last executing test programs: 7.841032998s ago: executing program 0 (id=220): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) bind$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6a72c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="4c8e035fe9ad", 0x6) r4 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa69", 0x33}], 0x1}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{0x0}, {&(0x7f00000009c0)=""/4090, 0xffa}], 0x2}, 0x2) 6.778446239s ago: executing program 0 (id=223): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x1}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}}, 0x0) setgroups(0x0, 0x0) 6.607815734s ago: executing program 1 (id=224): openat$sysfs(0xffffffffffffff9c, 0x0, 0x101581, 0x100) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) write(0xffffffffffffffff, &(0x7f0000000400), 0x0) mkdir(0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x35, 0x0, 0x0) bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r3, 0x29, 0x3b, 0x0, 0x8) sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x8000}, 0x1c) 6.602278515s ago: executing program 0 (id=225): r0 = socket$kcm(0x23, 0x5, 0x0) listen(r0, 0x800) accept(r0, &(0x7f0000000280)=@nfc, &(0x7f00000000c0)=0xfffffffffffffcea) 6.504257737s ago: executing program 3 (id=226): syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000c40)='./file0\x00', 0x808080, &(0x7f0000000180)={[{@discard}, {@nombcache}, {@noblock_validity}]}, 0x2c, 0x52c, &(0x7f0000000cc0)="$eJzs3d9rY1kdAPBvMv2Rdjrbru7DKuqO6+oowyRtZrcs+6DriyDLssK6TyKzpc2U0qQpTbpua8EO+Oar4IBP+if4IPggzJPvvumbLyMojDo4TAWRyE1uOm2adMq0aWaazwcuOefc2/s9J3DP6T1J7glgaF2NiN2IGIuIjyNiOi3PpFu829qS4x4/3Fnce7izmIlG48N/jqRH7iy2j2+7nJ4zF/FBkh/vEre2tb26UC6XNtJ8oV5ZL9S2tm+sVBaWS8ultWJxfm5+9u2bbxXPrK2vVX7z4Dsr7330+9998f4fd7/x46TO32rtGkvadmaBDmi9L6MxdaAseefe60ewAbiUtmds0BXhmWQj4jMR8Xqa3pcbXJ0AgP5qNKajMX0w31vmBMcAAM+/5J5/KjLZfHr/PxXZbD7fnMPLvRKT2XK1Vr9+u7q5thTNOayZGM3eXimXZtO5wpkYzST5uWb6Sb7Ykb8ZES9HxM/HJ5r5/GK1vDSof3oAYMhd7hj/H423xv8T8AkBALzIjOQAMHyOjv+jA6kHAHB+3P8DwPA5MP53+60uAHAB5Tp++w8AXHwH7v9Huh7wavzkh+dXHQDgHPj8HwCGyvfefz/ZGnvp86+XPtnaXK1+cmOpVFvNVzYX84vVjfX8crW63HxmT+Vp5ytXq+tzb8bmp4V6qVYv1La2b1Wqm2v1W83net8q+WEBAAzey6/d+3MmInbfmWhu0V7LwRcC4MJzmcPwujToCgAD0/37PsAwMB8PZJ6yv+dXhO72/puJU9QH6L9rn+sx/9/tf4M7+6n/Nc6vikCfmP+H4XW6+X+zB/AiM/8Pw6vRyFjPHwCGzAnu4H1FEC64Z/78HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIbYVHPLZPPpWuBTkc3m8xFXImJmYjRze6Vcmo2IlyLiT+Oj40l+btCVBgBOKfv3TLr+17XpN6Y6945l/jPefI2IH/3yw198ulCvb8wl5f/aL6/fTcuLXQOM978NAMABI50F7XG6PY631/d9/HBnsb2dZwUffLu1uGgSdy/d2lVvVT4XoxEx+e/MocZkzmhh4t07EfFqZ/uz+/tn0pVPO+Mnsa/0LX40Wzh1KH72UPxsc1/rNXkvPnsGdYFhcy/pf97tdv1l42rzNb3+Moc701z87Gjn+gza/d9eo7P/a13vH1zJNfuabv3f1ZPGePMP3+25786lxudHIvaO9L/tFaFzzdSR+CMRb3Q74U+/+Wizo+gvX/jS673iN34VcS2Oi99KFeqV9UJta/vGSmVhubRcWisW5+fmZ9+++Vax0JyjLrRnqo/6xzvXX+rd/ojJHvFzx7U/Ir7a66Qdfv3fj3/w5WPif/0r3eJn45Vj4idj4tdOGH9h8rc9l+9O4i/1aP/Iofhjh/4uKbt+wvj3/7q9dMJDAYBzUNvaXl0ol0sbEqdN5Pp15svPSQMleiT+9tGha2rg9TmTxMC6JOCcPLnoB10TAAAAAAAAAAAAAACgl9r300f+9fHHcINuIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfX/wMAAP//OkHLZw==") r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_GET_REG(r0, 0x0, 0x800) openat$binfmt_register(0xffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$set_timeout(0xf, r1, 0xa931) readv(r0, &(0x7f0000000800), 0x0) syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000180)='./file1\x00', 0x2000098, &(0x7f0000000a40)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c646d61736b3d30313737373737373737373737373737373737373737332c73686f72746e616d653d6c6f7765722c636865636b3d7374726963742c2c756e695f786c6174653d302c726f6469722c726f6469722c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c6e6f6e756d7461696c3d302c756e695f786c6174653d312c756e695f786c6174653d312c6572726f72733d636f6e74696e75650000000000000003667365743d30121df478303030383030303030303030303465302c757466383d302c0077b5b28056fc4549d277ed7fab6b0be27ef17f888ccab55cccc917ad315c8ea56f5a89c104f92d058b73f5881e69e06002f5914c03fefbeb09121733eaf5ded73df976fbd4cfcb8b70b0bf44da1b46bc3935431d5e60a641f9e4ebbf71c77fc9a810ce726b8c6d6295a5f2e2b069b95ba8eccec37d5e1ec11cdbcabb8a89cbf2cf2771d69e3cf0e676cc6e5b2e542e426bc1aab9b2cf261046247bce0565d13a6ca8137aba85fe39756814fda1f0624b33a2025792a477ccfff09befb1d0cf1599d27262802899786e1fbfb3d637c2561421488c9de8d3739a94bf13ac582f6b67de0cad933631794271b2259fe5d73a74ad7da615c31505c7c0c168052d38e5b64c4bb7d0599e5dcf0000000000000000000000000000002790cf17418aa278cfc0c9d1c81c63e58b877706a4b7eed8a5aff253298db2939adc0efdab4745ab0e09ef8beaaf04e5374c2e7e4656e47fe5a25502919954242f8d771fc2acf14f2cee04696a9d84091f20646210edf871d3f20ad66fcf4b816323b8abb307381d32da887dcc71e35f364baa1b93fd5ee36c02aa4628511442992ced893ab924472440b53fc08cc41403e167b1f2605e04d5f0c16ed49969b59d650d88642b10c7893f64421a40f4822ffcc284dfe9ae1c6e4a04293c970f2dae776decf07b085eb5fdeda7d365b0f86c7fcd8df00a87f4dbbf8e623667e3b65e4c487055a2e5cd64402a4de537bf113fc7370099e4faebe6ea9d4f155f8f5f4c5f9b205ce1bbc8c0002a19457e05a210d9e9820bc7f318ebfdfcc22f83150503b2c7fb0340a249135057f87882717e166ef509c14fdcf38f63141e4ed36737c6e55498b350f41c8caed3e347c149162b4c6ed629be8eaaa25d59747816197aff2cf68a42d73e8146c72fedb13027a9e285872a4ca5353cc354a0b0e2ce57275b34276d28d91b2c0c2fa1041f818ea96f65a3000057dfb8858cfd194f7431e4b734f848268c5a000f01000000010000000360236584faaf1a4d4fabd3b68929729fd406fa91186ac3d0d222e00c77ad726cdc16c8456d6f598254bda7c72b24a6b213162cd6e6f205d16a083b5bf85cd0ea669c18b5535a49d95389c186be0d5d6aaf673c3b675e34dbc89407aa23b2cd4f0d7674421b4896983d7958b0cf1c7c1322b944e316711ed73c720ac25fea464ea96fdf6be3f67430188cb9f1ea81316df61c875ff59c8ffa9ffe954ccb28f037ca003109618cff0ec917fc7abe19b6a10a0eae6c72b067e29580d666042466d68ce5d192fae5bdea0b94a9bfbd0efae746ff081eb028e5566a25db8f43ddd07c39db9bed54a8a9d5763d420000000000000000", @ANYRES16=0x0], 0xfc, 0x2c0, &(0x7f0000001300)="$eJzs3U9rI2UYAPBn8q+pHhLEiyI4oAdPZevVS6OsIPakRFAvBrcLkpSFFgJbwe6e9hN4FL+GV2+e/QaCV8Hb9lAZmcxMmrRJG/sX6u936dv3fZ93ns4zpKc8881bu8NHT5J4/vKPaLeTqG3FVhwl0Y1aVJ5FIwCA++Moy+LvLCKaxe/JypGN2s1lBQDcpOL/f+GucwEAbsfnX371aW97++FnadqONzovxv0kInZfjPvFeu9xfBej2IkH0YnjiGyqGH/8yfbDaKS5bry7ezjuj+fO7/0V65P4zehEd3H8Zloo4/sR+c9mvBJp9B43q6M68fri+PcXxEe/Fe+9M5P/RnTi92/jSYziUeSxJ/E/bKbpR9mPL7//Or9MHp/Uor822Vdaj8jqt1YUAAAAAAAAAAAAAAAAAAAAAADuvY00TYr2PZP+PflU2X+nfjxZ30gr3fn+PEX8tF9w0R8oi7JFz2EWP1X9dR6kaZqVG0/iG/Fmw4sFAAAAAAAAAAAAAAAAAAAAILf/9CCeRezs7T89GA5Go8sP6sPBqOoGUH2t/7IHbs3MvB0Hw0F9+YFrq19rtttAnuu5m6PRuI7bcvEgfl3P81my5+cy3/9+8lpMZ74ow6vCXCnn5qmZ1z6cZpiWS9VNHg6Si67Vrgr3y+xSK1bOJ0nmZia1He3sZZNH4jibr2l7yc1sXUMp82e09erCpX+yLFvtnA/+LGpUziSTFhurpdEsB0uflvbZWvy2/MClHxn1q37mAAAAAAAAAAAAAAAAAAAAi81/cfqU5+eG1m4sKQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4ZSfv/68G7YiYnzkzOCyDz9tTDlqxt3/HfyIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/A/8GAAD//1xwRP8=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb77d8000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6) r5 = socket$inet6(0xa, 0x2, 0x3a) setsockopt$inet6_int(r5, 0x29, 0x4e, &(0x7f0000000780)=0x2, 0x4) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e23, 0xfffffffc, @remote, 0x4}, 0x1c) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="7be60b000000ff"], 0xe) syz_open_dev$sndctrl(&(0x7f00000001c0), 0x7ff, 0x224540) close_range(r3, r3, 0x0) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000200)={0xaa, 0x2cc}) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000010000/0x1000)=nil, 0x1000}, 0x1}) 4.991164292s ago: executing program 1 (id=228): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, 0x0, 0x0, 0x48000) sendmsg$nl_route_sched(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0}, 0x1, 0x0, 0x0, 0x4000090}, 0x20000810) getsockopt$inet_mreqn(r0, 0x0, 0x24, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f00000004c0)={0x0, @in6={{0xa, 0x4e23, 0xfffffffb, @local, 0x7}}}, 0x84) 4.884379085s ago: executing program 0 (id=229): set_mempolicy(0x3, &(0x7f0000000040)=0xffffffffffffffff, 0x3) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 4.702404491s ago: executing program 2 (id=230): socket$inet_mptcp(0x2, 0x1, 0x106) socket$inet6(0xa, 0x5, 0x4000003) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0xc8c4) ioctl$BTRFS_IOC_DEV_INFO(0xffffffffffffffff, 0xd000941e, &(0x7f0000000dc0)={0x0, "507cea5a1af14db701e8ffbbe3d2a2d6"}) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) 4.627102452s ago: executing program 1 (id=231): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) getresuid(0x0, 0x0, 0xfffffffffffffffe) 4.186376446s ago: executing program 1 (id=232): mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff}, 0x800) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r1, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) sendmmsg$inet(r1, &(0x7f000000a480)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)="a4", 0x1}], 0x1}}], 0x1, 0x24044c45) r2 = dup(r1) mount$9p_fd(0x0, 0x0, &(0x7f0000000e40), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) 4.113734878s ago: executing program 3 (id=233): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x18, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x4000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) recvmmsg(r1, 0x0, 0x0, 0x40010080, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8011}, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0) r2 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1) r3 = dup(r2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) fcntl$setownex(r3, 0xf, 0x0) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) r5 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$read(0xb, r5, &(0x7f0000000240)=""/112, 0x349b7f55) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000080)=0xa) arch_prctl$ARCH_SHSTK_LOCK(0x5003, 0x3) 3.991151641s ago: executing program 0 (id=234): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000640)='./file1\x00', 0x1008000, &(0x7f0000000c80)=ANY=[], 0x1, 0x5f2, &(0x7f0000000680)="$eJzs3c9vHGcZB/DvrH9kHaTUcZM2oEpYRaoQFsnalkjKBSgFWahClThwtoiTWNmkle0itwcIiEPFqX9CEfI/gDgWKQfaAwc49WzUIxJ33xbN7Ox6nWzcxDbedfr5SLPzvPvOvPPMs7OTmbWiCfCVtbKQyYcpsrLw1nbZ3t1Zbu/uLN/rxUnOJWkkzSRFZpK/JvkieZDulK9XHV3Fk7bz+SfN25999OmH3VY5VrOY7C5fHLbe0+nnMtvNtZqf1HhLxx/vwB7OJZk/9nhwAjo9/x7afczvJQAwzopkYtj7s8n5+oK9vA/oXhV3r7HPtAejTgAAAABOwQt72ct2Low6DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhL6uf/F/XU6MXzKXrP/5+u30sdn2kPR50AAAAAAAAAAJyAb+5lL9u50Gt3iupv/q9WjUvV69fyXjazlo1czXZWs5WtbGQxyezAQNPbq1tbG4tPsebS0DWXTmd/AQAAAAAAAOA59fus7P/9HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxkGRTHRn1XSpF8+mMZmkmWS6XO5B8q9efJY9HHUCAAAAcApe2MtetnOh1+4U1T3/S9V9fzPv5X62sp6ttLOWm9VvAd27/sbuznJ7d2f5Xjk9Pu6P/vtMaVQjpvvbw/AtX6mWmMmtrFfvXM2v8k7auZlGtWbpSi+f4Xn9rsyp+EHtKTO7Wc/LPf9ZPR8Ps1VFpvoVadW5ldW4eHglnvHTeXRLi2n0f/m59H+o+fl6Xu7Pm2Nd86WBo++lwyuRzP3yj9fvtO/fvXNrc2F8dumIHq3E8kAlXv5KVaJVVeJyv72Sn+YXWch83s5G1vPrrGYra5nPm1W0Wh/P5evs4ZX64YHW21+WyXT9uXTPos+W06vVuheynp/nndysPtFWrud6lvK9vJ7WgU/48tC8f9upu/c6nU4az/at/9a362AqyU/q+Xgo63pxoK5TuTXR65ut+gbPwvtVmjv5c+PkN+qgPHreGLtz48VH/pXoVeLFwypR5E/VgbPZvn93487qu0+5vdf6qyc/7ldisn63MzG6A6g8Xub6uRw8Osq+F4f2LVZ9l/p9jcf6Lvf7vuybOl1fwz0+0lLV9/LQvu56Vwb6hl1vATD2zn/n/PTMf2b+OfPxzB9m7sy81Xzj3I1zr0xn6u9T359sTbzWeKX4Sz7Ob/bv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKPbfP+Du6vt9trGkYPek4iOO85zEfSejjcu+QgERwxGeVYCTsO1rXvvXtt8/4Pvrt9bvb12e+3+660bNxYXF6+3rt1ab6/Vr6POEgA4SfsX/aPOBAAAAAAAAAAAAAAAeJLT+O/Eo95HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg+baykMmHKbLYutoq27s7y+1y6sX7SzaTFGXwtyRfJA/SnTI7MFzxpO18/knz9mcfffrh/ljNavl/LJ3EXhzIpfFITscdb2lgvD8fabiiX5n5JHP1HEbufwEAAP//86ICBQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x100) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) msgsnd(0x0, 0x0, 0x2000, 0x0) chdir(&(0x7f0000000140)='./bus\x00') r3 = open(&(0x7f0000000040)='./file0\x00', 0x84242, 0x1df2a23c5997fad6) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x4, 0x0, 0x5, 0x7, 0x3, 0xfffffffd, {0x400000080001, 0xfd, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffc, 0x6000, 0x0, 0x0, 0x0, 0x5, 0x7}}, {0x0, 0x13}}}, 0xa0) sendfile(r3, r3, &(0x7f0000000080), 0x7f03) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000040}, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) 3.990476671s ago: executing program 2 (id=235): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wlan0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000280)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000054000000060a010400000000000000000100000008000b40000000000900010073797a30000000002c0004802800018008000100666962001c00028008000240000000030800034000000001080001400000001414000000110001"], 0xdc}}, 0x0) 3.892111534s ago: executing program 1 (id=236): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(r1, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket(0xa, 0x3, 0xff) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a3000000000540003800800024000000000080001400000000040000380140001007665746831"], 0xa8}}, 0x0) 836.024275ms ago: executing program 0 (id=237): r0 = socket$kcm(0x23, 0x5, 0x0) listen(r0, 0x800) accept(r0, &(0x7f0000000280)=@nfc, &(0x7f00000000c0)=0xfffffffffffffcea) 835.036445ms ago: executing program 3 (id=238): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000100)=0x2, 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x58}}, 0x10) sendto(r0, &(0x7f0000000140)='A', 0xfffff, 0x40008c1, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000004140)=""/4096, 0x1000}], 0x1}, 0x5}], 0x1, 0x102, 0x0) 751.787827ms ago: executing program 2 (id=239): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x60680, 0x0) ioctl$TIOCPKT(r0, 0x5420, 0x0) 665.2831ms ago: executing program 1 (id=240): socket$packet(0x11, 0x2, 0x300) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x28bd, 0x42, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x1, "", [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x9, 0x3, 0x1, {0x22, 0x2c}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x10, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="200d3a0000003a23e75bcf"], 0x0, 0x0, 0x0, 0x0}, 0x0) 542.023193ms ago: executing program 3 (id=241): r0 = socket(0x1, 0x5, 0x0) close(r0) r1 = socket$inet6(0xa, 0x2, 0x0) shutdown(r1, 0x0) r2 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000100)={0x20002010}) 531.556774ms ago: executing program 2 (id=242): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8, 0x0, 0xfffa}, @initr0, @exit, @alu={0x6, 0x0, 0xc, 0xa, 0x0, 0x2}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94) sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="50000000041400032bbd7000fcdbdf2508000100000000fb0800010000000000"], 0x50}, 0x1, 0x0, 0x0, 0x4001}, 0x4000000) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000007c0000007c00000003000000010000000500008b9b3e9f7767757c06040000000f0000000300000008000000560000000200000006000000090000000600000006000000fbffffff04000000"], 0x0, 0x97, 0x0, 0x1, 0x3}, 0x28) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000000c0)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ff2000/0x2000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ff3000/0x1000)=nil, 0x0, 0xfffffffffffffe43}, 0x68) 372.982298ms ago: executing program 2 (id=243): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000540)=@newlink={0x38, 0x10, 0x439, 0x70bd2d, 0x0, {0x0, 0x0, 0xe403, 0x0, 0x62a1}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @sit={{0x8}, {0x4}}}, @IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_INET6={0x4}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4014}, 0x0) 270.334241ms ago: executing program 3 (id=244): io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1e, 0x0, 0x0) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r2, r1, 0x0, 0x0, 0xdead, 0x0, 0x0}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r3, 0xffffffffffffffff, 0x0) 154.407925ms ago: executing program 2 (id=245): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4, 0x0, @loopback, 0x4}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x304}, "0000000400", "6abc00000000000000000000001000", "f0630400"}, 0x28) sendto$inet6(r0, &(0x7f0000000240)="c62ee5d6a89f2387cb4093532f7c0a22ce", 0xffffffffffffff69, 0x8040, 0x0, 0x0) shutdown(r0, 0x1) 0s ago: executing program 3 (id=246): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x18, 0xe, 0x0, &(0x7f00000001c0)='GPL\x00', 0x4000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) recvmmsg(r1, 0x0, 0x0, 0x40010080, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8011}, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0) r2 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1) r3 = dup(r2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) fcntl$setownex(r3, 0xf, 0x0) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) r5 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$read(0xb, r5, &(0x7f0000000240)=""/112, 0x349b7f55) ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000080)=0xa) arch_prctl$ARCH_SHSTK_LOCK(0x5003, 0x3) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.78' (ED25519) to the list of known hosts. [ 63.444760][ T5757] cgroup: Unknown subsys name 'net' [ 63.580005][ T5757] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 64.890105][ T5757] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 66.766118][ T5775] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 66.776500][ T5775] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.786270][ T5775] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 66.789359][ T5780] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 66.794333][ T5775] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.805427][ T5784] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 66.816124][ T5775] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 66.816365][ T5784] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 66.824332][ T5775] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.832598][ T5784] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 66.837747][ T5775] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 66.852462][ T5775] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 66.852506][ T5783] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 66.862159][ T5775] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 66.876800][ T5783] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 66.885099][ T5783] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 66.892669][ T5783] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 66.902456][ T5785] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 66.919244][ T5785] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 66.929258][ T5784] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.937130][ T5784] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 66.944543][ T5784] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 66.944753][ T5780] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 66.952160][ T5784] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.380837][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 67.415018][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 67.467044][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 67.575737][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 67.613500][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.621290][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.629053][ T5772] bridge_slave_0: entered allmulticast mode [ 67.636093][ T5772] bridge_slave_0: entered promiscuous mode [ 67.662255][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.669618][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.676875][ T5771] bridge_slave_0: entered allmulticast mode [ 67.683553][ T5771] bridge_slave_0: entered promiscuous mode [ 67.707328][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.717204][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.724458][ T5772] bridge_slave_1: entered allmulticast mode [ 67.731269][ T5772] bridge_slave_1: entered promiscuous mode [ 67.762581][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.769833][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.777537][ T5771] bridge_slave_1: entered allmulticast mode [ 67.784462][ T5771] bridge_slave_1: entered promiscuous mode [ 67.807891][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.815067][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.822230][ T5770] bridge_slave_0: entered allmulticast mode [ 67.830001][ T5770] bridge_slave_0: entered promiscuous mode [ 67.837934][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.845275][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.852940][ T5770] bridge_slave_1: entered allmulticast mode [ 67.860041][ T5770] bridge_slave_1: entered promiscuous mode [ 67.898353][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.910769][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.924264][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.950559][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.987013][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.994952][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.002095][ T5769] bridge_slave_0: entered allmulticast mode [ 68.009023][ T5769] bridge_slave_0: entered promiscuous mode [ 68.039064][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.049631][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.057856][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.065367][ T5769] bridge_slave_1: entered allmulticast mode [ 68.072051][ T5769] bridge_slave_1: entered promiscuous mode [ 68.091548][ T5771] team0: Port device team_slave_0 added [ 68.101167][ T5772] team0: Port device team_slave_0 added [ 68.109039][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.129837][ T5771] team0: Port device team_slave_1 added [ 68.136933][ T5772] team0: Port device team_slave_1 added [ 68.151441][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 68.165215][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 68.238204][ T5770] team0: Port device team_slave_0 added [ 68.245678][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.252644][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.278885][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.293258][ T5769] team0: Port device team_slave_0 added [ 68.302686][ T5769] team0: Port device team_slave_1 added [ 68.309542][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.317112][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.343282][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.355806][ T5770] team0: Port device team_slave_1 added [ 68.362153][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.369515][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.397968][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.409646][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.416967][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.442953][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.524881][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.531851][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.564907][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.577517][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.584563][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.610516][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.634362][ T5772] hsr_slave_0: entered promiscuous mode [ 68.640672][ T5772] hsr_slave_1: entered promiscuous mode [ 68.649686][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 68.656739][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.682677][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.696040][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.703017][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.733648][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.788869][ T5769] hsr_slave_0: entered promiscuous mode [ 68.795251][ T5769] hsr_slave_1: entered promiscuous mode [ 68.801625][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 68.810725][ T5769] Cannot create hsr debugfs directory [ 68.860119][ T5771] hsr_slave_0: entered promiscuous mode [ 68.867704][ T5771] hsr_slave_1: entered promiscuous mode [ 68.874448][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 68.882457][ T5771] Cannot create hsr debugfs directory [ 68.925820][ T5784] Bluetooth: hci2: command tx timeout [ 68.964864][ T5770] hsr_slave_0: entered promiscuous mode [ 68.971188][ T5770] hsr_slave_1: entered promiscuous mode [ 68.980237][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 68.987904][ T5770] Cannot create hsr debugfs directory [ 69.003864][ T5784] Bluetooth: hci0: command tx timeout [ 69.003906][ T5782] Bluetooth: hci3: command tx timeout [ 69.009531][ T5784] Bluetooth: hci1: command tx timeout [ 69.322790][ T5772] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 69.334356][ T5772] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 69.346577][ T5772] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 69.364401][ T5772] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 69.403502][ T5770] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 69.415380][ T5770] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 69.436860][ T5770] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 69.461680][ T5770] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 69.539022][ T5769] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 69.550140][ T5769] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 69.560284][ T5769] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 69.575463][ T5769] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 69.658759][ T5771] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 69.670966][ T5771] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 69.692413][ T5771] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 69.707487][ T5771] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 69.738442][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.759808][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.797277][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.804617][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.815770][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.822894][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.901947][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.950306][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.986975][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.019857][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.052773][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 70.069654][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.076860][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.111343][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.118589][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.150766][ T2896] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.157941][ T2896] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.190660][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 70.218125][ T2896] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.225322][ T2896] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.248523][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.255690][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 70.293454][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 70.300662][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 70.362089][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.467525][ T5771] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 70.540495][ T5772] veth0_vlan: entered promiscuous mode [ 70.582210][ T5772] veth1_vlan: entered promiscuous mode [ 70.668142][ T5772] veth0_macvtap: entered promiscuous mode [ 70.716840][ T5772] veth1_macvtap: entered promiscuous mode [ 70.770413][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.797231][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.816131][ T5772] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.826055][ T5772] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.835491][ T5772] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.847152][ T5772] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.881853][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.898582][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.004928][ T5784] Bluetooth: hci2: command tx timeout [ 71.021841][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 71.039794][ T5769] veth0_vlan: entered promiscuous mode [ 71.052596][ T5769] veth1_vlan: entered promiscuous mode [ 71.084338][ T5784] Bluetooth: hci1: command tx timeout [ 71.084368][ T5777] Bluetooth: hci0: command tx timeout [ 71.104207][ T5782] Bluetooth: hci3: command tx timeout [ 71.110465][ T2896] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.133189][ T2896] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.186566][ T5769] veth0_macvtap: entered promiscuous mode [ 71.193507][ T5770] veth0_vlan: entered promiscuous mode [ 71.206140][ T2888] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.218047][ T5770] veth1_vlan: entered promiscuous mode [ 71.231618][ T2888] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.250672][ T5769] veth1_macvtap: entered promiscuous mode [ 71.271178][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.282135][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.306120][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.339892][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.356098][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.368016][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.382148][ T5771] veth0_vlan: entered promiscuous mode [ 71.397599][ T5769] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.411367][ T5769] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.420195][ T5769] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.429572][ T5769] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.472715][ T5771] veth1_vlan: entered promiscuous mode [ 71.489286][ T5770] veth0_macvtap: entered promiscuous mode [ 71.555916][ T5770] veth1_macvtap: entered promiscuous mode [ 71.570021][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.578323][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.614217][ T5836] syz.0.1[5836]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 71.672023][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.683513][ T5771] veth0_macvtap: entered promiscuous mode [ 71.693069][ T2886] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.736111][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.753540][ T2886] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.765878][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.783176][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.794395][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.813301][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.828766][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.869388][ T5771] veth1_macvtap: entered promiscuous mode [ 71.919943][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.931155][ T5836] loop0: detected capacity change from 0 to 40427 [ 71.949772][ T5836] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 71.957843][ T5836] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 71.969175][ T5836] F2FS-fs (loop0): invalid crc value [ 71.976621][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.987372][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.998572][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.011547][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.027701][ T5770] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.036893][ T5770] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.049451][ T5836] F2FS-fs (loop0): Found nat_bits in checkpoint [ 72.099170][ T5770] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.108003][ T5836] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 72.115331][ T5836] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 72.158458][ T5770] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.365130][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.380520][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.402196][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.443537][ T27] audit: type=1800 audit(1779351378.434:2): pid=5846 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1" name="file1" dev="loop0" ino=10 res=0 errno=0 [ 73.558015][ T5782] Bluetooth: hci2: command tx timeout [ 73.563476][ T5782] Bluetooth: hci3: command tx timeout [ 73.569833][ T5782] Bluetooth: hci0: command tx timeout [ 73.573688][ C1] sched: RT throttling activated [ 73.580353][ T5782] Bluetooth: hci1: command tx timeout [ 73.594815][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.605452][ T27] audit: type=1804 audit(1779351378.534:3): pid=5846 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1" name="/newroot/0/bus/file1" dev="loop0" ino=10 res=1 errno=0 [ 73.614302][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.639618][ T5845] loop3: detected capacity change from 0 to 32768 [ 73.645572][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.658274][ T5845] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.4 (5845) [ 73.670179][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.689115][ T5845] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 73.701140][ T5845] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 73.707050][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.710354][ T5845] BTRFS info (device loop3): force clearing of disk cache [ 73.731483][ T5845] BTRFS info (device loop3): allowing degraded mounts [ 73.738599][ T5845] BTRFS info (device loop3): enabling auto defrag [ 73.745125][ T5845] BTRFS info (device loop3): enabling ssd optimizations [ 73.752098][ T5845] BTRFS info (device loop3): using spread ssd allocation scheme [ 73.759860][ T5845] BTRFS info (device loop3): using free space tree [ 73.775273][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.787280][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.808816][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.819743][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.832085][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.845072][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.856302][ T5771] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.866063][ T5771] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.897854][ T5771] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.907591][ T5771] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.923199][ T5845] BTRFS info (device loop3): auto enabling async discard [ 73.946739][ T5845] BTRFS info (device loop3): rebuilding free space tree [ 74.076820][ T2896] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.129534][ T2896] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.253514][ T2886] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.305788][ T59] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 74.317682][ T2886] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.475648][ T2896] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.485744][ T2896] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.620524][ T2896] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.673765][ T2896] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.832381][ T5769] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 75.100348][ T5869] input: syz0 as /devices/virtual/input/input5 [ 75.164540][ T5815] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 75.639783][ T5815] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 75.644306][ T5777] Bluetooth: hci1: command tx timeout [ 75.655936][ T5782] Bluetooth: hci0: command tx timeout [ 75.656077][ T5784] Bluetooth: hci3: command tx timeout [ 75.661348][ T5782] Bluetooth: hci2: command tx timeout [ 75.690942][ T5815] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 57932, setting to 1024 [ 75.788561][ T5815] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 75.804277][ T5815] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 75.813356][ T5815] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 75.867189][ T5815] usb 3-1: Product: syz [ 75.875148][ T5815] usb 3-1: Manufacturer: syz [ 75.879791][ T5815] usb 3-1: SerialNumber: syz [ 75.900405][ T5815] usb 3-1: config 0 descriptor?? [ 75.913173][ T5864] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 75.965844][ T5864] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 76.225111][ T5864] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 76.243544][ T5864] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 76.562850][ T5888] Zero length message leads to an empty skb [ 77.945844][ T5815] Error reading MAC address [ 77.969615][ T5815] usb 3-1: USB disconnect, device number 2 [ 78.023767][ T23] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 79.313856][ T23] usb 1-1: Using ep0 maxpacket: 16 [ 79.321103][ T23] usb 1-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 79.331389][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.356602][ T23] usb 1-1: config 0 descriptor?? [ 79.441015][ T23] usbhid 1-1:0.0: can't add hid device: -71 [ 79.454232][ T23] usbhid: probe of 1-1:0.0 failed with error -71 [ 79.512154][ T23] usb 1-1: USB disconnect, device number 2 [ 80.436146][ T5926] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 80.518396][ T5928] loop2: detected capacity change from 0 to 512 [ 81.637477][ T5928] EXT4-fs (loop2): Test dummy encryption mode enabled [ 81.637502][ T5928] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 81.637509][ T5928] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 81.649972][ T5928] EXT4-fs error (device loop2): ext4_orphan_get:1430: comm syz.2.23: bad orphan inode 131083 [ 81.652254][ T5928] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 81.790489][ T5927] loop1: detected capacity change from 0 to 32768 [ 81.811774][ T5927] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.22 (5927) [ 81.889504][ T1185] cfg80211: failed to load regulatory.db [ 81.913905][ T5927] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 81.954678][ T5927] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 81.987086][ T5927] BTRFS info (device loop1): setting nodatacow, compression disabled [ 82.018104][ T5927] BTRFS info (device loop1): enabling auto defrag [ 82.029322][ T5946] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 82.033766][ T5927] BTRFS info (device loop1): max_inline at 0 [ 82.055495][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.063802][ T5927] BTRFS info (device loop1): using free space tree [ 82.173354][ T5944] loop3: detected capacity change from 0 to 4096 [ 82.262862][ T5927] BTRFS info (device loop1): auto enabling async discard [ 82.600874][ T5970] loop0: detected capacity change from 0 to 1024 [ 82.847450][ T5771] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 84.147973][ T5786] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 9 /dev/loop1 scanned by udevd (5786) [ 84.328562][ T5990] Bluetooth: MGMT ver 1.22 [ 84.333357][ T5990] Bluetooth: hci0: invalid length 0, exp 2 for type 19 [ 84.845495][ T5814] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 85.093993][ T5814] usb 2-1: Using ep0 maxpacket: 16 [ 85.237983][ T5814] usb 2-1: unable to get BOS descriptor or descriptor too short [ 85.468717][ T5814] usb 2-1: config 9 has no interfaces? [ 85.545675][ T5814] usb 2-1: language id specifier not provided by device, defaulting to English [ 85.618918][ T5814] usb 2-1: New USB device found, idVendor=0b05, idProduct=1932, bcdDevice=13.5b [ 85.633722][ T5814] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.641827][ T5814] usb 2-1: Product: syz [ 85.688343][ T5814] usb 2-1: Manufacturer: 疤ᨒ﫩ዷ夏⧽ꉺ咲엄쯳 [ 85.702195][ T5814] usb 2-1: SerialNumber: syz [ 85.957034][ T5814] usb 2-1: USB disconnect, device number 2 [ 86.252237][ T6001] loop2: detected capacity change from 0 to 32768 [ 86.377400][ T6001] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 86.808218][ T6001] XFS (loop2): Ending clean mount [ 87.068248][ T5770] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 87.593543][ T6037] loop1: detected capacity change from 0 to 40427 [ 87.603766][ T6037] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 87.611567][ T6037] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 87.629569][ T6037] F2FS-fs (loop1): invalid crc value [ 87.656858][ T6037] F2FS-fs (loop1): Found nat_bits in checkpoint [ 87.716937][ T6037] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 87.724335][ T6037] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 88.875180][ T27] audit: type=1800 audit(1779351394.794:4): pid=6053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.47" name="file1" dev="loop1" ino=10 res=0 errno=0 [ 89.154452][ T27] audit: type=1804 audit(1779351394.794:5): pid=6053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.47" name="/newroot/11/bus/file1" dev="loop1" ino=10 res=1 errno=0 [ 89.425082][ T6060] netlink: 'syz.0.53': attribute type 2 has an invalid length. [ 89.944626][ T6071] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 90.006470][ T6071] netlink: 8 bytes leftover after parsing attributes in process `syz.3.55'. [ 90.730567][ T6057] loop2: detected capacity change from 0 to 40427 [ 90.761067][ T6057] F2FS-fs (loop2): Invalid log_blocksize (64), supports only 12 [ 90.811253][ T6057] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 90.828998][ T6057] F2FS-fs (loop2): Unrecognized mount option "io_bits=00000000000000000" or missing value [ 91.810522][ T1185] IPVS: starting estimator thread 0... [ 92.023955][ T6094] IPVS: using max 20 ests per chain, 48000 per kthread [ 92.140688][ T6093] loop3: detected capacity change from 0 to 40427 [ 92.149432][ T6093] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 92.158153][ T6093] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 92.185806][ T6093] F2FS-fs (loop3): invalid crc value [ 92.216855][ T6093] F2FS-fs (loop3): Found nat_bits in checkpoint [ 92.284838][ T6093] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 92.291927][ T6093] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 92.625098][ T27] audit: type=1800 audit(1779351398.544:6): pid=6112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.63" name="file1" dev="loop3" ino=10 res=0 errno=0 [ 92.868296][ T27] audit: type=1804 audit(1779351398.554:7): pid=6112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.63" name="/newroot/18/bus/file1" dev="loop3" ino=10 res=1 errno=0 [ 94.144571][ T6121] Process accounting resumed [ 94.316087][ T6108] sctp: failed to load transform for md5: -2 [ 94.797890][ T6116] loop1: detected capacity change from 0 to 40427 [ 94.995381][ T6116] F2FS-fs (loop1): Invalid log_blocksize (64), supports only 12 [ 95.155690][ T6116] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 95.210387][ T6116] F2FS-fs (loop1): Unrecognized mount option "io_bits=00000000000000000" or missing value [ 96.262399][ T6154] netlink: 48 bytes leftover after parsing attributes in process `syz.3.82'. [ 96.282230][ T6152] loop1: detected capacity change from 0 to 40427 [ 96.302081][ T6152] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 96.310297][ T6152] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 96.326595][ T6154] netlink: 48 bytes leftover after parsing attributes in process `syz.3.82'. [ 96.345372][ T6152] F2FS-fs (loop1): invalid crc value [ 96.407294][ T6152] F2FS-fs (loop1): Found nat_bits in checkpoint [ 97.707596][ T6152] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 97.716202][ T6152] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 98.263561][ T6171] loop2: detected capacity change from 0 to 256 [ 98.356119][ T6171] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 98.422597][ T6171] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 99.334820][ T6178] loop3: detected capacity change from 0 to 32768 [ 99.342116][ T6178] ======================================================= [ 99.342116][ T6178] WARNING: The mand mount option has been deprecated and [ 99.342116][ T6178] and is ignored by this kernel. Remove the mand [ 99.342116][ T6178] option from the mount to silence this warning. [ 99.342116][ T6178] ======================================================= [ 99.499173][ T6178] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 100.084438][ T6178] syz.3.92 (6178) used greatest stack depth: 18768 bytes left [ 100.226896][ T6190] netlink: 48 bytes leftover after parsing attributes in process `syz.2.93'. [ 100.268611][ T6190] netlink: 48 bytes leftover after parsing attributes in process `syz.2.93'. [ 100.456708][ T5769] ocfs2: Unmounting device (7,3) on (node local) [ 102.041256][ T6203] loop0: detected capacity change from 0 to 64 [ 102.233905][ T8] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 102.417099][ T6209] loop0: detected capacity change from 0 to 4096 [ 102.447299][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 102.478442][ T6209] EXT4-fs: inline encryption not supported [ 102.525588][ T8] usb 3-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 102.563061][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.577742][ T6209] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=e042c018, mo2=0003] [ 102.620397][ T6209] System zones: 0-5 [ 102.742257][ T8] usb 3-1: config 0 descriptor?? [ 102.868186][ T6209] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.438329][ T8] usbhid 3-1:0.0: can't add hid device: -71 [ 103.562193][ T8] usbhid: probe of 3-1:0.0 failed with error -71 [ 103.736662][ T8] usb 3-1: USB disconnect, device number 3 [ 104.284836][ T786] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 104.291136][ T6232] loop1: detected capacity change from 0 to 4096 [ 104.301227][ T6236] netlink: 48 bytes leftover after parsing attributes in process `syz.2.105'. [ 104.318249][ T6236] netlink: 48 bytes leftover after parsing attributes in process `syz.2.105'. [ 104.328869][ T6232] EXT4-fs: inline encryption not supported [ 104.410498][ T6232] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=e042c018, mo2=0003] [ 104.418985][ T6232] System zones: 0-5 [ 104.425808][ T6232] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 104.464022][ T786] usb 1-1: device descriptor read/64, error -71 [ 104.776772][ T786] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 104.943933][ T786] usb 1-1: device descriptor read/64, error -71 [ 105.069189][ T786] usb usb1-port1: attempt power cycle [ 105.150901][ T6249] : renamed from wg2 (while UP) [ 105.323968][ T5814] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 105.544137][ T5814] usb 2-1: device descriptor read/64, error -71 [ 105.844100][ T5814] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 105.981293][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.143794][ T5814] usb 2-1: device descriptor read/64, error -71 [ 106.285541][ T5814] usb usb2-port1: attempt power cycle [ 106.576543][ T5781] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 106.809538][ T5781] usb 3-1: Using ep0 maxpacket: 16 [ 106.861491][ T5781] usb 3-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 106.949154][ T5781] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.135089][ T5781] usb 3-1: config 0 descriptor?? [ 107.305990][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.550634][ T5781] usbhid 3-1:0.0: can't add hid device: -71 [ 107.569388][ T5781] usbhid: probe of 3-1:0.0 failed with error -71 [ 107.609783][ T5781] usb 3-1: USB disconnect, device number 4 [ 109.086190][ T5777] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 109.095794][ T5777] Bluetooth: hci3: Injecting HCI hardware error event [ 109.104599][ T5782] Bluetooth: hci3: hardware error 0x00 [ 109.674425][ T5814] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 110.067243][ T6319] loop0: detected capacity change from 0 to 40427 [ 110.086459][ T6319] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 110.094309][ T6319] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 110.104168][ T6319] F2FS-fs (loop0): invalid crc value [ 110.128159][ T6319] F2FS-fs (loop0): Found nat_bits in checkpoint [ 110.172039][ T6319] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 110.179977][ T6319] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 110.188496][ T5814] usb 2-1: Using ep0 maxpacket: 16 [ 110.210029][ T6331] loop3: detected capacity change from 0 to 256 [ 110.261899][ T6331] FAT-fs (loop3): Unrecognized mount option "iocharsetiso8859-3" or missing value [ 110.352881][ T5814] usb 2-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 110.362204][ T5814] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.373074][ T5814] usb 2-1: config 0 descriptor?? [ 110.569241][ T27] audit: type=1800 audit(1779351416.374:8): pid=6334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.136" name="file1" dev="loop0" ino=10 res=0 errno=0 [ 111.586085][ T5782] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 111.615497][ T27] audit: type=1804 audit(1779351416.374:9): pid=6334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.136" name="/newroot/37/bus/file1" dev="loop0" ino=10 res=1 errno=0 [ 111.786423][ T5814] usbhid 2-1:0.0: can't add hid device: -71 [ 111.792467][ T5814] usbhid: probe of 2-1:0.0 failed with error -71 [ 111.879805][ T5814] usb 2-1: USB disconnect, device number 6 [ 111.924115][ T5890] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 112.119371][ T5890] usb 4-1: config 0 has an invalid interface number: 69 but max is 0 [ 112.127916][ T5890] usb 4-1: config 0 has no interface number 0 [ 112.137450][ T5890] usb 4-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 112.149465][ T5890] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 112.222521][ T5890] usb 4-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 112.236804][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.245691][ T5890] usb 4-1: Product: syz [ 112.257389][ T5890] usb 4-1: Manufacturer: syz [ 112.262389][ T5890] usb 4-1: SerialNumber: syz [ 112.297206][ T5890] usb 4-1: config 0 descriptor?? [ 112.306107][ T6337] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 112.325754][ T5890] cyberjack 4-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 112.390813][ T5890] usb 4-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 113.641230][ T5890] usb 4-1: USB disconnect, device number 2 [ 113.653329][ T5890] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 113.695876][ T5890] cyberjack 4-1:0.69: device disconnected [ 114.402326][ T6362] loop3: detected capacity change from 0 to 40427 [ 114.410207][ T6362] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 114.418066][ T6362] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 114.436511][ T6362] F2FS-fs (loop3): invalid crc value [ 114.454327][ T6362] F2FS-fs (loop3): Found nat_bits in checkpoint [ 114.505586][ T6362] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 114.512671][ T6362] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 114.694807][ T27] audit: type=1800 audit(1779351420.634:10): pid=6374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.150" name="file1" dev="loop3" ino=10 res=0 errno=0 [ 115.357093][ T27] audit: type=1804 audit(1779351420.634:11): pid=6374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.150" name="/newroot/41/bus/file1" dev="loop3" ino=10 res=1 errno=0 [ 115.378352][ C0] vkms_vblank_simulate: vblank timer overrun [ 115.553152][ T6375] trusted_key: encrypted_key: insufficient parameters specified [ 115.917431][ T6382] loop2: detected capacity change from 0 to 512 [ 115.962937][ T6382] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 116.020509][ T6382] EXT4-fs (loop2): 1 truncate cleaned up [ 116.035179][ T6382] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.088769][ T6386] loop1: detected capacity change from 0 to 128 [ 116.147382][ T6386] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 116.181244][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.223134][ T6386] ext4 filesystem being mounted at /28/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 117.536444][ T5771] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 117.715294][ T6400] loop2: detected capacity change from 0 to 40427 [ 117.728005][ T6400] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 117.735834][ T6400] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 117.895594][ T6401] loop3: detected capacity change from 0 to 32768 [ 117.915479][ T6400] F2FS-fs (loop2): invalid crc value [ 117.944800][ T6400] F2FS-fs (loop2): Found nat_bits in checkpoint [ 118.020699][ T6400] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 118.027892][ T6400] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 118.206730][ T27] audit: type=1800 audit(1779351424.144:12): pid=6407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.161" name="file1" dev="loop2" ino=10 res=0 errno=0 [ 118.231502][ T27] audit: type=1804 audit(1779351424.164:13): pid=6407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.161" name="/newroot/45/bus/file1" dev="loop2" ino=10 res=1 errno=0 [ 119.587351][ T6422] netlink: 8 bytes leftover after parsing attributes in process `syz.3.165'. [ 119.787089][ T6428] netlink: 128 bytes leftover after parsing attributes in process `syz.3.170'. [ 119.800622][ T6428] netlink: 8 bytes leftover after parsing attributes in process `syz.3.170'. [ 120.324478][ T6434] loop3: detected capacity change from 0 to 40427 [ 120.334752][ T6434] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 120.342516][ T6434] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 120.405096][ T6434] F2FS-fs (loop3): invalid crc value [ 120.418548][ T6437] trusted_key: encrypted_key: insufficient parameters specified [ 120.429572][ T6434] F2FS-fs (loop3): Found nat_bits in checkpoint [ 120.494472][ T6434] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 120.501546][ T6434] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 120.675200][ T27] audit: type=1800 audit(1779351426.614:14): pid=6443 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.172" name="file1" dev="loop3" ino=10 res=0 errno=0 [ 120.695509][ C0] vkms_vblank_simulate: vblank timer overrun [ 120.716054][ T27] audit: type=1804 audit(1779351426.634:15): pid=6443 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.172" name="/newroot/49/bus/file1" dev="loop3" ino=10 res=1 errno=0 [ 121.850419][ T6467] netlink: 'syz.0.182': attribute type 2 has an invalid length. [ 122.007494][ T6471] netlink: 48 bytes leftover after parsing attributes in process `syz.1.184'. [ 122.025100][ T6471] netlink: 48 bytes leftover after parsing attributes in process `syz.1.184'. [ 122.912155][ T6465] loop0: detected capacity change from 0 to 32768 [ 122.937802][ T6465] (syz.0.182,6465,0):ocfs2_parse_options:1448 ERROR: Unrecognized mount option "dir_rlv_level=000000N000000000000\:Fherency=full" or missing value [ 122.955279][ T6465] (syz.0.182,6465,0):ocfs2_fill_super:1178 ERROR: status = -22 [ 123.165741][ T5786] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 123.284342][ T5814] hid (null): global environment stack underflow [ 123.626207][ T5814] hid-generic FFF4:0001:7DAB.0001: global environment stack underflow [ 123.831454][ T5814] hid-generic FFF4:0001:7DAB.0001: item 0 2 1 11 parsing failed [ 123.841020][ T5814] hid-generic: probe of FFF4:0001:7DAB.0001 failed with error -22 [ 125.167685][ T6529] loop1: detected capacity change from 0 to 512 [ 125.230993][ T6526] syz_tun: entered allmulticast mode [ 125.237249][ T6529] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 125.301788][ T6526] dvmrp6: entered allmulticast mode [ 125.381975][ T6529] EXT4-fs (loop1): 1 truncate cleaned up [ 125.433878][ T6529] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.588609][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.863910][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 127.858249][ T6559] loop1: detected capacity change from 0 to 128 [ 127.960181][ T6559] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a80ec018, mo2=0002] [ 128.002860][ T6565] loop0: detected capacity change from 0 to 64 [ 128.013843][ T6559] System zones: 1-3, 19-19, 35-36 [ 128.020390][ T6559] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 128.077416][ T6559] ext4 filesystem being mounted at /40/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 128.181818][ T6565] hfs: request for non-existent node 131072 in B*Tree [ 128.203049][ T6559] EXT4-fs warning (device loop1): verify_group_input:151: Cannot add at group 60515 (only 1 groups) [ 128.205201][ T6565] hfs: request for non-existent node 131072 in B*Tree [ 128.267465][ T5843] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 128.277963][ T6565] hfs: request for non-existent node 131072 in B*Tree [ 128.301836][ T6565] hfs: request for non-existent node 131072 in B*Tree [ 128.332636][ T6565] hfs: request for non-existent node 131072 in B*Tree [ 128.342999][ T5771] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 128.352245][ T6565] hfs: request for non-existent node 131072 in B*Tree [ 128.358428][ T6565] hfs: request for non-existent node 131072 in B*Tree [ 128.383851][ T6565] hfs: request for non-existent node 131072 in B*Tree [ 128.409143][ T6565] hfs: request for non-existent node 131072 in B*Tree [ 128.437752][ T6565] hfs: request for non-existent node 131072 in B*Tree [ 128.453778][ T5843] usb 4-1: Using ep0 maxpacket: 16 [ 128.467227][ T6565] hfs: request for non-existent node 131072 in B*Tree [ 128.476931][ T5843] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 128.499920][ T6565] hfs: request for non-existent node 131072 in B*Tree [ 128.511132][ T5843] usb 4-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 128.532716][ T6575] hfs: request for non-existent node 12 in B*Tree [ 128.533718][ T5843] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.551250][ T5843] usb 4-1: Product: syz [ 128.555732][ T5843] usb 4-1: Manufacturer: syz [ 128.560491][ T5843] usb 4-1: SerialNumber: syz [ 128.570664][ T6575] hfs: request for non-existent node 12 in B*Tree [ 128.584506][ T5843] usb 4-1: config 0 descriptor?? [ 128.611248][ T5843] hub 4-1:0.0: bad descriptor, ignoring hub [ 128.629438][ T5843] hub: probe of 4-1:0.0 failed with error -5 [ 128.668840][ T5843] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 129.129380][ T23] usb 4-1: USB disconnect, device number 3 [ 129.284545][ T6589] loop2: detected capacity change from 0 to 512 [ 129.305548][ T6589] EXT4-fs (loop2): Test dummy encryption mode enabled [ 129.312367][ T6589] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 129.378422][ T6589] EXT4-fs error (device loop2): ext4_orphan_get:1430: comm syz.2.205: bad orphan inode 131083 [ 129.421698][ T6589] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.512976][ T6597] warning: `syz.0.213' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 129.656750][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.892762][ T6636] trusted_key: encrypted_key: master key parameter 'B' is invalid [ 132.260182][ T6647] loop3: detected capacity change from 0 to 512 [ 132.298804][ T6647] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 132.316197][ T6647] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 132.364552][ T6647] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 132.410464][ T6647] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01d, mo2=0006] [ 132.424967][ T6647] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 133.369839][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.382507][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.573489][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.700866][ T6673] loop0: detected capacity change from 0 to 1024 [ 136.092759][ T27] audit: type=1800 audit(1779351441.744:16): pid=6683 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.234" name="file0" dev="loop0" ino=26 res=0 errno=0 [ 136.633005][ T6675] trusted_key: encrypted_key: master key parameter 'B' is invalid [ 138.502766][ T6702] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 139.240845][ T2896] [ 139.243207][ T2896] ============================================ [ 139.249350][ T2896] WARNING: possible recursive locking detected [ 139.255517][ T2896] syzkaller #0 Not tainted [ 139.259927][ T2896] -------------------------------------------- [ 139.266071][ T2896] kworker/u4:9/2896 is trying to acquire lock: [ 139.272216][ T2896] ffffe8ffffd5a3c8 (&pd_list->lock){+...}-{2:2}, at: padata_do_serial+0x644/0xa70 [ 139.281476][ T2896] [ 139.281476][ T2896] but task is already holding lock: [ 139.288839][ T2896] ffffe8ffffc5ada8 (&pd_list->lock){+...}-{2:2}, at: padata_do_serial+0x4db/0xa70 [ 139.298040][ T2896] [ 139.298040][ T2896] other info that might help us debug this: [ 139.306077][ T2896] Possible unsafe locking scenario: [ 139.306077][ T2896] [ 139.313519][ T2896] CPU0 [ 139.316789][ T2896] ---- [ 139.320160][ T2896] lock(&pd_list->lock); [ 139.324489][ T2896] lock(&pd_list->lock); [ 139.328794][ T2896] [ 139.328794][ T2896] *** DEADLOCK *** [ 139.328794][ T2896] [ 139.336914][ T2896] May be due to missing lock nesting notation [ 139.336914][ T2896] [ 139.345230][ T2896] 3 locks held by kworker/u4:9/2896: [ 139.350488][ T2896] #0: ffff88801e276538 ((wq_completion)pencrypt_parallel){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 139.362386][ T2896] #1: ffffc9000c027d00 ((work_completion)(&pw->pw_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 139.374192][ T2896] #2: ffffe8ffffc5ada8 (&pd_list->lock){+...}-{2:2}, at: padata_do_serial+0x4db/0xa70 [ 139.383846][ T2896] [ 139.383846][ T2896] stack backtrace: [ 139.389744][ T2896] CPU: 1 PID: 2896 Comm: kworker/u4:9 Not tainted syzkaller #0 [ 139.397372][ T2896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 139.407413][ T2896] Workqueue: pencrypt_parallel padata_parallel_worker [ 139.414189][ T2896] Call Trace: [ 139.417479][ T2896] [ 139.420400][ T2896] dump_stack_lvl+0x18c/0x250 [ 139.425064][ T2896] ? show_regs_print_info+0x20/0x20 [ 139.430241][ T2896] ? print_deadlock_bug+0x435/0x5d0 [ 139.435421][ T2896] __lock_acquire+0x5dbc/0x7d40 [ 139.440372][ T2896] ? verify_lock_unused+0x140/0x140 [ 139.445548][ T2896] ? mark_lock+0x94/0x320 [ 139.449860][ T2896] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 139.455818][ T2896] lock_acquire+0x19e/0x420 [ 139.460300][ T2896] ? padata_do_serial+0x644/0xa70 [ 139.465304][ T2896] ? lockdep_hardirqs_on+0x98/0x150 [ 139.470482][ T2896] ? queue_work_on+0x19a/0x1f0 [ 139.475232][ T2896] ? read_lock_is_recursive+0x20/0x20 [ 139.480582][ T2896] ? __rwlock_init+0x150/0x150 [ 139.485326][ T2896] ? generic_gcmaes_encrypt+0x289/0x3d0 [ 139.490857][ T2896] _raw_spin_lock+0x2e/0x40 [ 139.495343][ T2896] ? padata_do_serial+0x644/0xa70 [ 139.500349][ T2896] padata_do_serial+0x644/0xa70 [ 139.505183][ T2896] ? padata_parallel_worker+0x44/0x1c0 [ 139.510625][ T2896] padata_parallel_worker+0x6f/0x1c0 [ 139.515892][ T2896] ? process_scheduled_works+0x96f/0x15d0 [ 139.521592][ T2896] process_scheduled_works+0xa5d/0x15d0 [ 139.527123][ T2896] ? worker_attach_to_pool+0x380/0x380 [ 139.532561][ T2896] ? assign_work+0x3d2/0x5d0 [ 139.537135][ T2896] worker_thread+0xa55/0xfc0 [ 139.541709][ T2896] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 139.547583][ T2896] ? _raw_spin_unlock+0x40/0x40 [ 139.552416][ T2896] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 139.558294][ T2896] kthread+0x2fa/0x390 [ 139.562362][ T2896] ? pr_cont_work+0x560/0x560 [ 139.567039][ T2896] ? kthread_blkcg+0xd0/0xd0 [ 139.571608][ T2896] ret_from_fork+0x48/0x80 [ 139.576004][ T2896] ? kthread_blkcg+0xd0/0xd0 [ 139.580574][ T2896] ret_from_fork_asm+0x11/0x20 [ 139.585343][ T2896] [ 139.742378][ T6711] trusted_key: encrypted_key: master key parameter 'B' is invalid [ 140.313760][ T5814] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 140.493734][ T5814] usb 2-1: Using ep0 maxpacket: 16 [ 140.501145][ T5814] usb 2-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 140.510259][ T5814] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.519445][ T5814] usb 2-1: config 0 descriptor?? [ 140.931063][ T5814] uclogic 0003:28BD:0042.0002: interface is invalid, ignoring [ 141.132936][ T5814] usb 2-1: USB disconnect, device number 7