last executing test programs: 4.516284227s ago: executing program 2 (id=5): r0 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000180)=0x80000001, 0x4) setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000140)=0x6, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x32, &(0x7f0000001140)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp={0x44, 0x4, 0x8d}]}}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0) 4.154955766s ago: executing program 2 (id=6): epoll_create(0x4) epoll_create1(0x80000) socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f00000002c0)=ANY=[@ANYBLOB="a200004ef3b11f948ef66b0ee0b3d41b1b", @ANYRES64=r0]) 3.11206424s ago: executing program 0 (id=8): bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0500000004000000080000000c"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10) 2.804438995s ago: executing program 0 (id=11): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002780)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x1, 0x6dc, &(0x7f0000000180)="$eJzs3c1vHGcdB/DvrNeON1TBaZM2QkVYiVSQIhInVgrhgkEI5VChqhx6thKnsbpJqsRFaYXABQQnJA79AwqSbxwQEvegcOFSbr36WAmJS8QhqpAWzezsetdevyV+C3w+1XSeZ55nnvnNb95211ltgP9b186n+TBFrp1/40FZX12Zba+uzB6rm9tJynIjaXZnKe4kxaNkrmwvBqYMzDf4ePHqW589Xv28W2vWU9V/rL/e5I5CHrGN5XrKdD3e9Mg1x3c0fnesKry8kOR6PR82sdOxhjqWSTtXz+HQdTZY3s3qm17vwNHXezoV3efmoPJhn6nkeP1krl4TLA+0Pc92dZcDAACA59Sndw87AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHj+1L//X9RTo55nOkXv9/8nesvq8hE0t+OeD/c1DgAAAAAAAAA4GF97kid5kBO9eqeo/uZ/tqqcyhed5Et5P/ezkHu5kAeZz1KWci+XkkwNDDTxYH5p6d6l/pql0WteHrnm5YPaYwAAAAAAAAD4n/SLtNb+/g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEdBkYx1Z9V0qp5nKo1m1tqynPwjycRhx7sLxaiFDw8+DgAAAHgmk0+xzpef5Eke5ESv3imq9/wvV++XJ/N+7mQpi1lKOwu5Ub+HLt/1N1ZXZturK7O3y6msD4/7vX/tKoyJeoSxqjZqy2eqHq3czGK15EKuF8l/Op1Oo7vtc8mZXjwDcQ34qIyp+G5th5E167SWe/67zT5F2BPDH0U0tujZWgsu6Wdkpo6tXPNkNwNF9UFNsj4T2x6d5lBtqhp1vL+lS2n0P/k5tQ85P17Py/359b7mfLf6mWikysTlNPpH6uWtM5F8/S9/fPtW+867t27eP390dmkbY5ssX39OzA5k4pXnOhPNXfafqTJxul+/lh/mxzmf6byZe1nMTzKfpSykU7fP1+dz+f+prTM1N1R7c7tIJurj0j1mO4lpOj+oSvM5W617Iospcjc3spDXq/8u51K+lSu5kqsDR/j0pnFX+1Zd9Y31V33vSP91ZPDnvlEXyrvbb9bucnNb7fFmZ+de6d77y7yeHMhr96x/3O91cuA6mBnI0ou97IyPHPxp7o3Nr9SFchu/3OY5cbCm6kyUF1DvKdGL7qVuJprVs2jjef77Trle2nc6nVvz720y/vK6+mv1vDytVr66Xe+e0Ydib5Xny4uZrO8kw2dH2fZS/y4z0NZZO5e7bcNP3HK901VbUfSu1B/lbnUCbLxSJ+rXcBtHuly1vTKybbZqOzPQNvR6K3fTzo0DyB8AT+Pvb/eLUzk+0fpn69PWJ61ftW613pj8/rFvH3t1IuN/G/9Oc2bstcarxZ/zSX629v4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4evc/+PDd+XZ74d7oQmPzpvm53g/XtNsLrazvs9nIx0YPWNQ/6LNNPEeykObGpskyL4NLxruJOuAIW+vD2FDo/Dw58Iz1fkRwdJ/floXmhjNqVGFuaMmfNg740S4jLHZ2XexjoZGD3Wh5FY9qOqQbEnBgLi7dfu/i/Q8+/Obi7fl3Ft5ZuDN+5crVmatXXp+9eHPxSadr5rCjBPbD2kP/sCMBAAAAAAAAAAAAdmrUFwPOvrDdl0Z29B0P/7IQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2BPXzqf5MEUuzVyYKeurK7PtcuqV13o2kzQaSfHTpHiUzKU7ZWpguCJ/eJTOiO18vHj1rc8er36+Nlaz2z9p1PPNbd2aZLmeMp1krJ4/g6Hxrj/zeMW/e/tQJuyLTqcz92zxwd74bwAAAP//ay345g==") r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000280)=ANY=[@ANYRES32], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) ioctl$RNDADDTOENTCNT(r0, 0x40045201, &(0x7f0000000000)=0x2) 2.769427587s ago: executing program 3 (id=12): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000400)=0x4000000) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000a80)={0x1, 0x0, [{0xeeee8000, 0xd8, &(0x7f0000000240)=""/216}]}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af04, &(0x7f0000000200)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x2) 2.684326674s ago: executing program 1 (id=13): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000840)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x0, 0x20, 0x9, 0x10001, 0x0, 0xffffdffffffffffd, 0x7, 0x0, 0x0, 0x9, 0xfffffffb, 0x1}) 2.464259211s ago: executing program 3 (id=14): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendmmsg$sock(r2, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b83a7404087d4bcb64f6ecad05459d12595d5b8b2657f2f29656a15e5a18e3168946dcb5faa59f7b404bad393ba06734d170b0513aeb0d051", 0xd5}, {&(0x7f00000004c0)="62c99e05d98775ed1beb5d67431ead896f7060f03e5b8671b283168d0df1573bef271f3a22b9cac06e27c7e87b34a19188d3e10e670bc070f0d3eb88d2f891d242747e0deec4a10609b12d4058b0fbff28bb01e6e49b533b03b11288ff4da1ab3226a2e3ba5fc47969142f1a1a0ca9ba4cece2ac9a5fcd89343de7e57dfcbb6216499555bd04f2fcb91c3c6c72868a3797ec63f8138ab74b5034878812df8b0445704cb33f81bffed93c3e645a206db134f626a59f4fac53fbf23489cf2f45d05d735e64033376671da045df97bcb989bda1d17ba14afbfd19e32a8222ebf934c17fed237b86aef2e830", 0xea}, {&(0x7f00000005c0)="f2b314c96d500b66f7fd46493862d9eb11d188464208592330ac482436286448", 0x20000}], 0x3}}], 0x1, 0x0) 2.154152986s ago: executing program 0 (id=15): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='bic\x00', 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 2.127380599s ago: executing program 3 (id=16): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000680)=[@text64={0x40, 0x0}], 0x1, 0x40, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, 0x0}], 0x1, 0x6a, &(0x7f0000000080)=[@cr4={0x1, 0x2009b2}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.900610817s ago: executing program 1 (id=17): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r1, &(0x7f0000000340)=ANY=[], 0xff2e) ioctl$TCXONC(r1, 0x540a, 0x2) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)) 1.789891366s ago: executing program 2 (id=18): socket$inet_udp(0x2, 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r0 = syz_io_uring_setup(0x49b, &(0x7f0000000000)={0x0, 0xf62c, 0x1, 0x3, 0x37d}, &(0x7f0000001e40)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) 1.532680596s ago: executing program 3 (id=19): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x4048840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.416610395s ago: executing program 1 (id=20): openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 1.416218015s ago: executing program 2 (id=21): setuid(0xee00) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0x8001) r2 = getpgid(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x2, r2}) sendmmsg$unix(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="11", 0x1}], 0x1, 0x0, 0x0, 0x4000}}], 0x1, 0x40015) 1.309066464s ago: executing program 2 (id=22): syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000f00)='./file1\x00', 0x208800, &(0x7f0000003100)=ANY=[], 0x1, 0xf04, &(0x7f0000000f40)="$eJzs3U9sHNUZAPA3a6/txCZeAwUDJaTQikDBDkmkprcgUI+IS++gkNAIQ1FDD0T8MT0gKiGKhDhVHKi4UCqlSK0EqlShntqeWvXWE+qFSlUqBfXQRkpc2X5vvX72sOuxPbv2/n7St2/fvNn5vslazsx49m0AhlZj5fHkydkihHc/fefRl58qfru87K72GkdWHovYa4UQmh39Itve53HBtSsvndmsLcLxlcfUD49dbr92MoSwGI6Ez0IrfDS/8OWH7z1y9OPXJ2556+Izr+zS7rfl+wEAAPvRpT8v/P2+f/7pgZmrlw6fDuPt5en4vBX7k/G4/1g8UE7Hy42wvl90RKexbL2RGI1svZFsvdEsz2hJvma2nWbJemNd8o10LNtsPwEAAGAvSue1rVA05tb1G425udXz/mWfT48Vc8+dXzh3oU+FAgAAAJX959WVm26FEEIIIUSt0RyAGoQQQgxTLE33+woEAAAAMGzy+cI2WNzZmbraW2v1lv/yw43NXw87oO6ff/n3Vv4PXvMbBwCA6vbr0WTar3QcneYxyOcRHMlet9Xj/0a2ndEt1lk2r+C65cXgvk1l9ef/roOqrP6tvo/9UlZ/Ph/moCqrP5+nc1CV1T9ecx1VldU/UXMdVZXVf6DmOqoqq/9gzXVUVVb/ZM11VFVW/1TNdVRVVv8NNddRVVn9h2quo6qy+vfKbbVl9bdqrqOqsvpnaq6jqrL6b6y5jqrK6r+p5jqqKqv/5prr6Jc7Y5v+HQ5n453nz/k53V45xwMAAIBh9z/z/wkhhBAbYuU+iAGoQ4j9HcUA1CC+Ktp/7xuAWoQQ249X+3r1AQAAABgE6XMB6QPoS1EaH+kyPho/S7QyPrG2Qhpvdnn9WJfx8S7jAAAAQAi/e+PcbW8Xa5/z3+58eB3zRl0PFeYxyie622r+7c57tt38e2XeMgAAAIZL8b3Prt//6PsvzFy9dPh0x9nv9Xi+m+YBHY3XBj6J/XRfwFTWL9I59On1eRol6+XXB24o297j29xRAAAAGGLp/L0VisZcx3l3KzQac3Nr5+OzoVmcO79w9ljsp+9n+eN0c3x5+UM11w0AAAD0bu18f/Pz//Q9vrNhrJh77vzCuQur/an28maj87rA9NryovO6QCtbfrxk+YnYT9/f+YPpAyvL5878cOGpnd55AAAAGBIXXrz4zJMLC2d/5IknnnjSftLv30wAAMBO++KLd5o/PjH1+9XP/6/Nf5c+/38k9ltxbr+/xBXSfQLpcwAbPq//xPo802XrPb9+vVa23kiM8azuiY7tLDuQvW6mLF9r/XbGSvJNZvmmsnz5PAWj2fop36FseT4/YVpvOluez8M4muUosvx3BwAAACg3/8Kzz89fePHig+efffLps0+ffe7E8VPfPXXq2EPfeWh+5b7++c67+wEAAIC9aO2m335XAgAAAAAAAAAAAAAAAAAAAMOrjq8T6/c+AgAAwLD796shhEUhhKgcS+P9r0EIIYQQQog9Eyvf7V5/3ka/rz8AAAAAw+falZfOhDARQlhuN7FY7Gi+9tZaq831K6t5Uzv14N9mliOtdvnhkXWvP7ij1TDsrsWfu9RusMM///LvrfwfvLaz+SfSk55//2WXjE9Xy3vv/C9nO/PfPtpj/nz/H6+W/2iW/97QW/6l97P8T1TLf1+W/2CP+Tfs//PV8t8f88/G/tF7es2//v0fj23ajwM95v92tv9PhV7zZ/vf6jFh5oGYHwCG0X69ASAdJaTj6MnYT/sbDzfDSPa6rR7/N7LtjG678vXbTcdBt8Z+Ol6ayvImW61/MtveDRXrzOV1Daqy+nfqfdxtZfU3a66jqrL6x2quo6qy+sdrrqOqsvonaq6jqrL6ez0P7bey+vfKdeWy+idrrqOqsvqnaq6jqrL6t/r/eL+U1X+o5jqqKqt/uuY6qiqrv+JltdqV1T9Tcx1VldV/Y811VFVW/00111FVWf0311xHv9wR27Lz4XT+OR3HUr+V9cc3+bfcr9cWAAAAYK/519DO/xevdPS9DiGEEELs1ZgY9GOJZFe2P7rL2xd1x3+XVvW7DiHE7sXSUt1XHBgku/tpZgAGld//w837P9y8/8PN+89XSffwF1k/GekyPtplvNllfCwbz39ex7uM35Rtdyld14xu7jL+tS7jh7qM39plfLbL+G1dxm/vMn5Hl3EAAACGwy2xdX4IAAAA+9fLv/rkzd/c+8SVmauXDp8OYxvmnT8W++Pxb+tvxH4+733SjH/z/0ns/yK2f4jtP7L13X8CAAAAuy99T4y//wMAAMD+lb6n1Pk/AAAA7F8zsXX+DwAAAPvXjbF1/g8AAAD7WDGx+eLYpusCd8e213n9AIDB9/XY3hnbw7G9K7bfiG06Drgntt+sqT4AYOf8/Ps/PfV2sTbf/4ls/FpcntoNFlevFBSN9TP5H4jtwdh+q8d68u8D6DV/cqjHPLuVf3qb+QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/aOx8njy5GwRwrufvvPoz8be/OvysrvaaxxZeSxirxVCaLZfl0bX+r+OK1678tKZzvZ6bItwPBShaC8Pj11uZ5oMISyGI+Gz0AofzS98+eF7jxz9+PWJW966+Mwru/hPsG7/AAAAYD/6fwAAAP//ScMebw==") creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804051, 0x0, 0x1, 0x0, &(0x7f0000000d40)) rmdir(&(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000002d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x820}}, {{&(0x7f0000001580)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x40042}}], 0x2, 0x20000000) 1.215136092s ago: executing program 3 (id=23): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) syz_genetlink_get_family_id$batadv(0x0, r0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001100)=@ipv6_newaddr={0x40, 0x14, 0x101, 0x70bd26, 0x25dffbf8, {0xa, 0x38, 0x78, 0x0, r2}, [@IFA_LOCAL={0x14, 0x2, @loopback}, @IFA_CACHEINFO={0x14, 0x6, {0x0, 0x8, 0x200, 0x9}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4c051}, 0x8000) 1.048749985s ago: executing program 0 (id=24): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)=ANY=[], 0x24}], 0x1}, 0x0) syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) preadv(r1, &(0x7f0000000280), 0x3c, 0x0, 0x0) 1.021760688s ago: executing program 3 (id=25): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c74c50000000000120000f1850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = syz_usb_connect(0x5, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010003ac9bcc20d118af1ebb5a0102030109022400010700800b0904"], &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r1, 0x0, &(0x7f0000000040)={0x84, &(0x7f0000000880)=ANY=[@ANYBLOB="200f1a000000def0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 705.077573ms ago: executing program 0 (id=26): r0 = memfd_create(&(0x7f00000002c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\xc0LF;\xd6\x84\x19\xb4}\x00\x00\x05~\xf3S\x12\"p^\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1aZS\x01*\x1b\xfd\xbcMA\xdcq\xa1\x00\xb3\xf9\x91r\x7f\xdc\xf1\xc3G\xa4kP\x99YO\xb8V\xd5p\x90X\xaaf\x1f~\xf2\xad\xe3\xa9\xea\xd0ua\b\x0f\xf2\xe4uM\xeb\xc4\x88\x17\xa6\xaf\xc2-\xee\x14\x96\x1d\xe1\xbc\x93\fEx\x19\x9eP\x05y\xe6<\xf2\xac\xc1T\x87;\x18\x19kg\r\xf0\xbfr\x0fO\xd8>\xfb\xfe\x0f\xf8\x0f\xf7D3t\xe3\xc0\xf2\xc9\xc8\x1d#N\xfb\xb6\x03\xd2\xfd\xb3\x85\xb5\xd3\x06b\x90\xd6\xb1E^i\xfb\x02\x00\x00', 0x1) syz_mount_image$exfat(&(0x7f0000000400), &(0x7f0000000240)='./file0\x00', 0x2000084c, &(0x7f0000000540)=ANY=[@ANYBLOB='iocharset=ascii,discard,dmask=00000000000000000000007,uid=', @ANYRESHEX, @ANYBLOB=',dmask=00000000000000000000152,fmask=00000000000000000000006,gid=', @ANYRESHEX=r0, @ANYBLOB=',uid=', @ANYRESHEX=0xee00, @ANYBLOB="2c646973636172642c00fb278330ab3b4884d36adf6908d11f57832035e96a1513231140da182ca77aeedc492bbc501d94f854a7e26909bde6e698d72a15ec808a86c25d"], 0x81, 0x14f5, &(0x7f0000001580)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSklPY/0vv+33e9+v9vr7v//b/u65v1u+69jV7zf2s9ax71lzz3PdzXfP80HNUvRb1azcjIvEvgb9+SRFCxAghhgkhbhBCBEKISvGV4q8cL6Ag5V97EvbnejT9WnfAriWef97G88/beP55G88/b+P55208/7yN55+38fwZy8u2zyl2I6+8u/j9/7yMX///F8ktP/mbjeVv7vU/SOH55208/7yN55+38fzzNp5/3sbz/9+v1n9xjOeft/H8GcvLrvX7z7yu7brWv3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxvKGc/4qLYT4t/217osxxhhjjDHGGGN/Hp//WnfAGGOMMcYYY4yx//dASKGEFoHIJ/KLGFFAxIrrRJy4XhQUN4iIuFHEi5tEIXGzKCyKiKKimEgQxUUJYQQKK0iEoqQoJaLiFlFa3CoSRRlRVpQTTpQXSeI2UUHcLiqKO0QlcaeoLO4SVURVUU1UF3eLGuIeUVPUErXFvaKOqCvqifriPtFA3C8aigdEI/GgaCweEk3Ew6KpeEQ0E4+K5uIx0UI8LlqKJ0Qr0Vq0EW1Fu/+r/FdEX/Gq6Cf6ixQxQAwUr4lBYrAYIoaKYeJ1MVy8IUaIN0WqGClGibfEaPG2GCPeEWPFODFevCsmiIlikpgspoipIk28J6aJ98V08YGYIWaKWWK2SBdzxFzxoZgn5osF4iOxUHwsFonFYolYKjLEJyJTLBNZ4lOxXHwmssUKsVKsEqvFGrFWrBPrxQaxUWwSm8UWsVVsE9vF52KH2Cl2id1ij9gr9okvxH7xpTggvhI54uv/Yf7Z/5DfCwQIkCBBg4Z8kA9iIAZiIRbiIA4KQkGIQATiIR4KQSEoDIWhKBSFBEiAElACEBAICEpCSYhCFEpDaUiERCgLZcGBgyRIggpwO1SEilAJKkFlqAxVoCpUhepQHWpADagJNaE21IY6UAfqQT24D+6D+6EhNIRG0AgaQ2NoAk2gKTSFZtAMmkNzaAEtoCW0hFbQCtpAG2gH7aA9tIcO0AE6QSfoDJ2hC3SBZEiGrtAVukE36A7doQf0gJ7QE3pBb+gNr8Ar8Cq8Cv2hjhwAA2EgDIJBMASGwlB4HYbDG/AGvAmpMBJGwVvwFrwNY+AMjIVxMB7GQw05ESbBZCA5FdIgDabBNJgO02EGzISZMBvSYQ7MhbkwD+bDfPgIFsLH8DEshsWwFDIgAzJhGWRBFiyHs5ANK2AlrILVsAZWwzpYD+tgI2yCjbAFtsA22Aafw+ewE3bCbtgNe2EvfAFfwJfwJaRCDuTAQTgIh+AQHIbDkAu5cASOwFE4CsfgGByH43ACTsIpOAmn4TScgbNwDs7BBbgAF+GlhO+a7y2zIVXIK7TUMp/MJ2NkjIyVsTJOxsmCsqCMyIiMl/GykCwkC8vCsqgsKhNkgiwhS0iUKEmGsqQsKaMyKkvL0jJRJsqysqx00skkmSQryAqyoqwoK8k7ZWV5l6wiq8qOrrqsLmvITq6mrCVry9qyjqwr68n6sr5sIBvIhrKhbCQbycaysWwiH5ZN5QAYAo/KK5NpIUdCSzkKWsnWso1sK9+GJ2V7OQY6yI6yk3xajoOx0EW2d8nyOdlVToJu8gU5GV6UPeRU6Clflr1kb9lHviL7yg6un+wvZ8AAOVDOhkFysBwih8p5UFdemVg9+aZMlSPlKPmWXApvyzHyHTlWjpPj5btygpwoJ8nJcoqcKtPke3KafF9Olx/IGXKmnCVny3Q5R86VH8p5cr5cID+SC+XHcpFcLJfIpTJDfiIz5TKZJT+Vy+VnMluukCvlKrlarpFr5Tq5Xm6QG+UmuVlukVvlNrldfi53yJ1yl9wt98i9cp/8Qu6XX8oD8iuZI7+WB+Vf5CH5jTwsv5W58jt5RH4vj8of5DH5ozwuf5In5El5Sv4sT8tf5Bl5Vp6T5+UF+au8KC/Jy9JLoUBJpZRWgcqn8qsYVUDFqutUnLpeFVQ3qIi6UcWrm1QhdbMqrIqooqqYSlDFVQllFCqrSIWqpCqlouoWVVrdqhJVGVVWlVNOlVdJ6jZVQd2uKqo7VCV1p6qs7lJVVFVVTVVXd6sa6h5VU9VStdW9qo6qq+qp+uo+1UDdrxqqB1Qj9aBqrB5STdTDqql6RDVTj6rm6jHVQj2uWqonVCvVWrVRbVU79aRqr55SHVRH1Uk9rTqrZ1QX9axKVs+prup51U29oLqrF1UP9ZLqqV5WvVRv1UddUpeVV/1Uf5WiBqiB6jU1SA1WQ9RQNUy9roarN9QI9aZKVSPVKPWWGq3eVmPUO2qsGqfGq3fVBDVRTVKT1RQ1VaWp99Q09b6arj5QM9RMNUvNVulqjhryt0oL/hv57/+T/BG/Pfs2tV19rnaonWqX2q32qL1qn9qn9qv96oA6oHJUjjqoDqpD6pA6rA6rXJWrjqgj6qg6qo6pY+q4Oq5OqJPqvPpZnVa/qDPqrDqrzqsL6oK6+LefgdCgpVZa60Dn0/l1jC6gY/V1Ok5frwvqG3RE36jj9U26kL5ZF9ZFdFFdTCfo4rqENhq11aRDXVKX0lF9iy6tb9WJuowuq8tpp8vrJH3bv5z/R/210+10e91ed9AddCfdSXfWnXUX3UUn62TdVXfV3XQ33V131z10D91T99S9dC/dR/fRfXVf3U/30yk6RQ/Ur+lBerAeoofqYfp1PVwP1yP0CJ2qU/UoPUqP1qP1GD1Gj9Vj9Xg9Xk/QE/QkPUlP0VN0mk7T0/Q0PV1P1zP0DD1Lz9LpOl3P1XP1PD1PL9AL9EK9UC/Si/QSvURn6AydqTN1ls7Sy/Vyna1X6BV6lV6l1+g1ep1epzfoDXqT3qS36C06W2/X2/UOvUPv0rv0Hr1H79P79H69Xx/QB3SOztEH9UF9SB/Sh/Vhnatz9RF9RB/VR/UxfUwf18f1CX1Cn9Kn9Gl9Wp/RZ/Q5fU5f0Bf0RX1RX9aXr1z2BTKQgQ50kC/IF8QEMUFsEBvEBXFBwaBgEAkiQXwQHxQKbg4KB0WCokGxICEoHpQITICBDSgIg5JBqSAa3BKUDm4NEoMyQdmgXOCC8kFScFtQIbg9qBjcEVQK7gwqB3cFVYKqQbWgenB3UCO4J6gZ1ApqB/cGdYK6Qb2gfnBf0CC4P2gYPBA0Ch4MGgcPBU2Ch4OmwSNBs+DRoHnwWNAieDxoGTwRtApaB22CtkG7P7W+92eKPOX6mf4mxQwwA81rZpAZbIaYoWaYed0MN2+YEeZNk2pGmlHmLTPavG3GmHfMWDPOjDfvmglmoplkJpspZqpJM++ZaeZ9M918YGaYmWaWmW3SzRwz13xo5pn5ZoH5yCw0H5tFZrFZYpaaDPOJyTTLTJb51Cw3n5lss8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMdvO52WF2ml1mt9lj9pp95guz33xpDpivTI752hw0fzGHzDfmsPnW5JrvzBHzvTlqfjDHzI/muPnJnDAnzSnzszltfjFnzFlzzpw3F8yv5qK5ZC4bf+Xi/srLO2rUmA/zYQzGYCzGYhzGYUEsiBGMYDzGYyEshIWxMBbFopiACVgCS+AVhIQlsSRGMYqlsTQmYiKWxbLo0GESJmEFrIAVsSJWwkpYGStjFayC1bAa3o134z14D9bCWngv3ot1sS7Wx/rYABtgQ2yIjbARNsbG2ASbYFNsis2wGTbH5tgCW2BLbImtsBW2wTbYDtthe2yPHbADdsJO2Bk7YxfsgsmYjF2xK3bDbtgdu2MP7IE9sSf2wl7YB/tgX+yL/bAfpmAKDsSBOAgH4RAcgsNwGA7H4TgCR2AqpuIoHIWjcTSOwTE4FsfheHwXJ+BEnISTcQpOxTRMw2k4DafjdJyBM3AWzsJ0TMe5OBfn4TxcgAtwIS7ERbgIl+ASzMAMzMRMzMIsXI7LMRuzcSWuxNW4GtfiWlyP63EjbsTNuBm34lbcjttxB+7AXbgL9+Ae3If7cD/uxwN4AHMwBw/iQTyEh/AwHsZczMUjeASP4lE8hsfwOB7HE3gCT+EpPI2n8QyewXN4Di/gr3gRL+Fl9BhjpYi119k4e70taG+wMbaA/fu4qC1mE2xxW8IaW9gW+YcYrbWJtowta8tZZ8vbJHvb7+IqtqqtZqvbu20Ne4+t+bu4gb3fNrQP2Eb2QVvf3vcPcWP7kG1iH7dN7RO2mW1tm9u2toV93La0T9hWtrVtY9vazvYZ28U+a5Ptc7arff53caZdZtfbDXaj3WT32y/tOXveHrU/2Av2V9vP9rfD7Ot2uH3DjrBv2lQ78nfxePuunWAn2kl2sp1ip/4unmVn23Q7x861H9p5dv7v4gz7iV1os+wiu9gusUt/i6/0lGU/tcvtZzbbrrAr7Sq72q6xa+26f+91ld1it9ptdp/9wu6wO+0uu9vusXt/i6+cxwH7lc2xX9sj9nt7yH5jD9tjNtd+91t85fyO2R/tcfuTPWFP2lP2Z3va/mLP2LO/nf+Vc//ZXrKXrbeCgCQp0hRQPspPMVSAYuk6iqPrqSDdQBG6keLpJipEN1NhKkJFqRglUHEqQYaQLBGFVJJKUZRuodJ0KyVSGSpL5chReUqi26gC3U4V6Q6qRHdSZbqLqlBVqkbV6W6qQfdQTapFteleqkN1qR7Vp/uoAd1PDekBakQPUmN6iJrQw9SUHqFm9Cg1p8eoBT1OLekJakWtqQ21pXb0JLWnp6gDdaRO9DR1pmeoCz1LyfQcdaXnqRu9QN3pRepBL1FPepl6UW/qQ69QX3qV+lF/SqEBNJBeo0E0mIbQUBpGr9NweoNG0JuUSiNpFL1Fo+ltGkPv0FgaR+PpXZpAE2kSTaYpNJXS6D2aRu/TdPqAZtBMmkWzKZ3m0Fz6kObRfFpAH9FC+pgW0WJaQkspgz6hTFpGWfQpLafPKJtW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6nHbSTdtFu2kN7aR99QfvpSzpAX1EOfU0H6S90iL6hw/Qt5dJ3dIS+p6P0Ax2jH+k4/UQn6CSdop/pNP1CZ+gsnaPzdIF+pYt0iS6TJxFCKEMV6jAI84X5w5iwQBgbXhfGhdeHBcMbwkh4Yxgf3hQWCm8OC4dFwqJhsTAhLB6WCE2IoQ0pDMOSYakwGt4Slg5vDRPDMmHZsFzowvJhUnhbWCG8PawY3hFWCu8MK4d3hVXCquHjD1YP7w5rhPeENcNaYe3w3rBOWDesF9YP7wsbhPeHDcMHwkbhg2HF8KGwSfhw2DR8JGwWPho2Dx8LW4SPhy3DJ8JWYeuwTdg2bBc+GbYPnwo7hB3DTuHTYefwmbBL+GyYHD4Xdg2f/8PjKeGAcGD4Wvha6P0Dakl0aTQj+kk0M7osmhX9NLo8+lk0O7oiujK6Kro6uia6Nrouuj66Iboxuim6ObolujW6Lep9/fzCgZNOOe0Cl8/ldzGugIt117k4d70r6G5wEXeji3c3uULuZlfYFXFFXTGX4Iq7Es44dNaRC11JV8pF3S2utLvVJboyrqwr55wr75JcW9fOtXPt3VOug+voOrmn3dPuGfeMe9Y9655zXd3zrpt7wXV3L7oe7iX3knvZ9XK9XR/3iuvrXnX9XH+X4lLcQDfQDXKD3BA3xA1zw9xwN9yNcCNcqkt1o9woN9qNdmPcGDfWjXXj3Xg3wU1wk9wkN8VNcWkuzU1z09x0N93NcDPcLDfLpbt0N9fNdfPcPLfALXALExe6RW6RW+KWuAyX4TJdpstyWW65W+6yXbZb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+F2uF1ul9vj9rh9bp/b7/a7A+6Ay3E57qA76A65Q+6w+9bluu/cEfe9O+p+cMfcj+64+8mdcCfdKfezO+1+cWfcWXfOnXcX3K/uorvkLjvv0iLvRaZF3o9Mj3wQmRGZGZkVmR1Jj8yJzI18GJkXmR9ZEPkosjDycWRRZHFkSWRpJCPySSQzsiySFfk0sjzyWSQ7siKyMrIqsjqyJuJ98R2hL+lL+ai/xZf2t/pEX8aX9eW88+V9kr/NV/C3+4r+Dl/J3+kr+7t8FV/VV/NP+Fa+tW/j2/p2/knf3j/lO/iOvpN/2nf2z/gu/lmf7J/zXf3zvpt/wXf3L/oe/iXf07/se/nevo9/xff1r/p+vr9P8QP8QP+aH+QH+yF+qB/mX/fD/Rt+hH/Tp/qRfpR/y4/2b/sx/h0/1o/z4/27foKf6Cf5yX6Kn+rT/Ht+mn/fT/cf+Bl+pp/lZ/t0P8fP9R/6eX6+X+A/8gv9x36RX+yX+KU+w3/iM/0yn+U/9cv9Zz7br/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3X/ud/idfpff7ff4vX6f/8Lv91/6A/4rn+O/9gf9X/wh/40/7L/1uf47f8R/74/6H/wx/6M/7n/yJ/xJf8r/7E/7X/wZf9af8+f9Bf+rv+gv+cv8P2uMMcYYY/8t6g+OD/gn35N/W1cMFEJcv7NY7n+subnwX/eDZULniBDiuf49H/23VadOSkrK3x6brURQarEQInI1P5+4Gq8QncQzIll0FBX+aX+DZe8L9Af1o3cKEft3OTHiany1/u3/Sf0nnx6fWTk8F/9f1F8sRGKpqzkFxNX4av2K/0n9Iu3/oP8C36QJ0eHvcuLE1fhq/STxlHheJP/DIxljjDHGGGOMsb8aLKt1/6P75yv35wn6ak5+cTX+o/tzxhhjjDHGGGOMXXsv9u7z7JPJyR2784Y3vOHNv2+u9V8mxhhjjDHG2J/t6kX/te6EMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLu/5/fJzYtT5HxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Fr7PwEAAP//SOc8Mw==") mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x0, 0x0) mount$bpf(0x0, &(0x7f0000001080)='./file0\x00', 0x0, 0x1100020, &(0x7f00000005c0)=ANY=[@ANYBLOB='mode=']) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r1, &(0x7f0000000f00)={0x2020}, 0x2020) 704.098743ms ago: executing program 2 (id=27): r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x7fff) listen(r0, 0x2) accept4(r0, 0x0, 0x0, 0x80800) sendmsg$inet(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x8081) 338.113322ms ago: executing program 0 (id=28): syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2d50, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x33, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc, 0x0, 0x7}}}}}]}}]}}, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}}) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068) 144.667238ms ago: executing program 1 (id=29): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x0, @local}, 0x10) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) writev(r1, &(0x7f0000000300)=[{0x0}, {&(0x7f00000007c0)="6cee", 0x2}], 0x2) 69.955984ms ago: executing program 1 (id=30): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)=ANY=[], 0x240}, 0x1, 0x0, 0x0, 0xd0}, 0x4048010) recvmsg$can_bcm(r1, &(0x7f0000002380)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000002140)=""/70, 0x46}, {&(0x7f00000021c0)=""/189, 0xbd}], 0x2}, 0x60) 0s ago: executing program 1 (id=31): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x5, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000e40)={0x34, &(0x7f0000000c00)={0x40, 0x15, 0x4, "00147800"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000140)={0x20, 0x14, 0x4, "5c51a667"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.104' (ED25519) to the list of known hosts. [ 84.758182][ T5774] cgroup: Unknown subsys name 'net' [ 84.898973][ T5774] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.624889][ T5774] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.087526][ T5800] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.096387][ T5800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.105329][ T5800] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.108183][ T5798] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.114288][ T5800] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.121910][ T5796] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.129930][ T5800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.143364][ T5801] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.145673][ T5802] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.151532][ T5801] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.159143][ T5802] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.171698][ T5801] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.180036][ T5801] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 89.180910][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.188617][ T5800] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 89.197047][ T5802] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 89.202613][ T5801] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.210759][ T5802] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.223619][ T5790] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.230748][ T5801] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.249096][ T5790] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.261291][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.271471][ T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 89.281837][ T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.669076][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 89.893442][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.900862][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.908286][ T5786] bridge_slave_0: entered allmulticast mode [ 89.916337][ T5786] bridge_slave_0: entered promiscuous mode [ 89.924849][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 89.987344][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.996796][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.004845][ T5786] bridge_slave_1: entered allmulticast mode [ 90.012602][ T5786] bridge_slave_1: entered promiscuous mode [ 90.055245][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.122094][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.168442][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 90.198653][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 90.249766][ T5786] team0: Port device team_slave_0 added [ 90.263209][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.270998][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.278795][ T5787] bridge_slave_0: entered allmulticast mode [ 90.286575][ T5787] bridge_slave_0: entered promiscuous mode [ 90.308965][ T5786] team0: Port device team_slave_1 added [ 90.337233][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.344583][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.352779][ T5787] bridge_slave_1: entered allmulticast mode [ 90.360601][ T5787] bridge_slave_1: entered promiscuous mode [ 90.423803][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.431254][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.458539][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.493895][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.527333][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.535688][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.564218][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.591962][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.657925][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.665340][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.672746][ T5784] bridge_slave_0: entered allmulticast mode [ 90.681070][ T5784] bridge_slave_0: entered promiscuous mode [ 90.689155][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.696538][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.703926][ T5784] bridge_slave_1: entered allmulticast mode [ 90.711417][ T5784] bridge_slave_1: entered promiscuous mode [ 90.757590][ T5787] team0: Port device team_slave_0 added [ 90.783336][ T5786] hsr_slave_0: entered promiscuous mode [ 90.790657][ T5786] hsr_slave_1: entered promiscuous mode [ 90.798733][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.806422][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.819730][ T5785] bridge_slave_0: entered allmulticast mode [ 90.827254][ T5785] bridge_slave_0: entered promiscuous mode [ 90.836986][ T5787] team0: Port device team_slave_1 added [ 90.856209][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.864529][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.872618][ T5785] bridge_slave_1: entered allmulticast mode [ 90.880083][ T5785] bridge_slave_1: entered promiscuous mode [ 90.917015][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.954381][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.961465][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.988838][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.014919][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.052844][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.060246][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.088916][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.141292][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.154590][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.207849][ T5784] team0: Port device team_slave_0 added [ 91.217259][ T5784] team0: Port device team_slave_1 added [ 91.241311][ T5787] hsr_slave_0: entered promiscuous mode [ 91.247889][ T5787] hsr_slave_1: entered promiscuous mode [ 91.254868][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.263274][ T5787] Cannot create hsr debugfs directory [ 91.290622][ T5794] Bluetooth: hci3: command tx timeout [ 91.306309][ T5785] team0: Port device team_slave_0 added [ 91.347882][ T5785] team0: Port device team_slave_1 added [ 91.367767][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.375006][ T5794] Bluetooth: hci1: command tx timeout [ 91.375056][ T5103] Bluetooth: hci0: command tx timeout [ 91.380859][ T50] Bluetooth: hci2: command tx timeout [ 91.392653][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.418980][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.436376][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.443470][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.469891][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.563621][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.570784][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.598029][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.632955][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.640221][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.666552][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.764452][ T5784] hsr_slave_0: entered promiscuous mode [ 91.771473][ T5784] hsr_slave_1: entered promiscuous mode [ 91.778828][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.787551][ T5784] Cannot create hsr debugfs directory [ 91.879486][ T5785] hsr_slave_0: entered promiscuous mode [ 91.886431][ T5785] hsr_slave_1: entered promiscuous mode [ 91.893668][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.901662][ T5785] Cannot create hsr debugfs directory [ 91.993466][ T5786] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.007489][ T5786] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.051133][ T5786] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.063463][ T5786] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.250240][ T5787] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.268493][ T5787] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.287454][ T5787] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.298424][ T5787] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.390987][ T5784] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.403073][ T5784] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.413867][ T8] cfg80211: failed to load regulatory.db [ 92.451093][ T5784] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.495686][ T5784] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.538424][ T5785] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.560757][ T5785] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.572610][ T5785] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.583719][ T5785] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.620210][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.684917][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.715037][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.722535][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.784561][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.791964][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.836733][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.934378][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.984787][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.992152][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.015289][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.022619][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.057406][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.104765][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.138724][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.196861][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.204444][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.223603][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.255707][ T54] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.262963][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.307169][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.314838][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.325995][ T54] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.333280][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.380029][ T50] Bluetooth: hci3: command tx timeout [ 93.451386][ T50] Bluetooth: hci2: command tx timeout [ 93.451704][ T5103] Bluetooth: hci0: command tx timeout [ 93.457070][ T5794] Bluetooth: hci1: command tx timeout [ 93.472883][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.704495][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.735026][ T5786] veth0_vlan: entered promiscuous mode [ 93.767147][ T5786] veth1_vlan: entered promiscuous mode [ 93.886856][ T5786] veth0_macvtap: entered promiscuous mode [ 93.909951][ T5787] veth0_vlan: entered promiscuous mode [ 93.925440][ T5786] veth1_macvtap: entered promiscuous mode [ 93.982716][ T5787] veth1_vlan: entered promiscuous mode [ 94.001950][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.038959][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.082746][ T5786] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.095716][ T5786] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.105301][ T5786] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.114562][ T5786] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.130075][ T5787] veth0_macvtap: entered promiscuous mode [ 94.152196][ T5787] veth1_macvtap: entered promiscuous mode [ 94.177625][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.250979][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.261543][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.274123][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.293897][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.342098][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.353337][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.366241][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.402900][ T5787] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.415559][ T5787] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.425567][ T5787] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.435263][ T5787] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.447740][ T5784] veth0_vlan: entered promiscuous mode [ 94.485021][ T5784] veth1_vlan: entered promiscuous mode [ 94.515558][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.528088][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.609828][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.617982][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.649191][ T5784] veth0_macvtap: entered promiscuous mode [ 94.657178][ T5785] veth0_vlan: entered promiscuous mode [ 94.683564][ T5784] veth1_macvtap: entered promiscuous mode [ 94.702736][ T5785] veth1_vlan: entered promiscuous mode [ 94.819011][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.832713][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.844905][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 94.856040][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 94.867880][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.884746][ T3439] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.895058][ T3439] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.943197][ T54] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.955124][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 94.961279][ T54] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.986474][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.007342][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.024667][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.038368][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.062838][ T5784] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.073321][ T5878] syz.2.3[5878]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 95.075414][ T5784] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.093693][ T5878] loop2: detected capacity change from 0 to 512 [ 95.097286][ T5784] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.115689][ T5878] EXT4-fs: Ignoring removed mblk_io_submit option [ 95.116020][ T5784] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.153840][ T5878] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 95.167744][ T5878] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 95.185021][ T5785] veth0_macvtap: entered promiscuous mode [ 95.194632][ T5878] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec118, mo2=0002] [ 95.222506][ T5878] System zones: 1-12 [ 95.238948][ T5878] EXT4-fs (loop2): 1 truncate cleaned up [ 95.244275][ T5785] veth1_macvtap: entered promiscuous mode [ 95.247406][ T5878] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.378489][ T5786] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.451137][ T5794] Bluetooth: hci3: command tx timeout [ 95.483059][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.495785][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.505791][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.518031][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.528740][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 95.542026][ T5794] Bluetooth: hci0: command tx timeout [ 95.547510][ T5794] Bluetooth: hci1: command tx timeout [ 95.553397][ T50] Bluetooth: hci2: command tx timeout [ 95.586927][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.599154][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.626616][ T3439] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.636292][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.644057][ T3439] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.682561][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.693885][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.708170][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.719315][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 95.730296][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 95.742714][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.803834][ T5785] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.813126][ T5888] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 95.826554][ T5785] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.841785][ T5785] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.861258][ T5785] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.945703][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.955796][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.108589][ T3439] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.120207][ T5839] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 96.144431][ T3439] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.240115][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.282410][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.330011][ T5839] usb 3-1: Using ep0 maxpacket: 32 [ 96.379761][ T5839] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 96.388432][ T5839] usb 3-1: config 0 has no interface number 0 [ 96.443086][ T5839] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 96.467632][ T5839] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.525756][ T5839] usb 3-1: Product: syz [ 96.531568][ T5839] usb 3-1: Manufacturer: syz [ 96.537083][ T5839] usb 3-1: SerialNumber: syz [ 96.579959][ T5839] usb 3-1: config 0 descriptor?? [ 96.617617][ T5839] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 96.867408][ T5839] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 96.933566][ T5839] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 97.211588][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 6 [ 97.319051][ T5906] loop0: detected capacity change from 0 to 1024 [ 97.417686][ C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 97.424259][ T5876] usb 3-1: USB disconnect, device number 2 [ 97.485725][ T5876] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 97.530079][ T5103] Bluetooth: hci3: command tx timeout [ 97.536686][ T5876] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 97.576186][ T5876] quatech2 3-1:0.51: device disconnected [ 97.577682][ T5906] hfsplus: xattr searching failed [ 97.610908][ T5103] Bluetooth: hci1: command tx timeout [ 97.611543][ T50] Bluetooth: hci2: command tx timeout [ 97.617121][ T5103] Bluetooth: hci0: command tx timeout [ 97.846447][ T5918] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 98.469150][ T5931] netlink: 'syz.3.19': attribute type 11 has an invalid length. [ 98.508588][ T5931] netlink: 4 bytes leftover after parsing attributes in process `syz.3.19'. [ 98.521879][ T5931] netlink: 'syz.3.19': attribute type 11 has an invalid length. [ 98.536866][ T5931] netlink: 4 bytes leftover after parsing attributes in process `syz.3.19'. [ 98.546667][ T5931] Zero length message leads to an empty skb [ 98.717169][ T5937] loop2: detected capacity change from 0 to 4096 [ 98.871925][ T5941] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 99.037708][ T5937] NILFS error (device loop2): nilfs_lookup: deleted inode referenced: 12 [ 99.081365][ T5937] Remounting filesystem read-only [ 99.172521][ T5786] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer [ 99.202908][ T5786] NILFS (loop2): discard dirty page: offset=0, ino=2 [ 99.223433][ T5786] NILFS (loop2): discard dirty block: blocknr=14, size=4096 [ 99.235844][ T5786] NILFS (loop2): discard dirty page: offset=0, ino=6 [ 99.246307][ T5786] NILFS (loop2): discard dirty block: blocknr=23, size=4096 [ 99.258132][ T5786] NILFS (loop2): discard dirty page: offset=4096, ino=6 [ 99.267116][ T5789] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 99.282826][ T5786] NILFS (loop2): discard dirty block: blocknr=24, size=4096 [ 99.295498][ T5786] NILFS (loop2): discard dirty page: offset=8192, ino=6 [ 99.305879][ T5947] loop0: detected capacity change from 0 to 256 [ 99.309340][ T5786] NILFS (loop2): discard dirty block: blocknr=25, size=4096 [ 99.333192][ T5947] ======================================================= [ 99.333192][ T5947] WARNING: The mand mount option has been deprecated and [ 99.333192][ T5947] and is ignored by this kernel. Remove the mand [ 99.333192][ T5947] option from the mount to silence this warning. [ 99.333192][ T5947] ======================================================= [ 99.336831][ T5786] NILFS (loop2): discard dirty page: offset=0, ino=3 [ 99.368385][ C1] vkms_vblank_simulate: vblank timer overrun [ 99.377834][ T5947] exfat: Bad value for 'uid' [ 99.414535][ T5947] devpts: called with bogus options [ 99.420899][ T5786] NILFS (loop2): discard dirty block: blocknr=28, size=4096 [ 99.428303][ T5786] NILFS (loop2): discard dirty page: offset=4096, ino=3 [ 99.435851][ T5786] NILFS (loop2): discard dirty block: blocknr=29, size=4096 [ 99.450109][ T5786] NILFS (loop2): discard dirty page: offset=532480, ino=3 [ 99.467560][ T5786] NILFS (loop2): discard dirty block: blocknr=33, size=4096 [ 99.489604][ T5789] usb 4-1: Using ep0 maxpacket: 32 [ 99.512279][ T5789] usb 4-1: unable to get BOS descriptor or descriptor too short [ 99.550291][ T5789] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 99.586022][ T5789] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 99.623883][ T5789] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.650419][ T5789] usb 4-1: Product: syz [ 99.665029][ T5789] usb 4-1: Manufacturer: syz [ 99.671505][ T5789] usb 4-1: SerialNumber: syz [ 99.913942][ T5789] usb 4-1: Limiting number of CPorts to U8_MAX [ 99.929970][ T5839] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 99.937489][ T5789] usb 4-1: Not enough endpoints found in device, aborting! [ 100.122411][ T5839] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.132912][ T5839] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 100.147148][ T5839] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 100.157862][ T5839] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.162743][ T5789] usb 4-1: USB disconnect, device number 2 [ 100.172130][ T5839] usb 1-1: config 0 descriptor?? [ 100.179654][ T5846] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 100.399623][ T5846] usb 2-1: Using ep0 maxpacket: 32 [ 100.410974][ T5846] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 100.420421][ T5846] usb 2-1: config 0 has no interface number 0 [ 100.428024][ T5846] usb 2-1: config 0 interface 184 has no altsetting 0 [ 100.439671][ T5949] [ 100.441276][ T5846] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 100.442074][ T5949] ===================================================== [ 100.442083][ T5949] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 100.442108][ T5949] 6.6.101-syzkaller #0 Not tainted [ 100.452183][ T5846] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.459037][ T5949] ----------------------------------------------------- [ 100.459049][ T5949] syz.0.28/5949 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 100.459071][ T5949] ffff88802fe1f0c0 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x192/0x4b0 [ 100.468685][ T5846] usb 2-1: Product: syz [ 100.472974][ T5949] [ 100.472974][ T5949] and this task is already holding: [ 100.472986][ T5949] ffff888018e94028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xcb/0xab0 [ 100.473043][ T5949] which would create a new lock dependency: [ 100.473050][ T5949] (&client->buffer_lock [ 100.482406][ T5846] usb 2-1: Manufacturer: syz [ 100.488263][ T5949] ){....}-{2:2} -> (&new->fa_lock){....}-{2:2} [ 100.488307][ T5949] [ 100.488307][ T5949] but this new dependency connects a HARDIRQ-irq-safe lock: [ 100.488316][ T5949] (&dev->event_lock#2){-...}-{2:2} [ 100.497253][ T5846] usb 2-1: SerialNumber: syz [ 100.505119][ T5949] [ 100.505119][ T5949] ... which became HARDIRQ-irq-safe at: [ 100.505145][ T5949] lock_acquire+0x197/0x410 [ 100.505171][ T5949] _raw_spin_lock_irqsave+0xa8/0xf0 [ 100.505199][ T5949] input_event+0x7a/0xc0 [ 100.505221][ T5949] psmouse_report_standard_packet+0x53/0x200 [ 100.515243][ T5846] usb 2-1: config 0 descriptor?? [ 100.517251][ T5949] psmouse_process_byte+0x478/0x670 [ 100.517284][ T5949] psmouse_handle_byte+0x43/0x490 [ 100.517310][ T5949] ps2_interrupt+0x164/0x980 [ 100.517333][ T5949] serio_interrupt+0x8b/0x130 [ 100.557376][ T5846] smsc75xx v1.0.0 [ 100.559575][ T5949] i8042_interrupt+0x394/0x730 [ 100.559606][ T5949] __handle_irq_event_percpu+0x276/0x930 [ 100.559633][ T5949] handle_irq_event+0x8b/0x1e0 [ 100.559660][ T5949] handle_edge_irq+0x247/0xb30 [ 100.559679][ T5949] __common_interrupt+0x13b/0x230 [ 100.657971][ T5949] common_interrupt+0xb4/0xd0 [ 100.662878][ T5949] asm_common_interrupt+0x26/0x40 [ 100.668881][ T5949] _raw_spin_unlock_irqrestore+0xa9/0x110 [ 100.675432][ T5949] i8042_aux_write+0x109/0x170 [ 100.681033][ T5949] ps2_do_sendbyte+0x1ff/0x6d0 [ 100.686463][ T5949] ps2_sendbyte+0x5f/0x120 [ 100.691354][ T5949] cypress_send_ext_cmd+0x23d/0x920 [ 100.696708][ T5949] cypress_detect+0x8d/0x190 [ 100.701961][ T5949] psmouse_extensions+0x467/0xbe0 [ 100.707652][ T5949] psmouse_switch_protocol+0xdc/0x610 [ 100.713562][ T5949] psmouse_connect+0x89f/0x1470 [ 100.718625][ T5949] serio_driver_probe+0x7a/0xa0 [ 100.724030][ T5949] really_probe+0x25b/0xb40 [ 100.729139][ T5949] __driver_probe_device+0x18c/0x330 [ 100.735299][ T5949] driver_probe_device+0x4f/0x420 [ 100.741862][ T5949] __driver_attach+0x44e/0x6f0 [ 100.747155][ T5949] bus_for_each_dev+0x22d/0x2a0 [ 100.753045][ T5949] serio_handle_event+0x1a2/0x860 [ 100.758617][ T5949] process_scheduled_works+0xa45/0x15b0 [ 100.764418][ T5949] worker_thread+0xa55/0xfc0 [ 100.769504][ T5949] kthread+0x2fa/0x390 [ 100.774351][ T5949] ret_from_fork+0x48/0x80 [ 100.779238][ T5949] ret_from_fork_asm+0x11/0x20 [ 100.784516][ T5949] [ 100.784516][ T5949] to a HARDIRQ-irq-unsafe lock: [ 100.793040][ T5949] (tasklist_lock){.+.+}-{2:2} [ 100.793076][ T5949] [ 100.793076][ T5949] ... which became HARDIRQ-irq-unsafe at: [ 100.806303][ T5949] ... [ 100.806315][ T5949] lock_acquire+0x197/0x410 [ 100.814013][ T5949] _raw_read_lock+0x36/0x50 [ 100.818988][ T5949] do_wait+0x294/0xaf0 [ 100.823401][ T5949] kernel_wait+0xac/0x170 [ 100.828232][ T5949] call_usermodehelper_exec_work+0xb9/0x220 [ 100.835722][ T5949] process_scheduled_works+0xa45/0x15b0 [ 100.841758][ T5949] worker_thread+0xa55/0xfc0 [ 100.847230][ T5949] kthread+0x2fa/0x390 [ 100.851700][ T5949] ret_from_fork+0x48/0x80 [ 100.856738][ T5949] ret_from_fork_asm+0x11/0x20 [ 100.862190][ T5949] [ 100.862190][ T5949] other info that might help us debug this: [ 100.862190][ T5949] [ 100.873277][ T5949] Chain exists of: [ 100.873277][ T5949] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 100.873277][ T5949] [ 100.888231][ T5949] Possible interrupt unsafe locking scenario: [ 100.888231][ T5949] [ 100.897197][ T5949] CPU0 CPU1 [ 100.903471][ T5949] ---- ---- [ 100.910012][ T5949] lock(tasklist_lock); [ 100.915351][ T5949] local_irq_disable(); [ 100.923362][ T5949] lock(&dev->event_lock#2); [ 100.931223][ T5949] lock(&client->buffer_lock); [ 100.939274][ T5949] [ 100.943285][ T5949] lock(&dev->event_lock#2); [ 100.948800][ T5949] [ 100.948800][ T5949] *** DEADLOCK *** [ 100.948800][ T5949] [ 100.959831][ T5949] 7 locks held by syz.0.28/5949: [ 100.965431][ T5949] #0: ffff888025fcf110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x17b/0x470 [ 100.975431][ T5949] #1: ffff888018b43230 (&dev->event_lock#2){-...}-{2:2}, at: input_inject_event+0xab/0x320 [ 100.986663][ T5949] #2: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xbc/0x320 [ 100.997656][ T5949] #3: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0xa3/0x1300 [ 101.007944][ T5949] #4: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x79/0x330 [ 101.018252][ T5949] #5: ffff888018e94028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xcb/0xab0 [ 101.029622][ T5949] #6: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x53/0x4b0 [ 101.039338][ T5949] [ 101.039338][ T5949] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 101.050195][ T5949] -> (&dev->event_lock#2){-...}-{2:2} { [ 101.056836][ T5949] IN-HARDIRQ-W at: [ 101.061453][ T5949] lock_acquire+0x197/0x410 [ 101.068026][ T5949] _raw_spin_lock_irqsave+0xa8/0xf0 [ 101.076685][ T5949] input_event+0x7a/0xc0 [ 101.083602][ T5949] psmouse_report_standard_packet+0x53/0x200 [ 101.092603][ T5949] psmouse_process_byte+0x478/0x670 [ 101.100307][ T5949] psmouse_handle_byte+0x43/0x490 [ 101.108264][ T5949] ps2_interrupt+0x164/0x980 [ 101.115401][ T5949] serio_interrupt+0x8b/0x130 [ 101.122719][ T5949] i8042_interrupt+0x394/0x730 [ 101.130214][ T5949] __handle_irq_event_percpu+0x276/0x930 [ 101.138133][ T5949] handle_irq_event+0x8b/0x1e0 [ 101.145636][ T5949] handle_edge_irq+0x247/0xb30 [ 101.153158][ T5949] __common_interrupt+0x13b/0x230 [ 101.160613][ T5949] common_interrupt+0xb4/0xd0 [ 101.168318][ T5949] asm_common_interrupt+0x26/0x40 [ 101.175799][ T5949] _raw_spin_unlock_irqrestore+0xa9/0x110 [ 101.183605][ T5949] i8042_aux_write+0x109/0x170 [ 101.191425][ T5949] ps2_do_sendbyte+0x1ff/0x6d0 [ 101.199096][ T5949] ps2_sendbyte+0x5f/0x120 [ 101.205725][ T5949] cypress_send_ext_cmd+0x23d/0x920 [ 101.213504][ T5949] cypress_detect+0x8d/0x190 [ 101.221381][ T5949] psmouse_extensions+0x467/0xbe0 [ 101.229060][ T5949] psmouse_switch_protocol+0xdc/0x610 [ 101.237463][ T5949] psmouse_connect+0x89f/0x1470 [ 101.244766][ T5949] serio_driver_probe+0x7a/0xa0 [ 101.252955][ T5949] really_probe+0x25b/0xb40 [ 101.260548][ T5949] __driver_probe_device+0x18c/0x330 [ 101.268721][ T5949] driver_probe_device+0x4f/0x420 [ 101.276482][ T5949] __driver_attach+0x44e/0x6f0 [ 101.284110][ T5949] bus_for_each_dev+0x22d/0x2a0 [ 101.291957][ T5949] serio_handle_event+0x1a2/0x860 [ 101.299359][ T5949] process_scheduled_works+0xa45/0x15b0 [ 101.307315][ T5949] worker_thread+0xa55/0xfc0 [ 101.314678][ T5949] kthread+0x2fa/0x390 [ 101.321248][ T5949] ret_from_fork+0x48/0x80 [ 101.327980][ T5949] ret_from_fork_asm+0x11/0x20 [ 101.335116][ T5949] INITIAL USE at: [ 101.339581][ T5949] lock_acquire+0x197/0x410 [ 101.346692][ T5949] _raw_spin_lock_irqsave+0xa8/0xf0 [ 101.354313][ T5949] input_inject_event+0xab/0x320 [ 101.361746][ T5949] led_trigger_event+0x133/0x210 [ 101.369132][ T5949] kbd_led_trigger_activate+0xbd/0x100 [ 101.376678][ T5949] led_trigger_set+0x524/0x940 [ 101.383705][ T5949] led_trigger_set_default+0x1a0/0x1e0 [ 101.391394][ T5949] led_classdev_register_ext+0x6e9/0x940 [ 101.399416][ T5949] input_leds_connect+0x4eb/0x6b0 [ 101.406469][ T5949] input_register_device+0xcdc/0x1070 [ 101.413952][ T5949] atkbd_connect+0x6fb/0x9a0 [ 101.420820][ T5949] serio_driver_probe+0x7a/0xa0 [ 101.428002][ T5949] really_probe+0x25b/0xb40 [ 101.434859][ T5949] __driver_probe_device+0x18c/0x330 [ 101.443070][ T5949] driver_probe_device+0x4f/0x420 [ 101.450202][ T5949] __driver_attach+0x44e/0x6f0 [ 101.456940][ T5949] bus_for_each_dev+0x22d/0x2a0 [ 101.463727][ T5949] serio_handle_event+0x1a2/0x860 [ 101.471006][ T5949] process_scheduled_works+0xa45/0x15b0 [ 101.479044][ T5949] worker_thread+0xa55/0xfc0 [ 101.485828][ T5949] kthread+0x2fa/0x390 [ 101.491828][ T5949] ret_from_fork+0x48/0x80 [ 101.498122][ T5949] ret_from_fork_asm+0x11/0x20 [ 101.505323][ T5949] } [ 101.508297][ T5949] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 101.518141][ T5949] -> (&client->buffer_lock){....}-{2:2} { [ 101.524331][ T5949] INITIAL USE at: [ 101.528286][ T5949] lock_acquire+0x197/0x410 [ 101.534755][ T5949] _raw_spin_lock+0x2e/0x40 [ 101.541531][ T5949] evdev_pass_values+0xcb/0xab0 [ 101.548347][ T5949] evdev_events+0x1d8/0x330 [ 101.554990][ T5949] input_pass_values+0x907/0x1300 [ 101.562519][ T5949] input_event_dispose+0x346/0x6c0 [ 101.569426][ T5949] input_inject_event+0x1f9/0x320 [ 101.576916][ T5949] evdev_write+0x32a/0x470 [ 101.583303][ T5949] vfs_write+0x288/0x940 [ 101.590115][ T5949] ksys_write+0x147/0x250 [ 101.596247][ T5949] do_syscall_64+0x55/0xb0 [ 101.602347][ T5949] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 101.609873][ T5949] } [ 101.612501][ T5949] ... key at: [] evdev_open.__key.28+0x0/0x20 [ 101.620970][ T5949] ... acquired at: [ 101.625101][ T5949] _raw_spin_lock+0x2e/0x40 [ 101.630257][ T5949] evdev_pass_values+0xcb/0xab0 [ 101.636275][ T5949] evdev_events+0x1d8/0x330 [ 101.642683][ T5949] input_pass_values+0x907/0x1300 [ 101.648666][ T5949] input_event_dispose+0x346/0x6c0 [ 101.654351][ T5949] input_inject_event+0x1f9/0x320 [ 101.659892][ T5949] evdev_write+0x32a/0x470 [ 101.664911][ T5949] vfs_write+0x288/0x940 [ 101.669614][ T5949] ksys_write+0x147/0x250 [ 101.674261][ T5949] do_syscall_64+0x55/0xb0 [ 101.678905][ T5949] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 101.685637][ T5949] [ 101.688332][ T5949] [ 101.688332][ T5949] the dependencies between the lock to be acquired [ 101.688345][ T5949] and HARDIRQ-irq-unsafe lock: [ 101.702969][ T5949] -> (tasklist_lock){.+.+}-{2:2} { [ 101.708650][ T5949] HARDIRQ-ON-R at: [ 101.713193][ T5949] lock_acquire+0x197/0x410 [ 101.719895][ T5949] _raw_read_lock+0x36/0x50 [ 101.726446][ T5949] do_wait+0x294/0xaf0 [ 101.732664][ T5949] kernel_wait+0xac/0x170 [ 101.739047][ T5949] call_usermodehelper_exec_work+0xb9/0x220 [ 101.747174][ T5949] process_scheduled_works+0xa45/0x15b0 [ 101.755045][ T5949] worker_thread+0xa55/0xfc0 [ 101.761691][ T5949] kthread+0x2fa/0x390 [ 101.767822][ T5949] ret_from_fork+0x48/0x80 [ 101.775029][ T5949] ret_from_fork_asm+0x11/0x20 [ 101.782187][ T5949] SOFTIRQ-ON-R at: [ 101.786281][ T5846] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -71 [ 101.786364][ T5949] lock_acquire+0x197/0x410 [ 101.786394][ T5949] _raw_read_lock+0x36/0x50 [ 101.804275][ T5846] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 101.810150][ T5949] do_wait+0x294/0xaf0 [ 101.810188][ T5949] kernel_wait+0xac/0x170 [ 101.810214][ T5949] call_usermodehelper_exec_work+0xb9/0x220 [ 101.810244][ T5949] process_scheduled_works+0xa45/0x15b0 [ 101.810269][ T5949] worker_thread+0xa55/0xfc0 [ 101.842081][ T5846] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 101.847743][ T5949] kthread+0x2fa/0x390 [ 101.847769][ T5949] ret_from_fork+0x48/0x80 [ 101.847791][ T5949] ret_from_fork_asm+0x11/0x20 [ 101.847819][ T5949] INITIAL USE at: [ 101.855608][ T5846] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 101.865555][ T5949] lock_acquire+0x197/0x410 [ 101.865593][ T5949] _raw_write_lock_irq+0xa3/0xe0 [ 101.865621][ T5949] copy_process+0x225d/0x3d70 [ 101.865645][ T5949] kernel_clone+0x21b/0x840 [ 101.865663][ T5949] user_mode_thread+0xde/0x130 [ 101.865681][ T5949] rest_init+0x27/0x300 [ 101.865695][ T5949] arch_call_rest_init+0xe/0x10 [ 101.865722][ T5949] start_kernel+0x459/0x4e0 [ 101.865747][ T5949] x86_64_start_reservations+0x2a/0x30 [ 101.865772][ T5949] copy_bootdata+0x0/0xe0 [ 101.865794][ T5949] secondary_startup_64_no_verify+0x179/0x17b [ 101.865821][ T5949] INITIAL READ USE at: [ 101.865835][ T5949] lock_acquire+0x197/0x410 [ 101.865855][ T5949] _raw_read_lock+0x36/0x50 [ 101.865881][ T5949] do_wait+0x294/0xaf0 [ 101.865908][ T5949] kernel_wait+0xac/0x170 [ 101.865935][ T5949] call_usermodehelper_exec_work+0xb9/0x220 [ 101.865966][ T5949] process_scheduled_works+0xa45/0x15b0 [ 101.865989][ T5949] worker_thread+0xa55/0xfc0 [ 101.866011][ T5949] kthread+0x2fa/0x390 [ 101.866027][ T5949] ret_from_fork+0x48/0x80 [ 101.866049][ T5949] ret_from_fork_asm+0x11/0x20 [ 101.866075][ T5949] } [ 101.866081][ T5949] ... key at: [] tasklist_lock+0x18/0x40 [ 101.866106][ T5949] ... acquired at: [ 101.866112][ T5949] _raw_read_lock+0x36/0x50 [ 101.866139][ T5949] send_sigurg+0xf0/0x3c0 [ 101.866160][ T5949] sk_send_sigurg+0x6f/0xc0 [ 101.866181][ T5949] queue_oob+0x3d7/0x4e0 [ 101.866203][ T5949] unix_stream_sendmsg+0xaa2/0xba0 [ 101.866226][ T5949] ____sys_sendmsg+0x5bf/0x950 [ 101.866250][ T5949] ___sys_sendmsg+0x220/0x290 [ 101.866275][ T5949] __sys_sendmmsg+0x275/0x4a0 [ 101.866299][ T5949] __x64_sys_sendmmsg+0xa0/0xb0 [ 101.866324][ T5949] do_syscall_64+0x55/0xb0 [ 101.866344][ T5949] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 101.866373][ T5949] [ 101.866377][ T5949] -> (&f->f_owner.lock){....}-{2:2} { [ 101.866407][ T5949] INITIAL USE at: [ 101.866417][ T5949] lock_acquire+0x197/0x410 [ 101.866437][ T5949] _raw_write_lock_irq+0xa3/0xe0 [ 101.866467][ T5949] __f_setown+0x3b/0x330 [ 101.866487][ T5949] do_fcntl+0x10df/0x1380 [ 101.866508][ T5949] __se_sys_fcntl+0xc9/0x1a0 [ 101.866529][ T5949] do_syscall_64+0x55/0xb0 [ 101.866549][ T5949] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 101.866586][ T5949] INITIAL READ USE at: [ 101.866596][ T5949] lock_acquire+0x197/0x410 [ 101.881279][ T5846] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 101.886408][ T5949] _raw_read_lock_irqsave+0xb0/0x100 [ 101.886449][ T5949] send_sigurg+0x29/0x3c0 [ 101.886471][ T5949] sk_send_sigurg+0x6f/0xc0 [ 101.886494][ T5949] queue_oob+0x3d7/0x4e0 [ 101.891776][ T5846] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 101.901117][ T5949] unix_stream_sendmsg+0xaa2/0xba0 [ 101.901153][ T5949] ____sys_sendmsg+0x5bf/0x950 [ 101.901178][ T5949] ___sys_sendmsg+0x220/0x290 [ 101.901202][ T5949] __sys_sendmmsg+0x275/0x4a0 [ 101.901227][ T5949] __x64_sys_sendmmsg+0xa0/0xb0 [ 101.901252][ T5949] do_syscall_64+0x55/0xb0 [ 101.909742][ T5846] smsc75xx: probe of 2-1:0.184 failed with error -71 [ 101.916080][ T5949] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 101.916123][ T5949] } [ 101.916129][ T5949] ... key at: [] init_file.__key+0x0/0x20 [ 101.916152][ T5949] ... acquired at: [ 101.916159][ T5949] _raw_read_lock_irqsave+0xb0/0x100 [ 101.958857][ T5846] usb 2-1: USB disconnect, device number 2 [ 101.962940][ T5949] send_sigio+0x33/0x360 [ 101.962969][ T5949] kill_fasync+0x228/0x4b0 [ 101.962991][ T5949] sock_wake_async+0x137/0x160 [ 101.963012][ T5949] sk_wake_async+0x184/0x280 [ 101.963032][ T5949] sock_def_readable+0x22d/0x430 [ 101.963053][ T5949] queue_oob+0x404/0x4e0 [ 101.963075][ T5949] unix_stream_sendmsg+0xaa2/0xba0 [ 101.963098][ T5949] ____sys_sendmsg+0x5bf/0x950 [ 101.963122][ T5949] ___sys_sendmsg+0x220/0x290 [ 101.963146][ T5949] __sys_sendmmsg+0x275/0x4a0 [ 101.963171][ T5949] __x64_sys_sendmmsg+0xa0/0xb0 [ 101.963197][ T5949] do_syscall_64+0x55/0xb0 [ 101.963218][ T5949] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 101.963248][ T5949] [ 101.963252][ T5949] -> (&new->fa_lock){....}-{2:2} { [ 101.963285][ T5949] INITIAL USE at: [ 101.963296][ T5949] lock_acquire+0x197/0x410 [ 101.963317][ T5949] _raw_write_lock_irq+0xa3/0xe0 [ 101.963347][ T5949] fasync_remove_entry+0xf4/0x1c0 [ 101.963369][ T5949] sock_fasync+0x88/0xf0 [ 101.963397][ T5949] __fput+0x7f3/0x970 [ 101.963425][ T5949] task_work_run+0x1ce/0x250 [ 101.963450][ T5949] exit_to_user_mode_loop+0xe6/0x110 [ 101.963477][ T5949] exit_to_user_mode_prepare+0xb1/0x140 [ 101.963503][ T5949] syscall_exit_to_user_mode+0x1a/0x50 [ 101.963531][ T5949] do_syscall_64+0x61/0xb0 [ 101.963557][ T5949] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 101.963587][ T5949] INITIAL READ USE at: [ 101.963599][ T5949] lock_acquire+0x197/0x410 [ 102.487242][ T5949] _raw_read_lock_irqsave+0xb0/0x100 [ 102.494628][ T5949] kill_fasync+0x192/0x4b0 [ 102.501191][ T5949] sock_wake_async+0x137/0x160 [ 102.508345][ T5949] sk_wake_async+0x184/0x280 [ 102.515510][ T5949] queue_oob+0x3d7/0x4e0 [ 102.522702][ T5949] unix_stream_sendmsg+0xaa2/0xba0 [ 102.530108][ T5949] ____sys_sendmsg+0x5bf/0x950 [ 102.537128][ T5949] ___sys_sendmsg+0x220/0x290 [ 102.544476][ T5949] __sys_sendmmsg+0x275/0x4a0 [ 102.551349][ T5949] __x64_sys_sendmmsg+0xa0/0xb0 [ 102.558997][ T5949] do_syscall_64+0x55/0xb0 [ 102.565889][ T5949] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 102.574124][ T5949] } [ 102.576855][ T5949] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 102.586825][ T5949] ... acquired at: [ 102.591077][ T5949] _raw_read_lock_irqsave+0xb0/0x100 [ 102.598670][ T5949] kill_fasync+0x192/0x4b0 [ 102.603404][ T5949] evdev_pass_values+0x54b/0xab0 [ 102.609086][ T5949] evdev_events+0x1d8/0x330 [ 102.613906][ T5949] input_pass_values+0x907/0x1300 [ 102.619272][ T5949] input_event_dispose+0x346/0x6c0 [ 102.624615][ T5949] input_inject_event+0x1f9/0x320 [ 102.629962][ T5949] evdev_write+0x32a/0x470 [ 102.634766][ T5949] vfs_write+0x288/0x940 [ 102.639323][ T5949] ksys_write+0x147/0x250 [ 102.643884][ T5949] do_syscall_64+0x55/0xb0 [ 102.648926][ T5949] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 102.655442][ T5949] [ 102.657823][ T5949] [ 102.657823][ T5949] stack backtrace: [ 102.664006][ T5949] CPU: 1 PID: 5949 Comm: syz.0.28 Not tainted 6.6.101-syzkaller #0 [ 102.672138][ T5949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 102.682607][ T5949] Call Trace: [ 102.685914][ T5949] [ 102.688983][ T5949] dump_stack_lvl+0x16c/0x230 [ 102.693706][ T5949] ? load_image+0x3b0/0x3b0 [ 102.698254][ T5949] ? show_regs_print_info+0x20/0x20 [ 102.703508][ T5949] ? load_image+0x3b0/0x3b0 [ 102.708060][ T5949] ? print_shortest_lock_dependencies+0xf4/0x160 [ 102.714477][ T5949] __lock_acquire+0x678f/0x7c80 [ 102.719404][ T5949] ? verify_lock_unused+0x140/0x140 [ 102.724673][ T5949] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 102.730698][ T5949] ? verify_lock_unused+0x140/0x140 [ 102.736048][ T5949] lock_acquire+0x197/0x410 [ 102.740685][ T5949] ? kill_fasync+0x192/0x4b0 [ 102.745405][ T5949] ? read_lock_is_recursive+0x20/0x20 [ 102.750817][ T5949] _raw_read_lock_irqsave+0xb0/0x100 [ 102.756608][ T5949] ? kill_fasync+0x192/0x4b0 [ 102.761657][ T5949] ? _raw_read_lock+0x50/0x50 [ 102.766727][ T5949] kill_fasync+0x192/0x4b0 [ 102.771475][ T5949] ? kill_fasync+0x53/0x4b0 [ 102.776395][ T5949] evdev_pass_values+0x54b/0xab0 [ 102.782462][ T5949] ? evdev_pass_values+0x551/0xab0 [ 102.787981][ T5949] evdev_events+0x1d8/0x330 [ 102.792539][ T5949] ? evdev_events+0x79/0x330 [ 102.797308][ T5949] ? evdev_event+0xe0/0xe0 [ 102.801761][ T5949] input_pass_values+0x907/0x1300 [ 102.806925][ T5949] ? input_pass_values+0xa3/0x1300 [ 102.812548][ T5949] input_event_dispose+0x346/0x6c0 [ 102.817816][ T5949] input_inject_event+0x1f9/0x320 [ 102.822882][ T5949] ? input_inject_event+0xbc/0x320 [ 102.828171][ T5949] evdev_write+0x32a/0x470 [ 102.832795][ T5949] ? evdev_read+0xb50/0xb50 [ 102.837556][ T5949] ? common_file_perm+0x198/0x1f0 [ 102.842936][ T5949] ? fsnotify_perm+0x5d/0x5e0 [ 102.848082][ T5949] ? security_file_permission+0x79/0xa0 [ 102.853917][ T5949] ? evdev_read+0xb50/0xb50 [ 102.858648][ T5949] vfs_write+0x288/0x940 [ 102.863878][ T5949] ? file_end_write+0x250/0x250 [ 102.868938][ T5949] ? __fget_files+0x28/0x4d0 [ 102.874067][ T5949] ? __fget_files+0x44a/0x4d0 [ 102.879753][ T5949] ? __fdget_pos+0x1d8/0x330 [ 102.884709][ T5949] ? ksys_write+0x75/0x250 [ 102.889536][ T5949] ksys_write+0x147/0x250 [ 102.894025][ T5949] ? __ia32_sys_read+0x90/0x90 [ 102.899186][ T5949] ? lockdep_hardirqs_on+0x98/0x150 [ 102.905615][ T5949] do_syscall_64+0x55/0xb0 [ 102.910596][ T5949] ? clear_bhb_loop+0x40/0x90 [ 102.915612][ T5949] ? clear_bhb_loop+0x40/0x90 [ 102.920693][ T5949] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 102.926913][ T5949] RIP: 0033:0x7f013098ebe9 [ 102.931390][ T5949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 102.951694][ T5949] RSP: 002b:00007f013189a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 102.961283][ T5949] RAX: ffffffffffffffda RBX: 00007f0130bb5fa0 RCX: 00007f013098ebe9 [ 102.969968][ T5949] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000005 [ 102.978277][ T5949] RBP: 00007f0130a11e19 R08: 0000000000000000 R09: 0000000000000000 [ 102.986496][ T5949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 102.994695][ T5949] R13: 00007f0130bb6038 R14: 00007f0130bb5fa0 R15: 00007ffc7916cbf8 [ 103.002718][ T5949] [ 103.005877][ C1] vkms_vblank_simulate: vblank timer overrun [ 103.054078][ T5839] usbhid 1-1:0.0: can't add hid device: -71 [ 103.061605][ T5839] usbhid: probe of 1-1:0.0 failed with error -71 [ 103.073061][ T5839] usb 1-1: USB disconnect, device number 2