Warning: Permanently added '[localhost]:48178' (ECDSA) to the list of known hosts. 2020/10/15 22:08:37 fuzzer started 2020/10/15 22:08:39 dialing manager at 10.0.2.10:34087 2020/10/15 22:08:40 syscalls: 3440 2020/10/15 22:08:40 code coverage: enabled 2020/10/15 22:08:40 comparison tracing: enabled 2020/10/15 22:08:40 extra coverage: enabled 2020/10/15 22:08:40 setuid sandbox: enabled 2020/10/15 22:08:40 namespace sandbox: enabled 2020/10/15 22:08:40 Android sandbox: /sys/fs/selinux/policy does not exist 2020/10/15 22:08:40 fault injection: enabled 2020/10/15 22:08:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/10/15 22:08:40 net packet injection: enabled 2020/10/15 22:08:40 net device setup: enabled 2020/10/15 22:08:40 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/10/15 22:08:40 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/10/15 22:08:40 USB emulation: enabled 2020/10/15 22:08:40 hci packet injection: enabled 2020/10/15 22:08:40 wifi device emulation: enabled 22:09:14 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/bus/input/handlers\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000002c0)={0x2020}, 0x2020) syzkaller login: [ 231.888702][ T9463] IPVS: ftp: loaded support on port[0] = 21 22:09:16 executing program 1: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RSTATFS(r1, &(0x7f0000000100)={0x43}, 0xff85) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000400)={0x26, 'hash\x00', 0x0, 0x0, 'rmd128\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x7ffffffe, 0x0) [ 232.547499][ T9463] chnl_net:caif_netlink_parms(): no params data found [ 232.893060][ T9463] bridge0: port 1(bridge_slave_0) entered blocking state 22:09:17 executing program 2: syz_emit_ethernet(0x76, &(0x7f0000000180)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0300", 0x40, 0x3a, 0x0, @private0, @mcast2, {[], @dest_unreach={0x1, 0x0, 0x0, 0x0, [], {0x0, 0x6, "7cd9f6", 0x0, 0x33, 0x0, @mcast1, @dev, [@dstopts={0x29}], "0b11878293aa853f"}}}}}}}, 0x0) [ 232.936059][ T9463] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.986628][ T9463] device bridge_slave_0 entered promiscuous mode [ 233.049243][ T9463] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.078212][ T9463] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.108003][ T9463] device bridge_slave_1 entered promiscuous mode [ 233.169976][ T9463] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 233.237699][ T9463] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 233.318184][ T9463] team0: Port device team_slave_0 added [ 233.443557][ T2938] Bluetooth: hci0: command 0x0409 tx timeout 22:09:17 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netstat\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendfile(r1, r0, &(0x7f00000001c0)=0x33, 0x7cd8) [ 233.833716][ T9463] team0: Port device team_slave_1 added [ 234.010890][ T9463] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 234.060931][ T9463] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.221795][ T9463] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.300060][ T9463] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.351630][ T9463] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.496687][ T9463] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 234.651576][ T9463] device hsr_slave_0 entered promiscuous mode [ 234.700930][ T9463] device hsr_slave_1 entered promiscuous mode [ 234.714851][ T9475] IPVS: ftp: loaded support on port[0] = 21 [ 235.026749][ T9477] IPVS: ftp: loaded support on port[0] = 21 [ 235.228569][ T9463] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 235.273636][ T9463] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 235.291191][ T9463] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 235.335795][ T9463] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 235.405328][ T9475] chnl_net:caif_netlink_parms(): no params data found [ 235.556664][ T9478] IPVS: ftp: loaded support on port[0] = 21 [ 235.582617][ T2938] Bluetooth: hci0: command 0x041b tx timeout [ 235.718068][ T9475] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.730844][ T9475] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.748499][ T9475] device bridge_slave_0 entered promiscuous mode [ 235.768017][ T9475] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.780845][ T9475] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.801505][ T9475] device bridge_slave_1 entered promiscuous mode [ 235.891573][ T9475] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 235.920408][ T9475] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 235.967422][ T9475] team0: Port device team_slave_0 added [ 235.979830][ T9477] chnl_net:caif_netlink_parms(): no params data found [ 236.035966][ T9475] team0: Port device team_slave_1 added [ 236.064166][ T9475] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 236.073941][ T9475] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 236.109172][ T9475] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 236.127039][ T9475] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 236.136412][ T9475] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 236.212879][ T9475] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 236.372977][ T13] Bluetooth: hci1: command 0x0409 tx timeout [ 236.417036][ T9475] device hsr_slave_0 entered promiscuous mode [ 236.470788][ T9475] device hsr_slave_1 entered promiscuous mode [ 236.488116][ T9475] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 236.514962][ T9475] Cannot create hsr debugfs directory [ 236.544720][ T9477] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.566030][ T9477] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.631782][ T9477] device bridge_slave_0 entered promiscuous mode [ 236.712097][ T9477] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.734829][ T9477] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.754649][ T9477] device bridge_slave_1 entered promiscuous mode [ 236.828325][ T9478] chnl_net:caif_netlink_parms(): no params data found [ 236.877167][ T9477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 236.932896][ T2938] Bluetooth: hci2: command 0x0409 tx timeout [ 236.996852][ T9477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 237.057807][ T9477] team0: Port device team_slave_0 added [ 237.076022][ T9477] team0: Port device team_slave_1 added [ 237.172440][ T9477] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 237.194095][ T9477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.277406][ T9477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 237.314793][ T9463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.334089][ T9477] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 237.343897][ T9477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.390215][ T9477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 237.412925][ T13] Bluetooth: hci3: command 0x0409 tx timeout [ 237.443703][ T9477] device hsr_slave_0 entered promiscuous mode [ 237.453380][ T9477] device hsr_slave_1 entered promiscuous mode [ 237.462028][ T9477] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 237.473184][ T9477] Cannot create hsr debugfs directory [ 237.483043][ T9478] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.492458][ T9478] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.508738][ T9478] device bridge_slave_0 entered promiscuous mode [ 237.528109][ T9478] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.541140][ T9478] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.556766][ T9478] device bridge_slave_1 entered promiscuous mode [ 237.615855][ T9478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 237.650466][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.663840][ T2938] Bluetooth: hci0: command 0x040f tx timeout [ 237.672413][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 237.699038][ T9478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 237.739283][ T9463] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.765848][ T9478] team0: Port device team_slave_0 added [ 237.777094][ T9475] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 237.806154][ T9478] team0: Port device team_slave_1 added [ 237.819859][ T9475] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 237.841766][ T9475] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 237.858270][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.870625][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.884324][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.895048][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.927338][ T9478] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 237.936884][ T9478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 237.968599][ T9478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 237.986962][ T9478] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 237.996484][ T9478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 238.032364][ T9478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 238.060975][ T9475] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 238.082405][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 238.110976][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.148572][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.176556][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.199323][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.260863][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 238.277080][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 238.298563][ T9478] device hsr_slave_0 entered promiscuous mode [ 238.306685][ T9478] device hsr_slave_1 entered promiscuous mode [ 238.316272][ T9478] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 238.326380][ T9478] Cannot create hsr debugfs directory [ 238.366640][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 238.380949][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.399749][ T9477] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 238.412100][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 238.423441][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 238.435501][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.452846][ T2441] Bluetooth: hci1: command 0x041b tx timeout [ 238.455009][ T9477] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 238.476638][ T9477] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 238.487794][ T9477] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 238.514040][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 238.524783][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 238.546136][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 238.559002][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 238.590067][ T9463] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 238.633895][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 238.645723][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 238.682076][ T9463] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.715704][ T9478] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 238.727624][ T9478] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 238.739127][ T9478] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 238.756338][ T9478] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 238.810669][ T9475] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.834220][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 238.848059][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 238.891198][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 238.901542][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 238.924690][ T9475] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.934842][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 238.947561][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 238.959037][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 238.972984][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 238.988712][ T9463] device veth0_vlan entered promiscuous mode [ 239.005282][ T9477] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.015089][ T2938] Bluetooth: hci2: command 0x041b tx timeout [ 239.025549][ T9463] device veth1_vlan entered promiscuous mode [ 239.043602][ T2561] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 239.056013][ T2561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 239.071589][ T2561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 239.088912][ T2561] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.099600][ T2561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.111356][ T2561] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.124529][ T2561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.137809][ T2561] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.148259][ T2561] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.160255][ T2561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.182454][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 239.205463][ T9477] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.224104][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 239.234654][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 239.244583][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.254654][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 239.268166][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 239.280162][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 239.290951][ T9499] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.301108][ T9499] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.312973][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.325268][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.339811][ T9499] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.351955][ T9499] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.368975][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.396702][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 239.407216][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 239.418217][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 239.429906][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 239.440233][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 239.450226][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 239.460181][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 239.470078][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 239.488683][ T9475] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 239.502278][ T9498] Bluetooth: hci3: command 0x041b tx timeout [ 239.503656][ T9475] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 239.528804][ T9463] device veth0_macvtap entered promiscuous mode [ 239.548264][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 239.570182][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 239.590782][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 239.609094][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 239.624295][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 239.640412][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 239.661318][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 239.676034][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 239.690509][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 239.709462][ T9463] device veth1_macvtap entered promiscuous mode [ 239.733455][ T13] Bluetooth: hci0: command 0x0419 tx timeout [ 239.755136][ T9463] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 239.790427][ T9478] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.805397][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 239.823969][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 239.845115][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 239.859964][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 239.872552][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 239.899104][ T9463] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 239.923798][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 239.939089][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 239.960486][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 239.979788][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 240.018790][ T9477] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 240.040852][ T9477] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 240.061014][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 240.075739][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 240.090176][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 240.106254][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 240.121224][ T9463] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.136162][ T9463] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.146556][ T9463] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.157539][ T9463] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.183013][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.193211][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.209368][ T9475] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 240.228258][ T9478] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.296540][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 240.308793][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 240.327833][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.341649][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.366079][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 240.391470][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 240.411303][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.422438][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.435208][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 240.450189][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.463344][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 240.477455][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 240.513902][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 240.540566][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 240.543957][ T9498] Bluetooth: hci1: command 0x040f tx timeout [ 240.568964][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 240.660971][ T9477] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 240.679455][ T9500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 240.696442][ T9500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 240.709203][ T9500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 240.722884][ T9500] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 240.723440][ T9475] device veth0_vlan entered promiscuous mode [ 240.766778][ T9500] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 240.778795][ T9500] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 240.792919][ T9500] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 240.813010][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 240.830830][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 240.849152][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.860887][ T9478] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 240.866341][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.878280][ T9478] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 240.881764][ T9475] device veth1_vlan entered promiscuous mode [ 240.939013][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 240.951423][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 240.963198][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 240.978063][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 240.995504][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 241.008408][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 241.020167][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 241.041728][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 241.103612][ T2938] Bluetooth: hci2: command 0x040f tx timeout [ 241.110545][ T55] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 241.133607][ T9496] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 241.142079][ T9477] device veth0_vlan entered promiscuous mode [ 241.146850][ T9496] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 241.161747][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 241.188273][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 241.205834][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 241.224285][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 241.244362][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 241.276641][ T9477] device veth1_vlan entered promiscuous mode [ 241.305749][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 241.330539][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 241.359996][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 241.406074][ T9478] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 241.446266][ T9463] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 241.457135][ T9475] device veth0_macvtap entered promiscuous mode [ 241.547778][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 241.573961][ T2938] Bluetooth: hci3: command 0x040f tx timeout [ 241.584332][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 241.649401][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 241.687914][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready 22:09:26 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/bus/input/handlers\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000002c0)={0x2020}, 0x2020) [ 241.781134][ T9475] device veth1_macvtap entered promiscuous mode [ 241.865077][ T9500] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready 22:09:26 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/bus/input/handlers\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000002c0)={0x2020}, 0x2020) [ 241.899909][ T9500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready 22:09:26 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/bus/input/handlers\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000002c0)={0x2020}, 0x2020) [ 241.938212][ T9500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 241.980821][ T9500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 242.019986][ T9500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 242.067655][ T9477] device veth0_macvtap entered promiscuous mode 22:09:26 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/bus/input/handlers\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000002c0)={0x2020}, 0x2020) [ 242.106646][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready 22:09:26 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/bus/input/handlers\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000002c0)={0x2020}, 0x2020) [ 242.154586][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 242.209402][ T9475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 242.264406][ T9475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.316135][ T9475] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 242.392474][ T9475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 242.457191][ T9475] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.503991][ T9475] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 242.547876][ T9478] device veth0_vlan entered promiscuous mode [ 242.585340][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 242.613189][ T28] Bluetooth: hci1: command 0x0419 tx timeout [ 242.625639][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 242.673628][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 242.700351][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 242.727137][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 242.746261][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 242.769788][ T9477] device veth1_macvtap entered promiscuous mode [ 242.794516][ T9475] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.818034][ T9475] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.841142][ T9475] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.863462][ T9475] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.896742][ T9478] device veth1_vlan entered promiscuous mode [ 242.920644][ T9477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 242.955175][ T9477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 242.982554][ T9477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 242.999874][ T9477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.025430][ T9477] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 243.057108][ T9477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 243.088228][ T9477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.120701][ T9477] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 243.154789][ T9477] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 243.174341][ T28] Bluetooth: hci2: command 0x0419 tx timeout [ 243.197105][ T9477] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 243.262363][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 243.294202][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 243.322099][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 243.352186][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 243.376233][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 243.399901][ T2938] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 243.466238][ T9477] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.504601][ T9477] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.544932][ T9477] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.578674][ T9477] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.653766][ T28] Bluetooth: hci3: command 0x0419 tx timeout [ 243.666816][ T9474] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.725795][ T9474] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.769225][ T9474] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 243.769770][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 243.800783][ T9474] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 243.828363][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 243.909799][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 243.966740][ T9478] device veth0_macvtap entered promiscuous mode [ 244.000826][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 244.041244][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 244.098298][ T9478] device veth1_macvtap entered promiscuous mode [ 244.118716][ T2456] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.134585][ T9478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 244.144354][ T2456] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 22:09:28 executing program 1: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RSTATFS(r1, &(0x7f0000000100)={0x43}, 0xff85) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000400)={0x26, 'hash\x00', 0x0, 0x0, 'rmd128\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x7ffffffe, 0x0) [ 244.172262][ T9478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.263571][ T9478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 244.318590][ T9478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.358784][ T9478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 244.394213][ T9478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.438470][ T9478] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 244.470801][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 244.496348][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 244.517292][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 244.539650][ T2441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 244.571687][ T9478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 244.586073][ T9478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.600417][ T9478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 244.615804][ T9478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.628657][ T9478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 244.645189][ T9478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 244.662483][ T9478] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 244.680805][ T9500] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 244.703911][ T9500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 244.731421][ T8] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 244.735069][ T9478] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.747795][ T8] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 244.767866][ T9478] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.819691][ T9478] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.847721][ T9478] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.891923][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 22:09:29 executing program 2: syz_emit_ethernet(0x76, &(0x7f0000000180)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0300", 0x40, 0x3a, 0x0, @private0, @mcast2, {[], @dest_unreach={0x1, 0x0, 0x0, 0x0, [], {0x0, 0x6, "7cd9f6", 0x0, 0x33, 0x0, @mcast1, @dev, [@dstopts={0x29}], "0b11878293aa853f"}}}}}}}, 0x0) [ 245.037194][ T2456] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.047762][ T9490] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.108421][ T2456] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.149246][ T9490] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.179170][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 245.249517][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 22:09:30 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netstat\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendfile(r1, r0, &(0x7f00000001c0)=0x33, 0x7cd8) 22:09:30 executing program 0: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/bus/input/handlers\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000002c0)={0x2020}, 0x2020) 22:09:30 executing program 1: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RSTATFS(r1, &(0x7f0000000100)={0x43}, 0xff85) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000400)={0x26, 'hash\x00', 0x0, 0x0, 'rmd128\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x7ffffffe, 0x0) 22:09:30 executing program 2: syz_emit_ethernet(0x76, &(0x7f0000000180)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0300", 0x40, 0x3a, 0x0, @private0, @mcast2, {[], @dest_unreach={0x1, 0x0, 0x0, 0x0, [], {0x0, 0x6, "7cd9f6", 0x0, 0x33, 0x0, @mcast1, @dev, [@dstopts={0x29}], "0b11878293aa853f"}}}}}}}, 0x0) 22:09:30 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netstat\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendfile(r1, r0, &(0x7f00000001c0)=0x33, 0x7cd8) 22:09:30 executing program 2: syz_emit_ethernet(0x76, &(0x7f0000000180)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0300", 0x40, 0x3a, 0x0, @private0, @mcast2, {[], @dest_unreach={0x1, 0x0, 0x0, 0x0, [], {0x0, 0x6, "7cd9f6", 0x0, 0x33, 0x0, @mcast1, @dev, [@dstopts={0x29}], "0b11878293aa853f"}}}}}}}, 0x0) 22:09:30 executing program 1: pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RSTATFS(r1, &(0x7f0000000100)={0x43}, 0xff85) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000400)={0x26, 'hash\x00', 0x0, 0x0, 'rmd128\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) splice(r0, 0x0, r3, 0x0, 0x7ffffffe, 0x0) 22:09:30 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/netstat\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendfile(r1, r0, &(0x7f00000001c0)=0x33, 0x7cd8) 22:09:30 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) 22:09:30 executing program 2: syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000140)='./bus\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000380)={[{@resize_auto='resize=auto'}]}) 22:09:30 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f000067d000)=0x19, 0x4) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) connect$unix(r0, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) 22:09:30 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) 22:09:30 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f000067d000)=0x19, 0x4) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) connect$unix(r0, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) [ 245.986096][ T9563] REISERFS warning (device loop2): super-6502 reiserfs_getopt: unknown mount option "" 22:09:30 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680)='nl80211\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x5c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x2c, 0x51, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "ccae16352c09fd59194539ffa9"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_DEFAULT_TYPES={0x4}]}]}, @NL80211_ATTR_SSID={0x5, 0x34, @random="82"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x5c}}, 0x0) 22:09:30 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) 22:09:30 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f000067d000)=0x19, 0x4) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) connect$unix(r0, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) 22:09:30 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680)='nl80211\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x5c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x2c, 0x51, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "ccae16352c09fd59194539ffa9"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_DEFAULT_TYPES={0x4}]}]}, @NL80211_ATTR_SSID={0x5, 0x34, @random="82"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x5c}}, 0x0) [ 246.291445][ T9563] REISERFS warning (device loop2): super-6502 reiserfs_getopt: unknown mount option "" 22:09:31 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) 22:09:31 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f000067d000)=0x19, 0x4) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) connect$unix(r0, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) 22:09:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680)='nl80211\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x5c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x2c, 0x51, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "ccae16352c09fd59194539ffa9"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_DEFAULT_TYPES={0x4}]}]}, @NL80211_ATTR_SSID={0x5, 0x34, @random="82"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x5c}}, 0x0) 22:09:31 executing program 2: syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000140)='./bus\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000380)={[{@resize_auto='resize=auto'}]}) 22:09:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680)='nl80211\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x5c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x2c, 0x51, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "ccae16352c09fd59194539ffa9"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_DEFAULT_TYPES={0x4}]}]}, @NL80211_ATTR_SSID={0x5, 0x34, @random="82"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x5c}}, 0x0) [ 246.493052][ T9600] REISERFS warning (device loop2): super-6502 reiserfs_getopt: unknown mount option "" 22:09:31 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680)='nl80211\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x5c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x2c, 0x51, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "ccae16352c09fd59194539ffa9"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_DEFAULT_TYPES={0x4}]}]}, @NL80211_ATTR_SSID={0x5, 0x34, @random="82"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x5c}}, 0x0) 22:09:31 executing program 0: r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004000000001f0006031a00000004800200090581", @ANYBLOB="53f3"], 0x0) syz_usb_disconnect(r0) 22:09:31 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680)='nl80211\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x5c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x2c, 0x51, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "ccae16352c09fd59194539ffa9"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_DEFAULT_TYPES={0x4}]}]}, @NL80211_ATTR_SSID={0x5, 0x34, @random="82"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x5c}}, 0x0) 22:09:31 executing program 3: bpf$BPF_BTF_LOAD(0xf, &(0x7f0000000300)={0x0, &(0x7f0000000200)=""/213, 0x0, 0xd5}, 0x20) 22:09:31 executing program 2: syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000140)='./bus\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000380)={[{@resize_auto='resize=auto'}]}) 22:09:31 executing program 3: bpf$BPF_BTF_LOAD(0xf, &(0x7f0000000300)={0x0, &(0x7f0000000200)=""/213, 0x0, 0xd5}, 0x20) 22:09:31 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680)='nl80211\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x5c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x2c, 0x51, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "ccae16352c09fd59194539ffa9"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_DEFAULT_TYPES={0x4}]}]}, @NL80211_ATTR_SSID={0x5, 0x34, @random="82"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x5c}}, 0x0) [ 246.684252][ T9622] REISERFS warning (device loop2): super-6502 reiserfs_getopt: unknown mount option "" 22:09:31 executing program 3: bpf$BPF_BTF_LOAD(0xf, &(0x7f0000000300)={0x0, &(0x7f0000000200)=""/213, 0x0, 0xd5}, 0x20) 22:09:31 executing program 3: bpf$BPF_BTF_LOAD(0xf, &(0x7f0000000300)={0x0, &(0x7f0000000200)=""/213, 0x0, 0xd5}, 0x20) [ 246.873302][ T2441] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 247.264573][ T2441] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 247.279106][ T2441] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 247.297773][ T2441] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 247.311964][ T2441] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 247.443668][ T2441] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 247.468489][ T2441] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 247.488679][ T2441] usb 5-1: Product: syz [ 247.498863][ T2441] usb 5-1: Manufacturer: syz [ 247.556592][ T2441] cdc_wdm 5-1:1.0: skipping garbage [ 247.569894][ T2441] cdc_wdm 5-1:1.0: skipping garbage [ 247.588911][ T2441] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 247.764987][ T9500] usb 5-1: USB disconnect, device number 2 [ 248.742989][ T9497] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 249.133381][ T9497] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 249.156806][ T9497] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 249.176712][ T9497] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 249.194811][ T9497] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 249.334430][ T9497] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 249.356574][ T9497] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 249.373744][ T9497] usb 5-1: Product: syz [ 249.385926][ T9497] usb 5-1: Manufacturer: syz [ 249.446652][ T9497] cdc_wdm 5-1:1.0: skipping garbage [ 249.461920][ T9497] cdc_wdm 5-1:1.0: skipping garbage [ 249.484313][ T9497] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device 22:09:34 executing program 0: r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004000000001f0006031a00000004800200090581", @ANYBLOB="53f3"], 0x0) syz_usb_disconnect(r0) 22:09:34 executing program 1: r0 = syz_open_dev$ndb(&(0x7f00000001c0)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_BLKSIZE(r0, 0xab09, 0x0) 22:09:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) ioctl$HIDIOCGPHYS(0xffffffffffffffff, 0x80404812, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, 0x0, 0x0) 22:09:34 executing program 2: syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000140)='./bus\x00', 0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f0000000380)={[{@resize_auto='resize=auto'}]}) [ 249.612427][ T9497] usb 5-1: USB disconnect, device number 3 [ 249.657859][ T9645] REISERFS warning (device loop2): super-6502 reiserfs_getopt: unknown mount option "" 22:09:34 executing program 1: r0 = syz_open_dev$ndb(&(0x7f00000001c0)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_BLKSIZE(r0, 0xab09, 0x0) 22:09:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) ioctl$HIDIOCGPHYS(0xffffffffffffffff, 0x80404812, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, 0x0, 0x0) 22:09:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) ioctl$HIDIOCGPHYS(0xffffffffffffffff, 0x80404812, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, 0x0, 0x0) 22:09:34 executing program 1: r0 = syz_open_dev$ndb(&(0x7f00000001c0)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_BLKSIZE(r0, 0xab09, 0x0) 22:09:34 executing program 1: r0 = syz_open_dev$ndb(&(0x7f00000001c0)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_BLKSIZE(r0, 0xab09, 0x0) [ 250.063162][ T9497] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 250.462972][ T9497] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 250.480184][ T9497] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 250.502819][ T9497] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 250.514532][ T9497] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 250.683115][ T9497] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 250.704194][ T9497] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 250.718525][ T9497] usb 5-1: Product: syz [ 250.725630][ T9497] usb 5-1: Manufacturer: syz [ 250.774890][ T9497] cdc_wdm 5-1:1.0: skipping garbage [ 250.784802][ T9497] cdc_wdm 5-1:1.0: skipping garbage [ 250.800135][ T9497] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 250.988814][ T9498] usb 5-1: USB disconnect, device number 4 22:09:36 executing program 0: r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004000000001f0006031a00000004800200090581", @ANYBLOB="53f3"], 0x0) syz_usb_disconnect(r0) 22:09:36 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) ioctl$HIDIOCGPHYS(0xffffffffffffffff, 0x80404812, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, 0x0, 0x0) 22:09:36 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 22:09:36 executing program 2: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x6000, 0x1) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) ioctl$BLKGETSIZE64(r0, 0x1260, &(0x7f0000000040)) 22:09:36 executing program 3: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 22:09:36 executing program 2: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x6000, 0x1) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) ioctl$BLKGETSIZE64(r0, 0x1260, &(0x7f0000000040)) 22:09:36 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 22:09:36 executing program 3: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 252.032797][ T55] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 252.423034][ T55] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 252.440431][ T55] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 252.463863][ T55] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 252.478729][ T55] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 252.617169][ T55] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 252.635796][ T55] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 252.652249][ T55] usb 5-1: Product: syz [ 252.660252][ T55] usb 5-1: Manufacturer: syz [ 252.703618][ T55] cdc_wdm 5-1:1.0: skipping garbage [ 252.711978][ T55] cdc_wdm 5-1:1.0: skipping garbage [ 252.720966][ T55] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 252.916332][ T9500] usb 5-1: USB disconnect, device number 5 22:09:38 executing program 0: r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004000000001f0006031a00000004800200090581", @ANYBLOB="53f3"], 0x0) syz_usb_disconnect(r0) 22:09:38 executing program 3: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 22:09:38 executing program 2: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x6000, 0x1) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) ioctl$BLKGETSIZE64(r0, 0x1260, &(0x7f0000000040)) 22:09:38 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 22:09:38 executing program 3: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 22:09:38 executing program 2: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x6000, 0x1) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x100000e, 0x31, 0xffffffffffffffff, 0x0) ioctl$BLKGETSIZE64(r0, 0x1260, &(0x7f0000000040)) 22:09:38 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 22:09:38 executing program 3: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 22:09:38 executing program 2: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 22:09:38 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 22:09:38 executing program 3: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 254.022988][ T55] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 254.412995][ T55] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 254.424665][ T55] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 254.448521][ T55] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 254.462243][ T55] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 254.613286][ T55] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 254.624079][ T55] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 254.634002][ T55] usb 5-1: Product: syz [ 254.638751][ T55] usb 5-1: Manufacturer: syz [ 254.684153][ T55] cdc_wdm 5-1:1.0: skipping garbage [ 254.690346][ T55] cdc_wdm 5-1:1.0: skipping garbage [ 254.699355][ T55] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 254.890607][ T23] usb 5-1: USB disconnect, device number 6 22:09:40 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 22:09:40 executing program 3: r0 = syz_open_dev$sg(&(0x7f00000000c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 22:09:40 executing program 2: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 22:09:40 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 22:09:40 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 22:09:40 executing program 2: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 22:09:40 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 22:09:40 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1006}, 0x4) 22:09:40 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_retopts={{0x20, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x14, 0x9, 0x3, 0x0, [{@loopback, 0x8}, {@local}]}]}}}], 0x20}, 0x0) 22:09:40 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @local}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x40000000000004a, 0x0) 22:09:40 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1006}, 0x4) 22:09:40 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_retopts={{0x20, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x14, 0x9, 0x3, 0x0, [{@loopback, 0x8}, {@local}]}]}}}], 0x20}, 0x0) 22:09:40 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) r1 = socket$unix(0x1, 0x2, 0x0) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) connect$unix(r1, &(0x7f0000000100)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 22:09:40 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @local}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x40000000000004a, 0x0) 22:09:40 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_retopts={{0x20, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x14, 0x9, 0x3, 0x0, [{@loopback, 0x8}, {@local}]}]}}}], 0x20}, 0x0) 22:09:40 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1006}, 0x4) 22:09:40 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1006}, 0x4) 22:09:40 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_retopts={{0x20, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x14, 0x9, 0x3, 0x0, [{@loopback, 0x8}, {@local}]}]}}}], 0x20}, 0x0) 22:09:40 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1006}, 0x4) 22:09:40 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1006}, 0x4) 22:09:40 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @local}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x40000000000004a, 0x0) 22:09:40 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1004}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x1006}, 0x4) 22:09:40 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x14e24}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @ipv4={[], [], @local}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x40000000000004a, 0x0) 22:09:40 executing program 3: r0 = socket(0x10, 0x80002, 0x2) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x2}, 0xc) 22:09:40 executing program 1: syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='projid_map\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/47, 0x2f}], 0x1, 0x5, 0x0) 22:09:40 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000040)={0x0, 0x0}) r1 = syz_io_uring_setup(0x7a81, &(0x7f00000000c0), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180)) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000080)=[r0, r1], 0x2) 22:09:40 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f4, 0x0, 0x0, 0x294, 0x220, 0x294, 0x32c, 0x378, 0x378, 0x32c, 0x378, 0x3, 0x0, {[{{@uncond, 0x0, 0x200, 0x220, 0x52020000, {}, [@common=@inet=@recent0={{0xf4, 'recent\x00'}, {0x0, 0x0, 0x4, 0x0, 'syz1\x00'}}, @common=@unspec=@rateest={{0x68, 'rateest\x00'}, {'veth1_to_hsr\x00', 'gre0\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@uncond, 0x0, 0xa4, 0x10c}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x450) 22:09:41 executing program 3: r0 = socket(0x10, 0x80002, 0x2) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x2}, 0xc) 22:09:41 executing program 1: syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='projid_map\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/47, 0x2f}], 0x1, 0x5, 0x0) 22:09:41 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f4, 0x0, 0x0, 0x294, 0x220, 0x294, 0x32c, 0x378, 0x378, 0x32c, 0x378, 0x3, 0x0, {[{{@uncond, 0x0, 0x200, 0x220, 0x52020000, {}, [@common=@inet=@recent0={{0xf4, 'recent\x00'}, {0x0, 0x0, 0x4, 0x0, 'syz1\x00'}}, @common=@unspec=@rateest={{0x68, 'rateest\x00'}, {'veth1_to_hsr\x00', 'gre0\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@uncond, 0x0, 0xa4, 0x10c}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x450) 22:09:41 executing program 3: r0 = socket(0x10, 0x80002, 0x2) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x2}, 0xc) 22:09:41 executing program 1: syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='projid_map\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/47, 0x2f}], 0x1, 0x5, 0x0) 22:09:41 executing program 0: r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000040)={0x0, 0x0}) r1 = syz_io_uring_setup(0x7a81, &(0x7f00000000c0), &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000140), &(0x7f0000000180)) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000080)=[r0, r1], 0x2) 22:09:41 executing program 1: syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='projid_map\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00') preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/47, 0x2f}], 0x1, 0x5, 0x0) 22:09:41 executing program 3: r0 = socket(0x10, 0x80002, 0x2) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x2}, 0xc) 22:09:41 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f4, 0x0, 0x0, 0x294, 0x220, 0x294, 0x32c, 0x378, 0x378, 0x32c, 0x378, 0x3, 0x0, {[{{@uncond, 0x0, 0x200, 0x220, 0x52020000, {}, [@common=@inet=@recent0={{0xf4, 'recent\x00'}, {0x0, 0x0, 0x4, 0x0, 'syz1\x00'}}, @common=@unspec=@rateest={{0x68, 'rateest\x00'}, {'veth1_to_hsr\x00', 'gre0\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@uncond, 0x0, 0xa4, 0x10c}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x450) 22:09:41 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f4, 0x0, 0x0, 0x294, 0x220, 0x294, 0x32c, 0x378, 0x378, 0x32c, 0x378, 0x3, 0x0, {[{{@uncond, 0x0, 0x200, 0x220, 0x52020000, {}, [@common=@inet=@recent0={{0xf4, 'recent\x00'}, {0x0, 0x0, 0x4, 0x0, 'syz1\x00'}}, @common=@unspec=@rateest={{0x68, 'rateest\x00'}, {'veth1_to_hsr\x00', 'gre0\x00'}}]}, @unspec=@TRACE={0x20, 'TRACE\x00'}}, {{@uncond, 0x0, 0xa4, 0x10c}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x450) [ 256.652181][ T9830] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 256.698556][ T9830] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 256.735080][ T9830] CPU: 0 PID: 9830 Comm: syz-executor.0 Not tainted 5.9.0-syzkaller #0 [ 256.750217][ T9830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 256.790641][ T9830] RIP: 0010:__do_sys_io_uring_register+0x2fd2/0x3ee0 [ 256.805200][ T9830] Code: ec 03 49 c1 ee 03 49 01 ec 49 01 ee e8 37 43 9c ff 41 80 3c 24 00 0f 85 7d 0d 00 00 4d 8b af b8 01 00 00 4c 89 e8 48 c1 e8 03 <80> 3c 28 00 0f 85 58 0d 00 00 49 8b 55 00 89 d8 c1 f8 09 48 98 4c [ 256.878137][ T9830] RSP: 0018:ffffc9000618fd48 EFLAGS: 00010246 [ 256.878137][ T9830] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000289b000 [ 256.878137][ T9830] RDX: 0000000000040000 RSI: ffffffff81d87ae9 RDI: 0000000000000005 [ 256.878137][ T9830] RBP: dffffc0000000000 R08: 0000000000000001 R09: ffff88802835bd3f [ 256.957035][ T9830] R10: 0000000000000000 R11: 0000000000000000 R12: ffffed1004236c37 [ 256.978360][ T9830] R13: 0000000000000000 R14: ffffed1004236c38 R15: ffff8880211b6000 [ 256.978360][ T9830] FS: 0000000000000000(0000) GS:ffff88802cc00000(0063) knlGS:00000000f559ab40 [ 256.978360][ T9830] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 256.978360][ T9830] CR2: 00007fef9d7d8518 CR3: 00000000606de000 CR4: 0000000000350ef0 [ 257.043195][ T9830] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 257.043195][ T9830] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 257.043195][ T9830] Call Trace: [ 257.043195][ T9830] ? put_old_timespec32+0x101/0x1f0 [ 257.043195][ T9830] ? get_old_timespec32+0x1f0/0x1f0 [ 257.043195][ T9830] ? __ia32_sys_futex_time32+0x30b/0x460 [ 257.043195][ T9830] ? io_async_buf_func+0x7f0/0x7f0 [ 257.146338][ T9830] ? check_preemption_disabled+0x50/0x130 [ 257.146338][ T9830] ? check_preemption_disabled+0x50/0x130 [ 257.146338][ T9830] ? syscall_enter_from_user_mode_prepare+0x13/0x30 [ 257.216295][ T9830] __do_fast_syscall_32+0x56/0x80 [ 257.243949][ T9830] do_fast_syscall_32+0x2f/0x70 [ 257.274535][ T9830] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 257.280149][ T9830] RIP: 0023:0xf7fa0549 [ 257.280149][ T9830] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 257.280149][ T9830] RSP: 002b:00000000f559a0bc EFLAGS: 00000296 ORIG_RAX: 00000000000001ab [ 257.280149][ T9830] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000002 [ 257.280149][ T9830] RDX: 0000000020000080 RSI: 0000000000000002 RDI: 0000000000000000 [ 257.280149][ T9830] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 257.280149][ T9830] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 257.280149][ T9830] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 257.280149][ T9830] Modules linked in: [ 257.718681][ T9830] ---[ end trace 8f0cdd0324888981 ]--- [ 257.754502][ T9830] RIP: 0010:__do_sys_io_uring_register+0x2fd2/0x3ee0 [ 257.789773][ T9830] Code: ec 03 49 c1 ee 03 49 01 ec 49 01 ee e8 37 43 9c ff 41 80 3c 24 00 0f 85 7d 0d 00 00 4d 8b af b8 01 00 00 4c 89 e8 48 c1 e8 03 <80> 3c 28 00 0f 85 58 0d 00 00 49 8b 55 00 89 d8 c1 f8 09 48 98 4c [ 257.852671][ T9830] RSP: 0018:ffffc9000618fd48 EFLAGS: 00010246 [ 257.876146][ T9830] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000289b000 [ 257.913879][ T9830] RDX: 0000000000040000 RSI: ffffffff81d87ae9 RDI: 0000000000000005 [ 257.946874][ T9830] RBP: dffffc0000000000 R08: 0000000000000001 R09: ffff88802835bd3f [ 257.986038][ T9830] R10: 0000000000000000 R11: 0000000000000000 R12: ffffed1004236c37 [ 258.032778][ T9830] R13: 0000000000000000 R14: ffffed1004236c38 R15: ffff8880211b6000 [ 258.054608][ T9830] FS: 0000000000000000(0000) GS:ffff88802cf00000(0063) knlGS:00000000f559ab40 [ 258.074907][ T9830] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 258.088680][ T9830] CR2: 0000000001b85f90 CR3: 00000000606de000 CR4: 0000000000350ee0 [ 258.111755][ T9830] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 258.137483][ T9830] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 258.259793][ T9830] Kernel panic - not syncing: Fatal exception [ 258.263752][ T9830] Kernel Offset: disabled [ 258.263752][ T9830] Rebooting in 86400 seconds..