[ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. [ OK ] Started Getty on tty2. [ OK ] Reached target Login Prompts. [ OK ] Reached target Multi-User System. [ OK ] Reached target Graphical Interface. Starting Update UTMP about System Runlevel Changes... [ OK ] Started Update UTMP about System Runlevel Changes. Starting Load/Save RF Kill Switch Status... [ OK ] Started Load/Save RF Kill Switch Status. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.0.161' (ECDSA) to the list of known hosts. 2020/05/23 04:10:54 fuzzer started 2020/05/23 04:10:54 dialing manager at 10.128.0.26:38661 2020/05/23 04:10:55 syscalls: 3055 2020/05/23 04:10:55 code coverage: enabled 2020/05/23 04:10:55 comparison tracing: enabled 2020/05/23 04:10:55 extra coverage: enabled 2020/05/23 04:10:55 setuid sandbox: enabled 2020/05/23 04:10:55 namespace sandbox: enabled 2020/05/23 04:10:55 Android sandbox: /sys/fs/selinux/policy does not exist 2020/05/23 04:10:55 fault injection: enabled 2020/05/23 04:10:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/05/23 04:10:55 net packet injection: enabled 2020/05/23 04:10:55 net device setup: enabled 2020/05/23 04:10:55 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/05/23 04:10:55 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/05/23 04:10:55 USB emulation: enabled 04:13:08 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x8a040, 0x0) setreuid(0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]}) syzkaller login: [ 191.373055][ T6801] IPVS: ftp: loaded support on port[0] = 21 04:13:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000000)="66b80d000f00d8b98a0200000f32b9800000c00f3235008000000f300f7997020000003e0f01cf3e0f01c4c4e1f7d0886b00000066baf80cb840ee1288ef66bafc0cb0efee3e0f08360f2212", 0xe}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 191.525091][ T6801] chnl_net:caif_netlink_parms(): no params data found [ 191.643272][ T6801] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.661216][ T6801] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.669622][ T6801] device bridge_slave_0 entered promiscuous mode [ 191.688798][ T6931] IPVS: ftp: loaded support on port[0] = 21 [ 191.697465][ T6801] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.704934][ T6801] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.721319][ T6801] device bridge_slave_1 entered promiscuous mode 04:13:08 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xa3, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r0, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) connect(r1, &(0x7f0000931ff4)=@un=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) sendmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000100000001"], 0x1c}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) [ 191.787658][ T6801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.815342][ T6801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.922553][ T6801] team0: Port device team_slave_0 added [ 191.964362][ T6801] team0: Port device team_slave_1 added [ 191.994975][ T6931] chnl_net:caif_netlink_parms(): no params data found [ 192.033506][ T6801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.040771][ T6801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.100060][ T6801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 192.125996][ T6801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.134002][ T6801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.164203][ T6801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.196048][ T7058] IPVS: ftp: loaded support on port[0] = 21 [ 192.211339][ T6931] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.218522][ T6931] bridge0: port 1(bridge_slave_0) entered disabled state [ 192.228382][ T6931] device bridge_slave_0 entered promiscuous mode [ 192.257471][ T6931] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.267173][ T6931] bridge0: port 2(bridge_slave_1) entered disabled state [ 192.275620][ T6931] device bridge_slave_1 entered promiscuous mode 04:13:09 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) [ 192.314896][ T6931] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 192.339878][ T6931] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 192.396796][ T6801] device hsr_slave_0 entered promiscuous mode [ 192.453483][ T6801] device hsr_slave_1 entered promiscuous mode [ 192.558996][ T7113] IPVS: ftp: loaded support on port[0] = 21 [ 192.567633][ T6931] team0: Port device team_slave_0 added [ 192.616170][ T6931] team0: Port device team_slave_1 added 04:13:09 executing program 4: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)={0x20000000}) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x0, 0xb8) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x800}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket(0x11, 0x80000, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYRES16=r4, @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x0) close(0xffffffffffffffff) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x8043}, 0x40) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) [ 192.685845][ T6931] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.693596][ T6931] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.722733][ T6931] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 192.737222][ T6931] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.744276][ T6931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.771290][ T6931] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.977369][ T6931] device hsr_slave_0 entered promiscuous mode 04:13:09 executing program 5: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) waitid(0x1, r1, 0x0, 0x8, 0x0) [ 193.032904][ T6931] device hsr_slave_1 entered promiscuous mode [ 193.150374][ T6931] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 193.158630][ T6931] Cannot create hsr debugfs directory [ 193.253817][ T7240] IPVS: ftp: loaded support on port[0] = 21 [ 193.282805][ T7232] IPVS: ftp: loaded support on port[0] = 21 [ 193.296222][ T7058] chnl_net:caif_netlink_parms(): no params data found [ 193.436457][ T6801] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 193.485560][ T6801] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 193.534969][ T6801] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 193.598818][ T7113] chnl_net:caif_netlink_parms(): no params data found [ 193.610232][ T6801] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 193.745104][ T7058] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.759246][ T7058] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.768523][ T7058] device bridge_slave_0 entered promiscuous mode [ 193.812736][ T7058] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.820543][ T7058] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.828455][ T7058] device bridge_slave_1 entered promiscuous mode [ 193.917402][ T7113] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.925113][ T7113] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.934041][ T7113] device bridge_slave_0 entered promiscuous mode [ 193.943951][ T7113] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.954105][ T7113] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.962540][ T7113] device bridge_slave_1 entered promiscuous mode [ 194.035023][ T7113] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 194.059515][ T7058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 194.080983][ T7058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 194.091055][ T6931] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 194.146029][ T6931] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 194.194462][ T7113] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 194.231102][ T6931] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 194.286216][ T6931] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 194.334581][ T7240] chnl_net:caif_netlink_parms(): no params data found [ 194.352499][ T7058] team0: Port device team_slave_0 added [ 194.372801][ T7113] team0: Port device team_slave_0 added [ 194.403456][ T7058] team0: Port device team_slave_1 added [ 194.440716][ T7113] team0: Port device team_slave_1 added [ 194.494912][ T7058] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 194.503366][ T7058] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.529564][ T7058] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 194.542762][ T7058] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 194.549709][ T7058] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.577262][ T7058] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 194.617096][ T7232] chnl_net:caif_netlink_parms(): no params data found [ 194.630179][ T7113] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 194.637142][ T7113] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.664660][ T7113] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 194.688148][ T7113] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 194.695260][ T7113] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.721645][ T7113] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 194.863771][ T7058] device hsr_slave_0 entered promiscuous mode [ 194.920449][ T7058] device hsr_slave_1 entered promiscuous mode [ 194.970064][ T7058] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 194.977724][ T7058] Cannot create hsr debugfs directory [ 195.007933][ T7240] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.015216][ T7240] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.023838][ T7240] device bridge_slave_0 entered promiscuous mode [ 195.072711][ T7240] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.079822][ T7240] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.091630][ T7240] device bridge_slave_1 entered promiscuous mode [ 195.153751][ T7113] device hsr_slave_0 entered promiscuous mode [ 195.200511][ T7113] device hsr_slave_1 entered promiscuous mode [ 195.241000][ T7113] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 195.248680][ T7113] Cannot create hsr debugfs directory [ 195.274834][ T7240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 195.312056][ T7240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 195.339712][ T6801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.370064][ T7232] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.377331][ T7232] bridge0: port 1(bridge_slave_0) entered disabled state [ 195.386917][ T7232] device bridge_slave_0 entered promiscuous mode [ 195.434044][ T7240] team0: Port device team_slave_0 added [ 195.448385][ T7232] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.455674][ T7232] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.467073][ T7232] device bridge_slave_1 entered promiscuous mode [ 195.491562][ T7232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 195.510978][ T7240] team0: Port device team_slave_1 added [ 195.546844][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 195.556106][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 195.569053][ T7232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 195.607167][ T6801] 8021q: adding VLAN 0 to HW filter on device team0 [ 195.648951][ T7232] team0: Port device team_slave_0 added [ 195.666659][ T7240] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 195.677811][ T7240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 195.705133][ T7240] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 195.719703][ T7240] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 195.734291][ T7240] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 195.760974][ T7240] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 195.781016][ T7232] team0: Port device team_slave_1 added [ 195.794797][ T3363] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 195.806022][ T3363] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 195.818200][ T3363] bridge0: port 1(bridge_slave_0) entered blocking state [ 195.825813][ T3363] bridge0: port 1(bridge_slave_0) entered forwarding state [ 195.889736][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.911055][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 195.921309][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 195.929688][ T3364] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.936822][ T3364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.956600][ T6931] 8021q: adding VLAN 0 to HW filter on device bond0 [ 195.976089][ T7232] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 195.984440][ T7232] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.012059][ T7232] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 196.023854][ T7058] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 196.154470][ T7240] device hsr_slave_0 entered promiscuous mode [ 196.220358][ T7240] device hsr_slave_1 entered promiscuous mode [ 196.260112][ T7240] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 196.267805][ T7240] Cannot create hsr debugfs directory [ 196.280982][ T7232] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 196.287944][ T7232] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.320162][ T7232] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 196.331857][ T7058] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 196.371632][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 196.381765][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 196.399919][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 196.409357][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 196.419718][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 196.428902][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 196.438038][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 196.447542][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 196.481085][ T7058] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 196.518233][ T6801] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 196.529594][ T6801] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 196.539349][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 196.548104][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 196.557056][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 196.589347][ T7058] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 196.632100][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 196.641844][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.671776][ T6931] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.743000][ T7232] device hsr_slave_0 entered promiscuous mode [ 196.792098][ T7232] device hsr_slave_1 entered promiscuous mode [ 196.830111][ T7232] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 196.837682][ T7232] Cannot create hsr debugfs directory [ 196.848599][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 196.856915][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 196.864930][ T7113] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 196.900008][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 196.909157][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.920420][ T2577] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.927499][ T2577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.936021][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 196.944921][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.953955][ T2577] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.961112][ T2577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.969615][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 196.995711][ T7113] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 197.047931][ T6801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 197.089298][ T7113] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 197.167414][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 197.218370][ T7113] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 197.245576][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 197.254480][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 197.265177][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 197.311687][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 197.322917][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 197.331590][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 197.368995][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 197.379156][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 197.393088][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 197.404025][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 197.413544][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 197.423393][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 197.471318][ T6931] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 197.492185][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 197.504038][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 197.514408][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 197.525586][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 197.539018][ T6801] device veth0_vlan entered promiscuous mode [ 197.603534][ T7240] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 197.627658][ T7240] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 197.676796][ T7240] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 197.753060][ T7058] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.763992][ T7240] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 197.823419][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 197.831505][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 197.859495][ T6801] device veth1_vlan entered promiscuous mode [ 197.878974][ T6931] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 197.904433][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 197.940347][ T7058] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.965608][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 197.974320][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 197.983291][ T7232] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 198.057278][ T7232] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 198.114635][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 198.124180][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.133634][ T2481] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.140893][ T2481] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.150895][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 198.158861][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 198.171765][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 198.182769][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.189878][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.202836][ T7232] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 198.298642][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 198.308076][ T7232] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 198.346798][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 198.355654][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 198.369659][ T7113] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.382237][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 198.409049][ T6801] device veth0_macvtap entered promiscuous mode [ 198.424495][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 198.435307][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 198.446312][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 198.458726][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 198.469035][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 198.502139][ T6931] device veth0_vlan entered promiscuous mode [ 198.517296][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 198.525380][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 198.534977][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 198.544476][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 198.552893][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 198.566163][ T6801] device veth1_macvtap entered promiscuous mode [ 198.617484][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 198.626477][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 198.636758][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 198.645522][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 198.654754][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 198.663811][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 198.672605][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 198.682119][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.690157][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.701198][ T6931] device veth1_vlan entered promiscuous mode [ 198.724729][ T7058] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 198.736280][ T6801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 198.765785][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 198.774701][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 198.783290][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 198.792247][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 198.810369][ T7113] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.823796][ T6801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.856127][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 198.865412][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 198.875508][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 198.885291][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 198.894573][ T3364] bridge0: port 1(bridge_slave_0) entered blocking state [ 198.901962][ T3364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 198.909958][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 198.918683][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 198.927675][ T3364] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.934807][ T3364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.971085][ T2551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 198.979029][ T2551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 198.988738][ T2551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 198.999397][ T2551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 199.093109][ T6931] device veth0_macvtap entered promiscuous mode [ 199.116156][ T7240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.152167][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 199.167677][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 199.190800][ T6931] device veth1_macvtap entered promiscuous mode [ 199.246970][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 199.258795][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 199.284030][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 199.302084][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 199.321789][ C0] hrtimer: interrupt took 43385 ns [ 199.328482][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 04:13:16 executing program 0: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000300)={{{@in6=@loopback, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {}, {0x0, 0x0, 0x0, 0x2}}, {{@in6=@local}, 0x0, @in=@empty}}, 0xe8) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) [ 199.356062][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 199.379172][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 199.394637][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 199.442181][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 199.495558][ T7240] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.535668][ T7058] 8021q: adding VLAN 0 to HW filter on device batadv0 04:13:16 executing program 0: perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0) write$P9_RREADLINK(r0, &(0x7f0000000280)=ANY=[], 0x40) fcntl$setstatus(r0, 0x4, 0x4002) io_setup(0xb, &(0x7f0000000040)=0x0) io_submit(r1, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x200a00}]) [ 199.590487][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.600969][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.609466][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 199.650731][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 199.681345][ T7232] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.699117][ T6931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 199.712439][ T6931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.727904][ T6931] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 199.768641][ T7113] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 199.791765][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 199.821804][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 199.842858][ T3364] bridge0: port 1(bridge_slave_0) entered blocking state [ 199.850113][ T3364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 199.858767][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 199.868629][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 199.877899][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 199.887214][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 199.896283][ T3364] bridge0: port 2(bridge_slave_1) entered blocking state [ 199.903428][ T3364] bridge0: port 2(bridge_slave_1) entered forwarding state 04:13:16 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x80000000000004) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$jfs(&(0x7f0000000140)='jfs\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000840)=[{&(0x7f00000002c0), 0x0, 0x3}, {&(0x7f0000000340)}, {0x0, 0x0, 0x8000}], 0x1000000, &(0x7f0000000a40)={[{@integrity='integrity'}, {@iocharset={'iocharset', 0x3d, 'cp855'}}, {@discard_size={'discard', 0x3d, 0x5}}, {@gid={'gid'}}]}) [ 199.955344][ T6931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 199.968171][ T6931] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.001188][ T6931] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 200.040752][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.054033][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.066772][ T8075] JFS: discard option not supported on device [ 200.077923][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.095019][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 200.104846][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 200.117918][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 200.128584][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 200.140887][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.152153][ T7232] 8021q: adding VLAN 0 to HW filter on device team0 04:13:17 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x80000000000004) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$jfs(&(0x7f0000000140)='jfs\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x3, &(0x7f0000000840)=[{&(0x7f00000002c0), 0x0, 0x3}, {&(0x7f0000000340)}, {0x0, 0x0, 0x8000}], 0x1000000, &(0x7f0000000a40)={[{@integrity='integrity'}, {@iocharset={'iocharset', 0x3d, 'cp855'}}, {@discard_size={'discard', 0x3d, 0x5}}, {@gid={'gid'}}]}) [ 200.250752][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 200.281683][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.291462][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.301068][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 200.308599][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 200.316748][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 200.325783][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 200.335483][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 200.344772][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 200.354393][ T3364] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.361576][ T3364] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.373030][ T8083] JFS: discard option not supported on device [ 200.379552][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 200.389043][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 200.397909][ T3364] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.405081][ T3364] bridge0: port 2(bridge_slave_1) entered forwarding state [ 200.424286][ T7113] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 200.436412][ T7058] device veth0_vlan entered promiscuous mode 04:13:17 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(r0, &(0x7f0000000000), r1, 0x0, 0x2, 0x0) [ 200.474431][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.484186][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 200.517572][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 200.526902][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 200.536524][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 200.546607][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 04:13:17 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(r0, &(0x7f0000000000), r1, 0x0, 0x2, 0x0) [ 200.567000][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 200.602931][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 04:13:17 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(r0, &(0x7f0000000000), r1, 0x0, 0x2, 0x0) [ 200.613369][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 200.623880][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 200.633492][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 200.646835][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 200.715593][ T7058] device veth1_vlan entered promiscuous mode [ 200.740719][ T7240] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 200.790448][ T2551] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 200.809276][ T2551] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 200.819631][ T2551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 200.841034][ T2551] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 200.861264][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 200.869135][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 200.882930][ T3364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 200.937507][ T7058] device veth0_macvtap entered promiscuous mode [ 201.024142][ T2551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 201.033327][ T2551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 201.046151][ T7058] device veth1_macvtap entered promiscuous mode [ 201.091393][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 201.099480][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 201.117690][ T8098] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 201.125918][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 201.151465][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 201.168712][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 201.178667][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 201.202300][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 201.222998][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready 04:13:18 executing program 1: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f00000002c0)='./bus\x00') r0 = open(&(0x7f00009e1000)='./bus\x00', 0xc260, 0x0) fcntl$setlease(r0, 0x400, 0x0) [ 201.257817][ T7240] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.295182][ T7113] device veth0_vlan entered promiscuous mode [ 201.336568][ T3359] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 201.367541][ T3359] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 201.398080][ T3359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 201.422123][ T3359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 201.431751][ T3359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 201.440103][ T28] audit: type=1800 audit(1590207198.310:2): pid=8110 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="overlay" ino=15743 res=0 [ 201.464264][ T3359] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 201.464582][ T8110] overlayfs: filesystem on './file0' not supported as upperdir [ 201.483622][ T7058] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 201.498376][ T28] audit: type=1800 audit(1590207198.370:3): pid=8112 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="overlay" ino=15743 res=0 [ 201.503176][ T7058] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.527877][ T7058] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 201.538949][ T7058] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.553363][ T7058] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 201.569517][ T7113] device veth1_vlan entered promiscuous mode [ 201.592314][ T7232] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 201.602600][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 201.614630][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 201.628259][ T7058] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 201.640362][ T7058] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.652823][ T7058] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 201.679715][ T7058] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.713458][ T7058] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 201.750536][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 201.772643][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 201.798921][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 201.815606][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 201.846221][ T7232] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.927772][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 201.936400][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 201.950207][ T7113] device veth0_macvtap entered promiscuous mode [ 202.049961][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 202.068533][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 202.078766][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 202.098199][ T7113] device veth1_macvtap entered promiscuous mode [ 202.177182][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 202.195682][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 202.208902][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 202.225095][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 202.245884][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 202.259440][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.275365][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 202.287232][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.301256][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 202.314068][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 04:13:19 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f00000000c0)=r2) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="2000000011000d0400"/20, @ANYRES32=r5], 0x20}}, 0x0) [ 202.328062][ T7113] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 202.337788][ T7240] device veth0_vlan entered promiscuous mode [ 202.366938][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 202.375885][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 202.392155][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 202.403778][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.419308][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 202.431076][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.442248][ T7113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 202.454057][ T7113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.467454][ T7113] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 202.488053][ T7240] device veth1_vlan entered promiscuous mode [ 202.506285][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 202.515202][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 202.527485][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 202.597919][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 202.612930][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 202.622723][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 202.825214][ T7232] device veth0_vlan entered promiscuous mode [ 202.837817][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 202.859270][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 202.868498][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 202.878313][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 202.929450][ T7232] device veth1_vlan entered promiscuous mode [ 202.944857][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready 04:13:19 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) [ 202.976148][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 202.985328][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 203.015625][ T7240] device veth0_macvtap entered promiscuous mode [ 203.050641][ T7240] device veth1_macvtap entered promiscuous mode [ 203.107036][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 203.118242][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 203.127175][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 203.137064][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 203.147208][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 203.163214][ T7232] device veth0_macvtap entered promiscuous mode [ 203.178253][ T7240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 203.189831][ T7240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.202809][ T7240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 203.214543][ T7240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.224866][ T7240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 203.235991][ T7240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.247467][ T7240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 203.258132][ T7240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.270894][ T7240] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.278351][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 203.287559][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 203.296649][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 203.310534][ T7232] device veth1_macvtap entered promiscuous mode [ 203.322127][ T7240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 203.334161][ T7240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.344087][ T7240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 203.354915][ T7240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.364961][ T7240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 203.375595][ T7240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.385788][ T7240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 203.396621][ T7240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.408725][ T7240] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 203.422985][ T3363] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 203.435253][ T3363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 203.467316][ T7232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 203.478059][ T7232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.488504][ T7232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 203.499285][ T7232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.509289][ T7232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 203.519819][ T7232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.529719][ T7232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 203.540290][ T7232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.550766][ T7232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 203.562343][ T7232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.574740][ T7232] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 203.636258][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 203.645875][ T2481] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 203.659029][ T7232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 203.671450][ T7232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.682766][ T7232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 203.693287][ T7232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.703265][ T7232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 203.713750][ T7232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.723920][ T7232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 203.734440][ T7232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.744345][ T7232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 203.754838][ T7232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 203.766817][ T7232] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 203.819981][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 203.828707][ T2577] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 204.007804][ T8155] ptrace attach of "/root/syz-executor.5"[8150] was attempted by "/root/syz-executor.5"[8155] 04:13:21 executing program 4: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)={0x20000000}) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x0, 0xb8) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x800}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = socket(0x11, 0x80000, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYRES16=r4, @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x0) close(0xffffffffffffffff) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000080)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x8043}, 0x40) ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffffffe) 04:13:21 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(r0, &(0x7f0000000000), r1, 0x0, 0x2, 0x0) 04:13:21 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r2, 0x40084146, &(0x7f00000004c0)=0x4) r3 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0x40084146, &(0x7f00000004c0)=0x4) poll(&(0x7f0000000000)=[{r2, 0x200}, {r1, 0x4c}, {r3, 0xa0}, {r1, 0x4}, {0xffffffffffffffff, 0x2}, {0xffffffffffffffff, 0x42}, {0xffffffffffffffff, 0x20}, {r1, 0x2202}], 0x8, 0x1) 04:13:21 executing program 2: open(&(0x7f0000000200)='./file0\x00', 0x4008040, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f00000001c0)=0x40000000) 04:13:21 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:21 executing program 5: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000300)={{{@in6=@loopback, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {}, {0x0, 0x0, 0x0, 0x2}}, {{@in6=@local}, 0x0, @in=@empty}}, 0xe8) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) open(0x0, 0x0, 0x0) creat(0x0, 0x0) write$FUSE_NOTIFY_POLL(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x11) openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) 04:13:21 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:21 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r2, 0x40084146, &(0x7f00000004c0)=0x4) r3 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0x40084146, &(0x7f00000004c0)=0x4) poll(&(0x7f0000000000)=[{r2, 0x200}, {r1, 0x4c}, {r3, 0xa0}, {r1, 0x4}, {0xffffffffffffffff, 0x2}, {0xffffffffffffffff, 0x42}, {0xffffffffffffffff, 0x20}, {r1, 0x2202}], 0x8, 0x1) 04:13:21 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xd5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000006c0), 0x1591, 0x0, 0x0) [ 204.238932][ T8176] EXT4-fs warning (device sda1): ext4_group_extend:1805: will only finish group (524288 blocks, 256 new) [ 204.277847][ T8176] EXT4-fs warning (device sda1): ext4_group_extend:1811: can't read last block, resize aborted 04:13:21 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) splice(r0, &(0x7f0000000000), 0xffffffffffffffff, 0x0, 0x2, 0x0) 04:13:21 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) [ 204.328757][ T8181] EXT4-fs warning (device sda1): ext4_group_extend:1805: will only finish group (524288 blocks, 256 new) [ 204.352848][ T8181] EXT4-fs warning (device sda1): ext4_group_extend:1811: can't read last block, resize aborted 04:13:21 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) socket$key(0xf, 0x3, 0x2) r3 = creat(&(0x7f0000000100)='./file0\x00', 0x110) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) r4 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r4, 0x40084146, &(0x7f00000004c0)=0x4) dup(r4) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) close(r5) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r7}, 0x10) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000200)={0x0, 0x6, 0x4, 0x3, 0x5, 0xfc0, 0x1, 0xffff8000, r7}, 0x20) 04:13:21 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) 04:13:21 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) splice(r0, &(0x7f0000000000), 0xffffffffffffffff, 0x0, 0x2, 0x0) [ 204.502223][ T8195] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 04:13:21 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6gretap={{0xe, 0x1, 'ip6gretap\x00'}, {0x4}}}, @IFLA_LINKMODE={0x5}]}, 0x40}}, 0x0) 04:13:21 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) [ 204.680059][ T8205] BFS-fs: bfs_fill_super(): Last block not available on loop1: 8388589 04:13:21 executing program 4: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xd5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000006c0), 0x1591, 0x0, 0x0) 04:13:21 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) splice(r0, &(0x7f0000000000), 0xffffffffffffffff, 0x0, 0x2, 0x0) 04:13:21 executing program 5: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66731f66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r2, 0x48280) fcntl$setstatus(r1, 0x4, 0x6100) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x14507e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="caa86789284c22cf0fde9b01c9675d6fa5162bfa519c07c3aab5185b"], 0x87ffffc) 04:13:21 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:21 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) 04:13:21 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) socket$key(0xf, 0x3, 0x2) r3 = creat(&(0x7f0000000100)='./file0\x00', 0x110) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) r4 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r4, 0x40084146, &(0x7f00000004c0)=0x4) dup(r4) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) close(r5) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r7}, 0x10) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000200)={0x0, 0x6, 0x4, 0x3, 0x5, 0xfc0, 0x1, 0xffff8000, r7}, 0x20) 04:13:21 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:21 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(0xffffffffffffffff, &(0x7f0000000000), r0, 0x0, 0x2, 0x0) [ 204.990294][ T8230] FAT-fs (loop5): bogus number of FAT sectors 04:13:21 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(0xffffffffffffffff, &(0x7f0000000000), r0, 0x0, 0x2, 0x0) [ 205.045607][ T8230] FAT-fs (loop5): Can't find a valid FAT filesystem [ 205.060937][ T8235] BFS-fs: bfs_fill_super(): Last block not available on loop1: 8388589 [ 205.106242][ T28] audit: type=1800 audit(1590207201.980:4): pid=8240 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=15783 res=0 04:13:22 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:22 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(0xffffffffffffffff, &(0x7f0000000000), r0, 0x0, 0x2, 0x0) 04:13:22 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) socket$key(0xf, 0x3, 0x2) r3 = creat(&(0x7f0000000100)='./file0\x00', 0x110) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) r4 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r4, 0x40084146, &(0x7f00000004c0)=0x4) dup(r4) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) close(r5) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r7}, 0x10) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000200)={0x0, 0x6, 0x4, 0x3, 0x5, 0xfc0, 0x1, 0xffff8000, r7}, 0x20) [ 205.246393][ T8230] FAT-fs (loop5): bogus number of FAT sectors [ 205.261152][ T8230] FAT-fs (loop5): Can't find a valid FAT filesystem [ 205.305647][ T28] audit: type=1800 audit(1590207202.180:5): pid=8240 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=15768 res=0 04:13:22 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) open_by_handle_at(r2, &(0x7f00000000c0)={0x9, 0x2, "b3"}, 0x0) 04:13:22 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() getpid() ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) [ 205.359273][ T28] audit: type=1800 audit(1590207202.180:6): pid=8242 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=15768 res=0 04:13:22 executing program 5: prlimit64(0x0, 0x0, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66731f66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r2, 0x48280) fcntl$setstatus(r1, 0x4, 0x6100) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x14507e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="caa86789284c"], 0x87ffffc) 04:13:22 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) 04:13:22 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) socket$key(0xf, 0x3, 0x2) r3 = creat(&(0x7f0000000100)='./file0\x00', 0x110) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) r4 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r4, 0x40084146, &(0x7f00000004c0)=0x4) dup(r4) r5 = socket$inet(0x2, 0x4000000000000001, 0x0) close(r5) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r7}, 0x10) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000200)={0x0, 0x6, 0x4, 0x3, 0x5, 0xfc0, 0x1, 0xffff8000, r7}, 0x20) 04:13:22 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() getpid() ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:22 executing program 0: pipe(0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(0xffffffffffffffff, &(0x7f0000000000), r0, 0x0, 0x2, 0x0) 04:13:22 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66731f66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r2, 0x48280) fcntl$setstatus(r1, 0x4, 0x6100) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x14507e, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd0001000000c748b3222638074b54362ddd00000000051404f7ead1ef33adfdba08b8c5236b93b907ffed4e19c01dca5100"/87, @ANYRES32=0x0, @ANYBLOB="00000079abd1932a9ec8a3a63673a36d66b103e1fdbb4678731c44d5772a8b52f88132613f2ab9faa48e75b0508e2367018dc4479c6757b0a5622107e780a52d43a222d4aa8fa0c3e961e2401d5dbb22107ce4584d22a35c2ff5c7069779f3a8e888a8ac94312cdb43f7907ebfcf3dc4ad1f5e7577c5c2c9146439e6910c437a8213e177dfca08fb12f6c6a8343821e53d1f0ef245757971cedd16b8065042500017c0bab7265ba185fa61404145c500be7e57f2af455765c675c710da30fb915abbfcb8fe5e5a54f998aeb8ecb869537d7ddb529a8d66a4905586c9dd0d81d4841e2c90bd8fa2bf3802bf963edaae01ebd125510bbe75beac077af773d5d2a34b256e8369f68b0fcab87c7ee033997f53b635b59ac5aa1456d0b35e1dd734149dbcf541d744962b2bd0ece4c267760c3a6d4bce9b03000000cfa703a1a48b59700f8c902e46ae26e6e31185a19c07959edcb6bfc88c9e6bc124147521f6eb327231e35785951377c40b713a4f6854b02c428bef068f9494aa8fc9f99ddff40ef4fdc9360eb1bc2a25ac491f2bc9c7a23fe5662170feb55b3999b45b8b80a8438df19e183d854691a1f2b34352fed522c4265e4ece52f35d351a1676982ce0f2eb2c454b9df04b976179611f1be4deac0dd4c79a122f3d33e52bcce38808809820094c31af5cca2d79bf783bb87588d8c21bad663bbde2644cab2b605d0ca91b5c2417ab7c7bba5173b0bfddfd1d87ce6d257c0526fc051adaf783cb44e5f09899886b26ca746f8d2b392e0871bca6f1cb40c5ac1bf5ca80b934424deddfb547d8f9a38a25aa39752cac866986bb0faaf07ffeecd27bd736fa1a058ee5b17adbde605eb5f3648b4ee013640d"], 0x48}}, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="caa86789284c22cf0fde9b01c9675d6fa5162bfa519c07c3aab5185b564377a4d8db01fa19105de4a914f949be45b17d036106b7cbfd596ba72ed00cfa600b6f773514a025371e82eb9bfeace32715365dbf02436cfb771f47455269e16cb02ff09f"], 0x87ffffc) 04:13:22 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() getpid() ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) [ 205.540348][ T8269] BFS-fs: bfs_fill_super(): Last block not available on loop1: 8388589 04:13:22 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:22 executing program 0: pipe(0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(0xffffffffffffffff, &(0x7f0000000000), r0, 0x0, 0x2, 0x0) [ 205.632475][ T8281] FAT-fs (loop5): bogus number of FAT sectors [ 205.653385][ T8281] FAT-fs (loop5): Can't find a valid FAT filesystem 04:13:22 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) 04:13:22 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) socket$key(0xf, 0x3, 0x2) creat(&(0x7f0000000100)='./file0\x00', 0x110) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) r3 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0x40084146, &(0x7f00000004c0)=0x4) dup(r3) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) close(r4) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, r6}, 0x10) [ 205.682214][ T8287] FAT-fs (loop4): bogus number of FAT sectors [ 205.706947][ T8287] FAT-fs (loop4): Can't find a valid FAT filesystem 04:13:22 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) [ 205.752922][ T28] audit: type=1800 audit(1590207202.630:7): pid=8281 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=15765 res=0 [ 205.834820][ T28] audit: type=1800 audit(1590207202.630:8): pid=8281 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="bus" dev="sda1" ino=15765 res=0 [ 205.941372][ T8303] BFS-fs: bfs_fill_super(): Last block not available on loop1: 8388589 [ 205.957485][ T8295] FAT-fs (loop4): bogus number of FAT sectors [ 205.993074][ T8295] FAT-fs (loop4): Can't find a valid FAT filesystem [ 206.007487][ T28] audit: type=1800 audit(1590207202.690:9): pid=8295 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=15778 res=0 04:13:23 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:23 executing program 0: pipe(0x0) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(0xffffffffffffffff, &(0x7f0000000000), r0, 0x0, 0x2, 0x0) 04:13:23 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) socket$key(0xf, 0x3, 0x2) creat(&(0x7f0000000100)='./file0\x00', 0x110) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) r3 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0x40084146, &(0x7f00000004c0)=0x4) dup(r3) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) close(r4) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) 04:13:23 executing program 1: syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) 04:13:23 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) syz_open_procfs(0x0, 0x0) socket$rds(0x15, 0x5, 0x0) shutdown(r0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) syz_genetlink_get_family_id$batadv(0x0) socket(0x0, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, 0x0, 0x0) sendmsg$BATADV_CMD_GET_VLAN(0xffffffffffffffff, 0x0, 0x0) recvmmsg(r0, &(0x7f00000006c0), 0x1591, 0x0, 0x0) 04:13:23 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66731f66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r2, 0x48280) fcntl$setstatus(r1, 0x4, 0x6100) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x14507e, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd0001000000c748b3222638074b54362ddd00000000051404f7ead1ef33adfdba08b8c5236b93b907ffed4e19c01dca5100"/87, @ANYRES32=0x0, @ANYBLOB="00000079abd1932a9ec8a3a63673a36d66b103e1fdbb4678731c44d5772a8b52f88132613f2ab9faa48e75b0508e2367018dc4479c6757b0a5622107e780a52d43a222d4aa8fa0c3e961e2401d5dbb22107ce4584d22a35c2ff5c7069779f3a8e888a8ac94312cdb43f7907ebfcf3dc4ad1f5e7577c5c2c9146439e6910c437a8213e177dfca08fb12f6c6a8343821e53d1f0ef245757971cedd16b8065042500017c0bab7265ba185fa61404145c500be7e57f2af455765c675c710da30fb915abbfcb8fe5e5a54f998aeb8ecb869537d7ddb529a8d66a4905586c9dd0d81d4841e2c90bd8fa2bf3802bf963edaae01ebd125510bbe75beac077af773d5d2a34b256e8369f68b0fcab87c7ee033997f53b635b59ac5aa1456d0b35e1dd734149dbcf541d744962b2bd0ece4c267760c3a6d4bce9b03000000cfa703a1a48b59700f8c902e46ae26e6e31185a19c07959edcb6bfc88c9e6bc124147521f6eb327231e35785951377c40b713a4f6854b02c428bef068f9494aa8fc9f99ddff40ef4fdc9360eb1bc2a25ac491f2bc9c7a23fe5662170feb55b3999b45b8b80a8438df19e183d854691a1f2b34352fed522c4265e4ece52f35d351a1676982ce0f2eb2c454b9df04b976179611f1be4deac0dd4c79a122f3d33e52bcce38808809820094c31af5cca2d79bf783bb87588d8c21bad663bbde2644cab2b605d0ca91b5c2417ab7c7bba5173b0bfddfd1d87ce6d257c0526fc051adaf783cb44e5f09899886b26ca746f8d2b392e0871bca6f1cb40c5ac1bf5ca80b934424deddfb547d8f9a38a25aa39752cac866986bb0faaf07ffeecd27bd736fa1a058ee5b17adbde605eb5f3648b4ee013640d"], 0x48}}, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="caa86789284c22cf0fde9b01c9675d6fa5162bfa519c07c3aab5185b564377a4d8db01fa19105de4a914f949be45b17d036106b7cbfd596ba72ed00cfa600b6f773514a025371e82eb9bfeace32715365dbf02436cfb771f47455269e16cb02ff09f"], 0x87ffffc) [ 206.101732][ T28] audit: type=1800 audit(1590207202.700:10): pid=8287 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=15778 res=0 04:13:23 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:23 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) splice(r0, &(0x7f0000000000), r1, 0x0, 0x2, 0x0) [ 206.224010][ T28] audit: type=1800 audit(1590207202.860:11): pid=8310 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=15791 res=0 04:13:23 executing program 1: syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) 04:13:23 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) socket$key(0xf, 0x3, 0x2) creat(&(0x7f0000000100)='./file0\x00', 0x110) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) r3 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0x40084146, &(0x7f00000004c0)=0x4) dup(r3) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) close(r4) socket$inet6_sctp(0xa, 0x5, 0x84) [ 206.320095][ T8327] FAT-fs (loop4): bogus number of FAT sectors 04:13:23 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) [ 206.360734][ T8327] FAT-fs (loop4): Can't find a valid FAT filesystem 04:13:23 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) splice(r0, &(0x7f0000000000), r1, 0x0, 0x2, 0x0) [ 206.493286][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 206.493335][ T28] audit: type=1800 audit(1590207203.370:13): pid=8327 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=15774 res=0 04:13:23 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) socket$key(0xf, 0x3, 0x2) creat(&(0x7f0000000100)='./file0\x00', 0x110) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) r3 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0x40084146, &(0x7f00000004c0)=0x4) dup(r3) r4 = socket$inet(0x2, 0x4000000000000001, 0x0) close(r4) 04:13:23 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) splice(r0, &(0x7f0000000000), r1, 0x0, 0x2, 0x0) 04:13:23 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:23 executing program 1: syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) [ 206.663774][ T28] audit: type=1800 audit(1590207203.410:14): pid=8327 uid=0 auid=0 ses=4 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=15774 res=0 04:13:24 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) socket$key(0xf, 0x3, 0x2) creat(&(0x7f0000000100)='./file0\x00', 0x110) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) r3 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0x40084146, &(0x7f00000004c0)=0x4) dup(r3) socket$inet(0x2, 0x4000000000000001, 0x0) 04:13:24 executing program 0: pipe(&(0x7f0000000280)) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(0xffffffffffffffff, &(0x7f0000000000), r0, 0x0, 0x2, 0x0) 04:13:24 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0x20000000) 04:13:24 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x80000000000004) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = semget$private(0x0, 0x7, 0x0) semop(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x1800}, {0x3, 0xf2}, {0x3}], 0x3) semop(r2, &(0x7f0000000140)=[{0x0, 0x0, 0x1000}, {0x0, 0x3}], 0x2) 04:13:24 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) syz_open_procfs(0x0, 0x0) socket$rds(0x15, 0x5, 0x0) shutdown(r0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) syz_genetlink_get_family_id$batadv(0x0) socket(0x0, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, 0x0, 0x0) sendmsg$BATADV_CMD_GET_VLAN(0xffffffffffffffff, 0x0, 0x0) recvmmsg(r0, &(0x7f00000006c0), 0x1591, 0x0, 0x0) 04:13:24 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) 04:13:24 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0x20000000) 04:13:24 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) 04:13:24 executing program 0: pipe(&(0x7f0000000280)) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(0xffffffffffffffff, &(0x7f0000000000), r0, 0x0, 0x2, 0x0) 04:13:24 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0x20000000) 04:13:24 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) socket$key(0xf, 0x3, 0x2) creat(&(0x7f0000000100)='./file0\x00', 0x110) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) r3 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0x40084146, &(0x7f00000004c0)=0x4) dup(r3) 04:13:24 executing program 4: 04:13:24 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:24 executing program 0: pipe(&(0x7f0000000280)) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(0xffffffffffffffff, &(0x7f0000000000), r0, 0x0, 0x2, 0x0) 04:13:24 executing program 4: 04:13:24 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:24 executing program 5: 04:13:24 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) socket$key(0xf, 0x3, 0x2) creat(&(0x7f0000000100)='./file0\x00', 0x110) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) r3 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0x40084146, &(0x7f00000004c0)=0x4) 04:13:24 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) 04:13:24 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(r0, 0x0, r1, 0x0, 0x2, 0x0) 04:13:24 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:24 executing program 4: 04:13:24 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0200000000000000decb06b5b6c94b044900"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCFLSH(r1, 0x541b, 0x73b000) 04:13:24 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) socket$key(0xf, 0x3, 0x2) creat(&(0x7f0000000100)='./file0\x00', 0x110) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 04:13:24 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(r0, 0x0, r1, 0x0, 0x2, 0x0) 04:13:24 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xd5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shutdown(r0, 0x0) setxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='system.posix_acl_default\x00', &(0x7f0000000100)='lo/ppp0!%selfselfselinux\x00', 0x19, 0x3) dup(0xffffffffffffffff) connect$bt_rfcomm(0xffffffffffffffff, &(0x7f0000000000), 0xa) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000007580)='batadv\x00') r1 = socket(0x10, 0x0, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) recvmmsg(r0, &(0x7f00000006c0), 0x1591, 0x0, 0x0) 04:13:24 executing program 3: wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:24 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) 04:13:24 executing program 5: 04:13:25 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) socket$key(0xf, 0x3, 0x2) creat(&(0x7f0000000100)='./file0\x00', 0x110) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:25 executing program 3: wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:25 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(r0, 0x0, r1, 0x0, 0x2, 0x0) 04:13:25 executing program 5: 04:13:25 executing program 3: wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:25 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) 04:13:25 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:25 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(r0, &(0x7f0000000000), 0xffffffffffffffff, 0x0, 0x2, 0x0) 04:13:25 executing program 4: 04:13:25 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) socket$key(0xf, 0x3, 0x2) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:25 executing program 5: 04:13:25 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0xc102, 0x0) 04:13:25 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(r0, &(0x7f0000000000), 0xffffffffffffffff, 0x0, 0x2, 0x0) 04:13:26 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(r0, &(0x7f0000000000), 0xffffffffffffffff, 0x0, 0x2, 0x0) 04:13:26 executing program 4: 04:13:26 executing program 5: 04:13:26 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$ax25(0xffffffffffffffff, &(0x7f0000000240)={{}, [@remote, @default, @bcast, @remote, @null, @netrom, @null, @bcast]}, &(0x7f0000000000)=0x48) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:26 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xa}], 0xc102, 0x0) 04:13:26 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:26 executing program 4: 04:13:26 executing program 5: 04:13:26 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(r0, &(0x7f0000000000), r1, 0x0, 0x0, 0x0) 04:13:26 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) ioctl$sock_bt_hidp_HIDPCONNDEL(r2, 0x800448d2, &(0x7f0000000040)={@none}) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:26 executing program 4: 04:13:26 executing program 5: 04:13:26 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r2 = dup(r1) accept$netrom(r2, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:26 executing program 5: 04:13:26 executing program 4: 04:13:26 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(r0, &(0x7f0000000000), r1, 0x0, 0x0, 0x0) 04:13:26 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xa}], 0xc102, 0x0) 04:13:27 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:27 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) accept$netrom(0xffffffffffffffff, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:27 executing program 5: 04:13:27 executing program 4: 04:13:27 executing program 0: pipe(&(0x7f0000000280)={0xffffffffffffffff}) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0) splice(r0, &(0x7f0000000000), r1, 0x0, 0x0, 0x0) 04:13:27 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xa}], 0xc102, 0x0) 04:13:27 executing program 0: 04:13:27 executing program 4: 04:13:27 executing program 5: 04:13:27 executing program 0: 04:13:27 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) accept$netrom(0xffffffffffffffff, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:27 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xa}], 0xc102, 0x0) 04:13:28 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:28 executing program 5: 04:13:28 executing program 0: 04:13:28 executing program 4: 04:13:28 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) accept$netrom(0xffffffffffffffff, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:28 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xa}], 0xc102, 0x0) 04:13:28 executing program 5: 04:13:28 executing program 0: 04:13:28 executing program 4: 04:13:28 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:28 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = dup(0xffffffffffffffff) accept$netrom(r1, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:28 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xa}], 0xc102, 0x0) 04:13:28 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:28 executing program 5: 04:13:28 executing program 4: 04:13:28 executing program 0: 04:13:28 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:28 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = dup(0xffffffffffffffff) accept$netrom(r1, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:28 executing program 5: 04:13:28 executing program 4: 04:13:28 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0xc102, 0x0) 04:13:28 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:28 executing program 0: 04:13:28 executing program 4: 04:13:28 executing program 5: 04:13:28 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:28 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_REWIND(r0, 0x40084146, &(0x7f00000004c0)=0x4) r1 = dup(0xffffffffffffffff) accept$netrom(r1, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:28 executing program 0: 04:13:28 executing program 4: 04:13:28 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0xc102, 0x0) 04:13:28 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:28 executing program 5: 04:13:28 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) accept$netrom(r1, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:28 executing program 4: 04:13:28 executing program 0: 04:13:28 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:28 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) accept$netrom(r1, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:28 executing program 5: 04:13:28 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0xc102, 0x0) 04:13:28 executing program 4: 04:13:29 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:29 executing program 0: 04:13:29 executing program 5: 04:13:29 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x0, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:29 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) accept$netrom(r1, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:29 executing program 4: 04:13:29 executing program 5: 04:13:29 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000080), 0xc102, 0x0) 04:13:29 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x0, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:29 executing program 0: 04:13:29 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x0, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:29 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = dup(0xffffffffffffffff) accept$netrom(r0, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:29 executing program 5: 04:13:29 executing program 4: 04:13:29 executing program 0: 04:13:29 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, 0x0) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:29 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000080), 0xc102, 0x0) 04:13:29 executing program 5: 04:13:29 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = dup(0xffffffffffffffff) accept$netrom(r0, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:29 executing program 4: 04:13:29 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, 0x0) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:29 executing program 0: 04:13:29 executing program 5: 04:13:29 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, 0x0) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:29 executing program 2: syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r0 = dup(0xffffffffffffffff) accept$netrom(r0, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:29 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000080), 0xc102, 0x0) 04:13:29 executing program 4: 04:13:29 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0xffffffffffffffff, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:29 executing program 5: 04:13:29 executing program 4: 04:13:29 executing program 0: 04:13:29 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) dup(r0) accept$netrom(0xffffffffffffffff, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:29 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0xffffffffffffffff, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:29 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{0x0}], 0xc102, 0x0) 04:13:29 executing program 0: 04:13:29 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) dup(r0) accept$netrom(0xffffffffffffffff, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:29 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0xffffffffffffffff, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:29 executing program 5: 04:13:29 executing program 4: 04:13:30 executing program 0: 04:13:30 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:30 executing program 5: 04:13:30 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) dup(r0) accept$netrom(0xffffffffffffffff, &(0x7f0000000140)={{0x3, @bcast}, [@netrom, @rose, @rose, @netrom, @netrom, @netrom, @null, @default]}, &(0x7f00000001c0)=0x48) 04:13:30 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{0x0}], 0xc102, 0x0) 04:13:30 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:30 executing program 5: 04:13:30 executing program 4: 04:13:30 executing program 0: 04:13:30 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) accept$netrom(r1, 0x0, &(0x7f00000001c0)) 04:13:30 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:30 executing program 4: 04:13:30 executing program 5: 04:13:30 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:30 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{0x0}], 0xc102, 0x0) 04:13:30 executing program 0: 04:13:30 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x6) r1 = dup(r0) accept$netrom(r1, 0x0, 0x0) 04:13:30 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:30 executing program 4: 04:13:30 executing program 5: 04:13:30 executing program 0: 04:13:30 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, 0x0, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:30 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)}], 0xc102, 0x0) 04:13:30 executing program 5: 04:13:30 executing program 4: 04:13:30 executing program 2: 04:13:30 executing program 0: 04:13:30 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x0, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:30 executing program 5: 04:13:30 executing program 2: 04:13:30 executing program 0: 04:13:30 executing program 4: 04:13:30 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x0, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:30 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x0, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:30 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)}], 0xc102, 0x0) 04:13:30 executing program 5: 04:13:30 executing program 0: 04:13:31 executing program 2: 04:13:31 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:31 executing program 5: 04:13:31 executing program 0: 04:13:31 executing program 4: 04:13:31 executing program 2: 04:13:31 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)}], 0xc102, 0x0) 04:13:31 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:31 executing program 4: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x44b3c, 0x0) 04:13:31 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000340)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040), 0x4) sendmmsg$inet6(r0, &(0x7f0000003680)=[{{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f00000004c0)="1e", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000002040)=[{&(0x7f0000001e80)="03", 0x1}], 0x1}}], 0x2, 0x40880) 04:13:31 executing program 2: syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xfb, 0x9d, 0xe9, 0x40, 0x403, 0x7c90, 0x6f3d, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x94, 0xaa, 0xb5}}]}}]}}, 0x0) 04:13:31 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r1, 0x0) ioprio_set$uid(0x3, 0x0, 0x0) 04:13:31 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0x0) ptrace$pokeuser(0x6, r0, 0x388, 0x20000000) 04:13:31 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) getpid() r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0x20000000) 04:13:31 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb8", 0x5}], 0xc102, 0x0) 04:13:31 executing program 4: timer_create(0x0, &(0x7f0000066000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000040)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) rt_sigsuspend(&(0x7f0000000080), 0x8) 04:13:31 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='loginuid\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r4, 0x0, r0, 0x0, 0x400000006, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) write$binfmt_elf64(r5, &(0x7f0000000b40)=ANY=[], 0x17) 04:13:31 executing program 0: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = eventfd2(0x0, 0x0) r1 = dup(r0) read$FUSE(r1, &(0x7f0000002280), 0x853) 04:13:31 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) getpid() r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0x20000000) 04:13:31 executing program 0: mkdir(&(0x7f0000000200)='./bus\x00', 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mount$overlay(0x400002, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './bus'}, 0x22}]}) 04:13:31 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb8", 0x5}], 0xc102, 0x0) 04:13:31 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) getpid() r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xb8) ptrace$pokeuser(0x6, 0x0, 0x388, 0x20000000) [ 214.829610][ T3363] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 214.914787][ T8865] overlayfs: missing 'workdir' [ 214.944071][ T8869] overlayfs: missing 'workdir' [ 215.239967][ T3363] usb 3-1: New USB device found, idVendor=0403, idProduct=7c90, bcdDevice=6f.3d [ 215.249887][ T3363] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.269010][ T3363] usb 3-1: config 0 descriptor?? [ 215.316026][ T3363] usb 3-1: Ignoring serial port reserved for JTAG [ 215.526415][ T3363] usb 3-1: USB disconnect, device number 2 [ 216.299437][ T3358] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 216.709460][ T3358] usb 3-1: New USB device found, idVendor=0403, idProduct=7c90, bcdDevice=6f.3d [ 216.718740][ T3358] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.729429][ T3358] usb 3-1: config 0 descriptor?? [ 216.781314][ T3358] usb 3-1: Ignoring serial port reserved for JTAG 04:13:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "000000eaff0100"}) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TCXONC(r1, 0x540a, 0x3) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r3 = syz_open_pts(0xffffffffffffffff, 0x0) dup3(r3, 0xffffffffffffffff, 0x0) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000000)={0x0, 0xc6e0, 0x0, 0x0, 0x0, "4b3fe1fbe321c54e"}) 04:13:33 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x8a002, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000780)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f8000003000000300300009802000000e2ffffff00000000000000000000009802000098020000a10200009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000c10000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000000000000000000002726f73653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002100000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001300000000000000000000fcffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000400000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400700098000000000000000000000000000000ecff000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet_SIOCSIFADDR(r6, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7, 0x0, @local}}) write$tun(r0, &(0x7f0000000180)={@void, @val={0x3}, @mpls={[], @ipv4=@dccp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x84, 0x0, @dev, @local}, {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "f426e6", 0x6, "c80005"}}}}}, 0x2e) 04:13:33 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x0, 0x20000000) 04:13:33 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb8", 0x5}], 0xc102, 0x0) 04:13:33 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3, 0x0, "000000eaff0100"}) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) read(r0, &(0x7f0000000000)=""/28, 0x1c) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "000000eaff0100"}) syz_open_pts(0xffffffffffffffff, 0x0) poll(&(0x7f0000000300)=[{}, {0xffffffffffffffff, 0x6000}, {r0}, {}], 0x4, 0x0) 04:13:33 executing program 4: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010580413500000000000010902240001000000000904000049030000000921b3e0db7222dc0109058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x0, 0x0, &(0x7f00000006c0)={0x0, 0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="04000c000107100229968100f913f779d4f89d896246db63e41bf114701e378dfcebbd44523cff637804ed45901f37ffe3832b51030748a3bf41caa835482d7d6a12182a3934471abd8fcebf52c7c695b16c2a35c03222185083e3"]}) syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="0003b803"], 0x0, 0x0, 0x0, 0x0}, 0x0) [ 216.999701][ T3358] usb 3-1: USB disconnect, device number 3 04:13:33 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x0, 0x20000000) [ 217.085280][ T8913] xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables 04:13:34 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c0000", 0x8}], 0xc102, 0x0) 04:13:34 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x0, 0x20000000) 04:13:34 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x0) [ 217.379328][ T3363] usb 5-1: new high-speed USB device number 2 using dummy_hcd 04:13:34 executing program 1: sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xffffffffffffff3d}}, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c0000", 0x8}], 0xc102, 0x0) 04:13:34 executing program 3: clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) r0 = getpid() r1 = getpid() r2 = getpid() rt_tgsigqueueinfo(r2, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xb8) ptrace$pokeuser(0x6, r0, 0x388, 0x0) [ 217.619404][ T3363] usb 5-1: Using ep0 maxpacket: 16 [ 217.749689][ T3363] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 73, using maximum allowed: 30 [ 217.783247][ T3363] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.826355][ T3363] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.868154][ T3363] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 73 [ 217.903323][ T3363] usb 5-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 217.939228][ T3363] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.951675][ T3363] usb 5-1: config 0 descriptor?? 04:13:35 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x3d, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3, 0x0, "000000eaff0100"}) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) read(r0, &(0x7f0000000000)=""/28, 0x1c) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "000000eaff0100"}) syz_open_pts(0xffffffffffffffff, 0x0) poll(&(0x7f0000000300)=[{}, {0xffffffffffffffff, 0x6000}, {r0}, {}], 0x4, 0x0) [ 218.467926][ T3363] input: HID 0458:5013 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5013.0001/input/input5 [ 218.543754][ T3363] input: HID 0458:5013 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5013.0001/input/input6 [ 218.677906][ T3363] kye 0003:0458:5013.0001: input,hiddev96,hidraw0: USB HID ve0.b3 Device [HID 0458:5013] on usb-dummy_hcd.4-1/input0 [ 218.701964][ T3363] usb 5-1: USB disconnect, device number 2 [ 218.722538][ T3363] ================================================================== [ 218.732162][ T3363] BUG: KASAN: use-after-free in __mutex_lock+0x1033/0x13c0 [ 218.741889][ T3363] Read of size 8 at addr ffff8880a92a1150 by task kworker/0:9/3363 [ 218.752116][ T3363] [ 218.754460][ T3363] CPU: 0 PID: 3363 Comm: kworker/0:9 Not tainted 5.7.0-rc6-next-20200522-syzkaller #0 [ 218.764022][ T3363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.774297][ T3363] Workqueue: usb_hub_wq hub_event [ 218.779340][ T3363] Call Trace: [ 218.782646][ T3363] dump_stack+0x18f/0x20d [ 218.787943][ T3363] ? __mutex_lock+0x1033/0x13c0 [ 218.792887][ T3363] ? __mutex_lock+0x1033/0x13c0 [ 218.798008][ T3363] print_address_description.constprop.0.cold+0xd3/0x413 [ 218.805145][ T3363] ? mousedev_destroy+0x20/0xa0 [ 218.810093][ T3363] ? __input_unregister_device+0x1b0/0x430 [ 218.815912][ T3363] ? input_unregister_device+0xb4/0xf0 [ 218.821392][ T3363] ? hidinput_disconnect+0x15e/0x3d0 [ 218.826692][ T3363] ? hid_disconnect+0x13f/0x1a0 [ 218.831556][ T3363] ? vprintk_func+0x97/0x1a6 [ 218.836165][ T3363] ? __mutex_lock+0x1033/0x13c0 [ 218.841113][ T3363] kasan_report.cold+0x1f/0x37 [ 218.845891][ T3363] ? __mutex_lock+0x1033/0x13c0 [ 218.850766][ T3363] __mutex_lock+0x1033/0x13c0 [ 218.855466][ T3363] ? print_usage_bug+0x240/0x240 [ 218.860412][ T3363] ? mousedev_cleanup+0x21/0x180 [ 218.865456][ T3363] ? trace_hardirqs_off+0x50/0x220 [ 218.871034][ T3363] ? mutex_trylock+0x2c0/0x2c0 [ 218.876507][ T3363] ? mark_held_locks+0x9f/0xe0 [ 218.881290][ T3363] ? kfree+0x1eb/0x2b0 [ 218.885367][ T3363] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 218.891362][ T3363] ? kfree_const+0x51/0x60 [ 218.895791][ T3363] ? dev_attr_show+0x90/0x90 [ 218.900397][ T3363] ? mousedev_cleanup+0x21/0x180 [ 218.905567][ T3363] mousedev_cleanup+0x21/0x180 [ 218.910457][ T3363] mousedev_destroy+0x28/0xa0 [ 218.915148][ T3363] __input_unregister_device+0x1b0/0x430 [ 218.921603][ T3363] input_unregister_device+0xb4/0xf0 [ 218.926904][ T3363] hidinput_disconnect+0x15e/0x3d0 [ 218.932308][ T3363] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 218.939731][ T3363] hid_disconnect+0x13f/0x1a0 [ 218.945301][ T3363] hid_device_remove+0x186/0x240 [ 218.952171][ T3363] ? hid_compare_device_paths+0xc0/0xc0 [ 218.957724][ T3363] device_release_driver_internal+0x231/0x500 [ 218.964022][ T3363] bus_remove_device+0x2dc/0x4a0 [ 218.968986][ T3363] device_del+0x481/0xd30 [ 218.973335][ T3363] ? device_link_add_missing_supplier_links+0x370/0x370 [ 218.980287][ T3363] ? mark_held_locks+0x9f/0xe0 [ 218.985677][ T3363] ? _raw_spin_unlock_irq+0x1f/0x80 [ 218.991505][ T3363] hid_destroy_device+0xe1/0x150 [ 218.996457][ T3363] usbhid_disconnect+0x9f/0xe0 [ 219.001369][ T3363] usb_unbind_interface+0x1bd/0x8a0 [ 219.007460][ T3363] ? __pm_runtime_idle+0xd1/0x320 [ 219.013717][ T3363] ? usb_autoresume_device+0x60/0x60 [ 219.019805][ T3363] device_release_driver_internal+0x432/0x500 [ 219.025896][ T3363] bus_remove_device+0x2dc/0x4a0 [ 219.030861][ T3363] device_del+0x481/0xd30 [ 219.035472][ T3363] ? device_link_add_missing_supplier_links+0x370/0x370 [ 219.043320][ T3363] ? usb_remove_ep_devs+0x3e/0x80 [ 219.049255][ T3363] ? remove_intf_ep_devs+0x13f/0x1d0 [ 219.055340][ T3363] usb_disable_device+0x211/0x690 [ 219.060388][ T3363] usb_disconnect+0x284/0x8d0 [ 219.065096][ T3363] hub_event+0x17ca/0x38f0 [ 219.069554][ T3363] ? hub_port_debounce+0x260/0x260 [ 219.075138][ T3363] ? usermodehelper_read_trylock+0xf0/0x2d0 [ 219.081092][ T3363] ? debug_smp_processor_id+0x2f/0x185 [ 219.086657][ T3363] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 219.092215][ T3363] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 219.098480][ T3363] process_one_work+0x965/0x16a0 [ 219.103537][ T3363] ? lock_release+0x800/0x800 [ 219.108314][ T3363] ? pwq_dec_nr_in_flight+0x310/0x310 [ 219.113702][ T3363] ? rwlock_bug.part.0+0x90/0x90 [ 219.118659][ T3363] worker_thread+0x7ab/0xe20 [ 219.123275][ T3363] ? process_one_work+0x16a0/0x16a0 [ 219.128487][ T3363] kthread+0x3b5/0x4a0 [ 219.132927][ T3363] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 219.138666][ T3363] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 219.144508][ T3363] ret_from_fork+0x24/0x30 [ 219.149335][ T3363] [ 219.151859][ T3363] Allocated by task 3363: [ 219.156223][ T3363] save_stack+0x1b/0x40 [ 219.160386][ T3363] __kasan_kmalloc.constprop.0+0xbf/0xd0 [ 219.166120][ T3363] kmem_cache_alloc_trace+0x153/0x7d0 [ 219.172659][ T3363] mousedev_create+0x90/0xa20 [ 219.177342][ T3363] mousedev_connect+0x20/0x280 [ 219.182118][ T3363] input_attach_handler+0x194/0x200 [ 219.188421][ T3363] input_register_device.cold+0xf5/0x246 [ 219.194040][ T3363] hidinput_connect+0x4f8f/0xdb30 [ 219.199652][ T3363] hid_connect+0x96b/0xbc0 [ 219.204133][ T3363] hid_hw_start+0xa2/0x130 [ 219.208554][ T3363] kye_probe+0x44/0x536 [ 219.212793][ T3363] hid_device_probe+0x2be/0x3f0 [ 219.217637][ T3363] really_probe+0x281/0x6d0 [ 219.222236][ T3363] driver_probe_device+0xfe/0x1d0 [ 219.227244][ T3363] __device_attach_driver+0x1c2/0x220 [ 219.232609][ T3363] bus_for_each_drv+0x162/0x1e0 [ 219.237612][ T3363] __device_attach+0x21a/0x360 [ 219.242377][ T3363] bus_probe_device+0x1e4/0x290 [ 219.248107][ T3363] device_add+0xaf1/0x1900 [ 219.252517][ T3363] hid_add_device+0x33c/0x9a0 [ 219.257178][ T3363] usbhid_probe+0xac8/0xff0 [ 219.261670][ T3363] usb_probe_interface+0x305/0x7a0 [ 219.266770][ T3363] really_probe+0x281/0x6d0 [ 219.271366][ T3363] driver_probe_device+0xfe/0x1d0 [ 219.276370][ T3363] __device_attach_driver+0x1c2/0x220 [ 219.282109][ T3363] bus_for_each_drv+0x162/0x1e0 [ 219.287754][ T3363] __device_attach+0x21a/0x360 [ 219.292521][ T3363] bus_probe_device+0x1e4/0x290 [ 219.297354][ T3363] device_add+0xaf1/0x1900 [ 219.301887][ T3363] usb_set_configuration+0xec5/0x1740 [ 219.307269][ T3363] usb_generic_driver_probe+0x9d/0xe0 [ 219.313319][ T3363] usb_probe_device+0xc6/0x1f0 [ 219.318168][ T3363] really_probe+0x281/0x6d0 [ 219.322652][ T3363] driver_probe_device+0xfe/0x1d0 [ 219.327653][ T3363] __device_attach_driver+0x1c2/0x220 [ 219.333128][ T3363] bus_for_each_drv+0x162/0x1e0 [ 219.337974][ T3363] __device_attach+0x21a/0x360 [ 219.343671][ T3363] bus_probe_device+0x1e4/0x290 [ 219.348619][ T3363] device_add+0xaf1/0x1900 [ 219.353051][ T3363] usb_new_device.cold+0x753/0x103d [ 219.358229][ T3363] hub_event+0x1eca/0x38f0 [ 219.362699][ T3363] process_one_work+0x965/0x16a0 [ 219.368746][ T3363] worker_thread+0x96/0xe20 [ 219.373304][ T3363] kthread+0x3b5/0x4a0 [ 219.377509][ T3363] ret_from_fork+0x24/0x30 [ 219.382020][ T3363] [ 219.384419][ T3363] Freed by task 3363: [ 219.388382][ T3363] save_stack+0x1b/0x40 [ 219.393306][ T3363] __kasan_slab_free+0xf7/0x140 [ 219.398135][ T3363] kfree+0x109/0x2b0 [ 219.402278][ T3363] device_release+0x71/0x200 [ 219.406866][ T3363] kobject_put+0x1c8/0x2f0 [ 219.411288][ T3363] cdev_device_del+0x69/0x80 [ 219.415889][ T3363] mousedev_destroy+0x20/0xa0 [ 219.420696][ T3363] __input_unregister_device+0x1b0/0x430 [ 219.426424][ T3363] input_unregister_device+0xb4/0xf0 [ 219.431777][ T3363] hidinput_disconnect+0x15e/0x3d0 [ 219.437103][ T3363] hid_disconnect+0x13f/0x1a0 [ 219.442763][ T3363] hid_device_remove+0x186/0x240 [ 219.447712][ T3363] device_release_driver_internal+0x231/0x500 [ 219.453761][ T3363] bus_remove_device+0x2dc/0x4a0 [ 219.458966][ T3363] device_del+0x481/0xd30 [ 219.463318][ T3363] hid_destroy_device+0xe1/0x150 [ 219.468246][ T3363] usbhid_disconnect+0x9f/0xe0 [ 219.473189][ T3363] usb_unbind_interface+0x1bd/0x8a0 [ 219.479551][ T3363] device_release_driver_internal+0x432/0x500 [ 219.486058][ T3363] bus_remove_device+0x2dc/0x4a0 [ 219.491547][ T3363] device_del+0x481/0xd30 [ 219.496222][ T3363] usb_disable_device+0x211/0x690 [ 219.501661][ T3363] usb_disconnect+0x284/0x8d0 [ 219.506621][ T3363] hub_event+0x17ca/0x38f0 [ 219.511267][ T3363] process_one_work+0x965/0x16a0 [ 219.516509][ T3363] worker_thread+0x7ab/0xe20 [ 219.521089][ T3363] kthread+0x3b5/0x4a0 [ 219.525171][ T3363] ret_from_fork+0x24/0x30 [ 219.529578][ T3363] [ 219.531890][ T3363] The buggy address belongs to the object at ffff8880a92a1000 [ 219.531890][ T3363] which belongs to the cache kmalloc-2k of size 2048 [ 219.545982][ T3363] The buggy address is located 336 bytes inside of [ 219.545982][ T3363] 2048-byte region [ffff8880a92a1000, ffff8880a92a1800) [ 219.559491][ T3363] The buggy address belongs to the page: [ 219.565123][ T3363] page:ffffea0002a4a840 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 [ 219.574228][ T3363] flags: 0xfffe0000000200(slab) [ 219.579322][ T3363] raw: 00fffe0000000200 ffffea00025faf48 ffffea00029fa548 ffff8880aa000e00 [ 219.588060][ T3363] raw: 0000000000000000 ffff8880a92a1000 0000000100000001 0000000000000000 [ 219.596635][ T3363] page dumped because: kasan: bad access detected [ 219.603023][ T3363] [ 219.605346][ T3363] Memory state around the buggy address: [ 219.611075][ T3363] ffff8880a92a1000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 219.619560][ T3363] ffff8880a92a1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 219.627622][ T3363] >ffff8880a92a1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 219.635670][ T3363] ^ [ 219.646266][ T3363] ffff8880a92a1180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 219.654321][ T3363] ffff8880a92a1200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 219.662373][ T3363] ================================================================== [ 219.670408][ T3363] Disabling lock debugging due to kernel taint [ 219.691723][ T3363] Kernel panic - not syncing: panic_on_warn set ... [ 219.698343][ T3363] CPU: 0 PID: 3363 Comm: kworker/0:9 Tainted: G B 5.7.0-rc6-next-20200522-syzkaller #0 [ 219.709612][ T3363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.719681][ T3363] Workqueue: usb_hub_wq hub_event [ 219.724705][ T3363] Call Trace: [ 219.728169][ T3363] dump_stack+0x18f/0x20d [ 219.732504][ T3363] ? __mutex_lock+0xf50/0x13c0 [ 219.737453][ T3363] panic+0x2e3/0x75c [ 219.741350][ T3363] ? __warn_printk+0xf3/0xf3 [ 219.745946][ T3363] ? preempt_schedule_common+0x5e/0xc0 [ 219.751406][ T3363] ? __mutex_lock+0x1033/0x13c0 [ 219.756270][ T3363] ? __mutex_lock+0x1033/0x13c0 [ 219.761145][ T3363] ? preempt_schedule_thunk+0x16/0x18 [ 219.766518][ T3363] ? trace_hardirqs_on+0x55/0x230 [ 219.771542][ T3363] ? __mutex_lock+0x1033/0x13c0 [ 219.776389][ T3363] ? __mutex_lock+0x1033/0x13c0 [ 219.781239][ T3363] end_report+0x4d/0x53 [ 219.785397][ T3363] kasan_report.cold+0xd/0x37 [ 219.790083][ T3363] ? __mutex_lock+0x1033/0x13c0 [ 219.794934][ T3363] __mutex_lock+0x1033/0x13c0 [ 219.799621][ T3363] ? print_usage_bug+0x240/0x240 [ 219.804560][ T3363] ? mousedev_cleanup+0x21/0x180 [ 219.809505][ T3363] ? trace_hardirqs_off+0x50/0x220 [ 219.814618][ T3363] ? mutex_trylock+0x2c0/0x2c0 [ 219.819381][ T3363] ? mark_held_locks+0x9f/0xe0 [ 219.824177][ T3363] ? kfree+0x1eb/0x2b0 [ 219.828249][ T3363] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 219.834324][ T3363] ? kfree_const+0x51/0x60 [ 219.838782][ T3363] ? dev_attr_show+0x90/0x90 [ 219.843385][ T3363] ? mousedev_cleanup+0x21/0x180 [ 219.849305][ T3363] mousedev_cleanup+0x21/0x180 [ 219.854060][ T3363] mousedev_destroy+0x28/0xa0 [ 219.858727][ T3363] __input_unregister_device+0x1b0/0x430 [ 219.864444][ T3363] input_unregister_device+0xb4/0xf0 [ 219.869752][ T3363] hidinput_disconnect+0x15e/0x3d0 [ 219.874979][ T3363] ? kernfs_remove_by_name_ns+0x62/0xb0 [ 219.880986][ T3363] hid_disconnect+0x13f/0x1a0 [ 219.885876][ T3363] hid_device_remove+0x186/0x240 [ 219.890811][ T3363] ? hid_compare_device_paths+0xc0/0xc0 [ 219.896534][ T3363] device_release_driver_internal+0x231/0x500 [ 219.902594][ T3363] bus_remove_device+0x2dc/0x4a0 [ 219.907603][ T3363] device_del+0x481/0xd30 [ 219.911943][ T3363] ? device_link_add_missing_supplier_links+0x370/0x370 [ 219.918862][ T3363] ? mark_held_locks+0x9f/0xe0 [ 219.923626][ T3363] ? _raw_spin_unlock_irq+0x1f/0x80 [ 219.928809][ T3363] hid_destroy_device+0xe1/0x150 [ 219.933737][ T3363] usbhid_disconnect+0x9f/0xe0 [ 219.938494][ T3363] usb_unbind_interface+0x1bd/0x8a0 [ 219.943701][ T3363] ? __pm_runtime_idle+0xd1/0x320 [ 219.948708][ T3363] ? usb_autoresume_device+0x60/0x60 [ 219.953988][ T3363] device_release_driver_internal+0x432/0x500 [ 219.960736][ T3363] bus_remove_device+0x2dc/0x4a0 [ 219.965660][ T3363] device_del+0x481/0xd30 [ 219.969984][ T3363] ? device_link_add_missing_supplier_links+0x370/0x370 [ 219.977047][ T3363] ? usb_remove_ep_devs+0x3e/0x80 [ 219.982055][ T3363] ? remove_intf_ep_devs+0x13f/0x1d0 [ 219.987916][ T3363] usb_disable_device+0x211/0x690 [ 219.992928][ T3363] usb_disconnect+0x284/0x8d0 [ 219.997762][ T3363] hub_event+0x17ca/0x38f0 [ 220.002168][ T3363] ? hub_port_debounce+0x260/0x260 [ 220.007284][ T3363] ? usermodehelper_read_trylock+0xf0/0x2d0 [ 220.013180][ T3363] ? debug_smp_processor_id+0x2f/0x185 [ 220.018753][ T3363] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 220.024289][ T3363] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 220.031137][ T3363] process_one_work+0x965/0x16a0 [ 220.036065][ T3363] ? lock_release+0x800/0x800 [ 220.040816][ T3363] ? pwq_dec_nr_in_flight+0x310/0x310 [ 220.046168][ T3363] ? rwlock_bug.part.0+0x90/0x90 [ 220.051103][ T3363] worker_thread+0x7ab/0xe20 [ 220.055872][ T3363] ? process_one_work+0x16a0/0x16a0 [ 220.061050][ T3363] kthread+0x3b5/0x4a0 [ 220.065098][ T3363] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 220.070806][ T3363] ? kthread_mod_delayed_work+0x1a0/0x1a0 [ 220.076617][ T3363] ret_from_fork+0x24/0x30 [ 220.082388][ T3363] Kernel Offset: disabled [ 220.086738][ T3363] Rebooting in 86400 seconds..