last executing test programs: 2.683251316s ago: executing program 4: sync() 2.084979951s ago: executing program 2: fstatfs(0xffffffffffffffff, &(0x7f0000000000)) 2.068663863s ago: executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram', 0x800, 0x0) 2.058005335s ago: executing program 2: mlockall(0x0) 2.042375587s ago: executing program 2: syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x800) 2.000106234s ago: executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/adsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/adsp1', 0x800, 0x0) 1.977984457s ago: executing program 2: socket$caif_stream(0x25, 0x1, 0x0) 1.946745542s ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hpet', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hpet', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hpet', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hpet', 0x800, 0x0) 1.824892342s ago: executing program 3: socket$phonet_pipe(0x23, 0x5, 0x2) 1.775333749s ago: executing program 3: rt_sigqueueinfo(0x0, 0x0, &(0x7f0000000000)) 1.605781356s ago: executing program 2: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.588488279s ago: executing program 0: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.409803697s ago: executing program 4: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.407228518s ago: executing program 3: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.088975428s ago: executing program 0: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 845.286007ms ago: executing program 4: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 478.452204ms ago: executing program 0: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 474.303225ms ago: executing program 3: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 188.7618ms ago: executing program 1: syz_open_dev$sndpcmc(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2b, 0x800) 182.080831ms ago: executing program 1: syz_open_dev$usbfs(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x2c, 0x800) 172.862183ms ago: executing program 1: syz_open_dev$sndmidi(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$sndmidi(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$sndmidi(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$sndmidi(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$sndmidi(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$sndmidi(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$sndmidi(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$sndmidi(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$sndmidi(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$sndmidi(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$sndmidi(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$sndmidi(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$sndmidi(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$sndmidi(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$sndmidi(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$sndmidi(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$sndmidi(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$sndmidi(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$sndmidi(&(0x7f0000000500), 0x2c, 0x800) 153.807145ms ago: executing program 1: syz_open_dev$sndpcmc(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2c, 0x800) 104.088324ms ago: executing program 0: syz_open_dev$sndhw(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x29, 0x800) 62.05425ms ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyprintk', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyprintk', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttyprintk', 0x800, 0x0) 60.786871ms ago: executing program 1: syz_open_dev$sndhw(&(0x7f0000000040), 0x2, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x2, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x2, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x2, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xc, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xc, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xc, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xc, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x16, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x16, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x16, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x16, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x20, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x20, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x20, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x20, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x2a, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x2a, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x2a, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x2a, 0x800) 52.185942ms ago: executing program 3: syz_open_dev$sndpcmp(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x29, 0x800) 24.546986ms ago: executing program 0: syz_open_dev$sndhw(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x2b, 0x800) 16.004367ms ago: executing program 1: syz_open_dev$sndpcmp(&(0x7f0000000040), 0x2, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x2, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x2, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x2, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xc, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xc, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xc, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xc, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x16, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x16, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x16, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x16, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x20, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x20, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x20, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x20, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x2a, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x2a, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x2a, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x2a, 0x800) 8.200999ms ago: executing program 4: syz_open_dev$sndhw(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x2c, 0x800) 0s ago: executing program 3: syz_open_dev$sndpcmp(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x2b, 0x800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.51' (ED25519) to the list of known hosts. 1970/01/01 00:00:35 fuzzer started 1970/01/01 00:00:35 dialing manager at 10.128.0.163:30027 [ 36.147631][ T4233] cgroup: Unknown subsys name 'net' [ 36.297730][ T4252] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 36.382694][ T4233] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:00:36 starting 5 executor processes [ 38.619114][ T4657] mmap: syz-executor.1 (4657) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 40.516676][ T179] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.519031][ T179] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.521971][ T4253] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 40.533986][ T4877] chnl_net:caif_netlink_parms(): no params data found [ 40.588125][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.590257][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.596022][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 40.758740][ T4877] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.760616][ T4877] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.763051][ T4877] device bridge_slave_0 entered promiscuous mode [ 40.787472][ T4877] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.801488][ T4877] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.804981][ T4877] device bridge_slave_1 entered promiscuous mode [ 40.835168][ T4877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 40.870744][ T4877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 40.928204][ T4877] team0: Port device team_slave_0 added [ 40.945000][ T4877] team0: Port device team_slave_1 added [ 40.992228][ T4902] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 40.995394][ T4902] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 40.998196][ T4902] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 41.001513][ T4902] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 41.004056][ T4902] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 41.006319][ T4902] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 41.012282][ T4877] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 41.014213][ T4877] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.056368][ T4877] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 41.137162][ T4877] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 41.139018][ T4877] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.156341][ T4877] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 41.347865][ T4877] device hsr_slave_0 entered promiscuous mode [ 41.407058][ T4877] device hsr_slave_1 entered promiscuous mode [ 41.753401][ T4877] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 41.787709][ T4877] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 41.819074][ T4877] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 41.860211][ T4877] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 42.007097][ T4877] 8021q: adding VLAN 0 to HW filter on device bond0 [ 42.015969][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 42.019082][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 42.024703][ T4877] 8021q: adding VLAN 0 to HW filter on device team0 [ 42.032692][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 42.036562][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 42.039367][ T4783] bridge0: port 1(bridge_slave_0) entered blocking state [ 42.041355][ T4783] bridge0: port 1(bridge_slave_0) entered forwarding state [ 42.044562][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 42.066924][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 42.069826][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 42.072248][ T4783] bridge0: port 2(bridge_slave_1) entered blocking state [ 42.074278][ T4783] bridge0: port 2(bridge_slave_1) entered forwarding state [ 42.084345][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 42.088378][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 42.091135][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 42.094019][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 42.109195][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 42.111740][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 42.114567][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 42.121528][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 42.124120][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 42.132527][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 42.135244][ T4783] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 42.138751][ T4877] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 42.189437][ T11] [ 42.190245][ T11] ============================= [ 42.191510][ T11] WARNING: suspicious RCU usage [ 42.192803][ T11] 6.1.95-syzkaller #0 Not tainted [ 42.194223][ T11] ----------------------------- [ 42.195500][ T11] net/netfilter/ipset/ip_set_core.c:1202 suspicious rcu_dereference_protected() usage! [ 42.198059][ T11] [ 42.198059][ T11] other info that might help us debug this: [ 42.198059][ T11] [ 42.200649][ T11] [ 42.200649][ T11] rcu_scheduler_active = 2, debug_locks = 1 [ 42.202689][ T11] 3 locks held by kworker/u4:1/11: [ 42.204016][ T11] #0: ffff0000c0845138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 [ 42.206904][ T11] #1: ffff800019e57c20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 [ 42.209611][ T11] #2: ffff800017e26350 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf4/0x994 [ 42.212036][ T11] [ 42.212036][ T11] stack backtrace: [ 42.213504][ T11] CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.95-syzkaller #0 [ 42.215594][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 42.218233][ T11] Workqueue: netns cleanup_net [ 42.219487][ T11] Call trace: [ 42.220362][ T11] dump_backtrace+0x1c8/0x1f4 [ 42.221530][ T11] show_stack+0x2c/0x3c [ 42.222596][ T11] dump_stack_lvl+0x108/0x170 [ 42.223856][ T11] dump_stack+0x1c/0x5c [ 42.224969][ T11] lockdep_rcu_suspicious+0x260/0x464 [ 42.226371][ T11] _destroy_all_sets+0x21c/0x5a4 [ 42.227609][ T11] ip_set_net_exit+0x28/0x60 [ 42.228798][ T11] cleanup_net+0x564/0x994 [ 42.230004][ T11] process_one_work+0x7ac/0x1404 [ 42.231281][ T11] worker_thread+0x8e4/0xfec [ 42.232510][ T11] kthread+0x250/0x2d8 [ 42.233533][ T11] ret_from_fork+0x10/0x20 1970/01/01 00:00:42 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 42.298784][ T11] [ 42.299539][ T11] ============================= [ 42.300901][ T11] WARNING: suspicious RCU usage [ 42.302145][ T11] 6.1.95-syzkaller #0 Not tainted [ 42.303412][ T11] ----------------------------- [ 42.304646][ T11] net/netfilter/ipset/ip_set_core.c:1213 suspicious rcu_dereference_protected() usage! [ 42.307388][ T11] [ 42.307388][ T11] other info that might help us debug this: [ 42.307388][ T11] [ 42.309987][ T11] [ 42.309987][ T11] rcu_scheduler_active = 2, debug_locks = 1 [ 42.311999][ T11] 3 locks held by kworker/u4:1/11: [ 42.313290][ T11] #0: ffff0000c0845138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 [ 42.316071][ T11] #1: ffff800019e57c20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 [ 42.318533][ T11] #2: ffff800017e26350 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf4/0x994 [ 42.320954][ T11] [ 42.320954][ T11] stack backtrace: [ 42.322438][ T11] CPU: 0 PID: 11 Comm: kworker/u4:1 Not tainted 6.1.95-syzkaller #0 [ 42.324424][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 42.327046][ T11] Workqueue: netns cleanup_net [ 42.328295][ T11] Call trace: [ 42.329126][ T11] dump_backtrace+0x1c8/0x1f4 [ 42.330281][ T11] show_stack+0x2c/0x3c [ 42.331343][ T11] dump_stack_lvl+0x108/0x170 [ 42.332564][ T11] dump_stack+0x1c/0x5c [ 42.333643][ T11] lockdep_rcu_suspicious+0x260/0x464 [ 42.335060][ T11] _destroy_all_sets+0x4f4/0x5a4 [ 42.336369][ T11] ip_set_net_exit+0x28/0x60 [ 42.337561][ T11] cleanup_net+0x564/0x994 [ 42.338683][ T11] process_one_work+0x7ac/0x1404 [ 42.340025][ T11] worker_thread+0x8e4/0xfec [ 42.341321][ T11] kthread+0x250/0x2d8 [ 42.342443][ T11] ret_from_fork+0x10/0x20