Warning: Permanently added '[localhost]:1299' (ECDSA) to the list of known hosts. 2020/12/30 23:26:37 fuzzer started 2020/12/30 23:26:37 dialing manager at 10.0.2.10:42675 2020/12/30 23:26:38 syscalls: 3454 2020/12/30 23:26:38 code coverage: enabled 2020/12/30 23:26:38 comparison tracing: enabled 2020/12/30 23:26:38 extra coverage: enabled 2020/12/30 23:26:38 setuid sandbox: enabled 2020/12/30 23:26:38 namespace sandbox: enabled 2020/12/30 23:26:38 Android sandbox: /sys/fs/selinux/policy does not exist 2020/12/30 23:26:38 fault injection: enabled 2020/12/30 23:26:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/12/30 23:26:38 net packet injection: enabled 2020/12/30 23:26:38 net device setup: enabled 2020/12/30 23:26:38 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/12/30 23:26:38 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/12/30 23:26:38 USB emulation: enabled 2020/12/30 23:26:38 hci packet injection: enabled 2020/12/30 23:26:38 wifi device emulation: enabled 23:27:49 executing program 0: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_REMOVE(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f00000000c0)={0x268, 0x1, 0x5, 0x301, 0x0, 0x0, {}, [{{0x254, 0x1, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz1\x00', "c327c32be5c6c0d2426956ecca5de4fbcb865ff85ec550150de2000508759eb5", "39338d3baeaf9742ff704de0afae2f2f13f5b179a2b486f2da194d4c2d1fecfe"}}}]}, 0x268}}, 0x0) 23:27:50 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000014c0)={'ip_vti0\x00', &(0x7f0000001340)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x6, 0x4, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x4, 0x0, @remote, @remote, {[@ssrr={0x89, 0x3}]}}}}}) 23:27:50 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xe00, &(0x7f0000000180)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d080000607c09e8fe5aa10a0015000200142603000e1208000b0000000001a800160008000600e558f030035c3b61c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf63951f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1}, 0x0) 23:27:50 executing program 3: r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttynull\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5412, &(0x7f0000000100)=0x4086) syzkaller login: [ 189.436930][ T9619] IPVS: ftp: loaded support on port[0] = 21 [ 189.558594][ T9619] chnl_net:caif_netlink_parms(): no params data found [ 189.634566][ T9621] IPVS: ftp: loaded support on port[0] = 21 [ 189.634837][ T9619] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.660240][ T9619] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.675884][ T9619] device bridge_slave_0 entered promiscuous mode [ 189.692827][ T9619] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.707922][ T9619] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.723495][ T9619] device bridge_slave_1 entered promiscuous mode [ 189.764616][ T9619] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.790579][ T9619] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.836421][ T9619] team0: Port device team_slave_0 added [ 189.855052][ T9619] team0: Port device team_slave_1 added [ 189.895363][ T9619] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 189.910132][ T9619] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 189.955181][ T9619] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 189.984295][ T9619] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 189.998624][ T9619] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.042804][ T9619] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.093689][ T9623] IPVS: ftp: loaded support on port[0] = 21 [ 190.111896][ T9619] device hsr_slave_0 entered promiscuous mode [ 190.127385][ T9619] device hsr_slave_1 entered promiscuous mode [ 190.144921][ T9621] chnl_net:caif_netlink_parms(): no params data found [ 190.269585][ T9624] IPVS: ftp: loaded support on port[0] = 21 [ 190.282242][ T9621] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.302682][ T9621] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.321689][ T9621] device bridge_slave_0 entered promiscuous mode [ 190.348033][ T9621] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.364477][ T9621] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.381379][ T9621] device bridge_slave_1 entered promiscuous mode [ 190.446155][ T9621] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.517237][ T9621] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.548252][ T9621] team0: Port device team_slave_0 added [ 190.563278][ T9621] team0: Port device team_slave_1 added [ 190.589996][ T9621] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.606715][ T9621] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.659663][ T9621] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.705510][ T9621] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.721052][ T9621] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.765343][ T9621] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.814005][ T9621] device hsr_slave_0 entered promiscuous mode [ 190.825758][ T9621] device hsr_slave_1 entered promiscuous mode [ 190.837946][ T9621] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 190.851659][ T9621] Cannot create hsr debugfs directory [ 190.912549][ T9623] chnl_net:caif_netlink_parms(): no params data found [ 190.992499][ T9624] chnl_net:caif_netlink_parms(): no params data found [ 191.022104][ T9619] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 191.067049][ T9619] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 191.091007][ T9619] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 191.108137][ T9619] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 191.154960][ T9623] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.167121][ T9623] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.182509][ T9623] device bridge_slave_0 entered promiscuous mode [ 191.197621][ T9623] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.209600][ T9623] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.222558][ T9623] device bridge_slave_1 entered promiscuous mode [ 191.273620][ T9623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.354573][ T9624] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.379763][ T9624] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.403399][ T9624] device bridge_slave_0 entered promiscuous mode [ 191.420439][ T3378] Bluetooth: hci0: command 0x0409 tx timeout [ 191.435012][ T9624] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.456481][ T9624] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.472612][ T9624] device bridge_slave_1 entered promiscuous mode [ 191.484636][ T9623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.540121][ T9624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.556471][ T9624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.572784][ T9623] team0: Port device team_slave_0 added [ 191.595478][ T9623] team0: Port device team_slave_1 added [ 191.627445][ T9624] team0: Port device team_slave_0 added [ 191.650169][ T9624] team0: Port device team_slave_1 added [ 191.658910][ T47] Bluetooth: hci1: command 0x0409 tx timeout [ 191.661708][ T9621] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 191.682587][ T9623] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.694640][ T9623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.738915][ T9623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.758514][ T9623] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.770442][ T9623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.815887][ T9623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.849362][ T9624] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.861510][ T9624] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.909358][ T9624] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.931182][ T9621] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 191.967547][ T9624] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.974118][ T47] Bluetooth: hci2: command 0x0409 tx timeout [ 191.990346][ T9624] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.047323][ T9624] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.068924][ T9621] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 192.167782][ T9623] device hsr_slave_0 entered promiscuous mode [ 192.179821][ T9623] device hsr_slave_1 entered promiscuous mode [ 192.194092][ T9623] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 192.207813][ T9623] Cannot create hsr debugfs directory [ 192.219798][ T9621] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 192.259256][ T9624] device hsr_slave_0 entered promiscuous mode [ 192.271522][ T9624] device hsr_slave_1 entered promiscuous mode [ 192.282433][ T9624] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 192.293610][ T3378] Bluetooth: hci3: command 0x0409 tx timeout [ 192.294939][ T9624] Cannot create hsr debugfs directory [ 192.466736][ T9619] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.519709][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.534794][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.551316][ T9619] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.572365][ T9623] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 192.589958][ T9623] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 192.610040][ T9623] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 192.649985][ T9623] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 192.666948][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.683727][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.703895][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.737894][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.784397][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.816744][ T9621] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.842652][ T9624] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 192.871637][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.887878][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.908522][ T9651] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.925053][ T9651] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.940543][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.956875][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.974659][ T9624] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 193.007672][ T9624] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 193.034055][ T9624] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 193.058991][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.097218][ T9621] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.116326][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.150230][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.166661][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.182665][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.204124][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.224655][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.242285][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.257913][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.294330][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.309717][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.325468][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.337792][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.352533][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.367998][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.384276][ T9651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.418730][ T9619] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.437442][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.455654][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.468486][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.479124][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.521917][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.537713][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.556376][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.570512][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.583839][ T5] Bluetooth: hci0: command 0x041b tx timeout [ 193.600523][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.615040][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.630846][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.686171][ T9621] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 193.704007][ T9621] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 193.724221][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.742252][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.755656][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.768153][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.781338][ T9640] Bluetooth: hci1: command 0x041b tx timeout [ 193.790070][ T9619] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.810242][ T9623] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.822130][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.834461][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 193.845616][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 193.885222][ T9624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.907999][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 193.918755][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 193.930113][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.942347][ T3378] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.960434][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 193.977658][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 193.999841][ T9623] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.013749][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.029225][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.043769][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.060373][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.063143][ T9640] Bluetooth: hci2: command 0x041b tx timeout [ 194.079029][ T71] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.107306][ T71] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.129024][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.151136][ T9624] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.171608][ T9621] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.201594][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.218434][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.236067][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.246371][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.257881][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.270618][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.283363][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.294177][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.306719][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.320023][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.332217][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.342985][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.360222][ T9619] device veth0_vlan entered promiscuous mode [ 194.381398][ T9619] device veth1_vlan entered promiscuous mode [ 194.381476][ T3378] Bluetooth: hci3: command 0x041b tx timeout [ 194.403877][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.414981][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 194.428311][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 194.439874][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 194.452048][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 194.465069][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.478240][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.491705][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 194.503569][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 194.532189][ T9650] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 194.544472][ T9650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 194.556516][ T9650] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.580315][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.594043][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.611593][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 194.623970][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 194.635927][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.650425][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.663998][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 194.675926][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 194.688748][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 194.710660][ T9621] device veth0_vlan entered promiscuous mode [ 194.720179][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.732349][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 194.746276][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 194.758462][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.771165][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.785378][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 194.798858][ T9619] device veth0_macvtap entered promiscuous mode [ 194.816664][ T9623] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 194.833151][ T9623] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 194.880188][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 194.893454][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.907651][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.921254][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.935369][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.949502][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.963627][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.978390][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 195.001571][ T9619] device veth1_macvtap entered promiscuous mode [ 195.012850][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 195.024731][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 195.038647][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 195.060119][ T9624] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 195.077071][ T9624] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 195.090103][ T9621] device veth1_vlan entered promiscuous mode [ 195.103267][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 195.115434][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 195.128144][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 195.155326][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 195.167452][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 195.178367][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 195.198043][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 195.211120][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 195.229931][ T9619] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.248512][ T9624] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.269574][ T9623] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.285686][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 195.300823][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 195.320141][ T9619] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.337545][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 195.352350][ T9640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 195.371000][ T9619] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.388867][ T9619] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.404590][ T9619] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.419341][ T9619] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.464359][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 195.478332][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 195.528280][ T9621] device veth0_macvtap entered promiscuous mode [ 195.546200][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 195.562407][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 195.580070][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 195.602651][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 195.618609][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 195.644112][ T9621] device veth1_macvtap entered promiscuous mode [ 195.653242][ T9653] Bluetooth: hci0: command 0x040f tx timeout [ 195.681462][ T9621] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 195.698759][ T9621] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.716869][ T9621] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.733841][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 195.747282][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 195.766009][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 195.778274][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 195.791416][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 195.803890][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 195.815464][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 195.826617][ T5] Bluetooth: hci1: command 0x040f tx timeout [ 195.850492][ T9621] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 195.865504][ T9621] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.881915][ T9621] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.894574][ T9624] device veth0_vlan entered promiscuous mode [ 195.920998][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 195.933857][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 195.950459][ T9621] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.972079][ T9621] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.989920][ T9621] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.004193][ T9621] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.039179][ T9641] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.054748][ T9641] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.074509][ T9624] device veth1_vlan entered promiscuous mode [ 196.095394][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 196.109467][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 196.124617][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 196.138234][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 196.153642][ T5] Bluetooth: hci2: command 0x040f tx timeout [ 196.157988][ T9641] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.187504][ T9641] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.191074][ T9623] device veth0_vlan entered promiscuous mode [ 196.216247][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 196.232719][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 196.245072][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 196.261348][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 196.341341][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 196.357988][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 196.392123][ T9624] device veth0_macvtap entered promiscuous mode [ 196.416964][ T9623] device veth1_vlan entered promiscuous mode [ 196.452352][ T9619] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 196.463584][ T3378] Bluetooth: hci3: command 0x040f tx timeout [ 196.479675][ T9633] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.492317][ T9624] device veth1_macvtap entered promiscuous mode [ 196.503260][ T9633] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.523313][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 196.537484][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 196.551272][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 196.565470][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 196.579530][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 196.597292][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.600939][ T9623] device veth0_macvtap entered promiscuous mode [ 196.633507][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.673861][ T9623] device veth1_macvtap entered promiscuous mode [ 196.714906][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 196.742205][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 196.770405][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 23:27:58 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f0000003280)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000040)="9d", 0x1}], 0x1}}], 0x1, 0x0) [ 196.831318][ T9623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 23:27:58 executing program 0: mlock2(&(0x7f000045d000/0x3000)=nil, 0x3000, 0x0) move_pages(0x0, 0x2, &(0x7f0000000080)=[&(0x7f0000457000/0x1000)=nil, &(0x7f000045f000/0x4000)=nil], &(0x7f0000000000), &(0x7f0000000100), 0x0) [ 196.859215][ T9623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.883955][ T9623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 196.908229][ T9623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.932529][ T9623] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.949116][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 196.970901][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.997549][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 23:27:59 executing program 0: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000340)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r1, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}}}}, 0x90) [ 197.027970][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.053144][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 197.084747][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.110121][ T9624] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.138194][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready 23:27:59 executing program 0: unshare(0x400) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) getpeername$packet(r1, 0x0, &(0x7f0000000040)) [ 197.167176][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 197.188102][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 197.215650][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 197.243464][ T9623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 197.269101][ T9623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.295065][ T9623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 197.319882][ T9623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.343680][ T9623] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.371768][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 197.390862][ T71] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 197.423957][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 197.452158][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.471088][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 197.495016][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.515691][ T9624] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 197.537607][ T9624] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.563452][ T9624] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.591159][ T9623] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 23:27:59 executing program 0: unshare(0x400) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) getpeername$packet(r1, 0x0, &(0x7f0000000040)) [ 197.622123][ T9623] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.655813][ T9623] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.689480][ T9623] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.730114][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 197.733242][ T5] Bluetooth: hci0: command 0x0419 tx timeout [ 197.759329][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 197.822244][ T9624] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.853574][ T9624] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.876442][ T9624] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.903445][ T5] Bluetooth: hci1: command 0x0419 tx timeout [ 197.904275][ T9624] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 23:27:59 executing program 1: r0 = syz_open_dev$floppy(&(0x7f00000001c0)='/dev/fd#\x00', 0x1, 0x0) ioctl$FLOPPY_FDFMTTRK(r0, 0x6470, 0x0) [ 198.072482][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.090336][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.114644][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 198.115504][ T9641] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.158382][ T9641] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.164969][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.174400][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 198.174451][ T2979] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.174489][ T2979] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.185276][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 198.197956][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 198.223355][ T5] Bluetooth: hci2: command 0x0419 tx timeout [ 198.232500][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 198.398428][ T9690] netlink: 'syz-executor.2': attribute type 21 has an invalid length. [ 198.421762][ T9690] netlink: 'syz-executor.2': attribute type 6 has an invalid length. [ 198.443599][ T9690] netlink: 156 bytes leftover after parsing attributes in process `syz-executor.2'. 23:28:00 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000000)=""/4093, &(0x7f0000001000)=0xffd) 23:28:00 executing program 0: unshare(0x400) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) getpeername$packet(r1, 0x0, &(0x7f0000000040)) 23:28:00 executing program 3: unshare(0x6c060000) r0 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000300)="1c0000001200050f0ca6760000ee53c6ce0ffb299d49b23e9b200a000800", 0x1e, 0x0, 0x0, 0x0) recvfrom$inet6(r0, &(0x7f0000000400)=""/4096, 0x7e, 0x0, 0x0, 0x0) r1 = socket$inet6(0x10, 0x2, 0x0) sendto$inet6(r1, &(0x7f00000000c0)="1ba0000010001d0200fdc5cbdd041d8e828003000000000001a7960fab0fc8da78031c6660b08f00003f71aced466b4644434a88fed7d75725e1069e42dc4b3844e5fb82bb02fec770967c740c00000000d02830b5a4c01a92317320f0c0a5adb7b5b8bf255f1a8dffa8", 0xfe0b, 0x40800, 0x0, 0xffffffffffffff95) socket$inet6(0xa, 0x0, 0x9) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f00000003c0)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000004, &(0x7f0000000040)={0xa, 0x4e22}, 0x6d) recvfrom$inet6(r3, &(0x7f0000000000)=""/35, 0xffffffffffffff13, 0x100, &(0x7f0000001880)={0xa, 0x0, 0x0, @mcast2}, 0x1c) r4 = accept4(r2, 0x0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffff, 0x0) sendto$inet6(r4, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x600000000000004) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001540)=ANY=[@ANYBLOB="4800000024008bb8f10d12000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000fffff2ff00000000402cbe5ad8e90ff63d240008801c00010000000000000000000000000000000000000000000000000004000200c28f57d883d6648d135399f75435a929cc5323dd6d9a2e679d362948c9b9e079700931d23e59d7d7dca762ba0085e31ceffb79930c001b18d8128a7e72421c81767b2182a991b7cdc81fed581d0dd5d0eebfc8714356f2d1314cea0fa27e815fa58419fff2e83d5a7758c61266082a2d2b8c13900d4680628de78f6a8fe97255b69065174539a167777547c1d9bdf6dd13af45c677e2ca408ad0a4c143d242aaa1d4fe5c64c7afccf0ee6b81bc7db1a5c534641e846c85"], 0x48}}, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r4, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x140a, 0x2, 0x70bd29, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000084}, 0x4000000) [ 198.518793][ T9684] floppy1: obsolete eject ioctl [ 198.532149][ T9684] floppy1: please use floppycontrol --eject [ 198.548807][ T9697] IPVS: ftp: loaded support on port[0] = 21 [ 198.553931][ T5] Bluetooth: hci3: command 0x0419 tx timeout 23:28:00 executing program 0: unshare(0x400) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) getpeername$packet(r1, 0x0, &(0x7f0000000040)) 23:28:00 executing program 1: r0 = syz_open_dev$floppy(&(0x7f00000001c0)='/dev/fd#\x00', 0x1, 0x0) ioctl$FLOPPY_FDFMTTRK(r0, 0x6470, 0x0) 23:28:00 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000000)=""/4093, &(0x7f0000001000)=0xffd) [ 198.608464][ T9701] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 198.649892][ T9701] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 198.679235][ T9705] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 23:28:00 executing program 0: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000240000004f801", 0x17}, {0x0, 0x0, 0x10dfe}], 0x0, &(0x7f0000000240)=ANY=[]) removexattr(&(0x7f0000000040)='./file0/file0\x00', 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) 23:28:00 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000000)=""/4093, &(0x7f0000001000)=0xffd) [ 198.751069][ T9701] netlink: 40027 bytes leftover after parsing attributes in process `syz-executor.3'. [ 198.765452][ T9712] floppy1: obsolete eject ioctl [ 198.782638][ T9714] loop0: detected capacity change from 269 to 0 [ 198.805297][ T9701] device lo entered promiscuous mode [ 198.813275][ T9712] floppy1: please use floppycontrol --eject 23:28:00 executing program 1: r0 = syz_open_dev$floppy(&(0x7f00000001c0)='/dev/fd#\x00', 0x1, 0x0) ioctl$FLOPPY_FDFMTTRK(r0, 0x6470, 0x0) [ 198.856114][ T9701] device tunl0 entered promiscuous mode [ 198.859157][ T48] kauditd_printk_skb: 3 callbacks suppressed [ 198.859167][ T48] audit: type=1800 audit(1609370880.850:31): pid=9714 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="loop0" ino=3 res=0 errno=0 [ 198.877511][ T9701] device gre0 entered promiscuous mode 23:28:00 executing program 0: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000240000004f801", 0x17}, {0x0, 0x0, 0x10dfe}], 0x0, &(0x7f0000000240)=ANY=[]) removexattr(&(0x7f0000000040)='./file0/file0\x00', 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) [ 198.920617][ C3] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 198.929373][ T9701] device gretap0 entered promiscuous mode [ 198.978163][ T9701] device erspan0 entered promiscuous mode [ 198.992130][ T9701] device ip_vti0 entered promiscuous mode [ 199.006447][ T9701] device ip6_vti0 entered promiscuous mode [ 199.023468][ T9701] device sit0 entered promiscuous mode [ 199.034007][ T9701] device ip6tnl0 entered promiscuous mode [ 199.036504][ T9726] floppy1: obsolete eject ioctl [ 199.044704][ T9701] device ip6gre0 entered promiscuous mode [ 199.054579][ T9726] floppy1: please use floppycontrol --eject [ 199.067045][ T9701] device syz_tun entered promiscuous mode [ 199.091259][ T9701] device ip6gretap0 entered promiscuous mode [ 199.104367][ T9701] device bridge0 entered promiscuous mode [ 199.116052][ T9701] device vcan0 entered promiscuous mode [ 199.119792][ T9731] loop0: detected capacity change from 269 to 0 [ 199.130882][ T9701] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 199.178728][ T48] audit: type=1800 audit(1609370881.180:32): pid=9731 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="loop0" ino=4 res=0 errno=0 [ 199.179078][ T9701] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 199.242396][ T9701] device bond0 entered promiscuous mode [ 199.257640][ T9701] device bond_slave_0 entered promiscuous mode [ 199.270556][ T9701] device bond_slave_1 entered promiscuous mode [ 199.286288][ T9701] device team0 entered promiscuous mode [ 199.295602][ T9701] device team_slave_0 entered promiscuous mode [ 199.308148][ T9701] device team_slave_1 entered promiscuous mode [ 199.320700][ T9701] device dummy0 entered promiscuous mode [ 199.331100][ T9701] device nlmon0 entered promiscuous mode [ 199.345616][ T9701] device caif0 entered promiscuous mode [ 199.355163][ T9701] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 199.396402][ T9697] netlink: 40027 bytes leftover after parsing attributes in process `syz-executor.3'. [ 199.422433][ T9697] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 199.437295][ T9697] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 23:28:01 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$bt_hci(r0, 0x0, 0x3, &(0x7f0000000000)=""/4093, &(0x7f0000001000)=0xffd) 23:28:01 executing program 1: r0 = syz_open_dev$floppy(&(0x7f00000001c0)='/dev/fd#\x00', 0x1, 0x0) ioctl$FLOPPY_FDFMTTRK(r0, 0x6470, 0x0) 23:28:01 executing program 0: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000240000004f801", 0x17}, {0x0, 0x0, 0x10dfe}], 0x0, &(0x7f0000000240)=ANY=[]) removexattr(&(0x7f0000000040)='./file0/file0\x00', 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) 23:28:01 executing program 3: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000240000004f801", 0x17}, {0x0, 0x0, 0x10dfe}], 0x0, &(0x7f0000000240)=ANY=[]) removexattr(&(0x7f0000000040)='./file0/file0\x00', 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) [ 199.502461][ T9744] floppy1: obsolete eject ioctl 23:28:01 executing program 2: r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000300)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x4, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}}, 0x32) getpeername(r0, 0x0, &(0x7f0000000100)) [ 199.513655][ T9744] floppy1: please use floppycontrol --eject [ 199.519119][ T9741] loop0: detected capacity change from 269 to 0 23:28:01 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x802, 0x9, 0x500}, 0x40) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000, 0x0, &(0x7f00002d7000/0x3000)=nil) [ 199.596975][ T48] audit: type=1800 audit(1609370881.590:33): pid=9741 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="loop0" ino=5 res=0 errno=0 23:28:01 executing program 0: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000240000004f801", 0x17}, {0x0, 0x0, 0x10dfe}], 0x0, &(0x7f0000000240)=ANY=[]) removexattr(&(0x7f0000000040)='./file0/file0\x00', 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) [ 199.614231][ T9751] loop3: detected capacity change from 269 to 0 23:28:01 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x802, 0x9, 0x500}, 0x40) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000, 0x0, &(0x7f00002d7000/0x3000)=nil) 23:28:01 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000140)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r0, 0xc00464c9, &(0x7f0000000280)) [ 199.678456][ T48] audit: type=1800 audit(1609370881.670:34): pid=9751 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="loop3" ino=6 res=0 errno=0 23:28:01 executing program 3: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000240000004f801", 0x17}, {0x0, 0x0, 0x10dfe}], 0x0, &(0x7f0000000240)=ANY=[]) removexattr(&(0x7f0000000040)='./file0/file0\x00', 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) 23:28:01 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x802, 0x9, 0x500}, 0x40) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000, 0x0, &(0x7f00002d7000/0x3000)=nil) 23:28:01 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)=@newspdinfo={0x14, 0x24, 0x1}, 0x14}}, 0x0) [ 199.806062][ T9769] loop0: detected capacity change from 269 to 0 [ 199.845126][ T48] audit: type=1800 audit(1609370881.830:35): pid=9769 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="loop0" ino=7 res=0 errno=0 [ 199.892334][ T9778] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN [ 199.894922][ T9779] loop3: detected capacity change from 269 to 0 23:28:01 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x802, 0x9, 0x500}, 0x40) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x11, r0, 0x0) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000, 0x0, &(0x7f00002d7000/0x3000)=nil) 23:28:01 executing program 0: r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='lock_acquire\x00', r0}, 0x10) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0xfee0, &(0x7f0000000140)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "d64d4d", 0x38, 0x3a, 0x0, @remote, @mcast2, {[], @dest_unreach={0x2, 0x0, 0x0, 0x0, [], {0x0, 0x6, '$\x00@', 0x0, 0x3a, 0x0, @loopback, @mcast2, [], '\x00\x00\x00\x00\x00t\x00\x00'}}}}}}}, 0x0) [ 199.895797][ T9778] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 199.895797][ T9778] CPU: 2 PID: 9778 Comm: syz-executor.2 Not tainted 5.11.0-rc1-syzkaller #0 [ 199.895797][ T9778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 199.895797][ T9778] RIP: 0010:xfrm_user_rcv_msg_compat+0x5e5/0x1040 [ 199.895797][ T9778] Code: 3c 38 00 0f 85 14 08 00 00 48 8b 04 24 4c 8b 20 4d 85 e4 0f 84 0b 02 00 00 e8 57 70 d3 f9 49 8d 7c 24 02 48 89 f8 48 c1 e8 03 <42> 0f b6 14 38 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 [ 199.895797][ T9778] RSP: 0018:ffffc900069273d8 EFLAGS: 00010202 [ 199.895797][ T9778] RAX: 0000000000000001 RBX: 0000000000000006 RCX: ffffc900bc50a000 [ 199.895797][ T9778] RDX: 0000000000040000 RSI: ffffffff879f0439 RDI: 0000000000000008 [ 199.895797][ T9778] RBP: ffff88801d678910 R08: 000000000000001b R09: ffff88801d678913 [ 199.895797][ T9778] R10: ffffffff879f0679 R11: 0000000000000024 R12: 0000000000000006 [ 199.895797][ T9778] R13: 0000000000000007 R14: ffff88801d678900 R15: dffffc0000000000 [ 199.895797][ T9778] FS: 0000000000000000(0000) GS:ffff88802cc00000(0063) knlGS:00000000f555eb40 [ 199.895797][ T9778] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 199.895797][ T9778] CR2: 000000002ce23000 CR3: 00000000704ea000 CR4: 0000000000350ee0 [ 199.895797][ T9778] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 199.895797][ T9778] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 199.895797][ T9778] Call Trace: [ 199.895797][ T9778] ? xfrm_alloc_compat+0x10d0/0x10d0 [ 199.895797][ T9778] ? sched_clock_local+0xd8/0x150 [ 199.895797][ T9778] ? find_held_lock+0x2d/0x110 [ 199.943144][ T9778] ? xfrm_get_translator+0x11f/0x230 [ 199.943144][ T9778] ? lock_downgrade+0x6d0/0x6d0 [ 199.943144][ T9778] ? xfrm_alloc_compat+0x10d0/0x10d0 [ 199.943144][ T9778] xfrm_user_rcv_msg+0x55b/0x8b0 [ 199.943144][ T9778] ? xfrm_do_migrate+0x800/0x800 [ 199.943144][ T9778] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 199.943144][ T9778] ? lock_release+0x710/0x710 [ 199.943144][ T9778] ? __local_bh_enable_ip+0xa0/0x110 [ 199.943144][ T9778] ? __mutex_lock+0x61b/0x1110 [ 199.943144][ T9778] netlink_rcv_skb+0x153/0x420 [ 199.943144][ T9778] ? xfrm_do_migrate+0x800/0x800 [ 199.943144][ T9778] ? netlink_ack+0xaa0/0xaa0 [ 199.943144][ T9778] xfrm_netlink_rcv+0x6b/0x90 [ 200.385249][ T9778] netlink_unicast+0x533/0x7d0 [ 200.394833][ T9778] ? netlink_attachskb+0x870/0x870 [ 200.405744][ T9778] ? _copy_from_iter_full+0x275/0x850 [ 200.416403][ T9778] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 200.429476][ T9778] ? __phys_addr_symbol+0x2c/0x70 [ 200.438998][ T9778] ? __sanitizer_cov_trace_cmp8+0x1d/0x70 [ 200.453075][ T9778] ? __check_object_size+0x171/0x3f0 [ 200.462002][ T9778] netlink_sendmsg+0x856/0xd90 [ 200.468199][ T9778] ? netlink_unicast+0x7d0/0x7d0 [ 200.476324][ T9778] ? __sanitizer_cov_trace_const_cmp4+0x1c/0x70 [ 200.485638][ T9778] ? netlink_unicast+0x7d0/0x7d0 [ 200.493171][ T9778] sock_sendmsg+0xcf/0x120 [ 200.500269][ T9778] ____sys_sendmsg+0x6e8/0x810 [ 200.508513][ T9778] ? kernel_sendmsg+0x50/0x50 [ 200.515591][ T9778] ? do_recvmmsg+0x6c0/0x6c0 [ 200.522540][ T9778] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 200.533678][ T9778] ___sys_sendmsg+0xf3/0x170 [ 200.541988][ T9778] ? sendmsg_copy_msghdr+0x160/0x160 [ 200.551119][ T9778] ? __fget_files+0x266/0x3d0 [ 200.560439][ T9778] ? lock_downgrade+0x6d0/0x6d0 [ 200.567238][ T9778] ? __fget_files+0x288/0x3d0 [ 200.576161][ T9778] ? __fget_light+0xea/0x280 [ 200.585394][ T9778] ? __sanitizer_cov_trace_const_cmp8+0x1d/0x70 [ 200.588590][ T9778] __sys_sendmsg+0xe5/0x1b0 [ 200.588590][ T9778] ? __sys_sendmsg_sock+0xb0/0xb0 [ 200.613194][ T9778] ? syscall_enter_from_user_mode_prepare+0x13/0x20 [ 200.627389][ T9778] __do_fast_syscall_32+0x56/0x80 [ 200.638105][ T9778] do_fast_syscall_32+0x2f/0x70 [ 200.646817][ T9778] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 200.657989][ T9778] RIP: 0023:0xf7f64549 [ 200.670520][ T9778] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 200.711355][ T9778] RSP: 002b:00000000f555e0bc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 200.723041][ T9778] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000540 [ 200.733753][ T9778] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 200.753782][ T9778] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 200.771141][ T9778] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 200.789654][ T9778] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 200.801675][ T9778] Modules linked in: [ 200.813124][ T9778] ---[ end trace 8fe1289f7d6097b8 ]--- [ 200.822639][ T48] audit: type=1800 audit(1609370882.810:36): pid=9784 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=16576 res=0 errno=0 [ 200.825332][ T9778] RIP: 0010:xfrm_user_rcv_msg_compat+0x5e5/0x1040 [ 200.870654][ T9778] Code: 3c 38 00 0f 85 14 08 00 00 48 8b 04 24 4c 8b 20 4d 85 e4 0f 84 0b 02 00 00 e8 57 70 d3 f9 49 8d 7c 24 02 48 89 f8 48 c1 e8 03 <42> 0f b6 14 38 48 89 f8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 [ 200.901866][ T9778] RSP: 0018:ffffc900069273d8 EFLAGS: 00010202 23:28:02 executing program 3: syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000240000004f801", 0x17}, {0x0, 0x0, 0x10dfe}], 0x0, &(0x7f0000000240)=ANY=[]) removexattr(&(0x7f0000000040)='./file0/file0\x00', 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) [ 200.913406][ T9778] RAX: 0000000000000001 RBX: 0000000000000006 RCX: ffffc900bc50a000 [ 200.930446][ T9778] RDX: 0000000000040000 RSI: ffffffff879f0439 RDI: 0000000000000008 [ 200.946048][ T9778] RBP: ffff88801d678910 R08: 000000000000001b R09: ffff88801d678913 [ 200.963206][ T9778] R10: ffffffff879f0679 R11: 0000000000000024 R12: 0000000000000006 [ 200.979021][ T9778] R13: 0000000000000007 R14: ffff88801d678900 R15: dffffc0000000000 [ 200.995256][ T9778] FS: 0000000000000000(0000) GS:ffff88802cd00000(0063) knlGS:00000000f555eb40 [ 201.013874][ T9778] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 201.025112][ T9778] CR2: 00007febe23bb518 CR3: 00000000704ea000 CR4: 0000000000350ee0 [ 201.043391][ T9778] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 201.067692][ T9778] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 201.082249][ T9778] Kernel panic - not syncing: Fatal exception [ 201.091828][ T9778] Kernel Offset: disabled [ 201.091828][ T9778] Rebooting in 86400 seconds.. VM DIAGNOSIS: 23:28:02 Registers: info registers vcpu 0 RAX=dffffc0000000000 RBX=ffffffff8cef801c RCX=ffffffff815885a1 RDX=0000000000000000 RSI=0000000000000008 RDI=ffffffff8cef4e48 RBP=fffff520002ecf7b RSP=ffffc90001767bc8 R8 =0000000000000000 R9 =ffffffff8cef4e4f R10=0000000000000000 R11=0000000000000000 R12=ffffffff8b363860 R13=0000000000000000 R14=dffffc0000000000 R15=00000000000001dd RIP=ffffffff815888ea RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802ca00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000ee3fd0 CR3=0000000029fe8000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=0000000000000000c1162e42fefa39ef XMM03=0000000000000000414fffffe0000000 XMM04=61636f6c2f7273752f3a6e6962732f6c XMM05=3a6e6962732f7273752f3a6e69622f6c XMM06=2f3a6e6962732f3a6e69622f7273752f XMM07=3131582f6e69622f7273752f3a6e6962 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=000000000007cb86 RBX=ffff888010862300 RCX=ffffffff88eb7b00 RDX=0000000000000000 RSI=0000000000000001 RDI=ffffffff88edcf7f RBP=ffffed100210c460 RSP=ffffc900003ffdf8 R8 =0000000000000000 R9 =ffff88802cb35bab R10=ffffed1005966b75 R11=0000000000000000 R12=0000000000000001 R13=0000000000000001 R14=ffffffff8cef4e48 R15=0000000000000000 RIP=ffffffff88edcbbe RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cb00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00000000ffa6d024 CR3=000000006e826000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000008 XMM02=00000038000000000000000100000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=000000000001164c RBX=0000000000000001 RCX=ffffc900bc50a000 RDX=0000000000040000 RSI=ffffffff815b0cf9 RDI=0000000000000003 RBP=0000000000000000 RSP=ffffc90006927038 R8 =0000000000000000 R9 =0000000000000001 R10=ffffffff815b0d0b R11=0000000000000000 R12=000000000000001c R13=0000000000000012 R14=ffff888013c3a300 R15=0000000000000000 RIP=ffffffff815b0cfb RFL=00000016 [----AP-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802cc00000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000002ce23000 CR3=00000000704ea000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000052 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff84148d7c RDI=ffffffff8fb0fd80 RBP=ffffffff8fb0fd40 RSP=ffffc9000270f4f8 R8 =0000000000000045 R9 =0000000000000020 R10=ffffffff8412f838 R11=000000000000000a R12=0000000000000020 R13=fffffbfff1f61ffb R14=fffffbfff1f61fb2 R15=dffffc0000000000 RIP=ffffffff84148dd0 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802cd00000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000020000540 CR3=0000000078849000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000052 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000