Warning: Permanently added '[localhost]:41789' (ECDSA) to the list of known hosts. 2020/11/22 01:30:47 fuzzer started 2020/11/22 01:30:47 dialing manager at 10.0.2.10:34369 2020/11/22 01:30:47 syscalls: 3441 2020/11/22 01:30:47 code coverage: enabled 2020/11/22 01:30:47 comparison tracing: enabled 2020/11/22 01:30:47 extra coverage: enabled 2020/11/22 01:30:47 setuid sandbox: enabled 2020/11/22 01:30:47 namespace sandbox: enabled 2020/11/22 01:30:47 Android sandbox: /sys/fs/selinux/policy does not exist 2020/11/22 01:30:47 fault injection: enabled 2020/11/22 01:30:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/11/22 01:30:47 net packet injection: enabled 2020/11/22 01:30:47 net device setup: enabled 2020/11/22 01:30:47 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/11/22 01:30:47 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/11/22 01:30:47 USB emulation: enabled 2020/11/22 01:30:47 hci packet injection: enabled 2020/11/22 01:30:47 wifi device emulation: enabled 01:32:05 executing program 0: sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$omfs(&(0x7f0000000dc0)='omfs\x00', &(0x7f0000000e00)='./file0\x00', 0x0, 0x1, &(0x7f0000001200)=[{&(0x7f0000000e80)='@', 0x1}], 0x0, &(0x7f00000012c0)={[], [{@measure='measure'}, {@smackfsdef={'smackfsdef', 0x3d, ',:'}}]}) 01:32:05 executing program 1: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4020940d, &(0x7f0000000040)={0x556}) 01:32:06 executing program 2: request_key(&(0x7f0000000a80)='big_key\x00', &(0x7f0000000ac0)={'syz', 0x2}, 0x0, 0xfffffffffffffffb) 01:32:06 executing program 3: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) ioctl$sock_ifreq(r0, 0x0, 0x0) syzkaller login: [ 190.327468][ T9128] IPVS: ftp: loaded support on port[0] = 21 [ 190.478622][ T9128] chnl_net:caif_netlink_parms(): no params data found [ 190.501875][ T9129] IPVS: ftp: loaded support on port[0] = 21 [ 190.565322][ T9128] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.577388][ T9128] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.591678][ T9128] device bridge_slave_0 entered promiscuous mode [ 190.606586][ T9128] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.620578][ T9128] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.636238][ T9128] device bridge_slave_1 entered promiscuous mode [ 190.676462][ T9128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.699979][ T9128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 190.730881][ T9128] team0: Port device team_slave_0 added [ 190.745826][ T9128] team0: Port device team_slave_1 added [ 190.774041][ T9128] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.784910][ T9128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.827311][ T9128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.849797][ T9128] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.870263][ T9128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.916249][ T9128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.972885][ T9129] chnl_net:caif_netlink_parms(): no params data found [ 190.977367][ T9132] IPVS: ftp: loaded support on port[0] = 21 [ 191.010832][ T9128] device hsr_slave_0 entered promiscuous mode [ 191.023319][ T9128] device hsr_slave_1 entered promiscuous mode [ 191.089945][ T9133] IPVS: ftp: loaded support on port[0] = 21 [ 191.120048][ T9129] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.132840][ T9129] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.145958][ T9129] device bridge_slave_0 entered promiscuous mode [ 191.160485][ T9129] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.174486][ T9129] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.189298][ T9129] device bridge_slave_1 entered promiscuous mode [ 191.242991][ T9129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.281577][ T9129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.312911][ T9129] team0: Port device team_slave_0 added [ 191.325464][ T9129] team0: Port device team_slave_1 added [ 191.360811][ T9129] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.374516][ T9129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.419766][ T9129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.441235][ T9129] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.450875][ T9129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.484920][ T9129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.541465][ T9129] device hsr_slave_0 entered promiscuous mode [ 191.551109][ T9129] device hsr_slave_1 entered promiscuous mode [ 191.567747][ T9129] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 191.581183][ T9129] Cannot create hsr debugfs directory [ 191.666384][ T9132] chnl_net:caif_netlink_parms(): no params data found [ 191.697258][ T9133] chnl_net:caif_netlink_parms(): no params data found [ 191.716287][ T9128] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 191.756149][ T9128] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 191.777597][ T9128] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 191.814701][ T9128] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 191.876392][ T9132] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.890063][ T9132] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.903178][ T9132] device bridge_slave_0 entered promiscuous mode [ 191.916464][ T9132] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.928815][ T9132] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.941312][ T9132] device bridge_slave_1 entered promiscuous mode [ 191.961343][ T9133] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.973425][ T9133] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.986781][ T9133] device bridge_slave_0 entered promiscuous mode [ 192.003302][ T9133] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.014756][ T9133] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.026991][ T9133] device bridge_slave_1 entered promiscuous mode [ 192.060556][ T9132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 192.079094][ T9132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 192.096933][ T9133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 192.115610][ T9133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 192.171762][ T9133] team0: Port device team_slave_0 added [ 192.186032][ T9133] team0: Port device team_slave_1 added [ 192.198709][ T9132] team0: Port device team_slave_0 added [ 192.217252][ T9129] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 192.232077][ T9132] team0: Port device team_slave_1 added [ 192.251183][ T9129] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 192.264507][ T9133] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.276057][ T9133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.311710][ T9133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 192.331668][ T9132] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.340978][ T9132] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.358670][ T3972] Bluetooth: hci0: command 0x0409 tx timeout [ 192.372310][ T9132] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 192.393520][ T9129] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 192.404964][ T9133] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.413785][ T9133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.448154][ T9133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.462777][ T9132] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.473914][ T9132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.510505][ T9132] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.527557][ T9129] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 192.528678][ T5] Bluetooth: hci1: command 0x0409 tx timeout [ 192.608846][ T9133] device hsr_slave_0 entered promiscuous mode [ 192.623157][ T9133] device hsr_slave_1 entered promiscuous mode [ 192.636860][ T9133] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 192.650433][ T9133] Cannot create hsr debugfs directory [ 192.665972][ T9132] device hsr_slave_0 entered promiscuous mode [ 192.676740][ T9132] device hsr_slave_1 entered promiscuous mode [ 192.687109][ T9132] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 192.698642][ T9132] Cannot create hsr debugfs directory [ 192.875268][ T9128] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.905457][ T9133] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 192.918169][ T47] Bluetooth: hci2: command 0x0409 tx timeout [ 192.933226][ T9133] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 192.946610][ T9133] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 192.967856][ T9133] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 192.986932][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.001702][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.024401][ T9128] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.049298][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.064738][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.078938][ T3972] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.088417][ T5] Bluetooth: hci3: command 0x0409 tx timeout [ 193.090151][ T3972] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.117376][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.130235][ T9132] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 193.145013][ T9132] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 193.169952][ T9132] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 193.187282][ T9132] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 193.206698][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.222374][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.237852][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.251490][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.273769][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.292411][ T9129] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.314685][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.339052][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.352170][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.368717][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.390863][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.401882][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.414920][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.425536][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.446379][ T9129] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.459159][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.474609][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.500899][ T3079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.513443][ T3079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.527574][ T9128] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.544789][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.591574][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.604874][ T3477] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.614819][ T3477] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.627850][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.672907][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.687649][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.701480][ T3342] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.712670][ T3342] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.723309][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 193.732938][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 193.744421][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.769782][ T9128] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.791861][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.805577][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.819731][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.833017][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.846245][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.860056][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.879491][ T9133] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.902437][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.914780][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.932523][ T9133] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.945470][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.955985][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.968266][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.979481][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.992433][ T9129] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.011131][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.022402][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.033304][ T3477] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.042515][ T3477] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.052777][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 194.064148][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 194.075231][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.086351][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.097745][ T3477] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.107048][ T3477] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.126788][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.137474][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.160602][ T9132] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.179765][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.204951][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.219085][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.232250][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 194.253230][ T9128] device veth0_vlan entered promiscuous mode [ 194.263545][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 194.275053][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 194.286979][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 194.300245][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 194.313295][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.323931][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.335954][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 194.345717][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 194.365470][ T9129] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.386475][ T9132] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.397807][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 194.408126][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 194.420504][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.432277][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.443683][ T9128] device veth1_vlan entered promiscuous mode [ 194.448423][ T3342] Bluetooth: hci0: command 0x041b tx timeout [ 194.466563][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 194.477783][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 194.489274][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 194.500936][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 194.511902][ T3342] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.521069][ T3342] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.532764][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.548693][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.559521][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.578579][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 194.590558][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 194.599359][ T3342] Bluetooth: hci1: command 0x041b tx timeout [ 194.602109][ T3477] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.620992][ T3477] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.632996][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.662424][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 194.680955][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 194.713305][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.725848][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.739125][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 194.751265][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 194.764336][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 194.776316][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 194.790129][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 194.801751][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 194.812862][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.825528][ T3477] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.838633][ T9128] device veth0_macvtap entered promiscuous mode [ 194.851035][ T9129] device veth0_vlan entered promiscuous mode [ 194.864558][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 194.879552][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 194.892744][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 194.905962][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 194.925760][ T9133] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.944104][ T9128] device veth1_macvtap entered promiscuous mode [ 194.968090][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 194.985263][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.998578][ T9160] Bluetooth: hci2: command 0x041b tx timeout [ 195.007719][ T3342] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 195.044861][ T9129] device veth1_vlan entered promiscuous mode [ 195.074521][ T9128] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.089257][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 195.103845][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 195.117413][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 195.132222][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 195.146458][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 195.158136][ T5] Bluetooth: hci3: command 0x041b tx timeout [ 195.161319][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 195.183914][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 195.198388][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 195.226316][ T9129] device veth0_macvtap entered promiscuous mode [ 195.244086][ T9128] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.255547][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 195.271144][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 195.285339][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 195.299743][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 195.314836][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 195.325567][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 195.337005][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 195.348843][ T9129] device veth1_macvtap entered promiscuous mode [ 195.363298][ T9132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 195.382360][ T9128] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.395438][ T9128] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.406909][ T9128] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.418613][ T9128] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.446744][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 195.460079][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 195.473068][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 195.486778][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 195.498960][ T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 195.516705][ T9133] device veth0_vlan entered promiscuous mode [ 195.532562][ T9129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 195.546070][ T9129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.617177][ T9129] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 195.652145][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 195.664371][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 195.684379][ T9133] device veth1_vlan entered promiscuous mode [ 195.696037][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 195.705553][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 195.716562][ T9129] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 195.735188][ T9129] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 195.759060][ T9129] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 195.779445][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 195.794072][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 195.832442][ T9132] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 195.850421][ T9129] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.868285][ T9129] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.879561][ T9129] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.893985][ T9129] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 195.977875][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 195.990655][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 196.009751][ T9133] device veth0_macvtap entered promiscuous mode [ 196.021941][ T9143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.036636][ T9143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.060420][ T9133] device veth1_macvtap entered promiscuous mode [ 196.075294][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 196.134407][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 196.149234][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 196.162211][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 196.180703][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 196.259064][ T3079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 196.273473][ T3079] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 196.288857][ T9143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.290733][ T9133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 196.303131][ T9143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.319405][ T9133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.340867][ T9133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 196.356966][ T9133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.372243][ T9133] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 196.387619][ T9144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.388118][ T9132] device veth0_vlan entered promiscuous mode [ 196.405600][ T9144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.429088][ T9132] device veth1_vlan entered promiscuous mode [ 196.444659][ T9163] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 196.454531][ T9163] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 196.471624][ T9163] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 196.486543][ T9163] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 196.496775][ T9163] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 196.507443][ T9163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 196.518220][ T9163] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 196.518751][ T7] Bluetooth: hci0: command 0x040f tx timeout [ 196.541058][ T9133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 196.559860][ T9133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.573376][ T9133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 196.592424][ T9133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 196.607828][ T9133] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 196.627549][ T9133] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.640091][ T9133] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.652393][ T9133] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.666872][ T9133] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 196.687873][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 196.699910][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 196.711282][ T7] Bluetooth: hci1: command 0x040f tx timeout [ 196.726066][ T9128] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 196.734272][ T9144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.779841][ T9144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.805441][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 196.843307][ T9132] device veth0_macvtap entered promiscuous mode [ 196.861541][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 196.876453][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 196.890532][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 196.921687][ T9132] device veth1_macvtap entered promiscuous mode 01:32:13 executing program 0: sendmsg$unix(0xffffffffffffffff, &(0x7f0000001840)={0x0, 0x0, 0x0}, 0x0) [ 196.997670][ T9132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 01:32:13 executing program 0: pipe2(&(0x7f0000001880)={0xffffffffffffffff}, 0x0) fchown(r0, 0x0, 0x0) 01:32:13 executing program 1: r0 = semget$private(0x0, 0x4, 0x0) semctl$GETPID(r0, 0x0, 0x4, &(0x7f0000000000)=""/33) [ 197.027824][ T9132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 01:32:13 executing program 0: [ 197.055784][ T9132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 197.081678][ T9160] Bluetooth: hci2: command 0x040f tx timeout 01:32:13 executing program 1: [ 197.093480][ T9132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 01:32:13 executing program 0: fcntl$getown(0xffffffffffffff9c, 0x5) [ 197.115376][ T9132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 197.135643][ T9132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.158618][ T9132] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 197.184439][ T9132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 197.205380][ T9132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.223941][ T9132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 197.243846][ T9132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.248318][ T7] Bluetooth: hci3: command 0x040f tx timeout [ 197.262601][ T9132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 197.291668][ T9132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 197.311842][ T9132] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 197.326857][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 197.354181][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 197.366740][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 197.382476][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 197.395258][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 197.413369][ T9164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 197.429680][ T9164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.450943][ T9143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 197.451256][ T9132] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.494651][ T9143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.511615][ T9132] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.542497][ T9132] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.561762][ T9132] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 197.588941][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 197.603114][ T9160] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 197.693942][ T9143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 197.713409][ T9143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.729961][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 197.748827][ T2974] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 197.761071][ T2974] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 197.773598][ T3972] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 01:32:14 executing program 2: 01:32:14 executing program 1: pipe2(&(0x7f0000001880)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$getown(r0, 0x5) 01:32:14 executing program 0: pipe(&(0x7f0000001540)={0xffffffffffffffff}) fcntl$lock(r0, 0x0, &(0x7f0000002900)) 01:32:14 executing program 3: 01:32:14 executing program 3: 01:32:14 executing program 1: 01:32:14 executing program 2: 01:32:14 executing program 0: add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)='k', 0x1, 0xfffffffffffffffc) 01:32:14 executing program 3: bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000001c0)=@bpf_lsm={0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) 01:32:14 executing program 2: r0 = socket(0x11, 0xa, 0x0) recvfrom$unix(r0, 0x0, 0x0, 0x40000000, 0x0, 0x0) 01:32:14 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, 0x0) 01:32:14 executing program 3: 01:32:14 executing program 0: delete_module(&(0x7f0000000380)='/deF\x11\xffQ\x9d\xf6\xef9\xd0\xc4\xb4g\xf9v\xb6W\xad\'j\xc2\x1a\x12\xf8^B\xf4\xc4m\x9c\xaaO\xfe\xees\x11\xdd\xc4.F\xd4)/\xe3\x9c\x1c*\v\x00\x00\x00\x00\x00\x00\x9e8\xdc\x00'/75, 0x0) 01:32:14 executing program 2: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000580)='/dev/full\x00', 0x0, 0x0) recvmsg(r0, 0x0, 0x0) 01:32:14 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, 0x0) 01:32:14 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=@updsa={0x104, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private2, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x3c}, @in6=@ipv4={[], [], @multicast1}, {}, {}, {}, 0x0, 0x0, 0xa, 0x4}, [@coaddr={0x14, 0xe, @in=@remote}]}, 0x104}}, 0x0) 01:32:14 executing program 0: syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000340)={[], [{@appraise='appraise'}]}) 01:32:14 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast2, @in=@broadcast}, {@in=@loopback, 0x0, 0x6c}, @in=@multicast2, {}, {}, {}, 0x70bd2c, 0x0, 0xa}, 0x0, 0x20}}, 0xf8}}, 0x0) [ 198.150986][ T9235] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 01:32:14 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x86a01780, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc4, 0xc4, 0x7, [@struct={0x0, 0x9, 0x0, 0x4, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}]}, @union, @volatile, @enum={0x0, 0x5, 0x0, 0x6, 0x4, [{}, {}, {}, {}, {}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x0, 0xe3}, 0x20) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x33) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 198.175192][ T9235] mip6: mip6_destopt_init_state: state's mode is not 2: 4 [ 198.199070][ T9236] hfsplus: unable to parse mount options 01:32:15 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x86a01780, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x128, 0x128, 0x7, [@struct={0x0, 0x9, 0x0, 0x4, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}]}, @union, @volatile, @union={0x0, 0x7, 0x0, 0x5, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}]}, @func, @enum={0x0, 0x4, 0x0, 0x6, 0x4, [{}, {}, {}, {}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x0, 0x147}, 0x20) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x33) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 01:32:15 executing program 3: syz_mount_image$nfs4(&(0x7f0000001800)='nfs4\x00', &(0x7f0000001840)='./file0\x00', 0x0, 0x0, &(0x7f0000001900), 0x0, &(0x7f0000001940)={[{'\xe2}[.'}, {'$'}]}) [ 198.199348][ T9241] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 01:32:15 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x26c31) [ 198.324758][ T9236] hfsplus: unable to parse mount options 01:32:15 executing program 1: add_key$keyring(&(0x7f0000000180)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffb) 01:32:15 executing program 2: openat$full(0xffffffffffffff9c, &(0x7f0000000200)='/dev/full\x00', 0x0, 0x0) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) [ 198.412024][ T9253] nfs4: Unknown parameter 'â}[.' [ 198.494532][ T9253] nfs4: Unknown parameter 'â}[.' 01:32:15 executing program 0: syz_mount_image$nfs(&(0x7f00000004c0)='nfs\x00', &(0x7f0000000500)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a00)={[{'!*-'}, {'@'}, {'staff_u'}, {'#&$'}, {}, {'@#\x04({+\''}], [{@subj_type={'subj_type', 0x3d, '-&#+,'}}, {@obj_user={'obj_user', 0x3d, '}/![\''}}, {@fowner_eq={'fowner'}}, {@smackfshat={'smackfshat', 0x3d, '#'}}]}) 01:32:15 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast2, @in=@broadcast}, {@in=@loopback, 0x0, 0x6c}, @in=@multicast2}, 0x0, 0x20}}, 0xf8}}, 0x0) 01:32:15 executing program 2: unshare(0x40000000) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000100)="390000001300034700bb65e1c3e4ffff06000000010000004500000025000000190004000400ad000200000000000006040000000000000000", 0x39}], 0x1) [ 198.529965][ T9269] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 198.536393][ T9272] nfs: Unknown parameter '!*-' 01:32:15 executing program 1: syz_mount_image$squashfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000002e80), 0x0, 0x0) syz_mount_image$squashfs(0x0, &(0x7f0000003040)='./file0\x00', 0x0, 0x0, &(0x7f0000003340), 0x0, 0x0) [ 198.545061][ T9273] IPVS: ftp: loaded support on port[0] = 21 [ 198.552354][ T9272] nfs: Unknown parameter '!*-' 01:32:15 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x86a01780, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xb8, 0xb8, 0x7, [@union, @volatile, @union={0x0, 0x7, 0x0, 0x5, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}]}, @func, @enum={0x0, 0x5, 0x0, 0x6, 0x4, [{}, {}, {}, {}, {}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x0, 0xd7}, 0x20) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x33) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 01:32:15 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x5, 0x4, 0x82, 0xff, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x5}, 0x40) [ 198.598380][ T3342] Bluetooth: hci0: command 0x0419 tx timeout [ 198.633834][ T9274] netlink: 'syz-executor.2': attribute type 4 has an invalid length. 01:32:15 executing program 3: syz_mount_image$nfs4(0x0, 0x0, 0x0, 0x1, &(0x7f0000001900)=[{0x0}], 0x0, 0x0) 01:32:15 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast2, @in=@broadcast}, {@in=@loopback, 0x0, 0x6c}, @in=@multicast2}}}, 0xf8}}, 0x0) [ 198.683330][ T9273] IPVS: ftp: loaded support on port[0] = 21 01:32:15 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@dev, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x0) [ 198.725073][ T9293] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 01:32:15 executing program 2: unshare(0x40000000) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000180)=[{&(0x7f0000000100)="390000001300034700bb65e1c3e4ffff06000000010000004500000025000000190004000400ad000200000000000006040000000000000000", 0x39}], 0x1) 01:32:15 executing program 0: syz_mount_image$nfs(0x0, 0x0, 0x0, 0x1, &(0x7f0000000580)=[{&(0x7f0000000440)="82", 0x1, 0xffffffffffffffff}], 0x0, 0x0) [ 198.768993][ T3342] Bluetooth: hci1: command 0x0419 tx timeout 01:32:15 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x5, 0x4, 0x81, 0xff}, 0x40) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={r0, 0x28}, 0x10) [ 198.962007][ T9301] IPVS: ftp: loaded support on port[0] = 21 [ 198.979212][ T9310] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 01:32:15 executing program 3: syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x100) [ 198.990371][ T9311] netlink: 'syz-executor.2': attribute type 4 has an invalid length. 01:32:15 executing program 1: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f00000000c0)=[{0x5}, {0x6}]}) 01:32:15 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6}]}) 01:32:15 executing program 2: name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1400) 01:32:15 executing program 0: syz_mount_image$squashfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x0) futimesat(r0, 0x0, &(0x7f0000000280)={{}, {0x77359400}}) [ 199.158625][ T5] Bluetooth: hci2: command 0x0419 tx timeout 01:32:15 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in6=@local}, 0x0, @in=@loopback}]}]}, 0x16c}}, 0x0) 01:32:15 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=@polexpire={0xc0, 0x1b, 0x1, 0x0, 0x0, {{{@in6=@loopback, @in6=@ipv4={[], [], @private}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x0, 0x3}}}, 0xc0}}, 0x0) [ 199.242522][ T9329] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 01:32:16 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r4, 0x0, 0xfeffffff, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) dup2(r5, r4) [ 199.328334][ T5] Bluetooth: hci3: command 0x0419 tx timeout [ 199.351128][ T9334] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 01:32:16 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=@polexpire={0xc0, 0x1b, 0x1, 0x0, 0x0, {{{@in6=@loopback, @in6=@ipv4={[], [], @private}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x0, 0x3}}}, 0xc0}}, 0x0) [ 199.413280][ T48] kauditd_printk_skb: 3 callbacks suppressed [ 199.413291][ T48] audit: type=1326 audit(1606008736.198:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9316 comm="syz-executor.1" exe="/syz-executor.1" sig=31 arch=40000003 syscall=265 compat=1 ip=0xf7fbb549 code=0x0 [ 199.451619][ T9339] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 199.466953][ T48] audit: type=1326 audit(1606008736.248:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9320 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=40000003 syscall=265 compat=1 ip=0xf7f51549 code=0x0 [ 199.905834][ T48] audit: type=1326 audit(1606008736.688:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9316 comm="syz-executor.1" exe="/syz-executor.1" sig=31 arch=40000003 syscall=265 compat=1 ip=0xf7fbb549 code=0x0 01:32:16 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@ipv6_newroute={0x38, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_OIF={0x8, 0x4, r1}, @RTA_GATEWAY={0x14, 0x5, @remote}]}, 0x38}}, 0x0) [ 199.968063][ T48] audit: type=1326 audit(1606008736.748:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9320 comm="syz-executor.3" exe="/syz-executor.3" sig=31 arch=40000003 syscall=265 compat=1 ip=0xf7f51549 code=0x0 [ 199.979329][ T9348] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 01:32:16 executing program 3: syz_mount_image$nfs(&(0x7f00000004c0)='nfs\x00', &(0x7f0000000500)='./file0\x00', 0x0, 0x0, 0x0, 0x104028, &(0x7f0000000a00)) 01:32:16 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000080)) 01:32:16 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r4, 0x0, 0xfeffffff, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) dup2(r5, r4) [ 200.024473][ T9348] IPv6: NLM_F_CREATE should be set when creating new route [ 200.048723][ T9356] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 01:32:16 executing program 3: pkey_mprotect(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0xffffffffffffffff) 01:32:16 executing program 0: pipe(&(0x7f0000001540)={0xffffffffffffffff}) fcntl$lock(r0, 0x0, 0x0) 01:32:16 executing program 1: r0 = socket(0x11, 0xa, 0x0) getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, 0x0, 0x0) 01:32:16 executing program 0: sendmsg$NL80211_CMD_SET_WIPHY_NETNS(0xffffffffffffffff, 0x0, 0x6761d0b0eed5ab9c) 01:32:16 executing program 3: openat$zero(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/zero\x00', 0x121a01, 0x0) 01:32:16 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@ipv6_newroute={0x24, 0x18, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@RTA_OIF={0x8, 0x4, r1}]}, 0x24}}, 0x0) 01:32:16 executing program 0: io_setup(0x8, &(0x7f0000002b80)=0x0) io_pgetevents(r0, 0x3, 0x3, &(0x7f0000000340)=[{}, {}, {}], &(0x7f00000003c0)={0x0, 0x3938700}, 0x0) [ 200.188433][ T9375] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 200.204029][ T9375] IPv6: NLM_F_CREATE should be set when creating new route [ 200.225508][ T9380] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE 01:32:17 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r4, 0x0, 0xfeffffff, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) dup2(r5, r4) 01:32:17 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x5, 0x4, 0x81, 0xfe}, 0x40) 01:32:17 executing program 1: add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f0000000080)="6b4c54f5f2f0cd9ce7fcbfa5087b5221668162419a831d1f8af6ef07b21996fcaef6af7e467aecbe0c299c32fda7162f3f0f9554773afdd68cc22e9f72e737b324f5b6e7d36d007614be5d2185f53037202625356b27b27c2c3d048ef77da8be6c0c41d2b98a41ffa64dd61e7f9a551753a4686de5559ec5af52282f4b7951e6e5b03a24fef180623e960450327cd6f57144a61aab5c749364e4abbd016537fdac3d33721a57f8d9366f50ed541fa0d11de32bc60d5c90e622024113e75d6b3898b33ec952f9b065b0fd35a65ea8d096f47742a916d0c13aa572c9bc8d113bde6701787b713602c0d8441fed55c3a117db7bef5275", 0xf5, 0xfffffffffffffffe) socket$inet(0x2, 0x2, 0x5) syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x101, 0x0) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0) socket$packet(0x11, 0x2, 0x300) add_key(&(0x7f0000000740)='rxrpc\x00', &(0x7f0000000780)={'syz', 0x2}, 0x0, 0x0, 0x0) 01:32:17 executing program 0: io_setup(0x8, &(0x7f0000002b80)=0x0) io_pgetevents(r0, 0x3, 0x3, &(0x7f0000000340)=[{}, {}, {}], &(0x7f00000003c0)={0x0, 0x3938700}, 0x0) 01:32:17 executing program 3: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, 0x0, 0x0) 01:32:17 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in6=@mcast2, @in=@broadcast}, {@in=@loopback, 0x0, 0x6c}, @in=@multicast2}}}, 0xf8}}, 0x0) 01:32:17 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) [ 201.000415][ T9404] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 01:32:17 executing program 0: pkey_mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x7, 0xffffffffffffffff) [ 201.013347][ T9407] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 01:32:19 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x0) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, 0x0) 01:32:19 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) 01:32:19 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x5, 0x4, 0x81, 0x8}, 0x40) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00', r0}, 0x10) 01:32:19 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r4, 0x0, 0xfeffffff, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) dup2(r5, r4) 01:32:19 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) 01:32:19 executing program 0: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = creat(&(0x7f0000000280)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f0000000180)='threaded\x00', 0x2d1ee37) unlink(&(0x7f0000000080)='./file0\x00') clone(0x20001000104, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='sysfs\x00', 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x6) wait4(0x0, 0x0, 0x0, 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) 01:32:19 executing program 3: syz_mount_image$hfsplus(&(0x7f00000002c0)='hfsplus\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0xd57}], 0x0, &(0x7f0000000780)={[{@gid={'gid'}}, {@barrier='barrier'}], [{@uid_eq={'uid'}}]}) [ 202.795027][ T9432] hfsplus: unable to find HFS+ superblock 01:32:19 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) 01:32:19 executing program 1: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) [ 202.885471][ T9432] hfsplus: unable to find HFS+ superblock 01:32:19 executing program 1: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) 01:32:19 executing program 0: r0 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000680)={0x0, 0x0}) timerfd_settime(r0, 0x1, &(0x7f00000006c0)={{}, {0x0, r1+60000000}}, 0x0) 01:32:20 executing program 3: syz_mount_image$squashfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x8}, &(0x7f00000001c0), 0x1000) 01:32:20 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r4, 0x0, 0xfeffffff, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 01:32:20 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x5, 0x4, 0x81, 0x8}, 0x40) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r0, 0x0}, 0x20) 01:32:20 executing program 1: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) 01:32:20 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) 01:32:20 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x5, 0x4, 0x81, 0x8}, 0x40) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r0, 0x0}, 0x20) 01:32:20 executing program 3: syz_mount_image$squashfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x0) name_to_handle_at(r0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x8}, &(0x7f00000001c0), 0x1000) 01:32:20 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) 01:32:20 executing program 0: openat$full(0xffffffffffffff9c, 0x0, 0x400080, 0x0) 01:32:21 executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) 01:32:21 executing program 3: syz_mount_image$nfs4(0x0, 0x0, 0x0, 0x4, &(0x7f0000001300)=[{&(0x7f0000000180)="92d38dee4c84f4a49d232e07dcbe7ce3733317f9ddd720a2852145bbe9f04639a5edb09af761380f14c58252dd2071574921563f65fc398e7ce6e7ba1e4b058535de84b278630209cccefa3bc6c8870baf8191d05c270f5b2fb37659c464aa35bc68fe284b20c12c4e5ca0f780336bae738ad8d54ade947714dee057af6b271d539a2cb6766949f6fd05106cc018b6c1a5aa77b90903fc3a97ac3333b3bea34a553eda0a968ff4c83faf154f31e4d9ae93deba3ce0a17c5d421ab92bcc5db32a9a970b357d4cf7af305139d0a86fd224535958ba61e834866be18dceb0453c113da194098d173fe2b23ef9194fe080e598ae0cbfdfd4968fc101f0a5404908a3f0fba5b761257374be9e80789b93e79dc8e9eaecfc5e8122b3f4ea7dc9186f0e2014135f3cc39c1a5f0da9ce37073c90371e8569dc8bd66ecefbd1b437cd543e946740dfa3b68b006d52adfc3b52203afb94ea882a948e60c0f0319b33de885f4d2fb59de67459f975db4cd3eaa315fb67b23128562c4e75f660c1a1b01af82a4c34728b1aa11456e6f91b93bf690334fafb2aa8d7c9ee026a6000a3d83bbee5008361b66ed5b0bba030c57343cebf7f5ea9fbe67e4d23a108a51f669152c5744f4719de49878d7a12f107155c5f924bd55e4b559e27639579cd12dfa942ae1ab86b67fd762448788ad2229ef11fa61061e2dac12323b67c3e71f0adba023cdc2eef46932b8ef7924496ec6ec1797e29e4be99f429795ca33c043507118893c991c555b2a3884325b3c95c41a5938c9272e991bb92a518731dc2dfdaaf047efc70244e8e5746ec7dc66776974af9386120be708a4dc21c1ea40aeaf61d094ab30d8883360c1f392c84eef70e59b0c2fc92652993750617de1bba9736c430ddbbe9184d29898e3b623a79b39ec22172424ca373d7875330913dcdb33adfc5ef39137faea20cd9d2bad0649bc76b5f476e669254bede7e31df6f16898ad8ed037ce85dd246073f7971fda99ca09afc0039ff271c63bdddfea159f249b681847de5e50115c2bee71e609a8a39d3f75f0453c430257001735ee025be06d65d9569fb4e3bec705118ecf52b53c0229293b1d0bae92b2634a7ec3aacfdc1b9cb74a419c0f0f4174021298df576d5dd76e4ace723e980b79bd80faf0740970d86e2a5c93307f31fd2d288cbb217dc2eba2fea16aa7de32d62edd5ae7eb60db6e0529c295cc675d2afc137dabc2582858a04a6129cf7757f958e41ec216e6bc026c9bee311a6c56657112176ebc489ce3d00c115d96e8229b460fd0a5e0c2dea6c165f06aa8c82178d12539ee4ebc9ef8dffffeacdfe08d9369a3a92ab0200cfa6f3bf959e1c303a323777a6bbbcea742eede96a2f1986287256b570d1bf4b4dba93274d6d71b23705d234e59a7585092084b878e10faaec8bace988c19b2d110f", 0x3fd, 0x1c03}, {&(0x7f0000001180)='b', 0x1}, {&(0x7f0000001200)='\"', 0x1}, {&(0x7f0000001240)="90", 0x1}], 0x0, 0x0) 01:32:21 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={0x0}, &(0x7f0000000280)=0xc) syz_open_procfs$namespace(r1, 0x0) 01:32:21 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r4, 0x0, 0xfeffffff, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 01:32:21 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={0x0, 0x34}}, 0x0) 01:32:21 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) 01:32:21 executing program 3: openat$full(0xffffffffffffff9c, &(0x7f0000000580)='/dev/full\x00', 0x40, 0x0) 01:32:21 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) 01:32:21 executing program 0: getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) 01:32:21 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) 01:32:21 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$ETHTOOL_MSG_COALESCE_GET(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x4009) 01:32:22 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r4, 0x0, 0xfeffffff, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) 01:32:22 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x7, 0x4, 0x81, 0xff}, 0x40) 01:32:22 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) 01:32:22 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x7, 0x4, 0x8, 0xff, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x4}, 0x40) 01:32:22 executing program 0: getresuid(&(0x7f0000000000), &(0x7f0000000200), &(0x7f0000000080)) 01:32:22 executing program 3: r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000e00)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) name_to_handle_at(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x1400) 01:32:22 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) 01:32:22 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) 01:32:23 executing program 0: clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = gettid() tkill(r2, 0x25) syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@random="833695d1b54d", @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @rand_addr, @multicast1}, @info_request}}}}, 0x0) 01:32:23 executing program 3: syz_mount_image$squashfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x0) linkat(r0, &(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0) 01:32:23 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 01:32:23 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r4, 0x0, 0xfeffffff, 0x0) dup2(0xffffffffffffffff, r4) 01:32:23 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 01:32:23 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000001600)={&(0x7f0000000300)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, 0x0}, 0x1) 01:32:23 executing program 3: syz_mount_image$squashfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x0) fchownat(r0, &(0x7f0000002900)='./file0\x00', 0xffffffffffffffff, 0x0, 0x0) 01:32:23 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) 01:32:23 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x2, 0x7, 0x0, 0x0, 0x2}, 0x10}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[], 0x25c}}, 0x0) 01:32:23 executing program 0: openat$ashmem(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/ashmem\x00', 0x0, 0x0) 01:32:23 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x0, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) 01:32:24 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r4, 0x0, 0xfeffffff, 0x0) dup2(0xffffffffffffffff, r4) 01:32:24 executing program 0: syz_mount_image$squashfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x0) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(r0, &(0x7f0000002900)='./file0\x00', r1, 0xee00, 0x0) 01:32:24 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x0, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) 01:32:24 executing program 3: syz_mount_image$squashfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) utimensat(r0, 0x0, &(0x7f00000000c0)={{}, {0x77359400}}, 0x0) 01:32:24 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x0, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) 01:32:24 executing program 3: syz_mount_image$squashfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) utimensat(r0, 0x0, &(0x7f00000000c0)={{}, {0x77359400}}, 0x0) 01:32:24 executing program 0: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000180)='threaded\x00', 0x2d1ee37) gettid() mount(0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) 01:32:24 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='oom_score_adj\x00') seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='oom_score\x00') sendfile(r0, r1, 0x0, 0x1) [ 207.511698][ T48] audit: type=1326 audit(1606008744.298:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9654 comm="syz-executor.3" exe="/syz-executor.3" sig=9 arch=40000003 syscall=265 compat=1 ip=0xf7f51549 code=0x0 01:32:25 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) 01:32:25 executing program 0: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000180)='threaded\x00', 0x2d1ee37) gettid() mount(0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x0, 0x0) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) 01:32:25 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r4, 0x0, 0xfeffffff, 0x0) dup2(0xffffffffffffffff, r4) [ 208.271977][ T9665] __nla_validate_parse: 3 callbacks suppressed [ 208.271984][ T9665] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 01:32:25 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) [ 208.310417][ T48] audit: type=1326 audit(1606008745.098:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9654 comm="syz-executor.3" exe="/syz-executor.3" sig=9 arch=40000003 syscall=265 compat=1 ip=0xf7f51549 code=0x0 [ 208.331191][ T9672] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 01:32:25 executing program 3: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000600)={0x14, 0x0, 0x400, 0x70bd25}, 0x14}}, 0x0) sendmsg$SOCK_DESTROY(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="e80300001500e7"], 0x3e8}}, 0x0) 01:32:25 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private, 0x0, 0x7}]}]}, 0x16c}}, 0x0) [ 208.422070][ T9683] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 01:32:25 executing program 3: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000600)={0x14, 0x0, 0x400, 0x70bd25}, 0x14}}, 0x0) sendmsg$SOCK_DESTROY(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="e80300001500e7"], 0x3e8}}, 0x0) 01:32:25 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x124, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}}, 0x124}}, 0x0) 01:32:25 executing program 3: syz_mount_image$squashfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x0) linkat(r0, &(0x7f0000000040)='./file0\x00', r0, &(0x7f00000000c0)='./file0/file0\x00', 0x0) 01:32:25 executing program 0: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000600)={0x14}, 0x14}}, 0x0) sendmsg$SOCK_DESTROY(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000600)=ANY=[@ANYBLOB="e80300001500e7"], 0x3e8}}, 0x0) 01:32:25 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x86a01780, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x124, 0x124, 0x7, [@struct={0x0, 0x9, 0x0, 0x4, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}]}, @union, @volatile, @union={0x0, 0x7, 0x0, 0x5, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}]}, @enum={0x0, 0x5, 0x0, 0x6, 0x4, [{}, {}, {}, {}, {}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}}, 0x0, 0x143}, 0x20) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b90cb6974f527cc14538d1efb1ffe03284f6d33265be9c604c893f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x33) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 01:32:25 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pread64(0xffffffffffffffff, 0x0, 0xfeffffff, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) dup2(r4, 0xffffffffffffffff) 01:32:25 executing program 0: syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000340)) 01:32:25 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x124, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}}, 0x124}}, 0x0) 01:32:25 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x124, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}}, 0x124}}, 0x0) 01:32:25 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x7, 0x4, 0x0, 0xff}, 0x40) [ 209.183808][ T9709] hfsplus: unable to find HFS+ superblock 01:32:26 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private}]}]}, 0x16c}}, 0x0) 01:32:26 executing program 3: syz_mount_image$squashfs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) fchownat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0xee01, 0x0, 0x0) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x0) [ 209.310710][ T9709] hfsplus: unable to find HFS+ superblock [ 209.332719][ T9729] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 01:32:26 executing program 3: recvmsg(0xffffffffffffffff, 0x0, 0x1c742e37c762a9bb) 01:32:26 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pread64(0xffffffffffffffff, 0x0, 0xfeffffff, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) dup2(r4, 0xffffffffffffffff) 01:32:26 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private}]}]}, 0x16c}}, 0x0) 01:32:26 executing program 0: syz_mount_image$hfsplus(&(0x7f0000000000)='hfsplus\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000340)) 01:32:26 executing program 3: syz_mount_image$nfs(0x0, 0x0, 0x0, 0x2, &(0x7f0000000580)=[{&(0x7f00000000c0)='K', 0x1}, {&(0x7f0000000440)="82", 0x1, 0xffffffffffffffff}], 0x0, 0x0) [ 209.473591][ T9740] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 01:32:26 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pread64(0xffffffffffffffff, 0x0, 0xfeffffff, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) dup2(r4, 0xffffffffffffffff) 01:32:26 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in=@local}, 0x0, @in=@private}]}]}, 0x16c}}, 0x0) [ 209.585664][ T9747] hfsplus: unable to find HFS+ superblock 01:32:26 executing program 3: syz_emit_ethernet(0x46, &(0x7f0000001500)={@multicast, @broadcast, @void, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, "bf5d44", 0x10, 0x21, 0x0, @private1, @private1, {[], {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "7eb8f1", 0x0, "e7153b"}}}}}}}, 0x0) [ 209.626786][ T9755] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 01:32:26 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)) r3 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r3, 0x0, 0xfeffffff, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) dup2(r4, r3) 01:32:26 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@updsa={0x144, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@local, 0x0, 0x6c}, @in, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'lzs\x00'}}}, @sec_ctx={0xc, 0x8, {0x8}}]}, 0x144}}, 0x0) 01:32:26 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@acquire={0x16c, 0x17, 0x84cad28f8510960b, 0x0, 0x0, {{@in6=@empty}, @in6=@local, {@in6=@rand_addr=' \x01\x00', @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {{@in6=@ipv4, @in6=@ipv4={[], [], @loopback}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@tmpl={0x44, 0x5, [{{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, 0x0, @in=@private}]}]}, 0x16c}}, 0x0) 01:32:26 executing program 1: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_int(r0, 0x1, 0x2c, 0x0, &(0x7f00000016c0)) [ 209.976932][ T9767] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 01:32:26 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@updsa={0x138, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in=@private, 0x0, 0x33}, @in6=@mcast2, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_auth={0x48, 0x1, {{'sha512-arm64\x00'}}}]}, 0x138}}, 0x0) 01:32:26 executing program 0: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_PIE_OFF(r0, 0x7006) [ 209.984188][ T9768] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. 01:32:26 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x214}, 0x40) [ 210.086569][ T9780] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 01:32:26 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=@allocspi={0x134, 0x16, 0x1, 0x70bd27, 0x25dfdbff, {{{@in6=@mcast2, @in=@broadcast, 0x4e23, 0x5, 0x4e20, 0x81, 0xa, 0x0, 0x0, 0x0, r2}, {@in=@loopback, 0x4d4, 0x6c}, @in=@multicast2, {0x6, 0x42, 0x80000001, 0x5, 0x6, 0x7, 0x7, 0x3}, {0x8, 0x5, 0x58, 0x7}, {0x65e5, 0x2, 0x7df}, 0x70bd2c, 0x3504, 0xa, 0x4, 0x7}, 0x0, 0x20}, [@replay_esn_val={0x3c, 0x17, {0x8, 0x70bd2a, 0x70bd2a, 0x70bd27, 0x70bd2b, 0x800, [0x1, 0x7, 0x6, 0x80000000, 0x3, 0x6, 0x2, 0x2]}}]}, 0x134}}, 0x0) [ 210.148954][ T9786] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 210.178423][ T9786] ------------[ cut here ]------------ [ 210.191733][ T9786] unsupported nla_type 0 [ 210.201738][ T9786] WARNING: CPU: 3 PID: 9786 at net/xfrm/xfrm_compat.c:279 xfrm_alloc_compat+0xf39/0x10d0 [ 210.244676][ T9786] Modules linked in: [ 210.257599][ T9786] CPU: 3 PID: 9786 Comm: syz-executor.0 Not tainted 5.10.0-rc4-syzkaller #0 [ 210.290323][ T9786] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 210.324484][ T9786] RIP: 0010:xfrm_alloc_compat+0xf39/0x10d0 [ 210.335794][ T9786] Code: de e8 6b 81 d2 f9 84 db 0f 85 b0 f8 ff ff e8 4e 89 d2 f9 8b 74 24 08 48 c7 c7 c0 06 52 8a c6 05 80 08 3b 05 01 e8 b1 ec 0e 01 <0f> 0b e9 8d f8 ff ff e8 2b 89 d2 f9 8b 14 24 48 c7 c7 80 06 52 8a [ 210.379740][ T9786] RSP: 0018:ffffc9000a107498 EFLAGS: 00010286 [ 210.393351][ T9786] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 210.414019][ T9786] RDX: 0000000000040000 RSI: ffffffff8158f3c5 RDI: fffff52001420e85 [ 210.435231][ T9786] RBP: 000000000000003c R08: 0000000000000001 R09: ffffffff8ecc4757 [ 210.453476][ T9786] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffa1 [ 210.470555][ T9786] R13: ffff888066e020f8 R14: ffff88801e7af680 R15: ffff88806327de00 [ 210.490007][ T9786] FS: 0000000000000000(0000) GS:ffff88802cf00000(0063) knlGS:00000000f54fbb40 [ 210.510434][ T9786] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 210.527781][ T9786] CR2: 000000002e221000 CR3: 00000000185a3000 CR4: 0000000000350ee0 [ 210.544772][ T9786] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 210.559974][ T9786] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 210.576726][ T9786] Call Trace: [ 210.585734][ T9786] ? xfrm_attr_cpy32+0x1d0/0x1d0 [ 210.595763][ T9786] xfrm_alloc_userspi+0x66a/0xa30 [ 210.607726][ T9786] ? xfrm_send_report+0x510/0x510 [ 210.618531][ T9786] ? __nla_parse+0x3d/0x50 [ 210.627716][ T9786] ? xfrm_send_report+0x510/0x510 [ 210.641053][ T9786] xfrm_user_rcv_msg+0x42f/0x8b0 [ 210.654851][ T9786] ? xfrm_do_migrate+0x800/0x800 [ 210.667639][ T9786] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 210.682191][ T9786] ? __mutex_lock+0x626/0x10e0 [ 210.697652][ T9786] netlink_rcv_skb+0x153/0x420 [ 210.708012][ T9786] ? xfrm_do_migrate+0x800/0x800 [ 210.717750][ T9786] ? netlink_ack+0xaa0/0xaa0 [ 210.731027][ T9786] xfrm_netlink_rcv+0x6b/0x90 [ 210.741302][ T9786] netlink_unicast+0x533/0x7d0 [ 210.753288][ T9786] ? netlink_attachskb+0x810/0x810 [ 210.761927][ T9786] ? __phys_addr_symbol+0x2c/0x70 01:32:27 executing program 2: accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000280), 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000cc0)={0x11, 0xf7, 0x0, 0x1, 0x4, 0x6, @local}, 0x14) r0 = socket(0x10, 0x800000000000803, 0x0) sendto(r0, &(0x7f0000000140)="120000001600e70d017b00000000008e", 0x10, 0x0, 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000140)={'sit0\x00', &(0x7f00000000c0)={'sit0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0, @mcast2}}) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x1, 0x824b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001340)='net/packet\x00') preadv(r2, &(0x7f00000017c0), 0x3da, 0x0, 0x0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)) r3 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x0, 0x0) pread64(r3, 0x0, 0xfeffffff, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) dup2(r4, r3) 01:32:27 executing program 1: r0 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fstat(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) keyctl$chown(0x4, r0, r2, 0xffffffffffffffff) 01:32:27 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@updsa={0x144, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@local, 0x0, 0x6c}, @in, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'lzs\x00'}}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x0, 0xfffffd68}}]}, 0x144}}, 0x0) [ 210.785314][ T9786] ? __check_object_size+0x171/0x3f0 01:32:27 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x5, 0x4, 0x81, 0xff}, 0x40) [ 210.816448][ T9786] netlink_sendmsg+0x856/0xd90 01:32:27 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@updsa={0x144, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@local, 0x0, 0x6c}, @in, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'lzs\x00'}}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x0, 0xfffffd68}}]}, 0x144}}, 0x0) [ 210.836472][ T9786] ? netlink_unicast+0x7d0/0x7d0 [ 210.850167][ T9786] ? bpf_lsm_socket_sendmsg+0x5/0x10 01:32:27 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=@updsa={0x144, 0x1a, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}, {@in=@local, 0x0, 0x6c}, @in, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_comp={0x48, 0x3, {{'lzs\x00'}}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0x0, 0xfffffd68}}]}, 0x144}}, 0x0) [ 210.862288][ T9786] ? netlink_unicast+0x7d0/0x7d0 [ 210.875218][ T9786] sock_sendmsg+0xcf/0x120 [ 210.884212][ T9786] ____sys_sendmsg+0x6e8/0x810 [ 210.891981][ T9786] ? kernel_sendmsg+0x50/0x50 01:32:27 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@getpolicy={0x50, 0x15, 0x1, 0x0, 0x0, {{@in=@dev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x2, 0xa0}}}, 0x50}}, 0x0) [ 210.903414][ T9786] ? do_recvmmsg+0x6c0/0x6c0 [ 210.917565][ T9786] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 210.927045][ T9786] ___sys_sendmsg+0xf3/0x170 [ 210.937322][ T9786] ? sendmsg_copy_msghdr+0x160/0x160 [ 210.946565][ T9786] ? __fget_files+0x272/0x400 [ 210.955168][ T9786] ? lock_downgrade+0x6d0/0x6d0 [ 210.966984][ T9786] ? find_held_lock+0x2d/0x110 [ 210.986951][ T9786] ? __fget_files+0x294/0x400 [ 210.995220][ T9786] ? __fget_light+0xea/0x280 [ 211.003549][ T9786] __sys_sendmsg+0xe5/0x1b0 [ 211.011566][ T9786] ? __sys_sendmsg_sock+0xb0/0xb0 [ 211.018680][ T9786] ? syscall_enter_from_user_mode_prepare+0x13/0x20 [ 211.028961][ T9786] __do_fast_syscall_32+0x56/0x80 [ 211.036460][ T9786] do_fast_syscall_32+0x2f/0x70 [ 211.044781][ T9786] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 211.055389][ T9786] RIP: 0023:0xf7f01549 [ 211.061043][ T9786] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 211.089627][ T9786] RSP: 002b:00000000f54fb0bc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 211.102486][ T9786] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200001c0 [ 211.114641][ T9786] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 211.126640][ T9786] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 211.141358][ T9786] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 211.156725][ T9786] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 211.170382][ T9786] Kernel panic - not syncing: panic_on_warn set ... [ 211.180056][ T9786] CPU: 1 PID: 9786 Comm: syz-executor.0 Not tainted 5.10.0-rc4-syzkaller #0 [ 211.180270][ T9786] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 211.180270][ T9786] Call Trace: [ 211.180270][ T9786] dump_stack+0x107/0x163 [ 211.180270][ T9786] panic+0x306/0x73d [ 211.180270][ T9786] ? __warn_printk+0xf3/0xf3 [ 211.251871][ T9786] ? __warn.cold+0x1a/0x44 [ 211.259364][ T9786] ? xfrm_alloc_compat+0xf39/0x10d0 [ 211.266464][ T9786] __warn.cold+0x35/0x44 [ 211.272276][ T9786] ? wake_up_klogd.part.0+0x8e/0xd0 [ 211.279257][ T9786] ? xfrm_alloc_compat+0xf39/0x10d0 [ 211.285187][ T9786] report_bug+0x1bd/0x210 [ 211.286269][ T9786] handle_bug+0x3c/0x60 [ 211.293569][ T9786] exc_invalid_op+0x14/0x40 [ 211.302843][ T9786] asm_exc_invalid_op+0x12/0x20 [ 211.308084][ T9786] RIP: 0010:xfrm_alloc_compat+0xf39/0x10d0 [ 211.313200][ T9786] Code: de e8 6b 81 d2 f9 84 db 0f 85 b0 f8 ff ff e8 4e 89 d2 f9 8b 74 24 08 48 c7 c7 c0 06 52 8a c6 05 80 08 3b 05 01 e8 b1 ec 0e 01 <0f> 0b e9 8d f8 ff ff e8 2b 89 d2 f9 8b 14 24 48 c7 c7 80 06 52 8a [ 211.342139][ T9786] RSP: 0018:ffffc9000a107498 EFLAGS: 00010286 [ 211.350438][ T9786] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 211.361061][ T9786] RDX: 0000000000040000 RSI: ffffffff8158f3c5 RDI: fffff52001420e85 [ 211.371352][ T9786] RBP: 000000000000003c R08: 0000000000000001 R09: ffffffff8ecc4757 [ 211.380957][ T9786] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000ffffffa1 [ 211.394650][ T9786] R13: ffff888066e020f8 R14: ffff88801e7af680 R15: ffff88806327de00 [ 211.408106][ T9786] ? vprintk_func+0x95/0x1e0 [ 211.418087][ T9786] ? xfrm_alloc_compat+0xf39/0x10d0 [ 211.431225][ T9786] ? xfrm_attr_cpy32+0x1d0/0x1d0 [ 211.446803][ T9786] xfrm_alloc_userspi+0x66a/0xa30 [ 211.458569][ T9786] ? xfrm_send_report+0x510/0x510 [ 211.472232][ T9786] ? __nla_parse+0x3d/0x50 [ 211.481478][ T9786] ? xfrm_send_report+0x510/0x510 [ 211.488279][ T9786] xfrm_user_rcv_msg+0x42f/0x8b0 [ 211.488279][ T9786] ? xfrm_do_migrate+0x800/0x800 [ 211.518128][ T9786] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 211.518128][ T9786] ? __mutex_lock+0x626/0x10e0 [ 211.548447][ T9786] netlink_rcv_skb+0x153/0x420 [ 211.560896][ T9786] ? xfrm_do_migrate+0x800/0x800 [ 211.573009][ T9786] ? netlink_ack+0xaa0/0xaa0 [ 211.584684][ T9786] xfrm_netlink_rcv+0x6b/0x90 [ 211.596722][ T9786] netlink_unicast+0x533/0x7d0 [ 211.599159][ T9786] ? netlink_attachskb+0x810/0x810 [ 211.612567][ T9786] ? __phys_addr_symbol+0x2c/0x70 [ 211.619747][ T9786] ? __check_object_size+0x171/0x3f0 [ 211.632737][ T9786] netlink_sendmsg+0x856/0xd90 [ 211.638556][ T9786] ? netlink_unicast+0x7d0/0x7d0 [ 211.651750][ T9786] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 211.658213][ T9786] ? netlink_unicast+0x7d0/0x7d0 [ 211.671234][ T9786] sock_sendmsg+0xcf/0x120 [ 211.678201][ T9786] ____sys_sendmsg+0x6e8/0x810 [ 211.698202][ T9786] ? kernel_sendmsg+0x50/0x50 [ 211.698202][ T9786] ? do_recvmmsg+0x6c0/0x6c0 [ 211.718560][ T9786] ? lockdep_hardirqs_on_prepare+0x400/0x400 [ 211.732461][ T9786] ___sys_sendmsg+0xf3/0x170 [ 211.738159][ T9786] ? sendmsg_copy_msghdr+0x160/0x160 [ 211.758236][ T9786] ? __fget_files+0x272/0x400 [ 211.768279][ T9786] ? lock_downgrade+0x6d0/0x6d0 [ 211.778108][ T9786] ? find_held_lock+0x2d/0x110 [ 211.778108][ T9786] ? __fget_files+0x294/0x400 [ 211.791154][ T9786] ? __fget_light+0xea/0x280 [ 211.818234][ T9786] __sys_sendmsg+0xe5/0x1b0 [ 211.831332][ T9786] ? __sys_sendmsg_sock+0xb0/0xb0 [ 211.840786][ T9786] ? syscall_enter_from_user_mode_prepare+0x13/0x20 [ 211.858131][ T9786] __do_fast_syscall_32+0x56/0x80 [ 211.871372][ T9786] do_fast_syscall_32+0x2f/0x70 [ 211.879121][ T9786] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 211.898124][ T9786] RIP: 0023:0xf7f01549 [ 211.911474][ T9786] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 211.958140][ T9786] RSP: 002b:00000000f54fb0bc EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 211.978155][ T9786] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200001c0 [ 211.998174][ T9786] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 212.028111][ T9786] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 212.038051][ T9786] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 212.070259][ T9786] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 212.078121][ T9786] Kernel Offset: disabled [ 212.078121][ T9786] Rebooting in 86400 seconds.. VM DIAGNOSIS: 01:32:27 Registers: info registers vcpu 0 RAX=00000000000dcf71 RBX=ffffffff8b09af80 RCX=1ffffffff19d9021 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=fffffbfff16135f0 RSP=ffffffff8b007e40 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=0000000000000000 R14=ffffffff8cecbac8 R15=0000000000000000 RIP=ffffffff88e7fe23 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cc00000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ff0efc5e000 CR3=000000005bd29000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000052 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000001 RBX=0000000000000001 RCX=0000000000000000 RDX=0000000000000002 RSI=00000000000000fd RDI=0000000000000006 RBP=ffffc900004c8c98 RSP=ffffc900004c8bd0 R8 =0000000000000000 R9 =ffffc900004c8c37 R10=0000000000000008 R11=0000000000000000 R12=0000000000000002 R13=0000000000000002 R14=dffffc0000000000 R15=0000000000000008 RIP=ffffffff812f7eea RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802cd00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe000003e000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000003c000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=0000000000806fa0 CR3=0000000068861000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000008 XMM02=000001f0000000000000000900000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 2 RAX=00000000000c997b RBX=ffff888010864300 RCX=1ffffffff19d9021 RDX=0000000000000000 RSI=0000000000000001 RDI=0000000000000000 RBP=ffffed100210c860 RSP=ffffc9000040fdf8 R8 =0000000000000001 R9 =0000000000000001 R10=0000000000000000 R11=0000000000000000 R12=0000000000000002 R13=0000000000000002 R14=ffffffff8cecbac8 R15=0000000000000000 RIP=ffffffff88e7fe23 RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802ce00000 ffffffff 00c00000 LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe0000079000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000077000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffe5b5aff5c CR3=00000000185a3000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000052 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 3 RAX=dffffc0000000060 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd RSI=ffffffff840e981c RDI=ffffffff8fadaae0 RBP=ffffffff8fadaaa0 RSP=ffffc9000a106e10 R8 =0000000000000001 R9 =0000000000000003 R10=000000000000000a R11=0000000000000000 R12=0000000000000020 R13=fffffbfff1f5b5a7 R14=fffffbfff1f5b55e R15=dffffc0000000000 RIP=ffffffff840e9870 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802cf00000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 00000000 00000000 TR =0040 fffffe00000b4000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000b2000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000000002e221000 CR3=00000000185a3000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000052 XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=00000000000000000000000000000000 XMM05=00000000000000000000000000000000 XMM06=00000000000000000000000000000000 XMM07=00000000000000000000000000000000 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000