last executing test programs: 9.509111564s ago: executing program 0 (id=215): accept$inet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x2000) ioctl$FE_GET_EVENT(r0, 0x80286f4e, &(0x7f0000000040)={0x0, {0x0, 0x0, @qam}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2) syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000000)) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000180), 0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8) mount(&(0x7f0000000200)=@rnullb, &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)='aufs\x00', 0x9010, &(0x7f0000000300)='eth0\x00') madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x2}, 0x10) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) r3 = socket(0x10, 0x3, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xe000, &(0x7f0000000200)=[{&(0x7f0000000240)="d8000000180081064e81f782db4cb904021d0800fd027c05e8fe55a10a0006000140020203600e41b0000900ac00060311000000a4000500000080200004015c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d3a6823a45f28fcb1d", 0xd8}], 0x1}, 0x40) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) socketpair(0x2a, 0x2, 0x1, &(0x7f0000000000)) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, 0x0) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000040)={0x5, @pix_mp={0x8, 0x4000000, 0x55595659, 0x0, 0x3, [{0x1, 0x7}, {0x6}, {0x2, 0x6}, {0x101, 0x80007fff}, {0xffffff80, 0x9}, {0x2, 0x100003}, {0x6, 0xfff}, {0xa, 0x3ff}], 0xce, 0x1, 0x6, 0x3}}) statx(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x2000, 0x8, &(0x7f00000000c0)) 9.321053966s ago: executing program 3 (id=217): socket$nl_netfilter(0x10, 0x3, 0xc) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000002100)='/proc/bus/input/devices\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) 9.210287347s ago: executing program 1 (id=218): accept$inet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x2000) ioctl$FE_GET_EVENT(r0, 0x80286f4e, &(0x7f0000000040)={0x0, {0x0, 0x0, @qam}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x197, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000180), 0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8) mount(&(0x7f0000000200)=@rnullb, &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)='aufs\x00', 0x9010, &(0x7f0000000300)='eth0\x00') madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x2}, 0x10) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) r3 = socket(0x10, 0x3, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xe000, &(0x7f0000000200)=[{&(0x7f0000000240)="d8000000180081064e81f782db4cb904021d0800fd027c05e8fe55a10a0006000140020203600e41b0000900ac00060311000000a4000500000080200004015c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d3a6823a45f28fcb1d", 0xd8}], 0x1}, 0x40) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) socketpair(0x2a, 0x2, 0x1, &(0x7f0000000000)) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, 0x0) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000040)={0x5, @pix_mp={0x8, 0x4000000, 0x55595659, 0x0, 0x3, [{0x1, 0x7}, {0x6}, {0x2, 0x6}, {0x101, 0x80007fff}, {0xffffff80, 0x9}, {0x2, 0x100003}, {0x6, 0xfff}, {0xa, 0x3ff}], 0xce, 0x1, 0x6, 0x3}}) statx(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x2000, 0x8, &(0x7f00000000c0)) 7.979403571s ago: executing program 3 (id=220): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) r1 = dup2(r0, r0) ioctl$VIDIOC_LOG_STATUS(r1, 0x5646, 0x0) rseq(0x0, 0x0, 0x20000000000, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) 6.591214616s ago: executing program 3 (id=222): accept$inet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x2000) ioctl$FE_GET_EVENT(r0, 0x80286f4e, &(0x7f0000000040)={0x0, {0x0, 0x0, @qam}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x197, 0x0) syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000000)) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000180), 0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8) mount(&(0x7f0000000200)=@rnullb, &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)='aufs\x00', 0x9010, &(0x7f0000000300)='eth0\x00') madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x2}, 0x10) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) r3 = socket(0x10, 0x3, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xe000, &(0x7f0000000200)=[{&(0x7f0000000240)="d8000000180081064e81f782db4cb904021d0800fd027c05e8fe55a10a0006000140020203600e41b0000900ac00060311000000a4000500000080200004015c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d3a6823a45f28fcb1d", 0xd8}], 0x1}, 0x40) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) socketpair(0x2a, 0x2, 0x1, &(0x7f0000000000)) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, 0x0) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000040)={0x5, @pix_mp={0x8, 0x4000000, 0x55595659, 0x0, 0x3, [{0x1, 0x7}, {0x6}, {0x2, 0x6}, {0x101, 0x80007fff}, {0xffffff80, 0x9}, {0x2, 0x100003}, {0x6, 0xfff}, {0xa, 0x3ff}], 0xce, 0x1, 0x6, 0x3}}) statx(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x2000, 0x8, &(0x7f00000000c0)) 6.056777212s ago: executing program 0 (id=223): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) r1 = dup2(r0, r0) ioctl$VIDIOC_LOG_STATUS(r1, 0x5646, 0x0) rseq(0x0, 0x0, 0x20000000000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) 5.876886575s ago: executing program 1 (id=224): listen(0xffffffffffffffff, 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket(0x10, 0x3, 0xd1f) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0) socket$phonet_pipe(0x23, 0x5, 0x2) listen(0xffffffffffffffff, 0xb8) ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000007c0)={0x28, 0x4, r2, 0x0, &(0x7f0000561000/0x1000)=nil, 0x1000, 0x1004000}) close_range(r0, 0xffffffffffffffff, 0x0) 4.546048739s ago: executing program 0 (id=225): accept$inet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x2000) ioctl$FE_GET_EVENT(r0, 0x80286f4e, &(0x7f0000000040)={0x0, {0x0, 0x0, @qam}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x197, 0x0) syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000000)) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8) mount(&(0x7f0000000200)=@rnullb, &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)='aufs\x00', 0x9010, &(0x7f0000000300)='eth0\x00') madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x2}, 0x10) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) r3 = socket(0x10, 0x3, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xe000, &(0x7f0000000200)=[{&(0x7f0000000240)="d8000000180081064e81f782db4cb904021d0800fd027c05e8fe55a10a0006000140020203600e41b0000900ac00060311000000a4000500000080200004015c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d3a6823a45f28fcb1d", 0xd8}], 0x1}, 0x40) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) socketpair(0x2a, 0x2, 0x1, &(0x7f0000000000)) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, 0x0) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000040)={0x5, @pix_mp={0x8, 0x4000000, 0x55595659, 0x0, 0x3, [{0x1, 0x7}, {0x6}, {0x2, 0x6}, {0x101, 0x80007fff}, {0xffffff80, 0x9}, {0x2, 0x100003}, {0x6, 0xfff}, {0xa, 0x3ff}], 0xce, 0x1, 0x6, 0x3}}) statx(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x2000, 0x8, &(0x7f00000000c0)) 4.46725179s ago: executing program 1 (id=226): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x20044014) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 4.40694786s ago: executing program 2 (id=227): syz_open_dev$sg(&(0x7f00000001c0), 0x508d48d4, 0x40902) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@mpls_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}, [@RTA_TTL_PROPAGATE={0x5, 0x1a, 0xdd}]}, 0x24}}, 0x0) syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=[@dstopts_2292={{0xa0, 0x29, 0x4, {0x4, 0x10, '\x00', [@calipso={0x7, 0x8, {0x1, 0x0, 0x9, 0x9f}}, @generic={0xfe, 0x61, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a83"}, @generic={0x80, 0x12, "09e12e5f0b6bdcf72f2ec7008a15fa88b025"}, @pad1, @generic={0x93}]}}}, @hopopts_2292={{0x80, 0x29, 0x36, {0x3b, 0xc, '\x00', [@pad1, @enc_lim={0x4, 0x1, 0x7}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00'}, @enc_lim={0x4, 0x1, 0x8}, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x30, {0x3, 0xa, 0x6c, 0x8, [0x2, 0x6, 0x7fff, 0x6, 0x7]}}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @padn]}}}, @hopopts={{0x78, 0x29, 0x36, {0x5e, 0xb, '\x00', [@pad1, @pad1, @padn, @calipso={0x7, 0x28, {0x3, 0x8, 0x0, 0xfff, [0x2, 0x966, 0x1, 0x1]}}, @calipso={0x7, 0x10, {0x0, 0x2, 0xda, 0x6, [0x7fff]}}, @generic={0x8}, @calipso={0x7, 0x10, {0x3, 0x2, 0x3, 0x7, [0x8000]}}, @generic={0x1, 0x2, "2bdb"}]}}}], 0x198}}], 0x1, 0x810) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000280), 0x800, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd20e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 3.56073783s ago: executing program 2 (id=228): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) r1 = dup2(r0, r0) ioctl$VIDIOC_LOG_STATUS(r1, 0x5646, 0x0) socket$nl_generic(0x10, 0x3, 0x10) rseq(0x0, 0x0, 0x20000000000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) 3.542043751s ago: executing program 1 (id=229): accept$inet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x2000) ioctl$FE_GET_EVENT(r0, 0x80286f4e, &(0x7f0000000040)={0x0, {0x0, 0x0, @qam}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x197, 0x0) syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000000)) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000180), 0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x2}, 0x10) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) r3 = socket(0x10, 0x3, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xe000, &(0x7f0000000200)=[{&(0x7f0000000240)="d8000000180081064e81f782db4cb904021d0800fd027c05e8fe55a10a0006000140020203600e41b0000900ac00060311000000a4000500000080200004015c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d3a6823a45f28fcb1d", 0xd8}], 0x1}, 0x40) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) socketpair(0x2a, 0x2, 0x1, &(0x7f0000000000)) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, 0x0) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000040)={0x5, @pix_mp={0x8, 0x4000000, 0x55595659, 0x0, 0x3, [{0x1, 0x7}, {0x6}, {0x2, 0x6}, {0x101, 0x80007fff}, {0xffffff80, 0x9}, {0x2, 0x100003}, {0x6, 0xfff}, {0xa, 0x3ff}], 0xce, 0x1, 0x6, 0x3}}) statx(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x2000, 0x8, &(0x7f00000000c0)) 3.140539675s ago: executing program 3 (id=230): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="25b8", 0x2}, {&(0x7f0000000140)="ebe3a0e9", 0x4}, {&(0x7f00000003c0)="e8700e444d", 0x5}], 0x3}], 0x1, 0x20044014) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 2.997196996s ago: executing program 2 (id=231): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="25b8", 0x2}, {&(0x7f0000000140)="ebe3a0e9", 0x4}, {&(0x7f00000003c0)="e8700e444d", 0x5}], 0x3}], 0x1, 0x20044014) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 2.606346351s ago: executing program 3 (id=232): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) r1 = dup2(r0, r0) ioctl$VIDIOC_LOG_STATUS(r1, 0x5646, 0x0) socket$nl_generic(0x10, 0x3, 0x10) rseq(0x0, 0x0, 0x20000000000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102) r2 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) 2.516329242s ago: executing program 2 (id=233): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) r1 = dup2(r0, r0) ioctl$VIDIOC_LOG_STATUS(r1, 0x5646, 0x0) socket$nl_generic(0x10, 0x3, 0x10) rseq(0x0, 0x0, 0x20000000000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) 1.669397841s ago: executing program 0 (id=234): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'hash\x00', 0x0, 0x0, 'wp512\x00'}, 0x58) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="25b8", 0x2}, {&(0x7f0000000140)="ebe3a0e9", 0x4}, {&(0x7f00000003c0)="e8700e444d", 0x5}], 0x3}], 0x1, 0x20044014) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 1.237665896s ago: executing program 3 (id=235): accept$inet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x2000) ioctl$FE_GET_EVENT(r0, 0x80286f4e, &(0x7f0000000040)={0x0, {0x0, 0x0, @qam}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x197, 0x0) syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000000)) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000180), 0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8) mount(&(0x7f0000000200)=@rnullb, &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)='aufs\x00', 0x9010, &(0x7f0000000300)='eth0\x00') setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x2}, 0x10) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) r3 = socket(0x10, 0x3, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xe000, &(0x7f0000000200)=[{&(0x7f0000000240)="d8000000180081064e81f782db4cb904021d0800fd027c05e8fe55a10a0006000140020203600e41b0000900ac00060311000000a4000500000080200004015c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d3a6823a45f28fcb1d", 0xd8}], 0x1}, 0x40) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) socketpair(0x2a, 0x2, 0x1, &(0x7f0000000000)) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, 0x0) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000040)={0x5, @pix_mp={0x8, 0x4000000, 0x55595659, 0x0, 0x3, [{0x1, 0x7}, {0x6}, {0x2, 0x6}, {0x101, 0x80007fff}, {0xffffff80, 0x9}, {0x2, 0x100003}, {0x6, 0xfff}, {0xa, 0x3ff}], 0xce, 0x1, 0x6, 0x3}}) statx(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x2000, 0x8, &(0x7f00000000c0)) 1.219901916s ago: executing program 2 (id=236): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) r1 = dup2(r0, r0) ioctl$VIDIOC_LOG_STATUS(r1, 0x5646, 0x0) socket$nl_generic(0x10, 0x3, 0x10) rseq(0x0, 0x0, 0x20000000000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) 1.106041898s ago: executing program 0 (id=237): listen(0xffffffffffffffff, 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) socket(0x10, 0x3, 0xd1f) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x0) socket$inet6(0xa, 0x1, 0x0) close(0xffffffffffffffff) socket$phonet_pipe(0x23, 0x5, 0x2) listen(0xffffffffffffffff, 0xb8) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000007c0)={0x28, 0x4, r2, 0x0, &(0x7f0000561000/0x1000)=nil, 0x1000, 0x1004000}) close_range(r0, 0xffffffffffffffff, 0x0) 1.068492628s ago: executing program 1 (id=238): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2) r1 = dup2(r0, r0) ioctl$VIDIOC_LOG_STATUS(r1, 0x5646, 0x0) socket$nl_generic(0x10, 0x3, 0x10) rseq(0x0, 0x0, 0x20000000000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) 345.876196ms ago: executing program 0 (id=239): accept$inet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x2000) ioctl$FE_GET_EVENT(r0, 0x80286f4e, &(0x7f0000000040)={0x0, {0x0, 0x0, @qam}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x197, 0x0) syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000000)) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000180), 0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8) mount(&(0x7f0000000200)=@rnullb, &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)='aufs\x00', 0x9010, &(0x7f0000000300)='eth0\x00') madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) r3 = socket(0x10, 0x3, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xe000, &(0x7f0000000200)=[{&(0x7f0000000240)="d8000000180081064e81f782db4cb904021d0800fd027c05e8fe55a10a0006000140020203600e41b0000900ac00060311000000a4000500000080200004015c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d3a6823a45f28fcb1d", 0xd8}], 0x1}, 0x40) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) socketpair(0x2a, 0x2, 0x1, &(0x7f0000000000)) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, 0x0) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000040)={0x5, @pix_mp={0x8, 0x4000000, 0x55595659, 0x0, 0x3, [{0x1, 0x7}, {0x6}, {0x2, 0x6}, {0x101, 0x80007fff}, {0xffffff80, 0x9}, {0x2, 0x100003}, {0x6, 0xfff}, {0xa, 0x3ff}], 0xce, 0x1, 0x6, 0x3}}) statx(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x2000, 0x8, &(0x7f00000000c0)) 93.749959ms ago: executing program 2 (id=240): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4000000) socket$alg(0x26, 0x5, 0x0) r0 = io_uring_setup(0x142a, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0x10, 0xa0002f5}) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000cc0)}], 0x1) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 0s ago: executing program 1 (id=241): accept$inet(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x2000) ioctl$FE_GET_EVENT(r0, 0x80286f4e, &(0x7f0000000040)={0x0, {0x0, 0x0, @qam}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x197, 0x0) syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000000)) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000180), 0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8) mount(&(0x7f0000000200)=@rnullb, &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)='aufs\x00', 0x9010, &(0x7f0000000300)='eth0\x00') madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000280)={0x4000, 0x2}, 0x10) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) r3 = socket(0x10, 0x3, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xe000, &(0x7f0000000200)=[{&(0x7f0000000240)="d8000000180081064e81f782db4cb904021d0800fd027c05e8fe55a10a0006000140020203600e41b0000900ac00060311000000a4000500000080200004015c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d3a6823a45f28fcb1d", 0xd8}], 0x1}, 0x40) sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0x0) socketpair(0x2a, 0x2, 0x1, &(0x7f0000000000)) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, 0x0) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000040)={0x5, @pix_mp={0x8, 0x4000000, 0x55595659, 0x0, 0x3, [{0x1, 0x7}, {0x6}, {0x2, 0x6}, {0x101, 0x80007fff}, {0xffffff80, 0x9}, {0x2, 0x100003}, {0x6, 0xfff}, {0xa, 0x3ff}], 0xce, 0x1, 0x6, 0x3}}) statx(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x2000, 0x8, &(0x7f00000000c0)) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.251' (ED25519) to the list of known hosts. [ 80.032777][ T5758] cgroup: Unknown subsys name 'net' [ 80.170346][ T5758] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 81.834783][ T5758] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 83.548235][ T5775] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 83.568826][ T5778] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 83.578923][ T5778] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 83.591753][ T5778] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 83.599760][ T5778] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 83.608796][ T5778] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 83.617788][ T5778] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 83.625933][ T5778] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 83.633459][ T5775] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 83.633970][ T5778] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 83.645187][ T5786] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 83.653865][ T5778] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 83.662606][ T5778] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 83.670559][ T5786] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 83.672224][ T5778] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 83.680016][ T5775] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 83.688353][ T5778] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 83.698775][ T5775] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 83.703126][ T5778] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 83.713929][ T5778] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 83.723053][ T5082] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 83.733702][ T5775] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 83.745202][ T5783] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 83.754137][ T5783] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.286086][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 84.314806][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 84.389467][ T5781] chnl_net:caif_netlink_parms(): no params data found [ 84.408125][ T5774] chnl_net:caif_netlink_parms(): no params data found [ 84.553859][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.561131][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.569080][ T5771] bridge_slave_0: entered allmulticast mode [ 84.577040][ T5771] bridge_slave_0: entered promiscuous mode [ 84.592511][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.599716][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.607368][ T5770] bridge_slave_0: entered allmulticast mode [ 84.614757][ T5770] bridge_slave_0: entered promiscuous mode [ 84.624240][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.631520][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.638943][ T5770] bridge_slave_1: entered allmulticast mode [ 84.646553][ T5770] bridge_slave_1: entered promiscuous mode [ 84.671243][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.678516][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.685971][ T5771] bridge_slave_1: entered allmulticast mode [ 84.693564][ T5771] bridge_slave_1: entered promiscuous mode [ 84.773678][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.786792][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.796199][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.805039][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.812357][ T5781] bridge_slave_0: entered allmulticast mode [ 84.819448][ T5781] bridge_slave_0: entered promiscuous mode [ 84.839270][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 84.853892][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.875313][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.882679][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.889882][ T5781] bridge_slave_1: entered allmulticast mode [ 84.897441][ T5781] bridge_slave_1: entered promiscuous mode [ 84.904387][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.913301][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.920543][ T5774] bridge_slave_0: entered allmulticast mode [ 84.928104][ T5774] bridge_slave_0: entered promiscuous mode [ 84.968019][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.975412][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.982984][ T5774] bridge_slave_1: entered allmulticast mode [ 84.990127][ T5774] bridge_slave_1: entered promiscuous mode [ 85.010182][ T5770] team0: Port device team_slave_0 added [ 85.021127][ T5770] team0: Port device team_slave_1 added [ 85.049751][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.062400][ T5771] team0: Port device team_slave_0 added [ 85.104666][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.126361][ T5771] team0: Port device team_slave_1 added [ 85.146132][ T5774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.159916][ T5774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.170121][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.177621][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.204587][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.244737][ T5781] team0: Port device team_slave_0 added [ 85.271193][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.278501][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.305006][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.317325][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.326172][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.356382][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.369686][ T5781] team0: Port device team_slave_1 added [ 85.404626][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.411785][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.446225][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.479063][ T5774] team0: Port device team_slave_0 added [ 85.488431][ T5774] team0: Port device team_slave_1 added [ 85.508563][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.516106][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.542862][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.556082][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.563745][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.590303][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.648641][ T5771] hsr_slave_0: entered promiscuous mode [ 85.655533][ T5771] hsr_slave_1: entered promiscuous mode [ 85.684655][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 85.691908][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.718136][ T5774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 85.731256][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 85.739565][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 85.766440][ T5780] Bluetooth: hci0: command tx timeout [ 85.772141][ T5774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 85.807938][ T5770] hsr_slave_0: entered promiscuous mode [ 85.814522][ T5770] hsr_slave_1: entered promiscuous mode [ 85.820724][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.829207][ T5780] Bluetooth: hci1: command tx timeout [ 85.833348][ T5783] Bluetooth: hci3: command tx timeout [ 85.835161][ T5770] Cannot create hsr debugfs directory [ 85.840779][ T5780] Bluetooth: hci2: command tx timeout [ 85.908673][ T5774] hsr_slave_0: entered promiscuous mode [ 85.915754][ T5774] hsr_slave_1: entered promiscuous mode [ 85.922483][ T5774] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 85.930065][ T5774] Cannot create hsr debugfs directory [ 86.008656][ T5781] hsr_slave_0: entered promiscuous mode [ 86.015790][ T5781] hsr_slave_1: entered promiscuous mode [ 86.022915][ T5781] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.030532][ T5781] Cannot create hsr debugfs directory [ 86.399952][ T5771] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 86.420084][ T5771] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 86.443756][ T5771] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 86.455422][ T5771] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 86.544124][ T5774] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 86.560525][ T5774] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 86.570746][ T5774] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 86.584933][ T5774] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 86.696981][ T5770] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 86.710462][ T5770] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 86.744756][ T5770] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 86.773131][ T5770] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 86.840521][ T5781] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 86.855119][ T5781] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 86.870275][ T5781] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 86.886830][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.905398][ T5781] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 86.940028][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.977713][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.013935][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.021421][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.038645][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.045880][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.086479][ T5774] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.134152][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.141419][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.212535][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.219678][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.298464][ T5771] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.386945][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.415705][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.468029][ T5774] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 87.532450][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.581290][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.588599][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.605015][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.612267][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.628252][ T5781] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.680011][ T1026] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.687281][ T1026] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.754300][ T34] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.761552][ T34] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.822307][ T5780] Bluetooth: hci0: command tx timeout [ 87.901781][ T5780] Bluetooth: hci2: command tx timeout [ 87.907287][ T5780] Bluetooth: hci3: command tx timeout [ 87.914025][ T5780] Bluetooth: hci1: command tx timeout [ 88.026119][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.040385][ T5781] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 88.230576][ T5771] veth0_vlan: entered promiscuous mode [ 88.258825][ T5771] veth1_vlan: entered promiscuous mode [ 88.299116][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.456126][ T5771] veth0_macvtap: entered promiscuous mode [ 88.495021][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.515138][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.526881][ T5771] veth1_macvtap: entered promiscuous mode [ 88.576254][ T5774] veth0_vlan: entered promiscuous mode [ 88.597371][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.614519][ T5774] veth1_vlan: entered promiscuous mode [ 88.653322][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.687683][ T5771] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.697925][ T5771] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.707559][ T5771] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.716858][ T5771] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.755567][ T5770] veth0_vlan: entered promiscuous mode [ 88.779235][ T5781] veth0_vlan: entered promiscuous mode [ 88.799320][ T5781] veth1_vlan: entered promiscuous mode [ 88.825853][ T5770] veth1_vlan: entered promiscuous mode [ 88.844932][ T5774] veth0_macvtap: entered promiscuous mode [ 88.873735][ T5774] veth1_macvtap: entered promiscuous mode [ 88.958366][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 88.974552][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.986250][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.000114][ T5770] veth0_macvtap: entered promiscuous mode [ 89.026792][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.038215][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.050949][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.074107][ T5770] veth1_macvtap: entered promiscuous mode [ 89.084243][ T5781] veth0_macvtap: entered promiscuous mode [ 89.105577][ T5774] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.115110][ T5774] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.124527][ T5774] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.134491][ T5774] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.152956][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.161022][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.164734][ T5781] veth1_macvtap: entered promiscuous mode [ 89.215410][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.230191][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.241215][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.252838][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.266364][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.308712][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.320406][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.331142][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.334542][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.349595][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.360384][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.373431][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.400053][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.410837][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.427777][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.438515][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.448619][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.459215][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.471093][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.499691][ T5770] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.519948][ T5770] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.534743][ T5770] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.543758][ T5770] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.560846][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.576912][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.587113][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.598169][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.608672][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.624961][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.638877][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.693177][ T5781] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.705443][ T5781] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.715174][ T5781] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.725308][ T5781] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.771543][ T1134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.779448][ T1134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.911276][ T5840] syz.1.1[5840]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 89.977837][ T5783] Bluetooth: hci0: command tx timeout [ 89.992125][ T5783] Bluetooth: hci1: command tx timeout [ 89.997670][ T5783] Bluetooth: hci3: command tx timeout [ 90.003791][ T5783] Bluetooth: hci2: command tx timeout [ 90.032886][ T1134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.078795][ T1134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.219669][ T1141] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.236233][ T5840] loop1: detected capacity change from 0 to 32768 [ 90.258635][ T5840] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.1 (5840) [ 90.277469][ T1141] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.298525][ T5840] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 90.309993][ T5840] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 90.319283][ T5840] BTRFS info (device loop1): turning on async discard [ 90.326333][ T5840] BTRFS info (device loop1): metadata ratio 0 [ 90.332566][ T5840] BTRFS info (device loop1): setting nodatasum [ 90.338789][ T5840] BTRFS info (device loop1): using free space tree [ 90.385214][ T1134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.433815][ T1134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.485052][ T5840] BTRFS info (device loop1): enabling ssd optimizations [ 90.887937][ T5861] loop0: detected capacity change from 0 to 512 [ 92.351496][ T5780] Bluetooth: hci2: command tx timeout [ 92.357095][ T5780] Bluetooth: hci3: command tx timeout [ 92.362694][ T5780] Bluetooth: hci1: command tx timeout [ 92.368870][ T5780] Bluetooth: hci0: command tx timeout [ 92.622860][ T5861] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 92.637010][ T5861] ext4 filesystem being mounted at /0/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.877081][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.900865][ T5860] sched: RT throttling activated [ 92.941919][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.211660][ T5771] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 93.264818][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.325877][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.797882][ T786] cfg80211: failed to load regulatory.db [ 94.541052][ T5876] vim2m vim2m.0: vidioc_s_fmt queue busy [ 96.169288][ T5774] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.502957][ T5883] loop3: detected capacity change from 0 to 32768 [ 96.590469][ T787] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 96.629024][ T5883] loop3: p1 < > p3 < p5 > p4 [ 96.634810][ T5883] loop3: partition table partially beyond EOD, truncated [ 96.654874][ T5883] loop3: p4 start 1426063360 is beyond EOD, truncated [ 96.661932][ T5883] loop3: p5 start 75776 is beyond EOD, truncated [ 96.923424][ T5885] sctp: [Deprecated]: syz.1.5 (pid 5885) Use of struct sctp_assoc_value in delayed_ack socket option. [ 96.923424][ T5885] Use struct sctp_sack_info instead [ 98.689194][ T5900] loop2: detected capacity change from 0 to 1764 [ 99.025419][ T5772] udevd[5772]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 99.029825][ T5788] udevd[5788]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 100.300641][ T5910] loop1: detected capacity change from 0 to 40427 [ 100.329056][ T5910] F2FS-fs (loop1): LFS is not compatible with checkpoint=disable [ 101.835268][ T5925] usb usb8: usbfs: process 5925 (syz.2.17) did not claim interface 0 before use [ 103.226818][ T5936] loop0: detected capacity change from 0 to 64 [ 104.871486][ T5958] syz.1.29 uses obsolete (PF_INET,SOCK_PACKET) [ 104.900419][ T5958] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 105.059922][ T5968] loop2: detected capacity change from 0 to 64 [ 105.148402][ T5963] kvm: MONITOR instruction emulated as NOP! [ 106.957658][ T5995] loop2: detected capacity change from 0 to 64 [ 108.205085][ T6012] loop0: detected capacity change from 0 to 256 [ 108.212526][ T6012] ======================================================= [ 108.212526][ T6012] WARNING: The mand mount option has been deprecated and [ 108.212526][ T6012] and is ignored by this kernel. Remove the mand [ 108.212526][ T6012] option from the mount to silence this warning. [ 108.212526][ T6012] ======================================================= [ 108.251549][ T5835] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 108.272378][ T6012] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d) [ 108.462135][ T5835] usb 4-1: Using ep0 maxpacket: 16 [ 108.482707][ T5835] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 108.494183][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 108.506694][ T5835] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 108.517094][ T5835] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 108.540861][ T5835] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 109.052170][ T5835] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 109.071467][ T5835] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 109.082244][ T5835] usb 4-1: Manufacturer: syz [ 109.116790][ T5835] usb 4-1: config 0 descriptor?? [ 109.237218][ T6021] loop0: detected capacity change from 0 to 64 [ 109.502173][ T5835] rc_core: IR keymap rc-hauppauge not found [ 109.659824][ T5835] Registered IR keymap rc-empty [ 109.666642][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 109.695411][ T6024] kvm: requested 2514 ns i8254 timer period limited to 200000 ns [ 109.703032][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 109.872917][ T5999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 110.897986][ T5835] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 111.125883][ T5835] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input5 [ 111.174412][ T5999] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.194970][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 111.255559][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 111.313256][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 111.354501][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 111.407378][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 111.424185][ T6038] loop2: detected capacity change from 0 to 128 [ 111.454626][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 111.484270][ T6038] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 111.511170][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 111.547862][ T6042] loop1: detected capacity change from 0 to 512 [ 111.554889][ T6038] hpfs: filesystem error: improperly stopped [ 111.560972][ T6038] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 111.569026][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 111.602950][ T6042] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 111.611802][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 111.621508][ T6038] hpfs: You really don't want any checks? You are crazy... [ 111.642213][ T5835] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 111.657460][ T6038] hpfs: hpfs_map_sector(): read error [ 111.681908][ T6042] EXT4-fs error (device loop1): ext4_orphan_get:1404: inode #15: comm syz.1.58: iget: bad i_size value: 38620345925642 [ 111.694666][ T6038] hpfs: code page support is disabled [ 111.712042][ T6038] hpfs: hpfs_map_4sectors(): unaligned read [ 111.718383][ T5835] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 111.732751][ T5835] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 111.747758][ T6038] hpfs: hpfs_map_4sectors(): unaligned read [ 111.753968][ T6042] EXT4-fs error (device loop1): ext4_orphan_get:1409: comm syz.1.58: couldn't read orphan inode 15 (err -117) [ 111.772113][ T5835] usb 4-1: USB disconnect, device number 2 [ 111.789242][ T6038] hpfs: filesystem error: unable to find root dir [ 111.814574][ T6042] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.902275][ T6038] hpfs: hpfs_map_4sectors(): unaligned read [ 111.932282][ T6048] EXT4-fs (loop1): shut down requested (1) [ 111.939645][ T6038] hpfs: hpfs_map_sector(): read error [ 112.106719][ T6049] hpfs: hpfs_map_4sectors(): unaligned read [ 112.294728][ T6049] hpfs: hpfs_map_sector(): read error [ 112.566847][ T6051] loop3: detected capacity change from 0 to 1764 [ 112.639696][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.947554][ T6055] loop2: detected capacity change from 0 to 64 [ 113.225247][ T23] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 113.281665][ T0] NOHZ tick-stop error: local softirq work is pending, handler #1c2!!! [ 113.868867][ T23] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 113.879850][ T23] usb 1-1: config 0 has no interfaces? [ 113.885919][ T23] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 114.622633][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.640560][ T23] usb 1-1: config 0 descriptor?? [ 114.735618][ T23] usb 1-1: can't set config #0, error -71 [ 114.778718][ T23] usb 1-1: USB disconnect, device number 2 [ 116.682048][ T8] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 116.827407][ T6093] loop2: detected capacity change from 0 to 4096 [ 116.855946][ T6093] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 116.884782][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 116.899257][ T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 116.936250][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 116.956111][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 116.966426][ T8] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 116.990643][ T8] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 117.011512][ T8] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 117.041814][ T8] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 117.069089][ T8] usb 1-1: Manufacturer: syz [ 117.122230][ T8] usb 1-1: config 0 descriptor?? [ 117.253379][ T6099] loop1: detected capacity change from 0 to 64 [ 118.017867][ T6084] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 118.073293][ T6084] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 118.201579][ T8] rc_core: IR keymap rc-hauppauge not found [ 118.212917][ T8] Registered IR keymap rc-empty [ 118.218064][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 118.281614][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.243154][ T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 119.286017][ T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input6 [ 119.322240][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.381802][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.431810][ T6115] Bluetooth: MGMT ver 1.22 [ 119.447747][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.506819][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.601205][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.603145][ T6119] loop2: detected capacity change from 0 to 4096 [ 119.654419][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.711621][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.771653][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.831622][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.891464][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 119.946489][ T8] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 119.980253][ T8] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 120.068668][ T8] usb 1-1: USB disconnect, device number 3 [ 120.428941][ T6130] loop2: detected capacity change from 0 to 64 [ 120.758056][ T6122] loop0: detected capacity change from 0 to 32768 [ 120.804422][ T6122] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.83 (6122) [ 120.863914][ T6122] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 120.908385][ T6122] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 120.937521][ T6122] BTRFS info (device loop0): using free space tree [ 121.225288][ T6122] BTRFS info (device loop0): enabling ssd optimizations [ 121.233142][ T6122] BTRFS info (device loop0): auto enabling async discard [ 121.503822][ T5774] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 123.630470][ T5835] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 124.020896][ T6177] loop3: detected capacity change from 0 to 32768 [ 124.045176][ T6177] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.94 (6177) [ 124.143563][ T6177] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 124.154019][ T6177] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 124.162478][ T5835] usb 1-1: Using ep0 maxpacket: 16 [ 124.163523][ T6177] BTRFS error (device loop3): unrecognized mount option 'nolazytime' [ 124.179652][ T6177] BTRFS error (device loop3): open_ctree failed: -22 [ 124.198198][ T5835] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 124.270858][ T5835] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 124.335167][ T5835] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 124.518440][ T5835] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 124.541451][ T5835] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 124.583007][ T5835] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 124.601229][ T6060] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by udevd (6060) [ 124.613298][ T5835] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 124.622297][ T5835] usb 1-1: Manufacturer: syz [ 124.658520][ T5835] usb 1-1: config 0 descriptor?? [ 124.917025][ T6186] loop2: detected capacity change from 0 to 64 [ 125.156638][ T5835] rc_core: IR keymap rc-hauppauge not found [ 125.191389][ T5835] Registered IR keymap rc-empty [ 125.196470][ T5835] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 125.261482][ T5835] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 125.310066][ T5835] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 125.339296][ T6176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.376150][ T6176] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.386001][ T5835] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input7 [ 125.428627][ T6195] fuse: Unknown parameter '0x0000000000000005' [ 126.247068][ T23] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 126.283403][ T5835] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 126.349024][ T5835] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 126.424747][ T5835] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 126.481506][ T5835] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 126.536318][ T5835] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 126.551467][ T23] usb 4-1: config 0 has an invalid interface number: 148 but max is 0 [ 126.559734][ T23] usb 4-1: config 0 has no interface number 0 [ 126.566871][ T23] usb 4-1: config 0 interface 148 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 10 [ 126.578293][ T23] usb 4-1: config 0 interface 148 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 126.591834][ T23] usb 4-1: New USB device found, idVendor=0d46, idProduct=2012, bcdDevice=4d.ec [ 126.601944][ T5835] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 126.609282][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.631637][ T5835] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 126.659814][ T23] usb 4-1: Product: syz [ 126.672864][ T23] usb 4-1: Manufacturer: syz [ 126.677561][ T23] usb 4-1: SerialNumber: syz [ 126.687528][ T5835] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 126.704438][ T23] usb 4-1: config 0 descriptor?? [ 126.724542][ T23] kobil_sct 4-1:0.148: KOBIL USB smart card terminal converter detected [ 126.733583][ T5835] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 126.758497][ T23] usb 4-1: KOBIL USB smart card terminal converter now attached to ttyUSB0 [ 126.771741][ T5835] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 126.823367][ T5835] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 126.882247][ T5835] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 126.905480][ T5835] usb 1-1: USB disconnect, device number 4 [ 126.929707][ T786] usb 4-1: USB disconnect, device number 3 [ 127.084924][ T786] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0 [ 127.096068][ T786] kobil_sct 4-1:0.148: device disconnected [ 127.440229][ T6211] fuse: Unknown parameter '0x0000000000000005' [ 129.194146][ T5783] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 129.203200][ T5783] Bluetooth: hci3: Injecting HCI hardware error event [ 129.213530][ T5783] Bluetooth: hci3: hardware error 0x00 [ 129.535249][ T6223] loop1: detected capacity change from 0 to 64 [ 131.771457][ T5783] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 132.866542][ T6262] fuse: Unknown parameter '0x0000000000000005' [ 133.183565][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.199412][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.999969][ T6267] loop2: detected capacity change from 0 to 64 [ 134.557087][ T6273] loop1: detected capacity change from 0 to 64 [ 135.717070][ T6278] process 'syz.3.127' launched './file0' with NULL argv: empty string added [ 135.895938][ T6282] loop0: detected capacity change from 0 to 128 [ 136.041769][ T6282] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 136.192126][ T6282] hpfs: filesystem error: improperly stopped [ 136.198212][ T6282] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 136.220959][ T6282] hpfs: You really don't want any checks? You are crazy... [ 136.265787][ T6282] hpfs: hpfs_map_sector(): read error [ 136.287918][ T5835] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 136.319821][ T6282] hpfs: code page support is disabled [ 136.952415][ T6282] hpfs: hpfs_map_4sectors(): unaligned read [ 136.958514][ T6282] hpfs: hpfs_map_4sectors(): unaligned read [ 137.001440][ T6282] hpfs: filesystem error: unable to find root dir [ 137.130518][ T5835] usb 2-1: Using ep0 maxpacket: 16 [ 137.143494][ T5835] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 137.161634][ T5835] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 137.172873][ T5835] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 137.182643][ T5835] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 137.192501][ T5835] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 137.207300][ T6282] hpfs: hpfs_map_4sectors(): unaligned read [ 137.232608][ T5835] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 137.252624][ T6282] hpfs: hpfs_map_sector(): read error [ 137.299018][ T5835] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 137.318240][ T6282] hpfs: hpfs_map_4sectors(): unaligned read [ 137.328971][ T5835] usb 2-1: Manufacturer: syz [ 137.346916][ T6282] hpfs: hpfs_map_sector(): read error [ 137.471741][ T6291] hpfs: hpfs_map_4sectors(): unaligned read [ 137.497982][ T5835] usb 2-1: config 0 descriptor?? [ 137.581974][ T6291] hpfs: hpfs_map_sector(): read error [ 138.261338][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 138.396839][ T5835] rc_core: IR keymap rc-hauppauge not found [ 138.411937][ T5835] Registered IR keymap rc-empty [ 138.426149][ T5835] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 138.472792][ T5835] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 138.535191][ T5835] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 138.576840][ T5835] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input8 [ 138.630106][ T5835] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 138.683025][ T6287] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 138.692052][ T5835] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 138.726458][ T6287] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 138.741667][ T5835] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 138.781550][ T5835] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 138.823895][ T5835] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 138.882488][ T5835] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 138.920557][ T5835] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 138.982335][ T5835] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 139.031538][ T5835] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 139.089865][ T5835] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 139.138846][ T5835] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 139.199260][ T5835] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 139.247689][ T5835] usb 2-1: USB disconnect, device number 2 [ 140.019119][ T6322] loop0: detected capacity change from 0 to 128 [ 140.063316][ T6322] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 140.121644][ T6322] hpfs: filesystem error: improperly stopped [ 140.152125][ T6322] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 140.185916][ T6322] hpfs: You really don't want any checks? You are crazy... [ 140.244822][ T6322] hpfs: hpfs_map_sector(): read error [ 140.295166][ T6322] hpfs: code page support is disabled [ 140.300787][ T6322] hpfs: hpfs_map_4sectors(): unaligned read [ 140.343162][ T6322] hpfs: hpfs_map_4sectors(): unaligned read [ 140.349225][ T6322] hpfs: filesystem error: unable to find root dir [ 140.431853][ T6322] hpfs: hpfs_map_4sectors(): unaligned read [ 140.459934][ T6322] hpfs: hpfs_map_sector(): read error [ 140.478601][ T6322] hpfs: hpfs_map_4sectors(): unaligned read [ 140.499326][ T6322] hpfs: hpfs_map_sector(): read error [ 140.526117][ T6322] hpfs: hpfs_map_4sectors(): unaligned read [ 140.561829][ T6322] hpfs: hpfs_map_sector(): read error [ 142.382289][ T786] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 142.507974][ T6356] loop1: detected capacity change from 0 to 128 [ 142.536230][ T6356] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 142.590846][ T6356] hpfs: filesystem error: improperly stopped [ 142.601441][ T786] usb 1-1: Using ep0 maxpacket: 16 [ 142.615449][ T6356] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 142.629371][ T786] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 142.640881][ T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 142.651970][ T6356] hpfs: You really don't want any checks? You are crazy... [ 142.660066][ T6356] hpfs: hpfs_map_sector(): read error [ 142.666266][ T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 142.677240][ T6356] hpfs: code page support is disabled [ 142.706577][ T6356] hpfs: hpfs_map_4sectors(): unaligned read [ 142.716501][ T786] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 142.738003][ T6356] hpfs: hpfs_map_4sectors(): unaligned read [ 142.767289][ T6356] hpfs: filesystem error: unable to find root dir [ 142.780844][ T786] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 142.812951][ T6356] hpfs: hpfs_map_4sectors(): unaligned read [ 142.831767][ T786] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 142.845692][ T6356] hpfs: hpfs_map_sector(): read error [ 142.858788][ T786] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 142.899801][ T6356] hpfs: hpfs_map_4sectors(): unaligned read [ 142.910869][ T786] usb 1-1: Manufacturer: syz [ 142.934651][ T6356] hpfs: hpfs_map_sector(): read error [ 142.946129][ T786] usb 1-1: config 0 descriptor?? [ 142.955802][ T6357] hpfs: hpfs_map_4sectors(): unaligned read [ 142.969805][ T6357] hpfs: hpfs_map_sector(): read error [ 143.575504][ T6347] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 143.702926][ T6347] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 144.207134][ T786] rc_core: IR keymap rc-hauppauge not found [ 144.227295][ T786] Registered IR keymap rc-empty [ 144.239850][ T786] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 144.310275][ T786] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 144.358113][ T786] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 144.406987][ T786] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input9 [ 144.483003][ T786] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 144.561704][ T786] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 144.594313][ T786] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 144.651919][ T786] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 144.731565][ T786] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 144.764328][ T786] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 144.871513][ T786] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 144.921810][ T786] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 144.939811][ T6381] loop0: detected capacity change from 0 to 128 [ 145.001600][ T786] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 145.012183][ T6381] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 145.051690][ T786] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 145.070772][ T6381] hpfs: filesystem error: improperly stopped [ 145.101136][ T6381] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 145.111951][ T786] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 145.123057][ T6381] hpfs: You really don't want any checks? You are crazy... [ 145.139770][ T786] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 145.162377][ T6381] hpfs: hpfs_map_sector(): read error [ 145.167845][ T6381] hpfs: code page support is disabled [ 145.184599][ T786] usb 1-1: USB disconnect, device number 5 [ 145.209058][ T6381] hpfs: hpfs_map_4sectors(): unaligned read [ 145.235562][ T6381] hpfs: hpfs_map_4sectors(): unaligned read [ 145.257594][ T6381] hpfs: filesystem error: unable to find root dir [ 145.358999][ T6381] hpfs: hpfs_map_4sectors(): unaligned read [ 145.383873][ T6381] hpfs: hpfs_map_sector(): read error [ 145.409060][ T6381] hpfs: hpfs_map_4sectors(): unaligned read [ 145.449090][ T6381] hpfs: hpfs_map_sector(): read error [ 145.500178][ T6381] hpfs: hpfs_map_4sectors(): unaligned read [ 145.575414][ T6381] hpfs: hpfs_map_sector(): read error [ 146.335626][ T6402] loop2: detected capacity change from 0 to 2048 [ 146.380520][ T6402] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 146.428044][ T28] audit: type=1800 audit(1777830316.599:2): pid=6402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.164" name="file2" dev="loop2" ino=1347 res=0 errno=0 [ 147.305931][ T6412] loop0: detected capacity change from 0 to 64 [ 152.509210][ T6423] loop1: detected capacity change from 0 to 2048 [ 152.687241][ T6423] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 152.774504][ T6423] ext4 filesystem being mounted at /42/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 152.956734][ T6423] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.173: bg 0: block 345: padding at end of block bitmap is not set [ 154.206466][ T6433] unsupported nlmsg_type 40 [ 154.651593][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 157.563136][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.862812][ T6444] loop1: detected capacity change from 0 to 64 [ 160.316770][ T6453] loop1: detected capacity change from 0 to 32768 [ 160.406268][ T6453] [ 160.406268][ T6453] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.406268][ T6453] [ 160.521603][ T28] audit: type=1800 audit(1777830330.689:3): pid=6453 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.180" name="file1" dev="loop1" ino=4 res=0 errno=0 [ 160.869849][ T27] [ 160.869849][ T27] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.869849][ T27] [ 160.900488][ T27] [ 160.900488][ T27] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.900488][ T27] [ 160.930936][ T112] [ 160.930936][ T112] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 160.930936][ T112] [ 160.982343][ T6453] ERROR: (device loop1): diWrite: ixpxd invalid [ 160.982343][ T6453] [ 161.042494][ T6461] [ 161.042494][ T6461] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 161.042494][ T6461] [ 161.085502][ T6453] ERROR: (device loop1): txCommit: [ 161.085502][ T6453] [ 161.093637][ T6461] [ 161.093637][ T6461] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 161.093637][ T6461] [ 161.141924][ T6461] [ 161.141924][ T6461] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 161.141924][ T6461] [ 161.194114][ T6461] [ 161.194114][ T6461] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 161.194114][ T6461] [ 162.331387][ T0] NOHZ tick-stop error: local softirq work is pending, handler #1c0!!! [ 162.403202][ T6456] loop3: detected capacity change from 0 to 40427 [ 162.552869][ T5771] [ 162.552869][ T5771] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.552869][ T5771] [ 162.573266][ T6456] F2FS-fs (loop3): invalid crc value [ 162.590611][ T5771] [ 162.590611][ T5771] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 162.590611][ T5771] [ 162.645390][ T6456] F2FS-fs (loop3): Found nat_bits in checkpoint [ 162.816477][ T6456] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 163.005267][ T6456] F2FS-fs (loop3): Inconsistent segment (8) type [1, 0] in SIT and SSA [ 163.028393][ T6456] F2FS-fs (loop3): Stopped filesystem due to reason: 4 [ 163.049309][ T6468] loop2: detected capacity change from 0 to 32768 [ 163.091255][ T6468] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.183 (6468) [ 163.136483][ T6468] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 163.168094][ T6468] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 163.201588][ T6468] BTRFS info (device loop2): force clearing of disk cache [ 163.208840][ T6468] BTRFS info (device loop2): setting nodatacow, compression disabled [ 163.251399][ T6468] BTRFS info (device loop2): turning off barriers [ 163.269112][ T6468] BTRFS info (device loop2): disabling free space tree [ 163.301581][ T6468] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 163.341344][ T6468] BTRFS info (device loop2): trying to use backup root at mount time [ 163.406538][ T2971] BTRFS warning (device loop2): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xb6fb6650 level 0 [ 163.435036][ T6468] BTRFS warning (device loop2): couldn't read tree root [ 163.443876][ T6468] BTRFS warning (device loop2): try to load backup roots slot 1 [ 163.456954][ T2971] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x7a216cc0 level 0 [ 163.478584][ T6468] BTRFS warning (device loop2): couldn't read tree root [ 163.485925][ T6468] BTRFS warning (device loop2): try to load backup roots slot 2 [ 163.499964][ T5880] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 163.510918][ T6468] BTRFS warning (device loop2): couldn't read tree root [ 163.518352][ T6468] BTRFS warning (device loop2): try to load backup roots slot 3 [ 163.584431][ T6468] BTRFS info (device loop2): enabling ssd optimizations [ 163.601509][ T6468] BTRFS info (device loop2): auto enabling async discard [ 163.642906][ T6468] BTRFS info (device loop2): rebuilding free space tree [ 163.725153][ T6468] BTRFS info (device loop2): disabling free space tree [ 163.752617][ T6468] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 163.774271][ T6468] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 164.130796][ T6476] loop1: detected capacity change from 0 to 32768 [ 164.150778][ T6497] loop0: detected capacity change from 0 to 64 [ 164.182899][ T6476] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.184 (6476) [ 164.267250][ T6476] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 164.312364][ T6476] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 164.332529][ T5770] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 164.363448][ T6476] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8) [ 164.408692][ T6476] BTRFS info (device loop1): use lzo compression, level 0 [ 164.444650][ T6476] BTRFS info (device loop1): using free space tree [ 164.741656][ T6476] BTRFS info (device loop1): enabling ssd optimizations [ 164.748760][ T6476] BTRFS info (device loop1): auto enabling async discard [ 165.358321][ T28] audit: type=1800 audit(1777830335.529:4): pid=6476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.184" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 165.378705][ C1] vkms_vblank_simulate: vblank timer overrun [ 165.575543][ T6476] loop1: detected capacity change from 32768 to 0 [ 165.716143][ T2971] kworker/u4:9: attempt to access beyond end of device [ 165.716143][ T2971] loop1: rw=67108865, sector=10472, nr_sectors = 24 limit=0 [ 165.766515][ T2971] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 1, rd 0, flush 0, corrupt 0, gen 0 [ 165.789698][ T2971] kworker/u4:9: attempt to access beyond end of device [ 165.789698][ T2971] loop1: rw=67108865, sector=10240, nr_sectors = 8 limit=0 [ 165.840304][ T6476] syz.1.184: attempt to access beyond end of device [ 165.840304][ T6476] loop1: rw=6145, sector=10512, nr_sectors = 8 limit=0 [ 165.861648][ T1094] kworker/u4:6: attempt to access beyond end of device [ 165.861648][ T1094] loop1: rw=2049, sector=10520, nr_sectors = 8 limit=0 [ 165.883545][ T2971] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 2, rd 0, flush 0, corrupt 0, gen 0 [ 165.897203][ T6534] Zero length message leads to an empty skb [ 165.904882][ T2971] kworker/u4:9: attempt to access beyond end of device [ 165.904882][ T2971] loop1: rw=67108865, sector=10248, nr_sectors = 8 limit=0 [ 165.923443][ T6500] loop3: detected capacity change from 0 to 32768 [ 165.932648][ T6476] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 3, rd 0, flush 0, corrupt 0, gen 0 [ 165.943665][ T1094] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 4, rd 0, flush 0, corrupt 0, gen 0 [ 165.963316][ T6476] syz.1.184: attempt to access beyond end of device [ 165.963316][ T6476] loop1: rw=6145, sector=10504, nr_sectors = 8 limit=0 [ 165.977286][ T6500] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by syz.3.186 (6500) [ 165.988877][ T2971] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 5, rd 0, flush 0, corrupt 0, gen 0 [ 165.999937][ T1094] kworker/u4:6: attempt to access beyond end of device [ 165.999937][ T1094] loop1: rw=2049, sector=10240, nr_sectors = 8 limit=0 [ 166.013425][ T2971] kworker/u4:9: attempt to access beyond end of device [ 166.013425][ T2971] loop1: rw=67108865, sector=10256, nr_sectors = 8 limit=0 [ 166.013567][ T2971] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 6, rd 0, flush 0, corrupt 0, gen 0 [ 166.013644][ T2971] kworker/u4:9: attempt to access beyond end of device [ 166.013644][ T2971] loop1: rw=67108865, sector=10496, nr_sectors = 8 limit=0 [ 166.013670][ T2971] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 7, rd 0, flush 0, corrupt 0, gen 0 [ 166.051877][ T6476] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 8, rd 0, flush 0, corrupt 0, gen 0 [ 166.094804][ T1094] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 9, rd 0, flush 0, corrupt 0, gen 0 [ 166.107310][ T1094] kworker/u4:6: attempt to access beyond end of device [ 166.107310][ T1094] loop1: rw=2049, sector=10240, nr_sectors = 8 limit=0 [ 166.124605][ T1094] BTRFS error (device loop1): bdev /dev/loop1 errs: wr 10, rd 0, flush 0, corrupt 0, gen 0 [ 166.198073][ T6476] BTRFS error (device loop1: state AL): Transaction aborted (error -5) [ 166.288166][ T6476] BTRFS: error (device loop1: state AL) in free_log_tree:3319: errno=-5 IO failure [ 166.316641][ T6476] BTRFS info (device loop1: state EAL): forced readonly [ 166.337649][ T6476] BTRFS: error (device loop1: state EAL) in free_log_tree:3319: errno=-5 IO failure [ 166.389136][ T6454] BTRFS warning: duplicate device /dev/loop3 devid 1 generation 8 scanned by udevd (6454) [ 166.417017][ T6476] BTRFS warning (device loop1: state EAL): Skipping commit of aborted transaction. [ 166.455874][ T6476] BTRFS: error (device loop1: state EAL) in cleanup_transaction:2021: errno=-5 IO failure [ 166.628041][ T6548] netlink: 'syz.0.195': attribute type 6 has an invalid length. [ 166.768777][ T6551] netlink: 'syz.2.197': attribute type 6 has an invalid length. [ 166.796819][ T6551] netlink: 'syz.2.197': attribute type 6 has an invalid length. [ 166.810246][ T6550] netlink: 'syz.0.195': attribute type 6 has an invalid length. [ 166.894163][ T5771] BTRFS info (device loop1: state EAL): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 167.563434][ T6556] netlink: 'syz.3.199': attribute type 6 has an invalid length. [ 167.576875][ T6556] netlink: 'syz.3.199': attribute type 6 has an invalid length. [ 167.757183][ T6555] netlink: 'syz.1.198': attribute type 6 has an invalid length. [ 167.799097][ T6555] netlink: 'syz.1.198': attribute type 6 has an invalid length. [ 168.094639][ T6560] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 168.135299][ T6560] kvm: pic: non byte read [ 168.145643][ T6560] kvm: pic: level sensitive irq not supported [ 168.147122][ T6560] kvm: pic: non byte read [ 168.223648][ T6560] kvm: pic: level sensitive irq not supported [ 168.241668][ T6560] kvm: pic: non byte read [ 168.341910][ T6560] kvm: pic: level sensitive irq not supported [ 168.342045][ T6560] kvm: pic: non byte read [ 169.817728][ T6578] netlink: 'syz.1.204': attribute type 6 has an invalid length. [ 169.830893][ T6578] netlink: 'syz.1.204': attribute type 6 has an invalid length. [ 170.158430][ T6588] netlink: 12 bytes leftover after parsing attributes in process `syz.3.205'. [ 172.039246][ T6603] validate_nla: 6 callbacks suppressed [ 172.039279][ T6603] netlink: 'syz.2.211': attribute type 6 has an invalid length. [ 172.080437][ T6603] netlink: 'syz.2.211': attribute type 6 has an invalid length. [ 172.389431][ T6606] netlink: 'syz.1.213': attribute type 6 has an invalid length. [ 172.444493][ T6606] netlink: 'syz.1.213': attribute type 6 has an invalid length. [ 173.020488][ T6608] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 173.146541][ T6608] kvm: pic: level sensitive irq not supported [ 173.146687][ T6608] kvm: pic: non byte read [ 173.158243][ T6608] kvm: pic: level sensitive irq not supported [ 173.158319][ T6608] kvm: pic: non byte read [ 173.215299][ T6608] kvm: pic: level sensitive irq not supported [ 173.215404][ T6608] kvm: pic: non byte read [ 175.052205][ T6625] netlink: 'syz.0.215': attribute type 6 has an invalid length. [ 175.165729][ T6616] netlink: 'syz.0.215': attribute type 6 has an invalid length. [ 175.335337][ T6629] vivid-001: ================= START STATUS ================= [ 175.362309][ T6629] vivid-001: Radio HW Seek Mode: Bounded [ 175.369975][ T6629] vivid-001: Radio Programmable HW Seek: false [ 175.388254][ T6629] vivid-001: RDS Rx I/O Mode: Block I/O [ 175.400645][ T6627] netlink: 'syz.1.218': attribute type 6 has an invalid length. [ 175.417259][ T6629] vivid-001: Generate RBDS Instead of RDS: false [ 175.426677][ T6629] vivid-001: RDS Reception: true [ 175.434097][ T6629] vivid-001: RDS Program Type: 0 inactive [ 175.457856][ T6627] netlink: 'syz.1.218': attribute type 6 has an invalid length. [ 175.466982][ T6629] vivid-001: RDS PS Name: inactive [ 175.547723][ T6629] vivid-001: RDS Radio Text: inactive [ 175.982733][ T6629] vivid-001: RDS Traffic Announcement: false inactive [ 176.017371][ T6629] vivid-001: RDS Traffic Program: false inactive [ 176.059979][ T6629] vivid-001: RDS Music: false inactive [ 176.067723][ T6629] vivid-001: ================== END STATUS ================== [ 176.553781][ T6637] netlink: 'syz.2.221': attribute type 6 has an invalid length. [ 176.586482][ T6637] netlink: 'syz.2.221': attribute type 6 has an invalid length. [ 177.260603][ T6642] vivid-000: ================= START STATUS ================= [ 177.291970][ T6642] vivid-000: Radio HW Seek Mode: Bounded [ 177.297816][ T6642] vivid-000: Radio Programmable HW Seek: false [ 177.338928][ T6642] vivid-000: RDS Rx I/O Mode: Block I/O [ 177.377482][ T6642] vivid-000: Generate RBDS Instead of RDS: false [ 177.387741][ T6642] vivid-000: RDS Reception: true [ 177.394196][ T6642] vivid-000: RDS Program Type: 0 inactive [ 177.400648][ T6642] vivid-000: RDS PS Name: inactive [ 177.406477][ T6642] vivid-000: RDS Radio Text: inactive [ 177.412543][ T6642] vivid-000: RDS Traffic Announcement: false inactive [ 177.419655][ T6642] vivid-000: RDS Traffic Program: false inactive [ 177.426500][ T6642] vivid-000: RDS Music: false inactive [ 177.432609][ T6642] vivid-000: ================== END STATUS ================== [ 179.008290][ T6656] fuse: Bad value for 'fd' [ 179.480858][ T6653] validate_nla: 2 callbacks suppressed [ 179.480904][ T6653] netlink: 'syz.0.225': attribute type 6 has an invalid length. [ 179.549823][ T6653] netlink: 'syz.0.225': attribute type 6 has an invalid length. [ 179.785681][ T6662] vivid-004: ================= START STATUS ================= [ 179.845237][ T6662] vivid-004: Radio HW Seek Mode: Bounded [ 179.850938][ T6662] vivid-004: Radio Programmable HW Seek: false [ 179.888763][ T6662] vivid-004: RDS Rx I/O Mode: Block I/O [ 179.894598][ T6662] vivid-004: Generate RBDS Instead of RDS: false [ 179.901028][ T6662] vivid-004: RDS Reception: true [ 179.906470][ T6662] vivid-004: RDS Program Type: 0 inactive [ 179.912444][ T6662] vivid-004: RDS PS Name: inactive [ 179.917725][ T6662] vivid-004: RDS Radio Text: inactive [ 179.923393][ T6662] vivid-004: RDS Traffic Announcement: false inactive [ 179.930231][ T6662] vivid-004: RDS Traffic Program: false inactive [ 179.936805][ T6662] vivid-004: RDS Music: false inactive [ 179.942435][ T6662] vivid-004: ================== END STATUS ================== [ 180.182662][ T6663] netlink: 'syz.1.229': attribute type 6 has an invalid length. [ 180.209458][ T6663] netlink: 'syz.1.229': attribute type 6 has an invalid length. [ 180.796961][ T6673] vivid-001: ================= START STATUS ================= [ 180.835661][ T6673] vivid-001: Radio HW Seek Mode: Bounded [ 180.841877][ T6674] vivid-004: ================= START STATUS ================= [ 180.851716][ T6673] vivid-001: Radio Programmable HW Seek: false [ 180.864507][ T6674] vivid-004: Radio HW Seek Mode: Bounded [ 180.888682][ T6674] vivid-004: Radio Programmable HW Seek: false [ 180.900077][ T6673] vivid-001: RDS Rx I/O Mode: Block I/O [ 180.907431][ T6674] vivid-004: RDS Rx I/O Mode: Block I/O [ 180.933357][ T6674] vivid-004: Generate RBDS Instead of RDS: false [ 181.021856][ T6673] vivid-001: Generate RBDS Instead of RDS: [ 181.385411][ T6674] [ 181.496779][ T6673] false [ 181.517376][ T6673] vivid-001: RDS Reception: true [ 181.543191][ T6674] vivid-004: RDS Reception: true [ 181.554447][ T6674] vivid-004: RDS Program Type: 0 inactive [ 181.564064][ T6673] vivid-001: RDS Program Type: 0 inactive [ 181.570443][ T6674] vivid-004: RDS PS Name: inactive [ 181.590783][ T6674] vivid-004: RDS Radio Text: inactive [ 181.614449][ T6674] vivid-004: RDS Traffic Announcement: false inactive [ 181.652875][ T6673] vivid-001: RDS PS Name: inactive [ 181.658869][ T6673] vivid-001: RDS Radio Text: inactive [ 181.671486][ T6674] vivid-004: RDS Traffic Program: false inactive [ 181.677982][ T6674] vivid-004: RDS Music: false inactive [ 181.683783][ T6673] vivid-001: RDS Traffic Announcement: false inactive [ 181.698495][ T6673] vivid-001: RDS Traffic Program: false inactive [ 181.705813][ T6673] vivid-001: RDS Music: false inactive [ 181.712350][ T6673] vivid-001: ================== END STATUS ================== [ 181.805670][ T6674] vivid-004: ================== END STATUS ================== [ 182.124734][ T6682] vivid-004: ================= START STATUS ================= [ 182.160930][ T6682] vivid-004: Radio HW Seek Mode: Bounded [ 182.659530][ T6682] vivid-004: Radio Programmable HW Seek: false [ 182.675334][ T6682] vivid-004: RDS Rx I/O Mode: Block I/O [ 182.692234][ T6682] vivid-004: Generate RBDS Instead of RDS: false [ 182.719663][ T6682] vivid-004: RDS Reception: true [ 182.740549][ T6687] netlink: 'syz.3.235': attribute type 6 has an invalid length. [ 182.761403][ T6689] vivid-002: ================= START STATUS ================= [ 182.769176][ T6682] vivid-004: RDS Program Type: 0 inactive [ 182.781391][ T6689] vivid-002: Radio HW Seek Mode: Bounded [ 182.787132][ T6689] vivid-002: Radio Programmable HW Seek: false [ 182.793792][ T6682] vivid-004: RDS PS Name: inactive [ 182.802342][ T6682] vivid-004: RDS Radio Text: inactive [ 182.815917][ T6682] vivid-004: RDS Traffic Announcement: false inactive [ 182.816345][ T6689] vivid-002: RDS Rx I/O Mode: [ 182.823962][ T6682] [ 182.831447][ T6682] vivid-004: RDS Traffic Program: [ 182.831970][ T6687] netlink: 'syz.3.235': attribute type 6 has an invalid length. [ 182.845090][ T6682] false inactive [ 182.849805][ T6682] vivid-004: RDS Music: [ 182.850994][ T6689] Block I/O [ 182.855623][ T6682] false [ 182.858914][ T6689] [ 182.864860][ T6682] inactive [ 182.865605][ T6689] vivid-002: Generate RBDS Instead of RDS: false [ 182.875376][ T6689] vivid-002: RDS Reception: true [ 182.875427][ T6682] [ 182.880463][ T6689] vivid-002: RDS Program Type: [ 182.882997][ T6682] vivid-004: ================== END STATUS ================== [ 182.901033][ T6689] 0 inactive [ 182.923286][ T6689] vivid-002: RDS PS Name: inactive [ 182.933213][ T6689] vivid-002: RDS Radio Text: inactive [ 182.942689][ T6689] vivid-002: RDS Traffic Announcement: false inactive [ 182.954029][ T6689] vivid-002: RDS Traffic Program: false inactive [ 182.967911][ T6689] vivid-002: RDS Music: false inactive [ 182.977496][ T6689] vivid-002: ================== END STATUS ================== [ 183.267403][ T6696] netlink: 'syz.0.239': attribute type 6 has an invalid length. [ 183.287036][ T6696] netlink: 'syz.0.239': attribute type 6 has an invalid length. [ 183.451545][ T6699] netlink: 'syz.1.241': attribute type 6 has an invalid length. [ 183.466409][ T6699] netlink: 'syz.1.241': attribute type 6 has an invalid length. [ 184.042540][ T59] ------------[ cut here ]------------ [ 184.048342][ T59] WARNING: CPU: 1 PID: 59 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 184.059283][ T59] Modules linked in: [ 184.063472][ T59] CPU: 1 PID: 59 Comm: kworker/u4:4 Not tainted syzkaller #0 [ 184.070876][ T59] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 184.081117][ T59] Workqueue: phy5 ieee80211_csa_finalize_work [ 184.087331][ T59] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 184.094778][ T59] Code: 48 89 df e8 ea 3d d6 f7 e9 dc fc ff ff e8 d0 06 7e f7 eb 24 e8 c9 06 7e f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 b8 06 7e f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 aa 06 7e f7 48 8b 7c 24 08 4c 8b 7c [ 184.114541][ T59] RSP: 0018:ffffc900015a79c0 EFLAGS: 00010293 [ 184.120718][ T59] RAX: ffffffff8a09174e RBX: 0000000000000001 RCX: ffff88801e2ada00 [ 184.129003][ T59] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 184.137126][ T59] RBP: dffffc0000000000 R08: ffff88805da115af R09: 1ffff1100bb422b5 [ 184.146211][ C1] ------------[ cut here ]------------ [ 184.146337][ C1] WARNING: CPU: 1 PID: 59 at net/mac80211/tx.c:5033 __ieee80211_beacon_get+0x1233/0x1600 [ 184.146385][ C1] Modules linked in: [ 184.146403][ C1] CPU: 1 PID: 59 Comm: kworker/u4:4 Not tainted syzkaller #0 [ 184.146423][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 184.146438][ C1] Workqueue: phy5 ieee80211_csa_finalize_work [ 184.146467][ C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 184.146493][ C1] Code: 24 4c 89 e7 e8 be 74 c0 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 b9 b2 82 f7 0f 0b e9 f6 f7 ff ff e8 ad b2 82 f7 <0f> 0b e9 48 fb ff ff e8 a1 b2 82 f7 48 c7 c7 20 89 64 8e 4c 89 e6 [ 184.146510][ C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246 [ 184.146529][ C1] RAX: ffffffff8a046f53 RBX: ffffffff8a045d56 RCX: ffff88801e2ada00 [ 184.146544][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 184.146557][ C1] RBP: 0000000000000000 R08: ffff88801e2ada00 R09: 0000000000000003 [ 184.146570][ C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805da123c0 [ 184.146583][ C1] R13: dffffc0000000000 R14: ffff88805da128b0 R15: ffff88805eb79424 [ 184.146598][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 184.146615][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 184.146628][ C1] CR2: 0000200000010000 CR3: 000000005d0a5000 CR4: 00000000003506e0 [ 184.146646][ C1] Call Trace: [ 184.146669][ C1] [ 184.146682][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 184.146716][ C1] ieee80211_beacon_get_tim+0xbf/0x580 [ 184.146746][ C1] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 184.146781][ C1] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 184.146813][ C1] __iterate_interfaces+0x243/0x500 [ 184.146842][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 184.146864][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 184.146895][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 184.146917][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 184.146951][ C1] mac80211_hwsim_beacon+0xbb/0x1b0 [ 184.146974][ C1] __hrtimer_run_queues+0x520/0xc40 [ 184.146996][ C1] ? ktime_get_update_offsets_now+0x99/0x3f0 [ 184.147026][ C1] ? hw_scan_work+0xf60/0xf60 [ 184.147053][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 184.147073][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 184.147105][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 184.147130][ C1] handle_softirqs+0x280/0x820 [ 184.147155][ C1] ? __irq_exit_rcu+0xd3/0x190 [ 184.147179][ C1] ? do_softirq+0x1a0/0x1a0 [ 184.147202][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 184.147230][ C1] __irq_exit_rcu+0xd3/0x190 [ 184.147257][ C1] ? irq_exit_rcu+0x20/0x20 [ 184.147285][ C1] irq_exit_rcu+0x9/0x20 [ 184.147302][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 184.147326][ C1] [ 184.147334][ C1] [ 184.147342][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 184.147367][ C1] RIP: 0010:console_flush_all+0x8b1/0xd20 [ 184.147393][ C1] Code: ed 01 00 00 e8 90 86 1b 00 4d 85 ff 48 8b 5c 24 38 75 07 e8 81 86 1b 00 eb 06 e8 7a 86 1b 00 fb 49 bf 00 00 00 00 00 fc ff df <48> 8b 44 24 58 42 0f b6 04 38 84 c0 0f 85 2f 02 00 00 80 3b 01 0f [ 184.147409][ C1] RSP: 0018:ffffc900015a7340 EFLAGS: 00000293 [ 184.147428][ C1] RAX: ffffffff816b9b86 RBX: ffffc900015a74df RCX: ffff88801e2ada00 [ 184.147444][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 184.147456][ C1] RBP: ffffc900015a74b0 R08: ffffffff911c6507 R09: 1ffffffff2238ca0 [ 184.147471][ C1] R10: dffffc0000000000 R11: fffffbfff2238ca1 R12: ffffffff8d8b9500 [ 184.147485][ C1] R13: 1ffffffff19f970c R14: ffffffff8d8b9558 R15: dffffc0000000000 [ 184.147508][ C1] ? console_flush_all+0x8a6/0xd20 [ 184.147542][ C1] ? console_flush_all+0x10a/0xd20 [ 184.147578][ C1] ? is_console_locked+0x20/0x20 [ 184.147601][ C1] ? lock_chain_count+0x20/0x20 [ 184.147627][ C1] ? __down_trylock_console_sem+0xf6/0x1f0 [ 184.147654][ C1] console_unlock+0xad/0x350 [ 184.147680][ C1] ? other_cpu_in_panic+0xf0/0xf0 [ 184.147701][ C1] ? vprintk_emit+0x53d/0x610 [ 184.147725][ C1] ? printk_sprint+0x460/0x460 [ 184.147749][ C1] ? __wake_up_klogd+0xd9/0x100 [ 184.147776][ C1] vprintk_emit+0x497/0x610 [ 184.147801][ C1] ? printk_sprint+0x460/0x460 [ 184.147825][ C1] ? _printk+0xde/0x130 [ 184.147851][ C1] ? copy_from_kernel_nofault+0x1d2/0x310 [ 184.147887][ C1] _printk+0xde/0x130 [ 184.147911][ C1] ? ieee80211_vif_use_reserved_switch+0x10be/0x28f0 [ 184.147938][ C1] ? load_image+0x420/0x420 [ 184.147976][ C1] __show_regs+0x1bf/0x600 [ 184.148000][ C1] ? dump_stack_print_info+0xf5/0x150 [ 184.148032][ C1] show_regs+0x44/0x90 [ 184.148056][ C1] __warn+0x160/0x470 [ 184.148077][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 184.148103][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 184.148126][ C1] report_bug+0x2be/0x4f0 [ 184.148145][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 184.148169][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 184.148192][ C1] ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0 [ 184.148214][ C1] handle_bug+0xcf/0x120 [ 184.148234][ C1] exc_invalid_op+0x1a/0x50 [ 184.148259][ C1] asm_exc_invalid_op+0x1a/0x20 [ 184.148281][ C1] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 184.148305][ C1] Code: 48 89 df e8 ea 3d d6 f7 e9 dc fc ff ff e8 d0 06 7e f7 eb 24 e8 c9 06 7e f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 b8 06 7e f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 aa 06 7e f7 48 8b 7c 24 08 4c 8b 7c [ 184.148321][ C1] RSP: 0018:ffffc900015a79c0 EFLAGS: 00010293 [ 184.148341][ C1] RAX: ffffffff8a09174e RBX: 0000000000000001 RCX: ffff88801e2ada00 [ 184.148355][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 184.148368][ C1] RBP: dffffc0000000000 R08: ffff88805da115af R09: 1ffff1100bb422b5 [ 184.148383][ C1] R10: dffffc0000000000 R11: ffffed100bb422b6 R12: 0000000000000001 [ 184.148396][ C1] R13: ffff88805da125d9 R14: ffff88805df62c70 R15: ffff88805df62ce8 [ 184.148418][ C1] ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0 [ 184.148460][ C1] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 184.148489][ C1] ieee80211_csa_finalize+0x5a6/0xf20 [ 184.148516][ C1] ? mutex_lock_nested+0x20/0x20 [ 184.148549][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 184.148569][ C1] ? ieee80211_csa_finalize_work+0x140/0x140 [ 184.148593][ C1] ? read_lock_is_recursive+0x20/0x20 [ 184.148621][ C1] ieee80211_csa_finalize_work+0xf6/0x140 [ 184.148645][ C1] ? process_scheduled_works+0x96f/0x15d0 [ 184.148669][ C1] process_scheduled_works+0xa5d/0x15d0 [ 184.148716][ C1] ? worker_attach_to_pool+0x380/0x380 [ 184.148745][ C1] ? assign_work+0x3d2/0x5d0 [ 184.148771][ C1] worker_thread+0xa55/0xfc0 [ 184.148815][ C1] kthread+0x2fa/0x390 [ 184.148832][ C1] ? pr_cont_work+0x560/0x560 [ 184.148854][ C1] ? kthread_blkcg+0xd0/0xd0 [ 184.148871][ C1] ret_from_fork+0x48/0x80 [ 184.148892][ C1] ? kthread_blkcg+0xd0/0xd0 [ 184.148910][ C1] ret_from_fork_asm+0x11/0x20 [ 184.148947][ C1] [ 184.148956][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 184.148978][ C1] CPU: 1 PID: 59 Comm: kworker/u4:4 Not tainted syzkaller #0 [ 184.148995][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 184.149005][ C1] Workqueue: phy5 ieee80211_csa_finalize_work [ 184.149027][ C1] Call Trace: [ 184.149033][ C1] [ 184.149039][ C1] dump_stack_lvl+0x18c/0x250 [ 184.149067][ C1] ? show_regs_print_info+0x20/0x20 [ 184.149093][ C1] ? load_image+0x420/0x420 [ 184.149126][ C1] panic+0x2dc/0x730 [ 184.149150][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 184.149177][ C1] ? ret_from_fork_asm+0x11/0x20 [ 184.149221][ C1] __warn+0x2e0/0x470 [ 184.149241][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 184.149272][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 184.149294][ C1] report_bug+0x2be/0x4f0 [ 184.149311][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 184.149334][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 184.149356][ C1] ? __ieee80211_beacon_get+0x1235/0x1600 [ 184.149377][ C1] handle_bug+0xcf/0x120 [ 184.149394][ C1] exc_invalid_op+0x1a/0x50 [ 184.149411][ C1] asm_exc_invalid_op+0x1a/0x20 [ 184.149431][ C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 184.149454][ C1] Code: 24 4c 89 e7 e8 be 74 c0 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 b9 b2 82 f7 0f 0b e9 f6 f7 ff ff e8 ad b2 82 f7 <0f> 0b e9 48 fb ff ff e8 a1 b2 82 f7 48 c7 c7 20 89 64 8e 4c 89 e6 [ 184.149468][ C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246 [ 184.149482][ C1] RAX: ffffffff8a046f53 RBX: ffffffff8a045d56 RCX: ffff88801e2ada00 [ 184.149496][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 184.149507][ C1] RBP: 0000000000000000 R08: ffff88801e2ada00 R09: 0000000000000003 [ 184.149518][ C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805da123c0 [ 184.149530][ C1] R13: dffffc0000000000 R14: ffff88805da128b0 R15: ffff88805eb79424 [ 184.149547][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 184.149571][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 184.149598][ C1] ? __ieee80211_beacon_get+0x1233/0x1600 [ 184.149621][ C1] ? __ieee80211_beacon_get+0x36/0x1600 [ 184.149651][ C1] ieee80211_beacon_get_tim+0xbf/0x580 [ 184.149678][ C1] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 184.149711][ C1] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 184.149740][ C1] __iterate_interfaces+0x243/0x500 [ 184.149767][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 184.149788][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 184.149816][ C1] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 184.149838][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 184.149869][ C1] mac80211_hwsim_beacon+0xbb/0x1b0 [ 184.149892][ C1] __hrtimer_run_queues+0x520/0xc40 [ 184.149910][ C1] ? ktime_get_update_offsets_now+0x99/0x3f0 [ 184.149939][ C1] ? hw_scan_work+0xf60/0xf60 [ 184.149965][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 184.149983][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 184.150013][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 184.150037][ C1] handle_softirqs+0x280/0x820 [ 184.150059][ C1] ? __irq_exit_rcu+0xd3/0x190 [ 184.150081][ C1] ? do_softirq+0x1a0/0x1a0 [ 184.150102][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 184.150127][ C1] __irq_exit_rcu+0xd3/0x190 [ 184.150144][ C1] ? irq_exit_rcu+0x20/0x20 [ 184.150169][ C1] irq_exit_rcu+0x9/0x20 [ 184.150184][ C1] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 184.150205][ C1] [ 184.150211][ C1] [ 184.150217][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 184.150239][ C1] RIP: 0010:console_flush_all+0x8b1/0xd20 [ 184.150268][ C1] Code: ed 01 00 00 e8 90 86 1b 00 4d 85 ff 48 8b 5c 24 38 75 07 e8 81 86 1b 00 eb 06 e8 7a 86 1b 00 fb 49 bf 00 00 00 00 00 fc ff df <48> 8b 44 24 58 42 0f b6 04 38 84 c0 0f 85 2f 02 00 00 80 3b 01 0f [ 184.150282][ C1] RSP: 0018:ffffc900015a7340 EFLAGS: 00000293 [ 184.150297][ C1] RAX: ffffffff816b9b86 RBX: ffffc900015a74df RCX: ffff88801e2ada00 [ 184.150310][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 184.150320][ C1] RBP: ffffc900015a74b0 R08: ffffffff911c6507 R09: 1ffffffff2238ca0 [ 184.150333][ C1] R10: dffffc0000000000 R11: fffffbfff2238ca1 R12: ffffffff8d8b9500 [ 184.150345][ C1] R13: 1ffffffff19f970c R14: ffffffff8d8b9558 R15: dffffc0000000000 [ 184.150366][ C1] ? console_flush_all+0x8a6/0xd20 [ 184.150398][ C1] ? console_flush_all+0x10a/0xd20 [ 184.150431][ C1] ? is_console_locked+0x20/0x20 [ 184.150453][ C1] ? lock_chain_count+0x20/0x20 [ 184.150476][ C1] ? __down_trylock_console_sem+0xf6/0x1f0 [ 184.150502][ C1] console_unlock+0xad/0x350 [ 184.150525][ C1] ? other_cpu_in_panic+0xf0/0xf0 [ 184.150545][ C1] ? vprintk_emit+0x53d/0x610 [ 184.150568][ C1] ? printk_sprint+0x460/0x460 [ 184.150609][ C1] ? __wake_up_klogd+0xd9/0x100 [ 184.150634][ C1] vprintk_emit+0x497/0x610 [ 184.150658][ C1] ? printk_sprint+0x460/0x460 [ 184.150680][ C1] ? _printk+0xde/0x130 [ 184.150702][ C1] ? copy_from_kernel_nofault+0x1d2/0x310 [ 184.150737][ C1] _printk+0xde/0x130 [ 184.150759][ C1] ? ieee80211_vif_use_reserved_switch+0x10be/0x28f0 [ 184.150785][ C1] ? load_image+0x420/0x420 [ 184.150821][ C1] __show_regs+0x1bf/0x600 [ 184.150843][ C1] ? dump_stack_print_info+0xf5/0x150 [ 184.150874][ C1] show_regs+0x44/0x90 [ 184.150897][ C1] __warn+0x160/0x470 [ 184.150917][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 184.150941][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 184.150962][ C1] report_bug+0x2be/0x4f0 [ 184.150979][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 184.151001][ C1] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 184.151023][ C1] ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0 [ 184.151044][ C1] handle_bug+0xcf/0x120 [ 184.151062][ C1] exc_invalid_op+0x1a/0x50 [ 184.151079][ C1] asm_exc_invalid_op+0x1a/0x20 [ 184.151101][ C1] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 184.151124][ C1] Code: 48 89 df e8 ea 3d d6 f7 e9 dc fc ff ff e8 d0 06 7e f7 eb 24 e8 c9 06 7e f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 b8 06 7e f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 aa 06 7e f7 48 8b 7c 24 08 4c 8b 7c [ 184.151139][ C1] RSP: 0018:ffffc900015a79c0 EFLAGS: 00010293 [ 184.151155][ C1] RAX: ffffffff8a09174e RBX: 0000000000000001 RCX: ffff88801e2ada00 [ 184.151168][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 184.151179][ C1] RBP: dffffc0000000000 R08: ffff88805da115af R09: 1ffff1100bb422b5 [ 184.151192][ C1] R10: dffffc0000000000 R11: ffffed100bb422b6 R12: 0000000000000001 [ 184.151205][ C1] R13: ffff88805da125d9 R14: ffff88805df62c70 R15: ffff88805df62ce8 [ 184.151226][ C1] ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0 [ 184.151283][ C1] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 184.151311][ C1] ieee80211_csa_finalize+0x5a6/0xf20 [ 184.151337][ C1] ? mutex_lock_nested+0x20/0x20 [ 184.151357][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 184.151381][ C1] ? ieee80211_csa_finalize_work+0x140/0x140 [ 184.151407][ C1] ? read_lock_is_recursive+0x20/0x20 [ 184.151435][ C1] ieee80211_csa_finalize_work+0xf6/0x140 [ 184.151461][ C1] ? process_scheduled_works+0x96f/0x15d0 [ 184.151484][ C1] process_scheduled_works+0xa5d/0x15d0 [ 184.151534][ C1] ? worker_attach_to_pool+0x380/0x380 [ 184.151563][ C1] ? assign_work+0x3d2/0x5d0 [ 184.151591][ C1] worker_thread+0xa55/0xfc0 [ 184.151639][ C1] kthread+0x2fa/0x390 [ 184.151655][ C1] ? pr_cont_work+0x560/0x560 [ 184.151678][ C1] ? kthread_blkcg+0xd0/0xd0 [ 184.151697][ C1] ret_from_fork+0x48/0x80 [ 184.151718][ C1] ? kthread_blkcg+0xd0/0xd0 [ 184.151736][ C1] ret_from_fork_asm+0x11/0x20 [ 184.151775][ C1] [ 184.152356][ C1] Kernel Offset: disabled