[ OK ] Started OpenBSD Secure Shell server. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.1.7' (ECDSA) to the list of known hosts. 2020/05/24 10:18:49 fuzzer started 2020/05/24 10:18:49 dialing manager at 10.128.0.26:34283 2020/05/24 10:18:49 syscalls: 3055 2020/05/24 10:18:49 code coverage: enabled 2020/05/24 10:18:49 comparison tracing: enabled 2020/05/24 10:18:49 extra coverage: enabled 2020/05/24 10:18:49 setuid sandbox: enabled 2020/05/24 10:18:49 namespace sandbox: enabled 2020/05/24 10:18:49 Android sandbox: /sys/fs/selinux/policy does not exist 2020/05/24 10:18:49 fault injection: enabled 2020/05/24 10:18:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/05/24 10:18:49 net packet injection: enabled 2020/05/24 10:18:49 net device setup: enabled 2020/05/24 10:18:49 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/05/24 10:18:49 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/05/24 10:18:49 USB emulation: enabled 10:20:38 executing program 0: syzkaller login: [ 164.853116][ T6802] IPVS: ftp: loaded support on port[0] = 21 10:20:38 executing program 1: [ 165.046226][ T6802] chnl_net:caif_netlink_parms(): no params data found [ 165.199609][ T6802] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.209109][ T6802] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.219848][ T6802] device bridge_slave_0 entered promiscuous mode [ 165.237792][ T6802] bridge0: port 2(bridge_slave_1) entered blocking state 10:20:38 executing program 2: [ 165.248690][ T6922] IPVS: ftp: loaded support on port[0] = 21 [ 165.257551][ T6802] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.270384][ T6802] device bridge_slave_1 entered promiscuous mode [ 165.326736][ T6802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 165.355311][ T6802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 165.417429][ T6802] team0: Port device team_slave_0 added [ 165.437149][ T6802] team0: Port device team_slave_1 added [ 165.522026][ T6802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 165.529802][ T6802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 165.556930][ T6802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 165.589429][ T6982] IPVS: ftp: loaded support on port[0] = 21 [ 165.602748][ T6802] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 165.610931][ T6802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. 10:20:39 executing program 3: [ 165.644861][ T6802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 165.687628][ T6922] chnl_net:caif_netlink_parms(): no params data found [ 165.829362][ T6802] device hsr_slave_0 entered promiscuous mode 10:20:39 executing program 4: [ 165.925811][ T6802] device hsr_slave_1 entered promiscuous mode [ 166.072095][ T7091] IPVS: ftp: loaded support on port[0] = 21 [ 166.266430][ T6922] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.273511][ T6922] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.285910][ T6922] device bridge_slave_0 entered promiscuous mode [ 166.314174][ T6982] chnl_net:caif_netlink_parms(): no params data found [ 166.318542][ T7142] IPVS: ftp: loaded support on port[0] = 21 [ 166.346563][ T6922] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.353631][ T6922] bridge0: port 2(bridge_slave_1) entered disabled state 10:20:40 executing program 5: [ 166.366751][ T6922] device bridge_slave_1 entered promiscuous mode [ 166.484090][ T6922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 166.529251][ T6922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 166.630257][ T7303] IPVS: ftp: loaded support on port[0] = 21 [ 166.706641][ T6922] team0: Port device team_slave_0 added [ 166.743422][ T6982] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.752801][ T6982] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.761172][ T6982] device bridge_slave_0 entered promiscuous mode [ 166.769511][ T6802] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 166.828486][ T7091] chnl_net:caif_netlink_parms(): no params data found [ 166.866419][ T6922] team0: Port device team_slave_1 added [ 166.890306][ T6982] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.899151][ T6982] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.908210][ T6982] device bridge_slave_1 entered promiscuous mode [ 166.931873][ T6802] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 166.992689][ T6802] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 167.040182][ T6802] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 167.101817][ T6982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.119865][ T6982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.151501][ T7142] chnl_net:caif_netlink_parms(): no params data found [ 167.187572][ T6982] team0: Port device team_slave_0 added [ 167.210963][ T6922] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 167.218030][ T6922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.245546][ T6922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 167.273569][ T6982] team0: Port device team_slave_1 added [ 167.290082][ T6922] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 167.297548][ T6922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.324871][ T6922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 167.362669][ T6982] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 167.370631][ T6982] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.396589][ T6982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 167.434540][ T6982] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 167.441871][ T6982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 167.468650][ T6982] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 167.578411][ T6982] device hsr_slave_0 entered promiscuous mode [ 167.627030][ T6982] device hsr_slave_1 entered promiscuous mode [ 167.675468][ T6982] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.683222][ T6982] Cannot create hsr debugfs directory [ 167.708080][ T7091] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.715139][ T7091] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.726704][ T7091] device bridge_slave_0 entered promiscuous mode [ 167.778666][ T6922] device hsr_slave_0 entered promiscuous mode [ 167.806077][ T6922] device hsr_slave_1 entered promiscuous mode [ 167.855466][ T6922] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.863019][ T6922] Cannot create hsr debugfs directory [ 167.910667][ T7091] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.917867][ T7091] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.927198][ T7091] device bridge_slave_1 entered promiscuous mode [ 167.990579][ T7303] chnl_net:caif_netlink_parms(): no params data found [ 168.003654][ T7091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.013520][ T7142] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.022348][ T7142] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.031437][ T7142] device bridge_slave_0 entered promiscuous mode [ 168.042670][ T7142] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.050310][ T7142] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.058853][ T7142] device bridge_slave_1 entered promiscuous mode [ 168.086847][ T7091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.162467][ T7142] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.192798][ T7091] team0: Port device team_slave_0 added [ 168.206493][ T7142] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.230756][ T7091] team0: Port device team_slave_1 added [ 168.324131][ T7091] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.332121][ T7091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.358237][ T7091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.371400][ T7091] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.378434][ T7091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.404763][ T7091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 168.431383][ T7142] team0: Port device team_slave_0 added [ 168.472514][ T7142] team0: Port device team_slave_1 added [ 168.538764][ T7091] device hsr_slave_0 entered promiscuous mode [ 168.606127][ T7091] device hsr_slave_1 entered promiscuous mode [ 168.665554][ T7091] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 168.673133][ T7091] Cannot create hsr debugfs directory [ 168.709342][ T7303] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.717075][ T7303] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.724731][ T7303] device bridge_slave_0 entered promiscuous mode [ 168.746660][ T7303] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.753708][ T7303] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.764156][ T7303] device bridge_slave_1 entered promiscuous mode [ 168.804277][ T7142] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 168.813786][ T7142] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.846202][ T7142] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 168.861206][ T6982] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 168.897659][ T6982] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 168.950055][ T7303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.962635][ T7142] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 168.975309][ T7142] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.001822][ T7142] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.013829][ T6982] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 169.071381][ T6982] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 169.158414][ T7303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.279356][ T7142] device hsr_slave_0 entered promiscuous mode [ 169.327887][ T7142] device hsr_slave_1 entered promiscuous mode [ 169.365598][ T7142] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 169.373134][ T7142] Cannot create hsr debugfs directory [ 169.418718][ T6922] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 169.470441][ T6802] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.480059][ T7303] team0: Port device team_slave_0 added [ 169.501607][ T6922] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 169.543612][ T6922] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 169.616529][ T7303] team0: Port device team_slave_1 added [ 169.644915][ T6922] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 169.738027][ T7303] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.744977][ T7303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.773848][ T7303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.785353][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 169.797775][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 169.831934][ T6802] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.845947][ T7303] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.852891][ T7303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.887223][ T7303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.939182][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 169.957031][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 169.970086][ T2557] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.977244][ T2557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.003332][ T7091] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 170.058624][ T7091] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 170.118093][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 170.178142][ T7303] device hsr_slave_0 entered promiscuous mode [ 170.215926][ T7303] device hsr_slave_1 entered promiscuous mode [ 170.285613][ T7303] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 170.293291][ T7303] Cannot create hsr debugfs directory [ 170.308226][ T7091] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 170.364778][ T7091] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 170.423127][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 170.431870][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.440791][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.447921][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.515048][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 170.525615][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 170.534066][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 170.543635][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.553203][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 170.577943][ T7142] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 170.643681][ T7142] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 170.700818][ T7142] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 170.759320][ T7142] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 170.827334][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 170.836899][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 170.846910][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 170.855094][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 170.894193][ T6802] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 170.916362][ T6802] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 170.927050][ T6982] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.959504][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 170.968434][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 171.027077][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.034780][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.055406][ T6802] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 171.089747][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 171.099039][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 171.127820][ T6982] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.155980][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 171.164535][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 171.174219][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.183526][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.192235][ T2767] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.199331][ T2767] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.208016][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.239731][ T6922] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.273288][ T6802] device veth0_vlan entered promiscuous mode [ 171.306823][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 171.314989][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 171.325792][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.334260][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.344139][ T2587] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.351240][ T2587] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.359840][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 171.367733][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 171.393604][ T6922] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.417934][ T7091] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.434231][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.441921][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.456332][ T6802] device veth1_vlan entered promiscuous mode [ 171.486363][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.495331][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.512245][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.522072][ T2767] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.529192][ T2767] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.540770][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.549727][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 171.561221][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.583271][ T7091] 8021q: adding VLAN 0 to HW filter on device team0 [ 171.606240][ T7303] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 171.672981][ T7303] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 171.727163][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.735082][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.744525][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.754498][ T2587] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.761593][ T2587] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.769881][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.779017][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.787646][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.797205][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.816549][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 171.824339][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 171.834647][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 171.843209][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 171.852109][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 171.861073][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.874815][ T7142] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.882681][ T7303] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 171.943051][ T6982] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 171.960227][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.969159][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 171.980075][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 171.998565][ T7303] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 172.077066][ T6802] device veth0_macvtap entered promiscuous mode [ 172.087702][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 172.096111][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 172.104862][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.113801][ T2557] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.120927][ T2557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.128865][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.138112][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.146877][ T2557] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.153914][ T2557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.162025][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.170707][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.179593][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.190300][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.199096][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.207747][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.215354][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.245717][ T7142] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.262935][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.270838][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.279409][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.288381][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.297409][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.305905][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.314049][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.325319][ T6922] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.346553][ T6802] device veth1_macvtap entered promiscuous mode [ 172.358991][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 172.367932][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 172.381989][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.392861][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.400090][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.418469][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.427110][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.436893][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.461698][ T6802] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 172.485719][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.493488][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.503603][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.518757][ T2557] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.525877][ T2557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.533772][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 172.543018][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 172.575429][ T6802] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 172.588357][ T6982] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.600164][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.608019][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.615506][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 172.627738][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 172.636338][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 172.644778][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 172.700620][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.711005][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.720382][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.730800][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.739669][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.748346][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.757311][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.767069][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.775401][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.784675][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.794890][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.803415][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.816293][ T2557] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.830052][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 172.840747][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 172.855063][ T7142] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 172.868410][ T7142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.891692][ T7091] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.904947][ T6922] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 172.913431][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.922915][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.931849][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 172.940680][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 173.089658][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 173.104961][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 173.112647][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 173.123955][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 173.143636][ T7142] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.212198][ T6982] device veth0_vlan entered promiscuous mode [ 173.245834][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 173.254194][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 173.266922][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 173.276527][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready 10:20:47 executing program 0: syz_mount_image$xfs(&(0x7f0000000180)='xfs\x00', &(0x7f0000000000)='./file0\x00', 0x3fffffc, 0x1, &(0x7f0000000040)=[{&(0x7f0000010000)="584653423700100000000000000010000000000000000000000000000000000034fb8fb9e4bf48b6ad26c597eb4f5c1900000000000000040000000000000d880000000040000d890000000000000d8a000000010000100000000001000000000000035ab424020004000004000000000000000000ec00000c090a02", 0x7c}], 0x0, 0x0) [ 173.308576][ T7091] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.334880][ T6982] device veth1_vlan entered promiscuous mode [ 173.365896][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 173.373878][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 173.393657][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 173.413879][ T7303] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.443352][ T6922] device veth0_vlan entered promiscuous mode [ 173.452317][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 173.462610][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 173.472238][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 173.484956][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 173.506784][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 173.572350][ T6922] device veth1_vlan entered promiscuous mode [ 173.583429][ T17] XFS (loop0): SB sanity check failed [ 173.590310][ T17] XFS (loop0): Metadata corruption detected at xfs_sb_read_verify+0x391/0x480, xfs_sb block 0xffffffffffffffff [ 173.642846][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 173.650875][ T2587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 173.659646][ T17] XFS (loop0): Unmount and run xfs_repair [ 173.665374][ T17] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 173.675599][ T17] 00000000: 58 46 53 42 37 00 10 00 00 00 00 00 00 00 10 00 XFSB7........... [ 173.679018][ T7303] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.684912][ T17] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 173.716133][ T17] 00000020: 34 fb 8f b9 e4 bf 48 b6 ad 26 c5 97 eb 4f 5c 19 4.....H..&...O\. [ 173.724993][ T17] 00000030: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 0d 88 ................ [ 173.733229][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 173.736422][ T17] 00000040: 00 00 00 00 40 00 0d 89 00 00 00 00 00 00 0d 8a ....@........... [ 173.747256][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 173.758034][ T17] 00000050: 00 00 00 01 00 00 10 00 00 00 00 01 00 00 00 00 ................ [ 173.762081][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 173.774390][ T17] 00000060: 00 00 03 5a b4 24 02 00 04 00 00 04 00 00 00 00 ...Z.$.......... [ 173.777140][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 173.786215][ T17] 00000070: 00 00 00 00 00 ec 00 00 0c 09 0a 02 00 00 00 00 ................ [ 173.793812][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 173.809580][ T8062] XFS (loop0): SB validate failed with error -117. [ 173.810927][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 173.841206][ T6982] device veth0_macvtap entered promiscuous mode [ 173.864549][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 173.872736][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.881560][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.891251][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.898400][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.909580][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.918176][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.926811][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.933861][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.941800][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 173.957307][ T6982] device veth1_macvtap entered promiscuous mode [ 173.975177][ T7091] device veth0_vlan entered promiscuous mode [ 174.008944][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 174.020174][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 174.028593][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 174.037199][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 174.045994][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 174.054449][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 174.070347][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 174.083040][ T6922] device veth0_macvtap entered promiscuous mode [ 174.114157][ T7142] device veth0_vlan entered promiscuous mode [ 174.133491][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 174.156729][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 174.177912][ T2767] XFS (loop0): SB sanity check failed [ 174.183619][ T2767] XFS (loop0): Metadata corruption detected at xfs_sb_read_verify+0x391/0x480, xfs_sb block 0xffffffffffffffff [ 174.185469][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 174.203013][ T2767] XFS (loop0): Unmount and run xfs_repair [ 174.203033][ T2767] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 174.203047][ T2767] 00000000: 58 46 53 42 37 00 10 00 00 00 00 00 00 00 10 00 XFSB7........... [ 174.203058][ T2767] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 174.203069][ T2767] 00000020: 34 fb 8f b9 e4 bf 48 b6 ad 26 c5 97 eb 4f 5c 19 4.....H..&...O\. [ 174.203081][ T2767] 00000030: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 0d 88 ................ [ 174.203092][ T2767] 00000040: 00 00 00 00 40 00 0d 89 00 00 00 00 00 00 0d 8a ....@........... [ 174.203103][ T2767] 00000050: 00 00 00 01 00 00 10 00 00 00 00 01 00 00 00 00 ................ [ 174.203114][ T2767] 00000060: 00 00 03 5a b4 24 02 00 04 00 00 04 00 00 00 00 ...Z.$.......... [ 174.203129][ T2767] 00000070: 00 00 00 00 00 ec 00 00 0c 09 0a 02 00 00 00 00 ................ [ 174.256626][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 174.295490][ T8062] XFS (loop0): SB validate failed with error -117. [ 174.333341][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 174.343882][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 174.351746][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 174.367576][ T7091] device veth1_vlan entered promiscuous mode [ 174.389607][ T6922] device veth1_macvtap entered promiscuous mode [ 174.401820][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 174.412225][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 174.423776][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 174.433041][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 174.448173][ T6982] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 174.460748][ T6982] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.472816][ T6982] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 174.497607][ T6922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 174.508363][ T6922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.518692][ T6922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 174.529165][ T6922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.541189][ T6922] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 174.560113][ T7142] device veth1_vlan entered promiscuous mode [ 174.567415][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 174.575392][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 174.589374][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 174.597843][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 174.608480][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 174.618052][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 174.627140][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 174.636257][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready 10:20:48 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000e80)=[{{&(0x7f0000000200)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000340)=""/213, 0xd5}, {&(0x7f0000000180)=""/9, 0x9}, {0x0}, {0x0}, {&(0x7f0000000500)=""/230, 0xe6}, {&(0x7f0000000600)=""/146, 0x92}, {&(0x7f00000006c0)=""/166, 0xa6}, {&(0x7f0000000780)=""/205, 0xcd}], 0x8}, 0x8000}, {{&(0x7f0000000940)=@l2, 0x80, &(0x7f0000000b40)=[{&(0x7f0000000a40)=""/213, 0xd5}], 0x1}}, {{&(0x7f0000000b80)=@in={0x2, 0x0, @remote}, 0x80, 0x0, 0x0, &(0x7f0000000e40)=""/3, 0x3}}], 0x3, 0x40010000, 0x0) r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_TIOCOUTQ(r0, 0x5411, &(0x7f00000001c0)) mmap(&(0x7f000005d000/0x400000)=nil, 0x400000, 0x0, 0x392d6ad36ec2c8b2, 0xffffffffffffffff, 0x0) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, &(0x7f00000000c0)) [ 174.644956][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 174.658199][ T6982] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.670081][ T6982] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.683198][ T6982] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.693032][ T6922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.714524][ T6922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.724569][ T6922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 174.735336][ T6922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.747288][ T6922] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.766255][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 174.788876][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 174.803240][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 174.837037][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 174.846198][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 174.854891][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 174.880150][ T7303] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 174.894174][ T7303] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 174.936571][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 174.945094][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 175.032216][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 175.044793][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 175.054429][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 175.064448][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 175.077179][ T7142] device veth0_macvtap entered promiscuous mode [ 175.090200][ T7091] device veth0_macvtap entered promiscuous mode 10:20:48 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) [ 175.224473][ T7303] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.245387][ T7091] device veth1_macvtap entered promiscuous mode [ 175.264960][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready 10:20:49 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) [ 175.283143][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 175.304562][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 175.313139][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 175.320892][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 175.392611][ T7142] device veth1_macvtap entered promiscuous mode 10:20:49 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) [ 175.463503][ T7091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 10:20:49 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x1, 0x0) keyctl$invalidate(0x15, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/vlan/config\x00') preadv(r0, &(0x7f00000017c0), 0x33d, 0x4000) getegid() [ 175.505862][ T7091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.532538][ T7091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 10:20:49 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) [ 175.563088][ T7091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.580249][ T7091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 175.604641][ C0] hrtimer: interrupt took 61509 ns [ 175.653977][ T7091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 10:20:49 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') dup(r1) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) [ 175.726440][ T7091] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 175.821625][ T7142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 175.846372][ T7142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 10:20:49 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000004e00)={&(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ff4000/0x2000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0, r0}, 0x68) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='oom_score_adj\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x0) add_key$keyring(0x0, &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) add_key(0x0, 0x0, 0x0, 0x0, 0x0) [ 175.884281][ T7142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 175.901837][ T7142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.912481][ T7142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 175.923336][ T7142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.936324][ T7142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 175.948309][ T7142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.961691][ T7142] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 175.983666][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 176.003882][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 176.044271][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 176.062660][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 176.086813][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 176.099218][ T7091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 176.118711][ T7091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.155814][ T7091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 176.174999][ T7091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.185658][ T7091] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 176.196855][ T7091] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.209266][ T7091] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 176.222499][ T7142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 176.235414][ T7142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.246665][ T7142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 176.257497][ T7142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.267374][ T7142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 176.277859][ T7142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.287782][ T7142] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 176.298596][ T7142] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 176.310313][ T7142] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 176.330826][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 176.339526][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 176.349369][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 176.358246][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 176.383799][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 176.393213][ T2767] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 176.586278][ T7303] device veth0_vlan entered promiscuous mode [ 176.597941][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 176.609908][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 176.620826][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 176.630324][ T7991] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 176.798632][ T7303] device veth1_vlan entered promiscuous mode 10:20:50 executing program 3: 10:20:50 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') prctl$PR_SET_PTRACER(0x59616d61, 0x0) sendfile(r0, r1, &(0x7f0000000040)=0x100060, 0xa808) socket$nl_route(0x10, 0x3, 0x0) [ 176.917522][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 176.925641][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 176.954787][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 176.973648][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 176.993143][ T7303] device veth0_macvtap entered promiscuous mode [ 177.013682][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 177.027678][ T7303] device veth1_macvtap entered promiscuous mode [ 177.075604][ T7303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 177.089257][ T7303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.109683][ T7303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 177.142006][ T7303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.176325][ T7303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 177.196354][ T7303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.207250][ T7303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 177.218803][ T7303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.230672][ T7303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 177.243842][ T7303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.269225][ T7303] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 177.287909][ T2477] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 177.298064][ T2477] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 177.311554][ T7303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 177.327938][ T7303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.339656][ T7303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 177.352079][ T7303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.362326][ T7303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 177.373294][ T7303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.383190][ T7303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 177.393665][ T7303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.403579][ T7303] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 177.414040][ T7303] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 177.426248][ T7303] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 177.441868][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 177.450983][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 10:20:51 executing program 5: 10:20:51 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') dup(r1) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:20:51 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000004e00)={&(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ff4000/0x2000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0, r0}, 0x68) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='oom_score_adj\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x0) add_key$keyring(0x0, &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) add_key(0x0, 0x0, 0x0, 0x0, 0x0) 10:20:51 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000004e00)={&(0x7f0000ff4000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ff4000/0x2000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff6000/0x2000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, 0x0, r0}, 0x68) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='oom_score_adj\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x0) ioctl$TCGETA(0xffffffffffffffff, 0x5405, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) 10:20:51 executing program 3: 10:20:51 executing program 1: 10:20:51 executing program 3: 10:20:51 executing program 1: 10:20:51 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') dup(r1) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:20:51 executing program 5: 10:20:51 executing program 2: 10:20:51 executing program 4: 10:20:51 executing program 3: 10:20:51 executing program 1: 10:20:51 executing program 5: 10:20:51 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:20:51 executing program 2: 10:20:51 executing program 4: 10:20:51 executing program 5: 10:20:51 executing program 3: 10:20:51 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:20:51 executing program 1: 10:20:51 executing program 4: 10:20:51 executing program 2: 10:20:51 executing program 5: 10:20:51 executing program 1: 10:20:51 executing program 3: 10:20:51 executing program 2: 10:20:51 executing program 4: 10:20:52 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:20:52 executing program 5: 10:20:52 executing program 3: 10:20:52 executing program 2: 10:20:52 executing program 1: 10:20:52 executing program 4: 10:20:52 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = dup(0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:20:52 executing program 5: 10:20:52 executing program 1: 10:20:52 executing program 3: 10:20:52 executing program 2: 10:20:52 executing program 4: 10:20:52 executing program 5: 10:20:52 executing program 2: 10:20:52 executing program 1: 10:20:52 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = dup(0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:20:52 executing program 3: 10:20:52 executing program 4: 10:20:52 executing program 5: 10:20:52 executing program 2: 10:20:52 executing program 1: 10:20:52 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = dup(0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:20:52 executing program 3: 10:20:52 executing program 4: 10:20:52 executing program 2: 10:20:52 executing program 5: 10:20:52 executing program 1: 10:20:52 executing program 3: 10:20:52 executing program 4: 10:20:52 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:20:52 executing program 2: 10:20:52 executing program 5: 10:20:52 executing program 1: 10:20:52 executing program 3: 10:20:52 executing program 4: 10:20:52 executing program 1: r0 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x88880, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @dev}, 0x1c) sendto$inet6(r0, &(0x7f00000009c0), 0x0, 0xc001, 0x0, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000000), 0x4) 10:20:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) mlock2(&(0x7f0000ff6000/0x3000)=nil, 0x3000, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10:20:52 executing program 2: clone(0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)="d353ff022d68b2e4dc14aad700003faf95c90bc6") 10:20:52 executing program 4: eventfd2(0xeae, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$unix(0x1, 0x1, 0x0) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x1000000c8) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000380)={0x0, 0x0}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) read$FUSE(r4, &(0x7f0000000200), 0x1000) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x1, 0x0, 0x0, 0x1}, 0x0) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x9}, 0x0, &(0x7f0000000140)={0x1b8}, &(0x7f0000000080)={0x0, r3+30000000}, 0x0) 10:20:53 executing program 3: openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x1) r1 = dup(0xffffffffffffffff) getsockname$packet(r1, 0x0, 0x0) setsockopt$packet_rx_ring(r1, 0x107, 0x5, 0x0, 0x0) ioctl$EVIOCGVERSION(r1, 0x80044501, &(0x7f0000000480)=""/240) lseek(r0, 0xfffffffffffffffc, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000640)=""/172, &(0x7f0000000200)=0xac) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000002900)='/dev/null\x00', 0x80002, 0x0) preadv(r2, &(0x7f0000002700)=[{0x0}, {&(0x7f0000002600)=""/204, 0xcc}], 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) creat(0x0, 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) r4 = dup(r3) syz_open_pts(0xffffffffffffffff, 0x0) r5 = fspick(0xffffffffffffffff, &(0x7f0000000000)='./bus\x00', 0x0) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r5) setsockopt$inet6_tcp_int(r3, 0x6, 0x12, &(0x7f0000000280)=0x7f, 0x4) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x80000006, @loopback}, 0x1c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = fcntl$dupfd(r6, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r9 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r9, 0x2007fff) sendfile(r4, r9, 0x0, 0x8000fffffffe) [ 179.331599][ T8231] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 179.371537][ T8234] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 10:20:53 executing program 2: prctl$PR_SET_UNALIGN(0x6, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004870000000000000bc700000000000009500faff000000008aa1210b29017b83c8e96e6405f7e93dba4d64b5030b3388b0409a814343f1ae341b74efa745a12f5c0685e5261482e31e0cacc902c97e6145201b062261ef48004d26342c94f56a39359ba56724e4535d80ffbd6848d53382c262869ba15d8f0c2211a2b975eb4a9d08501c56ab5aa00000c5d197e50ff28b4a3b05489d1d1245cb774879b0871dd61703eefe87ff070000000000008cca1a363b2b28add653658171122dc01e0a77d7c44b009fdac91fc827f5797532750d4d4639f11089feb3f25b4695c6dac2cabfa04e2c16fa741bbf5528a601b5934b867f39f7d776ac00a413949b4455b7c6c678de4d9740cfdff6169c664b55ce550fa4e686ae169d9f7abbeb08e02799374ae0091858bdf144d8c7dcec5e43a0e8099e5431"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0xc) r0 = creat(&(0x7f0000000280)='./file0\x00', 0xf1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000400)) sendmmsg(0xffffffffffffffff, &(0x7f0000002cc0), 0x1a3, 0xa201000000000000) r1 = getpgid(0xffffffffffffffff) ptrace$cont(0x1f, r1, 0xbc, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) [ 179.449028][ T8240] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 179.805614][ T27] audit: type=1804 audit(1590315653.474:2): pid=8247 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir853162036/syzkaller.Og4fuv/13/bus" dev="sda1" ino=15767 res=1 [ 179.892534][ T27] audit: type=1800 audit(1590315653.514:3): pid=8240 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="sda1" ino=15767 res=0 [ 179.944725][ T27] audit: type=1800 audit(1590315653.514:4): pid=8247 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="sda1" ino=15767 res=0 10:21:01 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:21:01 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="2800000010005fba000000c90000000000000000", @ANYRES32=0x0, @ANYBLOB="030002000000000008001b"], 0x28}}, 0x0) write$tun(r0, &(0x7f00000003c0)={@void, @val, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0x15, 0x0, 0x0, 0x0, 0x0, {[@fastopen={0x22, 0x12, "e5d61db8004162faf82d04acc67f89ff"}, @md5sig={0x13, 0x12, "68ea8cbde246674c545488ae0cd25cd0"}, @exp_fastopen={0xfe, 0xd, 0xf989, "589837238856452a6d"}, @generic={0x0, 0xc, "03bd1e014b68850edf7d"}]}}}}}}, 0x72) 10:21:01 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004870000000000000bc700000000000009500faff000000008aa1210b29017b83c8e96e6405f7e93dba4d64b5030b3388b0409a814343f1ae341b74efa745a12f5c0685e5261482e31e0cacc902c97e6145201b062261ef48004d26342c94f56a39359ba56724e4535d80ffbd6848d53382c262869ba15d8f0c2211a2b975eb4a9d08501c56ab5aa00000c5d197e50ff28b4a3b05489d1d1245cb774879b0871dd61703eefe87ff070000000000008cca1a363b2b28add653658171122dc01e0a77d7c44b009fdac91fc827f5797532750d4d4639f11089feb3f25b4695c6dac2cabfa04e2c16fa741bbf5528a601b5934b867f39f7d776ac00a413949b4455b7c6c678de4d9740cfdff6169c664b55ce550fa4e686ae169d9f7abbeb08e02799374ae0091858bdf144d8c7dcec5e43a0e8099e543116b1b7d144b56145cca4798344d82de45f0c1b7d041db040fd77779123b32d14bc1c3d"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0xc) r0 = creat(&(0x7f0000000280)='./file0\x00', 0xf1) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000400)) sendmmsg(0xffffffffffffffff, &(0x7f0000002cc0), 0x1a3, 0x0) getpgid(0xffffffffffffffff) dup2(0xffffffffffffffff, 0xffffffffffffffff) 10:21:01 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x40000000002, 0x3, 0x80000000002) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000140)='bridge_slave_0\x00', 0xf) sendto$unix(r2, 0x0, 0x0, 0x0, &(0x7f0000000200)=@abs={0x0, 0x0, 0x10000e0}, 0x6e) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x541b, &(0x7f0000000100)) 10:21:01 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/packet\x00') preadv(r0, &(0x7f00000003c0)=[{&(0x7f00000000c0)=""/166, 0xa6}], 0x1, 0x0) ioctl$TCSETSF(0xffffffffffffffff, 0x5412, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "98cc8ffac2d9798000"}) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000200000002000000004000007a40000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4810, 0x0) 10:21:01 executing program 4: openat$kvm(0xffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd(0x0) ioctl$KVM_IOEVENTFD(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, r2}) r3 = socket$unix(0x1, 0x2, 0x0) r4 = socket$inet(0x2, 0xa, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x0, 0x0, 0x0, r2}) dup2(r0, r1) [ 188.113910][ T8274] raw_sendmsg: syz-executor.3 forgot to set AF_INET. Fix it! 10:21:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001000050700000000f3ff000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c0002800800090002"], 0x3c}}, 0x0) [ 188.181665][ T8278] EXT4-fs (loop2): Can't read superblock on 2nd try [ 188.229341][ T8290] syz-executor.4 uses obsolete (PF_INET,SOCK_PACKET) 10:21:01 executing program 3: [ 188.272290][ T8279] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 188.282063][ T8279] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 10:21:02 executing program 2: [ 188.347073][ T8279] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 10:21:02 executing program 3: 10:21:02 executing program 2: 10:21:02 executing program 5: 10:21:10 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:21:10 executing program 3: 10:21:10 executing program 2: 10:21:10 executing program 5: 10:21:10 executing program 1: 10:21:10 executing program 4: openat$kvm(0xffffff9c, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd(0x0) ioctl$KVM_IOEVENTFD(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, r2}) r3 = socket$unix(0x1, 0x2, 0x0) r4 = socket$inet(0x2, 0xa, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x0, 0x0, 0x0, r2}) dup2(r0, r1) 10:21:10 executing program 3: 10:21:10 executing program 2: 10:21:10 executing program 5: 10:21:10 executing program 1: 10:21:10 executing program 3: 10:21:10 executing program 2: 10:21:19 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:21:19 executing program 5: socket$kcm(0x11, 0xa, 0x300) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.stat\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000, 0x1ff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f00000004c0)={0x2, 0x70, 0xf9, 0xb, 0x0, 0x5, 0x0, 0x9, 0x40, 0xd, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x8}, 0x0, 0x0, 0x206, 0x0, 0x4, 0x5, 0x800}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x0, 0x6, 0x4, 0x0, 0x0, 0x6, 0x0, 0xb, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xd751, 0x0, @perf_bp={0x0, 0x2}, 0x4000, 0x3, 0xfffffffe, 0x5, 0x4, 0x7, 0x6}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) sendmsg$tipc(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000240)="6279db5cb287c9d93709ed493536faa1a931256411e265aaf39a5ee71ff921cfb897a61d253f330a58c4839b", 0x2c}, {&(0x7f00000003c0)="2307f4ded55b745654cadab5c293da745643ef213151318013ef1d9ec1a0e84bf00d406537e9db034c087a846ea89e7392eaf6981df769a648da2cab9b26fc7213efe5fd53edd3d85fc09e884508f504b33e8d668292f3599dce39d3e4a772d9c92e9c7807570c872f433a0ca15a2c4094330ae03bb4e1d9c96042489cb77aa8b252b7684ce421c255ec10207ffdb07bf1f8310d42d59686cc08019479609b011d7a7f776291f62d9ec81413eacad296f248d1c4697cd7d792daf87a4a7e3465c3136711bb59ace840ae0c2ddcb4a533f2c9802b199c92af525ac8844e0d5be25a95b3933de47740c017c80c3517cb2ae8af5cc9c58bd92df197d1", 0xfb}, {&(0x7f0000000540)="6935974857bafb96bf8b67f7003a4f61845bd1a3ea916f8934e806bc000b5cd82e525617d0e69c45fe13f4664d6e2d0bd48751b275dbe3e87bbaf04bbd14b688e201dd38fba08e65a722ba49cb4e1b81f17b8a5c2308b04212341d46f17e987f704c8af3eb49ec9a656c9b8429588435426e3a935f63d9a4784f85dd6dce5690964da68f9528a3a991bab8ba1274023a9aab146a86698282f05ab2358495983cbd41794a31166636ad0ed3809530c1636995253bd2544502dc9003026ad608e73a3b60358d4b5f21bf0a7ee713c05fa3c73d353b9f98a0386d32f7b6c57a86ff", 0xe0}], 0x3, &(0x7f00000002c0)="0822bdbb5d49f7682ed933c823b277b86a53390bc806adbf75d24a7004c1453b0fe2e108e56247e829982e4d25465f5c598f2ae5f79ea9aad97537017e3d52733e7f71740bec00efab3d0dd6fe5bb4d0f32d98230ed84afd5396a46306763083d8daecc64d25", 0x66, 0x80}, 0x814) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x18) close(r2) r3 = perf_event_open(&(0x7f0000000100)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r3, 0x4008240b, &(0x7f0000000080)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}}) r4 = gettid() ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r4, 0xffffffffffffffff, 0x0, 0xc, &(0x7f0000000100)='keyringeth1\x00'}, 0x30) perf_event_open(0x0, 0x0, 0x4, 0xffffffffffffffff, 0x8) r5 = perf_event_open$cgroup(&(0x7f0000000700)={0x0, 0x70, 0x81, 0x5, 0xca, 0xcc, 0x0, 0x5, 0x80, 0x6, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0xed93, 0x4, @perf_config_ext={0x4f33, 0x7fffffff}, 0x800, 0x8, 0x9, 0x0, 0x3, 0x1, 0x1ff}, r0, 0x4, 0xffffffffffffffff, 0xe) perf_event_open(&(0x7f0000000680)={0x4, 0x70, 0x4c, 0x7f, 0x81, 0x9, 0x0, 0x200, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400, 0x0, @perf_config_ext={0xb9d, 0x6}, 0x8, 0x10001, 0x8, 0x3, 0x5, 0x8001, 0x7ff}, 0x0, 0x4, r5, 0x0) 10:21:19 executing program 1: socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x26e1, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="2e00000010008188040f80ecdb4cb9cca7480e0001000000e3bd6efb440009000e00040010000000028000001201", 0x2e}], 0x1}, 0x0) r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x1) r3 = socket$kcm(0x2c, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r') write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="7b00be827c38"], 0x6) openat$cgroup(0xffffffffffffffff, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) close(r2) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="2d70696473202b637075202d72646d6120eadb7c1549b737bb24eff41c06fa80d3f19044e3edc71994f1b72e28e7df144f1a69d4b92db8b11f54dce5fe2394127a8d324210be9fc458503a5f66023844a5c72125621ebd5bf7688fe8d1d5f06b40bb3514f3894fad11332bdef67da6d61ea0dd35824c5fdcd8df310bd241a4d0ccd5cfb58995092b23bf95a07d75f0e22e1bf3f2228756ab56c385a2828cea2e3cdb65d40db12328f6684d29222abca113644a1b0e4610302e4adf0b2280601708e69a0f1c9b797a71c2"], 0x11) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, 0x0) gettid() perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='eth0\\6\\vmnet1vmnet1\x00'}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f00000004c0)='lo\x00\x96o8\x14d\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00y.\xfc*_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xbaUn\x04\'%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7f\r\xb2\xcf\x8a\xc9(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\r\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0-\x96\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc50xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x2, 0x3, 0x100000001) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @local}, 0x79) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) sendto(r2, &(0x7f0000000600)="0400", 0x2, 0x8806, 0x0, 0x0) 10:21:19 executing program 4: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$inet(0x2, 0x3, 0x5) setsockopt$inet_msfilter(r6, 0x0, 0x8, &(0x7f00000001c0)=ANY=[@ANYBLOB="d3"], 0x1) getsockopt$inet_pktinfo(r6, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) bind$packet(r5, &(0x7f0000000080)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @multicast}, 0x14) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r4, 0x0, 0x10003, 0x0) 10:21:20 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x2) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:21:20 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f00000005c0)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r4 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f0000000040)='./bus\x00', 0x14107e, 0x0) write$binfmt_aout(r5, &(0x7f0000000300)=ANY=[], 0x81) sendfile(r5, r5, &(0x7f00000001c0), 0x8080fffffffe) 10:21:20 executing program 5: socket$kcm(0x11, 0xa, 0x300) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.stat\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000, 0x1ff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f00000004c0)={0x2, 0x70, 0xf9, 0xb, 0x0, 0x5, 0x0, 0x9, 0x40, 0xd, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x8}, 0x0, 0x0, 0x206, 0x0, 0x4, 0x5, 0x800}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000340)={0x5, 0x70, 0x0, 0x6, 0x4, 0x0, 0x0, 0x6, 0x0, 0xb, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xd751, 0x0, @perf_bp={0x0, 0x2}, 0x4000, 0x3, 0xfffffffe, 0x5, 0x4, 0x7, 0x6}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) sendmsg$tipc(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000240)="6279db5cb287c9d93709ed493536faa1a931256411e265aaf39a5ee71ff921cfb897a61d253f330a58c4839b", 0x2c}, {&(0x7f00000003c0)="2307f4ded55b745654cadab5c293da745643ef213151318013ef1d9ec1a0e84bf00d406537e9db034c087a846ea89e7392eaf6981df769a648da2cab9b26fc7213efe5fd53edd3d85fc09e884508f504b33e8d668292f3599dce39d3e4a772d9c92e9c7807570c872f433a0ca15a2c4094330ae03bb4e1d9c96042489cb77aa8b252b7684ce421c255ec10207ffdb07bf1f8310d42d59686cc08019479609b011d7a7f776291f62d9ec81413eacad296f248d1c4697cd7d792daf87a4a7e3465c3136711bb59ace840ae0c2ddcb4a533f2c9802b199c92af525ac8844e0d5be25a95b3933de47740c017c80c3517cb2ae8af5cc9c58bd92df197d1", 0xfb}, {&(0x7f0000000540)="6935974857bafb96bf8b67f7003a4f61845bd1a3ea916f8934e806bc000b5cd82e525617d0e69c45fe13f4664d6e2d0bd48751b275dbe3e87bbaf04bbd14b688e201dd38fba08e65a722ba49cb4e1b81f17b8a5c2308b04212341d46f17e987f704c8af3eb49ec9a656c9b8429588435426e3a935f63d9a4784f85dd6dce5690964da68f9528a3a991bab8ba1274023a9aab146a86698282f05ab2358495983cbd41794a31166636ad0ed3809530c1636995253bd2544502dc9003026ad608e73a3b60358d4b5f21bf0a7ee713c05fa3c73d353b9f98a0386d32f7b6c57a86ff", 0xe0}], 0x3, &(0x7f00000002c0)="0822bdbb5d49f7682ed933c823b277b86a53390bc806adbf75d24a7004c1453b0fe2e108e56247e829982e4d25465f5c598f2ae5f79ea9aad97537017e3d52733e7f71740bec00efab3d0dd6fe5bb4d0f32d98230ed84afd5396a46306763083d8daecc64d25", 0x66, 0x80}, 0x814) r2 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x5, 0xffffffffffffffff, 0x18) close(r2) r3 = perf_event_open(&(0x7f0000000100)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r3, 0x4008240b, &(0x7f0000000080)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x8}}) r4 = gettid() ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r4, 0xffffffffffffffff, 0x0, 0xc, &(0x7f0000000100)='keyringeth1\x00'}, 0x30) perf_event_open(0x0, 0x0, 0x4, 0xffffffffffffffff, 0x8) r5 = perf_event_open$cgroup(&(0x7f0000000700)={0x0, 0x70, 0x81, 0x5, 0xca, 0xcc, 0x0, 0x5, 0x80, 0x6, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0xed93, 0x4, @perf_config_ext={0x4f33, 0x7fffffff}, 0x800, 0x8, 0x9, 0x0, 0x3, 0x1, 0x1ff}, r0, 0x4, 0xffffffffffffffff, 0xe) perf_event_open(&(0x7f0000000680)={0x4, 0x70, 0x4c, 0x7f, 0x81, 0x9, 0x0, 0x200, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400, 0x0, @perf_config_ext={0xb9d, 0x6}, 0x8, 0x10001, 0x8, 0x3, 0x5, 0x8001, 0x7ff}, 0x0, 0x4, r5, 0x0) 10:21:20 executing program 1: socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x26e1, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="2e00000010008188040f80ecdb4cb9cca7480e0001000000e3bd6efb440009000e00040010000000028000001201", 0x2e}], 0x1}, 0x0) r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x1) r3 = socket$kcm(0x2c, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r') write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="7b00be827c38"], 0x6) openat$cgroup(0xffffffffffffffff, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0) close(r2) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="2d70696473202b637075202d72646d6120eadb7c1549b737bb24eff41c06fa80d3f19044e3edc71994f1b72e28e7df144f1a69d4b92db8b11f54dce5fe2394127a8d324210be9fc458503a5f66023844a5c72125621ebd5bf7688fe8d1d5f06b40bb3514f3894fad11332bdef67da6d61ea0dd35824c5fdcd8df310bd241a4d0ccd5cfb58995092b23bf95a07d75f0e22e1bf3f2228756ab56c385a2828cea2e3cdb65d40db12328f6684d29222abca113644a1b0e4610302e4adf0b2280601708e69a0f1c9b797a71c2"], 0x11) ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, 0x0) gettid() perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='eth0\\6\\vmnet1vmnet1\x00'}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f00000004c0)='lo\x00\x96o8\x14d\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\xff\xe6\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\xb7l\xed}\xe5\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2ak\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x01\x00\x00\x00\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xd5s2\x9cVF\xd5\x18\xfe\x0f\x8f \x01\x00\x00y.\xfc*_\xa5\xe1\xf6\x8aj\xca\xf8m\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\rh^J-\xd1\xbaUn\x04\'%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7f\r\xb2\xcf\x8a\xc9(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8b\xc4\xb9\xd9\xe7\xf2\xe4\xc1i\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\r\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1\xa8\xd4\xe6K0\xe1\xa3TS\x18\xe6x\x1f%P\x9fU)\x83E\n\x90M\r.\x85gn_\xb2\xe9\x8a\x1c\xe3\x93\xd8\xbc\xb6N\xc3\xe1\xafh\xa0iF\xdcq\xf9\x17\xd9i\x844E\x1a\x13\x9a\xe6\xd3\xab:PM\xfbe\xfe9\xd9\x94\x1dx\xd6\x03b\xf7\x10N\xd1\x93\rU\x7fy\x18tE\xf1*\x9a0-\x96\xdc{\x13\xf6\xb7\xf7\xe6=\x9cD\x108\x8eS\xa0\xd0\xa7\tn\xd9\xae\xc0\x18~x[\x85Y\xb2\x82w\x150\x97\xba\xe6\xca\xb1\xa3\x02\x14^\xbdZ\xae\xf5/\xcf\xb8\xea8Uw\x92`\"2\x81j\xbb\x87+\x89\xc50xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x280000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup3(r4, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) close(r1) 10:21:20 executing program 0: ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:21:20 executing program 4: setfsgid(0xffffffffffffffff) 10:21:20 executing program 0: ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:21:20 executing program 4: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x458, 0x5013, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x49, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1dc}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="0010b803"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f00000000c0)='/dev/usb/hiddev#\x00', 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$HIDIOCGREPORT(r1, 0xd01c4813, &(0x7f0000000000)={0x1, 0x100}) 10:21:20 executing program 5: r0 = socket$kcm(0x2b, 0x1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xc, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x1a001000050}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x7}, @exit]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) setsockopt$sock_attach_bpf(r0, 0x6, 0x12, &(0x7f0000000200)=r1, 0x4) 10:21:20 executing program 0: ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r1 = dup(r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) [ 207.175938][ T8462] FAT-fs (loop3): bogus number of FAT sectors [ 207.182425][ T8462] FAT-fs (loop3): Can't find a valid FAT filesystem 10:21:21 executing program 5: r0 = socket$kcm(0x2b, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ID(0xffffffffffffffff, 0x80082407, &(0x7f0000000700)) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, 0x0) r1 = gettid() r2 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x615, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="850000000800000027000000000000009500000000000000a579753dec29fe276240f076750753bc7b952ab5ad939c40c5f89f8b5c13a24800a26b3c68cea54994e702d609331ab3c70aa6b030ed69efddccea3e793e8287051d4f5fef499e2a4ce758601229b94574e7825441222e81748b4eb0cb0d14e64fae87345734e09cc6d847ef6943a143669ef5fc545ab7ffef72fd2ca305f386142d7835f213e7ff0b00001731859eba975dc99d62456cc766be4825548e085c7866d7ac33165a2178a5c647457a8713e7b70a85bbdb078320eafa48d43c96aebc3da20d188f590ec28e549e8e3d4fe60c9fea00000000000100019efc0060c9e1263ca5507f633b5b0402ffa95acb51428785ae09fdae241f51f7ff22745696f1ffe2ca9ed226213275a566ae3f64fb2dfe777d16832bbb703ea39868fcf0fe11894d2c876e4809a16ce03ba31d2e344151341d1008ae03265f8f99ae15d9b711f4b6746dce6ec1ce34d2e2d5241435b5ddc91e9e99ad6b9cbe55e294f5b1e5dc8f1c7bdd3cf375c0b30ce6ba07ce35f90f0c589bc98d678d7e258d5d57b7bf93c179f26cdac5fe771e6ae67da6e2df4a560436fa3cb7598f923c7316bb7c31f8e867734a5a66f0465d7183fc05c0d804ac719fa87f64cd637deb88254e9ded8cb00c1276b1aaffb3cf86fb92efc51802cdd76a73fd639edea01662abbc567a9db53997aa9abd409b5cb990ea1bc76127057ad3ae000000000000000000000000000000000000000000444e477613181b1c6fb1f9c3cb0f5b0a187994d25c55dd04442f2f739ce0b3e4377f3d9887cdf898a4463717a1cf4c5d83e93d581b815950e21279f8bcb5167247a398754a1493639f275c5d6c6ea752b63551125eda435ba90cae00e1383f43a77508c2cd9fb2636db3abed6453179e3ca03bd3a3dbc4b61dbbfce11ce2d9dbeb6844a88348197292379d22fb6ea97a4f73ff53d3697cad93d588172c99700fc4f2983edf5d8bb2ec6dc0cc319881b43b7a8a1d1f872d0000000000ddad9444a6f712c20fd0d908c376316a7b26cbaad28bc703c9492f01de1f5d2093213aa1354e783b15f627834d840c6738f8b16b80cc0b0582a3aa02553979e47bdf3716228c4ff4676997286042b43c6cb7e2a01a16ae5757072574afadf6962a40ed57025b5a3897db7f94e8d5ba14fd018c5b302942916cf7314e3c9a00a378771ee3c704a3947879f4ea1f031cd8432a27bc2cb985d55dc9dda125e9f200"/907], &(0x7f0000000000)='GPL\x00', 0x5, 0xfd39, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r1, 0xffffffffffffffff, 0x0, 0x12, &(0x7f0000000040)='!:^%securitywlan1\x00'}, 0x30) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpu.stat\x00', 0x0, 0x0) ioctl$TUNSETTXFILTER(r4, 0x400454d1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x4030582a, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={r1, 0xffffffffffffffff, 0x0, 0x4, &(0x7f00000001c0)='GPL\x00'}, 0x30) openat$tun(0xffffffffffffff9c, 0x0, 0x399480, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x89e2, &(0x7f0000000040)={r0}) 10:21:21 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) [ 207.547435][ T5] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 207.817457][ T5] usb 5-1: Using ep0 maxpacket: 16 10:21:21 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x2, 0x11) r1 = socket$kcm(0x11, 0x0, 0x300) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sendmsg$sock(r2, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0)=[@mark={{0x14, 0x1, 0x24, 0x8001}}, @txtime={{0x18}}, @txtime={{0x18, 0x1, 0x3d, 0xc7}}, @mark={{0x14, 0x1, 0x24, 0x10001}}, @mark={{0x14, 0x1, 0x24, 0x1f}}], 0x78}, 0x40000) recvmsg$kcm(r1, 0x0, 0x0) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000080)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xc0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0, &(0x7f0000000340)={0x8, 0x2}, 0x0, 0x0, &(0x7f0000000380)={0x5, 0x0, 0x0, 0x1000003}, &(0x7f0000000900)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x4, 0x0, &(0x7f00000001c0), &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1e, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x8, 0x5}, 0x8, 0x10, &(0x7f00000002c0)={0x4, 0x1, 0xb4}, 0x10, r3}, 0x78) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)={0x0, r4, 0x1}, 0x10) r5 = openat$cgroup_ro(r4, &(0x7f00000000c0)='cpuset.memory_pressure\x00', 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xc, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x1a001000050}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x7}, @exit]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r6, 0xc0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r6, 0xc0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xa, 0x1, &(0x7f0000000040)=@raw=[@alu={0x7, 0x1, 0x8, 0x8, 0xb, 0xffffffffffffffe0, 0x8}], &(0x7f0000000080)='syzkaller\x00', 0x7, 0x72, &(0x7f0000000300)=""/114, 0x3bfee755cc65183c, 0x8, [], 0x0, 0x1, r5, 0x8, &(0x7f0000000380)={0x7, 0x1}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0x10, 0xb47f, 0xffffffff}, 0x10}, 0x78) 10:21:21 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)="1400000052008102a00f80854a36b8ab959916fb", 0x14}], 0x1}, 0x0) recvmsg$kcm(r0, &(0x7f0000001b40)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(r0, &(0x7f0000001d80)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) recvmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) 10:21:21 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x280000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup3(r4, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) close(r1) 10:21:21 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:21:21 executing program 5: r0 = socket$kcm(0x29, 0x2, 0x0) close(r0) r1 = socket$kcm(0xa, 0x5, 0x0) sendmsg(r1, &(0x7f0000000400)={&(0x7f0000000140)=@in6={0xa, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [], @dev}}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000000)="be", 0x1}], 0x1}, 0x60) close(r0) 10:21:21 executing program 5: socket$kcm(0x10, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg$kcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000005600)=""/102380, 0x18fec}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)="2e000000120081aee4050cecff0e00fa378b25db4cb904e473730e55cff26d1b0e001d00090000005e510befccd7", 0x2e}], 0x1, 0x0, 0x0, 0x88a8ffff00000000}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) recvmsg(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 10:21:21 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$FS_IOC_FIEMAP(r0, 0x5451, 0x0) [ 207.937677][ T5] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 73, using maximum allowed: 30 [ 207.965569][ T5] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 208.027666][ T5] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 208.098098][ T5] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 73 [ 208.121799][ T8504] netlink: 'syz-executor.5': attribute type 29 has an invalid length. [ 208.157891][ T5] usb 5-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 208.168874][ T8504] netlink: 'syz-executor.5': attribute type 29 has an invalid length. [ 208.176942][ T5] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.205993][ T5] usb 5-1: config 0 descriptor?? [ 208.211526][ T8499] netlink: 'syz-executor.5': attribute type 29 has an invalid length. [ 208.228701][ T8506] netlink: 'syz-executor.5': attribute type 29 has an invalid length. [ 208.750641][ T5] input: HID 0458:5013 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5013.0001/input/input5 [ 208.768205][ T5] input: HID 0458:5013 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5013.0001/input/input6 [ 208.876385][ T5] kye 0003:0458:5013.0001: input,hiddev96,hidraw0: USB HID v0.00 Device [HID 0458:5013] on usb-dummy_hcd.4-1/input0 [ 209.907846][ C1] kye 0003:0458:5013.0001: usb_submit_urb(ctrl) failed: -1 [ 210.837523][ T5] usb 5-1: reset high-speed USB device number 2 using dummy_hcd [ 211.097501][ T5] usb 5-1: Using ep0 maxpacket: 16 10:21:25 executing program 1: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$TCSETAF(r0, 0x5450, 0x0) 10:21:25 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x2) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:21:25 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x8903, &(0x7f00000000c0)={0x1, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) 10:21:25 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x2, 0x11) r1 = socket$kcm(0x11, 0x0, 0x300) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sendmsg$sock(r2, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0)=[@mark={{0x14, 0x1, 0x24, 0x8001}}, @txtime={{0x18}}, @txtime={{0x18, 0x1, 0x3d, 0xc7}}, @mark={{0x14, 0x1, 0x24, 0x10001}}, @mark={{0x14, 0x1, 0x24, 0x1f}}], 0x78}, 0x40000) recvmsg$kcm(r1, 0x0, 0x0) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000080)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xc0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0, &(0x7f0000000340)={0x8, 0x2}, 0x0, 0x0, &(0x7f0000000380)={0x5, 0x0, 0x0, 0x1000003}, &(0x7f0000000900)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x4, 0x0, &(0x7f00000001c0), &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1e, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x8, 0x5}, 0x8, 0x10, &(0x7f00000002c0)={0x4, 0x1, 0xb4}, 0x10, r3}, 0x78) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)={0x0, r4, 0x1}, 0x10) r5 = openat$cgroup_ro(r4, &(0x7f00000000c0)='cpuset.memory_pressure\x00', 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xc, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x1a001000050}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x7}, @exit]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r6, 0xc0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r6, 0xc0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xa, 0x1, &(0x7f0000000040)=@raw=[@alu={0x7, 0x1, 0x8, 0x8, 0xb, 0xffffffffffffffe0, 0x8}], &(0x7f0000000080)='syzkaller\x00', 0x7, 0x72, &(0x7f0000000300)=""/114, 0x3bfee755cc65183c, 0x8, [], 0x0, 0x1, r5, 0x8, &(0x7f0000000380)={0x7, 0x1}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0x10, 0xb47f, 0xffffffff}, 0x10}, 0x78) 10:21:25 executing program 5: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0xa, 0x2, 0x11) r1 = socket$kcm(0x11, 0x0, 0x300) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sendmsg$sock(r2, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0)=[@mark={{0x14, 0x1, 0x24, 0x8001}}, @txtime={{0x18}}, @txtime={{0x18, 0x1, 0x3d, 0xc7}}, @mark={{0x14, 0x1, 0x24, 0x10001}}, @mark={{0x14, 0x1, 0x24, 0x1f}}], 0x78}, 0x40000) recvmsg$kcm(r1, 0x0, 0x0) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000080)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xc0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300), 0x0, 0x0, 0x0, &(0x7f0000000340)={0x8, 0x2}, 0x0, 0x0, &(0x7f0000000380)={0x5, 0x0, 0x0, 0x1000003}, &(0x7f0000000900)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x4, 0x0, &(0x7f00000001c0), &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1e, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x8, 0x5}, 0x8, 0x10, &(0x7f00000002c0)={0x4, 0x1, 0xb4}, 0x10, r3}, 0x78) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)={0x0, r4, 0x1}, 0x10) r5 = openat$cgroup_ro(r4, &(0x7f00000000c0)='cpuset.memory_pressure\x00', 0x0, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xc, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x1a001000050}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x7}, @exit]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r6, 0xc0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r6, 0xc0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xa, 0x1, &(0x7f0000000040)=@raw=[@alu={0x7, 0x1, 0x8, 0x8, 0xb, 0xffffffffffffffe0, 0x8}], &(0x7f0000000080)='syzkaller\x00', 0x7, 0x72, &(0x7f0000000300)=""/114, 0x3bfee755cc65183c, 0x8, [], 0x0, 0x1, r5, 0x8, &(0x7f0000000380)={0x7, 0x1}, 0x8, 0x10, &(0x7f00000003c0)={0x5, 0x10, 0xb47f, 0xffffffff}, 0x10}, 0x78) 10:21:25 executing program 4: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x458, 0x5013, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x49, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1dc}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="0010b803"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f00000000c0)='/dev/usb/hiddev#\x00', 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$HIDIOCGREPORT(r1, 0xd01c4813, &(0x7f0000000000)={0x1, 0x100}) [ 211.334929][ T2477] usb 5-1: USB disconnect, device number 2 [ 211.359668][ T5] ================================================================== [ 211.368022][ T5] BUG: KASAN: use-after-free in __mutex_lock+0x1033/0x13c0 [ 211.375213][ T5] Read of size 8 at addr ffff8880a8bb6150 by task kworker/0:0/5 [ 211.382831][ T5] [ 211.385268][ T5] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.7.0-rc6-next-20200522-syzkaller #0 [ 211.394542][ T5] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.404688][ T5] Workqueue: events __usb_queue_reset_device [ 211.410661][ T5] Call Trace: [ 211.413951][ T5] dump_stack+0x18f/0x20d [ 211.418283][ T5] ? __mutex_lock+0x1033/0x13c0 [ 211.423131][ T5] ? __mutex_lock+0x1033/0x13c0 [ 211.428019][ T5] print_address_description.constprop.0.cold+0xd3/0x413 10:21:25 executing program 2: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x458, 0x5013, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x49, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1dc}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="0010b803"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f00000000c0)='/dev/usb/hiddev#\x00', 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$hiddev(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$HIDIOCGREPORT(r1, 0xd01c4813, &(0x7f0000000000)={0x1, 0x100}) 10:21:25 executing program 1: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x5421, &(0x7f0000000180)={'veth0_to_bond\x00', {0x2, 0x0, @loopback}}) [ 211.435124][ T5] ? cdev_device_del+0x69/0x80 [ 211.439886][ T5] ? mousedev_destroy+0x20/0xa0 [ 211.444747][ T5] ? __input_unregister_device+0x1b0/0x430 [ 211.450554][ T5] ? input_unregister_device+0xb4/0xf0 [ 211.456122][ T5] ? hidinput_disconnect+0x15e/0x3d0 [ 211.461409][ T5] ? vprintk_func+0x97/0x1a6 [ 211.466001][ T5] ? __mutex_lock+0x1033/0x13c0 [ 211.470860][ T5] kasan_report.cold+0x1f/0x37 [ 211.475653][ T5] ? __mutex_lock+0x1033/0x13c0 [ 211.480508][ T5] __mutex_lock+0x1033/0x13c0 [ 211.485189][ T5] ? mousedev_cleanup+0x21/0x180 [ 211.490125][ T5] ? print_usage_bug+0x240/0x240 [ 211.495062][ T5] ? trace_hardirqs_off+0x50/0x220 [ 211.500172][ T5] ? mutex_trylock+0x2c0/0x2c0 [ 211.504937][ T5] ? mark_held_locks+0x9f/0xe0 [ 211.509717][ T5] ? kfree+0x1eb/0x2b0 [ 211.513790][ T5] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 211.519780][ T5] ? kfree_const+0x51/0x60 [ 211.524207][ T5] ? mousedev_cleanup+0x21/0x180 [ 211.529251][ T5] mousedev_cleanup+0x21/0x180 [ 211.534037][ T5] mousedev_destroy+0x28/0xa0 [ 211.538720][ T5] __input_unregister_device+0x1b0/0x430 [ 211.544358][ T5] input_unregister_device+0xb4/0xf0 [ 211.549645][ T5] hidinput_disconnect+0x15e/0x3d0 [ 211.554760][ T5] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 211.560308][ T5] hid_disconnect+0x13f/0x1a0 [ 211.564994][ T5] hid_device_remove+0x186/0x240 [ 211.569938][ T5] ? hid_compare_device_paths+0xc0/0xc0 [ 211.575480][ T5] device_release_driver_internal+0x231/0x500 [ 211.581550][ T5] bus_remove_device+0x2dc/0x4a0 [ 211.586584][ T5] device_del+0x481/0xd30 [ 211.590925][ T5] ? device_link_add_missing_supplier_links+0x370/0x370 [ 211.597861][ T5] ? mark_held_locks+0x9f/0xe0 [ 211.602628][ T5] ? _raw_spin_unlock_irq+0x1f/0x80 [ 211.607933][ T5] hid_destroy_device+0xe1/0x150 [ 211.612874][ T5] usbhid_disconnect+0x9f/0xe0 [ 211.617644][ T5] usb_unbind_interface+0x1bd/0x8a0 [ 211.622947][ T5] ? __pm_runtime_idle+0xd1/0x320 [ 211.627971][ T5] ? usb_autoresume_device+0x60/0x60 [ 211.633260][ T5] device_release_driver_internal+0x432/0x500 [ 211.639323][ T5] usb_driver_release_interface+0x102/0x180 [ 211.645198][ T5] unbind_marked_interfaces.isra.0+0x170/0x1f0 [ 211.651340][ T5] usb_unbind_and_rebind_marked_interfaces+0x34/0x70 [ 211.657994][ T5] usb_reset_device+0x739/0x8d0 [ 211.662835][ T5] __usb_queue_reset_device+0x68/0x90 [ 211.668189][ T5] process_one_work+0x965/0x16a0 [ 211.673113][ T5] ? lock_release+0x800/0x800 [ 211.677772][ T5] ? pwq_dec_nr_in_flight+0x310/0x310 [ 211.683128][ T5] ? rwlock_bug.part.0+0x90/0x90 [ 211.688054][ T5] worker_thread+0x96/0xe20 [ 211.692557][ T5] ? process_one_work+0x16a0/0x16a0 [ 211.697765][ T5] kthread+0x3b5/0x4a0 [ 211.701904][ T5] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 211.707603][ T5] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 211.713408][ T5] ret_from_fork+0x24/0x30 [ 211.717809][ T5] [ 211.720117][ T5] Allocated by task 5: [ 211.724169][ T5] save_stack+0x1b/0x40 [ 211.728303][ T5] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 211.733925][ T5] kmem_cache_alloc_trace+0x153/0x7d0 [ 211.739276][ T5] mousedev_create+0x90/0xa20 [ 211.743931][ T5] mousedev_connect+0x20/0x280 [ 211.748684][ T5] input_attach_handler+0x194/0x200 [ 211.753863][ T5] input_register_device.cold+0xf5/0x246 [ 211.759565][ T5] hidinput_connect+0x4f8f/0xdb30 [ 211.764580][ T5] hid_connect+0x96b/0xbc0 [ 211.768975][ T5] hid_hw_start+0xa2/0x130 [ 211.773368][ T5] kye_probe+0x44/0x536 [ 211.777502][ T5] hid_device_probe+0x2be/0x3f0 [ 211.782328][ T5] really_probe+0x281/0x6d0 [ 211.786910][ T5] driver_probe_device+0xfe/0x1d0 [ 211.791913][ T5] __device_attach_driver+0x1c2/0x220 [ 211.797266][ T5] bus_for_each_drv+0x162/0x1e0 [ 211.802113][ T5] __device_attach+0x21a/0x360 [ 211.806858][ T5] bus_probe_device+0x1e4/0x290 [ 211.811689][ T5] device_add+0xaf1/0x1900 [ 211.816099][ T5] hid_add_device+0x33c/0x9a0 [ 211.820859][ T5] usbhid_probe+0xac8/0xff0 [ 211.825345][ T5] usb_probe_interface+0x305/0x7a0 [ 211.830435][ T5] really_probe+0x281/0x6d0 [ 211.834932][ T5] driver_probe_device+0xfe/0x1d0 [ 211.839936][ T5] __device_attach_driver+0x1c2/0x220 [ 211.845291][ T5] bus_for_each_drv+0x162/0x1e0 [ 211.850120][ T5] __device_attach+0x21a/0x360 [ 211.854864][ T5] bus_probe_device+0x1e4/0x290 [ 211.859697][ T5] device_add+0xaf1/0x1900 [ 211.864108][ T5] usb_set_configuration+0xec5/0x1740 [ 211.869473][ T5] usb_generic_driver_probe+0x9d/0xe0 [ 211.874825][ T5] usb_probe_device+0xc6/0x1f0 [ 211.879567][ T5] really_probe+0x281/0x6d0 [ 211.884052][ T5] driver_probe_device+0xfe/0x1d0 [ 211.889057][ T5] __device_attach_driver+0x1c2/0x220 [ 211.894405][ T5] bus_for_each_drv+0x162/0x1e0 [ 211.899233][ T5] __device_attach+0x21a/0x360 [ 211.903971][ T5] bus_probe_device+0x1e4/0x290 [ 211.908799][ T5] device_add+0xaf1/0x1900 [ 211.913195][ T5] usb_new_device.cold+0x753/0x103d [ 211.918370][ T5] hub_event+0x1eca/0x38f0 [ 211.922766][ T5] process_one_work+0x965/0x16a0 [ 211.927682][ T5] worker_thread+0x96/0xe20 [ 211.932160][ T5] kthread+0x3b5/0x4a0 [ 211.936205][ T5] ret_from_fork+0x24/0x30 [ 211.940594][ T5] [ 211.942900][ T5] Freed by task 5: [ 211.946608][ T5] save_stack+0x1b/0x40 [ 211.950742][ T5] __kasan_slab_free+0xf7/0x140 [ 211.955571][ T5] kfree+0x109/0x2b0 [ 211.959443][ T5] device_release+0x71/0x200 [ 211.964011][ T5] kobject_put+0x1c8/0x2f0 [ 211.968409][ T5] cdev_device_del+0x69/0x80 [ 211.972974][ T5] mousedev_destroy+0x20/0xa0 [ 211.977629][ T5] __input_unregister_device+0x1b0/0x430 [ 211.983344][ T5] input_unregister_device+0xb4/0xf0 [ 211.988608][ T5] hidinput_disconnect+0x15e/0x3d0 [ 211.993695][ T5] hid_disconnect+0x13f/0x1a0 [ 211.998361][ T5] hid_device_remove+0x186/0x240 [ 212.003274][ T5] device_release_driver_internal+0x231/0x500 [ 212.009314][ T5] bus_remove_device+0x2dc/0x4a0 [ 212.014228][ T5] device_del+0x481/0xd30 [ 212.018538][ T5] hid_destroy_device+0xe1/0x150 [ 212.023468][ T5] usbhid_disconnect+0x9f/0xe0 [ 212.028248][ T5] usb_unbind_interface+0x1bd/0x8a0 [ 212.033422][ T5] device_release_driver_internal+0x432/0x500 [ 212.039465][ T5] usb_driver_release_interface+0x102/0x180 [ 212.045336][ T5] unbind_marked_interfaces.isra.0+0x170/0x1f0 [ 212.051468][ T5] usb_unbind_and_rebind_marked_interfaces+0x34/0x70 [ 212.058209][ T5] usb_reset_device+0x739/0x8d0 [ 212.063052][ T5] __usb_queue_reset_device+0x68/0x90 [ 212.068402][ T5] process_one_work+0x965/0x16a0 [ 212.073314][ T5] worker_thread+0x96/0xe20 [ 212.077796][ T5] kthread+0x3b5/0x4a0 [ 212.081845][ T5] ret_from_fork+0x24/0x30 [ 212.086234][ T5] [ 212.088546][ T5] The buggy address belongs to the object at ffff8880a8bb6000 [ 212.088546][ T5] which belongs to the cache kmalloc-2k of size 2048 [ 212.102575][ T5] The buggy address is located 336 bytes inside of [ 212.102575][ T5] 2048-byte region [ffff8880a8bb6000, ffff8880a8bb6800) [ 212.115917][ T5] The buggy address belongs to the page: [ 212.121545][ T5] page:ffffea0002a2ed80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 212.130624][ T5] flags: 0xfffe0000000200(slab) [ 212.135454][ T5] raw: 00fffe0000000200 ffffea0002a5d048 ffffea0002a0c048 ffff8880aa000e00 [ 212.144020][ T5] raw: 0000000000000000 ffff8880a8bb6000 0000000100000001 0000000000000000 [ 212.152574][ T5] page dumped because: kasan: bad access detected [ 212.158974][ T5] [ 212.161279][ T5] Memory state around the buggy address: [ 212.166887][ T5] ffff8880a8bb6000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 212.174926][ T5] ffff8880a8bb6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 212.182963][ T5] >ffff8880a8bb6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 212.190999][ T5] ^ [ 212.197648][ T5] ffff8880a8bb6180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 212.205687][ T5] ffff8880a8bb6200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 212.213736][ T5] ================================================================== [ 212.221768][ T5] Disabling lock debugging due to kernel taint 10:21:25 executing program 0: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'}) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="49000000290200000400000000000000029007784ee20000000000000005000000000000000607002e2f6669"], 0x49) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') r2 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000100)={0x0, 0x0, 0x1, 'queue1\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4) 10:21:25 executing program 1: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x5450, 0x0) [ 212.262452][ T5] Kernel panic - not syncing: panic_on_warn set ... [ 212.269067][ T5] CPU: 0 PID: 5 Comm: kworker/0:0 Tainted: G B 5.7.0-rc6-next-20200522-syzkaller #0 [ 212.279721][ T5] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.289777][ T5] Workqueue: events __usb_queue_reset_device [ 212.295742][ T5] Call Trace: [ 212.299024][ T5] dump_stack+0x18f/0x20d [ 212.303348][ T5] ? __mutex_lock+0xf50/0x13c0 [ 212.308105][ T5] panic+0x2e3/0x75c [ 212.312003][ T5] ? __warn_printk+0xf3/0xf3 [ 212.316592][ T5] ? preempt_schedule_common+0x5e/0xc0 [ 212.322043][ T5] ? __mutex_lock+0x1033/0x13c0 [ 212.326886][ T5] ? __mutex_lock+0x1033/0x13c0 [ 212.331733][ T5] ? preempt_schedule_thunk+0x16/0x18 [ 212.337100][ T5] ? trace_hardirqs_on+0x55/0x230 [ 212.342119][ T5] ? __mutex_lock+0x1033/0x13c0 [ 212.346960][ T5] ? __mutex_lock+0x1033/0x13c0 [ 212.351807][ T5] end_report+0x4d/0x53 [ 212.356047][ T5] kasan_report.cold+0xd/0x37 [ 212.360716][ T5] ? __mutex_lock+0x1033/0x13c0 [ 212.365558][ T5] __mutex_lock+0x1033/0x13c0 [ 212.370231][ T5] ? mousedev_cleanup+0x21/0x180 [ 212.375160][ T5] ? print_usage_bug+0x240/0x240 [ 212.380088][ T5] ? trace_hardirqs_off+0x50/0x220 [ 212.385189][ T5] ? mutex_trylock+0x2c0/0x2c0 [ 212.389947][ T5] ? mark_held_locks+0x9f/0xe0 [ 212.394704][ T5] ? kfree+0x1eb/0x2b0 [ 212.398768][ T5] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 212.404743][ T5] ? kfree_const+0x51/0x60 [ 212.409156][ T5] ? mousedev_cleanup+0x21/0x180 [ 212.414086][ T5] mousedev_cleanup+0x21/0x180 [ 212.418842][ T5] mousedev_destroy+0x28/0xa0 [ 212.423520][ T5] __input_unregister_device+0x1b0/0x430 [ 212.429146][ T5] input_unregister_device+0xb4/0xf0 [ 212.434425][ T5] hidinput_disconnect+0x15e/0x3d0 [ 212.439650][ T5] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 212.445187][ T5] hid_disconnect+0x13f/0x1a0 [ 212.449857][ T5] hid_device_remove+0x186/0x240 [ 212.454792][ T5] ? hid_compare_device_paths+0xc0/0xc0 [ 212.460327][ T5] device_release_driver_internal+0x231/0x500 [ 212.466385][ T5] bus_remove_device+0x2dc/0x4a0 [ 212.471316][ T5] device_del+0x481/0xd30 [ 212.475639][ T5] ? device_link_add_missing_supplier_links+0x370/0x370 [ 212.482565][ T5] ? mark_held_locks+0x9f/0xe0 [ 212.487322][ T5] ? _raw_spin_unlock_irq+0x1f/0x80 [ 212.492514][ T5] hid_destroy_device+0xe1/0x150 [ 212.497469][ T5] usbhid_disconnect+0x9f/0xe0 [ 212.502230][ T5] usb_unbind_interface+0x1bd/0x8a0 [ 212.507427][ T5] ? __pm_runtime_idle+0xd1/0x320 10:21:26 executing program 1: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x5450, 0x0) [ 212.512454][ T5] ? usb_autoresume_device+0x60/0x60 [ 212.517731][ T5] device_release_driver_internal+0x432/0x500 [ 212.523793][ T5] usb_driver_release_interface+0x102/0x180 [ 212.529685][ T5] unbind_marked_interfaces.isra.0+0x170/0x1f0 [ 212.535836][ T5] usb_unbind_and_rebind_marked_interfaces+0x34/0x70 [ 212.542506][ T5] usb_reset_device+0x739/0x8d0 [ 212.547353][ T5] __usb_queue_reset_device+0x68/0x90 [ 212.552718][ T5] process_one_work+0x965/0x16a0 [ 212.557647][ T5] ? lock_release+0x800/0x800 [ 212.562312][ T5] ? pwq_dec_nr_in_flight+0x310/0x310 [ 212.567679][ T5] ? rwlock_bug.part.0+0x90/0x90 [ 212.572615][ T5] worker_thread+0x96/0xe20 [ 212.577113][ T5] ? process_one_work+0x16a0/0x16a0 [ 212.582304][ T5] kthread+0x3b5/0x4a0 [ 212.586363][ T5] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 212.592070][ T5] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 212.597782][ T5] ret_from_fork+0x24/0x30 [ 212.603239][ T5] Kernel Offset: disabled [ 212.607559][ T5] Rebooting in 86400 seconds..