 0xffffffff, 0x22c, 0x22c, 0x12c, 0xffffffff, 0xffffffff, 0x2f4, 0x2f4, 0x2f4, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'sit0\x00', 'rose0\x00'}, 0x0, 0x108, 0x12c, 0x0, {}, [@common=@unspec=@physdev={{0x64, 'physdev\x00'}, {'virt_wifi0\x00', {}, 'bond_slave_1\x00', {}, 0x0, 0x12}}]}, @REJECT={0x24, 'REJECT\x00'}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @empty, [], [], 'netpci0\x00', 'batadv_slave_0\x00'}, 0x0, 0xa4, 0x100}, @common=@inet=@HMARK={0x5c, 'HMARK\x00', 0x0, {@ipv4=@private, [], 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3aa33046}}}, {{@ipv6={@local, @local, [], [], 'geneve0\x00', 'veth0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x418) [ 209.566415][ T9576] ================================================================== 20:30:01 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000040)) [ 209.581476][ T9576] BUG: KASAN: slab-out-of-bounds in xfrm_attr_cpy32+0x15a/0x1d0 20:30:01 executing program 1: setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0xe, 0x4, 0xb1c, 0xffffffff, 0x0, 0xc8, 0x190, 0xffffffff, 0xffffffff, 0xa54, 0xa54, 0xa54, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @loopback, [], [], 'ip6gre0\x00', 'vlan0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0x884, 0x8c4, 0x0, {}, [@common=@unspec=@u32={{0x7e0, 'u32\x00'}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0xb78) [ 209.599303][ T9576] Write of size 4 at addr ffff888064ba496c by task syz-executor.2/9576 [ 209.619000][ T9576] 20:30:01 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000001240)=@gcm_128={{}, "b0908485141c7b9e", "84823b171ce6f21670745b5ecf19aefa", "1a39584b", "c9ac34b5fd8f47e7"}, 0x28) [ 209.621246][ T9576] CPU: 2 PID: 9576 Comm: syz-executor.2 Not tainted 5.10.0-rc5-syzkaller #0 20:30:01 executing program 0: r0 = socket(0x26, 0x5, 0x0) sendmsg$NLBL_MGMT_C_VERSION(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 20:30:01 executing program 1: setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0xe, 0x4, 0xb1c, 0xffffffff, 0x0, 0xc8, 0x190, 0xffffffff, 0xffffffff, 0xa54, 0xa54, 0xa54, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@mcast2, @loopback, [], [], 'ip6gre0\x00', 'vlan0\x00'}, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0xa4, 0xc8}, @REJECT={0x24, 'REJECT\x00'}}, {{@uncond, 0x0, 0x884, 0x8c4, 0x0, {}, [@common=@unspec=@u32={{0x7e0, 'u32\x00'}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "20cef68a6999e64e94bacf128b74ea0b139300301b83c280da710ea10220"}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0xb78) [ 209.644789][ T9576] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 209.644789][ T9576] Call Trace: [ 209.670230][ T9576] dump_stack+0x107/0x163 [ 209.670230][ T9576] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 209.691599][ T9576] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 209.704586][ T9576] print_address_description.constprop.0.cold+0xae/0x4c8 [ 209.704586][ T9576] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 209.732017][ T9576] ? vprintk_func+0x95/0x1e0 [ 209.732017][ T9576] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 209.751007][ T9576] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 209.753857][ T9576] kasan_report.cold+0x1f/0x37 [ 209.761036][ T9576] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 209.774096][ T9576] check_memory_region+0x13d/0x180 [ 209.785812][ T9576] memset+0x20/0x40 [ 209.790996][ T9576] xfrm_attr_cpy32+0x15a/0x1d0 [ 209.801733][ T9576] xfrm_user_rcv_msg_compat+0x76b/0x1040 [ 209.812226][ T9576] ? xfrm_alloc_compat+0x10d0/0x10d0 [ 209.821102][ T9576] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 209.830946][ T9576] ? mark_lock+0xf7/0x1730 [ 209.834014][ T9576] ? security_capable+0x8f/0xc0 [ 209.841113][ T9576] ? xfrm_alloc_compat+0x10d0/0x10d0 [ 209.853941][ T9576] xfrm_user_rcv_msg+0x55b/0x8b0 [ 209.861106][ T9576] ? xfrm_do_migrate+0x800/0x800 [ 209.874096][ T9576] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 209.887361][ T9576] ? lock_release+0x710/0x710 [ 209.894823][ T9576] ? __local_bh_enable_ip+0x9c/0x110 [ 209.901043][ T9576] ? __mutex_lock+0x626/0x10e0 [ 209.914060][ T9576] netlink_rcv_skb+0x153/0x420 [ 209.934173][ T9576] ? xfrm_do_migrate+0x800/0x800 [ 209.954186][ T9576] ? netlink_ack+0xaa0/0xaa0 [ 209.961492][ T9576] xfrm_netlink_rcv+0x6b/0x90 [ 209.973978][ T9576] netlink_unicast+0x533/0x7d0 [ 209.980996][ T9576] ? netlink_attachskb+0x810/0x810 [ 209.994051][ T9576] ? __phys_addr_symbol+0x2c/0x70 [ 210.000968][ T9576] ? __check_object_size+0x171/0x3f0 [ 210.014409][ T9576] netlink_sendmsg+0x856/0xd90 [ 210.020991][ T9576] ? netlink_unicast+0x7d0/0x7d0 [ 210.034359][ T9576] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 210.051019][ T9576] ? netlink_unicast+0x7d0/0x7d0 [ 210.056541][ T9576] sock_sendmsg+0xcf/0x120 [ 210.061013][ T9576] ____sys_sendmsg+0x6e8/0x810 [ 210.075062][ T9576] ? kernel_sendmsg+0x50/0x50 [ 210.081077][ T9576] ? do_recvmmsg+0x6c0/0x6c0 [ 210.090938][ T9576] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 210.100918][ T9576] ___sys_sendmsg+0xf3/0x170 [ 210.100918][ T9576] ? sendmsg_copy_msghdr+0x160/0x160 [ 210.115405][ T9576] ? __fget_files+0x272/0x400 [ 210.120944][ T9576] ? lock_downgrade+0x6d0/0x6d0 [ 210.130966][ T9576] ? find_held_lock+0x2d/0x110 [ 210.136222][ T9576] ? __fget_files+0x294/0x400 [ 210.143795][ T9576] ? __fget_light+0xea/0x280 [ 210.161142][ T9576] __sys_sendmsg+0xe5/0x1b0 [ 210.174200][ T9576] ? __sys_sendmsg_sock+0xb0/0xb0 [ 210.190930][ T9576] ? syscall_enter_from_user_mode_prepare+0x13/0x20 [ 210.202924][ T9576] __do_fast_syscall_32+0x56/0x80 [ 210.221098][ T9576] do_fast_syscall_32+0x2f/0x70 [ 210.231104][ T9576] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 210.240975][ T9576] RIP: 0023:0xf7f6a549 [ 210.240975][ T9576] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 210.281400][ T9576] RSP: 002b:00000000f55640bc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 210.301017][ T9576] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100 [ 210.311187][ T9576] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 210.330992][ T9576] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 210.341128][ T9576] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 210.363450][ T9576] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 210.384093][ T9576] [ 210.384093][ T9576] Allocated by task 9576: [ 210.391032][ T9576] kasan_save_stack+0x1b/0x40 [ 210.406573][ T9576] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 210.419175][ T9576] kvmalloc_node+0x61/0xf0 [ 210.427556][ T9576] xfrm_user_rcv_msg_compat+0x3cd/0x1040 [ 210.438803][ T9576] xfrm_user_rcv_msg+0x55b/0x8b0 [ 210.445538][ T9576] netlink_rcv_skb+0x153/0x420 [ 210.454120][ T9576] xfrm_netlink_rcv+0x6b/0x90 [ 210.460914][ T9576] netlink_unicast+0x533/0x7d0 [ 210.467846][ T9576] netlink_sendmsg+0x856/0xd90 [ 210.477808][ T9576] sock_sendmsg+0xcf/0x120 [ 210.487132][ T9576] ____sys_sendmsg+0x6e8/0x810 [ 210.497224][ T9576] ___sys_sendmsg+0xf3/0x170 [ 210.502131][ T9576] __sys_sendmsg+0xe5/0x1b0 [ 210.513691][ T9576] __do_fast_syscall_32+0x56/0x80 [ 210.520965][ T9576] do_fast_syscall_32+0x2f/0x70 [ 210.531558][ T9576] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 210.541167][ T9576] [ 210.545120][ T9576] The buggy address belongs to the object at ffff888064ba4800 [ 210.545120][ T9576] which belongs to the cache kmalloc-512 of size 512 [ 210.571052][ T9576] The buggy address is located 364 bytes inside of [ 210.571052][ T9576] 512-byte region [ffff888064ba4800, ffff888064ba4a00) [ 210.599075][ T9576] The buggy address belongs to the page: [ 210.607649][ T9576] page:0000000003b95ea1 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x64ba0 [ 210.620993][ T9576] head:0000000003b95ea1 order:3 compound_mapcount:0 compound_pincount:0 [ 210.620993][ T9576] flags: 0x4fff00000010200(slab|head) [ 210.640965][ T9576] raw: 04fff00000010200 0000000000000000 0000000100000001 ffff8880100432c0 [ 210.654578][ T9576] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 210.660946][ T9576] page dumped because: kasan: bad access detected [ 210.675189][ T9576] [ 210.675189][ T9576] Memory state around the buggy address: [ 210.682541][ T9576] ffff888064ba4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 210.699935][ T9576] ffff888064ba4880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 210.711337][ T9576] >ffff888064ba4900: 00 00 00 00 00 00 00 00 00 00 00 00 00 04 fc fc [ 210.722728][ T9576] ^ [ 210.737082][ T9576] ffff888064ba4980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 210.748114][ T9576] ffff888064ba4a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 210.759877][ T9576] ================================================================== [ 210.771179][ T9576] Disabling lock debugging due to kernel taint [ 210.782530][ T9576] Kernel panic - not syncing: panic_on_warn set ... [ 210.792288][ T9576] CPU: 3 PID: 9576 Comm: syz-executor.2 Tainted: G B 5.10.0-rc5-syzkaller #0 [ 210.810987][ T9576] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 210.831288][ T9576] Call Trace: [ 210.841997][ T9576] dump_stack+0x107/0x163 [ 210.850911][ T9576] ? xfrm_attr_cpy32+0xb0/0x1d0 [ 210.862061][ T9576] panic+0x306/0x73d [ 210.862061][ T9576] ? __warn_printk+0xf3/0xf3 [ 210.870905][ T9576] ? preempt_schedule_common+0x59/0xc0 [ 210.881738][ T9576] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 210.891202][ T9576] ? preempt_schedule_thunk+0x16/0x18 [ 210.911832][ T9576] ? trace_hardirqs_on+0x51/0x1c0 [ 210.923244][ T9576] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 210.942085][ T9576] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 210.951012][ T9576] end_report+0x58/0x5e [ 210.970967][ T9576] kasan_report.cold+0xd/0x37 [ 210.981682][ T9576] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 210.990864][ T9576] check_memory_region+0x13d/0x180 [ 211.001892][ T9576] memset+0x20/0x40 [ 211.013737][ T9576] xfrm_attr_cpy32+0x15a/0x1d0 [ 211.021647][ T9576] xfrm_user_rcv_msg_compat+0x76b/0x1040 [ 211.030960][ T9576] ? xfrm_alloc_compat+0x10d0/0x10d0 [ 211.041974][ T9576] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 211.061751][ T9576] ? mark_lock+0xf7/0x1730 [ 211.081576][ T9576] ? security_capable+0x8f/0xc0 [ 211.090974][ T9576] ? xfrm_alloc_compat+0x10d0/0x10d0 [ 211.111348][ T9576] xfrm_user_rcv_msg+0x55b/0x8b0 [ 211.121899][ T9576] ? xfrm_do_migrate+0x800/0x800 [ 211.131004][ T9576] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 211.140971][ T9576] ? lock_release+0x710/0x710 [ 211.151502][ T9576] ? __local_bh_enable_ip+0x9c/0x110 [ 211.168628][ T9576] ? __mutex_lock+0x626/0x10e0 [ 211.179652][ T9576] netlink_rcv_skb+0x153/0x420 [ 211.189563][ T9576] ? xfrm_do_migrate+0x800/0x800 [ 211.205816][ T9576] ? netlink_ack+0xaa0/0xaa0 [ 211.216982][ T9576] xfrm_netlink_rcv+0x6b/0x90 [ 211.225883][ T9576] netlink_unicast+0x533/0x7d0 [ 211.235776][ T9576] ? netlink_attachskb+0x810/0x810 [ 211.248116][ T9576] ? __phys_addr_symbol+0x2c/0x70 [ 211.261562][ T9576] ? __check_object_size+0x171/0x3f0 [ 211.272726][ T9576] netlink_sendmsg+0x856/0xd90 [ 211.281605][ T9576] ? netlink_unicast+0x7d0/0x7d0 [ 211.291066][ T9576] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 211.301562][ T9576] ? netlink_unicast+0x7d0/0x7d0 [ 211.311028][ T9576] sock_sendmsg+0xcf/0x120 [ 211.331998][ T9576] ____sys_sendmsg+0x6e8/0x810 [ 211.341593][ T9576] ? kernel_sendmsg+0x50/0x50 [ 211.351055][ T9576] ? do_recvmmsg+0x6c0/0x6c0 [ 211.361646][ T9576] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 211.370912][ T9576] ___sys_sendmsg+0xf3/0x170 [ 211.381556][ T9576] ? sendmsg_copy_msghdr+0x160/0x160 [ 211.390898][ T9576] ? __fget_files+0x272/0x400 [ 211.411015][ T9576] ? lock_downgrade+0x6d0/0x6d0 [ 211.423695][ T9576] ? find_held_lock+0x2d/0x110 [ 211.441760][ T9576] ? __fget_files+0x294/0x400 [ 211.451038][ T9576] ? __fget_light+0xea/0x280 [ 211.461550][ T9576] __sys_sendmsg+0xe5/0x1b0 [ 211.471009][ T9576] ? __sys_sendmsg_sock+0xb0/0xb0 [ 211.490897][ T9576] ? syscall_enter_from_user_mode_prepare+0x13/0x20 [ 211.511028][ T9576] __do_fast_syscall_32+0x56/0x80 [ 211.526432][ T9576] do_fast_syscall_32+0x2f/0x70 [ 211.530940][ T9576] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 211.551219][ T9576] RIP: 0023:0xf7f6a549 [ 211.568712][ T9576] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 211.632281][ T9576] RSP: 002b:00000000f55640bc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 211.649229][ T9576] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100 [ 211.664129][ T9576] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 211.675917][ T9576] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 211.698246][ T9576] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 211.721011][ T9576] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 211.744923][ T9576] Kernel Offset: disabled [ 211.744923][ T9576] Rebooting in 86400 seconds.. VM DIAGNOSIS: 20:30:02 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=ffffc9000ff57de0 RCX=ffffffff81a1cb03 RDX=1ffff1100d055df8 RSI=ffffffff81a1cb11 RDI=ffff8880682aefc0 RBP=ffffea0001580240 RSP=ffffc9000ff57bc8 R8 =0000000000000000 R9 =ffffea0001580247 R10=0000000000000000 R11=0000000000000000 R12=ffff8880682aef78 R13=0000000000000000 R14=0000000000000000 R15=0000000000056009 RIP=ffffffff81a1cb42 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007fa66907d740 ffffffff 00c00000 GS =0000 ffff88802cc00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fa66892cf20 CR3=0000000068036000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000ff00000000000000000000 XMM01=70707070707070707070707070707070 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff837ff1ea RDX=0000000000000001 RSI=0000000000000010 RDI=0000000000000001 RBP=ffff888064b63080 RSP=ffffc900015e78e0 R8 =0000000000000001 R9 =ffffffff8f18db47 R10=0000000000000010 R11=0000000000000001 R12=0000000000000010 R13=0000000000000052 R14=dffffc0000000000 R15=0000000000000000 RIP=ffffffff81700ba3 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802cd00000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000000a2c5244 CR3=000000005e0f8000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000002 XMM02=00000050000000000000000100000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=0000000000000054 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff840e8af1 RDI=ffffffff8fadaae0 RBP=ffffffff8fadaaa0 RSP=ffffc9000d2feec0 R8 =0000000000000001 R9 =0000000000000003 R10=0000000000000000 R11=0000000000000000 R12=0000000000000054 R13=0000000000000054 R14=ffffffff8fadaaa0 R15=dffffc0000000000 RIP=ffffffff840e8b48 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802ce00000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020000100 CR3=00000000674fa000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000052 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=0000000000000000 RBX=0000000000000000 RCX=1ffff11002e63982 RDX=1ffff11002e63987 RSI=0000000000000000 RDI=ffff88801731cc39 RBP=ffff88801731c300 RSP=ffffc90000fc7a38 R8 =0000000000000000 R9 =ffffffff8ecc4667 R10=fffffbfff1d988cc R11=0000000000000001 R12=ffff88801731cc18 R13=ffff88801731cc3a R14=ffffffff8b353e08 R15=000000000000003f RIP=ffffffff8155dc21 RFL=00000806 [-O---P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f50dcfee7a0 ffffffff 00c00000 GS =0000 ffff88802cf00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f50dcff4000 CR3=00000000189d2000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000000000372f6b636f6c622f766564 XMM01=00000000000000000000000000000000 XMM02=00007f50dc9ace9800007f007379732f XMM03=000000000000ff000000000000000000 XMM04=2064657a696e676f6365726e75002f40 XMM05=697073417c2a303237372a6574614d6c XMM06=72697073417c2a303237372a6574614d XMM07=2d63707276633a3174633a554d45516e XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000