Warning: Permanently added '[localhost]:40910' (ECDSA) to the list of known hosts. 2020/11/30 19:10:20 fuzzer started 2020/11/30 19:10:21 dialing manager at 10.0.2.10:42319 2020/11/30 19:10:21 syscalls: 3441 2020/11/30 19:10:21 code coverage: enabled 2020/11/30 19:10:21 comparison tracing: enabled 2020/11/30 19:10:21 extra coverage: enabled 2020/11/30 19:10:21 setuid sandbox: enabled 2020/11/30 19:10:21 namespace sandbox: enabled 2020/11/30 19:10:21 Android sandbox: /sys/fs/selinux/policy does not exist 2020/11/30 19:10:21 fault injection: enabled 2020/11/30 19:10:21 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/11/30 19:10:21 net packet injection: enabled 2020/11/30 19:10:21 net device setup: enabled 2020/11/30 19:10:21 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/11/30 19:10:21 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/11/30 19:10:21 USB emulation: enabled 2020/11/30 19:10:21 hci packet injection: enabled 2020/11/30 19:10:21 wifi device emulation: enabled 19:11:48 executing program 0: r0 = socket$unix(0x1, 0x5, 0x0) connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e) 19:11:48 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_FREE(r0, 0x2, 0x70740000000000) 19:11:49 executing program 2: syz_emit_ethernet(0x42, &(0x7f0000000000)={@empty, @local, @void, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x0, @random="8f59ebd4b13b", @mcast2, @random="bda8ea069ec3", @remote}}}}, 0x0) 19:11:49 executing program 3: prctl$PR_SET_PDEATHSIG(0x8, 0x0) syzkaller login: [ 205.624061][ T9267] IPVS: ftp: loaded support on port[0] = 21 [ 205.641868][ T9269] IPVS: ftp: loaded support on port[0] = 21 [ 206.028102][ T9269] chnl_net:caif_netlink_parms(): no params data found [ 206.054574][ T9267] chnl_net:caif_netlink_parms(): no params data found [ 206.226519][ T9271] IPVS: ftp: loaded support on port[0] = 21 [ 206.245654][ T9267] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.271646][ T9267] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.290051][ T9267] device bridge_slave_0 entered promiscuous mode [ 206.312506][ T9269] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.327753][ T9269] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.345768][ T9269] device bridge_slave_0 entered promiscuous mode [ 206.360827][ T9269] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.372216][ T9269] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.385613][ T9269] device bridge_slave_1 entered promiscuous mode [ 206.401045][ T9267] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.413100][ T9267] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.424920][ T9267] device bridge_slave_1 entered promiscuous mode [ 206.478655][ T9267] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.504938][ T9269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.524270][ T9267] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.559507][ T9269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.593938][ T9267] team0: Port device team_slave_0 added [ 206.611110][ T9267] team0: Port device team_slave_1 added [ 206.631603][ T9269] team0: Port device team_slave_0 added [ 206.653786][ T9269] team0: Port device team_slave_1 added [ 206.685954][ T9267] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 206.701068][ T9267] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.755330][ T9267] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 206.777673][ T9267] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 206.790652][ T9267] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.834918][ T9267] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 206.871305][ T9269] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 206.889671][ T9269] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 206.948892][ T9269] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 206.979184][ T9269] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 206.993930][ T9269] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.045341][ T9269] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.078560][ T9267] device hsr_slave_0 entered promiscuous mode [ 207.093963][ T9267] device hsr_slave_1 entered promiscuous mode [ 207.173974][ T9269] device hsr_slave_0 entered promiscuous mode [ 207.176450][ T9277] IPVS: ftp: loaded support on port[0] = 21 [ 207.203698][ T9269] device hsr_slave_1 entered promiscuous mode [ 207.217506][ T9269] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 207.232046][ T9269] Cannot create hsr debugfs directory [ 207.250656][ T9271] chnl_net:caif_netlink_parms(): no params data found [ 207.450323][ T9271] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.468617][ T9271] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.483953][ T3482] Bluetooth: hci0: command 0x0409 tx timeout [ 207.493517][ T9271] device bridge_slave_0 entered promiscuous mode [ 207.517801][ T9271] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.535456][ T9271] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.553306][ T9271] device bridge_slave_1 entered promiscuous mode [ 207.591345][ T9271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.634588][ T9271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.643770][ T28] Bluetooth: hci1: command 0x0409 tx timeout [ 207.715414][ T9271] team0: Port device team_slave_0 added [ 207.748812][ T9271] team0: Port device team_slave_1 added [ 207.791634][ T9271] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 207.812840][ T9271] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.884599][ T9271] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 207.924665][ T9271] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 207.945130][ T9271] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.006303][ T9271] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 208.032487][ T9267] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 208.067463][ T9267] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 208.107420][ T9277] chnl_net:caif_netlink_parms(): no params data found [ 208.163318][ T9267] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 208.199684][ T9267] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 208.203252][ T28] Bluetooth: hci2: command 0x0409 tx timeout [ 208.279448][ T9271] device hsr_slave_0 entered promiscuous mode [ 208.298576][ T9271] device hsr_slave_1 entered promiscuous mode [ 208.318375][ T9271] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 208.338593][ T9271] Cannot create hsr debugfs directory [ 208.418415][ T9269] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 208.451829][ T9277] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.480747][ T9277] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.502825][ T9277] device bridge_slave_0 entered promiscuous mode [ 208.523318][ T9277] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.545047][ T9277] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.564645][ T9277] device bridge_slave_1 entered promiscuous mode [ 208.584214][ T9269] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 208.634767][ T9269] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 208.656566][ T9269] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 208.676320][ T9277] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.715153][ T9277] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.758400][ T9277] team0: Port device team_slave_0 added [ 208.775547][ T9277] team0: Port device team_slave_1 added [ 208.813265][ T9277] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.836673][ T9277] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.945619][ T9277] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.985947][ T9277] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.000496][ T9277] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.059683][ T3482] Bluetooth: hci3: command 0x0409 tx timeout [ 209.059878][ T9277] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.137289][ T9277] device hsr_slave_0 entered promiscuous mode [ 209.151225][ T9277] device hsr_slave_1 entered promiscuous mode [ 209.164522][ T9277] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 209.179602][ T9277] Cannot create hsr debugfs directory [ 209.287010][ T9271] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 209.313385][ T9271] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 209.332760][ T9271] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 209.362208][ T9271] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 209.396924][ T9267] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.444599][ T9269] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.468962][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.491769][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.514280][ T9267] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.549371][ T81] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.563555][ T7] Bluetooth: hci0: command 0x041b tx timeout [ 209.572467][ T81] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.603108][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.616287][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.629102][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.645522][ T9277] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 209.662316][ T9277] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 209.678765][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.690536][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.701615][ T18] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.711519][ T18] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.721667][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.750348][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.753370][ T7] Bluetooth: hci1: command 0x041b tx timeout [ 209.779527][ T9277] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 209.797686][ T9277] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 209.825729][ T9269] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.842425][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.857473][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.884109][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.904500][ T1722] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.925419][ T1722] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.944510][ T1722] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.979255][ T9267] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 210.002335][ T9267] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 210.036838][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.059686][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.079340][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.105589][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.130973][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.163767][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.191033][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.223370][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.251071][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.272522][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.305216][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.331725][ T9299] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.342293][ T9299] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.354384][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.371566][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.383194][ T9299] Bluetooth: hci2: command 0x041b tx timeout [ 210.402531][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.425418][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.463685][ T9269] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 210.496957][ T9269] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 210.540206][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.565970][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.608102][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.639711][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.671280][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.708161][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.775554][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.828085][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.877182][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.914003][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.976312][ T9267] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.028533][ T9302] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 211.071311][ T9302] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 211.083757][ T7] Bluetooth: hci3: command 0x041b tx timeout [ 211.117712][ T9271] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.168341][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 211.200867][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 211.290311][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 211.345961][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 211.381440][ T9269] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.416759][ T9271] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.444920][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 211.471921][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 211.507209][ T9277] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.536123][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.554794][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.574817][ T9300] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.592148][ T9300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.616898][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.644179][ T7] Bluetooth: hci0: command 0x040f tx timeout [ 211.655893][ T9277] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.689674][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.727241][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.777873][ T9299] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.826689][ T9299] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.833871][ T7] Bluetooth: hci1: command 0x040f tx timeout [ 211.859103][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 211.916639][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 211.951995][ T9267] device veth0_vlan entered promiscuous mode [ 211.985483][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.016489][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 212.045988][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 212.071729][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.098726][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 212.119436][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 212.144514][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.173386][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.200116][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.234646][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.264467][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.284100][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.314901][ T9267] device veth1_vlan entered promiscuous mode [ 212.333682][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 212.354944][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 212.377393][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.406842][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 212.449772][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 212.453562][ T7] Bluetooth: hci2: command 0x040f tx timeout [ 212.489615][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.549728][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.577914][ T9299] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.611810][ T9299] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.667960][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.704016][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.748122][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.776421][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.799306][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 212.821929][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 212.846893][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.871410][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.897738][ T9269] device veth0_vlan entered promiscuous mode [ 212.913540][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 212.928421][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 212.958085][ T9271] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 212.989173][ T9271] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.006355][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.024492][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.044495][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.064086][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.081237][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 213.101785][ T9269] device veth1_vlan entered promiscuous mode [ 213.126565][ T9302] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 213.139760][ T9302] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.156049][ T9302] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.173127][ T7] Bluetooth: hci3: command 0x040f tx timeout [ 213.175512][ T9302] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.199566][ T9302] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.223160][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 213.265646][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 213.314963][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 213.353557][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 213.369459][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 213.395554][ T9267] device veth0_macvtap entered promiscuous mode [ 213.413391][ T9277] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 213.428995][ T9277] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.446842][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 213.464891][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.481449][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.504980][ T9271] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.531606][ T9267] device veth1_macvtap entered promiscuous mode [ 213.579711][ T9269] device veth0_macvtap entered promiscuous mode [ 213.619685][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 213.664306][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 213.712823][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 213.723801][ T7] Bluetooth: hci0: command 0x0419 tx timeout [ 213.745472][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 213.793976][ T9267] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 213.829691][ T9267] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 213.871607][ T9269] device veth1_macvtap entered promiscuous mode [ 213.905428][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 213.922704][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 213.940348][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 213.958357][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 213.973374][ T7] Bluetooth: hci1: command 0x0419 tx timeout [ 213.999577][ T9267] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.031360][ T9267] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.064797][ T9267] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.109128][ T9267] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.172388][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 214.238646][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 214.273657][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 214.311588][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 214.379892][ T9277] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.406960][ T9269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 214.449766][ T9269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.475792][ T9269] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 214.501812][ T9269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 214.522477][ T9269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 214.533660][ T3482] Bluetooth: hci2: command 0x0419 tx timeout [ 214.551009][ T9269] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 214.596199][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 214.621182][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 214.653716][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 214.676090][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 214.700901][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 214.731892][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 214.757122][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 214.776251][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 214.806899][ T9271] device veth0_vlan entered promiscuous mode [ 214.824373][ T9269] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.839930][ T9269] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.859911][ T9269] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.876141][ T9269] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.904399][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 214.922957][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 214.976202][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 214.996272][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 215.015634][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 215.032115][ T3482] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 215.055621][ T9277] device veth0_vlan entered promiscuous mode [ 215.076079][ T9271] device veth1_vlan entered promiscuous mode [ 215.136196][ T9280] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.156601][ T9280] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.163753][ T9277] device veth1_vlan entered promiscuous mode [ 215.215260][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 215.237484][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 215.260400][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 215.263469][ T3482] Bluetooth: hci3: command 0x0419 tx timeout [ 215.294886][ T9277] device veth0_macvtap entered promiscuous mode [ 215.323528][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 215.340543][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 215.358019][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 215.373405][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 215.392390][ T9277] device veth1_macvtap entered promiscuous mode [ 215.405935][ T9280] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.412545][ T9271] device veth0_macvtap entered promiscuous mode [ 215.419468][ T9280] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.439243][ T9271] device veth1_macvtap entered promiscuous mode [ 215.467609][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 215.484092][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 215.507355][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 215.519662][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 215.536258][ T3916] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 215.582290][ T9280] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.583289][ T9288] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.590495][ T9277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 215.590526][ T9277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.590533][ T9277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 215.590538][ T9277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.591626][ T9277] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 215.594494][ T9277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 215.594500][ T9277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.594507][ T9277] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 215.594512][ T9277] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.595451][ T9277] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 215.598386][ T9277] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.613744][ T9288] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.613926][ T9280] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.635528][ T9277] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.868533][ T9277] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.893405][ T9277] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.923808][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 215.940019][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 215.960084][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 215.981224][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 216.002433][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 216.021616][ T9300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 216.048320][ T9271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 216.081270][ T9271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.104640][ T9271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 216.134987][ T9271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.156577][ T9271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 216.177996][ T9271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.199923][ T9271] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 216.224372][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 216.256201][ T9299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 216.285070][ T9271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 216.313754][ T9271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.339182][ T9271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 216.360903][ T9271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.380125][ T9271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 216.403547][ T9271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.439895][ T9271] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 216.464617][ T9271] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.485677][ T9271] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.510031][ T9271] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.531375][ T9271] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.556269][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 216.556352][ T9267] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 216.576937][ T9301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 19:12:01 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x8, 0x0, &(0x7f0000000140)=0x300) 19:12:01 executing program 1: prctl$PR_SET_PDEATHSIG(0x24, 0xffff) [ 216.811653][ T9288] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.833814][ T9305] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 19:12:01 executing program 0: add_key(&(0x7f0000000000)='big_key\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) [ 216.864308][ T9288] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 19:12:01 executing program 1: prctl$PR_SET_PDEATHSIG(0x1c, 0x0) [ 216.912340][ T9305] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 19:12:01 executing program 0: add_key(&(0x7f0000000000)='big_key\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) [ 216.965608][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready 19:12:01 executing program 1: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f00000001c0)='encrypted\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)='R', 0x1, r0) [ 217.016421][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 217.040055][ T9328] encrypted_key: insufficient parameters specified [ 217.092847][ T9305] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.115541][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.126259][ T9305] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.147014][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 217.161651][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 217.197430][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 19:12:02 executing program 2: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f00000001c0)='encrypted\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="52d4d2ebdc945666dfb88e94d32505c5f43f814e18e57306a1f67549ec0cdc54c4ab4cb780ff9281c9ccb65c3728ce72868b48b623f5b043d2160629ec7a69791f65d40911dfce48b872d33fb5f6179f22d7ca0a", 0x54, r0) 19:12:02 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x66, 0x0, &(0x7f0000000140)) 19:12:02 executing program 1: r0 = socket$unix(0x1, 0x5, 0x0) sendmmsg$inet(r0, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 19:12:02 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/tcp6\x00') read$FUSE(r0, &(0x7f0000004240)={0x2020}, 0x2020) [ 217.320784][ T9345] encrypted_key: master key parameter 'ßÎH¸rÓ?µöŸ"×Ê [ 217.320784][ T9345] ' is invalid 19:12:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(r0, &(0x7f00000039c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000003940)=ANY=[], 0x68}, 0x1) 19:12:02 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x21, 0x0, &(0x7f0000000140)) 19:12:02 executing program 0: r0 = getpid() waitid(0x1, r0, 0x0, 0x2, 0x0) 19:12:02 executing program 2: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f00000001c0)='encrypted\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="52d4d2ebdc945666dfb88e94d32505c5f43f814e18e57306a1f67549ec0cdc54c4ab4cb780ff9281c9ccb65c3728ce72868b48b623f5b043d2160629ec7a69791f65d40911dfce48b872d33fb5f6179f22d7ca0a", 0x54, r0) 19:12:02 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x6, 0x4, 0x0, 0x0) [ 217.408018][ T9357] encrypted_key: master key parameter 'ßÎH¸rÓ?µöŸ"×Ê [ 217.408018][ T9357] ' is invalid 19:12:02 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x2, 0x0, &(0x7f0000000140)=0x700) 19:12:02 executing program 1: prctl$PR_SET_PDEATHSIG(0x1d, 0xffff) 19:12:02 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000002480)={0x0, 0x0, &(0x7f0000002440)={&(0x7f00000001c0)=@newchain={0xec4, 0x64, 0x1, 0x0, 0x0, {}, [@filter_kind_options=@f_route={{0xa, 0x1, 'route\x00'}, {0x9e4, 0x2, [@TCA_ROUTE4_ACT={0x148, 0x6, [@m_ipt={0x144, 0x0, 0x0, 0x0, {{0x8, 0x1, 'ipt\x00'}, {0x30, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}, @TCA_IPT_HOOK={0x8}]}, {0xed, 0x6, "c4202aff32994a6c6b95a0cdf3c6345d4167bc2b50e230213347d034845b16778631d059ac32e80510bc2f7947d8d12b04d054747e056cd5d370e86b3a4095c2e46938f9766bec74719734acf990cc72b28a2ba7f65aa22bb8d898fc48d9c0acd6d7670c40df6ee6ca74ede4b315b9e67a558a96b3f82a169a110ee80f0063f36e49832ad05fc9b5b302aee294264f5b6a879fd4e99c5541f88f2deb6ce2918902eb9148be6002074ca0ec6768b9fe404636e93379862e53ca9495a346ac9f7357d6b37c86118826ccc85e793f42e549356fc1163cb2f34065a1bcff399594f441e78c73b89bc7bcae"}, {0xc}, {0xc}}}]}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_POLICE={0x888, 0x5, [@TCA_POLICE_PEAKRATE={0x404}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_RATE64={0xc}, @TCA_POLICE_PEAKRATE={0x404}, @TCA_POLICE_TBF={0x3c}, @TCA_POLICE_RATE64={0xc}, @TCA_POLICE_RATE64={0xc}, @TCA_POLICE_AVRATE={0x8}, @TCA_POLICE_RATE64={0xc}]}, @TCA_ROUTE4_IIF={0x8}]}}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x70, 0x2, [@TCA_MATCHALL_ACT={0x6c, 0x2, [@m_nat={0x68, 0x0, 0x0, 0x0, {{0x8, 0x1, 'nat\x00'}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @multicast2, @broadcast}}]}, {0x15, 0x6, "939cb044c9fc456d3d39f768fc96c7751e"}, {0xc}, {0xc}}}]}]}}, @filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x40c, 0x2, [@TCA_BASIC_POLICE={0x408, 0x4, [@TCA_POLICE_PEAKRATE={0x404}]}]}}, @TCA_RATE={0x6}]}, 0xec4}}, 0x0) 19:12:02 executing program 2: r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x1, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) 19:12:02 executing program 0: add_key(&(0x7f0000000000)='ceph\x00', 0x0, &(0x7f0000000080)="99", 0x1, 0xffffffffffffffff) 19:12:02 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@generic={0x0, 0x2}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x2, 0x0, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x12, 0xf989, "c9903ce0447d49da81aa85f15a16"}]}}}}}}}, 0x0) 19:12:02 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) recvmsg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) 19:12:02 executing program 2: syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x181602) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00'}) timerfd_create(0x8, 0x80000) 19:12:02 executing program 0: socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCGETNODEID(r0, 0x89e1, &(0x7f0000000480)) 19:12:02 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet(r0, &(0x7f000000e380)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0x64010101}, 0x10, &(0x7f0000001480)=[{&(0x7f0000000180)="07206fb09cc2f62e4e51938592ff7c8815af24927b3f202187d939ab8db849e3628b6c8ba9542f714975d942ccf9b2a4972bad0aa3b9cd1991899af8d0b369a4c5f004bfca3c2606caa72f8a7e98ea2606382116c4e25e4e23a74022366784c3477408cda3e089e9fa01558a1a8269c95c7fefbe27167f72c569f6f59441cec5ae1f8f1d83415427d5c2d22003f9", 0x8e}, {&(0x7f0000000240)="ffadc9c6c9bc1ec08b635cbca4fd2b5a28cab2f578e02fd0c33ff5a36eef81", 0x1f}, {&(0x7f0000000280)='CzB', 0x3}, {&(0x7f00000002c0)="9088a173033e13f6c2430f23cd2d720da4f8e2071685e694d1a709b585e6f4a1500d0d961ba9ad146b28cc0b92ca4779a09859a2696c3694d15acb97780ab42d2b6ab8f1c306049253348a7a8a1b000f4c26263bf60ae0209f02d94722c4e1f80448c99e76a9d9c8ab5ea389fb9f78826fb3b8fc30", 0x75}, {&(0x7f0000000340)="02a7085731e6d12983969aeda065f5e552dcdbdd6b2b71f637e3b90cfcc820", 0x1f}, {&(0x7f0000000380)="aac089723597be572d14826487d0669f40e9cc54e4c7cc11657ae1de336ecc6d", 0x20}, {&(0x7f00000003c0)="4776375050fcdabfdf31644a44828a949f8e64fbd45c30069b2d1ab5ae5b51c6c15eb1d619345e2f239093388adb524f97c4394d3a135eaf40d98ece40dbf82c025e6bc476e7e22d4b1cbdf12b235a9cecc67be55228feff0252f0aec7f92dbbf568dfdef9bc05a6fd66694042b548855abc9aa9eb47cc4c9c7705729ef4b52a94121d7b105e569fd75607f2b30c3b078619f88aabed3b648919854827bfb4c114126869a76cda753cce6da98ea440f0623262579b7b65be262059", 0xbb}, {&(0x7f0000000480)="e31e31fe68212cb40c24f202efeab36615538342821c8f59c7360e1d8529f06bddfb8c6da78e60932b9b03e98f60b0e3a0efd7c4c81c5156a99c9713ab62e1de610b542e1e735acaaf5d436a9ff975c1fab704bd4f791c49af7e560bdf6eeefe4fa42529295ccb87c6d4cc8b31d97fea815891698d3c54b21e84355cb1a9fc6d39a1733f055c84a29821f6b4e15c712165e12604b3f6def950ab8aca0c7c1942a2cd6255bc717994f7c4ad21e10d32094d5591b83bffe1f219dbc7fd1432060b726645e61ff7669044f7a7c541b86717d4e4fb5851131f7e4dd7efd4fb0a362d4f412ffba9812b1ef1797780dcc9574a8de13321b6604baf825f5bd09f14b2432a26e50482706531960e6b3a8c82c6de48ad66ab9e007bcf1d785a87d34ab54bdf2008b16decd5811dce3ba070b9b46bf5f8fc9cbaceb49b89357b2388923af80564d1d0c910e6efcc537660bf0a056bd90083d69ed22b56fad78a626d4602cdf2e1892d41e6130aea15743c5dbb4acc6a7b151b610c15d8848ef57c9f52834073f48d2827e46a6834820b05c250eae6398e853a0b16c2fe83765465804e28b8dcad575d5403f3b9b930dcee1551fea4d6425cc65091ceaa9b93f1c8d6906883d00eb3438e55333f223d6c5a369f0d595b0a2b7f345a0ac43f84d0359382945f43d642671dc8fa01ac99f4adc6262d91ca3b07abe0fca92a1df3cb672ea4c28506834a1300af1d515680c6c511e2cafac885e27fae6db7317e338571ad2b767b09ddc08327ae5fd16ef5cf617a8756f052653a003b19da10e5a6e8c1e99779682c0a0a6406613a8f11c604e9cd16367ae868963327648c4badf374d05a92c0e8890bffecf8ca86377aedda794d20ac182076240b4ad140db41f932f9654e2628c7f7e9bdaac19f4174887785dd4f3523304bb85644783a1405cb96b768a42f4bf28dbda3ad65e0725bc7e1f35ff6102270e06aa7d7714da237103bbb5d034f4e48fc6b8522", 0x2c5}], 0x8}}], 0x1, 0x0) 19:12:02 executing program 0: r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10) 19:12:02 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) recvmmsg(r0, &(0x7f0000002140)=[{{0x0, 0x8, 0x0}}], 0x1, 0x10020, 0x0) 19:12:02 executing program 0: prctl$PR_SET_PDEATHSIG(0x59616d61, 0x0) 19:12:02 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_MAP_DUMB(r0, 0xc01064b3, &(0x7f00000000c0)) 19:12:03 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) recvmmsg(r0, &(0x7f00000059c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x43, 0x0) 19:12:03 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet(r0, &(0x7f0000000300)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x0) 19:12:03 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x0, 0x0, &(0x7f0000000140)=0x8300) 19:12:03 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000100)='/dev/loop#\x00', 0x0, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000600)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$LOOP_SET_FD(r0, 0x4c00, r1) 19:12:03 executing program 0: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x1, 0x0) read$FUSE(r0, 0x0, 0x0) 19:12:03 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) recvmmsg(r0, &(0x7f0000002140)=[{{0x0, 0x0, 0x0, 0x3c}}], 0x1, 0x0, 0x0) 19:12:03 executing program 3: request_key(&(0x7f0000000140)='keyring\x00', &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0) 19:12:03 executing program 0: add_key(&(0x7f0000000000)='ceph\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 19:12:03 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=@delqdisc={0x48, 0x25, 0x1, 0x0, 0x0, {}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x48}}, 0x0) 19:12:03 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockname(r0, &(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f00000001c0)=0x80) ioctl$sock_SIOCSPGRP(r1, 0x8902, 0x0) 19:12:03 executing program 3: socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00'}) 19:12:03 executing program 1: r0 = inotify_init1(0x0) ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x7fffffff) 19:12:03 executing program 0: timerfd_settime(0xffffffffffffffff, 0xc03fb8c10fbfb324, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) 19:12:03 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000001c0)={'ip6gre0\x00', &(0x7f0000000140)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast1}}) 19:12:03 executing program 3: openat$sndseq(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/seq\x00', 0x1a1803) 19:12:03 executing program 1: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x107401, 0x0) 19:12:03 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000000)={{0x3, @null}, [@default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48) 19:12:03 executing program 2: keyctl$dh_compute(0xe, &(0x7f0000000000), 0x0, 0x0, 0x0) 19:12:03 executing program 0: prctl$PR_SET_PDEATHSIG(0x7, 0x0) 19:12:03 executing program 3: prctl$PR_SET_PDEATHSIG(0x28, 0x0) 19:12:03 executing program 1: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x107401, 0x0) 19:12:03 executing program 2: prctl$PR_SET_PDEATHSIG(0x2a, 0x0) 19:12:03 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_FREE(r0, 0x2, 0x750000) 19:12:03 executing program 3: socket$inet_sctp(0x2, 0x1, 0x84) clock_gettime(0x0, &(0x7f00000000c0)) select(0x40, &(0x7f0000000000)={0x4}, 0x0, 0x0, 0x0) 19:12:03 executing program 1: socketpair(0xa, 0x2, 0x9, &(0x7f0000000000)) 19:12:03 executing program 2: add_key(&(0x7f0000000000)='ceph\x00', 0x0, &(0x7f0000000080)="99", 0x10, 0xffffffffffffffff) 19:12:03 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg(r0, &(0x7f0000002840)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)="3891f9f724059e26827482eb36e11f2052daaafbe2cffc6c3ad5143d9b70ed9b14967d26d6e89a07e080cc5de3daba19b66d3ae4b1c0b5a2"}, {&(0x7f0000000040)="e78023dd48cca65d6fc4020a3143985df1a43c0ff5aa33d3b6f62ae193037c3975a1ae3ac5ef8586dea412fc11812cc4c7e4c3e9f26772ddd516905177960c84c702e48c7af68d412dcb40e7b1441637abaa1dd42d874307038143db5fb5a5225c5dcb59753e0a1e0b46cbc57ea4b1727969c6098a2195aac714db0f5d5df97341f498219b118df8670615de3da3d018a49270b141fb972952a9437f88e7e0"}], 0x0, 0x0, 0xfffffff0}, 0x40080b0) 19:12:03 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x22, 0x0, &(0x7f0000000140)) 19:12:03 executing program 2: add_key(&(0x7f0000000000)='ceph\x00', 0x0, &(0x7f0000000080)="99", 0x10, 0xffffffffffffffff) 19:12:03 executing program 3: keyctl$dh_compute(0x17, &(0x7f0000000000), 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={'sha224-arm64\x00'}}) 19:12:03 executing program 2: add_key(&(0x7f0000000000)='ceph\x00', 0x0, &(0x7f0000000080)="99", 0x10, 0xffffffffffffffff) 19:12:03 executing program 0: add_key(&(0x7f0000000000)='ceph\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) keyctl$assume_authority(0x10, 0x0) [ 218.979077][ T9498] could not allocate digest TFM handle sha224-arm64 19:12:03 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x75, 0x0, &(0x7f0000000140)) 19:12:03 executing program 2: add_key(&(0x7f0000000000)='ceph\x00', 0x0, &(0x7f0000000080)="99", 0x10, 0xffffffffffffffff) 19:12:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendto(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 19:12:03 executing program 2: add_key(0x0, 0x0, &(0x7f0000000080)="99", 0x1, 0xffffffffffffffff) 19:12:03 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=@delqdisc={0x28, 0x25, 0x1, 0x0, 0x0, {}, [@TCA_STAB={0x4}]}, 0x28}}, 0x0) [ 219.069545][ T9498] could not allocate digest TFM handle sha224-arm64 19:12:03 executing program 3: socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCGETNODEID(r0, 0x89e1, 0x0) 19:12:03 executing program 1: r0 = getpgid(0x0) ptrace$setopts(0x4206, r0, 0x5fb05bce, 0x0) 19:12:03 executing program 2: add_key(0x0, 0x0, &(0x7f0000000080)="99", 0x1, 0xffffffffffffffff) 19:12:03 executing program 0: prctl$PR_SET_PDEATHSIG(0x29, 0xffff) 19:12:03 executing program 0: prctl$PR_SET_PDEATHSIG(0x2, 0x1590000) 19:12:03 executing program 2: add_key(0x0, 0x0, &(0x7f0000000080)="99", 0x1, 0xffffffffffffffff) 19:12:03 executing program 1: syz_genetlink_get_family_id$batadv(0xffffffffffffffff) 19:12:04 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000002480)={0x0, 0x0, &(0x7f0000002440)={&(0x7f00000001c0)=@newchain={0xec4, 0x64, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_route={{0xa, 0x1, 'route\x00'}, {0x9e4, 0x2, [@TCA_ROUTE4_ACT={0x148, 0x6, [@m_ipt={0x144, 0x0, 0x0, 0x0, {{0x8, 0x1, 'ipt\x00'}, {0x30, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}, @TCA_IPT_HOOK={0x8}]}, {0xed, 0x6, "c4202aff32994a6c6b95a0cdf3c6345d4167bc2b50e230213347d034845b16778631d059ac32e80510bc2f7947d8d12b04d054747e056cd5d370e86b3a4095c2e46938f9766bec74719734acf990cc72b28a2ba7f65aa22bb8d898fc48d9c0acd6d7670c40df6ee6ca74ede4b315b9e67a558a96b3f82a169a110ee80f0063f36e49832ad05fc9b5b302aee294264f5b6a879fd4e99c5541f88f2deb6ce2918902eb9148be6002074ca0ec6768b9fe404636e93379862e53ca9495a346ac9f7357d6b37c86118826ccc85e793f42e549356fc1163cb2f34065a1bcff399594f441e78c73b89bc7bcae"}, {0xc}, {0xc}}}]}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_POLICE={0x888, 0x5, [@TCA_POLICE_PEAKRATE={0x404}, @TCA_POLICE_RESULT={0x8}, @TCA_POLICE_RATE64={0xc}, @TCA_POLICE_PEAKRATE={0x404}, @TCA_POLICE_TBF={0x3c}, @TCA_POLICE_RATE64={0xc}, @TCA_POLICE_RATE64={0xc}, @TCA_POLICE_AVRATE={0x8}, @TCA_POLICE_RATE64={0xc}]}, @TCA_ROUTE4_IIF={0x8}]}}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x70, 0x2, [@TCA_MATCHALL_ACT={0x6c, 0x2, [@m_nat={0x68, 0x0, 0x0, 0x0, {{0x8, 0x1, 'nat\x00'}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{}, @multicast2, @broadcast}}]}, {0x15, 0x6, "939cb044c9fc456d3d39f768fc96c7751e"}, {0xc}, {0xc}}}]}]}}, @filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x40c, 0x2, [@TCA_BASIC_POLICE={0x408, 0x4, [@TCA_POLICE_PEAKRATE={0x404}]}]}}, @TCA_RATE={0x6}]}, 0xec4}}, 0x0) 19:12:04 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000003cc0)={0x0, 0x0, &(0x7f0000003c80)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x201, 0x0, 0x0, {0x7}, [@NFTA_TABLE_HANDLE={0xc}]}], {0x14}}, 0x48}}, 0x0) 19:12:04 executing program 2: add_key(&(0x7f0000000000)='ceph\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) 19:12:04 executing program 1: syz_emit_ethernet(0x19, &(0x7f0000000000)={@local, @local, @val, {@mpls_uc={0x8847, {[], @llc={@llc={0x0, 0x0, "c0"}}}}}}, 0x0) 19:12:04 executing program 3: r0 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r0, &(0x7f0000002040)={&(0x7f0000000000)={0x2, 0x0, @empty}, 0x10, 0x0, 0x0, &(0x7f0000001e80)=[@mask_fadd={0x58, 0x114, 0x8, {{}, 0x0, 0x0}}], 0x58}, 0x0) 19:12:04 executing program 1: syz_emit_ethernet(0xe, &(0x7f0000000000)={@random="e0ebcf61f11a", @multicast, @void, {@generic={0x8906}}}, 0x0) 19:12:04 executing program 3: r0 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) 19:12:04 executing program 2: add_key(&(0x7f0000000000)='ceph\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) 19:12:04 executing program 0: timerfd_create(0x0, 0x0) pselect6(0x40, &(0x7f0000000240), &(0x7f0000000280)={0x7}, 0x0, 0x0, &(0x7f00000003c0)={0x0}) 19:12:04 executing program 1: prctl$PR_SET_PDEATHSIG(0x1c, 0xffff) 19:12:04 executing program 0: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, 0x0, &(0x7f00000001c0)) 19:12:04 executing program 2: add_key(&(0x7f0000000000)='ceph\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) 19:12:04 executing program 3: socketpair(0x29, 0x2, 0x2, &(0x7f00000000c0)) 19:12:04 executing program 2: add_key(&(0x7f0000000000)='ceph\x00', 0x0, &(0x7f0000000080), 0x0, 0xffffffffffffffff) 19:12:04 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_MAP_DUMB(r0, 0xc01064b3, 0x0) 19:12:04 executing program 3: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x181602) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000140)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}}}, 0x38) 19:12:04 executing program 2: add_key(&(0x7f0000000000)='ceph\x00', 0x0, &(0x7f0000000080), 0x0, 0xffffffffffffffff) 19:12:04 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, &(0x7f0000000080)={"131abd3aae953d7cd8c575ca412070ac"}) 19:12:04 executing program 3: r0 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x4, 0x0) read$FUSE(r0, &(0x7f00000010c0)={0x2020}, 0x2020) 19:12:04 executing program 1: pselect6(0x40, &(0x7f0000000240), 0x0, &(0x7f00000002c0)={0x7}, 0x0, 0x0) 19:12:04 executing program 2: add_key(&(0x7f0000000000)='ceph\x00', 0x0, &(0x7f0000000080), 0x0, 0xffffffffffffffff) 19:12:04 executing program 3: r0 = timerfd_create(0x0, 0x0) write$tun(r0, 0x0, 0x0) 19:12:04 executing program 0: r0 = timerfd_create(0x1, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timerfd_settime(r0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, r1+60000000}}, &(0x7f0000000080)) 19:12:04 executing program 3: add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x4, 0x0, 0xee01, 0x0) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$vcsn(&(0x7f0000000400)='/dev/vcs#\x00', 0x0, 0x80800) add_key(&(0x7f00000001c0)='encrypted\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="52d4d2ebdc945666dfb88e94d32505c5f43f814e18e57306a1f67549ec0cdc54c4ab4cb780ff9281c9ccb65c3728ce72868b48b623f5b043d2160629ec7a69791f65d40911dfce48b872d33fb5f6179f22d7ca0a", 0x54, r0) 19:12:04 executing program 2: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r0) add_key(&(0x7f0000000040)='dns_resolver\x00', 0x0, &(0x7f00000001c0)="2660595d785469d2e2dd0fa1ffb5bcf1a405ac6808c4c72f6ed2eef404f9a8ae18e6b7b88ee1438d48a76ff2f180738933085cba0bd92b2314d525986d85ad679315b2dbf7a2dda9283cde6dfe8a3750a18247a3183bf28ac296157673004eda0000000000000000d429cf36a38c62dc56f4694f7a6ec007f3d075714b09ecd5bbbdb13822a62984353a5e4b01350129a3e3b76f56f60cbc0d94b39ed61440f24554d5be5a47de79fe3d7954964cb1ffff42467f5a7a2b598f0f9563e695ac56784a4b1365ca823c572346f8ccc1d53a59933f320087fda8b82b77a35245d6fccfd0179e11ae4f32474b47bc503e611d00", 0xf1, r1) 19:12:04 executing program 0: timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000300)={0x0}) pselect6(0x40, &(0x7f0000000240)={0x9}, &(0x7f0000000280)={0x7}, 0x0, &(0x7f0000000340)={r0}, 0x0) [ 219.583483][ T9622] Invalid option length (145) for dns_resolver key 19:12:04 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x24, 0x0, &(0x7f0000000140)) [ 219.592741][ T9626] encrypted_key: master key parameter 'ßÎH¸rÓ?µöŸ"×Ê [ 219.592741][ T9626] ' is invalid 19:12:05 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x1, @dev}, 0x10) 19:12:05 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x6d, 0x0, &(0x7f0000000140)) 19:12:05 executing program 2: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$read(0xb, r0, 0x0, 0x0) 19:12:05 executing program 3: add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x4, 0x0, 0xee01, 0x0) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$vcsn(&(0x7f0000000400)='/dev/vcs#\x00', 0x0, 0x80800) add_key(&(0x7f00000001c0)='encrypted\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f0000000240)="52d4d2ebdc945666dfb88e94d32505c5f43f814e18e57306a1f67549ec0cdc54c4ab4cb780ff9281c9ccb65c3728ce72868b48b623f5b043d2160629ec7a69791f65d40911dfce48b872d33fb5f6179f22d7ca0a", 0x54, r0) [ 220.456014][ T9639] encrypted_key: master key parameter 'ßÎH¸rÓ?µöŸ"×Ê 19:12:05 executing program 2: syz_emit_ethernet(0x6a, &(0x7f0000000380)={@local, @broadcast, @void, {@ipv6={0x86dd, @tipc_packet={0x0, 0x6, "7babda", 0x34, 0x2c, 0x0, @dev, @local, {[@dstopts], @payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x0, 0xb}}}}}}}}}}}, 0x0) [ 220.456014][ T9639] ' is invalid 19:12:05 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @ipv4={[], [], @empty}, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}}}) 19:12:05 executing program 3: prctl$PR_SET_PDEATHSIG(0x2f, 0x0) [ 220.493922][ T9645] RDS: rds_bind could not find a transport for ::ffff:172.20.20.0, load rds_tcp or rds_rdma? 19:12:05 executing program 2: r0 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCDELRT(r0, 0x890c, 0x0) 19:12:05 executing program 1: socketpair(0x27, 0x0, 0x0, &(0x7f0000000080)) 19:12:05 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x11, 0x0, &(0x7f0000000140)) 19:12:05 executing program 3: prctl$PR_SET_PDEATHSIG(0x4, 0xffff) 19:12:05 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$sock(r0, &(0x7f00000004c0)={&(0x7f0000000000)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000000100), 0x4, &(0x7f0000000440)=[@txtime, @mark={{0x14}}, @timestamping={{0x14}}, @timestamping={{0x14}}, @txtime={{0x18}}], 0x78}, 0x0) 19:12:05 executing program 1: prctl$PR_SET_PDEATHSIG(0x18, 0x0) 19:12:05 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg(r0, &(0x7f00000039c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000003940)=ANY=[], 0x68}, 0x0) 19:12:05 executing program 2: r0 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCDELRT(r0, 0x890c, 0x0) 19:12:05 executing program 0: r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @dev}, 0x10) 19:12:05 executing program 3: r0 = socket$kcm(0x2, 0x200000000000001, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x8, &(0x7f0000000100)=r1, 0x4) sendmsg$inet(r0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x200001f4) recvmsg(r0, &(0x7f0000000380)={0x0, 0x1c, &(0x7f0000000240)=[{&(0x7f00000032c0)=""/4101, 0x2030}], 0x1}, 0x100) 19:12:05 executing program 2: socketpair(0xa, 0x0, 0x401, &(0x7f0000000000)) 19:12:05 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x1b, 0x0, &(0x7f0000000140)) [ 220.740181][ T9681] RDS: rds_bind could not find a transport for ::ffff:172.20.20.0, load rds_tcp or rds_rdma? 19:12:05 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x1, 0x0, &(0x7f0000000140)=0x18) 19:12:05 executing program 0: prctl$PR_SET_PDEATHSIG(0x15, 0x0) 19:12:05 executing program 1: prctl$PR_SET_PDEATHSIG(0x22, 0xffff) 19:12:05 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000080)={'ip6gre0\x00', &(0x7f0000000000)={'ip6tnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @local}}) 19:12:05 executing program 0: keyctl$dh_compute(0x16, &(0x7f0000000000), 0x0, 0x0, 0x0) 19:12:05 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x14, 0x0, &(0x7f0000000140)=0x9700) 19:12:05 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x7b, 0x0, &(0x7f0000000140)) 19:12:05 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x9, 0x0, &(0x7f0000000140)=0x9b) 19:12:05 executing program 0: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f00000001c0)='encrypted\x00', &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, r0) 19:12:05 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000240)={&(0x7f0000000280), 0xa, &(0x7f0000000200)={&(0x7f00000001c0)={0x28, 0x0, 0x0, 0x0, 0x0, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @empty}]}, 0x28}}, 0x0) 19:12:05 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0xb, 0x0, &(0x7f0000000140)) 19:12:05 executing program 0: clock_gettime(0x4, &(0x7f0000003dc0)) 19:12:05 executing program 3: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000000040)={{0x0, 0x989680}}, 0x0) 19:12:05 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$bt_hci(r0, 0x84, 0x4, 0x0, &(0x7f0000000140)) 19:12:05 executing program 2: socketpair(0x29, 0x2, 0x0, &(0x7f00000000c0)) 19:12:05 executing program 3: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000000040)={{0x0, 0x989680}}, 0x0) 19:12:05 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x1, 0x0, &(0x7f0000000000)) 19:12:05 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet(r0, &(0x7f000000e380)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0x64010101}, 0x10, &(0x7f0000001480)=[{&(0x7f0000000180)="07206fb09cc2f62e4e51938592ff7c8815af24927b3f202187d939ab8db849e3628b6c8ba9542f714975d942ccf9b2a4972bad0aa3b9cd1991899af8d0b369a4c5f004bfca3c2606caa72f8a7e98ea2606382116c4e25e4e23a74022366784c3477408cda3e089e9fa01558a1a8269c95c7fefbe27167f72c569f6f59441cec5ae1f8f1d83415427d5c2d22003", 0x8d}, {&(0x7f0000000240)="ffadc9c6c9bc1ec08b635cbca4fd2b5a28cab2f578e02fd0c33ff5a36eef8150", 0x20}, {&(0x7f0000000280)='CzB', 0x3}, {&(0x7f00000002c0)="9088a173033e13f6c2430f23cd2d720da4f8e2071685e694d1a709b585e6f4a1500d0d961ba9ad146b28cc0b92ca4779a09859a2696c3694d15acb97780ab42d2b6ab8f1c306049253348a7a8a1b000f4c26263bf60ae0209f02d94722c4e1f80448c99e76a9d9c8ab5ea389fb9f78826fb3b8fc30", 0x75}, {&(0x7f0000000340)="02a7085731e6d12983969aeda065f5e552dcdbdd6b2b71f637e3b90cfcc820", 0x1f}, {&(0x7f0000000380)="aac089723597be572d14826487d0669f40e9cc54e4c7cc11657ae1de336ecc6d", 0x20}, {&(0x7f00000003c0)="4776375050fcdabfdf31644a44828a949f8e64fbd45c30069b2d1ab5ae5b51c6c15eb1d619345e2f239093388adb524f97c4394d3a135eaf40d98ece40dbf82c025e6bc476e7e22d4b1cbdf12b235a9cecc67be55228feff0252f0aec7f92dbbf568dfdef9bc05a6fd66694042b548855abc9aa9eb47cc4c9c7705729ef4b52a94121d7b105e569fd75607f2b30c3b078619f88aabed3b648919854827bfb4c114126869a76cda753cce6da98ea440f0623262579b7b65be262059", 0xbb}, {&(0x7f0000000480)="e31e31fe68212cb40c24f202efeab36615538342821c8f59c7360e1d8529f06bddfb8c6da78e60932b9b03e98f60b0e3a0efd7c4c81c5156a99c9713ab62e1de610b542e1e735acaaf5d436a9ff975c1fab704bd4f791c49af7e560bdf6eeefe4fa42529295ccb87c6d4cc8b31d97fea815891698d3c54b21e84355cb1a9fc6d39a1733f055c84a29821f6b4e15c712165e12604b3f6def950ab8aca0c7c1942a2cd6255bc717994f7c4ad21e10d32094d5591b83bffe1f219dbc7fd1432060b726645e61ff7669044f7a7c541b86717d4e4fb5851131f7e4dd7efd4fb0a362d4f412ffba9812b1ef1797780dcc9574a8de13321b6604baf825f5bd09f14b2432a26e50482706531960e6b3a8c82c6de48ad66ab9e007bcf1d785a87d34ab54bdf2008b16decd5811dce3ba070b9b46bf5f8fc9cbaceb49b89357b2388923af80564d1d0c910e6efcc537660bf0a056bd90083d69ed22b56fad78a626d4602cdf2e1892d41e6130aea15743c5dbb4acc6a7b151b610c15d8848ef57c9f52834073f48d2827e46a6834820b05c250eae6398e853a0b16c2fe83765465804e28b8dcad575d5403f3b9b930dcee1551fea4d6425cc65091ceaa9b93f1c8d6906883d00eb3438e55333f223d6c5a369f0d595b0a2b7f345a0ac43f84d0359382945f43d642671dc8fa01ac99f4adc6262d91ca3b07abe0fca92a1df3cb672ea4c28506834a1300af1d515680c6c511e2cafac885e27fae6db7317e338571ad2b767b09ddc08327ae5fd16ef5cf617a8756f052653a003b19da10e5a6e8c1e99779682c0a0a6406613a8f11c604e9cd16367ae868963327648c4badf374d05a92c0e8890bffecf8ca86377aedda794d20ac182076240b4ad140db41f932f9654e2628c7f7e9bdaac19f4174887785dd4f3523304bb85644783a1405cb96b768a42f4bf28dbda3ad65e0725bc7e1f35ff6102270e06aa7d7714da237103bbb5d034f4e48fc6b8522", 0x2c5}], 0x8}}], 0x1, 0x0) 19:12:05 executing program 1: 19:12:05 executing program 2: 19:12:05 executing program 3: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}}, 0x0) timerfd_gettime(r0, &(0x7f0000000000)) 19:12:05 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0xe, 0x0, &(0x7f0000000140)) 19:12:05 executing program 2: 19:12:06 executing program 3: 19:12:06 executing program 1: 19:12:06 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmmsg$inet(r0, &(0x7f000000e380)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0x64010101}, 0x10, &(0x7f0000001480)=[{&(0x7f0000000180)="07206fb09cc2f62e4e51938592ff7c8815af24927b3f202187d939ab8db849e3628b6c8ba9542f714975d942ccf9b2a4972bad0aa3b9cd1991899af8d0b369a4c5f004bfca3c2606caa72f8a7e98ea2606382116c4e25e4e23a74022366784c3477408cda3e089e9fa01558a1a8269c95c7fefbe27167f72c569f6f59441cec5ae1f8f1d83415427d5c2d22003", 0x8d}, {&(0x7f0000000240)="ffadc9c6c9bc1ec08b635cbca4fd2b5a28cab2f578e02fd0c33ff5a36eef8150", 0x20}, {&(0x7f0000000280)='CzB', 0x3}, {&(0x7f00000002c0)="9088a173033e13f6c2430f23cd2d720da4f8e2071685e694d1a709b585e6f4a1500d0d961ba9ad146b28cc0b92ca4779a09859a2696c3694d15acb97780ab42d2b6ab8f1c306049253348a7a8a1b000f4c26263bf60ae0209f02d94722c4e1f80448c99e76a9d9c8ab5ea389fb9f78826fb3b8fc30", 0x75}, {&(0x7f0000000340)="02a7085731e6d12983969aeda065f5e552dcdbdd6b2b71f637e3b90cfcc820", 0x1f}, {&(0x7f0000000380)="aac089723597be572d14826487d0669f40e9cc54e4c7cc11657ae1de336ecc6d", 0x20}, {&(0x7f00000003c0)="4776375050fcdabfdf31644a44828a949f8e64fbd45c30069b2d1ab5ae5b51c6c15eb1d619345e2f239093388adb524f97c4394d3a135eaf40d98ece40dbf82c025e6bc476e7e22d4b1cbdf12b235a9cecc67be55228feff0252f0aec7f92dbbf568dfdef9bc05a6fd66694042b548855abc9aa9eb47cc4c9c7705729ef4b52a94121d7b105e569fd75607f2b30c3b078619f88aabed3b648919854827bfb4c114126869a76cda753cce6da98ea440f0623262579b7b65be262059", 0xbb}, {&(0x7f0000000480)="e31e31fe68212cb40c24f202efeab36615538342821c8f59c7360e1d8529f06bddfb8c6da78e60932b9b03e98f60b0e3a0efd7c4c81c5156a99c9713ab62e1de610b542e1e735acaaf5d436a9ff975c1fab704bd4f791c49af7e560bdf6eeefe4fa42529295ccb87c6d4cc8b31d97fea815891698d3c54b21e84355cb1a9fc6d39a1733f055c84a29821f6b4e15c712165e12604b3f6def950ab8aca0c7c1942a2cd6255bc717994f7c4ad21e10d32094d5591b83bffe1f219dbc7fd1432060b726645e61ff7669044f7a7c541b86717d4e4fb5851131f7e4dd7efd4fb0a362d4f412ffba9812b1ef1797780dcc9574a8de13321b6604baf825f5bd09f14b2432a26e50482706531960e6b3a8c82c6de48ad66ab9e007bcf1d785a87d34ab54bdf2008b16decd5811dce3ba070b9b46bf5f8fc9cbaceb49b89357b2388923af80564d1d0c910e6efcc537660bf0a056bd90083d69ed22b56fad78a626d4602cdf2e1892d41e6130aea15743c5dbb4acc6a7b151b610c15d8848ef57c9f52834073f48d2827e46a6834820b05c250eae6398e853a0b16c2fe83765465804e28b8dcad575d5403f3b9b930dcee1551fea4d6425cc65091ceaa9b93f1c8d6906883d00eb3438e55333f223d6c5a369f0d595b0a2b7f345a0ac43f84d0359382945f43d642671dc8fa01ac99f4adc6262d91ca3b07abe0fca92a1df3cb672ea4c28506834a1300af1d515680c6c511e2cafac885e27fae6db7317e338571ad2b767b09ddc08327ae5fd16ef5cf617a8756f052653a003b19da10e5a6e8c1e99779682c0a0a6406613a8f11c604e9cd16367ae868963327648c4badf374d05a92c0e8890bffecf8ca86377aedda794d20ac182076240b4ad140db41f932f9654e2628c7f7e9bdaac19f4174887785dd4f3523304bb85644783a1405cb96b768a42f4bf28dbda3ad65e0725bc7e1f35ff6102270e06aa7d7714da237103bbb5d034f4e48fc6b8522", 0x2c5}], 0x8}}], 0x1, 0x0) 19:12:06 executing program 2: 19:12:06 executing program 3: 19:12:06 executing program 1: 19:12:06 executing program 1: 19:12:06 executing program 2: 19:12:06 executing program 3: 19:12:06 executing program 3: 19:12:07 executing program 0: 19:12:07 executing program 1: 19:12:07 executing program 2: 19:12:07 executing program 3: 19:12:07 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x73, 0x0, &(0x7f0000000140)) 19:12:07 executing program 1: 19:12:07 executing program 2: 19:12:07 executing program 1: 19:12:07 executing program 0: 19:12:07 executing program 2: 19:12:07 executing program 3: 19:12:07 executing program 0: 19:12:07 executing program 2: 19:12:07 executing program 3: 19:12:07 executing program 1: 19:12:07 executing program 0: 19:12:07 executing program 2: 19:12:07 executing program 3: 19:12:08 executing program 0: 19:12:08 executing program 1: 19:12:08 executing program 2: 19:12:08 executing program 0: 19:12:08 executing program 3: 19:12:08 executing program 2: 19:12:08 executing program 1: 19:12:08 executing program 0: 19:12:08 executing program 1: 19:12:08 executing program 3: 19:12:08 executing program 0: 19:12:08 executing program 2: 19:12:08 executing program 1: 19:12:08 executing program 0: 19:12:08 executing program 2: 19:12:08 executing program 3: 19:12:08 executing program 1: 19:12:08 executing program 2: 19:12:08 executing program 0: 19:12:08 executing program 1: 19:12:08 executing program 3: 19:12:08 executing program 2: 19:12:08 executing program 0: 19:12:08 executing program 2: 19:12:08 executing program 1: 19:12:08 executing program 3: 19:12:08 executing program 0: 19:12:08 executing program 2: 19:12:08 executing program 3: 19:12:08 executing program 1: 19:12:08 executing program 0: 19:12:08 executing program 2: 19:12:08 executing program 3: 19:12:08 executing program 2: 19:12:08 executing program 1: 19:12:08 executing program 0: 19:12:08 executing program 3: 19:12:08 executing program 1: 19:12:08 executing program 2: 19:12:08 executing program 0: 19:12:08 executing program 3: 19:12:08 executing program 0: 19:12:08 executing program 2: 19:12:08 executing program 1: 19:12:08 executing program 2: 19:12:08 executing program 3: 19:12:08 executing program 0: 19:12:08 executing program 1: 19:12:08 executing program 2: 19:12:08 executing program 3: 19:12:08 executing program 0: 19:12:08 executing program 1: 19:12:08 executing program 3: 19:12:08 executing program 0: 19:12:08 executing program 2: 19:12:08 executing program 1: 19:12:08 executing program 0: 19:12:08 executing program 2: 19:12:08 executing program 3: 19:12:08 executing program 1: 19:12:08 executing program 0: 19:12:08 executing program 2: 19:12:08 executing program 3: 19:12:08 executing program 1: 19:12:08 executing program 0: 19:12:09 executing program 2: 19:12:09 executing program 0: 19:12:09 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40, 0x0) 19:12:09 executing program 3: 19:12:09 executing program 3: 19:12:09 executing program 0: 19:12:09 executing program 2: 19:12:09 executing program 1: 19:12:09 executing program 0: 19:12:09 executing program 1: 19:12:09 executing program 2: 19:12:09 executing program 3: 19:12:09 executing program 1: 19:12:09 executing program 3: 19:12:09 executing program 0: 19:12:09 executing program 2: 19:12:09 executing program 1: 19:12:09 executing program 3: 19:12:09 executing program 2: 19:12:09 executing program 0: 19:12:09 executing program 1: 19:12:09 executing program 0: 19:12:09 executing program 3: 19:12:09 executing program 2: 19:12:09 executing program 1: 19:12:10 executing program 3: 19:12:10 executing program 1: 19:12:10 executing program 0: 19:12:10 executing program 2: 19:12:10 executing program 3: 19:12:10 executing program 1: 19:12:10 executing program 0: 19:12:10 executing program 2: 19:12:10 executing program 1: 19:12:10 executing program 3: 19:12:10 executing program 0: 19:12:10 executing program 1: 19:12:10 executing program 2: 19:12:10 executing program 0: 19:12:10 executing program 3: 19:12:10 executing program 1: 19:12:10 executing program 2: 19:12:10 executing program 0: 19:12:10 executing program 3: 19:12:10 executing program 2: 19:12:10 executing program 3: 19:12:10 executing program 1: 19:12:10 executing program 0: 19:12:10 executing program 2: 19:12:10 executing program 1: 19:12:10 executing program 3: 19:12:10 executing program 0: 19:12:10 executing program 2: 19:12:10 executing program 3: 19:12:10 executing program 1: 19:12:10 executing program 0: 19:12:10 executing program 2: 19:12:10 executing program 3: 19:12:10 executing program 1: 19:12:10 executing program 3: 19:12:10 executing program 0: 19:12:10 executing program 2: 19:12:10 executing program 1: 19:12:10 executing program 3: 19:12:10 executing program 0: 19:12:10 executing program 2: 19:12:10 executing program 1: 19:12:10 executing program 0: 19:12:10 executing program 3: 19:12:10 executing program 2: 19:12:10 executing program 0: 19:12:10 executing program 1: 19:12:10 executing program 3: 19:12:10 executing program 2: 19:12:10 executing program 0: 19:12:10 executing program 2: 19:12:10 executing program 0: 19:12:10 executing program 3: 19:12:10 executing program 1: 19:12:10 executing program 0: 19:12:10 executing program 1: 19:12:10 executing program 3: 19:12:10 executing program 2: 19:12:10 executing program 0: 19:12:10 executing program 3: 19:12:10 executing program 2: 19:12:10 executing program 0: 19:12:10 executing program 1: 19:12:10 executing program 2: 19:12:10 executing program 3: 19:12:10 executing program 0: 19:12:10 executing program 1: 19:12:10 executing program 3: 19:12:10 executing program 2: 19:12:10 executing program 0: 19:12:10 executing program 1: 19:12:10 executing program 3: 19:12:10 executing program 2: 19:12:10 executing program 0: 19:12:10 executing program 3: 19:12:11 executing program 1: 19:12:11 executing program 2: 19:12:11 executing program 0: 19:12:11 executing program 3: 19:12:11 executing program 0: 19:12:11 executing program 1: 19:12:11 executing program 3: 19:12:11 executing program 2: 19:12:11 executing program 0: 19:12:11 executing program 1: 19:12:11 executing program 3: 19:12:11 executing program 0: 19:12:11 executing program 1: 19:12:11 executing program 2: 19:12:11 executing program 0: 19:12:11 executing program 2: 19:12:11 executing program 3: 19:12:11 executing program 1: 19:12:11 executing program 0: 19:12:11 executing program 2: 19:12:11 executing program 0: 19:12:11 executing program 1: 19:12:11 executing program 3: 19:12:11 executing program 2: 19:12:11 executing program 3: 19:12:11 executing program 1: 19:12:11 executing program 0: 19:12:11 executing program 2: 19:12:11 executing program 1: 19:12:11 executing program 0: 19:12:11 executing program 3: 19:12:11 executing program 2: 19:12:11 executing program 0: 19:12:11 executing program 3: 19:12:11 executing program 1: 19:12:11 executing program 3: 19:12:11 executing program 0: 19:12:11 executing program 1: 19:12:11 executing program 2: 19:12:11 executing program 3: 19:12:11 executing program 0: 19:12:11 executing program 2: 19:12:11 executing program 3: 19:12:11 executing program 1: 19:12:11 executing program 0: 19:12:11 executing program 2: 19:12:11 executing program 0: 19:12:11 executing program 3: 19:12:11 executing program 1: 19:12:11 executing program 2: 19:12:11 executing program 0: 19:12:11 executing program 3: 19:12:11 executing program 1: 19:12:11 executing program 2: 19:12:11 executing program 0: 19:12:11 executing program 1: 19:12:11 executing program 2: 19:12:11 executing program 0: 19:12:11 executing program 3: 19:12:11 executing program 1: 19:12:11 executing program 2: 19:12:11 executing program 1: 19:12:11 executing program 0: 19:12:11 executing program 3: 19:12:11 executing program 1: 19:12:11 executing program 2: 19:12:11 executing program 0: 19:12:11 executing program 3: 19:12:11 executing program 0: 19:12:11 executing program 2: 19:12:11 executing program 1: 19:12:11 executing program 3: 19:12:11 executing program 2: 19:12:12 executing program 0: 19:12:12 executing program 3: 19:12:12 executing program 1: 19:12:12 executing program 2: 19:12:12 executing program 3: 19:12:12 executing program 0: 19:12:12 executing program 1: 19:12:12 executing program 2: 19:12:12 executing program 3: 19:12:12 executing program 0: 19:12:12 executing program 1: 19:12:12 executing program 2: 19:12:12 executing program 3: 19:12:12 executing program 0: 19:12:12 executing program 1: 19:12:12 executing program 1: 19:12:12 executing program 3: 19:12:12 executing program 2: 19:12:12 executing program 0: 19:12:12 executing program 1: 19:12:12 executing program 0: 19:12:12 executing program 2: 19:12:12 executing program 3: 19:12:12 executing program 1: 19:12:12 executing program 0: 19:12:12 executing program 3: 19:12:12 executing program 2: 19:12:12 executing program 1: 19:12:12 executing program 0: 19:12:12 executing program 1: 19:12:12 executing program 0: 19:12:12 executing program 3: 19:12:12 executing program 2: 19:12:12 executing program 0: 19:12:12 executing program 3: 19:12:12 executing program 2: 19:12:12 executing program 1: 19:12:12 executing program 2: 19:12:12 executing program 0: 19:12:12 executing program 3: 19:12:12 executing program 1: 19:12:12 executing program 2: 19:12:12 executing program 0: 19:12:12 executing program 0: 19:12:12 executing program 1: 19:12:12 executing program 3: 19:12:12 executing program 2: 19:12:12 executing program 0: 19:12:12 executing program 3: 19:12:12 executing program 1: 19:12:12 executing program 2: 19:12:12 executing program 0: 19:12:12 executing program 1: 19:12:12 executing program 3: 19:12:12 executing program 2: 19:12:12 executing program 0: 19:12:12 executing program 3: 19:12:12 executing program 1: 19:12:12 executing program 0: 19:12:12 executing program 1: 19:12:12 executing program 2: 19:12:12 executing program 3: 19:12:12 executing program 0: 19:12:12 executing program 2: 19:12:12 executing program 3: 19:12:12 executing program 1: 19:12:12 executing program 2: 19:12:12 executing program 0: 19:12:12 executing program 3: 19:12:12 executing program 2: 19:12:12 executing program 1: 19:12:12 executing program 2: 19:12:12 executing program 0: 19:12:12 executing program 3: 19:12:12 executing program 1: 19:12:12 executing program 2: 19:12:12 executing program 0: 19:12:12 executing program 3: 19:12:12 executing program 1: 19:12:13 executing program 2: 19:12:13 executing program 3: 19:12:13 executing program 0: 19:12:13 executing program 1: 19:12:13 executing program 3: 19:12:13 executing program 0: 19:12:13 executing program 2: 19:12:13 executing program 1: 19:12:13 executing program 3: 19:12:13 executing program 2: 19:12:13 executing program 0: 19:12:13 executing program 3: 19:12:13 executing program 1: 19:12:13 executing program 0: 19:12:13 executing program 2: 19:12:13 executing program 1: 19:12:13 executing program 3: 19:12:13 executing program 1: 19:12:13 executing program 0: 19:12:13 executing program 2: 19:12:13 executing program 3: 19:12:13 executing program 2: 19:12:13 executing program 3: 19:12:13 executing program 1: 19:12:13 executing program 0: 19:12:13 executing program 2: 19:12:13 executing program 3: 19:12:13 executing program 1: 19:12:13 executing program 2: 19:12:13 executing program 0: 19:12:13 executing program 3: 19:12:13 executing program 1: 19:12:13 executing program 0: 19:12:13 executing program 2: 19:12:13 executing program 3: 19:12:13 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000580)=@flushpolicy={0x34, 0x1d, 0x58ae0367ae7f2861, 0x0, 0x0, "", [@lifetime_val={0x24}]}, 0x34}}, 0x0) 19:12:13 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000007c0)=@flushpolicy={0xf0, 0x1d, 0x58ae0367ae7f2861, 0x0, 0x0, "", [@sa={0xe0, 0x6, {{@in6=@remote, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in6=@private1}, @in=@broadcast}}]}, 0xf0}}, 0x0) 19:12:13 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='comm\x00') write$cgroup_devices(r0, 0x0, 0x9) 19:12:13 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000000600)={0x0, @nl=@unspec, @isdn, @isdn, 0xba63}) 19:12:13 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000580)=@flushpolicy={0x1c, 0x1d, 0x58ae0367ae7f2861, 0x0, 0x0, "", [@policy_type={0xa}]}, 0x1c}}, 0x0) [ 229.142808][T10450] ================================================================== 19:12:14 executing program 2: 19:12:14 executing program 3: [ 229.158527][T10450] BUG: KASAN: slab-out-of-bounds in xfrm_attr_cpy32+0x15a/0x1d0 [ 229.192713][T10450] Write of size 4 at addr ffff88806884bcf4 by task syz-executor.1/10450 [ 229.208193][T10450] 19:12:14 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='loginuid\x00') r1 = socket$inet6_udp(0xa, 0x2, 0x0) write$cgroup_devices(r0, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r1, @ANYRESOCT], 0xfffffffffffffe0e) 19:12:14 executing program 3: clock_getres(0xbc5cb1fcaf4eb800, 0x0) [ 229.208193][T10450] CPU: 3 PID: 10450 Comm: syz-executor.1 Not tainted 5.10.0-rc6-syzkaller #0 [ 229.212426][T10450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 229.240425][T10450] Call Trace: [ 229.240425][T10450] dump_stack+0x107/0x163 [ 229.256282][T10450] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 229.259057][T10450] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 229.259057][T10450] print_address_description.constprop.0.cold+0xae/0x4c8 [ 229.291081][T10450] ? _raw_spin_lock_irqsave+0x4e/0x50 [ 229.296793][T10450] ? vprintk_func+0x95/0x1e0 [ 229.303957][T10450] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 229.316518][T10450] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 229.323783][T10450] kasan_report.cold+0x1f/0x37 [ 229.330981][T10450] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 229.339544][T10450] check_memory_region+0x13d/0x180 [ 229.347546][T10450] memset+0x20/0x40 [ 229.353063][T10450] xfrm_attr_cpy32+0x15a/0x1d0 [ 229.359304][T10450] xfrm_user_rcv_msg_compat+0x76b/0x1040 [ 229.366303][T10450] ? xfrm_alloc_compat+0x10d0/0x10d0 [ 229.373273][T10450] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 229.380367][T10450] ? mark_lock+0xf7/0x1730 [ 229.386350][T10450] ? security_capable+0x8f/0xc0 [ 229.400658][T10450] ? xfrm_alloc_compat+0x10d0/0x10d0 [ 229.411840][T10450] xfrm_user_rcv_msg+0x55b/0x8b0 [ 229.420975][T10450] ? _raw_spin_unlock_irq+0x2a/0x40 [ 229.428044][T10450] ? xfrm_do_migrate+0x800/0x800 [ 229.435216][T10450] ? __schedule+0x89b/0x2130 [ 229.441242][T10450] ? io_schedule_timeout+0x140/0x140 [ 229.451003][T10450] ? lock_release+0x710/0x710 [ 229.458237][T10450] ? preempt_schedule_thunk+0x16/0x18 [ 229.465850][T10450] ? preempt_schedule_common+0x59/0xc0 [ 229.473248][T10450] ? preempt_schedule_thunk+0x16/0x18 [ 229.480377][T10450] ? __mutex_lock+0xc00/0x10e0 [ 229.486299][T10450] netlink_rcv_skb+0x153/0x420 [ 229.497390][T10450] ? xfrm_do_migrate+0x800/0x800 [ 229.508205][T10450] ? netlink_ack+0xaa0/0xaa0 [ 229.513886][T10450] xfrm_netlink_rcv+0x6b/0x90 [ 229.523148][T10450] netlink_unicast+0x533/0x7d0 [ 229.532250][T10450] ? netlink_attachskb+0x810/0x810 [ 229.539509][T10450] ? __phys_addr_symbol+0x2c/0x70 [ 229.557164][T10450] ? __check_object_size+0x171/0x3f0 [ 229.566811][T10450] netlink_sendmsg+0x856/0xd90 [ 229.575501][T10450] ? netlink_unicast+0x7d0/0x7d0 [ 229.583302][T10450] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 229.592228][T10450] ? netlink_unicast+0x7d0/0x7d0 [ 229.600579][T10450] sock_sendmsg+0xcf/0x120 [ 229.608164][T10450] ____sys_sendmsg+0x6e8/0x810 [ 229.620487][T10450] ? kernel_sendmsg+0x50/0x50 [ 229.629862][T10450] ? do_recvmmsg+0x6c0/0x6c0 [ 229.639148][T10450] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 229.652152][T10450] ___sys_sendmsg+0xf3/0x170 [ 229.660564][T10450] ? sendmsg_copy_msghdr+0x160/0x160 [ 229.670763][T10450] ? __fget_files+0x272/0x400 [ 229.683305][T10450] ? lock_downgrade+0x6d0/0x6d0 [ 229.700003][T10450] ? find_held_lock+0x2d/0x110 [ 229.711849][T10450] ? __fget_files+0x294/0x400 [ 229.730318][T10450] ? __fget_light+0xea/0x280 [ 229.741076][T10450] __sys_sendmsg+0xe5/0x1b0 [ 229.751082][T10450] ? __sys_sendmsg_sock+0xb0/0xb0 [ 229.761104][T10450] ? syscall_enter_from_user_mode_prepare+0x13/0x20 [ 229.773476][T10450] __do_fast_syscall_32+0x56/0x80 [ 229.789611][T10450] do_fast_syscall_32+0x2f/0x70 [ 229.803220][T10450] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 229.816699][T10450] RIP: 0023:0xf7f71549 [ 229.824863][T10450] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 229.873344][T10450] RSP: 002b:00000000f556b0bc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 229.894461][T10450] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000780 [ 229.908869][T10450] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 229.923732][T10450] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 229.936222][T10450] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 229.953146][T10450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 229.966727][T10450] [ 229.976083][T10450] Allocated by task 10450: [ 229.983085][T10450] kasan_save_stack+0x1b/0x40 [ 229.983085][T10450] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 230.003402][T10450] kvmalloc_node+0x61/0xf0 [ 230.026033][T10450] xfrm_user_rcv_msg_compat+0x3cd/0x1040 [ 230.045527][T10450] xfrm_user_rcv_msg+0x55b/0x8b0 [ 230.063392][T10450] netlink_rcv_skb+0x153/0x420 [ 230.083296][T10450] xfrm_netlink_rcv+0x6b/0x90 [ 230.096544][T10450] netlink_unicast+0x533/0x7d0 [ 230.116546][T10450] netlink_sendmsg+0x856/0xd90 [ 230.123040][T10450] sock_sendmsg+0xcf/0x120 [ 230.136476][T10450] ____sys_sendmsg+0x6e8/0x810 [ 230.156662][T10450] ___sys_sendmsg+0xf3/0x170 [ 230.163097][T10450] __sys_sendmsg+0xe5/0x1b0 [ 230.183805][T10450] __do_fast_syscall_32+0x56/0x80 [ 230.196335][T10450] do_fast_syscall_32+0x2f/0x70 [ 230.213597][T10450] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 230.224934][T10450] [ 230.236286][T10450] The buggy address belongs to the object at ffff88806884bc00 [ 230.236286][T10450] which belongs to the cache kmalloc-256 of size 256 [ 230.276271][T10450] The buggy address is located 244 bytes inside of [ 230.276271][T10450] 256-byte region [ffff88806884bc00, ffff88806884bd00) [ 230.303191][T10450] The buggy address belongs to the page: [ 230.303191][T10450] page:00000000d153769e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x68848 [ 230.333265][T10450] head:00000000d153769e order:2 compound_mapcount:0 compound_pincount:0 [ 230.343274][T10450] flags: 0x4fff00000010200(slab|head) [ 230.356229][T10450] raw: 04fff00000010200 dead000000000100 dead000000000122 ffff888010043400 [ 230.363151][T10450] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 230.383157][T10450] page dumped because: kasan: bad access detected [ 230.383157][T10450] [ 230.406047][T10450] Memory state around the buggy address: [ 230.413072][T10450] ffff88806884bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 230.433734][T10450] ffff88806884bc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 230.446095][T10450] >ffff88806884bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 fc [ 230.466508][T10450] ^ [ 230.473106][T10450] ffff88806884bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 230.493180][T10450] ffff88806884bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 230.503058][T10450] ================================================================== [ 230.513599][T10450] Disabling lock debugging due to kernel taint [ 230.532649][T10450] Kernel panic - not syncing: panic_on_warn set ... [ 230.543114][T10450] CPU: 3 PID: 10450 Comm: syz-executor.1 Tainted: G B 5.10.0-rc6-syzkaller #0 [ 230.557126][T10450] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 230.577396][T10450] Call Trace: [ 230.582021][T10450] dump_stack+0x107/0x163 [ 230.589159][T10450] ? xfrm_attr_cpy32+0x90/0x1d0 [ 230.596139][T10450] panic+0x306/0x73d [ 230.601919][T10450] ? __warn_printk+0xf3/0xf3 [ 230.608926][T10450] ? preempt_schedule_common+0x59/0xc0 [ 230.615858][T10450] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 230.623627][T10450] ? preempt_schedule_thunk+0x16/0x18 [ 230.632094][T10450] ? trace_hardirqs_on+0x51/0x1c0 [ 230.640463][T10450] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 230.647543][T10450] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 230.654547][T10450] end_report+0x58/0x5e [ 230.660369][T10450] kasan_report.cold+0xd/0x37 [ 230.667327][T10450] ? xfrm_attr_cpy32+0x15a/0x1d0 [ 230.673269][T10450] check_memory_region+0x13d/0x180 [ 230.680192][T10450] memset+0x20/0x40 [ 230.684840][T10450] xfrm_attr_cpy32+0x15a/0x1d0 [ 230.691877][T10450] xfrm_user_rcv_msg_compat+0x76b/0x1040 [ 230.698920][T10450] ? xfrm_alloc_compat+0x10d0/0x10d0 [ 230.707204][T10450] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 230.716734][T10450] ? mark_lock+0xf7/0x1730 [ 230.723038][T10450] ? security_capable+0x8f/0xc0 [ 230.729609][T10450] ? xfrm_alloc_compat+0x10d0/0x10d0 [ 230.737145][T10450] xfrm_user_rcv_msg+0x55b/0x8b0 [ 230.744309][T10450] ? _raw_spin_unlock_irq+0x2a/0x40 [ 230.751201][T10450] ? xfrm_do_migrate+0x800/0x800 [ 230.760690][T10450] ? __schedule+0x89b/0x2130 [ 230.767787][T10450] ? io_schedule_timeout+0x140/0x140 [ 230.776225][T10450] ? lock_release+0x710/0x710 [ 230.783670][T10450] ? preempt_schedule_thunk+0x16/0x18 [ 230.791690][T10450] ? preempt_schedule_common+0x59/0xc0 [ 230.798756][T10450] ? preempt_schedule_thunk+0x16/0x18 [ 230.807024][T10450] ? __mutex_lock+0xc00/0x10e0 [ 230.819322][T10450] netlink_rcv_skb+0x153/0x420 [ 230.830171][T10450] ? xfrm_do_migrate+0x800/0x800 [ 230.839288][T10450] ? netlink_ack+0xaa0/0xaa0 [ 230.844057][T10450] xfrm_netlink_rcv+0x6b/0x90 [ 230.861278][T10450] netlink_unicast+0x533/0x7d0 [ 230.869623][T10450] ? netlink_attachskb+0x810/0x810 [ 230.880782][T10450] ? __phys_addr_symbol+0x2c/0x70 [ 230.889013][T10450] ? __check_object_size+0x171/0x3f0 [ 230.897256][T10450] netlink_sendmsg+0x856/0xd90 [ 230.904464][T10450] ? netlink_unicast+0x7d0/0x7d0 [ 230.912633][T10450] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 230.919605][T10450] ? netlink_unicast+0x7d0/0x7d0 [ 230.926493][T10450] sock_sendmsg+0xcf/0x120 [ 230.932391][T10450] ____sys_sendmsg+0x6e8/0x810 [ 230.938362][T10450] ? kernel_sendmsg+0x50/0x50 [ 230.945566][T10450] ? do_recvmmsg+0x6c0/0x6c0 [ 230.951359][T10450] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 230.958265][T10450] ___sys_sendmsg+0xf3/0x170 [ 230.963490][T10450] ? sendmsg_copy_msghdr+0x160/0x160 [ 230.974981][T10450] ? __fget_files+0x272/0x400 [ 230.982018][T10450] ? lock_downgrade+0x6d0/0x6d0 [ 230.988076][T10450] ? find_held_lock+0x2d/0x110 [ 230.995229][T10450] ? __fget_files+0x294/0x400 [ 231.005217][T10450] ? __fget_light+0xea/0x280 [ 231.014468][T10450] __sys_sendmsg+0xe5/0x1b0 [ 231.021871][T10450] ? __sys_sendmsg_sock+0xb0/0xb0 [ 231.028866][T10450] ? syscall_enter_from_user_mode_prepare+0x13/0x20 [ 231.041421][T10450] __do_fast_syscall_32+0x56/0x80 [ 231.048634][T10450] do_fast_syscall_32+0x2f/0x70 [ 231.055740][T10450] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 231.065054][T10450] RIP: 0023:0xf7f71549 [ 231.070951][T10450] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 231.103047][T10450] RSP: 002b:00000000f556b0bc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 231.118213][T10450] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000780 [ 231.137347][T10450] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 231.151815][T10450] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 231.166549][T10450] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 231.183991][T10450] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 231.204960][T10450] Kernel Offset: disabled [ 231.204960][T10450] Rebooting in 86400 seconds.. VM DIAGNOSIS: 19:12:15 Registers: info registers vcpu 0 RAX=fffff520002fef50 RBX=1ffff920002fef50 RCX=ffffffff8155a937 RDX=dffffc0000000000 RSI=ffff888011e52a98 RDI=ffff888011e52180 RBP=0000000000000006 RSP=ffffc900017f7a50 R8 =0000000000000000 R9 =ffffffff8ecc1737 R10=fffffbfff1d982e6 R11=0000000000000000 R12=0000000000000006 R13=dffffc0000000000 R14=ffff888011e52a98 R15=ffffffff888f3950 RIP=ffffffff8155a890 RFL=00000806 [-O---P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cc00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000000b019984 CR3=000000006553d000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000052 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000080000000 RBX=00000000c50a2375 RCX=ffffffff837fe38c RDX=ffff888012612180 RSI=ffffffff837fe399 RDI=0000000000000004 RBP=00000000c50a2375 RSP=ffffc90000d37a58 R8 =0000000000000000 R9 =0000000000000000 R10=00000000c50a2375 R11=0000000000000000 R12=0000000000000000 R13=ffff888068826000 R14=ffff88801bdb0228 R15=0000000000000007 RIP=ffffffff81700499 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f99b9f517a0 ffffffff 00c00000 GS =0000 ffff88802cd00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000d722a8 CR3=000000001c3fd000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000052 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=0000000000000001 RBX=1ffff920002b0ec4 RCX=ffffffff81562cc8 RDX=0000000000000001 RSI=ffffffff899d9200 RDI=ffffffff899d9240 RBP=0000000000000000 RSP=ffffc900015875c0 R8 =0000000000000000 R9 =ffffffff8cecaa4f R10=fffffbfff19d9549 R11=0000000000000000 R12=0000000000000001 R13=ffffffff899d9200 R14=0000000000000000 R15=0000000000000000 RIP=ffffffff88e582aa RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 00007f99b9f517a0 ffffffff 00c00000 GS =0000 ffff88802ce00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f99b9f58000 CR3=00000000628b2000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=20202020202020202020202020202020 XMM02=000000000000000000ff0000ff000000 XMM03=00000000000000000000000000000000 XMM04=75722f766564752f62696c2f002f2a2f XMM05=5b6d626974627c2a5d392d305b646d7c XMM06=2d305b6d626974627c2a5d392d305b64 XMM07=2d63707276633a3174633a554d45516e XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=0000000000000066 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff840e8681 RDI=ffffffff8fad7ae0 RBP=ffffffff8fad7aa0 RSP=ffffc90000cf6ec0 R8 =0000000000000001 R9 =0000000000000003 R10=0000000000000000 R11=0000000000000000 R12=0000000000000066 R13=0000000000000066 R14=ffffffff8fad7aa0 R15=dffffc0000000000 RIP=ffffffff840e86d8 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802cf00000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000413720 CR3=00000000146e3000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000052 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000