Warning: Permanently added '[localhost]:42600' (ECDSA) to the list of known hosts. 2020/10/14 07:38:05 fuzzer started 2020/10/14 07:38:05 dialing manager at 10.0.2.10:39043 2020/10/14 07:38:05 syscalls: 3440 2020/10/14 07:38:05 code coverage: enabled 2020/10/14 07:38:05 comparison tracing: enabled 2020/10/14 07:38:05 extra coverage: enabled 2020/10/14 07:38:05 setuid sandbox: enabled 2020/10/14 07:38:05 namespace sandbox: enabled 2020/10/14 07:38:05 Android sandbox: /sys/fs/selinux/policy does not exist 2020/10/14 07:38:05 fault injection: enabled 2020/10/14 07:38:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/10/14 07:38:05 net packet injection: enabled 2020/10/14 07:38:05 net device setup: enabled 2020/10/14 07:38:05 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/10/14 07:38:05 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/10/14 07:38:05 USB emulation: enabled 2020/10/14 07:38:05 hci packet injection: enabled 2020/10/14 07:38:05 wifi device emulation: enabled 07:39:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x10}, [@ldst={0x2, 0x0, 0x3}]}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48) 07:39:36 executing program 1: syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x6, &(0x7f0000000000)={r2, @in6={{0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000240)=0x9c) 07:39:37 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f00000061c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000a240)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000c280)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000e2c0)={0x2020}, 0x2020) 07:39:37 executing program 3: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x1d, 0x0, 0x1}, {}]}) syzkaller login: [ 232.667294][ T8912] IPVS: ftp: loaded support on port[0] = 21 [ 232.667322][ T8910] IPVS: ftp: loaded support on port[0] = 21 [ 232.899268][ T8914] IPVS: ftp: loaded support on port[0] = 21 [ 233.194677][ T8910] chnl_net:caif_netlink_parms(): no params data found [ 233.270276][ T8915] IPVS: ftp: loaded support on port[0] = 21 [ 233.273784][ T8912] chnl_net:caif_netlink_parms(): no params data found [ 233.479444][ T8910] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.493034][ T8910] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.511137][ T8910] device bridge_slave_0 entered promiscuous mode [ 233.534313][ T8914] chnl_net:caif_netlink_parms(): no params data found [ 233.568641][ T8910] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.577448][ T8910] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.588056][ T8910] device bridge_slave_1 entered promiscuous mode [ 233.629425][ T8912] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.665200][ T8912] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.696848][ T8912] device bridge_slave_0 entered promiscuous mode [ 233.729632][ T8912] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.767331][ T8912] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.817659][ T8912] device bridge_slave_1 entered promiscuous mode [ 233.871331][ T8910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.123663][ T8910] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.183357][ T8912] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.201820][ T8912] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 234.219934][ T8910] team0: Port device team_slave_0 added [ 234.307900][ T8910] team0: Port device team_slave_1 added [ 234.351879][ T8915] chnl_net:caif_netlink_parms(): no params data found [ 234.394547][ T8912] team0: Port device team_slave_0 added [ 234.406931][ T8910] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 234.423699][ T8910] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.470852][ T8910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 234.492815][ T18] Bluetooth: hci1: command 0x0409 tx timeout [ 234.524505][ T8910] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 234.540904][ T8910] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 234.570444][ T18] Bluetooth: hci0: command 0x0409 tx timeout [ 234.593595][ T8910] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 234.642980][ T8914] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.659539][ T8914] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.674158][ T8914] device bridge_slave_0 entered promiscuous mode [ 234.689001][ T8912] team0: Port device team_slave_1 added [ 234.725764][ T8914] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.755006][ T8914] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.791020][ T8914] device bridge_slave_1 entered promiscuous mode [ 234.878270][ T8914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 234.976976][ T23] Bluetooth: hci2: command 0x0409 tx timeout [ 235.041414][ T8912] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 235.087839][ T8912] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.154831][ T18] Bluetooth: hci3: command 0x0409 tx timeout [ 235.160197][ T8912] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 235.219718][ T8914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 235.249804][ T8910] device hsr_slave_0 entered promiscuous mode [ 235.262612][ T8910] device hsr_slave_1 entered promiscuous mode [ 235.284090][ T8912] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 235.298043][ T8912] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.345664][ T8912] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 235.434915][ T8914] team0: Port device team_slave_0 added [ 235.447617][ T8914] team0: Port device team_slave_1 added [ 235.469253][ T8915] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.478938][ T8915] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.491221][ T8915] device bridge_slave_0 entered promiscuous mode [ 235.523970][ T8912] device hsr_slave_0 entered promiscuous mode [ 235.543585][ T8912] device hsr_slave_1 entered promiscuous mode [ 235.575855][ T8912] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 235.612107][ T8912] Cannot create hsr debugfs directory [ 235.636717][ T8915] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.648903][ T8915] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.662513][ T8915] device bridge_slave_1 entered promiscuous mode [ 235.694061][ T8914] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 235.710895][ T8914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.741308][ T8914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 235.758453][ T8914] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 235.767372][ T8914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 235.803109][ T8914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 235.865236][ T8915] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 235.905910][ T8914] device hsr_slave_0 entered promiscuous mode [ 235.915077][ T8914] device hsr_slave_1 entered promiscuous mode [ 235.925908][ T8914] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 235.938519][ T8914] Cannot create hsr debugfs directory [ 235.954497][ T8915] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 236.049044][ T8915] team0: Port device team_slave_0 added [ 236.068436][ T8915] team0: Port device team_slave_1 added [ 236.204684][ T8915] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 236.218707][ T8915] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 236.267020][ T8915] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 236.299737][ T8915] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 236.313024][ T8915] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 236.343989][ T8915] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 236.447355][ T8915] device hsr_slave_0 entered promiscuous mode [ 236.464665][ T8915] device hsr_slave_1 entered promiscuous mode [ 236.474957][ T8915] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 236.497499][ T8915] Cannot create hsr debugfs directory [ 236.532181][ T8910] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 236.568741][ T8910] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 236.570609][ T18] Bluetooth: hci1: command 0x041b tx timeout [ 236.595169][ T8910] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 236.615034][ T8910] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 236.668138][ T18] Bluetooth: hci0: command 0x041b tx timeout [ 236.710308][ T8912] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 236.748118][ T8912] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 236.761229][ T8912] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 236.773335][ T8912] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 236.818426][ T8914] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 236.854816][ T8914] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 236.892798][ T8914] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 236.938547][ T8915] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 236.957494][ T8914] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 237.010447][ T8915] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 237.028687][ T8915] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 237.045088][ T8915] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 237.055701][ T1241] Bluetooth: hci2: command 0x041b tx timeout [ 237.200670][ T8910] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.211599][ T18] Bluetooth: hci3: command 0x041b tx timeout [ 237.239420][ T8910] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.248198][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.256912][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 237.286043][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.298494][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.308026][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.318440][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.351204][ T1241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.361989][ T1241] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 237.371444][ T1241] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.382767][ T1241] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.393108][ T1241] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.405325][ T1241] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 237.415528][ T1241] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 237.426453][ T1241] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.436334][ T1241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.450151][ T1241] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.463293][ T1241] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.480693][ T1241] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 237.504723][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 237.514941][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 237.548725][ T8912] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.571756][ T8910] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 237.590299][ T8910] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 237.601513][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 237.618844][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 237.662187][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.672745][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 237.694752][ T8912] 8021q: adding VLAN 0 to HW filter on device team0 [ 237.723079][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.747401][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.759618][ T2900] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.768476][ T2900] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.784851][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.804125][ T8915] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.819364][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 237.834772][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.846924][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.858147][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.882214][ T8910] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 237.891861][ T8944] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 237.903165][ T8944] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 237.924900][ T8944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 237.946038][ T8914] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.967923][ T8945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.979802][ T8945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 237.989339][ T8945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 237.999421][ T8945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 238.011110][ T8945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.022126][ T8945] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 238.038896][ T8915] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.066217][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 238.078212][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.088487][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 238.101429][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 238.127180][ T8946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 238.138009][ T8946] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 238.149196][ T8946] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.158311][ T8946] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.168465][ T8946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 238.177536][ T8946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 238.191132][ T8946] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 238.207805][ T8914] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.222851][ T8912] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 238.239517][ T8912] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 238.258723][ T2794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 238.273297][ T2794] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 238.282821][ T2794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.295489][ T2794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.310625][ T2794] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.326772][ T2794] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.362691][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 238.373121][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 238.382653][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 238.392394][ T8943] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.400430][ T8943] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.409531][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 238.424712][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 238.440823][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 238.464071][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 238.474434][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.486663][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.496833][ T8943] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.505480][ T8943] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.516637][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 238.527454][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.539753][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 238.557968][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 238.569030][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.581108][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 238.590458][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 238.601235][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 238.629013][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 238.642828][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 238.657487][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 238.668054][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 238.678187][ T18] Bluetooth: hci1: command 0x040f tx timeout [ 238.681764][ T8910] device veth0_vlan entered promiscuous mode [ 238.701682][ T8912] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 238.715459][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 238.726516][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 238.735914][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 238.772515][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 238.819683][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 238.859801][ T8915] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 238.890482][ T18] Bluetooth: hci0: command 0x040f tx timeout [ 238.920682][ T2794] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 238.940671][ T2794] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.951973][ T2794] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 238.967366][ T2794] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.983476][ T2794] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 239.020542][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 239.047843][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 239.065980][ T8910] device veth1_vlan entered promiscuous mode [ 239.085711][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 239.095714][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 239.107250][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 239.116262][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 239.130531][ T8944] Bluetooth: hci2: command 0x040f tx timeout [ 239.135829][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 239.160370][ T2555] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 239.191159][ T8915] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.207804][ T8914] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 239.224218][ T8914] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 239.234126][ T8946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 239.245192][ T8946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 239.256712][ T8946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 239.266337][ T8946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 239.276203][ T8946] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 239.285693][ T8946] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 239.300772][ T18] Bluetooth: hci3: command 0x040f tx timeout [ 239.303740][ T8912] device veth0_vlan entered promiscuous mode [ 239.333294][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 239.346778][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 239.370346][ T8912] device veth1_vlan entered promiscuous mode [ 239.378915][ T8910] device veth0_macvtap entered promiscuous mode [ 239.408792][ T2794] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 239.420624][ T2794] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 239.436484][ T2794] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 239.449184][ T2794] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 239.464588][ T2794] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 239.489907][ T8944] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 239.501894][ T8944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 239.517756][ T8910] device veth1_macvtap entered promiscuous mode [ 239.537393][ T8914] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.568268][ T8945] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 239.591855][ T8910] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 239.619913][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 239.632950][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 239.643817][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 239.656241][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 239.679254][ T8910] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 239.691241][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 239.711873][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 239.727074][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 239.747768][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 239.763875][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 239.778249][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 239.792840][ T8912] device veth0_macvtap entered promiscuous mode [ 239.811306][ T8915] device veth0_vlan entered promiscuous mode [ 239.831188][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 239.840638][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 239.854163][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 239.871858][ T8910] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.884577][ T8910] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.897064][ T8910] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.908477][ T8910] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 239.928339][ T8912] device veth1_macvtap entered promiscuous mode [ 239.964691][ T8915] device veth1_vlan entered promiscuous mode [ 240.052731][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 240.067242][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 240.080720][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 240.094024][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 240.106737][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 240.121774][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 240.133816][ T8943] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 240.156266][ T8914] device veth0_vlan entered promiscuous mode [ 240.166938][ T8912] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 240.187442][ T8912] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.206515][ T8912] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 240.242045][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 240.262934][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 240.276216][ T8912] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 240.290544][ T8912] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.303552][ T8912] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 240.345340][ T8949] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 240.360117][ T8949] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 240.372817][ T8914] device veth1_vlan entered promiscuous mode [ 240.399273][ T8912] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.413472][ T8912] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.425037][ T8912] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.435146][ T8912] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.474273][ T8] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.484277][ T8] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.486158][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 240.505276][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 240.515882][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 240.525345][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 240.535218][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 240.556292][ T8915] device veth0_macvtap entered promiscuous mode [ 240.595828][ T8945] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 240.615187][ T8914] device veth0_macvtap entered promiscuous mode [ 240.629230][ T8934] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.631796][ T8915] device veth1_macvtap entered promiscuous mode [ 240.639335][ T8934] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.656250][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 240.667108][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 240.683473][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 240.694785][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 240.707767][ T8914] device veth1_macvtap entered promiscuous mode [ 240.730807][ T34] Bluetooth: hci1: command 0x0419 tx timeout [ 240.752418][ T8915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 240.789814][ T8915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.807058][ T8915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 240.832977][ T8915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 240.876157][ T8915] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 240.921752][ T2450] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.936643][ T8950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.942729][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 240.950207][ T2450] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.954361][ T8950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.971005][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 241.010908][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 241.025409][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 241.040440][ T34] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 241.059519][ T34] Bluetooth: hci0: command 0x0419 tx timeout [ 241.064373][ T8910] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 241.076774][ T8915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 241.140012][ T8915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.172853][ T8915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 241.208258][ T8915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.210929][ T8945] Bluetooth: hci2: command 0x0419 tx timeout [ 241.273116][ T8915] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 241.331867][ T8914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 241.364533][ T8914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 07:39:47 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00000000c0)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6}, @sadb_x_policy={0x8, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, @in=@dev}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1}}]}, 0xa0}, 0x1, 0x40030000000000, 0x0, 0x4}, 0x0) [ 241.372068][ T18] Bluetooth: hci3: command 0x0419 tx timeout [ 241.395592][ T8914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 241.441135][ T8914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.460066][ T8914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 241.474641][ T8914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.491936][ T8914] batman_adv: batadv0: Interface activated: batadv_slave_0 07:39:47 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_mr_cache\x00') read$FUSE(r0, 0x0, 0x0) [ 241.516419][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 241.537218][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 241.562110][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 241.583845][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready 07:39:47 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_mr_cache\x00') read$FUSE(r0, 0x0, 0x0) [ 241.621191][ T8914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 241.651759][ T8914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.683996][ T8914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 241.712989][ T8914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 07:39:47 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_mr_cache\x00') read$FUSE(r0, 0x0, 0x0) [ 241.758396][ T8914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 07:39:48 executing program 1: syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x6, &(0x7f0000000000)={r2, @in6={{0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000240)=0x9c) [ 241.809282][ T8914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 241.831822][ T8914] batman_adv: batadv0: Interface activated: batadv_slave_1 07:39:48 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_mr_cache\x00') read$FUSE(r0, 0x0, 0x0) [ 241.863550][ T8915] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.887625][ T8915] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.901377][ T8915] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.929142][ T8915] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 241.961728][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 241.977112][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 242.012088][ T8914] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.024391][ T8914] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.035987][ T8914] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.046020][ T8914] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 242.136887][ T2450] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.143842][ T8934] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.154120][ T2450] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.165367][ T8934] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.172276][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 242.202313][ T18] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 242.226197][ T2450] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.230850][ T8950] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 242.241452][ T2450] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.253208][ T8950] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 242.265030][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 242.283521][ T2900] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready 07:39:48 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f00000061c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000a240)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000c280)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000e2c0)={0x2020}, 0x2020) 07:39:48 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r0, 0x800c5011, 0x0) 07:39:48 executing program 3: syz_80211_join_ibss(&(0x7f0000000280)='wlan0\x00', 0x0, 0x0, 0x0) 07:39:48 executing program 1: syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x6, &(0x7f0000000000)={r2, @in6={{0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000240)=0x9c) 07:39:48 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f00000061c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000a240)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000c280)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000e2c0)={0x2020}, 0x2020) 07:39:48 executing program 1: syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x6, &(0x7f0000000000)={r2, @in6={{0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000240)=0x9c) 07:39:48 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f00000061c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000a240)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000c280)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000e2c0)={0x2020}, 0x2020) 07:39:48 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f00000061c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000a240)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000c280)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000e2c0)={0x2020}, 0x2020) 07:39:48 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100}) mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x2) mmap$binder(&(0x7f00000c0000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4c, 0x0, &(0x7f0000000180)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat, @fd={0x66642a85, 0x0, r0}, @ptr={0x70742a85, 0x0, &(0x7f0000000280)=""/10, 0xa}}, &(0x7f00000002c0)={0x0, 0x18, 0x30}}, 0x10}], 0x0, 0x0, &(0x7f0000000300)}) 07:39:49 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f00000061c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000a240)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000c280)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000e2c0)={0x2020}, 0x2020) 07:39:49 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f00000061c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000a240)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000c280)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000e2c0)={0x2020}, 0x2020) [ 242.900516][ T9009] binder: BINDER_SET_CONTEXT_MGR already set 07:39:49 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f00000061c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000a240)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000c280)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000e2c0)={0x2020}, 0x2020) [ 242.958353][ T9009] binder: 9008:9009 ioctl 4018620d 200000c0 returned -16 07:39:49 executing program 1: syz_emit_ethernet(0x2e, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @generic={{0x8, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x33, 0x0, @dev={0xac, 0x2}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x7, 0xb7, [@dev]}, @timestamp={0x7, 0x4, 0x0, 0x3}]}}}}}}, 0x0) 07:39:49 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f00000061c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000a240)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000c280)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000e2c0)={0x2020}, 0x2020) 07:39:49 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f00000061c0)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000a240)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000c280)={0x2020}, 0x2020) read$FUSE(r0, &(0x7f000000e2c0)={0x2020}, 0x2020) 07:39:49 executing program 1: syz_emit_ethernet(0x2e, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @generic={{0x8, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x33, 0x0, @dev={0xac, 0x2}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x7, 0xb7, [@dev]}, @timestamp={0x7, 0x4, 0x0, 0x3}]}}}}}}, 0x0) 07:39:49 executing program 2: syz_mount_image$adfs(&(0x7f0000000000)='adfs\x00', &(0x7f0000000040)='./file0\x00', 0x300, 0x0, &(0x7f0000000380), 0x0, &(0x7f0000000100)) [ 243.225367][ T9032] ADFS-fs (loop2): error: unable to read block 3, try 0 07:39:49 executing program 1: syz_emit_ethernet(0x2e, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @generic={{0x8, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x33, 0x0, @dev={0xac, 0x2}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x7, 0xb7, [@dev]}, @timestamp={0x7, 0x4, 0x0, 0x3}]}}}}}}, 0x0) 07:39:49 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f00000001c0)=ANY=[], 0x1278636d) socket$inet(0x2, 0x3, 0x33) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) bind$inet(r2, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 07:39:49 executing program 1: syz_emit_ethernet(0x2e, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @generic={{0x8, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x33, 0x0, @dev={0xac, 0x2}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x7, 0xb7, [@dev]}, @timestamp={0x7, 0x4, 0x0, 0x3}]}}}}}}, 0x0) 07:39:49 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x48, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELFLOWTABLE={0x48, 0x16, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'bond0\x00'}]}]}]}], {0x14, 0x10}}, 0xd8}}, 0x0) [ 243.344186][ T9032] ADFS-fs (loop2): error: unable to read block 3, try 0 07:39:49 executing program 2: syz_mount_image$adfs(&(0x7f0000000000)='adfs\x00', &(0x7f0000000040)='./file0\x00', 0x300, 0x0, &(0x7f0000000380), 0x0, &(0x7f0000000100)) 07:39:49 executing program 3: r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f00000025c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x66) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x64, 0x24, 0xf0b, 0x0, 0x0, {0x60, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x38, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x85b3eb56120dd54}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {}, 0x0, 0x1}}]}}]}, 0x64}}, 0x0) 07:39:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000004780)={'tunl0\x00', &(0x7f0000004700)={'tunl0\x00', r1, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14}}}}) 07:39:49 executing program 1: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)='sysfs\x00', 0x0, 0x0) [ 243.494146][ T9057] ADFS-fs (loop2): error: unable to read block 3, try 0 07:39:49 executing program 2: syz_mount_image$adfs(&(0x7f0000000000)='adfs\x00', &(0x7f0000000040)='./file0\x00', 0x300, 0x0, &(0x7f0000000380), 0x0, &(0x7f0000000100)) [ 243.578002][ T9068] ADFS-fs (loop2): error: unable to read block 3, try 0 07:39:50 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f00000001c0)=ANY=[], 0x1278636d) socket$inet(0x2, 0x3, 0x33) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) bind$inet(r2, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 07:39:50 executing program 3: r0 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000001d80)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}}}]}}]}}, 0x0) syz_usb_ep_read(r0, 0xff, 0x34, &(0x7f00000020c0)=""/52) 07:39:50 executing program 1: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)='sysfs\x00', 0x0, 0x0) 07:39:50 executing program 2: syz_mount_image$adfs(&(0x7f0000000000)='adfs\x00', &(0x7f0000000040)='./file0\x00', 0x300, 0x0, &(0x7f0000000380), 0x0, &(0x7f0000000100)) 07:39:50 executing program 1: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)='sysfs\x00', 0x0, 0x0) [ 244.190353][ T9079] ADFS-fs (loop2): error: unable to read block 3, try 0 07:39:50 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='mounts\x00') read$char_usb(r0, &(0x7f0000000080)=""/174, 0xae) 07:39:50 executing program 1: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000200)='sysfs\x00', 0x0, 0x0) 07:39:50 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='mounts\x00') read$char_usb(r0, &(0x7f0000000080)=""/174, 0xae) [ 244.452036][ T34] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 244.841056][ T34] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 245.021670][ T34] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 245.387544][ T34] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.465527][ T34] usb 8-1: Product: syz [ 245.496732][ T34] usb 8-1: Manufacturer: syz [ 245.549729][ T34] usb 8-1: SerialNumber: syz 07:39:51 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='mounts\x00') read$char_usb(r0, &(0x7f0000000080)=""/174, 0xae) [ 245.865799][ T34] cdc_ether: probe of 8-1:1.0 failed with error -22 [ 246.101941][ T2900] usb 8-1: USB disconnect, device number 2 [ 246.890677][ T23] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 247.232546][ T23] usb 8-1: device descriptor read/all, error -71 07:39:53 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='mounts\x00') read$char_usb(r0, &(0x7f0000000080)=""/174, 0xae) 07:39:53 executing program 1: writev(0xffffffffffffffff, &(0x7f0000000680)=[{&(0x7f0000000080)="390000001300034700bb65e1c3e4ffff0600000001", 0x15}], 0x1) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000280)={0x4001}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x78}}, 0x0) 07:39:53 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f00000001c0)=ANY=[], 0x1278636d) socket$inet(0x2, 0x3, 0x33) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) bind$inet(r2, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 07:39:53 executing program 3: r0 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000001d80)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}}}]}}]}}, 0x0) syz_usb_ep_read(r0, 0xff, 0x34, &(0x7f00000020c0)=""/52) 07:39:53 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000340), &(0x7f0000000380)=0x8) 07:39:53 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000240)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10, 0x0}, 0x4048024) close(r0) 07:39:53 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000240)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10, 0x0}, 0x4048024) close(r0) 07:39:53 executing program 1: keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'ecryptfs', 0x20, 'user:', '\x85\xe7z', 0x20, 0x800}, 0x2b, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) 07:39:53 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000240)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10, 0x0}, 0x4048024) close(r0) [ 247.649134][ T9128] encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes [ 247.670762][ T23] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 248.061957][ T23] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 07:39:54 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f00000001c0)=ANY=[], 0x1278636d) socket$inet(0x2, 0x3, 0x33) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) bind$inet(r2, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 07:39:54 executing program 1: keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'ecryptfs', 0x20, 'user:', '\x85\xe7z', 0x20, 0x800}, 0x2b, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) [ 248.344508][ T23] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 248.372326][ T23] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.396146][ T9138] encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes [ 248.405647][ T23] usb 8-1: Product: syz [ 248.429198][ T23] usb 8-1: Manufacturer: syz [ 248.442266][ T23] usb 8-1: SerialNumber: syz [ 248.503884][ T23] cdc_ether: probe of 8-1:1.0 failed with error -22 [ 248.749719][ T23] usb 8-1: USB disconnect, device number 4 07:39:55 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000240)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10, 0x0}, 0x4048024) close(r0) 07:39:55 executing program 1: keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'ecryptfs', 0x20, 'user:', '\x85\xe7z', 0x20, 0x800}, 0x2b, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) 07:39:55 executing program 3: r0 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000001d80)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}}}]}}]}}, 0x0) syz_usb_ep_read(r0, 0xff, 0x34, &(0x7f00000020c0)=""/52) 07:39:55 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000001400)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x0, 0x0}) [ 249.351037][ T9146] encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes 07:39:55 executing program 2: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x10000, 0xe, &(0x7f0000000200)=[{&(0x7f0000010000)="eb58906d6b66732e66617400020120000400008000f800002000400003000000000000000100000000000000020000000100060000000000000000000000000080002913cb39f153595a4b414c4c4552202046415433322020200e1fbe777cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a0000000000", 0xe0}, {&(0x7f0000010100)="00000000000000000000000000000000000000000000000000000000000055aa5252614100"/64, 0x40, 0x1e0}, {&(0x7f0000010200)="0000000072724161430000001a000000000000000000000000000000000055aa", 0x20, 0x3e0}, {&(0x7f0000010300)="eb58906d6b66732e66617400020120000400008000f800002000400003000000000000000100000000000000020000000100060000000000000000000000000080002913cb39f153595a4b414c4c4552202046415433322020200e1fbe777cac22c0740b56b40ebb0700cd105eebf032e4cd16cd19ebfe54686973206973206e6f74206120626f6f7461626c65206469736b2e2020506c6561736520696e73657274206120626f6f7461626c6520666c6f70707920616e640d0a707265737320616e79206b657920746f2074727920616761696e202e2e2e200d0a0000000000", 0xe0, 0xc00}, {&(0x7f0000010400)="00000000000000000000000000000000000000000000000000000000000055aa", 0x20, 0xde0}, {&(0x7f0000010500)="f8ffff0fffffff0ff8ffff0fffffff0f0500000006000000ffffff0fffffff0f090000000a0000000b0000000c0000000d0000000e0000000f00000010000000110000001200000013000000140000001500000016000000170000001800000019000000ffffff0fffffff0f00"/128, 0x80, 0x4000}, {&(0x7f0000010600)="f8ffff0fffffff0ff8ffff0fffffff0f0500000006000000ffffff0fffffff0f090000000a0000000b0000000c0000000d0000000e0000000f00000010000000110000001200000013000000140000001500000016000000170000001800000019000000ffffff0fffffff0f00"/128, 0x80, 0x4200}, {&(0x7f0000010700)="f8ffff0fffffff0ff8ffff0fffffff0f0500000006000000ffffff0fffffff0f090000000a0000000b0000000c0000000d0000000e0000000f00000010000000110000001200000013000000140000001500000016000000170000001800000019000000ffffff0fffffff0f00"/128, 0x80, 0x4400}, {&(0x7f0000010800)="f8ffff0fffffff0ff8ffff0fffffff0f0500000006000000ffffff0fffffff0f090000000a0000000b0000000c0000000d0000000e0000000f00000010000000110000001200000013000000140000001500000016000000170000001800000019000000ffffff0fffffff0f00"/128, 0x80, 0x4600}, {&(0x7f0000010900)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202010000de870325132510000e870325103000000000041660069006c00650031000f00100000ffffffffffffffffffff0000ffffffff46494c453120202020202020000de870325132510000e870325107000a00000041660069006c00650032000f00140000ffffffffffffffffffff0000ffffffff46494c453220202020202020000de870325132510000e870325108002823000041660069006c0065002e000f00d263006f006c0064000000ffff0000ffffffff46494c457e312020434f4c20000de870325132510000e87032511a0064000000", 0x120, 0x4800}, {&(0x7f0000010b00)="2e2020202020202020202010000de870325132510000e87032510300000000002e2e20202020202020202010000de870325132510000e870325100000000000041660069006c00650030000f00fc0000ffffffffffffffffffff0000ffffffff46494c453020202020202020000de870325132510000e870325104001a040000", 0x80, 0x4a00}, {&(0x7f0000010c00)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal\x00\x00\x00\x00\x00\x00', 0x420, 0x4c00}, {&(0x7f0000011100)='syzkallers\x00'/32, 0x20, 0x5200}, {&(0x7f0000011200)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallers\x00'/128, 0x80, 0x7800}], 0x0, &(0x7f0000011300)) 07:39:55 executing program 1: keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'ecryptfs', 0x20, 'user:', '\x85\xe7z', 0x20, 0x800}, 0x2b, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) 07:39:55 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000001400)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x0, 0x0}) [ 249.552538][ T9157] encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes 07:39:55 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="d800000018008100e00f80ecdb4cb9040a0265ef0b007c05e87c55a1bc000900b8000699030000000500150005008178a8001600a40001000000000003ac040000d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5125ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e9703", 0xd8}], 0x1}, 0x0) 07:39:55 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000001400)={0x53, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x0, 0x0}) 07:39:55 executing program 1: r0 = socket$inet_sctp(0x2, 0x1, 0x84) r1 = syz_open_dev$audion(&(0x7f0000000400)='/dev/audio#\x00', 0x65, 0x1) write$UHID_GET_REPORT_REPLY(r1, &(0x7f0000000440), 0xa) dup2(r0, r1) [ 249.711370][ T8946] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 249.712028][ T9170] IPv6: NLM_F_CREATE should be specified when creating new route [ 250.100406][ T8946] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 250.280278][ T8946] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 250.281394][ C2] [ 250.291615][ T8946] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.290056][ C2] ======================================================== [ 250.290056][ C2] WARNING: possible irq lock inversion dependency detected [ 250.290056][ C2] 5.9.0-syzkaller #0 Not tainted [ 250.306930][ T8946] usb 8-1: Product: syz [ 250.290056][ C2] -------------------------------------------------------- [ 250.290056][ C2] swapper/2/0 just changed the state of lock: [ 250.290056][ C2] ffff888072df0108 (&group->lock){..-.}-{2:2}, at: _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 250.290056][ C2] but this lock took another, SOFTIRQ-READ-unsafe lock in the past: [ 250.290056][ C2] (&card->ctl_files_rwlock){.+.+}-{2:2} [ 250.290056][ C2] [ 250.290056][ C2] [ 250.290056][ C2] and interrupts could create inverse lock ordering between them. [ 250.290056][ C2] [ 250.290056][ C2] [ 250.290056][ C2] other info that might help us debug this: [ 250.290056][ C2] Possible interrupt unsafe locking scenario: [ 250.290056][ C2] [ 250.290056][ C2] CPU0 CPU1 [ 250.290056][ C2] ---- ---- [ 250.290056][ C2] lock(&card->ctl_files_rwlock); [ 250.290056][ C2] local_irq_disable(); [ 250.290056][ C2] lock(&group->lock); [ 250.290056][ C2] lock(&card->ctl_files_rwlock); [ 250.290056][ C2] [ 250.290056][ C2] lock(&group->lock); [ 250.290056][ C2] [ 250.290056][ C2] *** DEADLOCK *** [ 250.290056][ C2] [ 250.290056][ C2] 1 lock held by swapper/2/0: [ 250.290056][ C2] #0: ffffc90000540d80 ((&dpcm->timer)){+.-.}-{0:0}, at: call_timer_fn+0xd5/0x6b0 [ 250.290056][ C2] [ 250.290056][ C2] the shortest dependencies between 2nd lock and 1st lock: [ 250.333107][ T8946] usb 8-1: Manufacturer: syz [ 250.290056][ C2] -> (&card->ctl_files_rwlock){.+.+}-{2:2} { [ 250.290056][ C2] HARDIRQ-ON-R at: [ 250.290056][ C2] lock_acquire+0x219/0x9d0 [ 250.290056][ C2] _raw_read_lock+0x5b/0x70 [ 250.290056][ C2] snd_ctl_notify.part.0+0x36/0x550 [ 250.354835][ T8946] usb 8-1: SerialNumber: syz [ 250.290056][ C2] snd_ctl_notify+0x8f/0xb0 [ 250.290056][ C2] __snd_ctl_add_replace+0x638/0x800 [ 250.290056][ C2] snd_ctl_add_replace+0x76/0x130 [ 250.290056][ C2] snd_dummy_probe+0xc22/0x1180 [ 250.290056][ C2] platform_drv_probe+0x87/0x140 [ 250.290056][ C2] really_probe+0x282/0x9f0 [ 250.290056][ C2] driver_probe_device+0xfe/0x1d0 [ 250.290056][ C2] __device_attach_driver+0x1c2/0x220 [ 250.290056][ C2] bus_for_each_drv+0x15f/0x1e0 [ 250.290056][ C2] __device_attach+0x228/0x470 [ 250.290056][ C2] bus_probe_device+0x1e4/0x290 [ 250.290056][ C2] device_add+0xb17/0x1c40 [ 250.290056][ C2] platform_device_add+0x34f/0x6d0 [ 250.290056][ C2] platform_device_register_full+0x38c/0x4e0 [ 250.290056][ C2] alsa_card_dummy_init+0x1e0/0x309 [ 250.290056][ C2] do_one_initcall+0x103/0x6f0 [ 250.290056][ C2] kernel_init_freeable+0x652/0x6d6 [ 250.451253][ T8946] cdc_ether: probe of 8-1:1.0 failed with error -22 [ 250.430082][ C2] kernel_init+0xd/0x1b8 [ 250.430082][ C2] ret_from_fork+0x1f/0x30 [ 250.430082][ C2] SOFTIRQ-ON-R at: [ 250.430082][ C2] lock_acquire+0x219/0x9d0 [ 250.430082][ C2] _raw_read_lock+0x5b/0x70 [ 250.430082][ C2] snd_ctl_notify.part.0+0x36/0x550 [ 250.430082][ C2] snd_ctl_notify+0x8f/0xb0 [ 250.430082][ C2] __snd_ctl_add_replace+0x638/0x800 [ 250.430082][ C2] snd_ctl_add_replace+0x76/0x130 [ 250.430082][ C2] snd_dummy_probe+0xc22/0x1180 [ 250.430082][ C2] platform_drv_probe+0x87/0x140 [ 250.430082][ C2] really_probe+0x282/0x9f0 [ 250.430082][ C2] driver_probe_device+0xfe/0x1d0 [ 250.430082][ C2] __device_attach_driver+0x1c2/0x220 [ 250.430082][ C2] bus_for_each_drv+0x15f/0x1e0 [ 250.430082][ C2] __device_attach+0x228/0x470 [ 250.430082][ C2] bus_probe_device+0x1e4/0x290 [ 250.430082][ C2] device_add+0xb17/0x1c40 [ 250.430082][ C2] platform_device_add+0x34f/0x6d0 [ 250.430082][ C2] platform_device_register_full+0x38c/0x4e0 [ 250.430082][ C2] alsa_card_dummy_init+0x1e0/0x309 [ 250.430082][ C2] do_one_initcall+0x103/0x6f0 [ 250.430082][ C2] kernel_init_freeable+0x652/0x6d6 [ 250.430082][ C2] kernel_init+0xd/0x1b8 [ 250.430082][ C2] ret_from_fork+0x1f/0x30 [ 250.430082][ C2] INITIAL READ USE at: [ 250.430082][ C2] lock_acquire+0x219/0x9d0 [ 250.430082][ C2] _raw_read_lock+0x5b/0x70 [ 250.430082][ C2] snd_ctl_notify.part.0+0x36/0x550 [ 250.430082][ C2] snd_ctl_notify+0x8f/0xb0 [ 250.430082][ C2] __snd_ctl_add_replace+0x638/0x800 [ 250.430082][ C2] snd_ctl_add_replace+0x76/0x130 [ 250.430082][ C2] snd_dummy_probe+0xc22/0x1180 [ 250.430082][ C2] platform_drv_probe+0x87/0x140 [ 250.430082][ C2] really_probe+0x282/0x9f0 [ 250.430082][ C2] driver_probe_device+0xfe/0x1d0 [ 250.430082][ C2] __device_attach_driver+0x1c2/0x220 [ 250.430082][ C2] bus_for_each_drv+0x15f/0x1e0 [ 250.430082][ C2] __device_attach+0x228/0x470 [ 250.430082][ C2] bus_probe_device+0x1e4/0x290 [ 250.430082][ C2] device_add+0xb17/0x1c40 [ 250.430082][ C2] platform_device_add+0x34f/0x6d0 [ 250.430082][ C2] platform_device_register_full+0x38c/0x4e0 [ 250.430082][ C2] alsa_card_dummy_init+0x1e0/0x309 [ 250.430082][ C2] do_one_initcall+0x103/0x6f0 [ 250.467209][ C2] kernel_init_freeable+0x652/0x6d6 [ 250.467209][ C2] kernel_init+0xd/0x1b8 [ 250.676362][ T36] usb 8-1: USB disconnect, device number 5 [ 250.477541][ C2] ret_from_fork+0x1f/0x30 [ 250.477541][ C2] } [ 250.477541][ C2] ... key at: [] __key.11+0x0/0x40 [ 250.477541][ C2] ... acquired at: [ 250.477541][ C2] _raw_read_lock+0x5b/0x70 [ 250.477541][ C2] snd_ctl_notify.part.0+0x36/0x550 [ 250.477541][ C2] snd_ctl_notify+0x8f/0xb0 [ 250.477541][ C2] loopback_trigger+0x112f/0x1ab0 [ 250.477541][ C2] snd_pcm_do_start+0xb1/0xf0 [ 251.300213][ C2] snd_pcm_action+0xc8/0x170 [ 251.300213][ C2] __snd_pcm_lib_xfer+0x1202/0x1a90 [ 251.300213][ C2] snd_pcm_oss_write3+0x107/0x320 [ 251.300213][ C2] io_playback_transfer+0x27e/0x330 [ 251.300213][ C2] snd_pcm_plug_write_transfer+0x2cd/0x3f0 [ 251.300213][ C2] snd_pcm_oss_write2+0x245/0x3f0 [ 251.300213][ C2] snd_pcm_oss_sync1+0x168/0x450 [ 251.300213][ C2] snd_pcm_oss_sync+0x638/0x800 [ 251.300213][ C2] snd_pcm_oss_release+0x276/0x300 [ 251.300213][ C2] __fput+0x285/0x920 [ 251.300213][ C2] task_work_run+0xdd/0x190 [ 251.300213][ C2] exit_to_user_mode_prepare+0x20e/0x230 [ 251.300213][ C2] syscall_exit_to_user_mode+0x7a/0x2c0 [ 251.300213][ C2] __do_fast_syscall_32+0x62/0x80 [ 251.300213][ C2] do_fast_syscall_32+0x2f/0x70 [ 251.300213][ C2] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 251.300213][ C2] [ 251.300213][ C2] -> (&group->lock){..-.}-{2:2} { [ 251.300213][ C2] IN-SOFTIRQ-W at: [ 251.300213][ C2] lock_acquire+0x219/0x9d0 [ 251.300213][ C2] _raw_spin_lock_irqsave+0x94/0xd0 [ 251.300213][ C2] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 251.300213][ C2] snd_pcm_period_elapsed+0x24/0x250 [ 251.300213][ C2] loopback_jiffies_timer_function+0x1a8/0x220 [ 251.300213][ C2] call_timer_fn+0x1a5/0x6b0 [ 251.300213][ C2] __run_timers.part.0+0x67c/0xa50 [ 251.300213][ C2] run_timer_softirq+0xb3/0x1d0 [ 251.300213][ C2] __do_softirq+0x203/0xac5 [ 251.300213][ C2] asm_call_irq_on_stack+0xf/0x20 [ 251.300213][ C2] do_softirq_own_stack+0xaa/0xd0 [ 251.300213][ C2] irq_exit_rcu+0x235/0x280 [ 251.300213][ C2] sysvec_apic_timer_interrupt+0x4d/0x100 [ 251.300213][ C2] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 251.300213][ C2] native_safe_halt+0xe/0x10 [ 251.300213][ C2] default_idle+0x2f/0x50 [ 251.300213][ C2] default_idle_call+0x95/0xd0 [ 251.300213][ C2] do_idle+0x4a9/0x730 [ 251.300213][ C2] cpu_startup_entry+0x14/0x20 [ 251.300213][ C2] secondary_startup_64+0xa4/0xb0 [ 251.300213][ C2] INITIAL USE at: [ 251.300213][ C2] lock_acquire+0x219/0x9d0 [ 251.300213][ C2] _raw_spin_lock_irq+0x94/0xd0 [ 251.300213][ C2] snd_pcm_hw_params+0x12a/0x1920 [ 251.300213][ C2] snd_pcm_kernel_ioctl+0xd1/0x240 [ 251.300213][ C2] snd_pcm_oss_change_params_locked+0x130a/0x3420 [ 251.300213][ C2] snd_pcm_oss_make_ready+0xe6/0x2e0 [ 251.300213][ C2] snd_pcm_oss_sync+0x1de/0x800 [ 251.300213][ C2] snd_pcm_oss_release+0x276/0x300 [ 251.300213][ C2] __fput+0x285/0x920 [ 251.300213][ C2] task_work_run+0xdd/0x190 [ 251.300213][ C2] exit_to_user_mode_prepare+0x20e/0x230 [ 251.300213][ C2] syscall_exit_to_user_mode+0x7a/0x2c0 [ 251.300213][ C2] __do_fast_syscall_32+0x62/0x80 [ 251.300213][ C2] do_fast_syscall_32+0x2f/0x70 [ 251.300213][ C2] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 251.300213][ C2] } [ 251.300213][ C2] ... key at: [] __key.7+0x0/0x40 [ 251.300213][ C2] ... acquired at: [ 251.300213][ C2] __lock_acquire+0x1190/0x5590 [ 251.300213][ C2] lock_acquire+0x219/0x9d0 [ 251.300213][ C2] _raw_spin_lock_irqsave+0x94/0xd0 [ 251.300213][ C2] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 251.300213][ C2] snd_pcm_period_elapsed+0x24/0x250 [ 251.300213][ C2] loopback_jiffies_timer_function+0x1a8/0x220 [ 251.300213][ C2] call_timer_fn+0x1a5/0x6b0 [ 251.300213][ C2] __run_timers.part.0+0x67c/0xa50 [ 251.300213][ C2] run_timer_softirq+0xb3/0x1d0 [ 251.300213][ C2] __do_softirq+0x203/0xac5 [ 251.300213][ C2] asm_call_irq_on_stack+0xf/0x20 [ 251.300213][ C2] do_softirq_own_stack+0xaa/0xd0 [ 251.300213][ C2] irq_exit_rcu+0x235/0x280 [ 251.300213][ C2] sysvec_apic_timer_interrupt+0x4d/0x100 [ 251.300213][ C2] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 251.300213][ C2] native_safe_halt+0xe/0x10 [ 251.300213][ C2] default_idle+0x2f/0x50 [ 251.300213][ C2] default_idle_call+0x95/0xd0 [ 251.300213][ C2] do_idle+0x4a9/0x730 [ 251.300213][ C2] cpu_startup_entry+0x14/0x20 [ 251.300213][ C2] secondary_startup_64+0xa4/0xb0 [ 251.300213][ C2] [ 251.300213][ C2] [ 251.300213][ C2] stack backtrace: [ 251.300213][ C2] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 5.9.0-syzkaller #0 [ 251.300213][ C2] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 251.300213][ C2] Call Trace: [ 251.300213][ C2] [ 251.300213][ C2] dump_stack+0x198/0x1fb [ 251.300213][ C2] mark_lock.cold+0x20/0x74 [ 251.300213][ C2] ? lock_chain_count+0x20/0x20 [ 251.300213][ C2] ? lock_is_held_type+0xcf/0x110 [ 251.300213][ C2] ? find_held_lock+0x2d/0x110 [ 251.300213][ C2] ? lock_downgrade+0x7a0/0x7a0 [ 251.300213][ C2] __lock_acquire+0x1190/0x5590 [ 251.300213][ C2] ? lock_downgrade+0x7a0/0x7a0 [ 251.300213][ C2] ? lockdep_hardirqs_on_prepare+0x450/0x450 [ 251.300213][ C2] ? mark_lock+0xf7/0x23a0 [ 251.300213][ C2] lock_acquire+0x219/0x9d0 [ 251.300213][ C2] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 251.300213][ C2] ? lock_release+0x7e0/0x7e0 [ 251.300213][ C2] ? find_held_lock+0x2d/0x110 [ 251.300213][ C2] ? loopback_jiffies_timer_function+0x188/0x220 [ 251.300213][ C2] ? _raw_spin_lock_irqsave+0xa9/0xd0 [ 251.300213][ C2] _raw_spin_lock_irqsave+0x94/0xd0 [ 251.300213][ C2] ? _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 251.300213][ C2] _snd_pcm_stream_lock_irqsave+0x9f/0xd0 [ 251.300213][ C2] snd_pcm_period_elapsed+0x24/0x250 [ 251.300213][ C2] loopback_jiffies_timer_function+0x1a8/0x220 [ 251.300213][ C2] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 251.300213][ C2] call_timer_fn+0x1a5/0x6b0 [ 251.300213][ C2] ? add_timer_on+0x4a0/0x4a0 [ 252.810337][ C2] ? lock_downgrade+0x7a0/0x7a0 [ 252.810337][ C2] ? _raw_spin_unlock_irq+0x1f/0x80 [ 252.810337][ C2] ? loopback_jiffies_timer_pos_update+0xf60/0xf60 [ 252.810337][ C2] __run_timers.part.0+0x67c/0xa50 [ 252.810337][ C2] ? call_timer_fn+0x6b0/0x6b0 [ 252.810337][ C2] ? sched_clock_cpu+0x17b/0x1f0 [ 252.810337][ C2] run_timer_softirq+0xb3/0x1d0 [ 252.810337][ C2] __do_softirq+0x203/0xac5 [ 252.810337][ C2] asm_call_irq_on_stack+0xf/0x20 [ 252.890429][ C2] [ 252.890429][ C2] do_softirq_own_stack+0xaa/0xd0 [ 252.890429][ C2] irq_exit_rcu+0x235/0x280 [ 252.890429][ C2] sysvec_apic_timer_interrupt+0x4d/0x100 [ 252.890429][ C2] asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 252.890429][ C2] RIP: 0010:native_safe_halt+0xe/0x10 [ 252.890429][ C2] Code: 89 ef e8 a5 dd 86 f9 e9 86 fe ff ff 48 89 df e8 98 dd 86 f9 e9 7b ff ff ff cc cc cc e9 07 00 00 00 0f 00 2d a4 a7 5a 00 fb f4 90 e9 07 00 00 00 0f 00 2d 94 a7 5a 00 f4 c3 cc cc 55 53 e8 a9 [ 252.890429][ C2] RSP: 0018:ffffc9000042fe60 EFLAGS: 00000286 [ 252.890429][ C2] RAX: 1ffffffff1439dd8 RBX: ffff88802c22c3c0 RCX: 1ffffffff1704ab9 [ 252.890429][ C2] RDX: dffffc0000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 252.890429][ C2] RBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000001 [ 252.890429][ C2] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8a1ceea0 [ 252.890429][ C2] R13: ffffed1005845878 R14: 0000000000000002 R15: ffffffff8b829208 [ 252.890429][ C2] default_idle+0x2f/0x50 [ 252.890429][ C2] default_idle_call+0x95/0xd0 [ 252.890429][ C2] do_idle+0x4a9/0x730 [ 252.890429][ C2] ? arch_cpu_idle_exit+0x70/0x70 [ 252.890429][ C2] cpu_startup_entry+0x14/0x20 [ 252.890429][ C2] secondary_startup_64+0xa4/0xb0 [ 253.444611][ T8950] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.578451][ T8910] syz-executor.0 (8910) used greatest stack depth: 23176 bytes left [ 253.647582][ T8950] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.781134][ T8950] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.889849][ T8950] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.159218][ T8950] tipc: TX() has been purged, node left! [ 255.350946][ T8950] device hsr_slave_0 left promiscuous mode [ 255.360562][ T8950] device hsr_slave_1 left promiscuous mode [ 255.370229][ T8950] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 255.379475][ T8950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 255.393018][ T8950] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 255.402519][ T8950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 255.413543][ T8950] device bridge_slave_1 left promiscuous mode [ 255.422715][ T8950] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.437161][ T8950] device bridge_slave_0 left promiscuous mode [ 255.444401][ T8950] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.456639][ T8950] device veth1_macvtap left promiscuous mode [ 255.463702][ T8950] device veth0_macvtap left promiscuous mode [ 255.471644][ T8950] device veth1_vlan left promiscuous mode [ 255.480606][ T8950] device veth0_vlan left promiscuous mode [ 255.808577][ T8950] team0 (unregistering): Port device team_slave_1 removed [ 255.839915][ T8950] team0 (unregistering): Port device team_slave_0 removed [ 255.862035][ T8950] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 255.883618][ T8950] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 255.928497][ T8950] bond0 (unregistering): Released all slaves [ 256.720523][ T8950] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.819252][ T8950] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.929190][ T8950] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.039839][ T8950] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.204625][ T8950] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.312219][ T8950] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.437665][ T8950] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.528475][ T8950] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.663380][ T8950] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.758149][ T8950] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.881576][ T8950] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.973039][ T8950] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 258.125139][ T8950] tipc: TX() has been purged, node left! [ 258.147909][ T8950] tipc: TX() has been purged, node left! [ 258.171051][ T8950] tipc: TX() has been purged, node left! [ 259.669784][ T8950] device hsr_slave_0 left promiscuous mode [ 259.677389][ T8950] device hsr_slave_1 left promiscuous mode [ 259.686000][ T8950] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 259.695374][ T8950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 259.707586][ T8950] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 259.718153][ T8950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 259.730628][ T8950] device bridge_slave_1 left promiscuous mode [ 259.740066][ T8950] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.753275][ T8950] device bridge_slave_0 left promiscuous mode [ 259.762295][ T8950] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.776898][ T8950] device hsr_slave_0 left promiscuous mode [ 259.785313][ T8950] device hsr_slave_1 left promiscuous mode [ 259.793757][ T8950] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 259.803543][ T8950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 259.813571][ T8950] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 259.823766][ T8950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 259.834532][ T8950] device bridge_slave_1 left promiscuous mode [ 259.842965][ T8950] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.994449][ T8950] device bridge_slave_0 left promiscuous mode [ 260.005289][ T8950] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.052998][ T8950] device hsr_slave_0 left promiscuous mode [ 260.061870][ T8950] device hsr_slave_1 left promiscuous mode [ 260.069353][ T8950] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 260.078455][ T8950] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 260.091332][ T8950] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 260.099109][ T8950] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 260.109270][ T8950] device bridge_slave_1 left promiscuous mode [ 260.117675][ T8950] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.127253][ T8950] device bridge_slave_0 left promiscuous mode [ 260.134687][ T8950] bridge0: port 1(bridge_slave_0) entered disabled state [ 260.153833][ T8950] device veth1_macvtap left promiscuous mode [ 260.160333][ T8950] device veth0_macvtap left promiscuous mode [ 260.166892][ T8950] device veth1_vlan left promiscuous mode [ 260.173724][ T8950] device veth0_vlan left promiscuous mode [ 260.184306][ T8950] device veth1_macvtap left promiscuous mode [ 260.191253][ T8950] device veth0_macvtap left promiscuous mode [ 260.197878][ T8950] device veth1_vlan left promiscuous mode [ 260.204117][ T8950] device veth0_vlan left promiscuous mode [ 260.222649][ T8950] device veth1_macvtap left promiscuous mode [ 260.229819][ T8950] device veth0_macvtap left promiscuous mode [ 260.238437][ T8950] device veth1_vlan left promiscuous mode [ 260.249599][ T8950] device veth0_vlan left promiscuous mode