last executing test programs: 9.465874363s ago: executing program 3 (id=96): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) setfsgid(0xee00) syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) munmap(&(0x7f0000901000/0x3000)=nil, 0x3000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x300, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e77, 0x20000000, 0x94a, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mkdir(&(0x7f0000000040)='./file0\x00', 0x11e) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f0000000000), 0x1000000, 0x0) llistxattr(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x8004, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3}) 7.422244688s ago: executing program 3 (id=102): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0x6, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x1ce97bbf60ae786d, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) r3 = getpid() ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x14, 0x0, &(0x7f0000000340)=[@acquire={0x40046305, 0x3}, @free_buffer], 0x40, 0x0, &(0x7f0000000400)="49db2abaecafa972fe58aa0a97f2d6d2d320d8c01e6503d235682062d8951a5574befa5a269b32cc4bae8c1dbe18e872211865055f5aa4837dce26430a49d016"}) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x2, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0x9}, [@CTA_MARK_MASK={0x8}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x8c0}, 0x48000) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x4000, 0x0) pread64(r0, &(0x7f00000024c0)=""/209, 0xfd36, 0x698) 6.398351091s ago: executing program 3 (id=105): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) syz_usb_connect$uac1(0x2, 0xa8, 0x0, 0x0) r1 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000004c0)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2, 0x8000000000000003, {}, 0xfd}, 0x18) sendmsg$nl_route_sched(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000300)=@getchain={0x24, 0x66, 0x400, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xffff, 0x3}, {0x3, 0x56e7de01af07971a}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x4004845}, 0x480c5) close(r1) 4.480839687s ago: executing program 1 (id=111): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x9) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000040), 0x0, 0x2) semtimedop(0x0, &(0x7f0000000180)=[{0x3, 0x1}], 0x1f4, &(0x7f0000000240)={0x0, 0x989680}) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f00000001c0)={0xb, @raw_data="9f4a96c5fe384616f1a9e9661829ad2f00d4f42b69f5352c110a8f9da8f8e51391fd07549b270a667430288b6eb25436a35c1749b5a2ea0e58d9d9cd467fc130b3234488546f00f60d34e302195d565a8f14c0ded549e28766cb1caaef9e2499b43f59e95392f654fcbe2cf59714f89e28fd4036bc62200da3cfadf1b5e24cd5de1d45ff67ace9ce3752812de38e2eccc5680ad93af92a66556ec63abe6abaab291e60c965a3488c2b58478d627414ca29c8bb79d56ae10cdce90dc9116d27adf8ff3b05b0c0d374"}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) getsockopt$bt_sco_SCO_CONNINFO(0xffffffffffffffff, 0x11, 0x2, 0x0, 0x0) r3 = dup(r2) read$FUSE(r3, &(0x7f0000003c40)={0x2020}, 0xffffff0a) 4.223672558s ago: executing program 1 (id=113): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0x6, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x1ce97bbf60ae786d, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) r3 = getpid() ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x14, 0x0, &(0x7f0000000340)=[@acquire={0x40046305, 0x3}, @free_buffer], 0x40, 0x0, &(0x7f0000000400)="49db2abaecafa972fe58aa0a97f2d6d2d320d8c01e6503d235682062d8951a5574befa5a269b32cc4bae8c1dbe18e872211865055f5aa4837dce26430a49d016"}) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x2, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0x9}, [@CTA_MARK_MASK={0x8}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x8c0}, 0x48000) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x4000, 0x0) pread64(r0, &(0x7f00000024c0)=""/209, 0xfd36, 0x698) 4.097740338s ago: executing program 3 (id=114): pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000080), 0xfffffe13) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x80800) splice(r0, 0x0, r3, 0x0, 0x1e8640, 0x0) 3.588670019s ago: executing program 0 (id=115): r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 3.165901714s ago: executing program 1 (id=116): prlimit64(0x0, 0xe, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000280), 0x20000, 0x800) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000100)) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(0x0, 0x8002, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x80002, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f017, 0x1}) socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r2, 0x84, 0x23, 0x0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000300)=0x793c, 0x4) setsockopt$sock_int(r3, 0x1, 0x29, &(0x7f0000000000)=0x1, 0x4) 3.140777776s ago: executing program 3 (id=117): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x62000000, 0x0, 0x0, 0x0, 0x0, 0x0) 2.997474817s ago: executing program 0 (id=118): r0 = socket$netlink(0x10, 0x3, 0x0) unshare(0x22020600) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a03020000000000000000020000000900020073797a32000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a01080000000000000000020000000900020073797a30000000000900010073797a3000000000140003800800024000000000080001400000000014000000110001"], 0x68}}, 0x0) close(0x3) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000080)='./file1\x00') r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r2, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x9, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfffffff7}) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000140)='ns/mnt\x00') setns(r3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB="b00000", @ANYRES16, @ANYRES64=r3], 0xb0}}, 0x0) fsetxattr$trusted_overlay_upper(r4, &(0x7f0000000000), &(0x7f0000000080)={0x0, 0xfb, 0xa5, 0x4, 0x4, "dafa5c835c8b461bf1970b5c81aabdd3", "24a6eeb7f7f70048382921df93001e8c774f3d073e895da39c7123f068e4cab416b159f18c8428098a39e90fdc0d5c78d49f274b1a3e6d21226fb6c833e4546b784fec9d3c0cd35fc699696579fb42b1d8c97a75234a8161b4bc31169c000392575679f6c414eab429198501c8bb09d9e24ae277d25e0332f0ae69a7a0ffa4676878d0c275968664de5740d2b98233f4"}, 0xa5, 0x2) ioctl$FS_IOC_GETVERSION(r4, 0xc0105b08, &(0x7f0000000040)) 2.996786718s ago: executing program 1 (id=119): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa101, 0x0) write$binfmt_aout(r0, &(0x7f0000000100)=ANY=[], 0xff2e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x3, 0x0, 0x0, "0062ba7d82000000000000000000f7fffeff00"}) r2 = syz_open_pts(r0, 0x8182) r3 = dup3(r2, r0, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x17) 1.86273807s ago: executing program 0 (id=120): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000fcffffff000000000000000095"], &(0x7f0000000300)='syzkaller\x00'}, 0x94) syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x2) 1.756043138s ago: executing program 0 (id=121): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x9) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000040), 0x0, 0x2) semtimedop(0x0, &(0x7f0000000180)=[{0x3, 0x1}], 0x1f4, &(0x7f0000000240)={0x0, 0x989680}) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f00000001c0)={0xb, @raw_data="9f4a96c5fe384616f1a9e9661829ad2f00d4f42b69f5352c110a8f9da8f8e51391fd07549b270a667430288b6eb25436a35c1749b5a2ea0e58d9d9cd467fc130b3234488546f00f60d34e302195d565a8f14c0ded549e28766cb1caaef9e2499b43f59e95392f654fcbe2cf59714f89e28fd4036bc62200da3cfadf1b5e24cd5de1d45ff67ace9ce3752812de38e2eccc5680ad93af92a66556ec63abe6abaab291e60c965a3488c2b58478d627414ca29c8bb79d56ae10cdce90dc9116d27adf8ff3b05b0c0d374"}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) getsockopt$bt_sco_SCO_CONNINFO(0xffffffffffffffff, 0x11, 0x2, 0x0, 0x0) r3 = dup(r2) read$FUSE(r3, &(0x7f0000003c40)={0x2020}, 0xffffff0a) 1.682108074s ago: executing program 1 (id=122): r0 = socket$inet6(0xa, 0x1000080002, 0x100000000000088) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e23}, 0x1c) r1 = socket$inet6(0xa, 0x802, 0x88) sendto$inet6(r1, 0x0, 0x0, 0x40488c1, &(0x7f0000000180)={0xa, 0x4e23, 0x0, @mcast2}, 0x1c) syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000001140)={[0xfffffffffffffff5]}, 0x8, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0) socket$unix(0x1, 0x1, 0x0) socket$unix(0x1, 0x1, 0x0) pselect6(0x40, &(0x7f0000000600)={0x6, 0x0, 0x0, 0x40, 0x2, 0xd, 0x0, 0x7}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x9, 0x7, 0x7, 0x0, 0x5, 0x7}, 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 1.582849712s ago: executing program 2 (id=123): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = dup(r0) r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0xfffffffd, 0x15f}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4000, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) 1.582147752s ago: executing program 0 (id=124): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/stat\x00', 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0x6, 0x0, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000180), 0x1ce97bbf60ae786d, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) r3 = getpid() ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x14, 0x0, &(0x7f0000000340)=[@acquire={0x40046305, 0x3}, @free_buffer], 0x40, 0x0, &(0x7f0000000400)="49db2abaecafa972fe58aa0a97f2d6d2d320d8c01e6503d235682062d8951a5574befa5a269b32cc4bae8c1dbe18e872211865055f5aa4837dce26430a49d016"}) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, 0x2, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0x9}, [@CTA_MARK_MASK={0x8}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x8c0}, 0x48000) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) pread64(r0, 0x0, 0x0, 0x698) 566.634764ms ago: executing program 1 (id=125): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d01"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000300)={0x0, 0x13}, 0x0, 0x0}) 566.397674ms ago: executing program 2 (id=126): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x4, 0x4, &(0x7f0000000240)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2000000}, [@call={0x85, 0x0, 0x0, 0x20}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0xc53c06d2626cc3f0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002280)={r0, 0x0, 0xe, 0x0, &(0x7f00000008c0)="e02742e8680d85ff9782762f86dd", 0x0, 0x57af, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 566.045985ms ago: executing program 0 (id=127): r0 = socket$netlink(0x10, 0x3, 0x2) getsockopt$netlink(r0, 0x10e, 0x9, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0xc, 0xe, &(0x7f0000001880)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x1, 0x0, 0x1}, 0x10}, 0x94) ioctl$SIOCSIFMTU(r2, 0x8923, &(0x7f0000000100)={'vlan0\x00', 0x40}) socket$inet_mptcp(0x2, 0x1, 0x106) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0) io_setup(0x1, &(0x7f00000004c0)=0x0) io_submit(r5, 0xca, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x0, 0x0, r4, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}]) openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x7aed979249b5ae9d, 0x0) rseq(&(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x4, 0x1000000000000, 0x800, 0x7}, 0x6}, 0x20, 0x1, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(r6, &(0x7f0000002080)={0xfc, {"a2e3ad09ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383363030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b2f38f0106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f330000000000000003d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9870af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xa75}}, 0x1006) openat$tcp_mem(0xffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) 397.874768ms ago: executing program 2 (id=128): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000003c0)={0x1c, 0x1, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0x9}, [@CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x28040}, 0x0) 210.259674ms ago: executing program 2 (id=129): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x11, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000fcffffff000000000000000095"], &(0x7f0000000300)='syzkaller\x00'}, 0x94) syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x2) 99.377092ms ago: executing program 2 (id=130): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x1c, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000218110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000140000d9b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000008500000017000000bf91000000000000b7020000000000008500000085000000b700000000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 17.921359ms ago: executing program 3 (id=131): rseq(&(0x7f00000006c0)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) gettid() timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) pread64(r0, 0x0, 0x0, 0xce2) syz_usb_connect(0x0, 0x24, 0x0, 0x0) 0s ago: executing program 2 (id=132): syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)={0x68, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x2b, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @val={0x2a, 0x1}, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x68}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.143' (ED25519) to the list of known hosts. [ 62.082419][ T5777] cgroup: Unknown subsys name 'net' [ 62.217137][ T5777] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 63.594215][ T5777] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 65.131226][ T5799] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 65.140065][ T5799] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 65.144444][ T5800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.148472][ T5799] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.159084][ T5800] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 65.169383][ T5799] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 65.170957][ T5800] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 65.184712][ T5803] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.185338][ T5800] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 65.200252][ T5799] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.201588][ T5800] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 65.217288][ T5800] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.225987][ T5800] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 65.233974][ T5800] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 65.236759][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 65.241735][ T5800] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 65.251254][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 65.262868][ T5798] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 65.263332][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.278241][ T5802] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 65.280470][ T5800] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 65.286514][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.294214][ T5800] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 65.308847][ T5800] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 65.785292][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 65.834518][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 65.853661][ T5790] chnl_net:caif_netlink_parms(): no params data found [ 65.945857][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 65.976282][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.984304][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.992456][ T5789] bridge_slave_0: entered allmulticast mode [ 65.999434][ T5789] bridge_slave_0: entered promiscuous mode [ 66.013041][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.020590][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.028148][ T5789] bridge_slave_1: entered allmulticast mode [ 66.034890][ T5789] bridge_slave_1: entered promiscuous mode [ 66.141207][ T5790] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.148884][ T5790] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.156225][ T5790] bridge_slave_0: entered allmulticast mode [ 66.163983][ T5790] bridge_slave_0: entered promiscuous mode [ 66.172921][ T5790] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.180270][ T5790] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.187445][ T5790] bridge_slave_1: entered allmulticast mode [ 66.194253][ T5790] bridge_slave_1: entered promiscuous mode [ 66.203964][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.216145][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.225567][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.233005][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.240453][ T5788] bridge_slave_0: entered allmulticast mode [ 66.247189][ T5788] bridge_slave_0: entered promiscuous mode [ 66.276424][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.283982][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.291454][ T5788] bridge_slave_1: entered allmulticast mode [ 66.298505][ T5788] bridge_slave_1: entered promiscuous mode [ 66.354774][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.367748][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.382118][ T5789] team0: Port device team_slave_0 added [ 66.391018][ T5789] team0: Port device team_slave_1 added [ 66.436700][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.448928][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.459075][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.466280][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.473823][ T5787] bridge_slave_0: entered allmulticast mode [ 66.480638][ T5787] bridge_slave_0: entered promiscuous mode [ 66.525369][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.532865][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.541195][ T5787] bridge_slave_1: entered allmulticast mode [ 66.548135][ T5787] bridge_slave_1: entered promiscuous mode [ 66.566475][ T5790] team0: Port device team_slave_0 added [ 66.575516][ T5790] team0: Port device team_slave_1 added [ 66.582367][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.589763][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.615942][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.629528][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.636506][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.662845][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 66.676696][ T5788] team0: Port device team_slave_0 added [ 66.685742][ T5788] team0: Port device team_slave_1 added [ 66.735786][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.749156][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.803900][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.811349][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.839703][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.863564][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.870599][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.897001][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.910477][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.917667][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.943876][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 66.970234][ T5787] team0: Port device team_slave_0 added [ 66.976988][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.984514][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.010792][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.025438][ T5789] hsr_slave_0: entered promiscuous mode [ 67.032801][ T5789] hsr_slave_1: entered promiscuous mode [ 67.059329][ T5787] team0: Port device team_slave_1 added [ 67.129033][ T5788] hsr_slave_0: entered promiscuous mode [ 67.135385][ T5788] hsr_slave_1: entered promiscuous mode [ 67.142306][ T5788] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 67.150250][ T5788] Cannot create hsr debugfs directory [ 67.197060][ T5790] hsr_slave_0: entered promiscuous mode [ 67.204585][ T5790] hsr_slave_1: entered promiscuous mode [ 67.211650][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 67.220301][ T5790] Cannot create hsr debugfs directory [ 67.226696][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.234815][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.260878][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.274054][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.281235][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.307484][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.329024][ T5798] Bluetooth: hci1: command tx timeout [ 67.388515][ T50] Bluetooth: hci3: command tx timeout [ 67.394258][ T50] Bluetooth: hci2: command tx timeout [ 67.400078][ T5798] Bluetooth: hci0: command tx timeout [ 67.493550][ T5787] hsr_slave_0: entered promiscuous mode [ 67.500219][ T5787] hsr_slave_1: entered promiscuous mode [ 67.506399][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 67.514148][ T5787] Cannot create hsr debugfs directory [ 67.712674][ T5789] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 67.735746][ T5789] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 67.751581][ T5789] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 67.762119][ T5789] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 67.834333][ T5788] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 67.876081][ T5788] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 67.886346][ T5788] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 67.900167][ T5788] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 67.973099][ T5787] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 67.983561][ T5787] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 68.008401][ T5787] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 68.030320][ T5787] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 68.087667][ T5790] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 68.115413][ T5790] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 68.126763][ T5790] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 68.137865][ T5790] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 68.202318][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.263188][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.300728][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.308345][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.321379][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.328578][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.343642][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.375811][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.428810][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.453240][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.473781][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.481076][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.522390][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.529597][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.547287][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.554628][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.596061][ T3459] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.603258][ T3459] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.627623][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.686301][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.725463][ T3537] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.732659][ T3537] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.766695][ T3537] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.773904][ T3537] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.843250][ T5788] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 68.883063][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.023627][ T5789] veth0_vlan: entered promiscuous mode [ 69.058424][ T5789] veth1_vlan: entered promiscuous mode [ 69.115284][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.186965][ T5789] veth0_macvtap: entered promiscuous mode [ 69.222424][ T5789] veth1_macvtap: entered promiscuous mode [ 69.249816][ T5787] veth0_vlan: entered promiscuous mode [ 69.299255][ T5787] veth1_vlan: entered promiscuous mode [ 69.316904][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.345209][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.373000][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.382756][ T5789] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.393132][ T5789] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.403580][ T5798] Bluetooth: hci1: command tx timeout [ 69.406251][ T5789] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.419223][ T5789] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.444441][ T5787] veth0_macvtap: entered promiscuous mode [ 69.461495][ T5787] veth1_macvtap: entered promiscuous mode [ 69.469021][ T5798] Bluetooth: hci2: command tx timeout [ 69.474530][ T5798] Bluetooth: hci0: command tx timeout [ 69.480694][ T50] Bluetooth: hci3: command tx timeout [ 69.527643][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.592663][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.603854][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.615876][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.631120][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.642429][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.654497][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.665528][ T5787] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.674857][ T5787] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.684557][ T5787] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.693973][ T5787] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.709064][ T3459] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.717115][ T3459] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.801992][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.819030][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.839014][ T5788] veth0_vlan: entered promiscuous mode [ 69.880740][ T3537] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.900310][ T5790] veth0_vlan: entered promiscuous mode [ 69.910629][ T3537] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.921696][ T5788] veth1_vlan: entered promiscuous mode [ 69.995606][ T5790] veth1_vlan: entered promiscuous mode [ 70.053942][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.069456][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.102335][ T5788] veth0_macvtap: entered promiscuous mode [ 70.142149][ T5788] veth1_macvtap: entered promiscuous mode [ 70.189668][ T5790] veth0_macvtap: entered promiscuous mode [ 70.217634][ T5790] veth1_macvtap: entered promiscuous mode [ 70.253572][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.267307][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.284402][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.296132][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.320752][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.354433][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.368560][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.381621][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.448786][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.478728][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.490055][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.510540][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.574366][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.603003][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.613834][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.631058][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.654739][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.694626][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.706245][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.721679][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.734121][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.745968][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.758650][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.782888][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.803787][ T5790] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.815569][ T5790] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.831513][ T5790] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.841086][ T5790] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.896522][ T5788] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.917225][ T5788] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.931058][ T5788] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.941373][ T5788] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.131040][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.155456][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.359884][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.400798][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.421861][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.441744][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.469464][ T5798] Bluetooth: hci1: command tx timeout [ 71.541996][ T3459] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.548827][ T5798] Bluetooth: hci0: command tx timeout [ 71.552895][ T50] Bluetooth: hci3: command tx timeout [ 71.556059][ T5798] Bluetooth: hci2: command tx timeout [ 71.590226][ T3459] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.036140][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 72.045736][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.602957][ T5898] Zero length message leads to an empty skb [ 72.986013][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 73.109843][ T5841] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 73.328871][ T5841] usb 4-1: device descriptor read/64, error -71 [ 73.344313][ T5908] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 73.366550][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 73.468376][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 73.550613][ T5798] Bluetooth: hci1: command tx timeout [ 73.570569][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 73.628926][ T5798] Bluetooth: hci2: command tx timeout [ 73.635254][ T5798] Bluetooth: hci3: command tx timeout [ 73.645321][ T5798] Bluetooth: hci0: command tx timeout [ 73.673068][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 73.869618][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 73.879798][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 73.949292][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 73.957794][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 74.258461][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 74.518231][ T5841] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 74.709429][ T5841] usb 4-1: device descriptor read/64, error -71 [ 74.848311][ T5841] usb usb4-port1: attempt power cycle [ 74.987174][ T5927] bridge0: entered promiscuous mode [ 74.996753][ T5927] batman_adv: batadv0: Adding interface: macsec1 [ 75.010698][ T5927] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.051031][ T5927] batman_adv: batadv0: Interface activated: macsec1 [ 75.087784][ T5927] netlink: 4 bytes leftover after parsing attributes in process `syz.3.16'. [ 75.112687][ T5927] vxfs: WRONG superblock magic 00000000 at 1 [ 75.125524][ T5927] vxfs: WRONG superblock magic 00000000 at 8 [ 75.132367][ T5927] vxfs: can't find superblock. [ 79.357556][ T5962] vxcan1: entered allmulticast mode [ 81.914841][ T5995] process 'syz.0.31' launched './file2' with NULL argv: empty string added [ 82.271880][ T27] cfg80211: failed to load regulatory.db [ 82.474238][ T6004] binder: 6002:6004 ioctl c0306201 0 returned -14 [ 83.274032][ T27] IPVS: starting estimator thread 0... [ 83.295083][ T6004] batadv1: entered allmulticast mode [ 83.310910][ T6004] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 83.408223][ T6006] IPVS: using max 34 ests per chain, 81600 per kthread [ 88.144046][ T6045] warning: `syz.3.45' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 92.494574][ T6077] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 92.574506][ T6077] kvm: pic: non byte read [ 92.581637][ T6077] kvm: pic: level sensitive irq not supported [ 92.581948][ T6077] kvm: pic: non byte read [ 92.629499][ T6077] kvm: pic: level sensitive irq not supported [ 92.629787][ T6077] kvm: pic: non byte read [ 93.925782][ T6101] netlink: 'syz.1.58': attribute type 4 has an invalid length. [ 98.155865][ T6136] syz.2.67 (6136) used greatest stack depth: 16744 bytes left [ 98.335527][ T6128] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 98.345370][ T6128] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 98.415232][ T6128] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 98.443410][ T6128] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 98.476083][ T6128] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 98.495772][ T6128] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 98.620053][ T6128] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 98.626516][ T6128] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 99.609334][ T6128] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 99.635301][ T6128] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 99.654298][ T6128] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 99.664335][ T6128] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 99.718327][ T50] Bluetooth: hci3: Malformed LE Event: 0x0d [ 99.978072][ T5841] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 100.172854][ T5841] usb 4-1: too many configurations: 13, using maximum allowed: 8 [ 100.268861][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 100.294921][ T5841] usb 4-1: config 0 has no interfaces? [ 100.307316][ T5841] usb 4-1: config 0 has no interfaces? [ 100.325144][ T5841] usb 4-1: config 0 has no interfaces? [ 100.508123][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 100.563070][ T5841] usb 4-1: config 0 has no interfaces? [ 100.575795][ T5841] usb 4-1: config 0 has no interfaces? [ 100.668049][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 100.680005][ T5841] usb 4-1: config 0 has no interfaces? [ 100.690759][ T5841] usb 4-1: config 0 has no interfaces? [ 100.703060][ T5841] usb 4-1: config 0 has no interfaces? [ 100.712947][ T5841] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 100.742716][ T5841] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.750945][ T5841] usb 4-1: Product: syz [ 100.755538][ T5841] usb 4-1: Manufacturer: syz [ 100.760258][ T5841] usb 4-1: SerialNumber: syz [ 100.788394][ T5841] usb 4-1: config 0 descriptor?? [ 101.414879][ T6159] Invalid option length (57448) for dns_resolver key [ 101.438276][ T5841] usb 4-1: USB disconnect, device number 5 [ 101.708170][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 103.543635][ T50] Bluetooth: hci3: command 0x0c1a tx timeout [ 103.552649][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 103.559897][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 103.788069][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 105.638255][ T5800] Bluetooth: hci0: command 0x0c1a tx timeout [ 105.644555][ T5800] Bluetooth: hci3: command 0x0c1a tx timeout [ 105.650725][ T50] Bluetooth: hci2: command 0x0c1a tx timeout [ 105.868078][ T5798] Bluetooth: hci1: command 0x0c1a tx timeout [ 108.428676][ T6209] ptrace attach of "./syz-executor exec"[5789] was attempted by "./syz-executor exec"[6209] [ 108.522626][ T6209] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes [ 109.963492][ T5841] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 110.048372][ T6236] 9pnet_virtio: no channels available for device syz [ 110.208198][ T5841] usb 2-1: Using ep0 maxpacket: 32 [ 110.235170][ T5841] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 110.255123][ T5841] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 110.315297][ T5841] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 110.340796][ T5841] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 110.357222][ T5841] usb 2-1: config 0 interface 0 has no altsetting 0 [ 110.376894][ T5841] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 110.404560][ T5841] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 110.611223][ T5841] usb 2-1: Product: syz [ 110.615568][ T5841] usb 2-1: Manufacturer: syz [ 110.621028][ T5841] usb 2-1: SerialNumber: syz [ 110.630611][ T5841] usb 2-1: config 0 descriptor?? [ 110.646829][ T5841] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 110.662754][ T5841] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 111.362143][ T5841] usb 2-1: USB disconnect, device number 2 [ 111.378400][ T5841] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 117.784282][ T6320] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 118.998218][ T6334] @: renamed from vlan0 (while UP) [ 119.178381][ T23] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 119.378981][ T23] usb 2-1: no configurations [ 119.379009][ T23] usb 2-1: can't read configurations, error -22 [ 119.528182][ T23] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 119.651451][ C0] ------------[ cut here ]------------ [ 119.657270][ C0] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0xfff with flags 0x20 [ 119.668411][ C0] WARNING: CPU: 0 PID: 16 at net/mac80211/rate.c:385 __rate_control_send_low+0x635/0x880 [ 119.678493][ C0] Modules linked in: [ 119.682437][ C0] CPU: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.6.101-syzkaller #0 [ 119.690468][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 119.700659][ C0] RIP: 0010:__rate_control_send_low+0x635/0x880 [ 119.706934][ C0] Code: 30 42 0f b6 04 28 84 c0 0f 85 e6 01 00 00 41 8b 0e 48 c7 c7 00 85 be 8b 48 8b 74 24 10 44 8b 44 24 1c 45 89 e1 e8 9b e7 6a f7 <0f> 0b e9 78 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fa ff [ 119.709008][ T23] usb 2-1: no configurations [ 119.727039][ C0] RSP: 0018:ffffc900001573c0 EFLAGS: 00010246 [ 119.727090][ C0] RAX: b6a8ba2965aed500 RBX: 000000000000000c RCX: ffff88801b265a00 [ 119.727104][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 119.727116][ C0] RBP: 0000000000000084 R08: ffffc90000156fc7 R09: 1ffff9200002adf8 [ 119.727128][ C0] R10: dffffc0000000000 R11: fffff5200002adf9 R12: 0000000000000020 [ 119.727140][ C0] R13: dffffc0000000000 R14: ffff888018b93358 R15: ffff88801c3c8168 [ 119.727152][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 119.727166][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 119.727177][ C0] CR2: 00007f9e8dc06f98 CR3: 00000000765c1000 CR4: 00000000003506f0 [ 119.727195][ C0] Call Trace: [ 119.727203][ C0] [ 119.727236][ C0] rate_control_send_low+0x194/0x790 [ 119.814797][ C0] rate_control_get_rate+0x20b/0x5c0 [ 119.820127][ C0] ieee80211_beacon_get_finish+0x38d/0x6b0 [ 119.825952][ C0] ? ieee80211_set_beacon_cntdwn+0x660/0x660 [ 119.832001][ C0] ? __local_bh_enable_ip+0x12e/0x1c0 [ 119.834166][ T23] usb 2-1: can't read configurations, error -22 [ 119.837731][ C0] ? _local_bh_enable+0xa0/0xa0 [ 119.837767][ C0] ieee80211_beacon_get_ap+0x1429/0x1970 [ 119.837803][ C0] ? ieee80211_tx_8023+0x3c0/0x3c0 [ 119.845954][ T23] usb usb2-port1: attempt power cycle [ 119.849228][ C0] ? read_lock_is_recursive+0x20/0x20 [ 119.849270][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 119.849298][ C0] __ieee80211_beacon_get+0x10eb/0x1600 [ 119.849326][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 119.849359][ C0] ieee80211_beacon_get_tim+0xb8/0x560 [ 119.849390][ C0] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 119.901410][ C0] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 119.907125][ C0] __iterate_interfaces+0x243/0x500 [ 119.912454][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 119.918858][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 119.926109][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 119.932706][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 119.939820][ C0] mac80211_hwsim_beacon+0xbb/0x1b0 [ 119.945180][ C0] __hrtimer_run_queues+0x51e/0xc40 [ 119.950474][ C0] ? hw_scan_work+0xf40/0xf40 [ 119.955186][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 119.960348][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 119.966480][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 119.971741][ C0] handle_softirqs+0x280/0x820 [ 119.976519][ C0] ? run_ksoftirqd+0x9c/0xf0 [ 119.981244][ C0] ? do_softirq+0x180/0x180 [ 119.985753][ C0] run_ksoftirqd+0x9c/0xf0 [ 119.990210][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 119.995420][ C0] ? takeover_tasklets+0x810/0x810 [ 120.000670][ C0] ? takeover_tasklets+0x810/0x810 [ 120.006078][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 120.011359][ C0] smpboot_thread_fn+0x635/0xa00 [ 120.016320][ C0] ? smpboot_thread_fn+0x50/0xa00 [ 120.021383][ C0] kthread+0x2fa/0x390 [ 120.025447][ C0] ? smpboot_unregister_percpu_thread+0x2a0/0x2a0 [ 120.031935][ C0] ? kthread_blkcg+0xd0/0xd0 [ 120.036708][ C0] ret_from_fork+0x48/0x80 [ 120.041147][ C0] ? kthread_blkcg+0xd0/0xd0 [ 120.045731][ C0] ret_from_fork_asm+0x11/0x20 [ 120.050539][ C0] [ 120.053648][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 120.061078][ C0] CPU: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.6.101-syzkaller #0 [ 120.069165][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 120.079403][ C0] Call Trace: [ 120.082725][ C0] [ 120.085662][ C0] dump_stack_lvl+0x16c/0x230 [ 120.090347][ C0] ? show_regs_print_info+0x20/0x20 [ 120.095567][ C0] ? load_image+0x3b0/0x3b0 [ 120.100165][ C0] panic+0x2c0/0x710 [ 120.104098][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 120.108643][ C0] ? ret_from_fork_asm+0x11/0x20 [ 120.113657][ C0] __warn+0x2e0/0x470 [ 120.117666][ C0] ? __rate_control_send_low+0x635/0x880 [ 120.123378][ C0] ? __rate_control_send_low+0x635/0x880 [ 120.129055][ C0] report_bug+0x2be/0x4f0 [ 120.133512][ C0] ? __rate_control_send_low+0x635/0x880 [ 120.139181][ C0] ? __rate_control_send_low+0x635/0x880 [ 120.144855][ C0] ? __rate_control_send_low+0x637/0x880 [ 120.150589][ C0] handle_bug+0xcf/0x120 [ 120.154841][ C0] exc_invalid_op+0x1a/0x50 [ 120.159349][ C0] asm_exc_invalid_op+0x1a/0x20 [ 120.164317][ C0] RIP: 0010:__rate_control_send_low+0x635/0x880 [ 120.170752][ C0] Code: 30 42 0f b6 04 28 84 c0 0f 85 e6 01 00 00 41 8b 0e 48 c7 c7 00 85 be 8b 48 8b 74 24 10 44 8b 44 24 1c 45 89 e1 e8 9b e7 6a f7 <0f> 0b e9 78 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fa ff [ 120.190473][ C0] RSP: 0018:ffffc900001573c0 EFLAGS: 00010246 [ 120.196650][ C0] RAX: b6a8ba2965aed500 RBX: 000000000000000c RCX: ffff88801b265a00 [ 120.204631][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 120.212640][ C0] RBP: 0000000000000084 R08: ffffc90000156fc7 R09: 1ffff9200002adf8 [ 120.220701][ C0] R10: dffffc0000000000 R11: fffff5200002adf9 R12: 0000000000000020 [ 120.228684][ C0] R13: dffffc0000000000 R14: ffff888018b93358 R15: ffff88801c3c8168 [ 120.236843][ C0] rate_control_send_low+0x194/0x790 [ 120.242158][ C0] rate_control_get_rate+0x20b/0x5c0 [ 120.247493][ C0] ieee80211_beacon_get_finish+0x38d/0x6b0 [ 120.253312][ C0] ? ieee80211_set_beacon_cntdwn+0x660/0x660 [ 120.259310][ C0] ? __local_bh_enable_ip+0x12e/0x1c0 [ 120.264777][ C0] ? _local_bh_enable+0xa0/0xa0 [ 120.269748][ C0] ieee80211_beacon_get_ap+0x1429/0x1970 [ 120.275435][ C0] ? ieee80211_tx_8023+0x3c0/0x3c0 [ 120.280566][ C0] ? read_lock_is_recursive+0x20/0x20 [ 120.285950][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 120.291523][ C0] __ieee80211_beacon_get+0x10eb/0x1600 [ 120.297212][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 120.302832][ C0] ieee80211_beacon_get_tim+0xb8/0x560 [ 120.308332][ C0] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 120.315463][ C0] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 120.321203][ C0] __iterate_interfaces+0x243/0x500 [ 120.326456][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 120.332725][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 120.339949][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 120.346425][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 120.353552][ C0] mac80211_hwsim_beacon+0xbb/0x1b0 [ 120.358869][ C0] __hrtimer_run_queues+0x51e/0xc40 [ 120.364186][ C0] ? hw_scan_work+0xf40/0xf40 [ 120.368875][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 120.374083][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 120.380208][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 120.385336][ C0] handle_softirqs+0x280/0x820 [ 120.390214][ C0] ? run_ksoftirqd+0x9c/0xf0 [ 120.394843][ C0] ? do_softirq+0x180/0x180 [ 120.399349][ C0] run_ksoftirqd+0x9c/0xf0 [ 120.403875][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 120.409067][ C0] ? takeover_tasklets+0x810/0x810 [ 120.414611][ C0] ? takeover_tasklets+0x810/0x810 [ 120.419725][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 120.425065][ C0] smpboot_thread_fn+0x635/0xa00 [ 120.430120][ C0] ? smpboot_thread_fn+0x50/0xa00 [ 120.435187][ C0] kthread+0x2fa/0x390 [ 120.439442][ C0] ? smpboot_unregister_percpu_thread+0x2a0/0x2a0 [ 120.446042][ C0] ? kthread_blkcg+0xd0/0xd0 [ 120.450650][ C0] ret_from_fork+0x48/0x80 [ 120.455155][ C0] ? kthread_blkcg+0xd0/0xd0 [ 120.459833][ C0] ret_from_fork_asm+0x11/0x20 [ 120.464866][ C0] [ 120.468490][ C0] Kernel Offset: disabled [ 120.472850][ C0] Rebooting in 86400 seconds..