Warning: Permanently added '[localhost]:64625' (ECDSA) to the list of known hosts.
2020/08/20 01:57:51 fuzzer started
2020/08/20 01:57:51 dialing manager at 10.0.2.10:38585
2020/08/20 01:57:51 syscalls: 3316
2020/08/20 01:57:51 code coverage: enabled
2020/08/20 01:57:51 comparison tracing: enabled
2020/08/20 01:57:51 extra coverage: enabled
2020/08/20 01:57:51 setuid sandbox: enabled
2020/08/20 01:57:51 namespace sandbox: enabled
2020/08/20 01:57:51 Android sandbox: /sys/fs/selinux/policy does not exist
2020/08/20 01:57:51 fault injection: enabled
2020/08/20 01:57:51 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2020/08/20 01:57:51 net packet injection: enabled
2020/08/20 01:57:51 net device setup: enabled
2020/08/20 01:57:51 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2020/08/20 01:57:51 devlink PCI setup: PCI device 0000:00:10.0 is not available
2020/08/20 01:57:51 USB emulation: enabled
2020/08/20 01:57:51 hci packet injection: enabled
syzkaller login: [  200.481337][    C0] hrtimer: interrupt took 138212256 ns
01:59:49 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = msgget$private(0x0, 0x0)
msgsnd(r0, &(0x7f0000000340)={0x3}, 0x0, 0x0)

01:59:50 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000001300)='net/igmp\x00')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000040)={0x0, 0xffffffff, 0x0, 0x0, 0x0, "00000100"})
ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = syz_open_pts(r1, 0x2)
sendfile(r4, r0, 0x0, 0x6f0a77bd)

01:59:50 executing program 2:
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5)
write$binfmt_misc(r0, &(0x7f0000000a40)=ANY=[], 0x1c2)
openat$vnet(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/vhost-net\x00', 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='pids.current\x00', 0x275a, 0x0)

01:59:51 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$bt_hci(r0, 0x0, 0x1, 0x0, &(0x7f00000001c0))

[  289.844913][ T8909] IPVS: ftp: loaded support on port[0] = 21
[  289.846595][ T8905] IPVS: ftp: loaded support on port[0] = 21
[  289.870364][ T8907] IPVS: ftp: loaded support on port[0] = 21
[  289.966863][ T8910] IPVS: ftp: loaded support on port[0] = 21
[  290.872929][ T8905] chnl_net:caif_netlink_parms(): no params data found
[  290.941358][ T8907] chnl_net:caif_netlink_parms(): no params data found
[  290.975797][ T8909] chnl_net:caif_netlink_parms(): no params data found
[  290.991984][ T8910] chnl_net:caif_netlink_parms(): no params data found
[  291.222862][ T3036] Bluetooth: hci0: command 0x0409 tx timeout
[  291.228854][ T1235] Bluetooth: hci1: command 0x0409 tx timeout
[  291.294687][ T8905] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.307898][ T8905] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.344523][ T8905] device bridge_slave_0 entered promiscuous mode
[  291.385521][ T8907] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.399046][ T8907] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.413397][ T8907] device bridge_slave_0 entered promiscuous mode
[  291.428754][ T8910] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.446426][ T8910] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.460386][ T8910] device bridge_slave_0 entered promiscuous mode
[  291.477294][ T8905] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.491454][ T8905] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.505986][ T8905] device bridge_slave_1 entered promiscuous mode
[  291.526658][ T8907] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.541245][ T1235] Bluetooth: hci2: command 0x0409 tx timeout
[  291.548075][ T8907] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.574936][ T8907] device bridge_slave_1 entered promiscuous mode
[  291.586243][ T8910] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.596926][ T8910] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.608248][ T8910] device bridge_slave_1 entered promiscuous mode
[  291.645295][ T8910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  291.663291][ T8909] bridge0: port 1(bridge_slave_0) entered blocking state
[  291.679043][ T8909] bridge0: port 1(bridge_slave_0) entered disabled state
[  291.692461][ T8909] device bridge_slave_0 entered promiscuous mode
[  291.713459][ T8909] bridge0: port 2(bridge_slave_1) entered blocking state
[  291.734678][ T8909] bridge0: port 2(bridge_slave_1) entered disabled state
[  291.749786][ T8909] device bridge_slave_1 entered promiscuous mode
[  291.781184][ T1235] Bluetooth: hci3: command 0x0409 tx timeout
[  291.792534][ T8910] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  291.828942][ T8905] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  291.867790][ T8909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  291.891235][ T8907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  291.908550][ T8905] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  291.956294][ T8907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  291.975474][ T8909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  292.026785][ T8910] team0: Port device team_slave_0 added
[  292.062108][ T8905] team0: Port device team_slave_0 added
[  292.084364][ T8909] team0: Port device team_slave_0 added
[  292.105993][ T8909] team0: Port device team_slave_1 added
[  292.122084][ T8910] team0: Port device team_slave_1 added
[  292.152406][ T8905] team0: Port device team_slave_1 added
[  292.192976][ T8907] team0: Port device team_slave_0 added
[  292.215569][ T8907] team0: Port device team_slave_1 added
[  292.257830][ T8909] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.276242][ T8909] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.367686][ T8909] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.426843][ T8910] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.465487][ T8910] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.551110][ T8910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.619820][ T8910] batman_adv: batadv0: Adding interface: batadv_slave_1
[  292.646658][ T8910] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.739475][ T8910] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  292.768774][ T8905] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.793967][ T8905] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.912844][ T8905] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.963829][ T8909] batman_adv: batadv0: Adding interface: batadv_slave_1
[  293.003587][ T8909] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  293.199229][ T8909] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  293.303126][ T3036] Bluetooth: hci1: command 0x041b tx timeout
[  293.304660][   T36] Bluetooth: hci0: command 0x041b tx timeout
[  293.309604][ T8907] batman_adv: batadv0: Adding interface: batadv_slave_0
[  293.309616][ T8907] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  293.309621][ T8907] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  293.621668][ T3036] Bluetooth: hci2: command 0x041b tx timeout
[  293.704466][ T8905] batman_adv: batadv0: Adding interface: batadv_slave_1
[  293.726111][ T8905] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  293.790388][ T8905] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  293.827261][ T8907] batman_adv: batadv0: Adding interface: batadv_slave_1
[  293.851358][ T8907] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  293.962638][ T1235] Bluetooth: hci3: command 0x041b tx timeout
[  293.973125][ T8907] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  294.124130][ T8909] device hsr_slave_0 entered promiscuous mode
[  294.142729][ T8909] device hsr_slave_1 entered promiscuous mode
[  294.168157][ T8910] device hsr_slave_0 entered promiscuous mode
[  294.229081][ T8910] device hsr_slave_1 entered promiscuous mode
[  294.250025][ T8910] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  294.272351][ T8910] Cannot create hsr debugfs directory
[  294.353097][ T8905] device hsr_slave_0 entered promiscuous mode
[  294.398565][ T8905] device hsr_slave_1 entered promiscuous mode
[  294.434299][ T8905] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  294.484236][ T8905] Cannot create hsr debugfs directory
[  294.522808][ T8907] device hsr_slave_0 entered promiscuous mode
[  294.557110][ T8907] device hsr_slave_1 entered promiscuous mode
[  294.584203][ T8907] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  294.618356][ T8907] Cannot create hsr debugfs directory
[  295.108756][ T8909] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  295.148444][ T8909] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  295.175800][ T8909] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  295.194837][ T8909] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  295.247958][ T8905] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  295.293384][ T8905] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  295.318161][ T8905] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  295.346487][ T8905] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  295.380888][ T1235] Bluetooth: hci1: command 0x040f tx timeout
[  295.450292][ T8910] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  295.495667][ T8910] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  295.519641][ T8910] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  295.559282][ T8907] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  295.598322][ T8910] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  295.635902][ T8907] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  295.659007][ T8907] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  295.679917][ T8907] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  295.711159][ T1235] Bluetooth: hci2: command 0x040f tx timeout
[  295.732466][ T1235] Bluetooth: hci0: command 0x040f tx timeout
[  295.853973][ T8905] 8021q: adding VLAN 0 to HW filter on device bond0
[  295.911910][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  295.951541][   T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  295.994364][ T8905] 8021q: adding VLAN 0 to HW filter on device team0
[  296.054993][ T1235] Bluetooth: hci3: command 0x040f tx timeout
[  296.058132][ T8910] 8021q: adding VLAN 0 to HW filter on device bond0
[  296.103702][ T3036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  296.122564][ T3036] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  296.146309][ T3036] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.176371][ T3036] bridge0: port 1(bridge_slave_0) entered forwarding state
[  296.230987][ T8909] 8021q: adding VLAN 0 to HW filter on device bond0
[  296.252045][   T59] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  296.269897][   T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  296.290779][   T59] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  296.318019][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.349939][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  296.390323][ T8910] 8021q: adding VLAN 0 to HW filter on device team0
[  296.421809][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  296.441203][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  296.460177][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  296.481805][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  296.503007][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.535820][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  296.566313][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  296.595508][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  296.627545][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  296.656631][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  296.685992][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  296.715452][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  296.738331][ T8941] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.759844][ T8941] bridge0: port 2(bridge_slave_1) entered forwarding state
[  296.780375][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  296.810993][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  296.842739][ T8909] 8021q: adding VLAN 0 to HW filter on device team0
[  296.879957][ T8907] 8021q: adding VLAN 0 to HW filter on device bond0
[  296.903143][   T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  296.922729][   T59] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  296.939753][   T59] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  296.964353][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  296.989543][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  297.025051][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  297.043963][    T5] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.058245][    T5] bridge0: port 1(bridge_slave_0) entered forwarding state
[  297.074116][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  297.113265][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  297.130352][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  297.147234][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  297.165261][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  297.188168][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  297.386265][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  297.420032][ T1235] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.449117][ T1235] bridge0: port 2(bridge_slave_1) entered forwarding state
[  297.480109][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  297.502482][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  297.525977][ T1235] Bluetooth: hci1: command 0x0419 tx timeout
[  297.549919][ T8907] 8021q: adding VLAN 0 to HW filter on device team0
[  297.585222][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  297.610056][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  297.628955][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  297.653909][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  297.678089][ T3869] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.698619][ T3869] bridge0: port 1(bridge_slave_0) entered forwarding state
[  297.717984][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  297.738273][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  297.761551][ T3869] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.777085][ T3869] bridge0: port 2(bridge_slave_1) entered forwarding state
[  297.793880][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  297.800928][   T28] Bluetooth: hci0: command 0x0419 tx timeout
[  297.807042][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  297.815500][   T28] Bluetooth: hci2: command 0x0419 tx timeout
[  297.828813][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  297.854448][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  297.865505][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  297.877926][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  297.892784][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  297.903531][ T3869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  297.926730][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  297.938881][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  297.950343][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  297.966001][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  297.986135][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  297.999969][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  298.042145][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  298.079088][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  298.100808][   T28] Bluetooth: hci3: command 0x0419 tx timeout
[  298.106017][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  298.146047][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  298.178688][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  298.225567][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  298.270189][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  298.344263][ T8910] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  298.388628][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  298.432288][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  298.463470][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  298.486122][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  298.502661][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  298.523263][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  298.549176][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  298.571253][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  298.593964][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  298.681648][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  298.727114][ T8907] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  298.772597][ T8909] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  298.810238][ T8909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  298.854149][   T59] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  298.881273][   T59] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  298.903189][   T59] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  298.924896][   T59] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  298.970021][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  298.992225][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  299.007916][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  299.025946][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  299.049999][ T8905] 8021q: adding VLAN 0 to HW filter on device batadv0
[  299.072912][ T8910] 8021q: adding VLAN 0 to HW filter on device batadv0
[  299.099166][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  299.115236][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  299.145438][ T8909] 8021q: adding VLAN 0 to HW filter on device batadv0
[  299.182230][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  299.208347][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  299.234915][ T8907] 8021q: adding VLAN 0 to HW filter on device batadv0
[  299.268368][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  299.291515][   T36] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  299.350064][ T8910] device veth0_vlan entered promiscuous mode
[  299.376845][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  299.407233][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  299.433638][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  299.462726][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  299.495279][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  299.528691][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  299.569637][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  299.604411][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  299.655480][ T8905] device veth0_vlan entered promiscuous mode
[  299.687456][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  299.719086][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  299.735956][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  299.757501][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  299.797236][ T8910] device veth1_vlan entered promiscuous mode
[  299.834565][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  299.862083][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  299.893092][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  299.979913][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  300.001448][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  300.040697][ T8907] device veth0_vlan entered promiscuous mode
[  300.054993][ T8905] device veth1_vlan entered promiscuous mode
[  300.078442][ T8909] device veth0_vlan entered promiscuous mode
[  300.094052][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  300.111535][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  300.146592][ T8907] device veth1_vlan entered promiscuous mode
[  300.185527][ T8909] device veth1_vlan entered promiscuous mode
[  300.213674][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  300.234968][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  300.249753][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  300.286561][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  300.306629][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  300.324775][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  300.355096][ T8905] device veth0_macvtap entered promiscuous mode
[  300.373122][ T8905] device veth1_macvtap entered promiscuous mode
[  300.408226][ T8905] batman_adv: batadv0: Interface activated: batadv_slave_0
[  300.440085][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  300.452785][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  300.466608][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  300.481895][ T8941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  300.500614][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  300.518447][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  300.545866][ T8909] device veth0_macvtap entered promiscuous mode
[  300.568775][ T8905] batman_adv: batadv0: Interface activated: batadv_slave_1
[  300.595466][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  300.614988][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  300.627574][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  300.638915][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  300.663106][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  300.676321][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  300.691623][ T8910] device veth0_macvtap entered promiscuous mode
[  300.709272][ T8909] device veth1_macvtap entered promiscuous mode
[  300.727808][ T8907] device veth0_macvtap entered promiscuous mode
[  300.738230][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  300.751861][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  300.762173][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  300.771702][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  300.783393][ T8910] device veth1_macvtap entered promiscuous mode
[  300.796486][ T8905] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  300.812577][ T8905] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  300.826247][ T8905] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  300.839127][ T8905] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  300.879227][ T8907] device veth1_macvtap entered promiscuous mode
[  300.894190][ T8909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  300.911536][ T8909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  300.932594][ T8909] batman_adv: batadv0: Interface activated: batadv_slave_0
[  300.983866][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  300.996279][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  301.005757][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  301.017635][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  301.032723][ T8909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  301.055181][ T8909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.079930][ T8909] batman_adv: batadv0: Interface activated: batadv_slave_1
[  301.101856][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  301.137670][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.169480][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  301.184950][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.207493][ T8910] batman_adv: batadv0: Interface activated: batadv_slave_0
[  301.238230][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  301.269469][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  301.294634][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  301.322795][ T2885] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  301.362927][ T8909] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  301.390783][ T8909] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  301.421917][ T8909] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  301.446275][ T8909] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  301.470112][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  301.491123][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.510049][ T8910] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  301.526299][ T8910] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.548461][ T8910] batman_adv: batadv0: Interface activated: batadv_slave_1
[  301.567883][ T8907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  301.569872][ T8905] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[  301.593154][ T8907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.642079][ T8907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  301.685345][ T8907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.726514][ T8907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  301.758998][ T8907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.787645][ T8907] batman_adv: batadv0: Interface activated: batadv_slave_0
[  301.825443][ T8907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  301.854114][ T8907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.887510][ T8907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  301.924840][ T8907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.956345][ T8907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  301.974171][ T8907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.993596][ T8907] batman_adv: batadv0: Interface activated: batadv_slave_1
[  302.005678][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  302.019323][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  302.035331][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  302.050911][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  302.074783][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  302.094776][   T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  302.138637][ T8910] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  302.163432][ T8910] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  302.198097][ T8910] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
02:00:05 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = msgget$private(0x0, 0x0)
msgsnd(r0, &(0x7f0000000340)={0x3}, 0x0, 0x0)

[  302.230892][ T8910] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  302.276848][ T8907] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
02:00:05 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r0 = msgget$private(0x0, 0x0)
msgsnd(r0, &(0x7f0000000340)={0x3}, 0x0, 0x0)

[  302.301034][ T8907] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  302.316703][ T8907] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  302.344395][ T8907] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
02:00:05 executing program 0:
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/vhost-net\x00', 0x2, 0x0)

02:00:05 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sg(0x0, 0x0, 0x0)
write$binfmt_misc(r1, &(0x7f0000001400)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c0945c08ba8c552fc99a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e0001010000e096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092c01005b6454cdd76381e68c380fcdf42270ceb049f3fc65d61c2b3c65f2f80a61ea6e457ebc93981b20e03b86d4e999bba83a7b0ee0ce30e80600cff8ca2996e518e3e69051f6d24317f9ebfeb82ee2469fb31be3d037359f1886a0ecfea43425e01c7f3cc18486bd725dbffc2a01a1103edc33d9d7c815b6c1b3b8ba057a872cf81e77b857d6b1091b2d200acf3ae815a823cffcf3ff946fa6"], 0x14f)
recvmsg(r0, &(0x7f0000007500)={&(0x7f0000000f00)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0xfffffffffffffe5f, 0x0, 0x0, 0xffffffffffffffff, 0x22}, 0x0)

02:00:05 executing program 0:
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000140)=""/210)

02:00:06 executing program 3:
r0 = syz_io_uring_setup(0x87, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
socket(0x0, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE, 0x0)
io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0)

02:00:09 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000001300)='net/igmp\x00')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000040)={0x0, 0xffffffff, 0x0, 0x0, 0x0, "00000100"})
ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = syz_open_pts(r1, 0x2)
sendfile(r4, r0, 0x0, 0x6f0a77bd)

02:00:09 executing program 2:
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5)
write$binfmt_misc(r0, &(0x7f0000000a40)=ANY=[], 0x1c2)
openat$vnet(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/vhost-net\x00', 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='pids.current\x00', 0x275a, 0x0)

02:00:09 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000001300)='net/igmp\x00')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000040)={0x0, 0xffffffff, 0x0, 0x0, 0x0, "00000100"})
ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = syz_open_pts(r1, 0x2)
sendfile(r4, r0, 0x0, 0x6f0a77bd)

02:00:09 executing program 0:
shmctl$IPC_INFO(0x0, 0x3, &(0x7f0000000140)=""/210)

02:00:09 executing program 0:
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5)
write$binfmt_misc(r0, &(0x7f0000000a40)=ANY=[], 0x1c2)
openat$vnet(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/vhost-net\x00', 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='pids.current\x00', 0x275a, 0x0)

02:00:10 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000001300)='net/igmp\x00')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000040)={0x0, 0xffffffff, 0x0, 0x0, 0x0, "00000100"})
ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = syz_open_pts(r1, 0x2)
sendfile(r4, r0, 0x0, 0x6f0a77bd)

02:00:10 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000001300)='net/igmp\x00')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000040)={0x0, 0xffffffff, 0x0, 0x0, 0x0, "00000100"})
ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = syz_open_pts(r1, 0x2)
sendfile(r4, r0, 0x0, 0x6f0a77bd)

02:00:10 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000001300)='net/igmp\x00')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000040)={0x0, 0xffffffff, 0x0, 0x0, 0x0, "00000100"})
ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = syz_open_pts(r1, 0x2)
sendfile(r4, r0, 0x0, 0x6f0a77bd)

02:00:10 executing program 2:
r0 = syz_io_uring_setup(0x87, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE, 0x0)
io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0)

02:00:10 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000001300)='net/igmp\x00')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000040)={0x0, 0xffffffff, 0x0, 0x0, 0x0, "00000100"})
ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = syz_open_pts(r1, 0x2)
sendfile(r4, r0, 0x0, 0x6f0a77bd)

02:00:10 executing program 2:
r0 = syz_io_uring_setup(0x87, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE, 0x0)
io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0)

02:00:10 executing program 3:
r0 = socket(0x11, 0x3, 0x0)
bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r0, &(0x7f00000003c0)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4801000024000b0d0e1344d1e4a2b4c724df0000", @ANYRES32=r1, @ANYBLOB="00000000ffffffff0000000008000100726564001c010200140001"], 0x148}}, 0x0)

[  307.543213][ T9042] netlink: 260 bytes leftover after parsing attributes in process `syz-executor.3'.
02:00:10 executing program 0:
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5)
write$binfmt_misc(r0, &(0x7f0000000a40)=ANY=[], 0x1c2)
openat$vnet(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/vhost-net\x00', 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='pids.current\x00', 0x275a, 0x0)

02:00:10 executing program 2:
r0 = syz_io_uring_setup(0x87, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE, 0x0)
io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0)

02:00:10 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000001300)='net/igmp\x00')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000040)={0x0, 0xffffffff, 0x0, 0x0, 0x0, "00000100"})
ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendfile(0xffffffffffffffff, r0, 0x0, 0x6f0a77bd)

02:00:10 executing program 3:
r0 = syz_io_uring_setup(0x87, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_WRITE={0x17, 0x4, 0x0, @fd_index, 0x0, 0x0, 0x0, 0x8}, 0x0)
io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0)

02:00:10 executing program 2:
r0 = syz_io_uring_setup(0x87, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE, 0x0)
io_uring_enter(r0, 0x450c, 0x0, 0x0, 0x0, 0x0)

02:00:10 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000001300)='net/igmp\x00')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000040)={0x0, 0xffffffff, 0x0, 0x0, 0x0, "00000100"})
ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc))
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
sendfile(0xffffffffffffffff, r0, 0x0, 0x6f0a77bd)

[  307.693400][ T9060] BUG: kernel NULL pointer dereference, address: 0000000000000000
[  307.714479][ T9060] #PF: supervisor instruction fetch in kernel mode
[  307.718178][ T9060] #PF: error_code(0x0010) - not-present page
[  307.740134][ T9060] PGD 5fd96067 P4D 5fd96067 PUD 5fd95067 PMD 0 
[  307.740134][ T9060] Oops: 0010 [#1] PREEMPT SMP KASAN
[  307.740134][ T9060] CPU: 3 PID: 9060 Comm: io_wqe_worker-0 Not tainted 5.8.0-syzkaller #0
[  307.740134][ T9060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[  307.740134][ T9060] RIP: 0010:0x0
[  307.740134][ T9060] Code: Bad RIP value.
[  307.740134][ T9060] RSP: 0018:ffffc90001367910 EFLAGS: 00010246
[  307.740134][ T9060] RAX: 1ffffffff109f1b7 RBX: dffffc0000000000 RCX: ffff888060086e08
[  307.740134][ T9060] RDX: 0000000000000008 RSI: 0000000000000000 RDI: ffff88802a95bcc0
[  307.740134][ T9060] RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88805feb2748
[  307.740134][ T9060] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90001367a28
[  307.740134][ T9060] R13: ffffffff884f8da0 R14: 0000000000000008 R15: 0000000000000001
[  307.990691][ T9060] FS:  0000000000000000(0000) GS:ffff88802d100000(0000) knlGS:0000000000000000
[  308.019510][ T9060] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  308.019510][ T9060] CR2: ffffffffffffffd6 CR3: 000000005fd97000 CR4: 0000000000350ee0
[  308.019510][ T9060] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  308.019510][ T9060] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  308.019510][ T9060] Call Trace:
[  308.136520][ T9060]  loop_rw_iter.part.0+0x26e/0x450
[  308.136520][ T9060]  io_write+0x6a2/0x7a0
[  308.136520][ T9060]  ? io_read+0xb60/0xb60
[  308.136520][ T9060]  ? mark_lock+0xbc/0x1710
[  308.136520][ T9060]  ? lock_repin_lock+0x460/0x460
[  308.136520][ T9060]  ? __lock_acquire+0x16cb/0x5640
[  308.136520][ T9060]  io_issue_sqe+0x1b0/0x60d0
[  308.136520][ T9060]  ? lockdep_hardirqs_on_prepare+0x530/0x530
[  308.136520][ T9060]  ? lockdep_hardirqs_on+0x76/0xf0
[  308.136520][ T9060]  ? kthread_use_mm+0x1dc/0x430
[  308.136520][ T9060]  ? io_uring_setup+0x28c0/0x28c0
[  308.136520][ T9060]  ? lock_downgrade+0x830/0x830
[  308.136520][ T9060]  ? kthread_use_mm+0x19b/0x430
[  308.136520][ T9060]  ? io_wq_submit_work+0x183/0x3d0
[  308.136520][ T9060]  io_wq_submit_work+0x183/0x3d0
[  308.136520][ T9060]  io_worker_handle_work+0xa45/0x13f0
[  308.136520][ T9060]  io_wqe_worker+0xbf0/0x10e0
[  308.136520][ T9060]  ? io_worker_handle_work+0x13f0/0x13f0
[  308.136520][ T9060]  ? lockdep_hardirqs_on+0x76/0xf0
[  308.136520][ T9060]  ? __kthread_parkme+0x13f/0x1e0
[  308.136520][ T9060]  ? io_worker_handle_work+0x13f0/0x13f0
[  308.136520][ T9060]  kthread+0x3b5/0x4a0
[  308.136520][ T9060]  ? __kthread_bind_mask+0xc0/0xc0
[  308.136520][ T9060]  ? __kthread_bind_mask+0xc0/0xc0
[  308.136520][ T9060]  ret_from_fork+0x1f/0x30
[  308.136520][ T9060] Modules linked in:
[  308.136520][ T9060] CR2: 0000000000000000
[  308.136520][ T9060] ---[ end trace c57237ccdac85ace ]---
[  308.136520][ T9060] RIP: 0010:0x0
[  308.136520][ T9060] Code: Bad RIP value.
[  308.136520][ T9060] RSP: 0018:ffffc90001367910 EFLAGS: 00010246
[  308.136520][ T9060] RAX: 1ffffffff109f1b7 RBX: dffffc0000000000 RCX: ffff888060086e08
[  308.136520][ T9060] RDX: 0000000000000008 RSI: 0000000000000000 RDI: ffff88802a95bcc0
[  308.580921][ T9060] RBP: 0000000000000000 R08: 0000000000000001 R09: ffff88805feb2748
[  308.580921][ T9060] R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90001367a28
[  308.580921][ T9060] R13: ffffffff884f8da0 R14: 0000000000000008 R15: 0000000000000001
[  308.580921][ T9060] FS:  0000000000000000(0000) GS:ffff88802d100000(0000) knlGS:0000000000000000
[  308.671566][ T9060] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  308.680817][ T9060] CR2: ffffffffffffffd6 CR3: 000000005fd97000 CR4: 0000000000350ee0
[  308.712179][ T9060] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  308.731526][ T9060] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  308.752448][ T9060] Kernel panic - not syncing: Fatal exception
[  308.771493][ T9060] Kernel Offset: disabled
[  308.771493][ T9060] Rebooting in 86400 seconds..