last executing test programs: 2.461696812s ago: executing program 2 (id=3): syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000940)='./file0\x00', 0x8008, &(0x7f0000000840)=ANY=[@ANYRESHEX], 0xf, 0xb3, &(0x7f0000000880)="$eJzs0T1KxFAUBeCbRCVFGjvBwjoI7sGliKU2tiK4A3EjbsUlZAcWaWWYO0xeGAamHJjA8H3F4533Awfu7//P7XcfkZ8R2d+8XUZmZhPF+0s3rU+vJdfBedmf6N11RN1F/D2WXEU73Q/jx/MwNoefr75O1hMAADheHQ+7/cU2r3M+WGUxhftqftMuURIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgQZsAAAD//9jCHjk=") 2.243607847s ago: executing program 2 (id=6): r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000140)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) openat$audio1(0xffffffffffffff9c, 0x0, 0x283a2, 0x0) 1.247275311s ago: executing program 1 (id=2): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000004c0)={0x14, 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0003a2000000a203"], 0x0, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0) ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000080)={0x1, 0x2, 0x6}) 1.132824661s ago: executing program 3 (id=4): r0 = syz_open_dev$tty1(0xc, 0x4, 0x2) ioctl$KDSETMODE(r0, 0x4b3a, 0x1) ioctl$TCXONC(r0, 0x4b3a, 0x3) 968.543506ms ago: executing program 3 (id=7): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) msgsnd(0x0, 0x0, 0x0, 0x0) 534.581492ms ago: executing program 4 (id=5): bind$unix(0xffffffffffffffff, 0x0, 0x0) r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x594403) write$sndseq(r0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x2906000, 0x0, 0x1, 0x0, &(0x7f0000000000)) mount(0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x3000050, &(0x7f0000000440)=ANY=[], 0x83, 0x1501, &(0x7f0000002180)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==") r1 = open(&(0x7f0000000140)='./file1\x00', 0x64842, 0x21) pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x2000, 0x0, 0x3) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000180)='./file0\x00', 0x800400, &(0x7f0000000000)=ANY=[], 0xd, 0x27c, &(0x7f00000001c0)="$eJzs3D9rO3UcB/DP/ZJf0wolHZSiCJ64l7bi5tAiLRQDipJBJ4NNUZpaaCDQDk2cfAgu+hR0dC04iKtPQASpgkurSwfhpEmb5k8jrZjkR/t6Lffh7t657/3hvsmQz0cv7+1u79d3zs9PY3Y2eZo/ybLsIomFiMhFRysAgIfkIsviLOuY9lgAgMkw/wPA43Mz/ydD83/S6n4neHfyIwMAxsXvfwB4fN7/4MO310uljffO0tmIvS8a5Ua5s5xvb1/fiU+jFtVYjmL8HZF1deovt0oby+ml3xaivNe8yjcb5Vx/fiWKsTCc39wqbaykHT35ua0XZrr5n5+LaqxGMZ6/Pb86nG82nkbEaz3HX4pi/PRx7EcttuMye5M/XknTt94p9efLhfZ+M1O9OwAAAAAAAAAAAAAAAAAAAAAAPFRLT9qtc7JCmnb69/zV37+nFem1gf4+nXxvf6C5W/oDbXb7Aw305ynn46X8dM8dAAAAAAAAAAAAAAAAAAAAnhX1w6PdSi2JiHZRqx7Uh4vPfvzm+xGb7lskV8ft2XTVL6BZqRX+fRj/bzH/6q9fjd7n877rM4nxdIuTVyZ80MvLXrhn6ofTT158vb74xqh9Ij+2MT/5Lzflj+LYHq1vr4u1P+tJPmKyT8uoIje4ZvHrtcp3x7/8ftfPucvb48258b2ZAAAAAAAAAAAAAAAAAADg8bn50++0RwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA01M/bC9auTg82q3UatWDen+RxOCa+xataZ8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8EwAA//+4pKV9") r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r2, 0xc0185879, &(0x7f0000000080)={@desc={0x4100, 0x0, @desc4}}) 363.088498ms ago: executing program 0 (id=1): memfd_create(&(0x7f0000000200)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05', 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) 237.280064ms ago: executing program 2 (id=8): sendmsg$NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x81) r0 = syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x180) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0xc0305720, &(0x7f0000000000)) 134.150604ms ago: executing program 0 (id=9): unshare(0x2040400) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) unshare(0x2000400) fsmount(r0, 0x0, 0x0) 0s ago: executing program 2 (id=10): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001700)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x7, 0x4) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000040)={0xb, 0x77, 0x1, 0x7}, 0xb) read(0xffffffffffffffff, &(0x7f0000032440)=""/102364, 0x18fdc) write$P9_RAUTH(0xffffffffffffffff, &(0x7f0000000240)={0x14, 0x67, 0x2, {0x80, 0x0, 0x8}}, 0x14) close_range(r1, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.20' (ED25519) to the list of known hosts. [ 83.103315][ T5821] cgroup: Unknown subsys name 'net' [ 83.236590][ T5821] cgroup: Unknown subsys name 'cpuset' [ 83.246523][ T5821] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.839434][ T5821] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.247196][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.265584][ T5145] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.273339][ T5145] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.282686][ T5840] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.291913][ T5840] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.300222][ T5840] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.309025][ T5840] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.317170][ T5840] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 89.324647][ T5840] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.339794][ T5145] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.353856][ T5834] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 89.361271][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.520403][ T5834] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.528660][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.536724][ T5834] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.562155][ T5145] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.571541][ T5145] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.572872][ T5840] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.587642][ T5840] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 89.595243][ T5840] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.606611][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.616121][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.624106][ T5840] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 89.631501][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.674448][ T5840] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 89.682726][ T5840] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 89.693439][ T5840] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 89.701885][ T5840] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 89.710175][ T5840] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 89.718226][ T5840] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.052442][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 90.096418][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 90.350829][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.358414][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.365956][ T5836] bridge_slave_0: entered allmulticast mode [ 90.374159][ T5836] bridge_slave_0: entered promiscuous mode [ 90.458777][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.466069][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.473681][ T5836] bridge_slave_1: entered allmulticast mode [ 90.480950][ T5836] bridge_slave_1: entered promiscuous mode [ 90.488227][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.495631][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.502878][ T5832] bridge_slave_0: entered allmulticast mode [ 90.510179][ T5832] bridge_slave_0: entered promiscuous mode [ 90.566260][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.575756][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.583353][ T5832] bridge_slave_1: entered allmulticast mode [ 90.591104][ T5832] bridge_slave_1: entered promiscuous mode [ 90.710140][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.719950][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 90.734932][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.780734][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.800307][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.910000][ T5836] team0: Port device team_slave_0 added [ 90.931278][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 90.952206][ T5832] team0: Port device team_slave_0 added [ 90.958547][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 90.972808][ T5836] team0: Port device team_slave_1 added [ 91.001179][ T5832] team0: Port device team_slave_1 added [ 91.150403][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.157726][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.184484][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.218609][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.225940][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.251860][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.265403][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.272362][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.298704][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.327649][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.334670][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.360685][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.430776][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.439303][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.443295][ T5840] Bluetooth: hci0: command tx timeout [ 91.446532][ T5843] bridge_slave_0: entered allmulticast mode [ 91.451794][ T54] Bluetooth: hci1: command tx timeout [ 91.459822][ T5843] bridge_slave_0: entered promiscuous mode [ 91.519450][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.526866][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.534418][ T5843] bridge_slave_1: entered allmulticast mode [ 91.541654][ T5843] bridge_slave_1: entered promiscuous mode [ 91.628225][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.635525][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.643202][ T5846] bridge_slave_0: entered allmulticast mode [ 91.650553][ T5846] bridge_slave_0: entered promiscuous mode [ 91.672754][ T5840] Bluetooth: hci3: command tx timeout [ 91.673754][ T54] Bluetooth: hci2: command tx timeout [ 91.684933][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.692115][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.699343][ T5842] bridge_slave_0: entered allmulticast mode [ 91.706880][ T5842] bridge_slave_0: entered promiscuous mode [ 91.720189][ T5836] hsr_slave_0: entered promiscuous mode [ 91.727607][ T5836] hsr_slave_1: entered promiscuous mode [ 91.740412][ T5832] hsr_slave_0: entered promiscuous mode [ 91.747674][ T5832] hsr_slave_1: entered promiscuous mode [ 91.753845][ T54] Bluetooth: hci4: command tx timeout [ 91.754625][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 91.767215][ T5832] Cannot create hsr debugfs directory [ 91.773059][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.780214][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.788210][ T5846] bridge_slave_1: entered allmulticast mode [ 91.795605][ T5846] bridge_slave_1: entered promiscuous mode [ 91.806303][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.815746][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.823204][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.830361][ T5842] bridge_slave_1: entered allmulticast mode [ 91.838008][ T5842] bridge_slave_1: entered promiscuous mode [ 91.846789][ T46] cfg80211: failed to load regulatory.db [ 91.887179][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.000328][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.029701][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.041798][ T5843] team0: Port device team_slave_0 added [ 92.060278][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.105719][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.134060][ T5843] team0: Port device team_slave_1 added [ 92.215336][ T5846] team0: Port device team_slave_0 added [ 92.224392][ T5846] team0: Port device team_slave_1 added [ 92.255597][ T5842] team0: Port device team_slave_0 added [ 92.322190][ T5842] team0: Port device team_slave_1 added [ 92.376622][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.383801][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.409979][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.429455][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.436511][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.463738][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.498194][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.505289][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.532756][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.559312][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.566371][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.592357][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.610876][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.618145][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.644348][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.687833][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.695026][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.721028][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.818168][ T5843] hsr_slave_0: entered promiscuous mode [ 92.825101][ T5843] hsr_slave_1: entered promiscuous mode [ 92.831214][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.839101][ T5843] Cannot create hsr debugfs directory [ 92.932919][ T5846] hsr_slave_0: entered promiscuous mode [ 92.939375][ T5846] hsr_slave_1: entered promiscuous mode [ 92.945685][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 92.954083][ T5846] Cannot create hsr debugfs directory [ 93.017153][ T5842] hsr_slave_0: entered promiscuous mode [ 93.024163][ T5842] hsr_slave_1: entered promiscuous mode [ 93.030258][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.037906][ T5842] Cannot create hsr debugfs directory [ 93.216213][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.298532][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.340934][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.408256][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.522922][ T54] Bluetooth: hci1: command tx timeout [ 93.522930][ T5840] Bluetooth: hci0: command tx timeout [ 93.536008][ T5836] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.575258][ T5836] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.599562][ T5836] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.621324][ T5836] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.655850][ T5843] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 93.676722][ T5843] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 93.689237][ T5843] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 93.711432][ T5843] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.753584][ T54] Bluetooth: hci2: command tx timeout [ 93.753642][ T5840] Bluetooth: hci3: command tx timeout [ 93.814145][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.832738][ T5840] Bluetooth: hci4: command tx timeout [ 93.855031][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.870283][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 93.881380][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.011747][ T5842] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.022349][ T5842] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.049771][ T5842] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.060649][ T5842] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.154795][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.281092][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.304030][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.327118][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.338804][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.346105][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.410867][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.418011][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.455262][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.478406][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.513652][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.530163][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.559342][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.569296][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.576489][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.615947][ T1334] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.623141][ T1334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.632947][ T1334] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.640113][ T1334] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.651749][ T1334] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.658878][ T1334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.675515][ T1130] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.682696][ T1130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.706213][ T1130] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.713404][ T1130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.728599][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.758563][ T1130] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.765716][ T1130] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.904615][ T1130] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.911888][ T1130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.949392][ T5843] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 95.146763][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.361979][ T5836] veth0_vlan: entered promiscuous mode [ 95.456868][ T5836] veth1_vlan: entered promiscuous mode [ 95.523891][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.594152][ T5840] Bluetooth: hci1: command tx timeout [ 95.594161][ T54] Bluetooth: hci0: command tx timeout [ 95.608061][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.625857][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.681239][ T5836] veth0_macvtap: entered promiscuous mode [ 95.738571][ T5836] veth1_macvtap: entered promiscuous mode [ 95.817442][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.834009][ T5840] Bluetooth: hci2: command tx timeout [ 95.834710][ T54] Bluetooth: hci3: command tx timeout [ 95.888543][ T5832] veth0_vlan: entered promiscuous mode [ 95.907987][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.915536][ T54] Bluetooth: hci4: command tx timeout [ 95.950436][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.960372][ T5842] veth0_vlan: entered promiscuous mode [ 95.978240][ T5836] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.989215][ T5836] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.001068][ T5836] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.010220][ T5836] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.028617][ T5842] veth1_vlan: entered promiscuous mode [ 96.040024][ T5832] veth1_vlan: entered promiscuous mode [ 96.145580][ T5846] veth0_vlan: entered promiscuous mode [ 96.182002][ T5843] veth0_vlan: entered promiscuous mode [ 96.238121][ T5843] veth1_vlan: entered promiscuous mode [ 96.246391][ T1130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.257505][ T5846] veth1_vlan: entered promiscuous mode [ 96.263249][ T1130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.278757][ T5842] veth0_macvtap: entered promiscuous mode [ 96.309835][ T5832] veth0_macvtap: entered promiscuous mode [ 96.355551][ T5842] veth1_macvtap: entered promiscuous mode [ 96.366670][ T5832] veth1_macvtap: entered promiscuous mode [ 96.385120][ T1130] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.398117][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.409337][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.421605][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.423424][ T1130] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.469606][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.490782][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.505511][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.544804][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.558272][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.569431][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.580832][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.601756][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.614857][ T5832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.624403][ T5832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.634719][ T5832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.643773][ T5832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.656784][ T5843] veth0_macvtap: entered promiscuous mode [ 96.661033][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 96.676119][ T5846] veth0_macvtap: entered promiscuous mode [ 96.692214][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.704469][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.715431][ T5842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 96.726865][ T5842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.739099][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.752002][ T5846] veth1_macvtap: entered promiscuous mode [ 96.774568][ T5843] veth1_macvtap: entered promiscuous mode [ 96.830240][ T5842] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.850501][ T5842] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.865749][ T5842] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.875499][ T5842] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.887657][ T5911] loop2: detected capacity change from 0 to 64 [ 96.913780][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.924938][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.961456][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 96.982713][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 96.992832][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.005416][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.019125][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.057615][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.092127][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.103724][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.114893][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.125037][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.137207][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.149290][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.200857][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.212398][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.222687][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.233303][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.244725][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.256626][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.269293][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.282492][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.295884][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.309010][ T5846] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.318842][ T5846] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.327926][ T5846] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.337293][ T5846] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.389296][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.400499][ T9] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 97.405680][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.421928][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.432386][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.443146][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.453599][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.466290][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.477575][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.489421][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.507253][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.520360][ T5843] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.537559][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.541032][ T5843] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.554193][ T5843] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.563129][ T5843] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.586611][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.607853][ T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 97.621012][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10 [ 97.633148][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 97.643413][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 97.661962][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.670083][ T9] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 97.680683][ T54] Bluetooth: hci0: command tx timeout [ 97.683571][ T5840] Bluetooth: hci1: command tx timeout [ 97.691767][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.707117][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 97.725190][ T9] usb 3-1: Product: syz [ 97.729504][ T9] usb 3-1: Manufacturer: syz [ 97.734668][ T9] usb 3-1: SerialNumber: syz [ 97.753769][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.764870][ T9] usb 3-1: config 0 descriptor?? [ 97.773918][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.838686][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.861918][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.913706][ T5840] Bluetooth: hci3: command tx timeout [ 97.913716][ T54] Bluetooth: hci2: command tx timeout [ 97.968352][ T1130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.993834][ T5840] Bluetooth: hci4: command tx timeout [ 98.031105][ T9] radio-si470x 3-1:0.0: si470x_get_report: usb_control_msg returned -32 [ 98.048776][ T1130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.088251][ T9] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -5 [ 98.242438][ T1334] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.250379][ T1334] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.302999][ T5879] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 98.304333][ T1334] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.342981][ T975] usb 3-1: USB disconnect, device number 2 [ 98.395266][ T1334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.426451][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.449033][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.513446][ T5879] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 98.562518][ T5879] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.601497][ T5879] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.621550][ T5879] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 98.647097][ T5879] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 98.668819][ T5879] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 98.704983][ T5879] usb 2-1: Manufacturer: syz [ 98.734230][ T5879] usb 2-1: config 0 descriptor?? [ 98.913826][ T5929] loop4: detected capacity change from 0 to 256 [ 98.933449][ T5929] ======================================================= [ 98.933449][ T5929] WARNING: The mand mount option has been deprecated and [ 98.933449][ T5929] and is ignored by this kernel. Remove the mand [ 98.933449][ T5929] option from the mount to silence this warning. [ 98.933449][ T5929] ======================================================= [ 99.062445][ T5929] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 99.131681][ T5929] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 99.168300][ T5929] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 99.237505][ T5879] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 99.263115][ T29] audit: type=1800 audit(1740487096.762:2): pid=5929 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5" name="file1" dev="loop4" ino=2 res=0 errno=0 [ 99.286719][ T5879] appleir 0003:05AC:8243.0001: No inputs registered, leaving [ 99.293425][ T5936] [ 99.296575][ T5936] ============================= [ 99.301461][ T5936] WARNING: suspicious RCU usage [ 99.306388][ T5936] 6.14.0-rc3-next-20250218-syzkaller #0 Not tainted [ 99.313047][ T5936] ----------------------------- [ 99.318997][ T5936] fs/kernfs/mount.c:243 suspicious rcu_dereference_check() usage! [ 99.327471][ T5936] [ 99.327471][ T5936] other info that might help us debug this: [ 99.327471][ T5936] [ 99.338003][ T5936] [ 99.338003][ T5936] rcu_scheduler_active = 2, debug_locks = 1 [ 99.346184][ T5936] 3 locks held by syz.0.9/5936: [ 99.351230][ T5936] #0: ffff88801f36bc70 (&fc->uapi_mutex){+.+.}-{4:4}, at: __se_sys_fsconfig+0x9b2/0xf60 [ 99.361441][ T5936] #1: ffff8880342e40e0 (&type->s_umount_key#51){+.+.}-{4:4}, at: super_lock+0x196/0x400 [ 99.371474][ T5936] #2: ffff88801bef7148 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_node_dentry+0xc3/0x2d0 [ 99.381797][ T5936] [ 99.381797][ T5936] stack backtrace: [ 99.387771][ T5936] CPU: 0 UID: 0 PID: 5936 Comm: syz.0.9 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 99.387798][ T5936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 99.387810][ T5936] Call Trace: [ 99.387817][ T5936] [ 99.387823][ T5936] dump_stack_lvl+0x241/0x360 [ 99.387850][ T5936] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.387868][ T5936] ? __pfx__printk+0x10/0x10 [ 99.387880][ T5936] ? do_raw_spin_lock+0x14f/0x370 [ 99.387919][ T5936] lockdep_rcu_suspicious+0x226/0x340 [ 99.387941][ T5936] kernfs_node_dentry+0x24b/0x2d0 [ 99.387969][ T5936] cgroup_do_get_tree+0x248/0x390 [ 99.387992][ T5936] cgroup_get_tree+0xbb/0x230 [ 99.388016][ T5936] vfs_get_tree+0x90/0x2b0 [ 99.388040][ T5936] vfs_cmd_create+0xa0/0x1f0 [ 99.388056][ T5936] ? __se_sys_fsconfig+0xa29/0xf60 [ 99.388077][ T5936] __se_sys_fsconfig+0xa33/0xf60 [ 99.388106][ T5936] ? __pfx___se_sys_fsconfig+0x10/0x10 [ 99.388122][ T5936] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 99.388153][ T5936] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 99.388178][ T5936] ? do_syscall_64+0x100/0x230 [ 99.388204][ T5936] ? __x64_sys_fsconfig+0x20/0xc0 [ 99.388225][ T5936] do_syscall_64+0xf3/0x230 [ 99.388247][ T5936] ? clear_bhb_loop+0x45/0xa0 [ 99.388272][ T5936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.388291][ T5936] RIP: 0033:0x7f7861f8d169 [ 99.388309][ T5936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.388321][ T5936] RSP: 002b:00007f7862e25038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 99.388336][ T5936] RAX: ffffffffffffffda RBX: 00007f78621a5fa0 RCX: 00007f7861f8d169 [ 99.388347][ T5936] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 99.388356][ T5936] RBP: 00007f786200e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 99.388365][ T5936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.388373][ T5936] R13: 0000000000000000 R14: 00007f78621a5fa0 R15: 00007ffca58ee8b8 [ 99.388401][ T5936] [ 99.432073][ T5929] exFAT-fs (loop4): error, invalid access to FAT (entry 0xffffffff) [ 99.565448][ T5936] [ 99.565458][ T5936] ============================================ [ 99.565466][ T5936] WARNING: possible recursive locking detected [ 99.565474][ T5936] 6.14.0-rc3-next-20250218-syzkaller #0 Not tainted [ 99.565485][ T5936] -------------------------------------------- [ 99.565493][ T5936] syz.0.9/5936 is trying to acquire lock: [ 99.565503][ T5936] ffff88801bef7148 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_dop_revalidate+0xa2/0x5d0 [ 99.577888][ T5929] exFAT-fs (loop4): Filesystem has been set read-only [ 99.581452][ T5936] [ 99.581452][ T5936] but task is already holding lock: [ 99.581461][ T5936] ffff88801bef7148 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_node_dentry+0xc3/0x2d0 [ 99.675079][ T5936] [ 99.675079][ T5936] other info that might help us debug this: [ 99.683127][ T5936] Possible unsafe locking scenario: [ 99.683127][ T5936] [ 99.690563][ T5936] CPU0 [ 99.693831][ T5936] ---- [ 99.697104][ T5936] lock(&root->kernfs_rwsem); [ 99.701868][ T5936] lock(&root->kernfs_rwsem); [ 99.706623][ T5936] [ 99.706623][ T5936] *** DEADLOCK *** [ 99.706623][ T5936] [ 99.714752][ T5936] May be due to missing lock nesting notation [ 99.714752][ T5936] [ 99.723056][ T5936] 3 locks held by syz.0.9/5936: [ 99.727895][ T5936] #0: ffff88801f36bc70 (&fc->uapi_mutex){+.+.}-{4:4}, at: __se_sys_fsconfig+0x9b2/0xf60 [ 99.737733][ T5936] #1: ffff8880342e40e0 (&type->s_umount_key#51){+.+.}-{4:4}, at: super_lock+0x196/0x400 [ 99.747574][ T5936] #2: ffff88801bef7148 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_node_dentry+0xc3/0x2d0 [ 99.757757][ T5936] [ 99.757757][ T5936] stack backtrace: [ 99.763635][ T5936] CPU: 0 UID: 0 PID: 5936 Comm: syz.0.9 Not tainted 6.14.0-rc3-next-20250218-syzkaller #0 [ 99.763651][ T5936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 99.763661][ T5936] Call Trace: [ 99.763666][ T5936] [ 99.763672][ T5936] dump_stack_lvl+0x241/0x360 [ 99.763692][ T5936] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.763708][ T5936] ? __pfx__printk+0x10/0x10 [ 99.763721][ T5936] ? lockdep_unlock+0x16a/0x300 [ 99.763746][ T5936] print_deadlock_bug+0x483/0x620 [ 99.763766][ T5936] validate_chain+0x15e2/0x5920 [ 99.763790][ T5936] ? validate_chain+0x15c0/0x5920 [ 99.763806][ T5936] ? __pfx_validate_chain+0x10/0x10 [ 99.763831][ T5936] ? __pfx_validate_chain+0x10/0x10 [ 99.763847][ T5936] ? __lock_acquire+0x1397/0x2100 [ 99.763871][ T5936] ? __pfx_validate_chain+0x10/0x10 [ 99.763890][ T5936] ? mark_lock+0x9a/0x360 [ 99.763905][ T5936] __lock_acquire+0x1397/0x2100 [ 99.763934][ T5936] lock_acquire+0x1ed/0x550 [ 99.763955][ T5936] ? kernfs_dop_revalidate+0xa2/0x5d0 [ 99.763976][ T5936] ? __pfx_lock_acquire+0x10/0x10 [ 99.763999][ T5936] ? __pfx___might_resched+0x10/0x10 [ 99.764024][ T5936] down_read+0xb1/0xa40 [ 99.764045][ T5936] ? kernfs_dop_revalidate+0xa2/0x5d0 [ 99.764063][ T5936] ? __pfx_lock_acquire+0x10/0x10 [ 99.764085][ T5936] ? kernfs_root+0x1c/0x230 [ 99.764098][ T5936] ? __pfx_down_read+0x10/0x10 [ 99.764129][ T5936] ? kernfs_root+0x1c/0x230 [ 99.764144][ T5936] kernfs_dop_revalidate+0xa2/0x5d0 [ 99.764163][ T5936] lookup_one_unlocked+0x23b/0x2d0 [ 99.764181][ T5936] ? __pfx_lookup_one_unlocked+0x10/0x10 [ 99.764197][ T5936] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 99.764219][ T5936] ? nbcon_cpu_emergency_exit+0x6e/0xd0 [ 99.764233][ T5936] ? nbcon_cpu_emergency_exit+0x77/0xd0 [ 99.764249][ T5936] lookup_positive_unlocked+0x2b/0xb0 [ 99.764267][ T5936] kernfs_node_dentry+0x139/0x2d0 [ 99.764289][ T5936] cgroup_do_get_tree+0x248/0x390 [ 99.764308][ T5936] cgroup_get_tree+0xbb/0x230 [ 99.764329][ T5936] vfs_get_tree+0x90/0x2b0 [ 99.764350][ T5936] vfs_cmd_create+0xa0/0x1f0 [ 99.764367][ T5936] ? __se_sys_fsconfig+0xa29/0xf60 [ 99.764385][ T5936] __se_sys_fsconfig+0xa33/0xf60 [ 99.764405][ T5936] ? __pfx___se_sys_fsconfig+0x10/0x10 [ 99.764422][ T5936] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 99.764445][ T5936] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 99.764468][ T5936] ? do_syscall_64+0x100/0x230 [ 99.764490][ T5936] ? __x64_sys_fsconfig+0x20/0xc0 [ 99.764508][ T5936] do_syscall_64+0xf3/0x230 [ 99.764528][ T5936] ? clear_bhb_loop+0x45/0xa0 [ 99.764551][ T5936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.764571][ T5936] RIP: 0033:0x7f7861f8d169 [ 99.764583][ T5936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.764595][ T5936] RSP: 002b:00007f7862e25038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 99.764610][ T5936] RAX: ffffffffffffffda RBX: 00007f78621a5fa0 RCX: 00007f7861f8d169 [ 99.764620][ T5936] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 99.764629][ T5936] RBP: 00007f786200e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 99.764637][ T5936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 99.764646][ T5936] R13: 0000000000000000 R14: 00007f78621a5fa0 R15: 00007ffca58ee8b8 [ 99.764662][ T5936] [ 100.175089][ T5879] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 101.248865][ T5879] usb 2-1: USB disconnect, device number 2