last executing test programs: 6.645858463s ago: executing program 2 (id=3): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, 0x0}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x70, 0x30, 0x1, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) write$cgroup_int(r3, &(0x7f0000000040)=0x1c8, 0x12) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) dup(r4) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r5, &(0x7f0000847fff)='X', 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r7 = memfd_create(&(0x7f0000000680)='\x103q}2\x9a\xce\xaf^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99\x18\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1f\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\tRJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd99C\x9fF\x9c[M=\xa0^\xa8\xed)\xe8Z\xe8\x9b&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xc9\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8ZmH\x98\xaeb\xa5B5)\x80m\xff\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6\x05\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa\x19\x06U)j!\x91\'\x98\xd2kFN\xfa\x80)O\xb9(!n\x9d\x13\x15\xf1\x1a\xb8y\x14l\xd1', 0x7) ioctl$FS_IOC_RESVSP(r7, 0x402c5828, &(0x7f00000000c0)={0x0, 0x0, 0x1, 0x762}) syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r6}}, 0x58) bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs, 0x6e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 5.741640146s ago: executing program 0 (id=1): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 4.964211998s ago: executing program 3 (id=4): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000000)={{0x0, 0xeeef0000, 0xe, 0x0, 0x81, 0x4, 0xa, 0x4e, 0x0, 0x7, 0x6, 0x10}, {0x5000, 0xffff1000, 0x3, 0x5, 0x2, 0x8, 0xd, 0x3, 0x0, 0x81, 0x8, 0x1}, {0x6000, 0x0, 0xa, 0x7, 0x2, 0x1, 0x6, 0xf, 0x8, 0x6, 0x2}, {0xffff1000, 0xd5dd0000, 0xe, 0x2, 0x1, 0x3, 0xc, 0x0, 0x1, 0x6, 0x4, 0x9}, {0x100002, 0xeeee8000, 0x9, 0x0, 0x80, 0xee, 0x0, 0x7, 0x7c, 0x0, 0xe, 0x9}, {0x3000, 0x4, 0x8, 0x1, 0x5, 0x4, 0x1, 0x1, 0x6, 0x86, 0xb, 0x2}, {0xeeee8000, 0xeeee0000, 0xc, 0x7, 0x7, 0x3, 0x1d, 0x47, 0x30, 0x2, 0x8, 0xe1}, {0xf000, 0x2, 0xc, 0xf8, 0xfd, 0xa, 0x2, 0x4, 0x3, 0x8, 0x5, 0x4e}, {0x4, 0x7}, {0x6000, 0x5}, 0x10, 0x0, 0xdddd0000, 0x40, 0x7, 0x1000, 0xeeef0000, [0x5, 0x8001, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.869502086s ago: executing program 0 (id=5): bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="050000000400000099"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x196, &(0x7f0000000440)={0x2000000000002000, 0x2000001, 0x55, 0x3}) 4.857279427s ago: executing program 1 (id=2): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) clock_gettime(0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) 4.714455478s ago: executing program 2 (id=6): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000), 0xc) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_io_uring_setup(0x497, &(0x7f0000000480)={0x0, 0x9013, 0x100, 0x4, 0x165}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x3, 0x8, 0x0, {0x0, 0x0, r1}}) io_setup(0x1, &(0x7f0000000000)=0x0) r9 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000000300)=0x1e) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'netdevsim0\x00'}) io_submit(r8, 0x1, &(0x7f0000000a40)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xfff, 0xffffffffffffffff, &(0x7f0000000300)="e83924", 0x3}]) io_uring_enter(r5, 0x3517, 0x173d, 0x42, 0x0, 0x0) 4.561411511s ago: executing program 0 (id=7): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x185802, 0x0) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r4 = socket$l2tp6(0xa, 0x2, 0x73) bind$inet6(r4, 0x0, 0x0) open$dir(&(0x7f0000000100)='./file0\x00', 0x80000, 0x113) write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000180), 0xf) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r5, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x3c) bpf$PROG_LOAD(0x5, 0x0, 0x0) add_key$user(&(0x7f0000000200), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) sendfile(r0, r0, 0x0, 0x200000) 4.345798398s ago: executing program 3 (id=8): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x47, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) 3.08647326s ago: executing program 3 (id=9): r0 = socket$key(0xf, 0x3, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001180)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa0000000000000150300000a004e002d35010000000000950041000000000069163a0000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ff3d4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932c9a6aa57f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2739670b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc401000000cc43010000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000f4000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c6939628950000000000000001c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be19637302f3b41eae50509fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b30410856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2f, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xf, 0x6, &(0x7f00000000c0)=ANY=[@ANYBLOB="b40600000000000071110900000000008510000002000000850000000000000095004c00000000009500001200000000abab312391510836759074ccff2ed8f9c6678e25a33f6cb4afb47400579805765886e28121bebe2d798a21d0b1ba3c64b7154fbdd9b3a80839903d9dd9de92169257abf148f32a4575c38f85b047adf3910ae2b8495219b4870f390a8ef2c1f726023303687ce9957117cd890e4f5fd2866f89b463a81c1c1d61315bf02b40cd104511054ac8a8520a9bc112b3ae285491bbc6b2ce30ebd6ad27379e663b789e161b728f428d163a5884b2c9cc8f6648f3d34acee04143923c18b932b60cea"], &(0x7f0000000080)='GPL\x00', 0x7, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_device}, 0x70) socket$kcm(0x10, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x200004, 0x2, 0x1}}) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}}) sendmsg$nl_route_sched(r4, &(0x7f0000000940)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)=@gettfilter={0x4c, 0x2e, 0x300, 0x800, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x8, 0x2}, {0xf, 0x10}, {0x1, 0x6}}, [{0x8, 0xb, 0x4}, {0x8, 0xb, 0x89}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0x6}, {0x8, 0xb, 0x2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008011) r5 = openat$rdma_cm(0xffffff9c, &(0x7f0000000140), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r5, &(0x7f0000000300)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0, @in6={0xa, 0x4e21, 0x0, @mcast2, 0x7fffffff}, @in6={0xa, 0x4e21, 0x9, @private2, 0x2}}}, 0x118) open(&(0x7f0000000000)='.\x00', 0x82000, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x800}) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c00000003060500000005cb3eaa8d19ff4e00060500010007000000"], 0x1c}, 0x1, 0x0, 0x0, 0x24040800}, 0x8d0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x40) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002000000da16c167d803f1f805000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x400008a, 0x0) sendmsg$key(r0, &(0x7f0000000000)={0x9, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="02090009020000ff25000000000000"], 0x10}}, 0x0) 2.601423439s ago: executing program 1 (id=10): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00'}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000), 0xc) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_io_uring_setup(0x497, &(0x7f0000000480)={0x0, 0x9013, 0x100, 0x4, 0x165}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x3, 0x8, 0x0, {0x0, 0x0, r1}}) io_setup(0x1, &(0x7f0000000000)=0x0) r9 = socket(0x10, 0x3, 0x0) getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000000300)=0x1e) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'netdevsim0\x00'}) io_submit(r8, 0x1, &(0x7f0000000a40)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0xfff, 0xffffffffffffffff, &(0x7f0000000300)="e839", 0x2}]) io_uring_enter(r5, 0x3517, 0x173d, 0x42, 0x0, 0x0) 2.600971359s ago: executing program 0 (id=11): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000002000", @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNSETOWNER(r2, 0x400454cc, 0xffffffffffffffff) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r1, 0x58, &(0x7f0000000100)}, 0x87) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2) r3 = socket$can_j1939(0x1d, 0x2, 0x7) bind$can_j1939(r3, &(0x7f00000000c0), 0x18) userfaultfd(0x400) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00100000000280", 0x2a}, {&(0x7f0000000400)="6a6f8e5e", 0x4}], 0x2}, 0x0) r5 = mq_open(&(0x7f0000000000)='eth0\x00', 0x42, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r5, &(0x7f0000000080)) mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x11, 0x0) r6 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x41c3, 0x800, 0x0, 0x335}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r6, 0x47ba, 0x98f1, 0x20, 0x0, 0x0) 2.59363728s ago: executing program 2 (id=12): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 319.204704ms ago: executing program 2 (id=13): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x466d1a97) semctl$GETZCNT(0x0, 0x1, 0xf, 0x0) openat$nci(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0x6, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r1 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f0000000140)=0x1, 0x4) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000180)) write$dsp(r3, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) write$dsp(r3, 0x0, 0x0) 0s ago: executing program 0 (id=14): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000400b8400800b7"], 0x30}}, 0x0) syz_usb_connect(0x6, 0x3f, &(0x7f00000000c0)=ANY=[@ANYRES16], 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/address_bits', 0x606840, 0x0) r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440)={'syz', 0x2}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000200)={r3, r3, r3}, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101) dup(r4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.219' (ED25519) to the list of known hosts. [ 67.435772][ T5775] cgroup: Unknown subsys name 'net' [ 67.599231][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 69.246503][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.848422][ T5787] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.860857][ T5795] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.869783][ T5797] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.893082][ T5797] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.898664][ T5792] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.901218][ T5797] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.908592][ T5792] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.922885][ T5792] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.931173][ T5792] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.932666][ T5797] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 70.938994][ T5792] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 70.953066][ T5792] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.955521][ T5795] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.967941][ T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.992661][ T5795] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 71.002691][ T5795] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 71.021804][ T5795] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 71.035755][ T5797] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 71.044796][ T5797] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 71.061275][ T5795] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 71.065961][ T5797] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 71.073568][ T5795] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 71.083284][ T5797] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 71.090859][ T5795] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 71.463449][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 71.513354][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 71.617884][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.625067][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.680158][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 71.703822][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.711149][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.719343][ T5784] bridge_slave_0: entered allmulticast mode [ 71.726357][ T5784] bridge_slave_0: entered promiscuous mode [ 71.751226][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.758599][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.765990][ T5788] bridge_slave_0: entered allmulticast mode [ 71.773819][ T5788] bridge_slave_0: entered promiscuous mode [ 71.797998][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.805402][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.812953][ T5784] bridge_slave_1: entered allmulticast mode [ 71.821288][ T5784] bridge_slave_1: entered promiscuous mode [ 71.863663][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.870804][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.878325][ T5788] bridge_slave_1: entered allmulticast mode [ 71.885800][ T5788] bridge_slave_1: entered promiscuous mode [ 71.939046][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.958517][ T5793] chnl_net:caif_netlink_parms(): no params data found [ 71.972366][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.985333][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.036738][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.053792][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.060967][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.069528][ T5791] bridge_slave_0: entered allmulticast mode [ 72.076561][ T5791] bridge_slave_0: entered promiscuous mode [ 72.085264][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.092637][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.099810][ T5791] bridge_slave_1: entered allmulticast mode [ 72.107126][ T5791] bridge_slave_1: entered promiscuous mode [ 72.168442][ T5784] team0: Port device team_slave_0 added [ 72.190192][ T5788] team0: Port device team_slave_0 added [ 72.199581][ T5788] team0: Port device team_slave_1 added [ 72.221250][ T5784] team0: Port device team_slave_1 added [ 72.268209][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.311151][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.332611][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.339885][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.366282][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.378628][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.386141][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.412143][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.423487][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.430612][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.438171][ T5793] bridge_slave_0: entered allmulticast mode [ 72.445092][ T5793] bridge_slave_0: entered promiscuous mode [ 72.453605][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.460725][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.467964][ T5793] bridge_slave_1: entered allmulticast mode [ 72.475241][ T5793] bridge_slave_1: entered promiscuous mode [ 72.499353][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.506666][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.532690][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.550285][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.557504][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.584199][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.629737][ T5791] team0: Port device team_slave_0 added [ 72.638332][ T5791] team0: Port device team_slave_1 added [ 72.723206][ T5788] hsr_slave_0: entered promiscuous mode [ 72.729513][ T5788] hsr_slave_1: entered promiscuous mode [ 72.751240][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 72.762879][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.769963][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.796098][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.811337][ T5784] hsr_slave_0: entered promiscuous mode [ 72.818283][ T5784] hsr_slave_1: entered promiscuous mode [ 72.825734][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 72.833603][ T5784] Cannot create hsr debugfs directory [ 72.858670][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.878441][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.885727][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.912843][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.972242][ T5790] Bluetooth: hci1: command tx timeout [ 73.012484][ T5793] team0: Port device team_slave_0 added [ 73.023171][ T5791] hsr_slave_0: entered promiscuous mode [ 73.030269][ T5791] hsr_slave_1: entered promiscuous mode [ 73.036900][ T5791] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.044554][ T5791] Cannot create hsr debugfs directory [ 73.067280][ T5793] team0: Port device team_slave_1 added [ 73.126634][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.134122][ T5790] Bluetooth: hci3: command tx timeout [ 73.136593][ T5795] Bluetooth: hci2: command tx timeout [ 73.140355][ T5797] Bluetooth: hci0: command tx timeout [ 73.146132][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.178445][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.192403][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.199379][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.225910][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.399576][ T5793] hsr_slave_0: entered promiscuous mode [ 73.406118][ T5793] hsr_slave_1: entered promiscuous mode [ 73.412882][ T5793] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 73.420492][ T5793] Cannot create hsr debugfs directory [ 73.556851][ T5784] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 73.582947][ T5784] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 73.598513][ T5784] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 73.608843][ T5784] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 73.723066][ T5788] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 73.733741][ T5788] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 73.745543][ T5788] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 73.756967][ T5788] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 73.838388][ T5791] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 73.862935][ T5791] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 73.875581][ T5791] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 73.886307][ T5791] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 73.978361][ T5793] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 73.989199][ T5793] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 74.000147][ T5793] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 74.010616][ T5793] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 74.111481][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.177613][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.199759][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.237156][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.250189][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.257559][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.285558][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.294817][ T1118] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.302017][ T1118] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.332410][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.356933][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.364269][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.393443][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.416767][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.423981][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.437720][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.444936][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.465522][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.472800][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.490840][ T5784] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 74.507013][ T5784] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 74.523869][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.571455][ T1124] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.578714][ T1124] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.589045][ T1124] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.596289][ T1124] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.756986][ T5788] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 74.787690][ T5793] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 74.978821][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.053704][ T5797] Bluetooth: hci1: command tx timeout [ 75.134897][ T5784] veth0_vlan: entered promiscuous mode [ 75.170938][ T5784] veth1_vlan: entered promiscuous mode [ 75.211769][ T5797] Bluetooth: hci2: command tx timeout [ 75.223788][ T5790] Bluetooth: hci3: command tx timeout [ 75.229345][ T5797] Bluetooth: hci0: command tx timeout [ 75.267931][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.315498][ T5784] veth0_macvtap: entered promiscuous mode [ 75.326933][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.345726][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.359472][ T5784] veth1_macvtap: entered promiscuous mode [ 75.455206][ T5791] veth0_vlan: entered promiscuous mode [ 75.467011][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.485760][ T5793] veth0_vlan: entered promiscuous mode [ 75.499925][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.513719][ T5788] veth0_vlan: entered promiscuous mode [ 75.544082][ T5784] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.555260][ T5784] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.565861][ T5784] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.574814][ T5784] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.588259][ T5793] veth1_vlan: entered promiscuous mode [ 75.598181][ T5791] veth1_vlan: entered promiscuous mode [ 75.617566][ T5788] veth1_vlan: entered promiscuous mode [ 75.675321][ T5791] veth0_macvtap: entered promiscuous mode [ 75.719845][ T5788] veth0_macvtap: entered promiscuous mode [ 75.742334][ T5788] veth1_macvtap: entered promiscuous mode [ 75.749995][ T5791] veth1_macvtap: entered promiscuous mode [ 75.764080][ T5793] veth0_macvtap: entered promiscuous mode [ 75.806004][ T5793] veth1_macvtap: entered promiscuous mode [ 75.832661][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.840811][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.848629][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.869429][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.881327][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.912932][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.924991][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.936085][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.947279][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.959062][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.976784][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.988149][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.999472][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.013937][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.025458][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.035391][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.045973][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.055881][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 76.066441][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.079507][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.096639][ T1124] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.098986][ T5791] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.114003][ T5791] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.116156][ T1124] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.124874][ T5791] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.139852][ T5791] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.158767][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.169498][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.183654][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.198000][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.209558][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.233267][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.245911][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.258833][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.269625][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.279681][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 76.290324][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 76.304034][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 76.315875][ T5793] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.325068][ T5793] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.335098][ T5793] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.344263][ T5793] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.368186][ T5788] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.381259][ T5788] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.391336][ T5788] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.400671][ T5788] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 76.765222][ T3504] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.774902][ T3504] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.783046][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.791402][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.799332][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 76.807958][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 77.013877][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.088733][ T3504] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.096953][ T3504] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.116433][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.134122][ T5797] Bluetooth: hci1: command tx timeout [ 77.211386][ T5875] block device autoloading is deprecated and will be removed. [ 77.243689][ T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.285940][ T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.298754][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.307086][ T5797] Bluetooth: hci0: command tx timeout [ 77.322803][ T5797] Bluetooth: hci3: command tx timeout [ 77.331654][ T5797] Bluetooth: hci2: command tx timeout [ 77.392236][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.591343][ T5875] syz.2.3[5875]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 78.351806][ T5883] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 78.602891][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 78.611959][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 78.622077][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 78.631957][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 78.962060][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.221434][ T5797] Bluetooth: hci1: command tx timeout [ 79.476117][ T5797] Bluetooth: hci3: command tx timeout [ 79.482948][ T5790] Bluetooth: hci2: command tx timeout [ 79.482958][ T5795] Bluetooth: hci0: command tx timeout [ 80.670842][ T5915] netlink: 'syz.0.11': attribute type 10 has an invalid length. [ 80.812538][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 80.972331][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 81.213371][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 82.654051][ T5915] team0: Port device netdevsim0 added [ 83.380905][ T5933] ------------[ cut here ]------------ [ 83.386819][ T5933] WARNING: CPU: 0 PID: 5933 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 83.398035][ T5933] Modules linked in: [ 83.401974][ T5933] CPU: 0 PID: 5933 Comm: syz.0.14 Not tainted syzkaller #0 [ 83.409381][ T5933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 83.419508][ T5933] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 83.426858][ T5933] Code: 48 89 df e8 1a 06 ea f7 e9 dc fc ff ff e8 f0 bf 92 f7 eb 24 e8 e9 bf 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 d8 bf 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ca bf 92 f7 48 8b 7c 24 08 4c 8b 7c [ 83.446678][ T5933] RSP: 0018:ffffc9000536ee20 EFLAGS: 00010283 [ 83.454353][ T5933] RAX: ffffffff89f2cbce RBX: 0000000000000001 RCX: 0000000000080000 [ 83.460229][ T1124] ------------[ cut here ]------------ [ 83.463933][ T5933] RDX: ffffc9000c649000 RSI: 000000000000617e RDI: 000000000000617f [ 83.468780][ T1124] WARNING: CPU: 1 PID: 1124 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 83.476870][ T5933] RBP: dffffc0000000000 R08: ffffffff90da55c7 R09: 1ffffffff21b4ab8 [ 83.487775][ T1124] Modules linked in: [ 83.487797][ T1124] CPU: 1 PID: 1124 Comm: kworker/u4:7 Not tainted syzkaller #0 [ 83.487829][ T1124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 83.495883][ T5933] R10: dffffc0000000000 R11: fffffbfff21b4ab9 R12: 0000000000000001 [ 83.495907][ T5933] R13: ffff88805ce625d9 R14: ffff888078752c70 R15: ffff888078752ce8 [ 83.499809][ T1124] Workqueue: events_unbound cfg80211_wiphy_work [ 83.508355][ T5933] FS: 00007fd2011b16c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 83.517697][ T1124] [ 83.517710][ T1124] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 83.517751][ T1124] Code: 48 89 df e8 1a 06 ea f7 e9 dc fc ff ff e8 f0 bf 92 f7 eb 24 e8 e9 bf 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 d8 bf 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ca bf 92 f7 48 8b 7c 24 08 4c 8b 7c [ 83.525789][ T5933] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 83.533900][ T1124] RSP: 0018:ffffc900047bf200 EFLAGS: 00010287 [ 83.533929][ T1124] RAX: ffffffff89f2cbce RBX: 0000000000000001 RCX: 0000000000100000 [ 83.533946][ T1124] RDX: ffffc90017689000 RSI: 0000000000002cbc RDI: 0000000000002cbd [ 83.533963][ T1124] RBP: dffffc0000000000 R08: ffffffff90da55c7 R09: 1ffffffff21b4ab8 [ 83.533980][ T1124] R10: dffffc0000000000 R11: fffffbfff21b4ab9 R12: 0000000000000001 [ 83.540205][ T5933] CR2: 0000559461277000 CR3: 000000002e105000 CR4: 00000000003506f0 [ 83.550010][ T1124] R13: ffff88805cf425d9 R14: ffff888020eaac70 R15: ffff888020eaace8 [ 83.551578][ T5933] Call Trace: [ 83.558874][ T1124] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 83.579840][ T5933] [ 83.585861][ T1124] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 83.585881][ T1124] CR2: 00007fd20118efe0 CR3: 00000000633a8000 CR4: 00000000003506e0 [ 83.585904][ T1124] Call Trace: [ 83.585914][ T1124] [ 83.585942][ T1124] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 83.592092][ T5933] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 83.600110][ T1124] ieee80211_csa_finalize+0x59a/0xf00 [ 83.608136][ T5933] ieee80211_csa_finalize+0x59a/0xf00 [ 83.616138][ T1124] ? ieee80211_csa_finalize_work+0x140/0x140 [ 83.616178][ T1124] ? cfg80211_ch_switch_started_notify+0x253/0x490 [ 83.616220][ T1124] ieee80211_channel_switch+0xa8a/0xe30 [ 83.616266][ T1124] ? ieee80211_csa_finalize+0xf00/0xf00 [ 83.624307][ T5933] ? ieee80211_csa_finalize_work+0x140/0x140 [ 83.624355][ T5933] ? cfg80211_ch_switch_started_notify+0x253/0x490 [ 83.624393][ T5933] ieee80211_channel_switch+0xa8a/0xe30 [ 83.624439][ T5933] ? ieee80211_csa_finalize+0xf00/0xf00 [ 83.624480][ T5933] ? mutex_lock_nested+0x20/0x20 [ 83.624512][ T5933] ? ieee80211_get_channel_khz+0x15b/0x8a0 [ 83.624548][ T5933] rdev_channel_switch+0xeb/0x240 [ 83.624587][ T5933] nl80211_channel_switch+0xa07/0x1040 [ 83.624611][ T5933] ? genl_family_rcv_msg_doit+0xb9/0x2f0 [ 83.624650][ T5933] ? nl80211_set_coalesce+0x1310/0x1310 [ 83.624716][ T5933] ? __nla_parse+0x40/0x50 [ 83.632788][ T1124] ? rcu_is_watching+0x15/0xb0 [ 83.632820][ T1124] ? ieee80211_get_channel_khz+0x15b/0x8a0 [ 83.632860][ T1124] ieee80211_ibss_process_chanswitch+0x938/0xb60 [ 83.640849][ T5933] ? nl80211_pre_doit+0x4f1/0x930 [ 83.644184][ T1124] ? trace_drv_return_int+0x1c0/0x1c0 [ 83.653240][ T5933] genl_family_rcv_msg_doit+0x209/0x2f0 [ 83.656172][ T1124] ? cfg80211_find_elem_match+0x1bc/0x1f0 [ 83.662864][ T5933] ? genl_family_rcv_msg_dumpit+0x2c0/0x2c0 [ 83.671313][ T1124] ? mutex_lock_nested+0x20/0x20 [ 83.671371][ T1124] ieee80211_ibss_rx_queued_mgmt+0xf98/0x2ac0 [ 83.671404][ T1124] ? verify_lock_unused+0x140/0x140 [ 83.671455][ T1124] ? ieee80211_ibss_rx_no_sta+0x7a0/0x7a0 [ 83.671497][ T1124] ? mark_lock+0x94/0x320 [ 83.671640][ T1124] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 83.671671][ T1124] ? lock_chain_count+0x20/0x20 [ 83.671694][ T1124] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 83.671734][ T1124] ? kcov_remote_start+0x4cb/0x7f0 [ 83.671761][ T1124] ? lockdep_hardirqs_on+0x98/0x150 [ 83.671797][ T1124] ? kcov_remote_start+0x8f/0x7f0 [ 83.671828][ T1124] ieee80211_iface_work+0x717/0xc70 [ 83.671859][ T1124] ? _raw_spin_unlock_irq+0x23/0x50 [ 83.671898][ T1124] cfg80211_wiphy_work+0x225/0x260 [ 83.671933][ T1124] ? process_scheduled_works+0x957/0x15b0 [ 83.671960][ T1124] process_scheduled_works+0xa45/0x15b0 [ 83.672022][ T1124] ? assign_work+0x400/0x400 [ 83.672058][ T1124] ? assign_work+0x39e/0x400 [ 83.672101][ T1124] worker_thread+0xa55/0xfc0 [ 83.672128][ T1124] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 83.672162][ T1124] ? _raw_spin_unlock+0x40/0x40 [ 83.672193][ T1124] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 83.672250][ T1124] kthread+0x2fa/0x390 [ 83.675530][ T5933] ? bpf_lsm_capable+0x9/0x10 [ 83.678545][ T1124] ? pr_cont_work+0x560/0x560 [ 83.685227][ T5933] ? security_capable+0x89/0xb0 [ 83.691770][ T1124] ? kthread_blkcg+0xd0/0xd0 [ 83.697134][ T5933] genl_rcv_msg+0x60b/0x790 [ 83.702646][ T1124] ret_from_fork+0x48/0x80 [ 83.708521][ T5933] ? genl_bind+0x360/0x360 [ 83.715061][ T1124] ? kthread_blkcg+0xd0/0xd0 [ 83.720571][ T5933] ? nl80211_exit+0x30/0x30 [ 83.726145][ T1124] ret_from_fork_asm+0x11/0x20 [ 83.726194][ T1124] [ 83.732267][ T5933] ? nl80211_set_coalesce+0x1310/0x1310 [ 83.738751][ T1124] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 83.738763][ T1124] CPU: 1 PID: 1124 Comm: kworker/u4:7 Not tainted syzkaller #0 [ 83.738780][ T1124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 83.738791][ T1124] Workqueue: events_unbound cfg80211_wiphy_work [ 83.738816][ T1124] Call Trace: [ 83.738823][ T1124] [ 83.738830][ T1124] dump_stack_lvl+0x16c/0x230 [ 83.738855][ T1124] ? show_regs_print_info+0x20/0x20 [ 83.738876][ T1124] ? load_image+0x3b0/0x3b0 [ 83.738907][ T1124] panic+0x2c0/0x710 [ 83.738937][ T1124] ? bpf_jit_dump+0xd0/0xd0 [ 83.738972][ T1124] ? ret_from_fork_asm+0x11/0x20 [ 83.739000][ T1124] __warn+0x2e0/0x470 [ 83.739022][ T1124] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 83.739050][ T1124] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 83.739074][ T1124] report_bug+0x2be/0x4f0 [ 83.739101][ T1124] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 83.739126][ T1124] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 83.739150][ T1124] ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0 [ 83.739174][ T1124] handle_bug+0xcf/0x120 [ 83.739195][ T1124] exc_invalid_op+0x1a/0x50 [ 83.739216][ T1124] asm_exc_invalid_op+0x1a/0x20 [ 83.739240][ T1124] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 83.739265][ T1124] Code: 48 89 df e8 1a 06 ea f7 e9 dc fc ff ff e8 f0 bf 92 f7 eb 24 e8 e9 bf 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 d8 bf 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ca bf 92 f7 48 8b 7c 24 08 4c 8b 7c [ 83.739279][ T1124] RSP: 0018:ffffc900047bf200 EFLAGS: 00010287 [ 83.739295][ T1124] RAX: ffffffff89f2cbce RBX: 0000000000000001 RCX: 0000000000100000 [ 83.739307][ T1124] RDX: ffffc90017689000 RSI: 0000000000002cbc RDI: 0000000000002cbd [ 83.739319][ T1124] RBP: dffffc0000000000 R08: ffffffff90da55c7 R09: 1ffffffff21b4ab8 [ 83.739332][ T1124] R10: dffffc0000000000 R11: fffffbfff21b4ab9 R12: 0000000000000001 [ 83.739343][ T1124] R13: ffff88805cf425d9 R14: ffff888020eaac70 R15: ffff888020eaace8 [ 83.739365][ T1124] ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0 [ 83.739411][ T1124] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 83.739441][ T1124] ieee80211_csa_finalize+0x59a/0xf00 [ 83.739474][ T1124] ? ieee80211_csa_finalize_work+0x140/0x140 [ 83.739501][ T1124] ? cfg80211_ch_switch_started_notify+0x253/0x490 [ 83.739533][ T1124] ieee80211_channel_switch+0xa8a/0xe30 [ 83.739572][ T1124] ? ieee80211_csa_finalize+0xf00/0xf00 [ 83.739603][ T1124] ? rcu_is_watching+0x15/0xb0 [ 83.739623][ T1124] ? ieee80211_get_channel_khz+0x15b/0x8a0 [ 83.739660][ T1124] ieee80211_ibss_process_chanswitch+0x938/0xb60 [ 83.739690][ T1124] ? trace_drv_return_int+0x1c0/0x1c0 [ 83.739709][ T1124] ? cfg80211_find_elem_match+0x1bc/0x1f0 [ 83.739772][ T1124] ? mutex_lock_nested+0x20/0x20 [ 83.739812][ T1124] ieee80211_ibss_rx_queued_mgmt+0xf98/0x2ac0 [ 83.739835][ T1124] ? verify_lock_unused+0x140/0x140 [ 83.739875][ T1124] ? ieee80211_ibss_rx_no_sta+0x7a0/0x7a0 [ 83.739908][ T1124] ? mark_lock+0x94/0x320 [ 83.739930][ T1124] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 83.739953][ T1124] ? lock_chain_count+0x20/0x20 [ 83.739970][ T1124] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 83.740001][ T1124] ? kcov_remote_start+0x4cb/0x7f0 [ 83.740021][ T1124] ? lockdep_hardirqs_on+0x98/0x150 [ 83.740048][ T1124] ? kcov_remote_start+0x8f/0x7f0 [ 83.740071][ T1124] ieee80211_iface_work+0x717/0xc70 [ 83.740102][ T1124] ? _raw_spin_unlock_irq+0x23/0x50 [ 83.740133][ T1124] cfg80211_wiphy_work+0x225/0x260 [ 83.740159][ T1124] ? process_scheduled_works+0x957/0x15b0 [ 83.740181][ T1124] process_scheduled_works+0xa45/0x15b0 [ 83.740230][ T1124] ? assign_work+0x400/0x400 [ 83.740258][ T1124] ? assign_work+0x39e/0x400 [ 83.740283][ T1124] worker_thread+0xa55/0xfc0 [ 83.740305][ T1124] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 83.740331][ T1124] ? _raw_spin_unlock+0x40/0x40 [ 83.740353][ T1124] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 83.740399][ T1124] kthread+0x2fa/0x390 [ 83.740414][ T1124] ? pr_cont_work+0x560/0x560 [ 83.740435][ T1124] ? kthread_blkcg+0xd0/0xd0 [ 83.740452][ T1124] ret_from_fork+0x48/0x80 [ 83.740470][ T1124] ? kthread_blkcg+0xd0/0xd0 [ 83.740487][ T1124] ret_from_fork_asm+0x11/0x20 [ 83.740525][ T1124] [ 83.744713][ T1124] Kernel Offset: disabled