last executing test programs: 2.599594023s ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer', 0x800, 0x0) 2.578243227s ago: executing program 4: rt_sigreturn() 2.008815493s ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/iommu', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/iommu', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/iommu', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/iommu', 0x800, 0x0) 1.981797648s ago: executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp1', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp1', 0x800, 0x0) 1.896513751s ago: executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram', 0x800, 0x0) 1.891383951s ago: executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ocfs2_control', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ocfs2_control', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ocfs2_control', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ocfs2_control', 0x800, 0x0) 1.467973486s ago: executing program 4: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.459272138s ago: executing program 2: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 1.158525853s ago: executing program 4: rt_sigpending(&(0x7f0000000000), 0x0) 1.099033173s ago: executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log', 0x0, 0x0) 1.068604307s ago: executing program 1: map_shadow_stack(0x0, 0x0, 0x0) 1.067305687s ago: executing program 2: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 421.463456ms ago: executing program 1: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 411.792628ms ago: executing program 2: mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 285.891297ms ago: executing program 3: syz_open_dev$sndhw(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x29, 0x800) 272.905549ms ago: executing program 0: syz_open_dev$sndpcmc(&(0x7f0000000040), 0x2, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x2, 0x1) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x2, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000100), 0x2, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000140), 0xc, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180), 0xc, 0x1) syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xc, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000200), 0xc, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000240), 0x16, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000280), 0x16, 0x1) syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x16, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000300), 0x16, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000340), 0x20, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000380), 0x20, 0x1) syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x20, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000400), 0x20, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2a, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2a, 0x1) syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2a, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2a, 0x800) 267.53424ms ago: executing program 3: syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x0) syz_open_dev$sndmidi(&(0x7f0000000080), 0x2, 0x1) syz_open_dev$sndmidi(&(0x7f00000000c0), 0x2, 0x2) syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x800) syz_open_dev$sndmidi(&(0x7f0000000140), 0xc, 0x0) syz_open_dev$sndmidi(&(0x7f0000000180), 0xc, 0x1) syz_open_dev$sndmidi(&(0x7f00000001c0), 0xc, 0x2) syz_open_dev$sndmidi(&(0x7f0000000200), 0xc, 0x800) syz_open_dev$sndmidi(&(0x7f0000000240), 0x16, 0x0) syz_open_dev$sndmidi(&(0x7f0000000280), 0x16, 0x1) syz_open_dev$sndmidi(&(0x7f00000002c0), 0x16, 0x2) syz_open_dev$sndmidi(&(0x7f0000000300), 0x16, 0x800) syz_open_dev$sndmidi(&(0x7f0000000340), 0x20, 0x0) syz_open_dev$sndmidi(&(0x7f0000000380), 0x20, 0x1) syz_open_dev$sndmidi(&(0x7f00000003c0), 0x20, 0x2) syz_open_dev$sndmidi(&(0x7f0000000400), 0x20, 0x800) syz_open_dev$sndmidi(&(0x7f0000000440), 0x2a, 0x0) syz_open_dev$sndmidi(&(0x7f0000000480), 0x2a, 0x1) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2a, 0x2) syz_open_dev$sndmidi(&(0x7f0000000500), 0x2a, 0x800) 248.390342ms ago: executing program 0: syz_open_dev$usbfs(&(0x7f0000000040), 0x2, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x2, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x2, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x2, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xc, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xc, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xc, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xc, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x16, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x16, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x16, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x16, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x20, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x20, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x20, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x20, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x2a, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x2a, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x2a, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x2a, 0x800) 224.447586ms ago: executing program 0: syz_open_dev$sndhw(&(0x7f0000000040), 0x2, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x2, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x2, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x2, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xc, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xc, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xc, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xc, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x16, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x16, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x16, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x16, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x20, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x20, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x20, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x20, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x2a, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x2a, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x2a, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x2a, 0x800) 201.27256ms ago: executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2b, 0x800) 171.288044ms ago: executing program 1: syz_open_dev$sndpcmp(&(0x7f0000000040), 0x1, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x1, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x1, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xb, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xb, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xb, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xb, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x15, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x15, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x15, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x15, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x1f, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x1f, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x1f, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x1f, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x29, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x29, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x29, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x29, 0x800) 170.105605ms ago: executing program 0: syz_open_dev$sndmidi(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$sndmidi(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$sndmidi(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$sndmidi(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$sndmidi(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$sndmidi(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$sndmidi(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$sndmidi(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$sndmidi(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$sndmidi(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$sndmidi(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$sndmidi(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$sndmidi(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$sndmidi(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$sndmidi(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$sndmidi(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$sndmidi(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$sndmidi(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$sndmidi(&(0x7f0000000500), 0x2b, 0x800) 164.502655ms ago: executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$sndpcmc(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$sndpcmc(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$sndpcmc(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$sndpcmc(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000500), 0x2c, 0x800) 155.541996ms ago: executing program 0: syz_open_dev$sndhw(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x2b, 0x800) 147.511738ms ago: executing program 3: syz_open_dev$sndmidi(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$sndmidi(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$sndmidi(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$sndmidi(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$sndmidi(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$sndmidi(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$sndmidi(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$sndmidi(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$sndmidi(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$sndmidi(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$sndmidi(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$sndmidi(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$sndmidi(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$sndmidi(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$sndmidi(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$sndmidi(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$sndmidi(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$sndmidi(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$sndmidi(&(0x7f0000000500), 0x2c, 0x800) 135.101469ms ago: executing program 1: syz_open_dev$sndpcmp(&(0x7f0000000040), 0x2, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x2, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x2, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x2, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xc, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xc, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xc, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xc, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x16, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x16, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x16, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x16, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x20, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x20, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x20, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x20, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x2a, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x2a, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x2a, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x2a, 0x800) 128.644881ms ago: executing program 3: syz_open_dev$sndhw(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$sndhw(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$sndhw(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$sndhw(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$sndhw(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$sndhw(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$sndhw(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$sndhw(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$sndhw(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$sndhw(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$sndhw(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$sndhw(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$sndhw(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$sndhw(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$sndhw(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$sndhw(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$sndhw(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$sndhw(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$sndhw(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$sndhw(&(0x7f0000000500), 0x2c, 0x800) 93.913646ms ago: executing program 0: syz_open_dev$sndpcmp(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x2b, 0x800) 1.49464ms ago: executing program 2: syz_open_dev$usbfs(&(0x7f0000000040), 0x3, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x3, 0x1) syz_open_dev$usbfs(&(0x7f00000000c0), 0x3, 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x3, 0x800) syz_open_dev$usbfs(&(0x7f0000000140), 0xd, 0x0) syz_open_dev$usbfs(&(0x7f0000000180), 0xd, 0x1) syz_open_dev$usbfs(&(0x7f00000001c0), 0xd, 0x2) syz_open_dev$usbfs(&(0x7f0000000200), 0xd, 0x800) syz_open_dev$usbfs(&(0x7f0000000240), 0x17, 0x0) syz_open_dev$usbfs(&(0x7f0000000280), 0x17, 0x1) syz_open_dev$usbfs(&(0x7f00000002c0), 0x17, 0x2) syz_open_dev$usbfs(&(0x7f0000000300), 0x17, 0x800) syz_open_dev$usbfs(&(0x7f0000000340), 0x21, 0x0) syz_open_dev$usbfs(&(0x7f0000000380), 0x21, 0x1) syz_open_dev$usbfs(&(0x7f00000003c0), 0x21, 0x2) syz_open_dev$usbfs(&(0x7f0000000400), 0x21, 0x800) syz_open_dev$usbfs(&(0x7f0000000440), 0x2b, 0x0) syz_open_dev$usbfs(&(0x7f0000000480), 0x2b, 0x1) syz_open_dev$usbfs(&(0x7f00000004c0), 0x2b, 0x2) syz_open_dev$usbfs(&(0x7f0000000500), 0x2b, 0x800) 0s ago: executing program 1: syz_open_dev$sndpcmp(&(0x7f0000000040), 0x4, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x4, 0x1) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x4, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x4, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000140), 0xe, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000180), 0xe, 0x1) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0xe, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000200), 0xe, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000240), 0x18, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000280), 0x18, 0x1) syz_open_dev$sndpcmp(&(0x7f00000002c0), 0x18, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000300), 0x18, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000340), 0x22, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000380), 0x22, 0x1) syz_open_dev$sndpcmp(&(0x7f00000003c0), 0x22, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000400), 0x22, 0x800) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x2c, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000480), 0x2c, 0x1) syz_open_dev$sndpcmp(&(0x7f00000004c0), 0x2c, 0x2) syz_open_dev$sndpcmp(&(0x7f0000000500), 0x2c, 0x800) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.7' (ED25519) to the list of known hosts. 1970/01/01 00:00:35 fuzzer started 1970/01/01 00:00:35 dialing manager at 10.128.0.163:30027 syzkaller login: [ 35.692465][ T4228] cgroup: Unknown subsys name 'net' [ 35.870228][ T4247] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SSFS [ 35.936743][ T4228] cgroup: Unknown subsys name 'rlimit' 1970/01/01 00:00:36 starting 5 executor processes [ 39.075385][ T4811] mmap: syz-executor.3 (4811) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 39.379484][ T4851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 39.391055][ T4851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 39.393993][ T4851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 39.396575][ T4851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 39.398917][ T4851] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 39.401059][ T4851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 40.303490][ T4662] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.305725][ T4662] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.309035][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 40.346137][ T4662] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 40.348388][ T4662] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 40.351208][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 40.803471][ T4894] chnl_net:caif_netlink_parms(): no params data found [ 41.003897][ T4894] bridge0: port 1(bridge_slave_0) entered blocking state [ 41.005721][ T4894] bridge0: port 1(bridge_slave_0) entered disabled state [ 41.013045][ T4894] device bridge_slave_0 entered promiscuous mode [ 41.033491][ T4894] bridge0: port 2(bridge_slave_1) entered blocking state [ 41.036336][ T4894] bridge0: port 2(bridge_slave_1) entered disabled state [ 41.044151][ T4894] device bridge_slave_1 entered promiscuous mode [ 41.098407][ T4894] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 41.108646][ T4894] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 41.148034][ T4894] team0: Port device team_slave_0 added [ 41.153034][ T4894] team0: Port device team_slave_1 added [ 41.180502][ T4894] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 41.182791][ T4894] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.189313][ T4894] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 41.206400][ T4894] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 41.208272][ T4894] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 41.223594][ T4894] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 41.283618][ T4894] device hsr_slave_0 entered promiscuous mode [ 41.341949][ T4894] device hsr_slave_1 entered promiscuous mode [ 41.457324][ T261] [ 41.458021][ T261] ============================= [ 41.459272][ T261] WARNING: suspicious RCU usage [ 41.460573][ T261] 6.1.95-syzkaller #0 Not tainted [ 41.462361][ T261] ----------------------------- [ 41.463643][ T261] net/netfilter/ipset/ip_set_core.c:1202 suspicious rcu_dereference_protected() usage! [ 41.465972][ T261] [ 41.465972][ T261] other info that might help us debug this: [ 41.465972][ T261] [ 41.468552][ T261] 1970/01/01 00:00:41 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 41.468552][ T261] rcu_scheduler_active = 2, debug_locks = 1 [ 41.470642][ T261] 3 locks held by kworker/u4:4/261: [ 41.472136][ T261] #0: ffff0000c0845138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 [ 41.474913][ T261] #1: ffff80001dc87c20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 [ 41.477460][ T261] #2: ffff800017e26350 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf4/0x994 [ 41.479983][ T261] [ 41.479983][ T261] stack backtrace: [ 41.481415][ T261] CPU: 1 PID: 261 Comm: kworker/u4:4 Not tainted 6.1.95-syzkaller #0 [ 41.483500][ T261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 41.486066][ T261] Workqueue: netns cleanup_net [ 41.487316][ T261] Call trace: [ 41.488182][ T261] dump_backtrace+0x1c8/0x1f4 [ 41.489456][ T261] show_stack+0x2c/0x3c [ 41.490548][ T261] dump_stack_lvl+0x108/0x170 [ 41.491828][ T261] dump_stack+0x1c/0x5c [ 41.492889][ T261] lockdep_rcu_suspicious+0x260/0x464 [ 41.494314][ T261] _destroy_all_sets+0x21c/0x5a4 [ 41.495639][ T261] ip_set_net_exit+0x28/0x60 [ 41.496909][ T261] cleanup_net+0x564/0x994 [ 41.498088][ T261] process_one_work+0x7ac/0x1404 [ 41.499420][ T261] worker_thread+0x8e4/0xfec [ 41.500631][ T261] kthread+0x250/0x2d8 [ 41.501740][ T261] ret_from_fork+0x10/0x20 [ 41.506885][ T4894] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 41.571651][ T261] [ 41.572279][ T261] ============================= [ 41.573515][ T261] WARNING: suspicious RCU usage [ 41.574747][ T261] 6.1.95-syzkaller #0 Not tainted [ 41.576082][ T261] ----------------------------- [ 41.577332][ T261] net/netfilter/ipset/ip_set_core.c:1213 suspicious rcu_dereference_protected() usage! [ 41.579854][ T261] [ 41.579854][ T261] other info that might help us debug this: [ 41.579854][ T261] [ 41.582490][ T261] [ 41.582490][ T261] rcu_scheduler_active = 2, debug_locks = 1 [ 41.584532][ T261] 3 locks held by kworker/u4:4/261: [ 41.585834][ T261] #0: ffff0000c0845138 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x664/0x1404 [ 41.588479][ T261] #1: ffff80001dc87c20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x6a8/0x1404 [ 41.591215][ T261] #2: ffff800017e26350 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf4/0x994 [ 41.593822][ T261] [ 41.593822][ T261] stack backtrace: [ 41.595408][ T261] CPU: 1 PID: 261 Comm: kworker/u4:4 Not tainted 6.1.95-syzkaller #0 [ 41.597444][ T261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 41.600015][ T261] Workqueue: netns cleanup_net [ 41.601244][ T261] Call trace: [ 41.602088][ T261] dump_backtrace+0x1c8/0x1f4 [ 41.603394][ T261] show_stack+0x2c/0x3c [ 41.604476][ T261] dump_stack_lvl+0x108/0x170 [ 41.605639][ T261] dump_stack+0x1c/0x5c [ 41.606727][ T261] lockdep_rcu_suspicious+0x260/0x464 [ 41.608212][ T261] _destroy_all_sets+0x4f4/0x5a4 [ 41.609511][ T261] ip_set_net_exit+0x28/0x60 [ 41.610755][ T261] cleanup_net+0x564/0x994 [ 41.611850][ T261] process_one_work+0x7ac/0x1404 [ 41.613101][ T261] worker_thread+0x8e4/0xfec [ 41.614286][ T261] kthread+0x250/0x2d8 [ 41.615317][ T261] ret_from_fork+0x10/0x20