last executing test programs: 7m47.275254119s ago: executing program 0 (id=1): openat$kvm(0xffffffffffffff9c, 0x0, 0x901800, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() socket$inet_tcp(0x2, 0x1, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getrusage(0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) futex(0x0, 0x84, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x5, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$exfat(&(0x7f0000002bc0), &(0x7f0000000000)='./bus\x00', 0x10000, &(0x7f0000000040)={[{@iocharset={'iocharset', 0x3d, 'cp855'}}, {@errors_continue}, {@utf8}]}, 0x1, 0x1535, &(0x7f00000001c0)="$eJzs3AucjdX6OPDnWWu9Y0jaTXIZ1lrPy04uiyTJJUkuSZIkSW4JSZIjCYkht6QhCcllSC5DSC4Tk8b9fr8kJEmTJCG5Jev/mZi/OnX+55xfnfz+Z57v57M/s55Z+1nvs+aZvfe739l802VojUY1qzYgIvhD8OKXBACIBYCBAHANAAQAUDaubFzGfHaJCX/sIOzP9VDyla6AXUnc/6yN+5+1cf+zNu5/1sb9z9q4/1kb9z9r4/4zlpVtnp7/Wr5l3Rtf/8/K+PX/v0h6ybFfrC15fVeAmH81hfv//z/8A7nc//9awb9yJ+5/1sb9z6pir3QB7H8BfvxnBdn+4Qz3P2vj/jOWlf3yWnAsXPnr0X/1DSL/yb+B+F4Xf8pXfp//cP+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxthf4Iy/TAFA5vhK18UYY4wxxhhjjLE/j892pStgjDHGGGOMMcbYfx6CAAkKAoiBbBAL2SEHCICYzPlrIQ6ug9xwPeSBvJAP8kM8FICCoMGABYIQCkFhiMINUARuhKJQDIpDCXBQEkrBTVAaboYycAuUhVuhHNwG5aECVIRKcDtUhjugCtwJVeEuqAbVoQbUhLuhFtwDteFeqAP3QV24H+rBA1AfHoQG8BA0hIehETwCjeFRaAJNoRk0hxb/o/wXoAe8CD2hFyRAb+gDL0Ff6Af9YQAMhJdhELwCg+FVSIQhMBReg2HwOgyHN2AEjIRR8CaMhrdgDIyFcTAekmACTIS3YRK8A5NhCkyFaZAM02EGvAszYRbMhvdgDrwPc2EezIcFkAIfwEJYBKnwISyGjyANlsBSWAbLYQWshFWwGtbAWlgH62EDbIRNsBm2wFbYBtthB+yEj2EXfAK7YQ/shU9hH3z2b+af/rv8rggIKFCgQoUxGIOxGIs5MAfmxJyYC3NhBCMYh3GYG3NjHsyD+TAfxmM8FsSCaNAgIWEhLIRRjGIRLIJFsSgWx+Lo0GEpLIWl8WYsg2WwLJbFclgOy2MFrICVsBJWxspYBatgVayK1bAa1sAaeDfejb2xNtbGOlgH62LdzMtT2AAbYENsiI2wETbGxtgEm2AzbIYtsAW2xJbYClthG2yDbbEttsN22B7bYwfsgB2xI3bCTtgZO2MX7IJdsRt2S38hG+CL+CL2wmqiN/bBPtgXE7P1xwE4AF/GQfgKvoKvYiIOwaH4Gr6Gr+NwPIUjLozEUTgKK4u3cAyORRLjMQmTcCJOxEk4CSfjFJyC0zAZp+MMnIEzcRbOwvdwDr6P7+M8nIcLMAVTcCEuwlRMxcV4GtNwCS7FZbgcV+ByXIWrcRWuxXW4FjfgBtyEm3ALbsFtuA134A78GBUAfoJ7cA8m4j7ch/txPx7AA3gQD2I6puMhPISH8TAewSN4FI/iMTyOJ/A4nsSTeApP4xk8g+fwHJ7H5+K/avhxsTWJIDIooUSMiBGxIlbkEDlETpFT5BK5RERERJyIE7lFbpFH5BH5RD4RL+JFQVFQGGEEiTDjmUJERVQUEUVEUVFUFBfFhRNOlBKlRGlRWpQRZURZcasoJ24T5UUF0dpVEpVEZdHGVRF3iqqiqqgmqosaoqaoKWqJWqK2qC3qiDqirqgr6okHRH3RG/vjQyKjM43EEGwshmIT0VTIS89QLcVwbCVaizbiCTESR2A70dK1F0+LDmIMdhR/E2PxWdFZjMcu4nnRVXQT3cULoodo5XqKXmIy9hZ9xDTsK/qJ/mKAmInVxXs4J3sN8apIFEPEUPGaWICvi+HiKjFCjBSjxJtitHhLjBFjxTgxXiSJCWKieFtMEu+IyWKKmCqmiWQxXcwQ74qZYpaYLd4Tc8T7Yq6YJ+aLBSJFfCAWikUiVXwoFouPRJpYIpaKZWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im1iu9ghdoqPxS7xidgt9oi94lOxT3wm9ovPxQHxhTgovhTp4itxSHwtDotvxBHxrTgqvhPHxHFxQnwvToofxClxWpwRZ8U58aM4L34SF4QXIFEKKaWSgYyR2WSszC5zyKtkThlkPv/LOHmdzC2vl3lkXplP5pfxsoAsKLU00kqSoSwkC8uovEEWkTfKorKYLC5LSCdLylLyJlla3izLyFtkWXmrLCdvk+VlBVlRVpK3y8ryDgmRi8eoJqvLGrKmvFsmwD2ytrxX1pH3ybryfllPPiDrywdlA/mQbCgflo3kI7KxfFQ2kU1lM9lctpCPyZbycdlKtpZt5BOyrXxStpNPyfbyadlB+ku/Is/KzvI52UU+L7vKbrK7/ElekF72lL0k9AbZR74k+8p+sr8cIAfKl+Ug+YocLF+ViXKIHCpfk8Pk63K4fEOOkCPlKPmmHC3fkmPkWDlOjpdJcoKcKN+Wk+Q7crKcIqfKaTJZTpf9L600W8p/mv/27+QP/vnom+RmuUVuldvkdrlD7pQfy11yl9wtd8u9cq/cJ/fJ/XK/PCAPyIPyoEyX6fKQPCQPy8PyiDwij8qj8pg8Ls/K7+VJ+YM8JU/L0/KsPCfPyfOXfgagUAkllVKBilHZVKzKrnKoq1ROdbXKpa5REXWtilPXqdzqepVH5VX5VH4Vrwqogkoro6wiFapCqrCKqhvw0i+MKq5KKKdKqlLqpn8nXxVRN6qiqtiv8jPrS/gH9bVQLVRL1VK1Uq1UG9VGtVVtVTvVTrVX7VUH1UF1VB1VJ9VJdVadVRfVRXVVXVV31V31UD1UT9VTJagE1Ue9pPqqfqq/GqAGqpdFxh4Gq8EqUSWqoWqoGqaGqeFquBqhRqhRapQarUarMWqMGqfGqSSVpCaqiWqSmqQmq8lqqpqqklWymqFmqJlqppqtZqs5ao6aq+aq+Wq+SlEpaqFaqFJVqlqsFqs0tUQtUcvUMrVCrVCr1Cq1Rq1R69Q6tUFtUGlqs9qstqqtarvarnaqnWqX2qV2q91qr9qr9ql9ar/arw6oA+qgOqjSVbo6pA6pw+qwOqKOqKPqqDqmjqkT6oQ6qU6qU+qUOqPOqHPqnDqvzqsL6kLGaV8gAhGoQAUxQUwQG8QGOYIcQc4gZ5AryBVEgkgQF8QFuYPrgzxB3iBfkD+IDwoEBQMdmMAG4lLTo8ENQZHgxqBoUCwoHpQIXFAyKBXcFJQObg7KBLcEZYNbg3LBbUH5oEJQMagU3B5UDu4IqgR3BlWDu4JqQfWgRlAzuDuoFdwT1A7uDeoE9wV1g/uDesEDQf3gwaBB8FDQMHg4aBQ8EjQOHg2aBE2DZkHzoMWfur73p/I+7nrqXjpB99Z99Eu6r+6n++sBeqB+WQ/Sr+jB+lWdqIfoofo1PUy/rofrN/QIPVKP0m/q0fotPUaP1eP0eJ2kJ+iJ+m09Sb+jJ+speqqeppP1dD1Dv6tn6ll6tn5Pz9Hv67l6np6vF+gU/YFeqBfpVP2hXqw/0ml6iV6ql+nleoVeqVfp1XqNXqvX6fV6g96oN+nNeoveqrfp7XqH3qk/1rv0J3q33qP36k/1Pv2Z3q8/1wf0F/qg/lKn66/0If21Pqy/0Uf0t/qo/k4f08d1Gf29Pql/0Kf0aX1Gn9Xn9I/6vP5JX9A+4+Q+4+XdKKNMjIkxsSbW5DA5TE6T0+QyuUzEREyciTO5TW6Tx+Qx+Uw+E2/iTUFT0GQgQ6aQKWSiJmqKmCKmqClqipvixhlnSplSprQpbcqYMqasKWvKmXKmvClvKpqK5nZzu7nD3GHuNHeau8xdprqpbmqamqaWqWVqm9qmjqlj6pq6pp6pZ+qb+qaBaWAamoamkWlkGpvGpolpYpqZZqaFaWFampamlWll2pg2pq1pa9qZdqa9aW86mA6mo+loOplOprPpbLqYLqar6Wq6m+6mh+lhepqeJsEkmD6mj+lr+pr+pr8ZaAaaQWaQGWwGm0STaIaaoWaYGWaGm+FmhBlpRmWcqJq3zBgz1owz402SSTITzUQzyUwyk81kM9VMNckm2cwwM8xMM9PMNrPNHDPHzDVzzXwz36SYFLPQLDSpJtUsNotNmkkzS81Ss9wsNyvNSrParDZrzVqzHtabjWaj2Ww2m61mq9lutpudZqfZZXaZ3Wa32Wv2mn1mn9lv9psD5oA5aA6adJNuDplD5rA5bI6YI+aoOWqOmWPmhDlhTpqT5pQ5Zc6YM+acyXvp9dKbWJvd5rBX2Zz2apvLXmP/Ps5n89t4W8AWtNrmsXl/FRtrbVFbzBa3JayzJW0pe9Nv4vK2gq1oK9nbbWV7h63ym7iWvcfWtvfaOvY+W9Pe/au4rr3f1rOP2PqIALapbWib20b2EdvYPmqb2Ka2mW1u29onbTv7lG1vn7Yd7DO/iRfaRXa1XWPX2nV2t91jz9iz9rD9xp6zP9qetpcdaF+2g+wrdrB91SbaIb+JR9k37Wj7lh1jx9pxdvxv4ql2mk220+0M+66daWf9Jk6xH9g5NtXOtfPsfLvg5zijplT7oV1sP7JpNoCldpldblfYlXbV/611md1gN9pNdpf9xG612+x2u8PuzDwRtnvsXvup3Wc/s4fs1/aA/cIetEdsuv3q5zhjf0fst/ao/c4es8ftCfu9PWl/UJnZGXv/3v5kL1hvgZCAJCkKKIayUSxlpxx0FeWkqykXXUMRupbi6DrKTddTHspL+Sg/xVMBKkiaDFkiCqkQFaYo3UCZ5RWnEuSoJJWim6g03Uxl6BYqS7dSObqNylMFqkiV6HaqTHdQFbqTqtJdVI2qUw2qSXdTLbqHatO9VIfuo7p0P9WjB6g+PUgN6CFqSA9TI3qEGtOj1ISaUjNqTi3oMWpJj1Mrak1t6AlqS09SO3qK2tPT1IGeoY70N+pEz1Jneo660PPUlbpRd3qBetCL1JN6UQL1pj70EvWlftSfBtBAepkG0Ss0mF6lRBpCQ+k1Gkav03B6g0bQSBpFb9JoeovG0FgaR+MpiSbQRHqbJtE7NJmm0FSaRsk0nWbQuzSTZtFseo/m0Ps0l+bRfFpAKfQBLaRFlEof0mL6iNJoCS2lZbScVtBKWkWraQ2tpXW0njbQRtpEm2kLbaVttJ120E76mHbRJ7Sb9tBe+pT20We0nz6nA/QFHaQvKZ2+okP0NR2mb+gIfet70Xd0jI7TCfqeTtIPdIpO0xk6S+foRzpPP9EF8gQhhiKUoQqDMCbMFsaG2cMc4VVhzvDqMFd4TRgJrw3jwuvC3OH1YZ4wb5gvzB/GhwXCgqEOTWhDCsOwUFg4jIY3hEXCG8OiYbGweFgidGHJsFR4U1g6vDksE94Slg1vDcuFt4XlwwrhI/dVCm8PK4d3hFXCO8Oq4V1htbB6WCOsGd4d1grvCWuH94Z1wvvCMuH9Yb3wgbB++GDYIHwobBg+HDYKHwkbh4+GTcKmYbOwedgifCxsGT4etgpbh23Cq8K24ZNhu/CpsH34dNghfObn+fsXZc4/8Zv5hLB32Cd8KXwp9P5eOT+6IJoS/SC6MLoomhr9MLo4+lE0LbokujS6LLo8uiK6Mroqujq6Jro2ui66ProhujG6Kep9zWzg0AknnXKBi3HZXKzL7nK4q1xOd7XL5a5xEXeti3PXudzuepfH5XX5XH4X7wq4gk4746wjF7pCrrCLuhtcEXejK+qKueKuhHOupCvlmrsWroVr6R53rVxr18Y94Z5wT7on3VPuKfe06+CecR3d31wn96zr7J5zz7nnXVfXzXV3L7gebkKui4/JBNfH9XF9XV/X3/V3A91AN8gNcoPdYJfoEt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NckktyE91EN8lNcpPdZDfVTXXJLtnNcDPcTDfTVZ518Shz3Vw33813KS7FLXQZ54ypbrFb7NJcmlvqlrrlbrlb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+l2ul1ul9vtr7m4qNvn9rv97oA74A66L126+8odcl+7w+4bd8R9646679wxd9ydcN+7k+4Hd8qddmfcWXfO/ejOu5/cBeddUmRCZGLk7cikyDuRyZEpkamRaZHkyPTIjMi7kZmRWZHZkfcicyLvR+ZG5kXmRxZEUiIfRBZGFkVSIx9GFkc+iqRFlkSWRpZFlkdWRLwvsDX0hXxhH/U3+CL+Rl/UF/PFfQnvfElfyt/kS1+sO837W305f5sv7yv4iv5R38Q39c18c9/CP+Zb+sd9K9/at/FP+Lb+Sd/OP+Xb+6d9B/+M7+j/5jv5Z31n/5zv4p/3XX03392/4Hv4F31P38sn+N6+j3/J9/X9fH8/wA/0L/tB/hU/2L/qE/0QP9S/5of51/1w/4Yf4Uf6UTFv+tGZb5FhvE/yE/xE/7af5N/xk/0UP9VP88l+up/h3/Uz/Sw/27/n5/j3/Vw/z8/3C3yK/8Av9It8qv/QL/Yf+TS/JPOisV/pV/nVfo1f69f59X6D3+g3+c1+i9/qt/ntfoff6T/2u/wnfrff4/f6T/0+/5nf7z/3B/wX/qD/0qf7r/wh/7U/7L/xR/y3/qj/zh/zx/0J/70/6X/wp/xpf8af9ef8j/68/8lf4H+zxhhjjDH2L5lweSh+PXPxcn7v38kRv7hzHwC4elv+9F/OZ5xRrs9zcdxPxMdmfH26V5eHMm/VqiUkJFy6b5qEoPA8gMy/BGX4+aMHl+Il0AaehPbQGkr/bv39RLdz9E/Wj94KkOMXORkFZcaX1/8cABN+s99+4rEnRi0sF56J+3+sPw+gaOHLOdnhcrwE2vx8faU1lPkH9edt+U/qz/5FEkCrX+TkhMvx5fpLwePwDLT/1T0ZY4wxxhhjjLGL+omKnTLff2Z+4vP33p/Hq8s52eBy/M/enzPGGGOMMcYYY+zKe7Zb96cea9++dad/f1Dlf5T1Lw8aw39qZR787sB7gMzvKAD4gwsCZAzkX7mLLX/JsRIvPXT+fmr5WR/A/45W/hmDK/zExBhjjDHGGPvTXT7p//X31ZUqiDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYy4L+iv9O7ErvkTHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGLvS/k8AAAD///P/+v8=") r3 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r3, 0x0, 0x0) 7m45.628424281s ago: executing program 0 (id=23): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="02080000010000000000000100000000010014"], 0x18}}, 0x0) io_setup(0x9, &(0x7f00000002c0)=0x0) r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) io_submit(r3, 0x1, &(0x7f0000000180)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f00000000c0)="01", 0x24}]) 7m43.192463907s ago: executing program 0 (id=26): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000ac0), 0x81, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0x0, 0xa0) ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000000600)={0x23e2, 0x3, 0x9, 0x2}) 7m39.250328094s ago: executing program 0 (id=28): syz_open_dev$tty20(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x42}}, 0x2e) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x14, r5, 0x325, 0x0, 0x0, {0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x40001}, 0x0) 7m23.721659995s ago: executing program 32 (id=28): syz_open_dev$tty20(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x42}}, 0x2e) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x14, r5, 0x325, 0x0, 0x0, {0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x40001}, 0x0) 6m17.738623862s ago: executing program 4 (id=126): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r0, 0x0, 0x4000000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x841) r5 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) ioctl$DVB_DEMUX_DMX_SET_FILTER(r5, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856af9fb71f0d3fe13be", "3dfab043e15fad27a639f105b5e9f977", "47eb0b1889b90f105d66b3e5a7c94742"}, 0x4, 0x4}) close_range(r4, 0xffffffffffffffff, 0x0) 6m15.011636994s ago: executing program 4 (id=130): socket(0xa, 0x3, 0x87) socket$inet6(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) inotify_init1(0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2) socket(0x1, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48640) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff], 0x0, 0x1}) 6m14.70777262s ago: executing program 4 (id=132): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(r0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x8000000001, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x1539, 0x0, 0x2}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) unshare(0x6020400) r5 = fsopen(0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x20, 0x20, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{}]}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x3c}, 0x28) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) waitid(0x3, 0x0, 0x0, 0x60000009, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x35a71, 0x20000}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @empty}, @IFLA_IPTUN_LINK={0x8}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x20040050) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r7, 0x1, 0x2a, &(0x7f0000000000)=0xb6, 0x4) syz_emit_ethernet(0x0, 0x0, 0x0) 6m12.445699109s ago: executing program 4 (id=133): socket(0xa, 0x3, 0x87) socket$l2tp6(0xa, 0x2, 0x73) socket$inet6(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) inotify_init1(0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2) socket(0x1, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$inet_udp(0x2, 0x2, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101701) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48640) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), 0x0, 0x0, 0x1}) 6m1.967035224s ago: executing program 4 (id=143): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f00003b6000/0x4000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r4 = io_uring_setup(0x1e5d, &(0x7f0000000040)={0x0, 0x4e5fb, 0xc000, 0x7fff, 0x65}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xfff0}, {0xe, 0xffff}}}, 0x24}}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r5 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r4, 0x2219, 0x7721, 0x16, 0x0, 0x0) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 5m59.896248044s ago: executing program 4 (id=145): unshare(0x42000000) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="44000000090601020000000000000019030000000900020073797a310000000005000100070000001c0007800c00018008000140ffffffff0c00148008000140"], 0x44}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) 5m44.470392014s ago: executing program 33 (id=145): unshare(0x42000000) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="44000000090601020000000000000019030000000900020073797a310000000005000100070000001c0007800c00018008000140ffffffff0c00148008000140"], 0x44}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4) 3m9.320287223s ago: executing program 1 (id=290): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x151000, 0x0) ioctl$TIOCMBIS(r0, 0x5416, &(0x7f00000001c0)=0x1b5) socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x25104000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) setsockopt$nfc_llcp_NFC_LLCP_MIUX(0xffffffffffffffff, 0x118, 0x1, 0xffffffffffffffff, 0xfe93) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000400)='./file7\x00', 0x21c0, 0x103) mknodat(0xffffffffffffff9c, 0x0, 0x2000, 0x103) connect$unix(r3, 0x0, 0x0) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e3, 0x0) r4 = socket$nl_audit(0x10, 0x3, 0x9) bind$netlink(r4, 0x0, 0x0) 3m7.88743607s ago: executing program 1 (id=291): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) unshare(0x2c020400) shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil) write$tun(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x19) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000001b40)={'syz0\x00', {0x0, 0x0, 0x0, 0x2}, 0x0, [0x39, 0x3, 0x4000401, 0x8, 0xe, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4, 0x9, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2a, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xfffffffd, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x5, 0xfffffff6, 0x0, 0x8, 0x800000, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x1], [0x3, 0xfffff41a, 0x0, 0x0, 0x4, 0x20000, 0x2000000, 0xedc0, 0x0, 0x5ee, 0x5, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x8, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, 0x0, 0xfffffff8, 0x2, 0x0, 0x2, 0x400, 0x0, 0x0, 0x8, 0x40000, 0x0, 0xc0800000, 0x100, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x1, 0xfffffffe, 0xfffff986], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x80, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x2, 0xfffffffc, 0x0, 0x0, 0xfffffffd, 0x2, 0xffffffff, 0x1000, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x200, 0x2, 0x6, 0x80000000, 0x2, 0x47fff, 0x0, 0x0, 0x0, 0x3, 0x0, 0xf, 0x3, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4, 0xf88], [0xfffffffe, 0x0, 0x4, 0x0, 0xfffefffe, 0x0, 0xfffffffe, 0x4, 0xfffffffc, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x803, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffff, 0x0, 0x3, 0xffffffff, 0x0, 0x0, 0x10, 0x5, 0xfffffffe, 0x3, 0x0, 0x4, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0xea, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0xffffffff, 0x0, 0x0, 0xffffe]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x16, 0x13, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3m6.112764911s ago: executing program 1 (id=293): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, 0x0, 0x0) listen(r4, 0x0) r5 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f00000000c0)={0x7fffffff, 0x6, 0x2, 0x7c1e92a2, 0x13, "26df5592186bff9dd233efecf528ffc2a6e099"}) connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) r6 = accept(r3, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) recvfrom(r5, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) 3m3.522194968s ago: executing program 1 (id=295): ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x4}) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000080)='./file0\x00', 0x200080, &(0x7f0000000000)=ANY=[], 0x0, 0x63c, &(0x7f0000000c80)="$eJzs3c1rHOcdB/DvrFZryQVHSezELYGKGNJSUVsvKK16iV1Kq0MoIT30LGw5Fl4rQVKKEkpR36GnHvIHpAfdeir0bkjP7S1XHQOFXnLSTWVmZ6W1vZL1Fq8Ufz5m9nmefWae+c1vZ2Z3di0mwHNrfiLNhykyP/H2etne2pxpb23OXKi720nKeiNpdooUy0nxWXIznSnfLJ+s5y/2W88nS3Pvfv7l1hedVrOenr7c4WzUU8aTDNXlY1p/Ocp4w51KOc7t/uMdxc+6W1gm7Fo3cTBoO72qJzYGHRLwjBWd980njCUXk4zUnwNSnx0azza60+csBwAAwPPghe1sZz2XBh0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnCf1/f+Lemp06+Mpuvf/byW5Vc/eGnC4J/Zw0AEAAAAAAAAAwCn49na2s55L3fZOUf3m/3rVuFw9fiMfZjWLWcn1rGcha1nLSqaSjPUM1FpfWFtbmTrEktN9l5x+NtsLAAAAAAAAAF9Tv8v83u//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwSEN1WXSqRT1d7tbH0mgmGenOv5H8J0lrcBEfWdHvyYfPPg4AAAA4kZFjLPPCdraznkvd9k5RXfO/Ul0vj+TDLGctS1lLO4u5U19Dl1f9ja3NmfbW5syDcnpy3Fv/O1IY1Yi7X0P0W/PVao7R3M1S9cz13K6CuZNGtWTpajee/nH9toypeKt2yMju1GW5sr/u9y3CQIxVGRnezchkHVuZjRcPzsRTX53mgWuaSmP3m5/LX0HOL9ZluT1/Ops5b6TKxHTP3vfKwZlIvvPPv//yXnv5/r27qxNnZ5OO6fF9YqYnE6+e60w0jzj/ZJWJK7vt+fw0v8hExvNOVrKUX2Uha1nMTt2/UO/P5ePYwZm6+UjrnadF0qpfl85Z9DAxjecnVW0hr1fLXspSiryfO1nMm9W/6UzlB5nNbOZ6XuEr+8ZdbVt11DeOdtRf+25dGU3y57octM5bapnXF3vy2nvOHav6ep/Zy9JLp39ubH6rrpTr+H1dng2PZ2KqJxMvH5yJv1XHxmp7+f7KvYUP9hl/47H2G3VZ7nF/PFPvEuX+8lJG6jPJo3tH2ffy7lnm0Xy16l9cOn2NJ/quVH1F0T1Sf77vkdqqP8M9OdJ01fdq376Zqu9qT98jn7fyftq7n4cAOMMufu9ia/S/o/8e/XT0D6P3Rt8e+fGFH154rZXhfw3/qDk59EbjteIf+TS/2bv+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjm/1o4/vL7Tbiyv9K439u063UtQ38jlonubhYlY585XuTQRPPODNgW3FrUHn8LQqQ0n6ddUv0XFuLgqcCzfWHnxwY/Wjj7+/9GDhvcX3FpeHZ2fnJudm35y5cXepvTjZeRx0lMBXYe9Nv39/caZusAkAAAAAAAAAAADkcH9Ls1P//79j/6XBoLcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAON/mJ9J8mCJTk9cny/bW5ky7nLr1vTmbSRqNpPh1UnyW3ExnyljPcMVb+6znk6W5dz//cuuLvbGa1fzloHV5Ahv1lPEkQ3V5WuPdPvF4xe4Wlgm71k0cDNr/AwAA///K2/nA") openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x107043, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) clock_gettime(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500, 0xffffffffffffffff, 0xe}, 0x50) mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r4, 0x0) getdents(0xffffffffffffffff, &(0x7f0000001fc0)=""/184, 0xb8) setitimer(0x1, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0xffffffffffffffff}, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x89a2, &(0x7f0000000040)={'bridge0\x00', @random="200000009375"}) 3m2.064514883s ago: executing program 1 (id=298): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0xe0, 0xf, 0x7fff7ffc}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clock_adjtime(0x0, &(0x7f0000000000)={0x66b7, 0x0, 0xfffffffffffeffff, 0x7, 0x0, 0xfffffffffffffffd, 0x77, 0x0, 0x0, 0x0, 0x8, 0x248e, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x81, 0x6, 0x5, 0x7ff, 0xf439}) ptrace$getregset(0x4204, 0x0, 0x2, 0x0) r4 = socket$inet(0xa, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f00000002c0)=@mangle={'mangle\x00', 0x44, 0x6, 0x3c8, 0x2d8, 0x98, 0x2d8, 0x98, 0x138, 0x378, 0x378, 0x378, 0x378, 0x378, 0x6, 0x0, {[{{@ip={@loopback, @multicast1=0xe0007600, 0x0, 0x0, 'gre0\x00', 'ip6gre0\x00', {}, {}, 0x0, 0x0, 0x11}, 0x7a00, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@multicast1, @local, 0x0, 0x0, 'wg1\x00', 'nicvf0\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private2, 'veth0_virt_wifi\x00', {0x7}}}}, {{@ip={@rand_addr, @private, 0xffffffff, 0xff, 'syzkaller0\x00', 'veth1_to_team\x00', {}, {0xff}}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@empty, @empty, 0xff000000, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x1fb, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x428) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000780)=ANY=[@ANYBLOB="fc000000190001002dbd700003f4ff00", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff00"/69, @ANYBLOB], 0xfc}}, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, 0x0, 0x4000050) r7 = timerfd_create(0x9, 0x80000) timerfd_settime(r7, 0x2, &(0x7f0000000100)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x3f00000000000000) 3m0.168142718s ago: executing program 1 (id=300): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4000000000000006b014b00000000000600000000000000950000000000000009f60c381c612effd1d7c5574cabd05878e2cf48bf1161c2f46cc699c4731329508dfd5c0b7efcf517c57398183d0268fa22ad6a5fcd6206e7aa6d56"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x3, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207f00000000000000bfa100000000000007010000f8fffeffb702000008000000b703000000000000850000002d000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000a000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) accept4$unix(0xffffffffffffffff, &(0x7f0000000240)=@abs, &(0x7f00000002c0)=0x6e, 0x800) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000540)={{{@in6=@remote, @in=@multicast2}}, {{@in6=@private1}, 0x0, @in6=@ipv4={""/10, ""/2, @loopback}}}, &(0x7f0000000640)=0xe8) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{0x0}, {&(0x7f0000000380)}], 0x2}}], 0x1, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 2m43.639098432s ago: executing program 34 (id=300): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4000000000000006b014b00000000000600000000000000950000000000000009f60c381c612effd1d7c5574cabd05878e2cf48bf1161c2f46cc699c4731329508dfd5c0b7efcf517c57398183d0268fa22ad6a5fcd6206e7aa6d56"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x3, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207f00000000000000bfa100000000000007010000f8fffeffb702000008000000b703000000000000850000002d000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000a000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) accept4$unix(0xffffffffffffffff, &(0x7f0000000240)=@abs, &(0x7f00000002c0)=0x6e, 0x800) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000540)={{{@in6=@remote, @in=@multicast2}}, {{@in6=@private1}, 0x0, @in6=@ipv4={""/10, ""/2, @loopback}}}, &(0x7f0000000640)=0xe8) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{0x0}, {&(0x7f0000000380)}], 0x2}}], 0x1, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 18.330001604s ago: executing program 3 (id=400): r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) r1 = fsmount(r0, 0x0, 0x2) r2 = openat$cgroup_subtree(r1, &(0x7f0000000100), 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f00000000c0), 0x0) syz_usb_connect$uac2(0x3, 0xeb, 0x0, 0x0) socket$netlink(0x10, 0x3, 0xf) r3 = getpgrp(0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x8000000000001, r3, 0x2, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r5 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r5, 0x1, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) r7 = syz_open_procfs(r4, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r7, &(0x7f0000002c00)={0x2020}, 0x2020) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r8, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r8, &(0x7f0000000340)="180000000100", 0x6) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r7, 0x18, 0x0, 0x1) 16.066362307s ago: executing program 2 (id=401): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r1, @ANYBLOB="010028057000fcdbdf253b0000000800", @ANYRES32], 0x398}}, 0x0) 15.674431401s ago: executing program 2 (id=402): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, 0x0, 0x20004090) openat$rtc(0xffffff9c, &(0x7f0000000080), 0xa200, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') read$FUSE(r5, &(0x7f0000000080)={0x2020}, 0x2020) ioctl$TCSBRKP(r5, 0x5425, 0x4) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003f80)=ANY=[], 0x1, 0x2fb, &(0x7f0000000180)="$eJzs3M9PE1sUwPHTn7QlUBYv7+W95IUb3ehmAtW10hhIjE0kSI0/EpMBptp0bEmnwdQY0ZVb4x/hgrBkR6L8A2zc6caNOzYmLmRhrOl0hpYypQVGivD9JGQOc+6h93aG5Nym7dad148LOUvL6RUJxpQERES2RUYkKK6AcwzacVRavZCLg98+/n/r7r0b6UxmckapqfTspZRSanj03ZNncWfY+oBsjjzY+pr6svn35r9bP2cf5S2Vt1SxVFG6mit9ruhzpqEW8lZBU2raNHTLUPmiZZQb+VIjnzNLi4tVpRcXhhKLZcOylF6sqoJRVZWSqpSrKvRQzxeVpmlqKCHoJrsyM6OnD1k87/Nk8JuUy2k9JCLxPZnsSl8mBAAA+qq9/w+K8rP/Xz23URm8vTbs9P/rUa/+//Knxt/a1f/HRMSz/3cf37P/1+v9f1h67f/3dkRny5H6f5wMo9E9pwLNsJ4sp/WE8/9re3l/dcwO6P8BAAAAAAAAAAAAAAAAAAAAAPgTbNdqyVqtlnSP7k89FxOR1t/bhETk6vHPGH7qdP0Hul9/nALND+6Fh0XMV0vZpWzj6AzYEBFTDBmTpPyw7wdHPXY/eaTqRuS9uezULy9lQ3YmnZO8XT8uyYi019dqU9czk+OqYXd9RBKt9SlJyl/e9SnP+qhcON9Sr0lSPsxLSUxZsOfRrH8+rtS1m5m2+rg9DgAAAACA00BTOzz375rWKd+o39lft78+EGrur8c89+dh+S/c37UDAAAAAHBWWNWnBd00jfI+QVy6j2kEkR7GtAfhgww+QOCusNcq970MPk+jt8B98F2pmHPS96clcICnpUMQlMNUjdZXo466Cvdlo05jZHqi51WI+Hkp/3nz9rt/98aVtViXlR4+CO1/A0Sct38BAAAAOEWaTb97ZqK/EwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Aw6ju+36/caAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJPiVwAAAP//FZkC4A==") r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000040), 0x208e24b) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./bus\x00', 0x0, 0x1c10, 0x0) fdatasync(r6) 11.429545635s ago: executing program 2 (id=403): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, 0x0, 0x20004090) openat$rtc(0xffffff9c, 0x0, 0xa200, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/netlink\x00') read$FUSE(r5, &(0x7f0000000080)={0x2020}, 0x2020) ioctl$TCSBRKP(r5, 0x5425, 0x4) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000003f80)=ANY=[], 0x1, 0x2fb, &(0x7f0000000180)="$eJzs3M9PE1sUwPHTn7QlUBYv7+W95IUb3ehmAtW10hhIjE0kSI0/EpMBptp0bEmnwdQY0ZVb4x/hgrBkR6L8A2zc6caNOzYmLmRhrOl0hpYypQVGivD9JGQOc+6h93aG5Nym7dad148LOUvL6RUJxpQERES2RUYkKK6AcwzacVRavZCLg98+/n/r7r0b6UxmckapqfTspZRSanj03ZNncWfY+oBsjjzY+pr6svn35r9bP2cf5S2Vt1SxVFG6mit9ruhzpqEW8lZBU2raNHTLUPmiZZQb+VIjnzNLi4tVpRcXhhKLZcOylF6sqoJRVZWSqpSrKvRQzxeVpmlqKCHoJrsyM6OnD1k87/Nk8JuUy2k9JCLxPZnsSl8mBAAA+qq9/w+K8rP/Xz23URm8vTbs9P/rUa/+//Knxt/a1f/HRMSz/3cf37P/1+v9f1h67f/3dkRny5H6f5wMo9E9pwLNsJ4sp/WE8/9re3l/dcwO6P8BAAAAAAAAAAAAAAAAAAAAAPgTbNdqyVqtlnSP7k89FxOR1t/bhETk6vHPGH7qdP0Hul9/nALND+6Fh0XMV0vZpWzj6AzYEBFTDBmTpPyw7wdHPXY/eaTqRuS9uezULy9lQ3YmnZO8XT8uyYi019dqU9czk+OqYXd9RBKt9SlJyl/e9SnP+qhcON9Sr0lSPsxLSUxZsOfRrH8+rtS1m5m2+rg9DgAAAACA00BTOzz375rWKd+o39lft78+EGrur8c89+dh+S/c37UDAAAAAHBWWNWnBd00jfI+QVy6j2kEkR7GtAfhgww+QOCusNcq970MPk+jt8B98F2pmHPS96clcICnpUMQlMNUjdZXo466Cvdlo05jZHqi51WI+Hkp/3nz9rt/98aVtViXlR4+CO1/A0Sct38BAAAAOEWaTb97ZqK/EwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Aw6ju+36/caAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJPiVwAAAP//FZkC4A==") r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000040), 0x208e24b) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f00000000c0)='./bus\x00', 0x0, 0x1c10, 0x0) fdatasync(r6) 11.214133391s ago: executing program 3 (id=404): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x4000000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x841) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, 0x0, 0x0) accept$alg(r4, 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r5 = syz_open_dev$dvb_demux(0x0, 0x0, 0x2000) ioctl$DVB_DEMUX_DMX_SET_FILTER(r5, 0x403c6f2b, &(0x7f0000001e40)={0x6, {"2ac78e02ff04856af9fb71f0d3fe13be", "3dfab043e15fad27a639f105b5e9f977", "47eb0b1889b90f105d66b3e5a7c94742"}, 0x4, 0x4}) close_range(r3, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 7.103497018s ago: executing program 2 (id=405): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x5) setfsuid(0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0xfffffffffffffd6c) unshare(0x2040400) select(0xe, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x2710}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @tid=r0}, &(0x7f0000000300)) fcntl$lock(r2, 0x7, &(0x7f00000004c0)={0x0, 0x0, 0xd, 0x3ff}) socket$tipc(0x1e, 0x2, 0x0) timerfd_create(0x0, 0x0) 5.893215629s ago: executing program 3 (id=406): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x6a, &(0x7f00000001c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @dev, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x0, 0x5c, 0xffff, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x22eb, 0x0, 0x0, [0x5, 0x1]}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0xa888, 0x88be, 0x86ddffff, {{0x0, 0x1, 0xfe}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x9}}}}}}}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$ITER_CREATE(0x1d, 0x0, 0x0) r3 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000012000301000000000000000000009db7000000000000010004000000000000000000000000000000000000000000000000000000691d0f76e77044d1eb94e56239e4"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) 4.494049092s ago: executing program 3 (id=407): openat$ptmx(0xffffffffffffff9c, 0x0, 0x80782, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @fd={0x66642a85, 0x0, r0}}, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000006c0)="84"}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x28, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08"}) ioctl$BINDER_THREAD_EXIT(r3, 0x40046208, 0x0) 2.961868667s ago: executing program 3 (id=408): syz_open_dev$vcsa(&(0x7f00000000c0), 0x80, 0x100) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() r1 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r1, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, 0x0) r4 = fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x80) r6 = openat$cgroup_procs(r5, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f0000001c00), 0x12) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r7 = userfaultfd(0x801) ioctl$UFFDIO_API(r7, 0xc018aa3f, 0x0) mremap(&(0x7f000046d000/0x4000)=nil, 0x4000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) 2.876345927s ago: executing program 2 (id=409): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) write$UHID_INPUT(r5, &(0x7f0000001040)={0xe, {"a2e3ad21ed0d09f91b0b380987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f37096c060890e0878f0e1ac6e7049b094a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130f91850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153fae46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c343f7f140f319539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004c0400000000000000ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d984836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885e94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xfffffffffffffd6f}}, 0x1006) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ptrace(0x10, r3) 309.781412ms ago: executing program 3 (id=410): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_dev$ptys(0xc, 0x3, 0x1) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getdents(0xffffffffffffffff, 0xffffffffffffffff, 0x5a) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_emit_ethernet(0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x40, 0x7fff0000}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x1d, 0x0, 0x0, 0x10000000}, {0x6, 0x7}]}) 0s ago: executing program 2 (id=411): kexec_load(0x3, 0x7, &(0x7f00000005c0)=[{&(0x7f0000000000)="6509534a17aa723cba21a9d63c6a556b30b910a580cb50d65e9fab1ed59a7eb00a7109e4a355bed417bce60d6a5baab4bbecc5b2faaf2eba28c331345b612f1f4cbfdfa7bcb9bd2a0fbc8d7786bb68cff61167b98ef0adfbb79545bbb2c409be3adb3b54846920f1b194db5258279e8d06b863d51c0f90cd79ecb1f5ed3c44eb6353c0b451fe3f9b118422addd3f936d8cd5562d6ce55bf378ee8c0d0fc56a4a866c499b04ef61edca4fc06d78b964868e16d82c97be81055b072720c06a8b8b3daad5131e84447a4809d131ce0927ee8ec587e37e0f2df3499327f170b861", 0xdf, 0x5, 0xff}, {&(0x7f0000000100)="047715ac7141c111fab2fcda5de4dc8b278029bcb1bd17524f177856cac105f463c77e2d2ab44d875217dc82baa911f236f959fb9227524d4fe6b621a19823457d04c399283edbac755852623c82f7206d26e918a2981c8f68476969bf8c4bcd37ba24e4ba1683339879a11b854a7478f898805f327af12eaab8ac918c201b7f932e124796f1aba03e031312bd7e67403651abac282b310f420dbcdea31d52854783d6952a2a7b10f3e45715203107f8ce516d99c8c7db918e0989ef123cc524fa8ae0af5c952de542a268179439f62e20fb410df0a4c2e54ec355436d7cf9989fa7b13df2f6", 0xe6, 0x5, 0xffffffff}, {&(0x7f0000000200)="d8f3aabb28de3faf55566e010b6ef42f8002b91bf54d78caa3135bc4a5d30a8fd06d1e70130a8d2b505e9abe3aef1de2219df6f5f695131fe4fc01630cb7751927628d8d7ec59d998200794f89eea832f53f0f9aa4c91322544bc7f07e8cdf4598c9879e4af2de4daca6cf629d11f9c6ebdccfeca156899a89ed0e619add0bb6", 0x80, 0x5, 0x4}, {&(0x7f0000000340), 0x0, 0x100, 0x9}, {0x0, 0x0, 0x7, 0x2}, {0x0, 0x0, 0x2, 0xfffffffffffffffa}, {&(0x7f00000004c0), 0x0, 0x5, 0x6}], 0x0) sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000480)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x0) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000500)="4274aa814c8f6ea8d8db43", 0xb}, {0x0}, {0x0}, {&(0x7f0000000740)="747516464293f8e8eec3ccb7dd473a382a0d368ad8a1242abe3b11d915f3eb582e10ff9b8afa9a3d6fa9075032a573688f84e342bf19f200379d5291489fa5151a46ed483044e784cb8f430cbcd5a6145d72a2d2b2b6aa78add2ab0812de906e5545585d6aadca938d5a62632604101886bd45bc15550815c5dcec420b547b43f88b56489e54d47307371d68817c7eca00a16bce0ea94917082d622301673217c8ca26b5a362745ea01486a2ba576eb6601dfa400bb8", 0xb6}], 0x4}, 0x41) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48001}, 0x4044050) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0)=0x5, 0x12) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) kernel console output (not intermixed with test programs): 90.110803][ T5633] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.131185][ T5633] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.150155][ T5634] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.171258][ T5633] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.193740][ T5634] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.194185][ T5633] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.196494][ T5634] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.199361][ T5634] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.200188][ T5634] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.204126][ T5634] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.210519][ T5634] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.227879][ T5622] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.230357][ T5622] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.262222][ T5622] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.274885][ T5622] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.278568][ T5622] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.279851][ T5622] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.281532][ T5622] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.290207][ T5634] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.316649][ T5627] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.318204][ T5631] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.319578][ T5631] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.323652][ T5627] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.354640][ T5631] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 91.997719][ T836] cfg80211: failed to load regulatory.db [ 92.377773][ T5627] Bluetooth: hci1: command tx timeout [ 92.454949][ T5627] Bluetooth: hci3: command tx timeout [ 92.545942][ T5627] Bluetooth: hci4: command tx timeout [ 92.615987][ T5627] Bluetooth: hci0: command tx timeout [ 92.616005][ T5636] Bluetooth: hci2: command tx timeout [ 93.110670][ T5620] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.110905][ T5620] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.111959][ T5620] bridge_slave_0: entered allmulticast mode [ 93.115199][ T5620] bridge_slave_0: entered promiscuous mode [ 93.196682][ T5620] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.196898][ T5620] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.197083][ T5620] bridge_slave_1: entered allmulticast mode [ 93.200433][ T5620] bridge_slave_1: entered promiscuous mode [ 93.234235][ T5618] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.235020][ T5618] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.235729][ T5618] bridge_slave_0: entered allmulticast mode [ 93.243589][ T5618] bridge_slave_0: entered promiscuous mode [ 93.318313][ T5618] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.318550][ T5618] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.318739][ T5618] bridge_slave_1: entered allmulticast mode [ 93.321050][ T5618] bridge_slave_1: entered promiscuous mode [ 93.450126][ T5620] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.450607][ T5617] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.450959][ T5617] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.451516][ T5617] bridge_slave_0: entered allmulticast mode [ 93.453977][ T5617] bridge_slave_0: entered promiscuous mode [ 93.550136][ T5620] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.550544][ T5617] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.550786][ T5617] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.550967][ T5617] bridge_slave_1: entered allmulticast mode [ 93.553259][ T5617] bridge_slave_1: entered promiscuous mode [ 93.592722][ T5618] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.601568][ T5616] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.602393][ T5616] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.605885][ T5616] bridge_slave_0: entered allmulticast mode [ 93.616531][ T5616] bridge_slave_0: entered promiscuous mode [ 93.686536][ T5618] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.687066][ T5616] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.687335][ T5616] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.687555][ T5616] bridge_slave_1: entered allmulticast mode [ 93.689969][ T5616] bridge_slave_1: entered promiscuous mode [ 93.691963][ T5615] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.692174][ T5615] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.692359][ T5615] bridge_slave_0: entered allmulticast mode [ 93.712540][ T5615] bridge_slave_0: entered promiscuous mode [ 93.840564][ T5615] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.840799][ T5615] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.840987][ T5615] bridge_slave_1: entered allmulticast mode [ 93.843363][ T5615] bridge_slave_1: entered promiscuous mode [ 93.867564][ T5620] team0: Port device team_slave_0 added [ 93.885572][ T5617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.963274][ T5620] team0: Port device team_slave_1 added [ 93.973920][ T5617] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.985831][ T5618] team0: Port device team_slave_0 added [ 93.992451][ T5616] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.062890][ T5618] team0: Port device team_slave_1 added [ 94.073277][ T5616] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.089929][ T5615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 94.170394][ T5615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 94.172366][ T5620] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.172379][ T5620] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.172399][ T5620] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.217214][ T5617] team0: Port device team_slave_0 added [ 94.281801][ T5620] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.281814][ T5620] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.281833][ T5620] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.289483][ T5617] team0: Port device team_slave_1 added [ 94.296769][ T5618] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.296810][ T5618] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.296877][ T5618] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.329873][ T5616] team0: Port device team_slave_0 added [ 94.418996][ T5618] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.419010][ T5618] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.419031][ T5618] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.423190][ T5616] team0: Port device team_slave_1 added [ 94.439841][ T5615] team0: Port device team_slave_0 added [ 94.458001][ T5627] Bluetooth: hci1: command tx timeout [ 94.534692][ T5627] Bluetooth: hci3: command tx timeout [ 94.540118][ T5615] team0: Port device team_slave_1 added [ 94.624553][ T5627] Bluetooth: hci4: command tx timeout [ 94.694608][ T5627] Bluetooth: hci0: command tx timeout [ 94.694649][ T5627] Bluetooth: hci2: command tx timeout [ 94.919223][ T5617] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.919237][ T5617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.919256][ T5617] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.023565][ T5617] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.023578][ T5617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.023598][ T5617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.037695][ T5616] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.037739][ T5616] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.037815][ T5616] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.228596][ T5616] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.228609][ T5616] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.228629][ T5616] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.230785][ T5615] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 95.230796][ T5615] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.230816][ T5615] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 95.256654][ T5620] hsr_slave_0: entered promiscuous mode [ 95.271395][ T5620] hsr_slave_1: entered promiscuous mode [ 95.361556][ T5615] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 95.361569][ T5615] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 95.361588][ T5615] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 95.402485][ T5618] hsr_slave_0: entered promiscuous mode [ 95.416672][ T5618] hsr_slave_1: entered promiscuous mode [ 95.418036][ T5618] debugfs: 'hsr0' already exists in 'hsr' [ 95.418109][ T5618] Cannot create hsr debugfs directory [ 95.566937][ T5617] hsr_slave_0: entered promiscuous mode [ 95.568522][ T5617] hsr_slave_1: entered promiscuous mode [ 95.569778][ T5617] debugfs: 'hsr0' already exists in 'hsr' [ 95.569804][ T5617] Cannot create hsr debugfs directory [ 95.777381][ T5616] hsr_slave_0: entered promiscuous mode [ 95.778887][ T5616] hsr_slave_1: entered promiscuous mode [ 95.780175][ T5616] debugfs: 'hsr0' already exists in 'hsr' [ 95.780199][ T5616] Cannot create hsr debugfs directory [ 95.855366][ T5615] hsr_slave_0: entered promiscuous mode [ 95.857030][ T5615] hsr_slave_1: entered promiscuous mode [ 95.858324][ T5615] debugfs: 'hsr0' already exists in 'hsr' [ 95.858359][ T5615] Cannot create hsr debugfs directory [ 96.544822][ T5636] Bluetooth: hci1: command tx timeout [ 96.614685][ T5636] Bluetooth: hci3: command tx timeout [ 96.694637][ T5636] Bluetooth: hci4: command tx timeout [ 96.784598][ T5636] Bluetooth: hci2: command tx timeout [ 96.784630][ T5636] Bluetooth: hci0: command tx timeout [ 96.839085][ T5620] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 96.887983][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 96.893789][ T5620] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 96.929311][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 96.933908][ T5620] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 96.973747][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 96.998397][ T5620] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 97.037089][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 97.193037][ T5617] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 97.232040][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 97.252798][ T5617] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 97.292269][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 97.303368][ T5617] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 97.330842][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 97.361984][ T5617] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 97.398839][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 97.556779][ T5616] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 97.593044][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 97.606607][ T5616] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 97.650574][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 97.665755][ T5616] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 97.710345][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 97.761025][ T5616] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 97.788875][ T5616] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 97.961916][ T5618] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 97.989418][ T5618] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 98.007528][ T5618] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 98.049879][ T5618] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 98.061991][ T5618] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 98.097333][ T5618] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 98.129564][ T5618] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 98.169816][ T5618] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 98.309166][ T5620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.353498][ T5615] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 98.388635][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 98.413525][ T5615] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 98.449403][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 98.456581][ T5615] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 98.498204][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 98.515478][ T5615] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 98.547317][ T5615] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 98.616233][ T5627] Bluetooth: hci1: command tx timeout [ 98.618885][ T5620] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.686443][ T5617] 8021q: adding VLAN 0 to HW filter on device bond0 [ 98.694284][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.695851][ T5627] Bluetooth: hci3: command tx timeout [ 98.702921][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 98.776056][ T5627] Bluetooth: hci4: command tx timeout [ 98.810520][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.811094][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 98.854613][ T5627] Bluetooth: hci0: command tx timeout [ 98.854644][ T5627] Bluetooth: hci2: command tx timeout [ 98.912565][ T5617] 8021q: adding VLAN 0 to HW filter on device team0 [ 98.976531][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.976645][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.020415][ T5616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.051352][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.051491][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.174646][ T5616] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.246037][ T5618] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.295472][ T67] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.295995][ T67] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.383964][ T67] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.384241][ T67] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.498231][ T5618] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.563692][ T5615] 8021q: adding VLAN 0 to HW filter on device bond0 [ 99.611528][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.618465][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 99.703251][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 99.703458][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 99.809462][ T5615] 8021q: adding VLAN 0 to HW filter on device team0 [ 99.926458][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 99.926681][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.132940][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.133103][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.410696][ T5620] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.986554][ T5617] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.032282][ T5620] veth0_vlan: entered promiscuous mode [ 101.132832][ T5620] veth1_vlan: entered promiscuous mode [ 101.270836][ T5616] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.501171][ T5617] veth0_vlan: entered promiscuous mode [ 101.537875][ T5620] veth0_macvtap: entered promiscuous mode [ 101.568938][ T5618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 101.600514][ T5620] veth1_macvtap: entered promiscuous mode [ 101.620970][ T5617] veth1_vlan: entered promiscuous mode [ 101.808085][ T5616] veth0_vlan: entered promiscuous mode [ 101.851900][ T5620] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.931923][ T5620] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.965517][ T5616] veth1_vlan: entered promiscuous mode [ 102.078388][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.110288][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.129123][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.130249][ T5617] veth0_macvtap: entered promiscuous mode [ 102.156705][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.176562][ T5615] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.195892][ T5617] veth1_macvtap: entered promiscuous mode [ 102.612642][ T5617] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.643312][ T5616] veth0_macvtap: entered promiscuous mode [ 102.699971][ T5617] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.741914][ T5616] veth1_macvtap: entered promiscuous mode [ 102.782508][ T1560] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.782531][ T1560] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.848741][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.911159][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.940767][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.954933][ T5618] veth0_vlan: entered promiscuous mode [ 102.991242][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.028388][ T5615] veth0_vlan: entered promiscuous mode [ 103.093878][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.093899][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.117657][ T5616] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.201483][ T5618] veth1_vlan: entered promiscuous mode [ 103.221749][ T5616] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.314029][ T5615] veth1_vlan: entered promiscuous mode [ 103.466573][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.595403][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.642194][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.698848][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.758417][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.758438][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.115501][ T5815] loop2: detected capacity change from 0 to 512 [ 104.987552][ T5815] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.3: inode has both inline data and extents flags [ 104.987781][ T5815] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 104.995265][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 104.995315][ C1] EXT4-fs (loop2): initial error at time 1779343573: ext4_orphan_get:1397: inode 15 [ 104.995424][ C1] EXT4-fs (loop2): last error at time 1779343573: ext4_orphan_get:1397: inode 15 [ 105.122714][ T5815] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.3: couldn't read orphan inode 15 (err -117) [ 105.122942][ T5815] loop2: lost filesystem error report for type 5 error -117 [ 105.157561][ T5815] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.848843][ T5618] veth0_macvtap: entered promiscuous mode [ 106.851413][ T1441] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.851430][ T1441] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.178535][ T5615] veth0_macvtap: entered promiscuous mode [ 107.246035][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.341548][ T5618] veth1_macvtap: entered promiscuous mode [ 107.372979][ T5615] veth1_macvtap: entered promiscuous mode [ 107.388630][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.388650][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.645604][ T5618] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.655629][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 107.682495][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.682517][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.765855][ T5615] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 108.024133][ T5618] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 109.104077][ T1412] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.120007][ T1412] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.149210][ T37] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.151412][ T37] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.153120][ T37] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.204342][ T37] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.234698][ T37] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.351329][ T5828] loop3: detected capacity change from 0 to 1024 [ 109.352491][ T5828] EXT4-fs: Ignoring removed bh option [ 109.376446][ T5828] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 109.533019][ T37] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.159269][ T5828] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.579665][ T38] audit: type=1800 audit(1779343579.430:2): pid=5828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 111.981756][ T5617] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2860: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 113.337328][ T5617] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.656722][ T5847] loop2: detected capacity change from 0 to 512 [ 113.691514][ T5847] EXT4-fs: Ignoring removed bh option [ 113.795306][ T5847] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 113.905679][ T5850] netlink: 36 bytes leftover after parsing attributes in process `syz.1.11'. [ 113.905705][ T5850] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11'. [ 114.001762][ T5853] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 114.113916][ T5847] EXT4-fs (loop2): 1 truncate cleaned up [ 114.134263][ T5847] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 115.556294][ T1554] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.556316][ T1554] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.993101][ T5864] syz.3.13 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 117.004022][ T5864] ubi31: attaching mtd0 [ 117.013251][ T5864] ubi31: scanning is finished [ 117.013275][ T5864] ubi31: empty MTD device detected [ 117.060944][ T5636] Bluetooth: Frame is too long (len 12, expected len 4) [ 117.073503][ T1412] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.073523][ T1412] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.136445][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.136466][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.490950][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 117.540538][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 117.540560][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.823835][ T5864] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 117.823863][ T5864] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 117.823883][ T5864] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 117.823899][ T5864] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 117.823931][ T5864] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 117.823950][ T5864] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 117.823968][ T5864] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1550213893 [ 117.823988][ T5864] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 117.825985][ T5869] ubi31: background thread "ubi_bgt31d" started, PID 5869 [ 118.142297][ T5870] loop1: detected capacity change from 0 to 1024 [ 118.158353][ T5870] ======================================================= [ 118.158353][ T5870] WARNING: The mand mount option has been deprecated and [ 118.158353][ T5870] and is ignored by this kernel. Remove the mand [ 118.158353][ T5870] option from the mount to silence this warning. [ 118.158353][ T5870] ======================================================= [ 118.159945][ T5870] ext4: Unknown parameter 'context' [ 122.499953][ T5887] loop3: detected capacity change from 0 to 2048 [ 122.905519][ T5887] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 122.908741][ T5887] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 122.987857][ T5899] loop0: detected capacity change from 0 to 256 [ 123.479054][ T5899] exfat: Deprecated parameter 'utf8' [ 123.693372][ T5898] loop4: detected capacity change from 0 to 4096 [ 123.733123][ T5899] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001fe89, chksum : 0xbf24f927, utbl_chksum : 0xe619d30d) [ 123.749506][ T5898] EXT4-fs: inline encryption not supported [ 124.018050][ T5898] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 124.018073][ T5898] EXT4-fs (loop4): Test dummy encryption mode enabled [ 124.155945][ T5617] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.774576][ T5898] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 124.774744][ T5898] System zones: 0-5 [ 125.029668][ T5898] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.402892][ T5618] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.907087][ T5917] ubi: mtd0 is already attached to ubi31 [ 126.923429][ T5636] Bluetooth: Frame is too long (len 12, expected len 4) [ 127.021714][ T5923] loop1: detected capacity change from 0 to 512 [ 128.238642][ T5923] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.27: inode has both inline data and extents flags [ 128.238678][ T5923] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 128.241095][ T5923] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.27: couldn't read orphan inode 15 (err -117) [ 128.241127][ T5923] loop1: lost filesystem error report for type 5 error -117 [ 128.244565][ C1] EXT4-fs (loop1): error count since last fsck: 2 [ 128.244627][ C1] EXT4-fs (loop1): initial error at time 1779343597: ext4_orphan_get:1397: inode 15 [ 128.244710][ C1] EXT4-fs (loop1): last error at time 1779343597: ext4_orphan_get:1402 [ 128.255309][ T5923] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.070909][ T5929] loop0: detected capacity change from 0 to 512 [ 129.150613][ T5929] EXT4-fs error (device loop0): ext4_iget_extra_inode:5128: inode #15: comm syz.0.26: corrupted in-inode xattr: invalid ea_ino [ 129.150650][ T5929] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 129.154530][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 129.154554][ C0] EXT4-fs (loop0): initial error at time 1779343598: ext4_iget_extra_inode:5128: inode 15 [ 129.154589][ C0] EXT4-fs (loop0): last error at time 1779343598: ext4_iget_extra_inode:5128: inode 15 [ 129.186495][ T5929] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.26: couldn't read orphan inode 15 (err -117) [ 129.186529][ T5929] loop0: lost filesystem error report for type 5 error -117 [ 129.232758][ T5929] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 130.797775][ T5615] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.830613][ T5937] loop2: detected capacity change from 0 to 512 [ 130.831770][ T5937] EXT4-fs: Ignoring removed bh option [ 130.941267][ T5939] loop3: detected capacity change from 0 to 512 [ 131.206205][ T5937] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 132.690294][ T5939] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.22: inode has both inline data and extents flags [ 132.690383][ T5939] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 132.704510][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 132.704562][ C1] EXT4-fs (loop3): initial error at time 1779343601: ext4_orphan_get:1397: inode 15 [ 132.704647][ C1] EXT4-fs (loop3): last error at time 1779343601: ext4_orphan_get:1397: inode 15 [ 132.878094][ T5939] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.22: couldn't read orphan inode 15 (err -117) [ 132.878157][ T5939] loop3: lost filesystem error report for type 5 error -117 [ 132.936328][ T5939] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 133.652235][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.666476][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.728162][ T5616] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.752430][ T5937] EXT4-fs (loop2): 1 truncate cleaned up [ 133.892326][ T5937] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 135.047817][ T5617] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.123274][ T5953] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 135.123669][ T5953] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 136.614036][ T5885] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 136.886536][ T5885] usb 5-1: Using ep0 maxpacket: 32 [ 137.132453][ T5885] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 137.132514][ T5885] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 137.132543][ T5885] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 137.132570][ T5885] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 137.187616][ T5885] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 137.187707][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.187772][ T5885] usb 5-1: Product: syz [ 137.187815][ T5885] usb 5-1: Manufacturer: syz [ 137.187858][ T5885] usb 5-1: SerialNumber: syz [ 137.898246][ T5970] netlink: 4 bytes leftover after parsing attributes in process `syz.3.33'. [ 138.264419][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 138.304403][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 138.710621][ T5885] usb 5-1: can't set config #155, error -71 [ 138.788649][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.222317][ T5885] usb 5-1: USB disconnect, device number 2 [ 140.138919][ T5978] ubi: mtd0 is already attached to ubi31 [ 140.544031][ T5636] Bluetooth: Frame is too long (len 12, expected len 4) [ 142.212819][ T5988] ubi: mtd0 is already attached to ubi31 [ 142.375934][ T5636] Bluetooth: Frame is too long (len 12, expected len 4) [ 143.989794][ T5990] process 'syz.2.40' launched './file2' with NULL argv: empty string added [ 144.465355][ T5993] loop1: detected capacity change from 0 to 2048 [ 144.599771][ T5993] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.603734][ T5993] ext4 filesystem being mounted at /10/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 145.056996][ T6005] ubi: mtd0 is already attached to ubi31 [ 145.171982][ T5636] Bluetooth: Frame is too long (len 12, expected len 4) [ 147.324416][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.344417][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.364406][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.374395][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.384396][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.394405][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.404394][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.414400][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 147.932794][ T5627] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 147.998414][ T5627] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 148.034238][ T5627] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 148.043693][ T5627] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 148.050728][ T5627] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 149.071663][ T5616] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.253160][ T5636] Bluetooth: hci5: command tx timeout [ 151.805366][ T6041] mmap: syz.1.48 (6041) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 152.728055][ T5636] Bluetooth: hci5: command tx timeout [ 153.267105][ T6045] netlink: 4 bytes leftover after parsing attributes in process `syz.4.52'. [ 153.309585][ T6045] netlink: 12 bytes leftover after parsing attributes in process `syz.4.52'. [ 153.312128][ T6045] netlink: 8 bytes leftover after parsing attributes in process `syz.4.52'. [ 154.290317][ T6053] ubi: mtd0 is already attached to ubi31 [ 155.265351][ T5636] Bluetooth: Frame is too long (len 12, expected len 4) [ 155.453830][ T5636] Bluetooth: hci5: command tx timeout [ 157.752136][ T5636] Bluetooth: hci5: command tx timeout [ 158.838600][ T69] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.927978][ T6078] loop1: detected capacity change from 0 to 512 [ 159.435897][ T6084] loop3: detected capacity change from 0 to 1024 [ 159.443703][ T6084] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869) [ 159.444641][ T6084] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 159.454069][ T6084] EXT4-fs (loop3): invalid journal inode [ 159.454177][ T6084] EXT4-fs (loop3): can't get journal size [ 159.472677][ T6084] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 160.153359][ T5617] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 160.291031][ T69] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 160.693682][ T6096] loop3: detected capacity change from 0 to 2048 [ 160.723753][ T6096] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.739549][ T6096] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 162.215498][ T69] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.041423][ T5617] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.292273][ T69] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.528891][ T6123] loop3: detected capacity change from 0 to 4096 [ 165.602418][ T6123] EXT4-fs: inline encryption not supported [ 165.662751][ T6123] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 165.662775][ T6123] EXT4-fs (loop3): Test dummy encryption mode enabled [ 165.710385][ T6123] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 165.710508][ T6123] System zones: 0-5 [ 165.749934][ T6012] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.750256][ T6012] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.750586][ T6012] bridge_slave_0: entered allmulticast mode [ 165.784477][ T6123] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.839733][ T6012] bridge_slave_0: entered promiscuous mode [ 165.858410][ T6012] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.860386][ T6012] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.860669][ T6012] bridge_slave_1: entered allmulticast mode [ 165.940719][ T6012] bridge_slave_1: entered promiscuous mode [ 167.390996][ T6123] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 167.405806][ T6134] vivid-000: disconnect [ 167.558731][ T6127] overlayfs: missing 'lowerdir' [ 167.581301][ T6122] vivid-000: reconnect [ 167.747430][ T6136] ubi: mtd0 is already attached to ubi31 [ 167.778193][ T6012] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 167.823134][ T6012] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 167.887634][ T38] audit: type=1800 audit(1779343636.700:3): pid=6129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.70" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 168.865566][ T6012] team0: Port device team_slave_0 added [ 168.906973][ T6012] team0: Port device team_slave_1 added [ 169.837454][ T6012] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.837473][ T6012] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.837503][ T6012] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.847012][ T6012] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.847030][ T6012] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.847059][ T6012] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.192779][ T6012] hsr_slave_0: entered promiscuous mode [ 170.205803][ T6012] hsr_slave_1: entered promiscuous mode [ 170.210442][ T6012] debugfs: 'hsr0' already exists in 'hsr' [ 170.210469][ T6012] Cannot create hsr debugfs directory [ 170.582791][ T6146] loop4: detected capacity change from 0 to 1024 [ 170.757643][ T6146] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869) [ 170.757753][ T6146] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 170.779783][ T6146] EXT4-fs (loop4): invalid journal inode [ 170.779868][ T6146] EXT4-fs (loop4): can't get journal size [ 170.804626][ T5617] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.031021][ T6146] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 171.285256][ T5618] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.300136][ T6159] loop3: detected capacity change from 0 to 512 [ 173.576908][ T69] bridge_slave_1: left allmulticast mode [ 173.605420][ T69] bridge_slave_1: left promiscuous mode [ 173.627067][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.120804][ T69] bridge_slave_0: left allmulticast mode [ 175.120836][ T69] bridge_slave_0: left promiscuous mode [ 175.121073][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.980766][ T5636] Bluetooth: Frame is too long (len 12, expected len 4) [ 177.140067][ T6180] loop1: detected capacity change from 0 to 2048 [ 177.482535][ T6180] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.483496][ T6180] ext4 filesystem being mounted at /19/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 178.942166][ T6196] ubi: mtd0 is already attached to ubi31 [ 179.306008][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 179.385428][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 180.460550][ T69] bond0 (unregistering): Released all slaves [ 180.466416][ T5636] Bluetooth: Frame is too long (len 12, expected len 4) [ 181.678103][ T6207] loop4: detected capacity change from 0 to 1024 [ 182.576873][ T6207] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869) [ 182.577002][ T6207] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 182.641483][ T6207] EXT4-fs (loop4): invalid journal inode [ 182.641566][ T6207] EXT4-fs (loop4): can't get journal size [ 182.660095][ T5278] 8021q: adding VLAN 0 to HW filter on device eth1 [ 182.680194][ T6207] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 182.839967][ T5616] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.076439][ T5618] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.384552][ T6012] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 183.518185][ T6012] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 183.521564][ T6012] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 183.560995][ T6221] Zero length message leads to an empty skb [ 183.712127][ T6012] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 183.713789][ T6012] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 183.757079][ T6217] loop4: detected capacity change from 0 to 2048 [ 184.039828][ T6217] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 184.062808][ T6217] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 184.127090][ T6012] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 187.595386][ T6252] ubi: mtd0 is already attached to ubi31 [ 187.834042][ T6012] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 187.907477][ T6012] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 187.930056][ T5278] 8021q: adding VLAN 0 to HW filter on device eth2 [ 187.969779][ T5618] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.625919][ T6283] loop2: detected capacity change from 0 to 512 [ 193.397875][ T6283] EXT4-fs: error -4 creating inode table initialization thread [ 193.398771][ T6283] EXT4-fs (loop2): mount failed [ 194.969780][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.969890][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.970253][ T6321] loop2: detected capacity change from 0 to 4096 [ 198.971449][ T6321] EXT4-fs: inline encryption not supported [ 199.051833][ T6321] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 199.051855][ T6321] EXT4-fs (loop2): Test dummy encryption mode enabled [ 199.082801][ T6321] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 199.082963][ T6321] System zones: 0-5 [ 199.236980][ T6321] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.316665][ T6331] vivid-000: disconnect [ 199.477018][ T5278] 8021q: adding VLAN 0 to HW filter on device eth3 [ 199.479481][ T6320] vivid-000: reconnect [ 200.453487][ T38] audit: type=1800 audit(1779343669.310:4): pid=6321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.109" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 200.821286][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.890894][ T6012] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.009753][ T6356] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 202.009840][ T6356] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 202.249559][ T69] hsr_slave_0: left promiscuous mode [ 202.415744][ T69] hsr_slave_1: left promiscuous mode [ 202.436187][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 202.436341][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 202.621583][ T69] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 202.621613][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 202.667605][ T6362] loop2: detected capacity change from 0 to 512 [ 202.764982][ T6362] EXT4-fs error (device loop2): ext4_iget_extra_inode:5128: inode #15: comm syz.2.115: corrupted in-inode xattr: invalid ea_ino [ 202.765018][ T6362] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 202.774383][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 202.774404][ C0] EXT4-fs (loop2): initial error at time 1779343671: ext4_iget_extra_inode:5128: inode 15 [ 202.774429][ C0] EXT4-fs (loop2): last error at time 1779343671: ext4_iget_extra_inode:5128: inode 15 [ 202.776781][ T6362] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.115: couldn't read orphan inode 15 (err -117) [ 202.776812][ T6362] loop2: lost filesystem error report for type 5 error -117 [ 202.861635][ T6362] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 203.705293][ T69] veth1_macvtap: left promiscuous mode [ 203.722805][ T69] veth0_macvtap: left promiscuous mode [ 203.723184][ T69] veth1_vlan: left promiscuous mode [ 203.723569][ T69] veth0_vlan: left promiscuous mode [ 205.763805][ T6395] loop4: detected capacity change from 0 to 512 [ 207.637362][ T6395] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.120: inode has both inline data and extents flags [ 207.637426][ T6395] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 207.644404][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 207.644454][ C1] EXT4-fs (loop4): initial error at time 1779343676: ext4_orphan_get:1397: inode 15 [ 207.644515][ C1] EXT4-fs (loop4): last error at time 1779343676: ext4_orphan_get:1397: inode 15 [ 207.754823][ T6395] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.120: couldn't read orphan inode 15 (err -117) [ 207.754904][ T6395] loop4: lost filesystem error report for type 5 error -117 [ 207.830477][ T6395] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.077212][ T6404] loop1: detected capacity change from 0 to 4096 [ 210.083504][ T5627] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 210.131502][ T5627] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 210.137141][ T6404] EXT4-fs: inline encryption not supported [ 210.141090][ T5627] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 210.156502][ T5627] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 210.178456][ T5627] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 210.181409][ T6404] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 210.181429][ T6404] EXT4-fs (loop1): Test dummy encryption mode enabled [ 210.230816][ T5618] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.351885][ T6404] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 210.352028][ T6404] System zones: 0-5 [ 210.461028][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.618944][ T6404] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.770933][ T6410] vivid-000: disconnect [ 210.887497][ T6402] vivid-000: reconnect [ 210.966344][ T6414] loop2: detected capacity change from 0 to 512 [ 211.020967][ T38] audit: type=1800 audit(1779343679.880:5): pid=6404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.122" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 211.130796][ T5616] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.935287][ T5636] Bluetooth: hci0: command tx timeout [ 212.971422][ T69] team0 (unregistering): Port device team_slave_1 removed [ 213.128919][ T6427] loop3: detected capacity change from 0 to 4096 [ 213.130172][ T6427] EXT4-fs: inline encryption not supported [ 213.135427][ T6427] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 213.135446][ T6427] EXT4-fs (loop3): Test dummy encryption mode enabled [ 213.158157][ T6427] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 213.158293][ T6427] System zones: 0-5 [ 213.189625][ T6427] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 213.412800][ T69] team0 (unregistering): Port device team_slave_0 removed [ 214.731450][ T5617] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.018572][ T5638] Bluetooth: hci0: command tx timeout [ 216.967902][ T5638] Bluetooth: hci3: command 0x0406 tx timeout [ 216.989357][ T60] Bluetooth: hci4: command 0x0406 tx timeout [ 216.989491][ T60] Bluetooth: hci2: command 0x0406 tx timeout [ 216.989597][ T60] Bluetooth: hci1: command 0x0406 tx timeout [ 217.180248][ T5638] Bluetooth: hci0: command tx timeout [ 217.314465][ T5278] 8021q: adding VLAN 0 to HW filter on device eth4 [ 217.383027][ T5609] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 217.603534][ T5609] usb 2-1: Using ep0 maxpacket: 32 [ 217.674301][ T5609] usb 2-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 217.674549][ T5609] usb 2-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 217.674581][ T5609] usb 2-1: config 155 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 217.674605][ T5609] usb 2-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 217.738542][ T5609] usb 2-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 217.738573][ T5609] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.738595][ T5609] usb 2-1: Product: syz [ 217.738611][ T5609] usb 2-1: Manufacturer: syz [ 217.738627][ T5609] usb 2-1: SerialNumber: syz [ 217.892551][ T5753] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 218.095862][ T5753] usb 4-1: Using ep0 maxpacket: 16 [ 218.100992][ T5753] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 218.101023][ T5753] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 218.101046][ T5753] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 218.101084][ T5753] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 218.101106][ T5753] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 218.268021][ T5609] usb 2-1: can't set config #155, error -71 [ 218.358145][ T5753] usb 4-1: config 0 descriptor?? [ 218.483090][ T5609] usb 2-1: USB disconnect, device number 2 [ 220.745771][ T5627] Bluetooth: hci0: command tx timeout [ 221.161518][ T5753] usbhid 4-1:0.0: can't add hid device: -71 [ 221.161659][ T5753] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 221.374902][ T5753] usb 4-1: USB disconnect, device number 2 [ 229.305265][ T6495] binder: 6494:6495 ioctl c0306201 0 returned -14 [ 229.925354][ T6506] netlink: 4 bytes leftover after parsing attributes in process `syz.2.144'. [ 231.097901][ T5609] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 231.275070][ T5609] usb 3-1: Using ep0 maxpacket: 16 [ 231.293433][ T5609] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 231.293467][ T5609] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 231.293493][ T5609] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 231.293537][ T5609] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 231.293562][ T5609] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.374258][ T5609] usb 3-1: config 0 descriptor?? [ 232.285646][ T6514] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 232.287099][ T6514] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 232.305850][ T6514] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 232.306376][ T6514] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 232.321583][ T6514] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 232.402951][ T6514] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 232.411607][ T6514] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 232.420316][ T6514] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 232.657911][ T6514] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 232.660874][ T5609] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0001/input/input6 [ 232.666606][ T6514] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 233.143077][ T5609] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 233.232613][ T5609] usb 3-1: USB disconnect, device number 2 [ 236.831656][ T6556] ubi: mtd0 is already attached to ubi31 [ 236.898278][ T5627] Bluetooth: Frame is too long (len 12, expected len 4) [ 245.533892][ T6403] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.534197][ T6403] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.553497][ T6403] bridge_slave_0: entered allmulticast mode [ 245.564129][ T6403] bridge_slave_0: entered promiscuous mode [ 245.598875][ T6403] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.599198][ T6403] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.599461][ T6403] bridge_slave_1: entered allmulticast mode [ 245.602784][ T6403] bridge_slave_1: entered promiscuous mode [ 246.103132][ T6403] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 246.204708][ T6403] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 247.483003][ T4933] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 247.543776][ T4933] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 247.551019][ T4933] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 247.755469][ T4933] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 247.763861][ T4933] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 249.815960][ T4933] Bluetooth: hci5: command tx timeout [ 249.836720][ T6403] team0: Port device team_slave_0 added [ 250.110985][ T6403] team0: Port device team_slave_1 added [ 250.335953][ T6638] loop2: detected capacity change from 0 to 128 [ 251.894480][ T4933] Bluetooth: hci5: command tx timeout [ 253.660393][ T67] kworker/u8:4: attempt to access beyond end of device [ 253.660393][ T67] loop2: rw=1, sector=145, nr_sectors = 896 limit=128 [ 253.974605][ T4933] Bluetooth: hci5: command tx timeout [ 254.057013][ T6659] netlink: 36 bytes leftover after parsing attributes in process `syz.3.171'. [ 254.057036][ T6659] netlink: 24 bytes leftover after parsing attributes in process `syz.3.171'. [ 254.207780][ T6403] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 254.207799][ T6403] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 254.207829][ T6403] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 254.215923][ T6662] loop3: detected capacity change from 0 to 512 [ 254.248701][ T6403] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 254.248746][ T6403] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 254.253136][ T6403] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 254.290287][ T6662] EXT4-fs: Ignoring removed bh option [ 254.404044][ T6662] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 254.494932][ T6662] EXT4-fs (loop3): 1 truncate cleaned up [ 254.553367][ T6662] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 254.560182][ T69] bridge_slave_1: left allmulticast mode [ 254.560268][ T69] bridge_slave_1: left promiscuous mode [ 254.612754][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.775807][ T69] bridge_slave_0: left allmulticast mode [ 254.775843][ T69] bridge_slave_0: left promiscuous mode [ 254.778890][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 256.009973][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.010088][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.058644][ T4933] Bluetooth: hci5: command tx timeout [ 258.220771][ T5617] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 260.995364][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 261.125488][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 261.271783][ T69] bond0 (unregistering): Released all slaves [ 261.298223][ T5848] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 261.630984][ T5848] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 261.921552][ T6403] hsr_slave_0: entered promiscuous mode [ 261.933188][ T6403] hsr_slave_1: entered promiscuous mode [ 261.944756][ T6403] debugfs: 'hsr0' already exists in 'hsr' [ 261.944797][ T6403] Cannot create hsr debugfs directory [ 262.216054][ T69] hsr_slave_0: left promiscuous mode [ 262.262703][ T69] hsr_slave_1: left promiscuous mode [ 262.275857][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 262.293593][ T6711] loop2: detected capacity change from 0 to 256 [ 262.314534][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 262.931389][ T6715] netlink: 'syz.3.185': attribute type 2 has an invalid length. [ 265.435312][ T69] team0 (unregistering): Port device team_slave_1 removed [ 265.485316][ T69] team0 (unregistering): Port device team_slave_0 removed [ 266.530604][ T6730] input: syz0 as /devices/virtual/input/input7 [ 270.130849][ T5627] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 270.176327][ T5627] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 270.180372][ T5627] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 270.206700][ T5627] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 270.211613][ T5627] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 270.709391][ T6761] netlink: 4 bytes leftover after parsing attributes in process `syz.2.191'. [ 272.354976][ T5885] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 272.540340][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 272.540392][ T5885] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 272.540417][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.587822][ T5885] usb 3-1: config 0 descriptor?? [ 272.617644][ T4933] Bluetooth: hci2: command tx timeout [ 272.889705][ T5885] usbhid 3-1:0.0: can't add hid device: -71 [ 272.889839][ T5885] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 273.030312][ T5885] usb 3-1: USB disconnect, device number 3 [ 273.168389][ T5278] 8021q: adding VLAN 0 to HW filter on device eth5 [ 273.646192][ T69] bridge_slave_1: left allmulticast mode [ 273.646219][ T69] bridge_slave_1: left promiscuous mode [ 273.646466][ T69] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.684508][ T5885] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 273.824217][ T69] bridge_slave_0: left allmulticast mode [ 273.824254][ T69] bridge_slave_0: left promiscuous mode [ 273.830715][ T69] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.834440][ T5885] usb 3-1: Using ep0 maxpacket: 16 [ 273.852500][ T5885] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 273.852553][ T5885] usb 3-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice= 0.40 [ 273.852579][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.901479][ T5885] usb 3-1: config 0 descriptor?? [ 274.143555][ T6766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 274.176704][ T6766] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 274.181203][ T6766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 274.185334][ T6766] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 274.197585][ T6766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 274.203438][ T6766] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 274.226840][ T5885] powermate: Expected payload of 3--6 bytes, found 8 bytes! [ 274.371111][ T5885] input: Griffin PowerMate as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input8 [ 274.677961][ T6766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 274.694706][ T4933] Bluetooth: hci2: command tx timeout [ 274.705515][ T6766] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 274.759748][ C1] powermate: config urb returned -71 [ 274.760186][ C1] powermate: config urb returned -71 [ 274.761086][ C1] powermate: config urb returned -71 [ 274.761301][ C1] powermate: config urb returned -71 [ 274.835649][ T5930] usb 3-1: USB disconnect, device number 4 [ 274.835834][ C1] powermate 3-1:0.0: powermate_irq - usb_submit_urb failed with result: -19 [ 276.809389][ T4933] Bluetooth: hci2: command tx timeout [ 277.800009][ T6795] ubi: mtd0 is already attached to ubi31 [ 277.971740][ T4933] Bluetooth: Frame is too long (len 12, expected len 4) [ 278.299743][ T6800] loop3: detected capacity change from 0 to 128 [ 278.945248][ T4933] Bluetooth: hci2: command tx timeout [ 282.816883][ T69] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 282.937068][ T57] kworker/u8:3: attempt to access beyond end of device [ 282.937068][ T57] loop3: rw=1, sector=145, nr_sectors = 896 limit=128 [ 283.130665][ T69] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 284.380445][ T69] bond0 (unregistering): Released all slaves [ 285.735994][ T6617] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.736209][ T6617] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.736449][ T6617] bridge_slave_0: entered allmulticast mode [ 285.809822][ T6617] bridge_slave_0: entered promiscuous mode [ 285.874612][ T6617] bridge0: port 2(bridge_slave_1) entered blocking state [ 285.874936][ T6617] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.875252][ T6617] bridge_slave_1: entered allmulticast mode [ 285.881199][ T6617] bridge_slave_1: entered promiscuous mode [ 286.044899][ T6617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 287.078290][ T6617] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 287.758457][ T6617] team0: Port device team_slave_0 added [ 287.814096][ T6823] loop2: detected capacity change from 0 to 4096 [ 287.862921][ T6823] EXT4-fs: inline encryption not supported [ 287.903979][ T69] hsr_slave_0: left promiscuous mode [ 287.927626][ T6823] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 287.927657][ T6823] EXT4-fs (loop2): Test dummy encryption mode enabled [ 287.958091][ T69] hsr_slave_1: left promiscuous mode [ 287.965414][ T6823] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c1a8, mo2=0003] [ 287.965554][ T6823] System zones: 0-5 [ 287.970115][ T69] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 288.060516][ T69] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 288.089487][ T6823] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 288.629846][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.721172][ T6846] input: syz0 as /devices/virtual/input/input9 [ 290.127836][ T69] team0 (unregistering): Port device team_slave_1 removed [ 290.391288][ T69] team0 (unregistering): Port device team_slave_0 removed [ 293.291849][ T6863] ubi: mtd0 is already attached to ubi31 [ 293.314746][ T4933] Bluetooth: Frame is too long (len 12, expected len 4) [ 295.492956][ T6617] team0: Port device team_slave_1 added [ 295.621688][ T5278] 8021q: adding VLAN 0 to HW filter on device eth6 [ 295.657448][ T6868] loop3: detected capacity change from 0 to 256 [ 296.059179][ T6868] FAT-fs (loop3): Directory bread(block 64) failed [ 296.059215][ T6868] FAT-fs (loop3): Directory bread(block 65) failed [ 296.059326][ T6868] FAT-fs (loop3): Directory bread(block 66) failed [ 296.059350][ T6868] FAT-fs (loop3): Directory bread(block 67) failed [ 296.059453][ T6868] FAT-fs (loop3): Directory bread(block 68) failed [ 296.059477][ T6868] FAT-fs (loop3): Directory bread(block 69) failed [ 296.059578][ T6868] FAT-fs (loop3): Directory bread(block 70) failed [ 296.059603][ T6868] FAT-fs (loop3): Directory bread(block 71) failed [ 296.059705][ T6868] FAT-fs (loop3): Directory bread(block 72) failed [ 296.059729][ T6868] FAT-fs (loop3): Directory bread(block 73) failed [ 296.415985][ T6617] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 296.416004][ T6617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 296.416034][ T6617] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 296.567521][ T6617] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 296.567540][ T6617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 296.567570][ T6617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 297.895947][ T6617] hsr_slave_0: entered promiscuous mode [ 297.942642][ T6617] hsr_slave_1: entered promiscuous mode [ 297.956141][ T6617] debugfs: 'hsr0' already exists in 'hsr' [ 297.956168][ T6617] Cannot create hsr debugfs directory [ 300.374955][ T6907] input: syz0 as /devices/virtual/input/input10 [ 305.505869][ T5278] 8021q: adding VLAN 0 to HW filter on device eth7 [ 306.063145][ T6749] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.063452][ T6749] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.063772][ T6749] bridge_slave_0: entered allmulticast mode [ 306.119407][ T6749] bridge_slave_0: entered promiscuous mode [ 306.237725][ T6749] bridge0: port 2(bridge_slave_1) entered blocking state [ 306.238035][ T6749] bridge0: port 2(bridge_slave_1) entered disabled state [ 306.238329][ T6749] bridge_slave_1: entered allmulticast mode [ 306.276849][ T6749] bridge_slave_1: entered promiscuous mode [ 306.451705][ T6936] loop2: detected capacity change from 0 to 512 [ 309.947366][ T6936] workqueue: Failed to create a rescuer kthread for wq "ext4-rsv-conversion": -EINTR [ 309.948095][ T6936] EXT4-fs: failed to create workqueue [ 309.948110][ T6936] EXT4-fs (loop2): mount failed [ 310.970266][ T5627] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 311.037044][ T5627] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 311.049404][ T6749] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 311.078963][ T5627] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 311.107313][ T5627] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 311.108750][ T5627] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 311.155924][ T6749] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 311.721894][ T6951] capability: warning: `syz.3.223' uses 32-bit capabilities (legacy support in use) [ 312.636007][ T6749] team0: Port device team_slave_0 added [ 312.810989][ T6749] team0: Port device team_slave_1 added [ 313.011294][ T6957] input: syz0 as /devices/virtual/input/input11 [ 313.442204][ T4933] Bluetooth: hci0: command tx timeout [ 313.905019][ T6749] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 313.905038][ T6749] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 313.905068][ T6749] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 313.915702][ T6749] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 313.915719][ T6749] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 313.915747][ T6749] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 315.515570][ T4933] Bluetooth: hci0: command tx timeout [ 316.409805][ T6749] hsr_slave_0: entered promiscuous mode [ 316.431164][ T6749] hsr_slave_1: entered promiscuous mode [ 316.450427][ T6749] debugfs: 'hsr0' already exists in 'hsr' [ 316.450457][ T6749] Cannot create hsr debugfs directory [ 317.258457][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.258571][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.575767][ T4933] Bluetooth: hci0: command tx timeout [ 317.722090][ T5278] 8021q: adding VLAN 0 to HW filter on device eth8 [ 321.456727][ T4933] Bluetooth: hci0: command tx timeout [ 323.205040][ T7009] Bluetooth: MGMT ver 1.23 [ 326.388019][ T7027] ubi: mtd0 is already attached to ubi31 [ 326.794579][ T7037] loop2: detected capacity change from 0 to 512 [ 327.038278][ T7037] EXT4-fs error (device loop2): ext4_iget_extra_inode:5128: inode #15: comm syz.2.235: corrupted in-inode xattr: invalid ea_ino [ 327.038313][ T7037] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 327.044337][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 327.044355][ C0] EXT4-fs (loop2): initial error at time 1779343795: ext4_iget_extra_inode:5128: inode 15 [ 327.044381][ C0] EXT4-fs (loop2): last error at time 1779343795: ext4_iget_extra_inode:5128: inode 15 [ 327.059748][ T7037] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.235: couldn't read orphan inode 15 (err -117) [ 327.059863][ T7037] loop2: lost filesystem error report for type 5 error -117 [ 328.099076][ T7037] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 328.133236][ T7046] input: syz0 as /devices/virtual/input/input12 [ 329.820411][ T7058] ubi: mtd0 is already attached to ubi31 [ 330.130419][ T4933] Bluetooth: Frame is too long (len 12, expected len 4) [ 332.668615][ T5627] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 332.938711][ T5627] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 332.965825][ T5627] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 332.969451][ T5627] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 332.970589][ T5627] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 333.019386][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 333.877457][ T6939] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.877805][ T6939] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.878153][ T6939] bridge_slave_0: entered allmulticast mode [ 333.908652][ T6939] bridge_slave_0: entered promiscuous mode [ 333.944512][ T6939] bridge0: port 2(bridge_slave_1) entered blocking state [ 333.944900][ T6939] bridge0: port 2(bridge_slave_1) entered disabled state [ 333.945209][ T6939] bridge_slave_1: entered allmulticast mode [ 333.951893][ T6939] bridge_slave_1: entered promiscuous mode [ 334.406321][ T7085] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 334.406388][ T7085] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 335.094388][ T4933] Bluetooth: hci5: command tx timeout [ 335.371329][ T7098] loop2: detected capacity change from 0 to 512 [ 336.231195][ T6939] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 336.249404][ T6939] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 337.223206][ T4933] Bluetooth: hci5: command tx timeout [ 337.896661][ T7098] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.244: inode has both inline data and extents flags [ 337.896701][ T7098] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 337.904335][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 337.904366][ C1] EXT4-fs (loop2): initial error at time 1779343806: ext4_orphan_get:1397: inode 15 [ 337.904402][ C1] EXT4-fs (loop2): last error at time 1779343806: ext4_orphan_get:1397: inode 15 [ 337.959289][ T7098] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.244: couldn't read orphan inode 15 (err -117) [ 337.959372][ T7098] loop2: lost filesystem error report for type 5 error -117 [ 338.073169][ T7098] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 339.455095][ T4933] Bluetooth: hci5: command tx timeout [ 341.433466][ T6939] team0: Port device team_slave_0 added [ 341.445688][ T6939] team0: Port device team_slave_1 added [ 341.495113][ T4933] Bluetooth: hci5: command tx timeout [ 341.648433][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 342.027926][ T6939] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 342.027944][ T6939] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 342.027974][ T6939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 342.039885][ T6939] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 342.039903][ T6939] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 342.039934][ T6939] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 342.042850][ T7121] loop1: detected capacity change from 0 to 512 [ 342.254567][ T7121] EXT4-fs error (device loop1): ext4_iget_extra_inode:5128: inode #15: comm syz.1.247: corrupted in-inode xattr: invalid ea_ino [ 342.254605][ T7121] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 342.255380][ T7121] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.247: couldn't read orphan inode 15 (err -117) [ 342.255412][ T7121] loop1: lost filesystem error report for type 5 error -117 [ 342.265835][ T7121] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 342.940393][ T7132] loop2: detected capacity change from 0 to 512 [ 344.028863][ T7132] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.248: inode has both inline data and extents flags [ 344.028956][ T7132] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 344.035854][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 344.035905][ C0] EXT4-fs (loop2): initial error at time 1779343812: ext4_orphan_get:1397: inode 15 [ 344.036031][ C0] EXT4-fs (loop2): last error at time 1779343812: ext4_orphan_get:1397: inode 15 [ 344.098904][ T7132] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.248: couldn't read orphan inode 15 (err -117) [ 344.098967][ T7132] loop2: lost filesystem error report for type 5 error -117 [ 344.336355][ T7132] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 346.594524][ T1033] bridge_slave_1: left allmulticast mode [ 346.594562][ T1033] bridge_slave_1: left promiscuous mode [ 346.594859][ T1033] bridge0: port 2(bridge_slave_1) entered disabled state [ 346.719096][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 346.827278][ T1033] bridge_slave_0: left allmulticast mode [ 346.827315][ T1033] bridge_slave_0: left promiscuous mode [ 346.827591][ T1033] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.475192][ T1033] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 347.556437][ T1033] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 347.559970][ T7166] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 347.560034][ T7166] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 347.616572][ T1033] bond0 (unregistering): Released all slaves [ 347.853098][ T5616] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 348.387050][ T7172] ubi: mtd0 is already attached to ubi31 [ 348.797334][ T7188] loop3: detected capacity change from 0 to 512 [ 349.190049][ T7186] loop1: detected capacity change from 0 to 512 [ 349.770882][ T7188] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.256: inode has both inline data and extents flags [ 349.770935][ T7188] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 349.771913][ T7188] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.256: couldn't read orphan inode 15 (err -117) [ 349.771945][ T7188] loop3: lost filesystem error report for type 5 error -117 [ 350.152624][ T7188] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 351.261683][ T7186] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 351.266661][ T7186] ext4 filesystem being mounted at /74/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 351.343845][ T7186] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 352.201657][ T5617] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 352.364971][ T1033] hsr_slave_0: left promiscuous mode [ 352.680049][ T1033] hsr_slave_1: left promiscuous mode [ 352.681166][ T1033] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 353.166139][ T7217] loop1: detected capacity change from 0 to 128 [ 354.920459][ T1033] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 357.656655][ T7220] syz.1.259: attempt to access beyond end of device [ 357.656655][ T7220] loop1: rw=2049, sector=145, nr_sectors = 864 limit=128 [ 366.309943][ T37] kworker/u8:2: attempt to access beyond end of device [ 366.309943][ T37] loop1: rw=1, sector=1009, nr_sectors = 32 limit=128 [ 366.876116][ T7236] loop1: detected capacity change from 0 to 512 [ 367.040279][ T5627] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 367.089727][ T5627] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 367.092264][ T5627] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 367.118184][ T5627] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 367.130500][ T7236] EXT4-fs error (device loop1): ext4_iget_extra_inode:5128: inode #15: comm syz.1.261: corrupted in-inode xattr: invalid ea_ino [ 367.130533][ T7236] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 367.131129][ T7236] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.261: couldn't read orphan inode 15 (err -117) [ 367.131162][ T7236] loop1: lost filesystem error report for type 5 error -117 [ 367.227647][ T7236] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 367.470420][ T5627] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 368.235711][ T7246] loop3: detected capacity change from 0 to 1024 [ 368.236988][ T7246] ext4: Unknown parameter 'context' [ 369.195065][ T1033] team0 (unregistering): Port device team_slave_1 removed [ 369.236210][ T1033] team0 (unregistering): Port device team_slave_0 removed [ 376.680183][ T4933] Bluetooth: hci2: command tx timeout [ 377.001632][ T5616] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 377.016596][ T6939] hsr_slave_0: entered promiscuous mode [ 377.029319][ T6939] hsr_slave_1: entered promiscuous mode [ 377.045778][ T6939] debugfs: 'hsr0' already exists in 'hsr' [ 377.045804][ T6939] Cannot create hsr debugfs directory [ 378.712259][ T4933] Bluetooth: hci2: command tx timeout [ 378.726670][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.726779][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.764164][ T7275] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 378.764224][ T7275] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 379.044704][ T7284] loop1: detected capacity change from 0 to 512 [ 381.780788][ T4933] Bluetooth: hci2: command tx timeout [ 381.813337][ T7284] EXT4-fs: error -4 creating inode table initialization thread [ 381.813810][ T7284] EXT4-fs (loop1): mount failed [ 383.846058][ T4933] Bluetooth: hci2: command tx timeout [ 383.953500][ T7306] loop1: detected capacity change from 0 to 1024 [ 384.736660][ T7313] loop3: detected capacity change from 0 to 1024 [ 384.766162][ T7313] ext4: Unknown parameter 'context' [ 385.607677][ T7306] syz.1.273: attempt to access beyond end of device [ 385.607677][ T7306] loop1: rw=2057, sector=262, nr_sectors = 65274 limit=1024 [ 386.950170][ T7330] loop2: detected capacity change from 0 to 512 [ 387.059578][ T7330] EXT4-fs error (device loop2): ext4_iget_extra_inode:5128: inode #15: comm syz.2.278: corrupted in-inode xattr: invalid ea_ino [ 387.059612][ T7330] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 387.060136][ T7330] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.278: couldn't read orphan inode 15 (err -117) [ 387.060168][ T7330] loop2: lost filesystem error report for type 5 error -117 [ 387.115145][ T7330] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 387.300168][ T5278] 8021q: adding VLAN 0 to HW filter on device eth6 [ 387.446595][ T7060] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.446905][ T7060] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.447220][ T7060] bridge_slave_0: entered allmulticast mode [ 387.753895][ T7060] bridge_slave_0: entered promiscuous mode [ 387.932402][ T7060] bridge0: port 2(bridge_slave_1) entered blocking state [ 387.932793][ T7060] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.933126][ T7060] bridge_slave_1: entered allmulticast mode [ 387.968576][ T7060] bridge_slave_1: entered promiscuous mode [ 388.448080][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 389.502561][ T7060] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 389.643259][ T7060] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 389.991858][ T7358] loop3: detected capacity change from 0 to 128 [ 390.044943][ T7361] input: syz0 as /devices/virtual/input/input13 [ 390.929200][ T7358] syz.3.282: attempt to access beyond end of device [ 390.929200][ T7358] loop3: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 391.209330][ T7060] team0: Port device team_slave_0 added [ 391.431449][ T1474] bridge_slave_1: left allmulticast mode [ 391.431486][ T1474] bridge_slave_1: left promiscuous mode [ 391.431760][ T1474] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.651993][ T1474] bridge_slave_0: left allmulticast mode [ 391.652030][ T1474] bridge_slave_0: left promiscuous mode [ 391.652341][ T1474] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.982097][ T7383] loop2: detected capacity change from 0 to 512 [ 392.969802][ T7383] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.283: inode has both inline data and extents flags [ 392.969868][ T7383] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 392.985514][ T7383] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.283: couldn't read orphan inode 15 (err -117) [ 392.985601][ T7383] loop2: lost filesystem error report for type 5 error -117 [ 392.986176][ C1] EXT4-fs (loop2): error count since last fsck: 2 [ 392.986234][ C1] EXT4-fs (loop2): initial error at time 1779343861: ext4_orphan_get:1397: inode 15 [ 392.986342][ C1] EXT4-fs (loop2): last error at time 1779343861: ext4_orphan_get:1402 [ 393.101289][ T7383] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 393.975504][ T5627] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 394.012495][ T5627] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 394.015498][ T5627] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 394.021218][ T5627] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 394.022391][ T5627] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 395.418853][ T1474] bridge_slave_1: left allmulticast mode [ 395.418891][ T1474] bridge_slave_1: left promiscuous mode [ 395.419152][ T1474] bridge0: port 2(bridge_slave_1) entered disabled state [ 395.446079][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 395.852521][ T1474] bridge_slave_0: left allmulticast mode [ 395.852564][ T1474] bridge_slave_0: left promiscuous mode [ 395.852835][ T1474] bridge0: port 1(bridge_slave_0) entered disabled state [ 395.972094][ T7415] netlink: 4 bytes leftover after parsing attributes in process `syz.3.288'. [ 395.972870][ T7414] loop2: detected capacity change from 0 to 512 [ 396.252503][ T7414] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 396.252654][ T7414] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 396.311347][ T7414] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 396.419817][ T5627] Bluetooth: hci0: command tx timeout [ 396.654048][ T7414] loop2: detected capacity change from 0 to 256 [ 396.758338][ T7414] FAT-fs (loop2): Directory bread(block 64) failed [ 396.758376][ T7414] FAT-fs (loop2): Directory bread(block 65) failed [ 396.758494][ T7414] FAT-fs (loop2): Directory bread(block 66) failed [ 396.758518][ T7414] FAT-fs (loop2): Directory bread(block 67) failed [ 396.758625][ T7414] FAT-fs (loop2): Directory bread(block 68) failed [ 396.758650][ T7414] FAT-fs (loop2): Directory bread(block 69) failed [ 396.758752][ T7414] FAT-fs (loop2): Directory bread(block 70) failed [ 396.758777][ T7414] FAT-fs (loop2): Directory bread(block 71) failed [ 396.760352][ T7414] FAT-fs (loop2): Directory bread(block 72) failed [ 396.760382][ T7414] FAT-fs (loop2): Directory bread(block 73) failed [ 397.233588][ T1474] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 399.302838][ T5627] Bluetooth: hci0: command tx timeout [ 400.316679][ T1474] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 400.404665][ T1474] bond0 (unregistering): Released all slaves [ 401.443805][ T5627] Bluetooth: hci0: command tx timeout [ 401.516783][ T7426] loop2: detected capacity change from 0 to 512 [ 401.536494][ T7426] EXT4-fs error (device loop2): ext4_iget_extra_inode:5128: inode #15: comm syz.2.289: corrupted in-inode xattr: invalid ea_ino [ 401.536531][ T7426] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 401.537099][ T7426] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.289: couldn't read orphan inode 15 (err -117) [ 401.537130][ T7426] loop2: lost filesystem error report for type 5 error -117 [ 401.540625][ T7426] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 402.407350][ T7434] input: syz0 as /devices/virtual/input/input14 [ 403.341089][ T5620] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 403.510482][ T5627] Bluetooth: hci0: command tx timeout [ 403.665209][ T1474] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 405.697377][ T1474] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 405.881867][ T7446] loop2: detected capacity change from 0 to 1024 [ 406.015055][ T7446] syz.2.294: attempt to access beyond end of device [ 406.015055][ T7446] loop2: rw=2057, sector=262, nr_sectors = 65274 limit=1024 [ 406.227496][ T7448] loop1: detected capacity change from 0 to 1024 [ 406.336219][ T7448] syz.1.295: attempt to access beyond end of device [ 406.336219][ T7448] loop1: rw=2057, sector=262, nr_sectors = 65274 limit=1024 [ 406.339191][ T1474] bond0 (unregistering): Released all slaves [ 408.088827][ T7466] loop2: detected capacity change from 0 to 128 [ 408.090393][ T7466] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 408.101791][ T7466] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 408.472019][ T7468] netlink: 68 bytes leftover after parsing attributes in process `syz.1.298'. [ 409.654905][ T7238] bridge0: port 1(bridge_slave_0) entered blocking state [ 409.655160][ T7238] bridge0: port 1(bridge_slave_0) entered disabled state [ 409.655409][ T7238] bridge_slave_0: entered allmulticast mode [ 409.664939][ T7238] bridge_slave_0: entered promiscuous mode [ 409.741597][ T7238] bridge0: port 2(bridge_slave_1) entered blocking state [ 409.741952][ T7238] bridge0: port 2(bridge_slave_1) entered disabled state [ 409.742285][ T7238] bridge_slave_1: entered allmulticast mode [ 409.745855][ T7238] bridge_slave_1: entered promiscuous mode [ 409.910903][ T7473] loop2: detected capacity change from 0 to 512 [ 409.951347][ T1474] hsr_slave_0: left promiscuous mode [ 410.023553][ T7473] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 410.023711][ T7473] ext4 filesystem being mounted at /89/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 410.025825][ T1474] hsr_slave_1: left promiscuous mode [ 410.060822][ T1474] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 410.062092][ T7473] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 410.133342][ T1474] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 410.254647][ T7473] loop2: detected capacity change from 0 to 256 [ 410.316724][ T7473] FAT-fs (loop2): Directory bread(block 64) failed [ 410.316780][ T7473] FAT-fs (loop2): Directory bread(block 65) failed [ 410.316892][ T7473] FAT-fs (loop2): Directory bread(block 66) failed [ 410.316915][ T7473] FAT-fs (loop2): Directory bread(block 67) failed [ 410.316994][ T7473] FAT-fs (loop2): Directory bread(block 68) failed [ 410.317010][ T7473] FAT-fs (loop2): Directory bread(block 69) failed [ 410.317076][ T7473] FAT-fs (loop2): Directory bread(block 70) failed [ 410.317092][ T7473] FAT-fs (loop2): Directory bread(block 71) failed [ 410.317165][ T7473] FAT-fs (loop2): Directory bread(block 72) failed [ 410.317181][ T7473] FAT-fs (loop2): Directory bread(block 73) failed [ 410.398574][ T1474] hsr_slave_0: left promiscuous mode [ 410.443964][ T1474] hsr_slave_1: left promiscuous mode [ 410.444871][ T1474] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 410.787315][ T1474] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.436439][ T7484] input: syz0 as /devices/virtual/input/input15 [ 415.360214][ T1474] team0 (unregistering): Port device team_slave_1 removed [ 422.582685][ T1474] team0 (unregistering): Port device team_slave_0 removed [ 430.286670][ T4933] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 430.348986][ T7504] loop3: detected capacity change from 0 to 128 [ 430.741820][ T4933] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 430.835106][ T4933] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 430.927008][ T4933] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 430.966961][ T4933] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 433.672381][ T4933] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 433.718970][ T4933] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 433.737968][ T4933] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 433.756006][ T4933] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 433.771290][ T4933] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 433.842527][ T5631] Bluetooth: hci5: command tx timeout [ 435.475167][ T1334] kworker/u8:11: attempt to access beyond end of device [ 435.475167][ T1334] loop3: rw=1, sector=145, nr_sectors = 896 limit=128 [ 436.007618][ T4933] Bluetooth: hci6: command tx timeout [ 436.010440][ T5627] Bluetooth: hci5: command tx timeout [ 436.180220][ T7524] ubi: mtd0 is already attached to ubi31 [ 436.926289][ T4933] Bluetooth: hci4: ACL packet for unknown connection handle 0 [ 437.202791][ T1474] team0 (unregistering): Port device team_slave_1 removed [ 437.414571][ T1474] team0 (unregistering): Port device team_slave_0 removed [ 438.270329][ T4933] Bluetooth: hci6: command tx timeout [ 438.270366][ T4933] Bluetooth: hci5: command tx timeout [ 440.433926][ T5627] Bluetooth: hci5: command tx timeout [ 440.433961][ T5627] Bluetooth: hci6: command tx timeout [ 440.740431][ T7558] loop3: detected capacity change from 0 to 512 [ 442.104075][ T7558] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.313: inode has both inline data and extents flags [ 442.104112][ T7558] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 442.118981][ C1] EXT4-fs (loop3): error count since last fsck: 1 [ 442.119035][ C1] EXT4-fs (loop3): initial error at time 1779343908: ext4_orphan_get:1397: inode 15 [ 442.119098][ C1] EXT4-fs (loop3): last error at time 1779343908: ext4_orphan_get:1397: inode 15 [ 442.147677][ T7558] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.313: couldn't read orphan inode 15 (err -117) [ 442.147767][ T7558] loop3: lost filesystem error report for type 5 error -117 [ 442.676085][ T4933] Bluetooth: hci6: command tx timeout [ 442.707451][ T7558] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 442.866702][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 442.866818][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 444.882513][ T5617] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 447.254166][ T7589] loop2: detected capacity change from 0 to 128 [ 448.066182][ T7589] syz.2.317: attempt to access beyond end of device [ 448.066182][ T7589] loop2: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 450.393655][ T5278] 8021q: adding VLAN 0 to HW filter on device eth5 [ 454.411231][ T7619] loop2: detected capacity change from 0 to 128 [ 455.298276][ T7619] syz.2.321: attempt to access beyond end of device [ 455.298276][ T7619] loop2: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 456.168120][ T7617] netlink: 4 bytes leftover after parsing attributes in process `syz.3.320'. [ 457.736651][ T5278] 8021q: adding VLAN 0 to HW filter on device eth7 [ 458.147670][ T5627] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 458.167508][ T7649] netlink: 4 bytes leftover after parsing attributes in process `syz.2.322'. [ 458.216085][ T5627] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 458.234229][ T5627] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 458.255768][ T5627] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 458.269627][ T5627] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 460.467515][ T4933] Bluetooth: hci1: command tx timeout [ 462.974356][ T38] audit: type=1326 audit(1779343928.115:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7675 comm="syz.2.326" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f81bd8ace59 code=0x0 [ 468.417199][ T4933] Bluetooth: hci1: command tx timeout [ 469.653832][ T7687] netlink: 4 bytes leftover after parsing attributes in process `syz.2.328'. [ 470.123613][ T7507] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.126076][ T7507] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.126423][ T7507] bridge_slave_0: entered allmulticast mode [ 470.132567][ T7507] bridge_slave_0: entered promiscuous mode [ 470.426933][ T7696] loop3: detected capacity change from 0 to 128 [ 471.050787][ T4933] Bluetooth: hci1: command tx timeout [ 471.980140][ T7697] syz.3.329: attempt to access beyond end of device [ 471.980140][ T7697] loop3: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 475.205679][ T4933] Bluetooth: hci1: command tx timeout [ 477.063974][ T7507] bridge0: port 2(bridge_slave_1) entered blocking state [ 477.064285][ T7507] bridge0: port 2(bridge_slave_1) entered disabled state [ 477.064614][ T7507] bridge_slave_1: entered allmulticast mode [ 477.071804][ T7507] bridge_slave_1: entered promiscuous mode [ 477.167748][ T7505] bridge0: port 1(bridge_slave_0) entered blocking state [ 477.169270][ T7505] bridge0: port 1(bridge_slave_0) entered disabled state [ 477.169546][ T7505] bridge_slave_0: entered allmulticast mode [ 477.205957][ T7505] bridge_slave_0: entered promiscuous mode [ 479.289373][ T1474] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.109461][ T7505] bridge0: port 2(bridge_slave_1) entered blocking state [ 482.109843][ T7505] bridge0: port 2(bridge_slave_1) entered disabled state [ 482.110180][ T7505] bridge_slave_1: entered allmulticast mode [ 482.295598][ T7505] bridge_slave_1: entered promiscuous mode [ 482.462428][ T7507] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 484.970689][ T7507] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 484.983321][ T5278] 8021q: adding VLAN 0 to HW filter on device eth8 [ 485.082703][ T7505] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 486.960029][ T38] audit: type=1326 audit(1779343950.743:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7743 comm="syz.3.337" exe="/root/ci-upstream-linux-next-kasan-gce-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5c19b7ce59 code=0x0 [ 490.593795][ T1474] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 490.800285][ T7505] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 490.863422][ T7507] team0: Port device team_slave_0 added [ 491.064261][ T4933] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 491.068226][ T4933] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 491.093137][ T4933] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 491.096115][ T4933] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 491.098647][ T4933] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 491.180453][ T7507] team0: Port device team_slave_1 added [ 493.266795][ T1474] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 493.406178][ T7775] netlink: 68 bytes leftover after parsing attributes in process `syz.2.342'. [ 493.528630][ T5627] Bluetooth: hci0: command tx timeout [ 496.016090][ T5627] Bluetooth: hci0: command tx timeout [ 497.699229][ T5627] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 497.711971][ T5627] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 497.766182][ T5627] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 497.788503][ T5627] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 497.802729][ T5627] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 498.037182][ T7797] loop3: detected capacity change from 0 to 512 [ 498.221515][ T7797] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 498.221657][ T7797] ext4 filesystem being mounted at /107/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 498.225601][ T7797] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 498.331445][ T4933] Bluetooth: hci0: command tx timeout [ 499.397778][ T1474] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 499.462639][ T7797] loop3: detected capacity change from 0 to 256 [ 499.556163][ T7797] FAT-fs (loop3): Directory bread(block 64) failed [ 499.556310][ T7797] FAT-fs (loop3): Directory bread(block 65) failed [ 499.556430][ T7797] FAT-fs (loop3): Directory bread(block 66) failed [ 499.556454][ T7797] FAT-fs (loop3): Directory bread(block 67) failed [ 499.556553][ T7797] FAT-fs (loop3): Directory bread(block 68) failed [ 499.556577][ T7797] FAT-fs (loop3): Directory bread(block 69) failed [ 499.556679][ T7797] FAT-fs (loop3): Directory bread(block 70) failed [ 499.556703][ T7797] FAT-fs (loop3): Directory bread(block 71) failed [ 499.556813][ T7797] FAT-fs (loop3): Directory bread(block 72) failed [ 499.556837][ T7797] FAT-fs (loop3): Directory bread(block 73) failed [ 500.918739][ T4933] Bluetooth: hci2: command tx timeout [ 502.217804][ T4933] Bluetooth: hci0: command tx timeout [ 503.432711][ T4933] Bluetooth: hci2: command tx timeout [ 507.239226][ T4933] Bluetooth: hci2: command tx timeout [ 507.989194][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 507.989307][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 508.668760][ T1474] bridge_slave_1: left allmulticast mode [ 508.668795][ T1474] bridge_slave_1: left promiscuous mode [ 508.669081][ T1474] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.713465][ T7846] loop3: detected capacity change from 0 to 512 [ 508.788555][ T7846] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 508.788688][ T7846] ext4 filesystem being mounted at /110/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 508.830641][ T7846] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 508.884690][ T1474] bridge_slave_0: left allmulticast mode [ 508.884723][ T1474] bridge_slave_0: left promiscuous mode [ 508.885014][ T1474] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.419774][ T4933] Bluetooth: hci2: command tx timeout [ 509.594066][ T7851] loop3: detected capacity change from 0 to 128 [ 509.606902][ T7851] vfat: Unknown parameter 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' [ 512.130099][ T1474] bridge_slave_1: left allmulticast mode [ 512.130136][ T1474] bridge_slave_1: left promiscuous mode [ 512.139051][ T1474] bridge0: port 2(bridge_slave_1) entered disabled state [ 512.912007][ T1474] bridge_slave_0: left allmulticast mode [ 512.912036][ T1474] bridge_slave_0: left promiscuous mode [ 512.912729][ T1474] bridge0: port 1(bridge_slave_0) entered disabled state [ 513.691113][ T5623] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 514.035292][ T5623] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 514.035325][ T5623] usb 4-1: config 0 has no interface number 0 [ 514.035357][ T5623] usb 4-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F [ 514.035376][ T5623] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 514.040106][ T5623] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 514.040133][ T5623] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 514.040148][ T5623] usb 4-1: Product: syz [ 514.040158][ T5623] usb 4-1: SerialNumber: syz [ 514.174824][ T7864] netlink: 68 bytes leftover after parsing attributes in process `syz.2.355'. [ 515.110459][ T12] kworker/u8:0 (12) used greatest stack depth: 17600 bytes left [ 515.188862][ T5623] usb 4-1: config 0 descriptor?? [ 515.300189][ T5623] usbhid 4-1:0.8: couldn't find an input interrupt endpoint [ 515.401132][ T1474] bridge_slave_1: left allmulticast mode [ 515.401176][ T1474] bridge_slave_1: left promiscuous mode [ 515.401446][ T1474] bridge0: port 2(bridge_slave_1) entered disabled state [ 516.196778][ T5628] usb 4-1: USB disconnect, device number 3 [ 516.471451][ T1474] bridge_slave_0: left allmulticast mode [ 516.471486][ T1474] bridge_slave_0: left promiscuous mode [ 516.498116][ T1474] bridge0: port 1(bridge_slave_0) entered disabled state [ 517.014669][ T7875] netlink: 4 bytes leftover after parsing attributes in process `syz.2.358'. [ 517.944679][ T7879] input: syz0 as /devices/virtual/input/input16 [ 519.169767][ T1474] bond0 (unregistering): Released all slaves [ 519.426230][ T1474] bond0 (unregistering): Released all slaves [ 520.017656][ T1474] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 520.103498][ T1474] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 520.128837][ T1474] bond0 (unregistering): Released all slaves [ 520.391733][ T1474] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 520.499277][ T1474] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 520.563725][ T1474] bond0 (unregistering): Released all slaves [ 521.192975][ T7892] overlayfs: failed to resolve './bus': -2 [ 523.223699][ T7646] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg2": -EINTR [ 524.042810][ T7907] loop2: detected capacity change from 0 to 512 [ 524.360890][ T7907] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 524.361037][ T7907] ext4 filesystem being mounted at /121/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 524.365732][ T7907] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 525.697494][ T7907] loop2: detected capacity change from 0 to 256 [ 525.803265][ T5627] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 525.874730][ T5627] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 525.877206][ T5627] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 525.958557][ T5627] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 525.967745][ T5627] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 526.030355][ T7923] loop3: detected capacity change from 0 to 512 [ 526.182096][ T7907] FAT-fs (loop2): Directory bread(block 64) failed [ 526.182130][ T7907] FAT-fs (loop2): Directory bread(block 65) failed [ 526.182396][ T7907] FAT-fs (loop2): Directory bread(block 66) failed [ 526.182425][ T7907] FAT-fs (loop2): Directory bread(block 67) failed [ 526.182529][ T7907] FAT-fs (loop2): Directory bread(block 68) failed [ 526.182553][ T7907] FAT-fs (loop2): Directory bread(block 69) failed [ 526.182834][ T7907] FAT-fs (loop2): Directory bread(block 70) failed [ 526.182863][ T7907] FAT-fs (loop2): Directory bread(block 71) failed [ 526.182980][ T7907] FAT-fs (loop2): Directory bread(block 72) failed [ 526.183005][ T7907] FAT-fs (loop2): Directory bread(block 73) failed [ 526.274411][ T7923] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 526.274562][ T7923] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 526.307812][ T7923] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 526.896464][ T7923] loop3: detected capacity change from 0 to 256 [ 526.925915][ T7923] FAT-fs (loop3): Directory bread(block 64) failed [ 526.925945][ T7923] FAT-fs (loop3): Directory bread(block 65) failed [ 526.926111][ T7923] FAT-fs (loop3): Directory bread(block 66) failed [ 526.926132][ T7923] FAT-fs (loop3): Directory bread(block 67) failed [ 526.926226][ T7923] FAT-fs (loop3): Directory bread(block 68) failed [ 526.926245][ T7923] FAT-fs (loop3): Directory bread(block 69) failed [ 526.926333][ T7923] FAT-fs (loop3): Directory bread(block 70) failed [ 526.926353][ T7923] FAT-fs (loop3): Directory bread(block 71) failed [ 526.926433][ T7923] FAT-fs (loop3): Directory bread(block 72) failed [ 526.926452][ T7923] FAT-fs (loop3): Directory bread(block 73) failed [ 529.080101][ T4933] Bluetooth: hci1: command tx timeout [ 530.172327][ T7940] loop3: detected capacity change from 0 to 512 [ 530.232334][ T7940] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 530.232482][ T7940] ext4 filesystem being mounted at /117/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 530.251771][ T7940] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 530.318077][ T5278] 8021q: adding VLAN 0 to HW filter on device eth9 [ 530.592187][ T7950] loop2: detected capacity change from 0 to 128 [ 530.645848][ T7940] loop3: detected capacity change from 0 to 256 [ 530.848583][ T7940] FAT-fs (loop3): Directory bread(block 64) failed [ 530.848616][ T7940] FAT-fs (loop3): Directory bread(block 65) failed [ 530.848728][ T7940] FAT-fs (loop3): Directory bread(block 66) failed [ 530.848754][ T7940] FAT-fs (loop3): Directory bread(block 67) failed [ 530.848953][ T7940] FAT-fs (loop3): Directory bread(block 68) failed [ 530.848980][ T7940] FAT-fs (loop3): Directory bread(block 69) failed [ 530.849101][ T7940] FAT-fs (loop3): Directory bread(block 70) failed [ 530.849126][ T7940] FAT-fs (loop3): Directory bread(block 71) failed [ 530.849228][ T7940] FAT-fs (loop3): Directory bread(block 72) failed [ 530.849252][ T7940] FAT-fs (loop3): Directory bread(block 73) failed [ 531.319962][ T4933] Bluetooth: hci1: command tx timeout [ 534.055126][ T4933] Bluetooth: hci1: command tx timeout [ 534.968018][ T6291] kworker/u8:19: attempt to access beyond end of device [ 534.968018][ T6291] loop2: rw=1, sector=145, nr_sectors = 8 limit=128 [ 534.968185][ T6291] kworker/u8:19: attempt to access beyond end of device [ 534.968185][ T6291] loop2: rw=1, sector=161, nr_sectors = 8 limit=128 [ 534.968327][ T6291] kworker/u8:19: attempt to access beyond end of device [ 534.968327][ T6291] loop2: rw=1, sector=177, nr_sectors = 8 limit=128 [ 534.968521][ T6291] kworker/u8:19: attempt to access beyond end of device [ 534.968521][ T6291] loop2: rw=1, sector=193, nr_sectors = 8 limit=128 [ 534.968651][ T6291] kworker/u8:19: attempt to access beyond end of device [ 534.968651][ T6291] loop2: rw=1, sector=209, nr_sectors = 8 limit=128 [ 534.968783][ T6291] kworker/u8:19: attempt to access beyond end of device [ 534.968783][ T6291] loop2: rw=1, sector=225, nr_sectors = 8 limit=128 [ 534.968921][ T6291] kworker/u8:19: attempt to access beyond end of device [ 534.968921][ T6291] loop2: rw=1, sector=241, nr_sectors = 8 limit=128 [ 534.969052][ T6291] kworker/u8:19: attempt to access beyond end of device [ 534.969052][ T6291] loop2: rw=1, sector=257, nr_sectors = 8 limit=128 [ 534.970158][ T6291] kworker/u8:19: attempt to access beyond end of device [ 534.970158][ T6291] loop2: rw=1, sector=273, nr_sectors = 8 limit=128 [ 534.970300][ T6291] kworker/u8:19: attempt to access beyond end of device [ 534.970300][ T6291] loop2: rw=1, sector=289, nr_sectors = 8 limit=128 [ 535.675155][ T7791] bridge0: port 1(bridge_slave_0) entered blocking state [ 535.675551][ T7791] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.675848][ T7791] bridge_slave_0: entered allmulticast mode [ 535.687432][ T7791] bridge_slave_0: entered promiscuous mode [ 535.734192][ T7791] bridge0: port 2(bridge_slave_1) entered blocking state [ 535.734507][ T7791] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.734783][ T7791] bridge_slave_1: entered allmulticast mode [ 535.742592][ T7791] bridge_slave_1: entered promiscuous mode [ 536.260564][ T4933] Bluetooth: hci1: command tx timeout [ 536.363577][ T8000] netlink: 68 bytes leftover after parsing attributes in process `syz.3.371'. [ 537.779209][ T1474] hsr_slave_0: left promiscuous mode [ 537.951759][ T1474] hsr_slave_1: left promiscuous mode [ 537.953238][ T1474] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 537.954854][ T1474] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 537.989624][ T1474] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 537.989651][ T1474] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 538.475816][ T1474] veth1_macvtap: left promiscuous mode [ 538.475920][ T1474] veth0_macvtap: left promiscuous mode [ 538.476215][ T1474] veth1_vlan: left promiscuous mode [ 538.476406][ T1474] veth0_vlan: left promiscuous mode [ 540.863578][ T8019] loop3: detected capacity change from 0 to 512 [ 540.916302][ T8019] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 540.916399][ T8019] ext4 filesystem being mounted at /121/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 540.957053][ T8019] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 545.303110][ T1474] team0 (unregistering): Port device team_slave_1 removed [ 545.364878][ T1474] team0 (unregistering): Port device team_slave_0 removed [ 545.610800][ T1474] team0 (unregistering): Port device team_slave_0 removed [ 545.863907][ T7755] bridge0: port 1(bridge_slave_0) entered blocking state [ 545.864261][ T7755] bridge0: port 1(bridge_slave_0) entered disabled state [ 545.864581][ T7755] bridge_slave_0: entered allmulticast mode [ 545.889191][ T7755] bridge_slave_0: entered promiscuous mode [ 545.949689][ T7755] bridge0: port 2(bridge_slave_1) entered blocking state [ 545.950037][ T7755] bridge0: port 2(bridge_slave_1) entered disabled state [ 545.950322][ T7755] bridge_slave_1: entered allmulticast mode [ 545.980602][ T7755] bridge_slave_1: entered promiscuous mode [ 546.070777][ T7791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 546.198633][ T7791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 546.383215][ T7755] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 546.437552][ T7755] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 546.482385][ T7791] team0: Port device team_slave_0 added [ 546.537374][ T7791] team0: Port device team_slave_1 added [ 546.634385][ T7755] team0: Port device team_slave_0 added [ 547.258973][ T7755] team0: Port device team_slave_1 added [ 548.576659][ T8045] loop2: detected capacity change from 0 to 128 [ 550.478231][ T8045] bio_check_eod: 102 callbacks suppressed [ 550.478291][ T8045] syz.2.379: attempt to access beyond end of device [ 550.478291][ T8045] loop2: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 552.333247][ T7791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 552.333265][ T7791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 552.333292][ T7791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 552.425146][ T7791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 552.425164][ T7791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 552.425192][ T7791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 552.785249][ T7755] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 552.785302][ T7755] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 552.785334][ T7755] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 553.868849][ T7755] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 553.868869][ T7755] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 553.868902][ T7755] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 556.491869][ T7791] hsr_slave_0: entered promiscuous mode [ 556.494191][ T7791] hsr_slave_1: entered promiscuous mode [ 556.496104][ T7791] debugfs: 'hsr0' already exists in 'hsr' [ 556.496129][ T7791] Cannot create hsr debugfs directory [ 558.669370][ T5627] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 558.708657][ T5627] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 558.713073][ T5627] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 558.714652][ T5627] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 558.715697][ T5627] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 560.630586][ T5278] 8021q: adding VLAN 0 to HW filter on device eth10 [ 561.804953][ T8087] Bluetooth: hci5: command tx timeout [ 562.143757][ T5631] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 563.213865][ T5631] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 563.227980][ T5631] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 563.230752][ T5631] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 563.232450][ T5631] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 563.958099][ T8087] Bluetooth: hci5: command tx timeout [ 566.224568][ T8135] netlink: 68 bytes leftover after parsing attributes in process `syz.3.394'. [ 567.532067][ T5631] Bluetooth: hci5: command tx timeout [ 567.532190][ T8087] Bluetooth: hci0: command tx timeout [ 569.686926][ T5631] Bluetooth: hci5: command tx timeout [ 569.686978][ T8087] Bluetooth: hci0: command tx timeout [ 570.656485][ T7916] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.656902][ T7916] bridge0: port 1(bridge_slave_0) entered disabled state [ 571.322135][ T7916] bridge_slave_0: entered allmulticast mode [ 571.330638][ T7916] bridge_slave_0: entered promiscuous mode [ 571.740061][ T7916] bridge0: port 2(bridge_slave_1) entered blocking state [ 571.740500][ T7916] bridge0: port 2(bridge_slave_1) entered disabled state [ 571.740812][ T7916] bridge_slave_1: entered allmulticast mode [ 571.777339][ T7916] bridge_slave_1: entered promiscuous mode [ 572.855342][ T8087] Bluetooth: hci0: command tx timeout [ 573.517019][ T7916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 573.635753][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 573.635866][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 573.675768][ T7916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 573.724643][ T8170] netlink: 892 bytes leftover after parsing attributes in process `syz.2.401'. [ 574.285926][ T7916] team0: Port device team_slave_0 added [ 574.330129][ T7916] team0: Port device team_slave_1 added [ 575.458874][ T8179] loop2: detected capacity change from 0 to 128 [ 575.556212][ T8087] Bluetooth: hci0: command tx timeout [ 578.881840][ T5278] 8021q: adding VLAN 0 to HW filter on device eth11 [ 578.884325][ T7916] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 578.884342][ T7916] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 578.884374][ T7916] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 579.063127][ T8193] loop2: detected capacity change from 0 to 128 [ 580.961059][ T8193] syz.2.403: attempt to access beyond end of device [ 580.961059][ T8193] loop2: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 581.890807][ T7916] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 581.890826][ T7916] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 581.890858][ T7916] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 585.078577][ T7916] hsr_slave_0: entered promiscuous mode [ 585.080761][ T7916] hsr_slave_1: entered promiscuous mode [ 585.082494][ T7916] debugfs: 'hsr0' already exists in 'hsr' [ 585.082520][ T7916] Cannot create hsr debugfs directory [ 589.193634][ T8082] bridge0: port 1(bridge_slave_0) entered blocking state [ 589.193909][ T8082] bridge0: port 1(bridge_slave_0) entered disabled state [ 589.242693][ T8082] bridge_slave_0: entered allmulticast mode [ 589.256856][ T8082] bridge_slave_0: entered promiscuous mode [ 589.965076][ T8082] bridge0: port 2(bridge_slave_1) entered blocking state [ 590.250396][ T8082] bridge0: port 2(bridge_slave_1) entered disabled state [ 590.850415][ T8082] bridge_slave_1: entered allmulticast mode [ 590.873436][ T8082] bridge_slave_1: entered promiscuous mode [ 591.367947][ T5631] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 591.756149][ T5631] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 591.792768][ T5631] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 591.794201][ T5631] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 591.835340][ T5631] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 592.342118][ T10] ------------[ cut here ]------------ [ 592.342135][ T10] faux_driver vkms: [drm] vblank wait timed out on crtc 0 [ 592.342158][ T10] WARNING: drivers/gpu/drm/drm_vblank.c:1329 at drm_crtc_wait_one_vblank+0x3d5/0x590, CPU#0: kworker/0:1/10 [ 592.342204][ T10] Modules linked in: [ 592.342241][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 592.342267][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 592.342282][ T10] Workqueue: events drm_fb_helper_damage_work [ 592.342313][ T10] RIP: 0010:drm_crtc_wait_one_vblank+0x53c/0x590 [ 592.342340][ T10] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 74 0d c9 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 48 8b 3c 24 44 89 f6 e8 13 f4 ff ff b8 92 ff ff ff [ 592.342359][ T10] RSP: 0018:ffffc900000f7920 EFLAGS: 00010246 [ 592.342378][ T10] RAX: 1ffff1100427b200 RBX: ffffffff8f96eb50 RCX: 0000000000000000 [ 592.342394][ T10] RDX: ffffffff8bc187c0 RSI: ffffffff8bc35540 RDI: ffffffff8f96eb50 [ 592.342410][ T10] RBP: ffffc900000f7a08 R08: 0000000000000000 R09: 0000000000000000 [ 592.342423][ T10] R10: dffffc0000000000 R11: fffffbfff1f173a7 R12: ffffffff8bc35540 [ 592.342440][ T10] R13: ffff8880213d9000 R14: 0000000000000000 R15: ffffffff8bc187c0 [ 592.342455][ T10] FS: 0000000000000000(0000) GS:ffff888125efc000(0000) knlGS:0000000000000000 [ 592.342472][ T10] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 592.342487][ T10] CR2: 00007f68db425000 CR3: 000000005c66a000 CR4: 00000000003526f0 [ 592.342506][ T10] Call Trace: [ 592.342514][ T10] [ 592.342533][ T10] ? __pfx_drm_crtc_wait_one_vblank+0x10/0x10 [ 592.342558][ T10] ? rt_spin_unlock+0x14f/0x200 [ 592.342593][ T10] ? __pfx_autoremove_wake_function+0x10/0x10 [ 592.342621][ T10] ? rt_spin_unlock+0x160/0x200 [ 592.342673][ T10] ? drm_vblank_get+0x147/0x280 [ 592.342719][ T10] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 592.342759][ T10] drm_fb_helper_damage_work+0x131/0x720 [ 592.342790][ T10] ? process_one_work+0x8be/0x1630 [ 592.342830][ T10] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 592.342867][ T10] ? process_one_work+0x8be/0x1630 [ 592.342903][ T10] process_one_work+0x98b/0x1630 [ 592.342963][ T10] ? __pfx_process_one_work+0x10/0x10 [ 592.342995][ T10] ? do_raw_spin_lock+0x12b/0x2f0 [ 592.343037][ T10] worker_thread+0xb49/0x1140 [ 592.343083][ T10] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 592.343126][ T10] kthread+0x389/0x470 [ 592.343153][ T10] ? __pfx_worker_thread+0x10/0x10 [ 592.343186][ T10] ? __pfx_kthread+0x10/0x10 [ 592.343212][ T10] ret_from_fork+0x514/0xb70 [ 592.343246][ T10] ? __pfx_ret_from_fork+0x10/0x10 [ 592.343275][ T10] ? __switch_to+0xc79/0x1410 [ 592.343304][ T10] ? __pfx_kthread+0x10/0x10 [ 592.343331][ T10] ret_from_fork_asm+0x1a/0x30 [ 592.343382][ T10] [ 592.343400][ T10] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 592.343420][ T10] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 592.343444][ T10] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 592.343458][ T10] Workqueue: events drm_fb_helper_damage_work [ 592.343483][ T10] Call Trace: [ 592.343491][ T10] [ 592.343500][ T10] vpanic+0x56c/0xa60 [ 592.343531][ T10] ? __pfx__printk+0x10/0x10 [ 592.343557][ T10] ? __pfx_vpanic+0x10/0x10 [ 592.343586][ T10] ? is_bpf_text_address+0x292/0x2b0 [ 592.343614][ T10] ? is_bpf_text_address+0x26/0x2b0 [ 592.343652][ T10] panic+0xc5/0xd0 [ 592.343682][ T10] ? __pfx_panic+0x10/0x10 [ 592.343724][ T10] ? ret_from_fork_asm+0x1a/0x30 [ 592.343762][ T10] __warn+0x315/0x4c0 [ 592.343793][ T10] ? drm_crtc_wait_one_vblank+0x3d5/0x590 [ 592.343820][ T10] ? drm_crtc_wait_one_vblank+0x3d5/0x590 [ 592.343848][ T10] __report_bug+0x339/0x540 [ 592.343883][ T10] ? drm_crtc_wait_one_vblank+0x3d5/0x590 [ 592.343915][ T10] ? __pfx___report_bug+0x10/0x10 [ 592.343966][ T10] report_bug_entry+0x19a/0x290 [ 592.343995][ T10] ? drm_crtc_wait_one_vblank+0x53c/0x590 [ 592.344019][ T10] ? drm_crtc_wait_one_vblank+0x541/0x590 [ 592.344044][ T10] handle_bug+0xce/0x200 [ 592.344074][ T10] exc_invalid_op+0x1a/0x50 [ 592.344105][ T10] asm_exc_invalid_op+0x1a/0x20 [ 592.344127][ T10] RIP: 0010:drm_crtc_wait_one_vblank+0x53c/0x590 [ 592.344153][ T10] Code: e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ef e8 74 0d c9 fc 4d 8b 7d 00 48 89 df 4c 89 e6 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 48 8b 3c 24 44 89 f6 e8 13 f4 ff ff b8 92 ff ff ff [ 592.344173][ T10] RSP: 0018:ffffc900000f7920 EFLAGS: 00010246 [ 592.344191][ T10] RAX: 1ffff1100427b200 RBX: ffffffff8f96eb50 RCX: 0000000000000000 [ 592.344206][ T10] RDX: ffffffff8bc187c0 RSI: ffffffff8bc35540 RDI: ffffffff8f96eb50 [ 592.344223][ T10] RBP: ffffc900000f7a08 R08: 0000000000000000 R09: 0000000000000000 [ 592.344237][ T10] R10: dffffc0000000000 R11: fffffbfff1f173a7 R12: ffffffff8bc35540 [ 592.344253][ T10] R13: ffff8880213d9000 R14: 0000000000000000 R15: ffffffff8bc187c0 [ 592.344293][ T10] ? __pfx_drm_crtc_wait_one_vblank+0x10/0x10 [ 592.344316][ T10] ? rt_spin_unlock+0x14f/0x200 [ 592.344348][ T10] ? __pfx_autoremove_wake_function+0x10/0x10 [ 592.344376][ T10] ? rt_spin_unlock+0x160/0x200 [ 592.344412][ T10] ? drm_vblank_get+0x147/0x280 [ 592.344438][ T10] drm_client_modeset_wait_for_vblank+0xc5/0xf0 [ 592.344473][ T10] drm_fb_helper_damage_work+0x131/0x720 [ 592.344501][ T10] ? process_one_work+0x8be/0x1630 [ 592.344541][ T10] ? __pfx_drm_fb_helper_damage_work+0x10/0x10 [ 592.344578][ T10] ? process_one_work+0x8be/0x1630 [ 592.344609][ T10] process_one_work+0x98b/0x1630 [ 592.344667][ T10] ? __pfx_process_one_work+0x10/0x10 [ 592.344699][ T10] ? do_raw_spin_lock+0x12b/0x2f0 [ 592.344740][ T10] worker_thread+0xb49/0x1140 [ 592.344783][ T10] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 592.344827][ T10] kthread+0x389/0x470 [ 592.344854][ T10] ? __pfx_worker_thread+0x10/0x10 [ 592.344888][ T10] ? __pfx_kthread+0x10/0x10 [ 592.344923][ T10] ret_from_fork+0x514/0xb70 [ 592.344955][ T10] ? __pfx_ret_from_fork+0x10/0x10 [ 592.344983][ T10] ? __switch_to+0xc79/0x1410 [ 592.345012][ T10] ? __pfx_kthread+0x10/0x10 [ 592.345040][ T10] ret_from_fork_asm+0x1a/0x30 [ 592.345089][ T10] [ 592.345697][ T10] Kernel Offset: disabled