[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 80.110868][ T32] audit: type=1800 audit(1571976019.155:25): pid=11612 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 80.141973][ T32] audit: type=1800 audit(1571976019.185:26): pid=11612 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 80.162172][ T32] audit: type=1800 audit(1571976019.195:27): pid=11612 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.17' (ECDSA) to the list of known hosts. 2019/10/25 04:00:31 fuzzer started 2019/10/25 04:00:36 dialing manager at 10.128.0.26:37653 2019/10/25 04:00:36 syscalls: 2415 2019/10/25 04:00:36 code coverage: enabled 2019/10/25 04:00:36 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/10/25 04:00:36 extra coverage: enabled 2019/10/25 04:00:36 setuid sandbox: enabled 2019/10/25 04:00:36 namespace sandbox: enabled 2019/10/25 04:00:36 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/25 04:00:36 fault injection: enabled 2019/10/25 04:00:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/25 04:00:36 net packet injection: enabled 2019/10/25 04:00:36 net device setup: enabled 2019/10/25 04:00:36 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 04:04:37 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000200)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2e, 0x46, 0x0, 0x0, 0x800000}}, &(0x7f0000000240)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2', 0x1, 0x348, &(0x7f0000000480)=""/195, 0x0, 0x0, [0x42], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffdf3}, 0x48) syzkaller login: [ 338.695524][T11777] IPVS: ftp: loaded support on port[0] = 21 [ 338.836825][T11777] chnl_net:caif_netlink_parms(): no params data found [ 338.893428][T11777] bridge0: port 1(bridge_slave_0) entered blocking state [ 338.900634][T11777] bridge0: port 1(bridge_slave_0) entered disabled state [ 338.909484][T11777] device bridge_slave_0 entered promiscuous mode [ 338.919132][T11777] bridge0: port 2(bridge_slave_1) entered blocking state [ 338.926405][T11777] bridge0: port 2(bridge_slave_1) entered disabled state [ 338.935155][T11777] device bridge_slave_1 entered promiscuous mode [ 338.966823][T11777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 338.979484][T11777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 339.014948][T11777] team0: Port device team_slave_0 added [ 339.024167][T11777] team0: Port device team_slave_1 added [ 339.196566][T11777] device hsr_slave_0 entered promiscuous mode [ 339.443047][T11777] device hsr_slave_1 entered promiscuous mode [ 339.722261][T11777] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.729485][T11777] bridge0: port 2(bridge_slave_1) entered forwarding state [ 339.737279][T11777] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.745329][T11777] bridge0: port 1(bridge_slave_0) entered forwarding state [ 339.822502][T11777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 339.844062][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 339.857222][ T31] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.868207][ T31] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.883423][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 339.903963][T11777] 8021q: adding VLAN 0 to HW filter on device team0 [ 339.933214][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 339.942658][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 339.951669][ T31] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.958879][ T31] bridge0: port 1(bridge_slave_0) entered forwarding state [ 339.967852][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 339.977250][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 339.986240][ T31] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.994807][ T31] bridge0: port 2(bridge_slave_1) entered forwarding state [ 340.003280][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 340.013266][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 340.028135][T11780] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 340.038224][T11780] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 340.049115][T11780] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 340.073430][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 340.083490][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 340.093301][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 340.102509][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 340.119490][T11777] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 340.132116][T11777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 340.153004][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 340.162560][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 340.183217][T11777] 8021q: adding VLAN 0 to HW filter on device batadv0 04:04:39 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x1420000a77, 0x0) r3 = socket(0x11, 0x800000003, 0x0) bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r3, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@bridge_setlink={0x28, 0x13, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r4}, [@IFLA_AF_SPEC={0x8, 0x1a, [{0x4}]}]}, 0x28}}, 0x0) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[], 0xfffffd88) 04:04:40 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000780)={"54abec7338595f275a2292c45ff078f1cbbf04241d1c3421ec9bf61b2221bc18246e74f0001e36735c2ad340bf94ad2a35cfc5d0953a3b2bfd41e2e051c6765447395415a9b05dffbe957e300168dc46f8377130fd28e50a805a6005ab6167da65430e3fcc214d7893c6d91026b5f5192f346a367dbc8ae5df0fd099b4e7a6dadd7f555b203f504eda86e0e8d8c5f319604db5a686750d03bf3a67210063e9a17ca0a1ccd80a7d57cb034b828b784b14c9e5dd70ca358c6819c3df7f4443dced6d9a56bb54eac6538cc61c5e9ef3bda9feeb62cbe4f0e1d1c7f6cbbcada85dbb247b0551773f0734e6f4733db49c22e497557c2f74bfa0e4af9b6228643f180d9f9e1e2bcdf0c35a5b8c388e728b574a066e190800db7b42573f534b8f60e8f756dc4d8dec7ad58b0474fc002851b265cc72099d43115828ac723e73009150fcf7196b4133e2988d4b0fc459e57293afef8837fa0d5d24b984a95cb4bdc48fc9c6e73ebee6b1a3239b2c0eef7c751ccb9f2dcdc3c69173db48df6b5d6e59e6465283de675a8d053e7f3abf86f43006a5a0c6225a589c12583e767b9d817f17bf690444a18e6f8a35b2cb4b60c191efbb16393560b568ee6c82bed918aa4a34b575ac9966b395aafa7fc3b7f467b484eb7d2617e0a240e8acbc2a7e02b650f7d1be52f462be20faa32dd88eb041e2c46b24ed7ab79c10f05296f5461f4ebda25dd7b9908da4be62b0871b169016fab8aae31c7ba45e5b30b7556a062999f43d2dbb9995d2d5de72ffe885bf6bce45caa470933c0906807da75cd38533d8f16d875452c543b259e78215011d2be638eab023513cfe0693d3107e17cfc87e038fc7d1db232d15307fe1d2a818d0a4bde2c53d221111ffa646514dd1fbd3c011b058f79c6fb0a31857ea309018bf72180a434611195c975cf5e285777231b6f158ecaf212183600379fe9762277c13cb6cde9cc0178b883fd1f210180e599f8eb33d33a9ff0f70db1de485b2f2434f2707bf9a54bb6aff687c515c430d5087f4d53a57adf7c97a06dcc61d7733a93dc505d57d8d5c83bf83e345a979307d708756c3f0f1c53a28883b665fda239019f32fc6f07d700d05023e9ef5b66d4b6be57ffd6fe39703fd4eed61535568f47ee51eff8290618e8387d0ba0d00c5bc4585d2d85688af46bb1da08bf42901634cb10e6b03ee276c16980090b59f3c57b428ae0a7ede758c781e2a5a8585e903adde0a0a281a7779a59067d82985655d9138b75042970e11aee4b95b8bcf232473767cca0139b2c2fb40045c6e031950c314015db2524c3f2fe941f249d158a44aa14774e61b2ee185bdfea8f317e440a39533c6db7ffd3c2b626c1e1e088bcebc59526b016cc6a0e4b766c3f00f619d366e5a4378bc15f805a6fb8c9400"}) [ 341.566907][T11796] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 04:04:40 executing program 0: socket$bt_rfcomm(0x1f, 0x51253494c4300a13, 0x3) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) socket$inet6(0xa, 0x0, 0x7fc) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0xffffffffffffffe9, &(0x7f0000000580)=0x5) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x2, 0x5, 0x800000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x3660, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x10021, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x436c7d688a5fceb0) r2 = add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="4acf665ff77df4f20690a5a83bc1a1e6519321db1dc2bf7eee06d978abdfbb33f3bc7025e6befda3c827875946eb75c14639ab6e76811a733653f72afc34e5fce1bed277a8faa02e6da16041b40bab677d6555e94a42b7ac236c8c35d729ac501cf28293c919f2f3ceec4703c892adeac90504aeb3ba485e09bda66d2b96124cabc4d2e653848e2bd909287d0d2c433d72bbd4333cf37f2a8972bba453c776d2c73c61b9fa2153405fc0253992c918682c7018f6a280a9ff312ae4a6996bd9547aed66e72f94342a7d27b9483f7e2e8e3c5bbb89452fd9bb6708ae89ba29", 0xde, 0xfffffffffffffffe) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000400), &(0x7f0000000540), &(0x7f00000006c0)=0x0) keyctl$chown(0x4, r2, r3, r4) socket$inet6(0xa, 0x80001, 0x1ff) socketpair$unix(0x1, 0x40000000008, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) r6 = socket(0xa, 0x3, 0x8) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000800)=0x0) ioctl$sock_FIOSETOWN(r5, 0x8901, &(0x7f0000000440)=r7) ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x89a2, &(0x7f0000000700)={'bridge0\x00\x00\x02\x00', 0x4}) ioctl$RTC_WKALM_RD(r0, 0x80287010, &(0x7f0000000480)) memfd_create(&(0x7f0000000140)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02\x05\x00\x00\x00\xac', 0x0) write$binfmt_misc(r5, &(0x7f0000000c40)=ANY=[], 0x0) close(r1) r8 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x4000, 0x0) ioctl$VHOST_SET_VRING_ERR(r8, 0x4008af22, 0x0) ioctl$KVM_GET_FPU(r8, 0x81a0ae8c, &(0x7f0000000180)) r9 = accept4$packet(r8, &(0x7f0000001d40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000001d80)=0x14, 0x100000) listen(r9, 0xfffffffd) setsockopt$inet_sctp_SCTP_EVENTS(r6, 0x84, 0xb, &(0x7f0000000740)={0x41, 0x2, 0x80000040, 0x9, 0x1f, 0x7ff, 0x10001, 0x0, 0x7d, 0xfffffffffffffff7, 0xfffffffffffffffd}, 0xfffffffffffffdce) process_vm_writev(r7, &(0x7f0000000bc0)=[{&(0x7f0000000980)=""/165, 0xa5}, {&(0x7f0000000340)=""/27, 0x1b}, {&(0x7f0000000380)=""/52, 0x34}, {&(0x7f0000000a40)=""/73, 0x49}, {&(0x7f0000000ac0)=""/249, 0xf9}, {&(0x7f0000000780)=""/8, 0x8}], 0x6, &(0x7f0000001d00)=[{&(0x7f0000000c40)=""/4096, 0x1000}, {&(0x7f0000001c40)=""/129, 0x81}], 0x100000000000036d, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x13f, 0x1}}, 0x20) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$key(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)=ANY=[@ANYPTR64=&(0x7f0000001dc0)=ANY=[@ANYBLOB="afda8f956352d83af92ad006a654156634c9580d025a479ae67c0d3dd154ac0c86ab570c896f30bdfcb7def634a0e53f2241f59d81888fa42d976ae44c77000142db69273ffb8189c445d140b445a74f88a3ff8988081b710a6c3d2ca54a49e57da8ef042d968373bcea3f8db77dd8c3c05616fd6f9c65e2f9be6eb52117c1b0cb801d8616818944f8c68c4fefc60e5102000000eca02bea80a26b2f3a28dc0b4b7f8c702d5b1517031175242c72edcdf586649ffb8819a7896d90f490a1ceeef53016efd1cb45612ae3c1c81f6543564718e818cb36a6723a522e856814b91416b8f5195d9296ba3c095a2f93f92b2755a0fb69c3b6309717a8828b7a16dfa23a1594a783d64318916e8209e1e73007005e42c4c100000000000000000000000000000000eea75c83c5e897e8cb0398a549282b4dc2e6dcb9e09b61aa734f29a5f09f1b8ca24326ad3d343941824a85770749935a604c308ec4823c7ea96d2344b5578ac763684b9ceb65b3828e30830ef0703a89d237760097ac416fb8034c30d0cf3e01ebd2c1615a16beffc66ba3f07b5f0fb93f0a0f27516cc07a39dc4059345af03ecdd2b5e519ddcbec291cda3ac556d168b6fd58e39aa2438b308a78af989fd05417e2f078905a52ad44199c48cdc9fdaf1aeaf6884bd2420f0c49318ba99d2906d751cc8e1c9e03bae68a7a561eb5aa54f3105d0e3c4c25f076167677a2bdd81c9459782b7435465e616d0726a38754d142c5d3fb9a0a572c2e6ee9e1f8797a9bce4b255c27c82183ee06ad1c02604c394778077d3deec8a8c53bdcd4a2558baa0e4c675eb68fcf6478e47edc245e76337eed1bdae1c61936ec852bf586a63b3022e2570fa67c1df48d1fcc8ae0d83945a83ce025b11de4cd35bcba5d5050c0e6615ffecd61b7fc0950a78486fbdbff8b03c5a53507ce6c193c5931de6dd367036acd9b9f613caee4c792e37bd79376911cd4dbb7aae06204795a9deb7a88a024fccca936e8ab447e9b95e10d9d2e204e1a905ca7bba4c502a5e21a83acc783597f6d17922935"]], 0x8}}, 0xfffffffffffffff9) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="2c0000002000290f0000faffffff000002000000950029000000007069db360bcc53dadb8fac26bef9b701acf2fbd06c53844ae68fd48ff7cbf4792d58542886e422d21624d2b1269f070e86fe63c0e6bb3686769622edd6551c0e", @ANYRES32=0x0, @ANYRES32=0x0], 0x2c}}, 0x0) [ 341.793921][ C0] hrtimer: interrupt took 29669 ns [ 341.809105][T11800] bridge0: port 3(gretap0) entered blocking state [ 341.817364][T11800] bridge0: port 3(gretap0) entered disabled state [ 341.840942][T11800] device gretap0 entered promiscuous mode [ 341.853419][T11800] bridge0: port 3(gretap0) entered blocking state [ 341.860459][T11800] bridge0: port 3(gretap0) entered forwarding state [ 341.886939][T11801] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. 04:04:41 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f00000000c0)='procppp0posix_acl_access$systemselinux\x00', 0x2) write$binfmt_misc(r2, &(0x7f0000000c40)=ANY=[@ANYRES32], 0xff67) sendfile(r1, r2, &(0x7f0000000000), 0xffff) fcntl$addseals(r2, 0x409, 0x9) dup3(r2, r0, 0x0) 04:04:41 executing program 0: capset(&(0x7f0000000040)={0x4000019980330}, &(0x7f0000000080)) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000001480)) [ 342.192106][T11809] capability: warning: `syz-executor.0' uses 32-bit capabilities (legacy support in use) 04:04:41 executing program 0: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001a84bd40450c2760e841000000010902120001000000000904560000c5135e00"], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001c80)={0x2c, &(0x7f0000000240)=ANY=[@ANYBLOB="000001000000101bc2d057d82b08d6eded4ceb02c56b63996458bdc19c925485f8e898e7913f87af09aaebf5b6ef6ca398f978ebba6a1c2d2f5ba86a0fa48814aa4fe42e28cc9531bd98f9098c0323"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_open_dev$adsp(&(0x7f0000000180)='/dev/adsp#\x00', 0x7, 0x8000) r3 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r3, &(0x7f0000005600)=[{0x0, 0x0, 0x0}], 0x1, 0x0) getsockname$packet(r3, &(0x7f0000000580)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000005c0)=0x14) bpf$MAP_CREATE(0x0, &(0x7f0000000600)={0x5, 0x1, 0x1000, 0xffffffffffff0001, 0x0, 0xffffffffffffffff, 0x0, [], r4}, 0x3c) setsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f00000001c0)={r4, @local, @empty}, 0xc) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') sendfile(r1, r5, 0x0, 0xe0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') sendfile(r6, r7, 0x0, 0xe0) ioctl$DRM_IOCTL_AUTH_MAGIC(r7, 0x40046411, &(0x7f0000000200)=0xa32) ioctl$HIDIOCGSTRING(r5, 0x81044804, &(0x7f0000000080)={0xf6, "41abb25a3e6bba359444b731a7709b54e01e14c8bb0cbbca0ab3a79cdc5e37af6b8ab5f2d9d5569e23293751e246d97c3220f41e86d826dc70c5d4b16b7068b19c1ac8b13fd5539d605d36acdb12ee42a05b6d24ff248cc7797811e34ef9c918520946276155d5b01bd23ab5f036f4b4c8c730273204db243437d0ccc2fbe8c0a8a899c5d6dc26683e71482b42c339ebaf0eb5bb8afa9c974a0074745d7fbcb2e728719ef46b5b2b44af591bded94548190e5b864a6083ce17ef2fdc13b557dda32198f66b7fb2b219a7ecef1bcedb5e760fb5680f16591aab3854156d9f588889674a485424c71fb1f46ddf01eae75de9f5f58aeab8"}) 04:04:41 executing program 1: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0) r1 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @initdev}, &(0x7f00000000c0)=0x1c, 0x80000) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000040)='systemvmnet1eth0&].\x00', 0x0, r1) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000280)={&(0x7f0000000100), 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0xa8, r2, 0x300, 0x70bd2a, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x64, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffff70f8fe2}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x10000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xffffffe0}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1685}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7fffffff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7fff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}]}, @TIPC_NLA_LINK={0x24, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3f}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x48001}, 0x80) r3 = signalfd4(r0, &(0x7f00000002c0)={0x8959}, 0x8, 0x800) write$binfmt_script(r3, &(0x7f0000000300)={'#! ', './file0', [{0x20, '/proc/capi/capi20\x00'}, {0x20, 'ppp0Tsecuritywlan1/GPL^'}, {0x20, '!%'}, {0x20, 'vmnet0md5sumvmnet1'}, {0x20, 'broadcast-link\x00'}, {0x20, 'systemvmnet1eth0&].\x00'}, {0x20, 'broadcast-link\x00'}, {0x20, '/{,security'}], 0xa, "72f99ac00ee98330682687c690c9ca88efd3d9d609c435053872e3676f1050535e9d8fbdce2011cb20183c348084c018dc52cd524b0a22c6bfc101c362b27a4e3114df6fd68672135fac1628b26d77210bf2956abed7a2832d0f46812bf7c2912bd21eeb1bc8767f59ddfd96b9a392a94151b3cbc9b897dc012f79ae50dbe2fc71816c3d92990dad47238b0e8a14f05b77a8e9403a29b15065fd3ad15b2093e229b14ca372f7d0f4e718a22479531481b78f175799a762cd1248b6f5100485f0fd0a309e90b7db83410a46ecafe99860ba6a6925a2ddb428e867029b94ecd1"}, 0x16c) r4 = syz_open_dev$amidi(&(0x7f0000000480)='/dev/amidi#\x00', 0x58, 0x200000) ioctl$TCGETX(r4, 0x5432, &(0x7f00000004c0)) sendmsg$TIPC_NL_BEARER_SET(r3, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x34, 0x0, 0xb02, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0x20, 0x6, [@TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x8044) ioctl$VIDIOC_ENUMINPUT(r4, 0xc050561a, &(0x7f0000000600)={0x5, "907d69515e2f4cf1967ae2141f29585b79fe1892caba6c0761af552137691b00", 0x1, 0x7fff, 0x2, 0x1, 0x800210, 0x2}) getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000680), &(0x7f00000006c0)=0x18) ioctl$VIDIOC_G_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000700)={0x5, @vbi={0x6, 0x0, 0x7, 0x15f5dc693a1b629f, [0x9, 0x3f], [0x2a0, 0x80], 0x2}}) r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000800)='/dev/vsock\x00', 0x8000, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000840)=0xa0) bind$vsock_dgram(r0, &(0x7f0000000880)={0x28, 0x0, 0x2710}, 0x10) write$P9_RLCREATE(r4, &(0x7f00000008c0)={0x18, 0xf, 0x1, {{0x1c, 0x3, 0x6}, 0x1}}, 0x18) r7 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000900)='/dev/uhid\x00', 0x802, 0x0) fcntl$setown(r7, 0x8, 0x0) setsockopt$packet_int(r5, 0x107, 0x10, &(0x7f0000000940), 0x4) r8 = syz_open_dev$hiddev(&(0x7f0000000980)='/dev/usb/hiddev#\x00', 0xffffffffffffff48, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r8, 0x400c6615, &(0x7f00000009c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r5, 0x660c) r9 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000a00)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r9, 0x6, 0xe, &(0x7f0000000a40)={@in={{0x2, 0x4e24, @broadcast}}, 0x0, 0x400, 0x0, "779159a20b81515f737aa554be00e3229d3b18cc3255ac7987004f53ba6d27701ff64f0e527b8f6185778d82aee748272676ef7d6acf2d3794eb1b4029c61023979fc8983f65c60b2c34002237847fe6"}, 0xd8) r10 = open(&(0x7f0000000b40)='./file0\x00', 0x81003, 0x1c) write$FUSE_INIT(r10, &(0x7f0000000b80)={0x50, 0x0, 0x8, {0x7, 0x1f, 0x200, 0x801240, 0xc698, 0xf848, 0x1, 0x459}}, 0x50) setsockopt$RDS_FREE_MR(r5, 0x114, 0x3, &(0x7f0000000c00)={{0x9, 0x5}, 0x1}, 0x10) syz_open_dev$video4linux(&(0x7f0000000c40)='/dev/v4l-subdev#\x00', 0x4, 0xc0c00) [ 342.622924][ T838] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 342.827619][T11816] IPVS: ftp: loaded support on port[0] = 21 [ 342.970923][T11816] chnl_net:caif_netlink_parms(): no params data found [ 343.027255][ T838] usb 1-1: config 0 has an invalid interface number: 86 but max is 0 [ 343.035535][ T838] usb 1-1: config 0 has no interface number 0 [ 343.041737][ T838] usb 1-1: New USB device found, idVendor=0c45, idProduct=6027, bcdDevice=41.e8 [ 343.050988][ T838] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.061438][T11816] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.068733][T11816] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.077549][T11816] device bridge_slave_0 entered promiscuous mode [ 343.087278][T11816] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.094615][T11816] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.103446][T11816] device bridge_slave_1 entered promiscuous mode [ 343.112621][ T838] usb 1-1: config 0 descriptor?? [ 343.142981][T11816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 343.156459][T11816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 343.180902][ T838] gspca_main: sonixb-2.14.0 probing 0c45:6027 [ 343.200729][T11816] team0: Port device team_slave_0 added [ 343.210382][T11816] team0: Port device team_slave_1 added [ 343.356786][T11816] device hsr_slave_0 entered promiscuous mode [ 343.492779][T11816] device hsr_slave_1 entered promiscuous mode [ 343.603906][ T838] input: sonixb as /devices/platform/dummy_hcd.0/usb1/1-1/input/input5 [ 343.641912][T11816] debugfs: Directory 'hsr0' with parent '/' already present! [ 343.711885][T11816] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.719111][T11816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 343.726938][T11816] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.734221][T11816] bridge0: port 1(bridge_slave_0) entered forwarding state [ 343.821392][ T838] usb 1-1: USB disconnect, device number 2 [ 343.837961][T11816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 343.859179][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 343.875437][T11814] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.886515][T11814] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.900268][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 343.920340][T11816] 8021q: adding VLAN 0 to HW filter on device team0 [ 343.947042][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 343.957269][T11814] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.964549][T11814] bridge0: port 1(bridge_slave_0) entered forwarding state [ 344.018520][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 344.027940][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 344.037032][T11814] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.044266][T11814] bridge0: port 2(bridge_slave_1) entered forwarding state [ 344.053770][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 344.063813][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 344.073785][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 344.083844][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 344.093747][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 344.103658][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 344.113348][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 344.122678][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 344.131895][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 344.141097][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 344.153585][T11816] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 344.162402][T11814] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 344.208374][T11816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 344.393796][T11826] Unknown ioctl 26124 [ 344.405235][T11826] Unknown ioctl 26124 04:04:43 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) pipe(&(0x7f0000000300)={0xffffffffffffffff}) r4 = dup3(r2, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x10001f}) r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000070c0)='/dev/dlm-monitor\x00', 0x80800, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x101000, 0x0) sendfile(r6, r7, 0x0, 0xe0) getsockopt$inet6_IPV6_IPSEC_POLICY(r7, 0x29, 0x22, &(0x7f0000007100)={{{@in6=@dev, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in6=@mcast2}}, &(0x7f0000007200)=0xe8) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000007240)={'vcan0\x00', r8}) r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, &(0x7f0000000040)="660f382b1a0f01dfdde80f32d9e90f086665676426f7c5000000000f2245deef0b23f5", 0x23}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000a000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000080)="b9000400000f3266ba430066eddc0f0f01c442c20100b9050400000f32430f01c2c482198e5200c4e16d75572ab9800000c00f3235001000000f30", 0x3b}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, 0x0, 0x289}], 0x0, 0x0, 0x0, 0x208) ioctl$KVM_RUN(r9, 0xae80, 0x0) [ 344.602747][ T838] usb 1-1: new high-speed USB device number 3 using dummy_hcd 04:04:43 executing program 1: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, r0, 0x0) r1 = socket(0x40000000015, 0x805, 0x0) getsockopt(r1, 0x114, 0x2718, 0x0, &(0x7f000033bffc)) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) chown(&(0x7f00000001c0)='./file0\x00', r3, 0x0) setresuid(0x0, r3, 0x0) r4 = getgid() semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000340)={{0x7, r3, r4, 0x0, 0x0, 0x20, 0x81}, 0x9, 0x1000}) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) chown(&(0x7f00000001c0)='./file0\x00', r7, 0x0) setresuid(0x0, r7, 0x0) r8 = getgid() semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000340)={{0x7, r7, r8, 0x0, 0x0, 0x20, 0x81}, 0x9, 0x1000}) r9 = getgid() lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r11 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) chown(&(0x7f00000001c0)='./file0\x00', r12, 0x0) setresuid(0x0, r12, 0x0) r13 = getgid() semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000340)={{0x7, r12, r13, 0x0, 0x0, 0x20, 0x81}, 0x9, 0x1000}) getresgid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000200)) getgroups(0x7, &(0x7f0000000240)=[r4, r5, r8, r9, r10, r13, r14]) 04:04:43 executing program 1: r0 = add_key(&(0x7f0000000280)='user\x00', &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000140)="2f88c04077", 0x5, 0xfffffffffffffffb) request_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000080)='\']:vboxnet1\x00', r0) r1 = request_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)='\x00', r0) keyctl$update(0x2, r1, &(0x7f00000000c0)="d907ba8398d568b2dc50c0979299788ea93b75f7dd22c0e3be8626d53e33136039cda09ee212f1b286a744706c8763bb2fa78a17e8d86dc86e77b18c4076d70fb8f3423470645ca1df881c0e6655631410c28ab005411a4fa6efef13b030e14d14f6b93a7d0573af847dc703aeb28fcbccd60ede0873eeb3ab659e0c5893a79697443350c6d77a8c5e3683546978a84817", 0x91) 04:04:44 executing program 1: r0 = socket(0x2, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'syzkaller0\x00', &(0x7f0000000080)=ANY=[@ANYRESOCT]}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x44}) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f0000364000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000a62000/0x1000)=nil) ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, 0x0) r3 = socket(0x2, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000100)=@ethtool_cmd={0x26, 0x80}}) syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) [ 344.962821][ T838] usb 1-1: config 0 has an invalid interface number: 86 but max is 0 [ 344.971052][ T838] usb 1-1: config 0 has no interface number 0 [ 344.978756][ T838] usb 1-1: New USB device found, idVendor=0c45, idProduct=6027, bcdDevice=41.e8 [ 344.987953][ T838] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.043461][ T838] usb 1-1: config 0 descriptor?? [ 345.087039][ T838] gspca_main: sonixb-2.14.0 probing 0c45:6027 04:04:44 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') sendfile(r1, r2, 0x0, 0xe0) r3 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x7, 0x80) ioctl$KVM_SET_SIGNAL_MASK(r3, 0x4004ae8b, &(0x7f0000000200)={0x62, "ad25a1fc2921ccde48622814d9727d3024e6a0bd907095882fcc2997e024a1b0a1315d05a9e9d7aae202196cc694a43a35b01f55efdd99b2e785b37ae865c0b5dbeefd04a291c12eac0857f660adf0d6a95e7db87440363a268ae89ec6519083aa45"}) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000000)={0x1, 0x4, 0x8001, 0x2, 0x19, 0x52, 0x5, 0xff, 0x4, 0x9}) write(r0, &(0x7f0000000080)="1f000000100005030205000100130485dcffcf005e67e2337654c21dd78d22f8ce4bff8dc2bcffab17f717e22134e35f07bacdb5184385e40903a40a0f44f101ab62f2cf81b1b7f7b7febe3a93c46ec17d270ed93c223031442847884bd8af1debefbc9a670e2a9b4389d73b9cc55c80870a591f53ae5255140c0fe71c5c8dc6ecbfe993d0fa8172920bb6d072098298f9c4d8a55d03855c706235fe6b948bb5fcfac9cf47ea89af8a2dabb2079f3c68477a36863001dce0ed1c3b4516c62d4d81e2fd1f2665deab036cc036eafbf305f431eeb38ebbbe6da315e51a61f9bb31e8bc65643722a7824fda6260b94d51c2ef3816d5dfd7b488faab397d131c032351d80fc11e7f5bd4556fe3cc1ce4b7c245a5ae2b0440b6d8584184cf41470f9526bcc81bd21379b09fb9a67315d6b5e7ae7a6960ee4f4aabe8cbedcd79df8ef69a250e996ad39653e3c89ff3f9929af19bfd17e4000000000000", 0xfffffffffffffed5) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r3, 0x40042409, 0x1) 04:04:44 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @local}, 0x1c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') sendfile(r1, r2, 0x0, 0xe0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0xa) fcntl$dupfd(r0, 0x406, r1) syz_emit_ethernet(0x3e, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaae449438ad201000100dd6050a01c00081100fe8000000000000000000000000000bbfe8000000000000000000000000000aa820ef23f5a9bd0efe62b4dbce428b0e985d835a1aa2a95e5f4837e1a2a28d1639e454f68cb547f9077eac81bcb2ab8313028420a8c9c5b275ff534277b7a65561d1e30f6c8caa943a657691d1742805ebd8ff518938adee6faef55b0575a56956e2d808babb7628a864f72d14c3f40490d87c1bfb3238f2488703e441c5888d592b7fd30b261962ab1743e01d4c30c4acb7bad871e7f2e5c5a12ab02caf2d75733086c8a1007c376db71f97d4d81f3782a5a36292ed82f1c64f5c10bdf86006242f6b599df00d3590f870a00008d78e14c43bb3c3295afce498b3c1bb04b6f454fe0789c9c6216897a3a1af5255f7a5605245e062b093718571bd89db4e1ace3d8689f5eedfd9521e46fbcaa737f15dd8eefb423f093f1c6d86e02269f2969596c43c3f346d4c9029e0da3c0e2a0b4b87e4e88ac3be8e05a06a5110850968e7ff300176bb43779a7"], 0x0) [ 345.332690][T11854] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 04:04:44 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$dri(&(0x7f00000000c0)='/dev/dri/card#\x00', 0x9, 0x800) write$binfmt_misc(r2, &(0x7f00000005c0)=ANY=[@ANYRES32], 0x4) read(r0, &(0x7f0000000000)=""/184, 0xbfcc8116) tee(r0, r1, 0x80, 0x0) 04:04:44 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000080)={0x43, 0x2, 0x1}, 0x10) sendfile(r0, r1, 0x0, 0xe0) syz_usb_connect$uac1(0x0, 0x1, &(0x7f0000000140)=ANY=[@ANYPTR=&(0x7f0000000040)=ANY=[@ANYPTR64=&(0x7f0000000000)=ANY=[], @ANYRESHEX]], 0x0) [ 345.399193][ T838] sonixb 1-1:0.86: Error writing register 01: -71 [ 345.405930][ T838] sonixb: probe of 1-1:0.86 failed with error -71 [ 345.443235][ T838] usb 1-1: USB disconnect, device number 3 04:04:45 executing program 0: r0 = socket$inet6_sctp(0xa, 0x4000000000000001, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000000)="fd4378ff01000000000000440f54dee8e66786a2d0a6b98334619abd00000001f74dcb7da9b29167cc035ad80b660b40419226432878d19cf87842e02c064c8781efa0f1f56aacdd47cbdd2f114a198f122a", 0x52, 0x4040040, &(0x7f000005ffe4)={0xa, 0x3, 0xfffffffe, @loopback, 0x5}, 0xd0) recvfrom$inet6(r0, &(0x7f0000000300)=""/228, 0xffffffffffffff4f, 0x0, 0x0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x2c3, 0x4200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') sendfile(r2, r3, 0x0, 0xe0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f0000000080)={r6}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r6, 0x227aa9fd}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000140)={r7, 0x8001, 0xea6f, 0x8, 0x8, 0x672}, &(0x7f0000000180)=0x14) close(r0) 04:04:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x80000, 0x0) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r2, 0xc0905664, &(0x7f0000000080)={0x0, 0x0, [], @raw_data=[0xfffff6fb, 0x8000, 0x5, 0x3, 0x6, 0xe3, 0x8, 0x20, 0x6, 0x8, 0x3ff, 0x0, 0xff, 0x7, 0x1da40000, 0xcd5a, 0x0, 0xffffff01, 0x7, 0x1f, 0x9, 0x8000, 0x5, 0x0, 0x9, 0x2, 0x8000, 0xb111, 0x4, 0x3, 0x4, 0x6]}) ioctl$KIOCSOUND(r1, 0x4b2f, 0x1) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x28, 0x10, 0x501, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0xdac0ed90bf8454b5}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x4005}, 0x80) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, r3, 0x20, 0x70bd27, 0x25dfdbfd, {{}, 0x0, 0x410c, 0x0, {0xc, 0x14, 'syz0\x00'}}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4041}, 0x0) 04:04:45 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000140)='/dev/video#\x00', 0x0, 0x0) semget(0x1, 0x2, 0x582) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000000)={0x0, 0x3016}) 04:04:45 executing program 0: syz_emit_ethernet(0x4e, &(0x7f0000000000)={@local, @empty=[0xffffffffa0008000, 0xd00], [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}, @remote, {[@end]}}, @tcp={{0x0, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@mss={0x2, 0x4}, @exp_fastopen={0xfe, 0xb, 0xf989, "20925fea38e5e0"}, @sack_perm={0x4, 0x2}]}}}}}}}, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x8082, 0x0) write$P9_RCLUNK(r0, &(0x7f0000000040)={0x7, 0x79, 0x1}, 0x7) 04:04:45 executing program 1: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio\x00', 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') sendfile(r1, r2, 0x0, 0xe0) write$USERIO_CMD_REGISTER(r0, &(0x7f0000000200)={0x0, 0x20}, 0x1) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100000000008, 0x9da, 0x6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x22}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') sendfile(r4, r5, 0x0, 0xe0) setsockopt$CAIFSO_REQ_PARAM(r5, 0x116, 0x80, &(0x7f0000000240)="9ee68e915a8e83b924124eb80111c6b8ac4a59c1513fd5e6f200bd049acad6237ba3fbf4dc5553e1bf3c4b4041291eae029539c3cdbe7ec35c4005b01205fadf2302afc21fafc8c2628d4d0e06db85a1e597b8cbb4e286bbfc3a955215628b9db62d1e3ec586f2c8af05071c6f2ed6f1feb4d65f8097bc212eca5c635967d26276605c3f0f5f9fcc8ab0f5a0d3c9b81be1f4ff9371393c71cf878b5f4509a9e3ee7f6733fa1c489f3e6f808865ebe2b42ee09060da9748e2fbebe18bb44bcefa3f57bb665eee18690d4bd6b5ef6f6cda5c38642bf3899b41461d5ae6a6cd1298", 0xe0) syz_usb_control_io(r3, &(0x7f0000000140)={0x2c, &(0x7f0000000340)=ANY=[@ANYBLOB="00002200000022007e07806b2fef929de3f2f6839c2670121f485dd7d1b330d5a36b831934db0197ed2258355fca6d59c91b655d9bffdc31893a6345ef027ccba951a65a988d05640d0795c1d83a2de078b345ec2a267db384a67080aab98fed0f632fa4fcfe9049c6f3c528d38c608ec0977ff8bbe160e0fb11585c545d7d366a5bd810415c5c6afd6ec53b5153db7c9f2fd712e47ee274b281bb12799f22e2497858fb986ae1c39a87b7995b81505c4d2e85dd57ee56b23cfa713265e626279338e1c250aac2a79668fb1681b28990d529659197504413c48e8df420c9643485a4f17838001748dcbcba3af0"], 0x0, 0x0, 0x0, 0x0}, 0x0) 04:04:45 executing program 0: openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(0xffffffffffffffff, 0x40085112, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001680)=ANY=[@ANYBLOB="120100005300bb08f80603306f25000000010902120001000000000904d400000e9a3900031189f8722e51048bfbe80e0ccdce508ff0a870fc6e36df16269fcaf775051655c58650cc37be121822fc052a58b4ebcd9c8a3cbf91e13234c6c46acdd2e288fd683e47555da2dcd053b7e4ae850b1166e4aa"], 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') sendfile(r1, r2, 0x0, 0xe0) accept4$tipc(r2, &(0x7f0000000000)=@name, &(0x7f0000000040)=0x10, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001400)={0x2c, &(0x7f00000003c0)=ANY=[@ANYBLOB='\x00\x00)'], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) [ 346.773739][T11882] misc userio: Invalid payload size [ 347.052633][ T31] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 347.113106][T11780] usb 1-1: new high-speed USB device number 4 using dummy_hcd 04:04:46 executing program 2: r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x238) ioctl$TCFLSH(r0, 0x540b, 0x7fff) ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, &(0x7f0000000040)="0dc1e34115b6f1de63d3251031e136fbbc0512291d973ea2b8f027bb5db349b5f793e18a41dda46701e353c672379026a3c4625165fa97d9b7a94174aa4836fd0c355313a15f4c3f63067a884aea799f6a0d700ce3bfd775399ec0c7b62b8a9a9b19bb975cf8589d07dd3acb68b5798295c1e7bcb18388c5b568ff92c8ca85986547c066f3f09929815d2a69e1d62786e9deb6c8cd907dcadfe6419902c8ff86d69d150ff7f8e818c1d091f8f6c97333d373e21b0d4c16ce0db841161d856453fcc3870bdc8aec057de48e22e48689501b999f80ddbb01bdce0278deb686f10175b8bc658df10e87a53363b01599c271ca02d39135e5123432") ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000140)) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000180)) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f00000001c0)=""/158) r1 = syz_open_dev$vcsn(&(0x7f0000000280)='/dev/vcs#\x00', 0x4, 0x180) setsockopt$inet6_buf(r1, 0x29, 0x2b, &(0x7f00000002c0)="f0e6a2133e80298a94c8728289e81b1650596471b9324b82f5a8a0fc511a0f5ea4d3286efe5159b4edbcfeb39b2727c84c8cc42213c2122b7d0066e11900e9909dbb7890c619", 0x46) r2 = syz_open_dev$vcsn(&(0x7f0000000340)='/dev/vcs#\x00', 0x2, 0x80402) ioctl$KDGKBLED(r2, 0x4b64, &(0x7f0000000380)) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$PPPIOCGMRU(r3, 0x80047453, &(0x7f0000000400)) r4 = pkey_alloc(0x0, 0x0) pkey_mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, r4) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000440)='/dev/dlm-control\x00', 0x2081c0, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000480)={0x0, 0x7}, &(0x7f00000004c0)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r5, 0x84, 0x6c, &(0x7f0000000500)={r6, 0x32, "06ac752731f3401b00b99d0b53317a6297818a3b83a3db2528a6e3e1e5ee5646970058e28495dea8c7c17f227f4e646c443f"}, &(0x7f0000000540)=0x3a) setxattr$trusted_overlay_nlink(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)='trusted.overlay.nlink\x00', &(0x7f0000000600)={'L+', 0x7}, 0x28, 0x2) connect$caif(r5, &(0x7f0000000640), 0x18) ioctl$KDENABIO(0xffffffffffffffff, 0x4b36) r7 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000680)='/dev/mixer\x00', 0x1, 0x0) connect$rxrpc(r7, &(0x7f00000006c0)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x25}}}, 0x24) r8 = socket$isdn_base(0x22, 0x3, 0x0) listen(r8, 0x8001) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@empty, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}}}, &(0x7f0000000800)=0xe8) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000840)={r9, 0x1, 0x6, @broadcast}, 0x10) r10 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000880)='/dev/sequencer2\x00', 0x101000, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r10, 0x10e, 0x4, &(0x7f00000008c0)=0xfff, 0x4) ioctl$FS_IOC_GETFLAGS(r7, 0x80086601, &(0x7f0000000900)) r11 = accept$alg(0xffffffffffffffff, 0x0, 0x0) getpeername(r11, &(0x7f0000000940)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f00000009c0)=0x80) [ 347.312944][ T31] usb 2-1: Using ep0 maxpacket: 8 [ 347.372145][T11780] usb 1-1: Using ep0 maxpacket: 8 [ 347.432322][ T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 347.443465][ T31] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 347.456597][ T31] usb 2-1: New USB device found, idVendor=09da, idProduct=0006, bcdDevice= 0.00 [ 347.465792][ T31] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.512839][T11780] usb 1-1: config 0 has an invalid interface number: 212 but max is 0 [ 347.521210][T11780] usb 1-1: config 0 has no interface number 0 [ 347.527476][T11780] usb 1-1: New USB device found, idVendor=06f8, idProduct=3003, bcdDevice=25.6f [ 347.536630][T11780] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.547581][ T31] usb 2-1: config 0 descriptor?? [ 347.562059][T11780] usb 1-1: config 0 descriptor?? [ 347.617075][T11780] gspca_main: ov534_9-2.14.0 probing 06f8:3003 [ 347.685100][T11889] IPVS: ftp: loaded support on port[0] = 21 [ 347.834203][T11889] chnl_net:caif_netlink_parms(): no params data found [ 347.891671][T11889] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.898960][T11889] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.907776][T11889] device bridge_slave_0 entered promiscuous mode [ 347.917912][T11889] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.925230][T11889] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.934039][T11889] device bridge_slave_1 entered promiscuous mode [ 347.967518][T11889] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 347.980312][T11889] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 348.013832][T11889] team0: Port device team_slave_0 added [ 348.023851][T11889] team0: Port device team_slave_1 added [ 348.059531][ T31] a4tech 0003:09DA:0006.0001: unknown main item tag 0x2 [ 348.066998][ T31] a4tech 0003:09DA:0006.0001: item fetching failed at offset 967922210 [ 348.075959][ T31] a4tech 0003:09DA:0006.0001: parse failed [ 348.082061][ T31] a4tech: probe of 0003:09DA:0006.0001 failed with error -22 [ 348.156664][T11889] device hsr_slave_0 entered promiscuous mode [ 348.232759][T11889] device hsr_slave_1 entered promiscuous mode [ 348.261404][ T31] usb 2-1: USB disconnect, device number 2 [ 348.292453][T11889] debugfs: Directory 'hsr0' with parent '/' already present! [ 348.323995][T11889] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.331237][T11889] bridge0: port 2(bridge_slave_1) entered forwarding state [ 348.339082][T11889] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.346354][T11889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 348.430218][T11889] 8021q: adding VLAN 0 to HW filter on device bond0 [ 348.453453][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 348.464700][ T838] bridge0: port 1(bridge_slave_0) entered disabled state [ 348.476057][ T838] bridge0: port 2(bridge_slave_1) entered disabled state [ 348.490112][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 348.516082][T11889] 8021q: adding VLAN 0 to HW filter on device team0 [ 348.536737][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 348.545947][ T838] bridge0: port 1(bridge_slave_0) entered blocking state [ 348.553199][ T838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 348.609847][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 348.619281][ T838] bridge0: port 2(bridge_slave_1) entered blocking state [ 348.626533][ T838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 348.637089][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 348.647342][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 348.657019][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 348.673099][T11821] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 348.681702][T11821] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 348.696031][T11889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 348.736372][T11889] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 348.780785][T11892] misc userio: Invalid payload size 04:04:47 executing program 2: r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x238) ioctl$TCFLSH(r0, 0x540b, 0x7fff) ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, &(0x7f0000000040)="0dc1e34115b6f1de63d3251031e136fbbc0512291d973ea2b8f027bb5db349b5f793e18a41dda46701e353c672379026a3c4625165fa97d9b7a94174aa4836fd0c355313a15f4c3f63067a884aea799f6a0d700ce3bfd775399ec0c7b62b8a9a9b19bb975cf8589d07dd3acb68b5798295c1e7bcb18388c5b568ff92c8ca85986547c066f3f09929815d2a69e1d62786e9deb6c8cd907dcadfe6419902c8ff86d69d150ff7f8e818c1d091f8f6c97333d373e21b0d4c16ce0db841161d856453fcc3870bdc8aec057de48e22e48689501b999f80ddbb01bdce0278deb686f10175b8bc658df10e87a53363b01599c271ca02d39135e5123432") ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000140)) ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000180)) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f00000001c0)=""/158) r1 = syz_open_dev$vcsn(&(0x7f0000000280)='/dev/vcs#\x00', 0x4, 0x180) setsockopt$inet6_buf(r1, 0x29, 0x2b, &(0x7f00000002c0)="f0e6a2133e80298a94c8728289e81b1650596471b9324b82f5a8a0fc511a0f5ea4d3286efe5159b4edbcfeb39b2727c84c8cc42213c2122b7d0066e11900e9909dbb7890c619", 0x46) r2 = syz_open_dev$vcsn(&(0x7f0000000340)='/dev/vcs#\x00', 0x2, 0x80402) ioctl$KDGKBLED(r2, 0x4b64, &(0x7f0000000380)) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$PPPIOCGMRU(r3, 0x80047453, &(0x7f0000000400)) r4 = pkey_alloc(0x0, 0x0) pkey_mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, r4) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000440)='/dev/dlm-control\x00', 0x2081c0, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000480)={0x0, 0x7}, &(0x7f00000004c0)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r5, 0x84, 0x6c, &(0x7f0000000500)={r6, 0x32, "06ac752731f3401b00b99d0b53317a6297818a3b83a3db2528a6e3e1e5ee5646970058e28495dea8c7c17f227f4e646c443f"}, &(0x7f0000000540)=0x3a) setxattr$trusted_overlay_nlink(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)='trusted.overlay.nlink\x00', &(0x7f0000000600)={'L+', 0x7}, 0x28, 0x2) connect$caif(r5, &(0x7f0000000640), 0x18) ioctl$KDENABIO(0xffffffffffffffff, 0x4b36) r7 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000680)='/dev/mixer\x00', 0x1, 0x0) connect$rxrpc(r7, &(0x7f00000006c0)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x25}}}, 0x24) r8 = socket$isdn_base(0x22, 0x3, 0x0) listen(r8, 0x8001) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000700)={{{@in6=@empty, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}}}, &(0x7f0000000800)=0xe8) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000840)={r9, 0x1, 0x6, @broadcast}, 0x10) r10 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000880)='/dev/sequencer2\x00', 0x101000, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r10, 0x10e, 0x4, &(0x7f00000008c0)=0xfff, 0x4) ioctl$FS_IOC_GETFLAGS(r7, 0x80086601, &(0x7f0000000900)) r11 = accept$alg(0xffffffffffffffff, 0x0, 0x0) getpeername(r11, &(0x7f0000000940)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f00000009c0)=0x80) 04:04:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') sendfile(r1, r2, 0x0, 0xe0) ioctl$RTC_PLL_SET(r2, 0x40207012, &(0x7f0000000040)={0x62c, 0x400, 0x8, 0xcbf, 0xfff, 0x9e3, 0xfff}) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c1241319bd070") sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="021800001000000000000019000000000800120000000000000009000000007e28006e39498b80bc0000000010000000e000000100000000000000265bac760700000000000000000000000000000000030006001600000002002000ac14ffbb000000000000000003000500000000000200003db28dbebb0000000000000000"], 0x80}}, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmmsg(r3, &(0x7f0000000180), 0x400000000000117, 0x0) [ 349.053565][T11821] usb 2-1: new high-speed USB device number 3 using dummy_hcd 04:04:48 executing program 2: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getownex(r0, 0x10, &(0x7f00000002c0)={0x0, 0x0}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x10, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}, r1, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0), 0x106, 0x8}}, 0x20) write$UHID_DESTROY(0xffffffffffffffff, 0x0, 0x0) unshare(0x8000400) fchmod(0xffffffffffffffff, 0x0) openat$userio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/userio\x00', 0x129200, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000200)) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000080)={0x7fff, 0x401, 0x4, 0x0, 0x9}) r2 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(0xffffffffffffffff, &(0x7f0000000240)={0x7, 0x8, 0xfa00, {r3}}, 0x10) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net\x00') getsockopt$inet_sctp_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f00000003c0), &(0x7f0000000400)=0x4) syz_open_dev$radio(&(0x7f0000000280)='/dev/raeio#\x00', 0x0, 0x2) mmap$usbfs(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x100010, 0xffffffffffffffff, 0x0) setxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f0000000180)='./file0\x00', 0x8, 0x0) unshare(0x40000000) [ 349.282114][T11908] IPVS: ftp: loaded support on port[0] = 21 [ 349.293695][T11821] usb 2-1: Using ep0 maxpacket: 8 [ 349.367995][T11909] IPVS: ftp: loaded support on port[0] = 21 04:04:48 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000004ff0)={0x0, &(0x7f0000002fe8)}, 0x10) 04:04:48 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl(r0, 0x4000008912, &(0x7f0000000140)="295ee1311f16f477671070") r1 = socket$inet6(0xa, 0x1000000000002, 0x0) socket$inet6(0xa, 0x80000, 0x7fff) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f760070") bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x7f, 0x1, 0x3, 0x0, 0xffffffffffffff9c}, 0x21d) getegid() r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x40000, 0x0) r3 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000000)={0x7, 0x1, 0x3, 0x401, 0xfffffffc}, 0xc) getsockopt$TIPC_CONN_TIMEOUT(r2, 0x10f, 0x82, &(0x7f0000000100), &(0x7f00000002c0)=0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') sendfile(r4, r5, 0x0, 0xe0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000040)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5, 0x1, 0x2, 0x7, 0x8, 0x7fff, 0x4}, 0x20) r6 = getpid() accept4$unix(r2, &(0x7f0000000300)=@abs, &(0x7f00000003c0)=0xffffff50, 0x80800) ptrace$getregs(0xe, r6, 0x250, &(0x7f0000000200)=""/93) setsockopt$inet6_int(r3, 0x29, 0xc8, &(0x7f00000000c0)=0x3f, 0x4) setsockopt$inet6_MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000000540)={0x8, 0x0, 0x0, 0x1, 0x8001}, 0xc) setsockopt$inet6_MRT6_ADD_MFC(r3, 0x29, 0xc9, &(0x7f0000000180)={{0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, {0xa, 0x0, 0x0, @remote}}, 0x5c) [ 349.586924][T11780] gspca_ov534_9: reg_w failed -71 04:04:48 executing program 1: lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='security.capability\x00', &(0x7f0000000100)=@v2={0x2000000, [{0x3}]}, 0x13, 0x0) execve(&(0x7f0000000440)='./file0\x00', 0x0, 0x0) [ 349.694033][T11821] usb 2-1: device descriptor read/all, error -71 04:04:48 executing program 2: r0 = socket(0x2, 0x6, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000009ff4)={0x2}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x29, &(0x7f0000007ffc)=0x1020403, 0xfffffd1d) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) r1 = open(&(0x7f0000000000)='./file0\x00', 0x2, 0x10) ioctl$HDIO_GETGEO(r1, 0x301, &(0x7f0000000040)) 04:04:49 executing program 1: r0 = socket(0x15, 0x80005, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0xfffffffffffffffd, 0x4000031, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x2}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000100)={r1, 0x7, 0x1ff, 0x7fff}, &(0x7f0000000140)=0x10) r2 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x200, 0x125000) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f0000000080)={0x6, 0x0, 0x8}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000180)={0x0, 0x0}) fcntl$setown(r2, 0x8, r3) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000001c0)) getpid() fcntl$getownex(r4, 0x10, &(0x7f0000000240)={0x0, 0x0}) r6 = syz_open_procfs(r5, &(0x7f0000000280)='smaps\x00') sendfile(r4, r6, 0x0, 0xe0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') sendfile(r7, r8, 0x0, 0xe0) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@mcast2, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@remote}}, &(0x7f00000002c0)=0xe8) lstat(&(0x7f0000002800)='./file0\x00', &(0x7f0000002840)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000028c0)={{{@in6=@rand_addr="2f6bab6ba44d3ffdaf5fce9dccb300b0", @in6=@empty, 0x4e21, 0x8, 0x4e22, 0x3, 0xa, 0x0, 0x80, 0x2, r9, r10}, {0x7fffffff, 0x81, 0x9e4, 0x7, 0x5, 0x6, 0xfb6c, 0x9}, {0x7fffffff, 0xfffffffffffffffd, 0x3, 0x3f}, 0xfffffff8, 0x0, 0x2, 0x2, 0x1}, {{@in6=@local, 0x4d2, 0x33}, 0xa, @in6=@rand_addr="0166fb2618517b8e230e77ca03ce584f", 0x3506, 0x0, 0x1, 0x1, 0x4, 0x1, 0x5}}, 0xe8) [ 349.942596][T11780] gspca_ov534_9: Unknown sensor 0000 [ 349.942802][T11780] ov534_9: probe of 1-1:0.212 failed with error -22 [ 349.984110][T11780] usb 1-1: USB disconnect, device number 4 04:04:49 executing program 2: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="12014000c0647840572307018de6000002010902120001000000000904b82c0000ffffff00fdf3b59c0e3f0006d32f9c468fc4f95f8534b82dc5af14b7a87ba2c625e55100200000000000000000"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001800)={0xac, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000100000000324d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x5, 0x40200) ioctl$PIO_FONTX(r3, 0x4b6c, &(0x7f0000000100)="f40fb8fa5f8b6a5b46e024ac5472eab86184377b588eb97706bd4c9214bfdc0baeb1eb31e17c3ac388e75067659e7eb72930870b98478339b4b6bedf005e5013197dc88384da2110a87f5a2a9b517c7a8fb77d1db3319cfadbef86c30f7fe611709b812e7debd7f041779405a97ef139091cc76e7198d13836f6420aeba6dd1e659e40f3a52c76a1582f85c66c8ebc3d62672adacf01213688395e1b66380aec03339ebb1a57f6222850ad75748b37743c875943abeeb436e12bdac9ef7e7dce24b4854d964902805283ca23f23feed7905439408d615f") 04:04:49 executing program 1: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x11, 0x1, 0x10, &(0x7f0000000140)={0x0, 0x0}) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380), 0x10000023, &(0x7f00000002c0)=""/77, 0x42e}, 0x0) recvmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x2, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0xffffff77}], 0x1, &(0x7f00000001c0)=""/17, 0xffda}, 0x3f00) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100), 0x23f, &(0x7f0000000000)}, 0x4000890) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') sendfile(r2, r3, 0x0, 0xe0) r4 = socket$netlink(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f0000000000)={0x0, 0x3a, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="6c0000084276309e6a439cec96166c4f2e26681dc8cf43206e5926ba47d165783c4770daecbddb94e4734312de", @ANYRES16=r5, @ANYBLOB="010000000000000000000300000058000100100001007564703a73797a304000000044000400200001000a000000000000000000000000000000000000000000000100800000200002000a00000000000000ff01000000000000000000000000000100000000"], 0x6c}}, 0x0) sendmsg$TIPC_NL_MON_GET(r3, &(0x7f00000007c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0xa0de37a2ad0ff3fd}, 0xc, &(0x7f0000000780)={&(0x7f0000000580)={0x1d8, r5, 0x0, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x20, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xb502}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xb8e}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}]}, @TIPC_NLA_LINK={0xfc, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe5f}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x318a}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc27}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x534b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x47fa6b2f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5b6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8ddf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}]}, @TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NODE={0x24, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10001}]}, @TIPC_NLA_MEDIA={0x50, 0x5, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa2}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NET={0xc, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0xffffc37e}]}]}, 0x1d8}, 0x1, 0x0, 0x0, 0x800}, 0x24000029) sendmsg(0xffffffffffffffff, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') sendfile(r6, r7, 0x0, 0xe0) ioctl$UI_SET_SWBIT(r7, 0x4004556d, 0xf) r8 = syz_open_dev$adsp(&(0x7f0000000240)='/dev/adsp#\x00', 0x4ae, 0x7f6b820a008b1141) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000340)={'team0\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2540}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)=@ipv4_getaddr={0x68, 0x16, 0x4, 0x70bd25, 0x25dfdbfb, {0x2, 0x40, 0x2, 0x0, r9}, [@IFA_CACHEINFO={0x14, 0x6, {0x1, 0x84, 0x7d320ac}}, @IFA_LOCAL={0x8, 0x2, @empty}, @IFA_BROADCAST={0x8, 0x4, @multicast2}, @IFA_BROADCAST={0x8, 0x4, @multicast1}, @IFA_LABEL={0x14, 0x3, 'veth1_to_hsr\x00'}, @IFA_BROADCAST={0x8, 0x4, @multicast1}, @IFA_LOCAL={0x8, 0x2, @rand_addr=0x3ff}]}, 0x68}}, 0x20000000) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='children\x00') sendfile(r10, r11, 0x0, 0xe0) setsockopt$sock_linger(r10, 0x1, 0xd, &(0x7f0000000800)={0x1, 0x8f43}, 0x8) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x3e, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r12 = socket$isdn_base(0x22, 0x3, 0x0) ioctl$IMGETDEVINFO(r12, 0x80044944, &(0x7f00000004c0)={0xcb2d}) r13 = socket$kcm(0x29, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r13, 0x89e0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) [ 350.423216][ T838] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 350.482027][T11780] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 350.743162][T11780] usb 1-1: Using ep0 maxpacket: 8 [ 350.782141][ T838] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 350.790440][ T838] usb 3-1: config 0 has no interface number 0 [ 350.797127][ T838] usb 3-1: config 0 interface 184 has no altsetting 0 [ 350.882252][ T838] usb 3-1: New USB device found, idVendor=2357, idProduct=0107, bcdDevice=e6.8d [ 350.891445][ T838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=2 [ 350.899641][ T838] usb 3-1: SerialNumber: syz [ 350.907448][ T838] usb 3-1: config 0 descriptor?? 04:04:50 executing program 0: r0 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000180)) r1 = socket$kcm(0x2b, 0x8000000000001, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r2, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)="9e4301000006000000011fe4ac14140ceb", 0x11}], 0x1}, 0x0) 04:04:50 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f00000000c0)={'\x00', 0x400}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000001c0)={0x200000000000004a, &(0x7f0000000140)}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/d_\xdf\xa6\xa3\xf2\x8a\xf3S\x815\x00', 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) [ 351.172864][T11780] usb 1-1: device descriptor read/all, error -71 [ 351.222084][T11945] ===================================================== [ 351.229142][T11945] BUG: KMSAN: uninit-value in __flow_hash_from_keys+0x572/0x14e0 [ 351.236861][T11945] CPU: 0 PID: 11945 Comm: syz-executor.0 Not tainted 5.4.0-rc3+ #0 [ 351.244762][T11945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 351.254818][T11945] Call Trace: [ 351.258271][T11945] dump_stack+0x191/0x1f0 [ 351.262770][T11945] kmsan_report+0x128/0x220 [ 351.267294][T11945] __msan_warning+0x73/0xe0 [ 351.271818][T11945] __flow_hash_from_keys+0x572/0x14e0 [ 351.277221][T11945] ? kmsan_internal_set_origin+0x6a/0xb0 [ 351.282878][T11945] __skb_get_hash+0x160/0x3f0 [ 351.287599][T11945] ip_tunnel_xmit+0x7e9/0x3320 [ 351.292504][T11945] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 351.298406][T11945] gre_tap_xmit+0xa73/0xb80 [ 351.302937][T11945] ? gre_tap_init+0x650/0x650 [ 351.307619][T11945] dev_hard_start_xmit+0x51a/0xab0 [ 351.312749][T11945] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 351.318659][T11945] sch_direct_xmit+0x56c/0x18c0 [ 351.323541][T11945] __dev_queue_xmit+0x212d/0x4200 [ 351.328569][T11945] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 351.334493][T11945] dev_queue_xmit+0x4b/0x60 [ 351.339034][T11945] br_dev_queue_push_xmit+0x803/0x8b0 [ 351.344425][T11945] __br_forward+0xa60/0xe30 [ 351.348940][T11945] ? fdb_add_hw_addr+0x510/0x510 [ 351.353887][T11945] br_flood+0xb4f/0xfe0 [ 351.358073][T11945] br_dev_xmit+0x134f/0x16e0 [ 351.362685][T11945] ? br_net_exit+0x230/0x230 [ 351.367278][T11945] dev_hard_start_xmit+0x51a/0xab0 [ 351.372406][T11945] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 351.378308][T11945] __dev_queue_xmit+0x35b6/0x4200 [ 351.383371][T11945] ? llc_sysctl_exit+0x110/0x110 [ 351.388318][T11945] dev_queue_xmit+0x4b/0x60 [ 351.392831][T11945] neigh_resolve_output+0xab7/0xb50 [ 351.398053][T11945] ? neigh_event_ns+0x8a0/0x8a0 [ 351.402944][T11945] ip_finish_output2+0x1a9c/0x25d0 [ 351.408093][T11945] __ip_finish_output+0xaf8/0xda0 [ 351.413152][T11945] ip_finish_output+0x2db/0x420 [ 351.418032][T11945] ip_output+0x541/0x610 [ 351.422293][T11945] ? ip_mc_finish_output+0x6d0/0x6d0 [ 351.427678][T11945] ? ip_finish_output+0x420/0x420 [ 351.432702][T11945] ip_local_out+0x164/0x1d0 [ 351.437212][T11945] iptunnel_xmit+0x85d/0xdc0 [ 351.441830][T11945] ip_tunnel_xmit+0x2c41/0x3320 [ 351.446726][T11945] ipgre_xmit+0xff3/0x1120 [ 351.451167][T11945] ? ipgre_close+0x240/0x240 [ 351.455764][T11945] dev_hard_start_xmit+0x51a/0xab0 [ 351.460896][T11945] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 351.466790][T11945] __dev_queue_xmit+0x35b6/0x4200 [ 351.471843][T11945] dev_queue_xmit+0x4b/0x60 [ 351.476350][T11945] ? netdev_core_pick_tx+0x4d0/0x4d0 [ 351.481635][T11945] packet_sendmsg+0x82d7/0x92e0 [ 351.486508][T11945] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 351.492666][T11945] ? aa_label_sk_perm+0x6d6/0x940 [ 351.497711][T11945] ? kmsan_get_metadata+0x39/0x350 [ 351.502830][T11945] ? kmsan_internal_set_origin+0x6a/0xb0 [ 351.508470][T11945] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 351.514394][T11945] ? aa_sk_perm+0x730/0xaf0 [ 351.519025][T11945] ? compat_packet_setsockopt+0x360/0x360 [ 351.524751][T11945] ___sys_sendmsg+0x14ff/0x1590 [ 351.529690][T11945] ? __fget_light+0x6b1/0x710 [ 351.534389][T11945] __se_sys_sendmsg+0x305/0x460 [ 351.539262][T11945] __x64_sys_sendmsg+0x4a/0x70 [ 351.544073][T11945] do_syscall_64+0xb6/0x160 [ 351.548581][T11945] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 351.554481][T11945] RIP: 0033:0x459ef9 [ 351.558377][T11945] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 351.578065][T11945] RSP: 002b:00007f7d85fdac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 351.586476][T11945] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459ef9 [ 351.594445][T11945] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000005 [ 351.602413][T11945] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 351.610387][T11945] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7d85fdb6d4 [ 351.618355][T11945] R13: 00000000004c8189 R14: 00000000004de178 R15: 00000000ffffffff [ 351.626344][T11945] [ 351.628667][T11945] Uninit was stored to memory at: [ 351.633692][T11945] kmsan_internal_chain_origin+0xbd/0x180 [ 351.639408][T11945] kmsan_memcpy_memmove_metadata+0x25c/0x2e0 [ 351.645385][T11945] kmsan_memcpy_metadata+0xb/0x10 [ 351.650412][T11945] __msan_memcpy+0x56/0x70 [ 351.654829][T11945] __skb_flow_dissect+0x5db5/0x7a40 [ 351.660035][T11945] __skb_get_hash+0x135/0x3f0 [ 351.664729][T11945] ip_tunnel_xmit+0x7e9/0x3320 [ 351.669489][T11945] gre_tap_xmit+0xa73/0xb80 [ 351.673988][T11945] dev_hard_start_xmit+0x51a/0xab0 [ 351.679099][T11945] sch_direct_xmit+0x56c/0x18c0 [ 351.683947][T11945] __dev_queue_xmit+0x212d/0x4200 [ 351.688972][T11945] dev_queue_xmit+0x4b/0x60 [ 351.693475][T11945] br_dev_queue_push_xmit+0x803/0x8b0 [ 351.698846][T11945] __br_forward+0xa60/0xe30 [ 351.703350][T11945] br_flood+0xb4f/0xfe0 [ 351.707505][T11945] br_dev_xmit+0x134f/0x16e0 [ 351.712097][T11945] dev_hard_start_xmit+0x51a/0xab0 [ 351.717204][T11945] __dev_queue_xmit+0x35b6/0x4200 [ 351.722226][T11945] dev_queue_xmit+0x4b/0x60 [ 351.726725][T11945] neigh_resolve_output+0xab7/0xb50 [ 351.731924][T11945] ip_finish_output2+0x1a9c/0x25d0 [ 351.737034][T11945] __ip_finish_output+0xaf8/0xda0 [ 351.742058][T11945] ip_finish_output+0x2db/0x420 [ 351.746935][T11945] ip_output+0x541/0x610 [ 351.751262][T11945] ip_local_out+0x164/0x1d0 [ 351.755769][T11945] iptunnel_xmit+0x85d/0xdc0 [ 351.760384][T11945] ip_tunnel_xmit+0x2c41/0x3320 [ 351.765234][T11945] ipgre_xmit+0xff3/0x1120 [ 351.769653][T11945] dev_hard_start_xmit+0x51a/0xab0 [ 351.774772][T11945] __dev_queue_xmit+0x35b6/0x4200 [ 351.779798][T11945] dev_queue_xmit+0x4b/0x60 [ 351.784300][T11945] packet_sendmsg+0x82d7/0x92e0 [ 351.789148][T11945] ___sys_sendmsg+0x14ff/0x1590 [ 351.794002][T11945] __se_sys_sendmsg+0x305/0x460 [ 351.798850][T11945] __x64_sys_sendmsg+0x4a/0x70 [ 351.803610][T11945] do_syscall_64+0xb6/0x160 [ 351.808110][T11945] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 351.813992][T11945] [ 351.816314][T11945] Uninit was stored to memory at: [ 351.821336][T11945] kmsan_internal_chain_origin+0xbd/0x180 [ 351.827058][T11945] kmsan_memcpy_memmove_metadata+0x25c/0x2e0 [ 351.833041][T11945] kmsan_memcpy_metadata+0xb/0x10 [ 351.838062][T11945] __msan_memcpy+0x56/0x70 [ 351.842477][T11945] pskb_expand_head+0x38a/0x19f0 [ 351.847413][T11945] gre_tap_xmit+0x79c/0xb80 [ 351.851915][T11945] dev_hard_start_xmit+0x51a/0xab0 [ 351.857028][T11945] sch_direct_xmit+0x56c/0x18c0 [ 351.861888][T11945] __dev_queue_xmit+0x212d/0x4200 [ 351.866910][T11945] dev_queue_xmit+0x4b/0x60 [ 351.871410][T11945] br_dev_queue_push_xmit+0x803/0x8b0 [ 351.876780][T11945] __br_forward+0xa60/0xe30 [ 351.881280][T11945] br_flood+0xb4f/0xfe0 [ 351.885433][T11945] br_dev_xmit+0x134f/0x16e0 [ 351.890041][T11945] dev_hard_start_xmit+0x51a/0xab0 [ 351.895152][T11945] __dev_queue_xmit+0x35b6/0x4200 [ 351.900179][T11945] dev_queue_xmit+0x4b/0x60 [ 351.904697][T11945] neigh_resolve_output+0xab7/0xb50 [ 351.909895][T11945] ip_finish_output2+0x1a9c/0x25d0 [ 351.915005][T11945] __ip_finish_output+0xaf8/0xda0 [ 351.920070][T11945] ip_finish_output+0x2db/0x420 [ 351.924920][T11945] ip_output+0x541/0x610 [ 351.929175][T11945] ip_local_out+0x164/0x1d0 [ 351.933675][T11945] iptunnel_xmit+0x85d/0xdc0 [ 351.938263][T11945] ip_tunnel_xmit+0x2c41/0x3320 [ 351.943116][T11945] ipgre_xmit+0xff3/0x1120 [ 351.947532][T11945] dev_hard_start_xmit+0x51a/0xab0 [ 351.952641][T11945] __dev_queue_xmit+0x35b6/0x4200 [ 351.957677][T11945] dev_queue_xmit+0x4b/0x60 [ 351.962185][T11945] packet_sendmsg+0x82d7/0x92e0 [ 351.967057][T11945] ___sys_sendmsg+0x14ff/0x1590 [ 351.971906][T11945] __se_sys_sendmsg+0x305/0x460 [ 351.976756][T11945] __x64_sys_sendmsg+0x4a/0x70 [ 351.981523][T11945] do_syscall_64+0xb6/0x160 [ 351.986030][T11945] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 351.991924][T11945] [ 351.994253][T11945] Uninit was stored to memory at: [ 351.999284][T11945] kmsan_internal_chain_origin+0xbd/0x180 [ 352.004994][T11945] kmsan_memcpy_memmove_metadata+0x25c/0x2e0 [ 352.010966][T11945] kmsan_memcpy_metadata+0xb/0x10 [ 352.015987][T11945] __msan_memcpy+0x56/0x70 [ 352.020389][T11945] pskb_expand_head+0x38a/0x19f0 [ 352.025330][T11945] ip_tunnel_xmit+0x2974/0x3320 [ 352.030175][T11945] ipgre_xmit+0xff3/0x1120 [ 352.034586][T11945] dev_hard_start_xmit+0x51a/0xab0 [ 352.039690][T11945] __dev_queue_xmit+0x35b6/0x4200 [ 352.044704][T11945] dev_queue_xmit+0x4b/0x60 [ 352.049201][T11945] packet_sendmsg+0x82d7/0x92e0 [ 352.054049][T11945] ___sys_sendmsg+0x14ff/0x1590 [ 352.058893][T11945] __se_sys_sendmsg+0x305/0x460 [ 352.063735][T11945] __x64_sys_sendmsg+0x4a/0x70 [ 352.068495][T11945] do_syscall_64+0xb6/0x160 [ 352.072988][T11945] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 352.078861][T11945] [ 352.081172][T11945] Uninit was created at: [ 352.085404][T11945] kmsan_internal_poison_shadow+0x60/0x120 [ 352.091308][T11945] kmsan_slab_alloc+0xaa/0x120 [ 352.096066][T11945] __kmalloc_node_track_caller+0xda2/0x13d0 [ 352.101968][T11945] __alloc_skb+0x306/0xa10 [ 352.106379][T11945] alloc_skb_with_frags+0x18c/0xa80 [ 352.111578][T11945] sock_alloc_send_pskb+0xafd/0x10a0 [ 352.116853][T11945] packet_sendmsg+0x6785/0x92e0 [ 352.121688][T11945] ___sys_sendmsg+0x14ff/0x1590 [ 352.126531][T11945] __se_sys_sendmsg+0x305/0x460 [ 352.131366][T11945] __x64_sys_sendmsg+0x4a/0x70 [ 352.136132][T11945] do_syscall_64+0xb6/0x160 [ 352.142445][T11945] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 352.148501][T11945] ===================================================== [ 352.155413][T11945] Disabling lock debugging due to kernel taint [ 352.161550][T11945] Kernel panic - not syncing: panic_on_warn set ... [ 352.168144][T11945] CPU: 0 PID: 11945 Comm: syz-executor.0 Tainted: G B 5.4.0-rc3+ #0 [ 352.177402][T11945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 352.187441][T11945] Call Trace: [ 352.190726][T11945] dump_stack+0x191/0x1f0 [ 352.195127][T11945] panic+0x3c9/0xc1e [ 352.199037][T11945] kmsan_report+0x215/0x220 [ 352.203539][T11945] __msan_warning+0x73/0xe0 [ 352.208038][T11945] __flow_hash_from_keys+0x572/0x14e0 [ 352.213403][T11945] ? kmsan_internal_set_origin+0x6a/0xb0 [ 352.219117][T11945] __skb_get_hash+0x160/0x3f0 [ 352.223809][T11945] ip_tunnel_xmit+0x7e9/0x3320 [ 352.228587][T11945] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 352.234476][T11945] gre_tap_xmit+0xa73/0xb80 [ 352.238976][T11945] ? gre_tap_init+0x650/0x650 [ 352.243656][T11945] dev_hard_start_xmit+0x51a/0xab0 [ 352.248771][T11945] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 352.254698][T11945] sch_direct_xmit+0x56c/0x18c0 [ 352.259575][T11945] __dev_queue_xmit+0x212d/0x4200 [ 352.264596][T11945] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 352.270505][T11945] dev_queue_xmit+0x4b/0x60 [ 352.275004][T11945] br_dev_queue_push_xmit+0x803/0x8b0 [ 352.280376][T11945] __br_forward+0xa60/0xe30 [ 352.284882][T11945] ? fdb_add_hw_addr+0x510/0x510 [ 352.289809][T11945] br_flood+0xb4f/0xfe0 [ 352.293972][T11945] br_dev_xmit+0x134f/0x16e0 [ 352.298582][T11945] ? br_net_exit+0x230/0x230 [ 352.303160][T11945] dev_hard_start_xmit+0x51a/0xab0 [ 352.308268][T11945] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 352.314168][T11945] __dev_queue_xmit+0x35b6/0x4200 [ 352.319199][T11945] ? llc_sysctl_exit+0x110/0x110 [ 352.324128][T11945] dev_queue_xmit+0x4b/0x60 [ 352.328646][T11945] neigh_resolve_output+0xab7/0xb50 [ 352.333849][T11945] ? neigh_event_ns+0x8a0/0x8a0 [ 352.338689][T11945] ip_finish_output2+0x1a9c/0x25d0 [ 352.343814][T11945] __ip_finish_output+0xaf8/0xda0 [ 352.348844][T11945] ip_finish_output+0x2db/0x420 [ 352.353694][T11945] ip_output+0x541/0x610 [ 352.357936][T11945] ? ip_mc_finish_output+0x6d0/0x6d0 [ 352.363234][T11945] ? ip_finish_output+0x420/0x420 [ 352.368264][T11945] ip_local_out+0x164/0x1d0 [ 352.372766][T11945] iptunnel_xmit+0x85d/0xdc0 [ 352.377382][T11945] ip_tunnel_xmit+0x2c41/0x3320 [ 352.382264][T11945] ipgre_xmit+0xff3/0x1120 [ 352.386680][T11945] ? ipgre_close+0x240/0x240 [ 352.391258][T11945] dev_hard_start_xmit+0x51a/0xab0 [ 352.396376][T11945] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 352.402263][T11945] __dev_queue_xmit+0x35b6/0x4200 [ 352.407312][T11945] dev_queue_xmit+0x4b/0x60 [ 352.411817][T11945] ? netdev_core_pick_tx+0x4d0/0x4d0 [ 352.417105][T11945] packet_sendmsg+0x82d7/0x92e0 [ 352.421950][T11945] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 352.428022][T11945] ? aa_label_sk_perm+0x6d6/0x940 [ 352.433050][T11945] ? kmsan_get_metadata+0x39/0x350 [ 352.438151][T11945] ? kmsan_internal_set_origin+0x6a/0xb0 [ 352.443807][T11945] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 352.449693][T11945] ? aa_sk_perm+0x730/0xaf0 [ 352.454214][T11945] ? compat_packet_setsockopt+0x360/0x360 [ 352.459920][T11945] ___sys_sendmsg+0x14ff/0x1590 [ 352.464801][T11945] ? __fget_light+0x6b1/0x710 [ 352.469477][T11945] __se_sys_sendmsg+0x305/0x460 [ 352.474328][T11945] __x64_sys_sendmsg+0x4a/0x70 [ 352.479094][T11945] do_syscall_64+0xb6/0x160 [ 352.483590][T11945] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 352.489476][T11945] RIP: 0033:0x459ef9 [ 352.493372][T11945] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 352.512976][T11945] RSP: 002b:00007f7d85fdac78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 352.522510][T11945] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459ef9 [ 352.530472][T11945] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000005 [ 352.538428][T11945] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 352.546388][T11945] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7d85fdb6d4 [ 352.554346][T11945] R13: 00000000004c8189 R14: 00000000004de178 R15: 00000000ffffffff [ 352.563842][T11945] Kernel Offset: disabled [ 352.568221][T11945] Rebooting in 86400 seconds..