last executing test programs: 9.147399819s ago: executing program 2 (id=42): r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x8882, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x388}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_int(r4, 0x29, 0x1a, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0) syz_80211_inject_frame(&(0x7f0000000100), &(0x7f0000001f40)=@data_frame={@msdu=@type00={{0x0, 0x2, 0x7, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x7ff7}, @device_a, @device_b, @random="2d3e24c47ab3", {0x3, 0x4}}, @random="6dfecef3321e6675befd724ae8bc4ff1ca4c850e79a790e7691c8ac9245a5a6e19756d43aec765eb0a23db5013baf18d91097050fbbf137749ad172fd534d3823c936ae4b92ea3d6cf83e2849b29a9338a612ee0298ca7545530fe6bfb1e5ad7d9e1f3a3a090160639db30aacda9220f01e15260f41275a89e95478edf97ac6da01164a1cb13835dfa7642d21f35d7eadbc2dbebd497c099f78ae76bfabe01dac925e404df85d9d0b4aa106402fd2a72c5e8bd03dd3c9817cb6c91e1310c09655a39a427ea273d2cbb57feb16ee598088e29e68ac832c67d6b36d6e3d988155ca65fc7a38a14930220289f6f745ee464735114825a0407b1a041175853fe24aba07bfe2aec24260d7a086a7c50566a5631c7c96708f1480bb7605619df212c82f129c76854202473eb0969d08d2218af"}, 0x148) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000240)=0x6, 0x4) read$FUSE(r0, 0x0, 0x0) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000000)={0x8, @vbi={0x3ff, 0xfffff60b, 0x15bc, 0x4a480b76, [0x2, 0x9], [0x2, 0xffffffff], 0x2}}) 7.590578734s ago: executing program 2 (id=51): socket(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x6, 0x7, 0x200, 0x7ff, 0x2260, 0x1, 0x73d, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x5, 0x1, 0x0, @void, @value, @void, @value}, 0x50) pwrite64(r0, &(0x7f0000000380)="6f0232ef877584c41e0d86f7725ab85e97ae3689303f48bd0a06ff7b242b557b2c5b8a4dc585b18c6d4af408451060ce48e77c289057fe01c26d8b3f3773566eb226458052556b319c07cbac9114ee50e23cdc671479750d49d12449d6fa7e8542e96fbb564aff8b963373519927286d0123dbb46888d75b0f8191b052c595413afe060e7da9af1a818d9bdf14ea", 0x8e, 0xfffffffffffeffff) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000180)=0x3) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000080)='nv\x00', 0x3) sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x2000c000) timer_create(0xb, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r6, 0x0}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r5, 0xc01864b0, &(0x7f0000000000)={r6, r7, 0x1, 0x0, 0x3}) close(r5) 5.943216444s ago: executing program 2 (id=56): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000280)="f3aa2b8f1100dd8d00003eadf306ba200066ed66b80500000066b9007000000f01d9640f01cb0f013e0018b80a010f00d0", 0x31}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.452021247s ago: executing program 4 (id=61): r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x8882, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x388}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_int(r4, 0x29, 0x1a, 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0) syz_80211_inject_frame(&(0x7f0000000100), &(0x7f0000001f40)=@data_frame={@msdu=@type00={{0x0, 0x2, 0x7, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x7ff7}, @device_a, @device_b, @random="2d3e24c47ab3", {0x3, 0x4}}, @random="6dfecef3321e6675befd724ae8bc4ff1ca4c850e79a790e7691c8ac9245a5a6e19756d43aec765eb0a23db5013baf18d91097050fbbf137749ad172fd534d3823c936ae4b92ea3d6cf83e2849b29a9338a612ee0298ca7545530fe6bfb1e5ad7d9e1f3a3a090160639db30aacda9220f01e15260f41275a89e95478edf97ac6da01164a1cb13835dfa7642d21f35d7eadbc2dbebd497c099f78ae76bfabe01dac925e404df85d9d0b4aa106402fd2a72c5e8bd03dd3c9817cb6c91e1310c09655a39a427ea273d2cbb57feb16ee598088e29e68ac832c67d6b36d6e3d988155ca65fc7a38a14930220289f6f745ee464735114825a0407b1a041175853fe24aba07bfe2aec24260d7a086a7c50566a5631c7c96708f1480bb7605619df212c82f129c76854202473eb0969d08d2218af"}, 0x148) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000240)=0x6, 0x4) read$FUSE(r0, 0x0, 0x0) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000000)={0x8, @vbi={0x3ff, 0xfffff60b, 0x15bc, 0x4a480b76, [0x2, 0x9], [0x2, 0xffffffff], 0x2}}) 4.130446486s ago: executing program 2 (id=64): r0 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000002c0)={0x18, &(0x7f0000000180)=ANY=[@ANYBLOB="000e0100"], 0x0, 0x0, 0x0, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000000000)=ANY=[], 0x0, 0x62, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b", 0x7}], 0x1}, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0xc0105b08, &(0x7f0000000040)) 3.230846299s ago: executing program 0 (id=65): connect$unix(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x200}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r0}, 0x10) r1 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0xa41) ioctl$CEC_ADAP_S_LOG_ADDRS(r1, 0xc05c6104, &(0x7f0000000000)={"1b00", 0x3, 0x5, 0x2, 0x20800, 0x0, "0400", '\x00', "0300", "e8cc1304", ["8bbb00fda8e45cfe00000900", "ab5286400000000000001000", '\x00', "000b000000000000001000"]}) 2.860991724s ago: executing program 0 (id=66): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'rose0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r3], 0x20}}, 0x0) 2.64413288s ago: executing program 0 (id=69): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000300)="460f01d83e420f0866baf80cb86adf5b86ef66bafc0c66b8360066efb91c080000b809000000ba000000000f30b9000200000f32c744240000900000c74424020f000000c7442406000000000f011c2467450fc732450f01ca440f01c80f01c9", 0x60}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x68, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.58023264s ago: executing program 3 (id=71): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000180)="450f011a66ba610066edc11e01f266662e40f444f4c4617969d22edbe3c744240057000000c744240210000000c7442406000000000f011c24400f01c3664f0f38f531", 0x43}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.473785788s ago: executing program 4 (id=72): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r3, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000100)={r4, 0x0, 0x0, 0x0, 0x0, [], [0x0, 0x4], [0x0, 0x0, 0x0, 0x40000], [0x0, 0x0, 0x1]}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000300)={r4}) close_range(r0, 0xffffffffffffffff, 0x0) 2.373193074s ago: executing program 1 (id=73): ioctl$INCFS_IOC_CREATE_FILE(0xffffffffffffffff, 0xc058671e, &(0x7f0000000240)={{}, {0x3}, 0xc0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)="c83b821add60344e3aa39d3ecd9f099f6b27aa213faf3e40a4afc47f9a9187d04a040d55375b8100d053606e88276d4c9bc3e593df0228998a9f79d2df12eee01b763a439970a6c80e25e4a37a447d26c2e2465783e52db3937efcd7782ec3ed4d06f433b222ec18fcde5aa57c37e22f740f649f7be2a369ac2419dbe111c83a1f5205697fd3a32bb44a4e78c36b85020d2cd1440218c43ec694ca2d71ebe1c61daecd2423bcaf224df005d0b7fb5bcf830b1a024aabe3f05b317284a1831534810dc69d3cca58abf27475377570635ef7b6dc9fdbea", 0xd6, 0x0, 0x0, 0x18c}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) r0 = syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/stat\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 2.124322239s ago: executing program 4 (id=74): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'geneve0\x00', 0x0}) bind$packet(r0, &(0x7f0000000000)={0x11, 0x3, r1, 0x1, 0x0, 0x6, @local}, 0x14) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0xc}, {0xfff3, 0x8}}}, 0x24}}, 0x20040000) 2.038300379s ago: executing program 0 (id=75): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) syz_usb_connect$uac1(0x6, 0x0, 0x0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) shutdown(0xffffffffffffffff, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@newlink={0x34, 0x10, 0x403, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20101}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0xba01}, 0x810) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r2, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r1, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) 2.013902332s ago: executing program 1 (id=76): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x3, 0x9, 0xa, 0x0, 0x1f}, 0x7, 0x1, 0x11, 0x0, 0x0, 0xc, 0xc, 0x16, 0x7, 0x5ac, {0x8, 0x9, 0x0, 0x3, 0xfffffffd, 0x3}}}}]}, 0x78}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004) 1.896768233s ago: executing program 3 (id=77): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'team_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) r5 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)={0x5c, r5, 0x809, 0x0, 0x2, {}, [{{0x8, 0x1, r4}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r3}}}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x50}, 0x4044) 1.800554784s ago: executing program 4 (id=78): socket(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) pwrite64(r0, &(0x7f0000000380)="6f0232ef877584c41e0d86f7725ab85e97ae3689303f48bd0a06ff7b242b557b2c5b8a4dc585b18c6d4af408451060ce48e77c289057fe01c26d8b3f3773566eb226458052556b319c07cbac9114ee50e23cdc671479750d49d12449d6fa7e8542e96fbb564aff8b963373519927286d0123dbb46888d75b0f8191b052c595413afe060e7da9af1a818d9bdf14ea", 0x8e, 0xfffffffffffeffff) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000180)=0x3) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000080)='nv\x00', 0x3) sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x2000c000) timer_create(0xb, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r6, 0x0}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r5, 0xc01864b0, &(0x7f0000000000)={r6, r7, 0x1, 0x0, 0x3}) close(r5) 1.766701241s ago: executing program 3 (id=79): r0 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f00000002c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0xb5}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x58}}, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x10004}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) 1.749799886s ago: executing program 1 (id=80): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_procfs(0x0, &(0x7f0000000480)='net/icmp6\x00') r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) eventfd2(0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 1.617890384s ago: executing program 3 (id=81): r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000002d002100000000000000000004"], 0x1c}], 0x1}, 0x0) 800.687992ms ago: executing program 2 (id=82): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup(r1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0xa, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000400)=[@text16={0x10, &(0x7f0000000440)="0f00670066b80500000066b9000000000f01d967640fc7aa71c100000f01c80f090f38065a7b64660fc7730066b9800000c00f326635010000000f3065660f6730640fc75b56", 0x46}], 0x1, 0x11, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$KVM_RUN(r3, 0xae80, 0x0) 752.398311ms ago: executing program 0 (id=83): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_clone3(&(0x7f0000000200)={0x4000000, 0x0, 0x0, 0x0, {0x33}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r3, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x6c, 0x0, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000008d04"]) 691.498489ms ago: executing program 1 (id=84): syz_open_dev$mouse(&(0x7f0000000040), 0x0, 0x2) r0 = syz_io_uring_setup(0x304, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x2, 0xe1}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x12, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 654.282312ms ago: executing program 4 (id=85): openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x4c, r1, 0x1, 0x70bd2b, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x2e, 0x33, @action={{{}, {}, @broadcast}, @channel_switch={0x0, 0x4, {{0x25, 0x3, {0x0, 0x38}}, @val={0x3e, 0x1}, @val={0x76, 0x6}}}}}]}, 0x4c}}, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(0x0, r3) sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, 0x0, 0x0) 532.165185ms ago: executing program 3 (id=86): r0 = socket$inet(0x2, 0xa, 0x400) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) r2 = socket$unix(0x1, 0x5, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r2, @ANYBLOB="3bf81bb9f9"], 0x20000600}}, 0x0) sendmsg$can_bcm(r3, &(0x7f0000000080)={&(0x7f0000000340)={0x1d, r1, 0x3f420f00}, 0x10, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x4640}, 0x2}, 0x0) 334.112684ms ago: executing program 1 (id=87): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r0 = creat(&(0x7f0000000000)='./bus\x00', 0xd931d3864d39ddd8) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, 0x0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {}, [], {}, [], {0x10, 0x2}}, 0x24, 0x0) 302.089557ms ago: executing program 4 (id=88): syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$inet6(0xa, 0x3, 0x7) r2 = socket$inet(0xa, 0x801, 0x84) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ed5000410"], 0x11) connect$inet(r2, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r2, 0x8) r3 = accept4(r2, 0x0, 0x0, 0x0) sendto$inet(r3, &(0x7f00000002c0)="cc", 0x1, 0x880, 0x0, 0x0) sendmsg$AUDIT_ADD_RULE(0xffffffffffffffff, 0x0, 0x80) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000100)={0x3}, 0x10) sendto$inet(r3, &(0x7f0000000300)="b3", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000003c0)={0x0, 0x4}, 0x8) sendto$inet6(r3, &(0x7f0000000180)="93", 0x1, 0x8840, 0x0, 0x0) close(r3) write$dsp(0xffffffffffffffff, 0x0, 0x0) 222.783165ms ago: executing program 2 (id=89): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r1, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x600, &(0x7f0000000840)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) 117.464417ms ago: executing program 3 (id=90): bind$alg(0xffffffffffffffff, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-sse2\x00'}, 0x58) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000500000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d80)={&(0x7f0000000d40)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000380)=ANY=[], 0x20) 77.644924ms ago: executing program 0 (id=91): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0xffff, 0x20, 0x4, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x4, 0x3, @private=0xa010102, @local}}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f00000000c0)={@multicast1=0x1c, @empty=0xe0000300, 0x0, "8a79348df081496d0420922f45a71c1daa8b610468cd140526c41efcd3a4a422", 0x3, 0x1, 0x85}, 0x3c) 0s ago: executing program 1 (id=92): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) close(r1) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.68' (ED25519) to the list of known hosts. [ 84.234279][ T5806] cgroup: Unknown subsys name 'net' [ 84.366890][ T5806] cgroup: Unknown subsys name 'cpuset' [ 84.376172][ T5806] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 86.046638][ T5806] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.032028][ T5822] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.042860][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.051634][ T5832] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.059462][ T5832] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.068028][ T5832] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.077803][ T5832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.093595][ T5832] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.113624][ T5832] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.125628][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.132739][ T5832] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.141412][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.143560][ T5128] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.150398][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.163855][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.169558][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.173910][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.178132][ T5128] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.187863][ T5836] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.195209][ T5128] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.199733][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.228514][ T5833] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.232238][ T5128] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.235939][ T5836] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.266132][ T56] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.271858][ T5832] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.916724][ T5816] chnl_net:caif_netlink_parms(): no params data found [ 91.041496][ T5817] chnl_net:caif_netlink_parms(): no params data found [ 91.169089][ T5818] chnl_net:caif_netlink_parms(): no params data found [ 91.214441][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 91.226388][ T5819] chnl_net:caif_netlink_parms(): no params data found [ 91.356367][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.364674][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.372306][ T5816] bridge_slave_0: entered allmulticast mode [ 91.379713][ T5816] bridge_slave_0: entered promiscuous mode [ 91.408122][ T5817] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.415344][ T5817] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.423026][ T5817] bridge_slave_0: entered allmulticast mode [ 91.430258][ T5817] bridge_slave_0: entered promiscuous mode [ 91.457494][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.465180][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.472509][ T5816] bridge_slave_1: entered allmulticast mode [ 91.479728][ T5816] bridge_slave_1: entered promiscuous mode [ 91.494638][ T5817] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.501809][ T5817] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.509401][ T5817] bridge_slave_1: entered allmulticast mode [ 91.516962][ T5817] bridge_slave_1: entered promiscuous mode [ 91.630971][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.638344][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.645892][ T5831] bridge_slave_0: entered allmulticast mode [ 91.653225][ T5831] bridge_slave_0: entered promiscuous mode [ 91.689495][ T5817] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.703636][ T5817] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.730034][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.737380][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.744742][ T5831] bridge_slave_1: entered allmulticast mode [ 91.752224][ T5831] bridge_slave_1: entered promiscuous mode [ 91.761711][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.831673][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.865567][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.872916][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.880089][ T5818] bridge_slave_0: entered allmulticast mode [ 91.889238][ T5818] bridge_slave_0: entered promiscuous mode [ 91.949835][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.959015][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.969604][ T5818] bridge_slave_1: entered allmulticast mode [ 91.978824][ T5818] bridge_slave_1: entered promiscuous mode [ 91.990273][ T5817] team0: Port device team_slave_0 added [ 91.999936][ T5817] team0: Port device team_slave_1 added [ 92.007721][ T5819] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.015142][ T976] cfg80211: failed to load regulatory.db [ 92.015875][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.028746][ T5819] bridge_slave_0: entered allmulticast mode [ 92.036158][ T5819] bridge_slave_0: entered promiscuous mode [ 92.047450][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.062688][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.075379][ T5816] team0: Port device team_slave_0 added [ 92.109460][ T5819] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.117037][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.124373][ T5819] bridge_slave_1: entered allmulticast mode [ 92.131665][ T5819] bridge_slave_1: entered promiscuous mode [ 92.152778][ T5816] team0: Port device team_slave_1 added [ 92.193419][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.243252][ T5832] Bluetooth: hci0: command tx timeout [ 92.280689][ T5831] team0: Port device team_slave_0 added [ 92.289461][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.300160][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.311736][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.337744][ T5832] Bluetooth: hci2: command tx timeout [ 92.338087][ T5832] Bluetooth: hci1: command tx timeout [ 92.338195][ T5832] Bluetooth: hci4: command tx timeout [ 92.338343][ T5832] Bluetooth: hci3: command tx timeout [ 92.360710][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.376138][ T5819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.386533][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.393904][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.420206][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.439745][ T5831] team0: Port device team_slave_1 added [ 92.476169][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.483731][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.510407][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.524348][ T5819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.534178][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.541167][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.567332][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.649273][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.656483][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.683735][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.696237][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.703581][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.729549][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.744158][ T5818] team0: Port device team_slave_0 added [ 92.781477][ T5819] team0: Port device team_slave_0 added [ 92.796747][ T5818] team0: Port device team_slave_1 added [ 92.813300][ T5817] hsr_slave_0: entered promiscuous mode [ 92.819758][ T5817] hsr_slave_1: entered promiscuous mode [ 92.829343][ T5819] team0: Port device team_slave_1 added [ 92.938309][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.945426][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 92.971884][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.017617][ T5831] hsr_slave_0: entered promiscuous mode [ 93.024716][ T5831] hsr_slave_1: entered promiscuous mode [ 93.031178][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.039599][ T5831] Cannot create hsr debugfs directory [ 93.066454][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.073844][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.100430][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.134157][ T5816] hsr_slave_0: entered promiscuous mode [ 93.140615][ T5816] hsr_slave_1: entered promiscuous mode [ 93.147012][ T5816] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.154680][ T5816] Cannot create hsr debugfs directory [ 93.161020][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.168181][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.194664][ T5819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.283821][ T5819] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.290929][ T5819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.321062][ T5819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.460567][ T5818] hsr_slave_0: entered promiscuous mode [ 93.467321][ T5818] hsr_slave_1: entered promiscuous mode [ 93.473829][ T5818] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.481425][ T5818] Cannot create hsr debugfs directory [ 93.539050][ T5819] hsr_slave_0: entered promiscuous mode [ 93.546385][ T5819] hsr_slave_1: entered promiscuous mode [ 93.552830][ T5819] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 93.560400][ T5819] Cannot create hsr debugfs directory [ 93.970993][ T5817] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.984721][ T5817] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.028028][ T5817] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.059632][ T5817] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.108892][ T5831] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.139555][ T5831] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.153000][ T5831] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.164265][ T5831] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.228943][ T5816] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.249882][ T5816] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.271764][ T5816] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.282650][ T5816] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.322508][ T5828] Bluetooth: hci0: command tx timeout [ 94.403062][ T5832] Bluetooth: hci4: command tx timeout [ 94.408655][ T5832] Bluetooth: hci1: command tx timeout [ 94.414858][ T5822] Bluetooth: hci2: command tx timeout [ 94.420640][ T5828] Bluetooth: hci3: command tx timeout [ 94.446516][ T5818] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.458602][ T5818] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.471369][ T5818] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.504224][ T5818] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.567726][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.616787][ T5819] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.629645][ T5819] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.644551][ T5819] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.661012][ T5819] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 94.686357][ T5817] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.727376][ T139] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.734713][ T139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.759553][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.795985][ T54] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.803187][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.825397][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.860945][ T5816] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.891213][ T54] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.898424][ T54] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.950625][ T54] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.957815][ T54] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.992852][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.007757][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.027742][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.034977][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.073724][ T5818] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.101463][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.108771][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.133030][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.140179][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.168013][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.175212][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.311389][ T5819] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.374999][ T5819] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.434817][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.442308][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.460784][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.468029][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.808323][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.854324][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.043419][ T5817] veth0_vlan: entered promiscuous mode [ 96.081045][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.131519][ T5817] veth1_vlan: entered promiscuous mode [ 96.159332][ T5816] veth0_vlan: entered promiscuous mode [ 96.227342][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.248837][ T5816] veth1_vlan: entered promiscuous mode [ 96.286058][ T5831] veth0_vlan: entered promiscuous mode [ 96.316320][ T5819] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.356049][ T5817] veth0_macvtap: entered promiscuous mode [ 96.367328][ T5831] veth1_vlan: entered promiscuous mode [ 96.399976][ T5818] veth0_vlan: entered promiscuous mode [ 96.408063][ T5828] Bluetooth: hci0: command tx timeout [ 96.418338][ T5817] veth1_macvtap: entered promiscuous mode [ 96.439178][ T5818] veth1_vlan: entered promiscuous mode [ 96.486566][ T5828] Bluetooth: hci3: command tx timeout [ 96.490795][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.493840][ T5832] Bluetooth: hci1: command tx timeout [ 96.508118][ T56] Bluetooth: hci2: command tx timeout [ 96.513690][ T5822] Bluetooth: hci4: command tx timeout [ 96.559263][ T5816] veth0_macvtap: entered promiscuous mode [ 96.587769][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.616147][ T5831] veth0_macvtap: entered promiscuous mode [ 96.628801][ T5817] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.640195][ T5817] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.655999][ T5817] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.667792][ T5817] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.686529][ T5816] veth1_macvtap: entered promiscuous mode [ 96.703126][ T5831] veth1_macvtap: entered promiscuous mode [ 96.778595][ T5818] veth0_macvtap: entered promiscuous mode [ 96.790697][ T5818] veth1_macvtap: entered promiscuous mode [ 96.810468][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.849199][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.868991][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.891015][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.915230][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.927515][ T5831] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.937521][ T5831] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.946781][ T5831] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.958287][ T5831] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.979168][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.006137][ T5816] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.016119][ T5816] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.025808][ T5816] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.034698][ T5816] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.094272][ T2980] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.100513][ T5818] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.111735][ T5818] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.119596][ T2980] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.121401][ T5818] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.137317][ T5818] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.181803][ T5819] veth0_vlan: entered promiscuous mode [ 97.249555][ T5819] veth1_vlan: entered promiscuous mode [ 97.279781][ T139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.297536][ T139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.348549][ T2980] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.360589][ T2980] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.360895][ T139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.386194][ T139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.448375][ T5817] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.484704][ T2980] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.500923][ T2980] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.526531][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.534594][ T5819] veth0_macvtap: entered promiscuous mode [ 97.539871][ T5819] veth1_macvtap: entered promiscuous mode [ 97.560927][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.690717][ T139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.730540][ T139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.756350][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.873001][ T5819] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.483799][ T5832] Bluetooth: hci0: command tx timeout [ 98.563877][ T5832] Bluetooth: hci1: command tx timeout [ 98.564523][ T56] Bluetooth: hci2: command tx timeout [ 98.569393][ T5832] Bluetooth: hci4: command tx timeout [ 98.574835][ T5828] Bluetooth: hci3: command tx timeout [ 98.879052][ T139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.904465][ T139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.947918][ T5819] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.978866][ T5819] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.013146][ T5819] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.052458][ T5819] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.131563][ T5921] netlink: 'syz.2.8': attribute type 1 has an invalid length. [ 99.473146][ T5927] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 99.499906][ T139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.531704][ T139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.722319][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.763176][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.229554][ T5942] capability: warning: `syz.1.14' uses deprecated v2 capabilities in a way that may be insecure [ 100.294269][ T5942] Bluetooth: MGMT ver 1.23 [ 100.329591][ T5945] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 100.853410][ T5960] GUP no longer grows the stack in syz.0.19 (5960): 200000004000-20000000a000 (200000002000) [ 100.878513][ T5960] CPU: 0 UID: 0 PID: 5960 Comm: syz.0.19 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 100.878545][ T5960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 100.878565][ T5960] Call Trace: [ 100.878574][ T5960] [ 100.878586][ T5960] dump_stack_lvl+0x189/0x250 [ 100.878632][ T5960] ? __pfx_dump_stack_lvl+0x10/0x10 [ 100.878662][ T5960] ? __pfx__printk+0x10/0x10 [ 100.878691][ T5960] ? find_vma+0xe7/0x160 [ 100.878725][ T5960] __get_user_pages+0x24e4/0x2a40 [ 100.878793][ T5960] ? __pfx___get_user_pages+0x10/0x10 [ 100.878835][ T5960] get_user_pages_remote+0x2f9/0xaa0 [ 100.878867][ T5960] ? __pfx_mtree_load+0x10/0x10 [ 100.878900][ T5960] ? __pfx_get_user_pages_remote+0x10/0x10 [ 100.878944][ T5960] __access_remote_vm+0x1f7/0x580 [ 100.878988][ T5960] ? __pfx___access_remote_vm+0x10/0x10 [ 100.879021][ T5960] ? set_page_refcounted+0xa0/0x1e0 [ 100.879043][ T5960] ? alloc_pages_noprof+0xbe/0x190 [ 100.879066][ T5960] proc_pid_cmdline_read+0x440/0x840 [ 100.879098][ T5960] ? __asan_memset+0x22/0x50 [ 100.879140][ T5960] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 100.879178][ T5960] ? rw_verify_area+0x258/0x650 [ 100.879212][ T5960] vfs_readv+0x5a5/0x840 [ 100.879232][ T5960] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 100.879271][ T5960] ? __pfx_vfs_readv+0x10/0x10 [ 100.879310][ T5960] ? __fget_files+0x2a/0x420 [ 100.879336][ T5960] ? __fget_files+0x3a0/0x420 [ 100.879354][ T5960] ? __fget_files+0x2a/0x420 [ 100.879383][ T5960] __x64_sys_preadv+0x197/0x2a0 [ 100.879414][ T5960] ? rcu_is_watching+0x15/0xb0 [ 100.879446][ T5960] ? __pfx___x64_sys_preadv+0x10/0x10 [ 100.879483][ T5960] ? do_syscall_64+0xba/0x210 [ 100.879514][ T5960] do_syscall_64+0xf6/0x210 [ 100.879542][ T5960] ? clear_bhb_loop+0x60/0xb0 [ 100.879568][ T5960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.879588][ T5960] RIP: 0033:0x7ff07558e969 [ 100.879615][ T5960] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.879632][ T5960] RSP: 002b:00007ff0763a1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 100.879661][ T5960] RAX: ffffffffffffffda RBX: 00007ff0757b5fa0 RCX: 00007ff07558e969 [ 100.879676][ T5960] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000005 [ 100.879689][ T5960] RBP: 00007ff075610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 100.879702][ T5960] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000 [ 100.879714][ T5960] R13: 0000000000000000 R14: 00007ff0757b5fa0 R15: 00007ffc7dd680d8 [ 100.879748][ T5960] [ 101.150900][ T5963] Zero length message leads to an empty skb [ 101.338480][ T5965] kAFS: Can only specify source 'none' with -o dyn [ 101.354026][ T5965] evm: overlay not supported [ 101.986693][ T5824] kernel write not supported for file /7/loginuid (pid: 5824 comm: kworker/0:4) [ 102.344595][ T5979] loop2: detected capacity change from 0 to 7 [ 102.387506][ T5979] Dev loop2: unable to read RDB block 7 [ 102.404057][ T5979] loop2: unable to read partition table [ 102.409952][ T5979] loop2: partition table beyond EOD, truncated [ 102.458700][ T5979] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 102.494766][ T5188] udevd[5188]: worker [5830] terminated by signal 33 (Unknown signal 33) [ 102.533314][ T5188] udevd[5188]: worker [5830] failed while handling '/devices/virtual/block/loop2' [ 103.284103][ T6008] kAFS: Can only specify source 'none' with -o dyn [ 103.512763][ T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 104.017031][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 104.031144][ T24] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 104.049361][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 104.082101][ T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 104.100138][ T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 104.122137][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.130423][ T24] usb 5-1: Product: syz [ 104.162008][ T24] usb 5-1: Manufacturer: syz [ 104.166846][ T24] usb 5-1: SerialNumber: syz [ 104.313478][ T5879] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 104.495236][ T5879] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 104.516807][ T5879] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 104.573766][ T5879] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 104.586095][ T5879] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 104.597774][ T5879] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 104.616071][ T5879] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 104.632167][ T24] usb 5-1: 0:2 : does not exist [ 104.646121][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 104.666453][ T5879] usb 4-1: Product: syz [ 104.676265][ T5879] usb 4-1: Manufacturer: syz [ 104.685468][ T6025] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 104.725903][ T5879] cdc_wdm 4-1:1.0: skipping garbage [ 104.765432][ T5879] cdc_wdm 4-1:1.0: skipping garbage [ 104.830091][ T5879] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 104.840480][ T5879] cdc_wdm 4-1:1.0: Unknown control protocol [ 104.863190][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.000771][ T5877] usb 4-1: USB disconnect, device number 2 [ 105.492098][ T24] usb 5-1: USB disconnect, device number 2 [ 105.650989][ T6037] netlink: 'syz.0.47': attribute type 5 has an invalid length. [ 106.312808][ T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 106.514480][ T5879] kernel read not supported for file /vga_arbiter (pid: 5879 comm: kworker/1:5) [ 106.669662][ T24] usb 4-1: config 0 has an invalid interface number: 197 but max is 0 [ 106.705184][ T24] usb 4-1: config 0 has no interface number 0 [ 106.756004][ T24] usb 4-1: config 0 interface 197 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 106.823927][ T6057] warning: `syz.1.53' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 107.444072][ T24] usb 4-1: config 0 interface 197 altsetting 0 endpoint 0xC has invalid maxpacket 1023, setting to 64 [ 107.569498][ T24] usb 4-1: config 0 interface 197 altsetting 0 endpoint 0x87 has invalid wMaxPacketSize 0 [ 107.586705][ T24] usb 4-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=bb.42 [ 107.605121][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.615307][ T24] usb 4-1: Product: syz [ 107.619518][ T24] usb 4-1: Manufacturer: syz [ 107.624207][ T24] usb 4-1: SerialNumber: syz [ 107.641807][ T24] usb 4-1: config 0 descriptor?? [ 107.700357][ T24] qmi_wwan 4-1:0.197: probe with driver qmi_wwan failed with error -22 [ 108.227577][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 108.439406][ T6083] kAFS: Can only specify source 'none' with -o dyn [ 109.113633][ T5877] usb 4-1: USB disconnect, device number 3 [ 109.252405][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 109.388840][ T6084] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 109.661170][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 109.670423][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 109.925716][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 110.692615][ T5824] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 110.828742][ T6104] capability: warning: `syz.3.67' uses 32-bit capabilities (legacy support in use) [ 110.894501][ T5824] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 110.922024][ T5824] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 110.962425][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.971842][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 110.989711][ T5824] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 111.024192][ T5824] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.288293][ T5824] usb 3-1: usb_control_msg returned -32 [ 111.293064][ T6120] loop9: detected capacity change from 0 to 7 [ 111.302171][ T5824] usbtmc 3-1:16.0: can't read capabilities [ 111.314612][ T6120] Dev loop9: unable to read RDB block 7 [ 111.320340][ T6120] loop9: unable to read partition table [ 111.331820][ T6120] loop9: partition table beyond EOD, truncated [ 111.364697][ T6120] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 111.483873][ T6122] netlink: 4 bytes leftover after parsing attributes in process `syz.4.74'. [ 111.878838][ T5824] usb 3-1: USB disconnect, device number 2 [ 111.981595][ T6137] netlink: 8 bytes leftover after parsing attributes in process `syz.3.81'. [ 113.100970][ T139] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting [ 113.164795][ T6156] syz.3.86 uses obsolete (PF_INET,SOCK_PACKET) [ 113.194240][ T139] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 113.417882][ T6162] netlink: 4 bytes leftover after parsing attributes in process `syz.2.89'. [ 113.468656][ T6162] netlink: 'syz.2.89': attribute type 10 has an invalid length. [ 113.561094][ T6162] ------------[ cut here ]------------ [ 113.566832][ T6162] WARNING: CPU: 0 PID: 6162 at kernel/kcov.c:872 kcov_remote_start+0x55a/0x7f0 [ 113.575837][ T6162] Modules linked in: [ 113.579918][ T6162] CPU: 0 UID: 0 PID: 6162 Comm: syz.2.89 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 113.591759][ T6162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.601852][ T6162] RIP: 0010:kcov_remote_start+0x55a/0x7f0 [ 113.607610][ T6162] Code: ff 4c 89 ff be 03 00 00 00 e8 f2 f8 f1 02 e9 eb fa ff ff e8 58 98 8f 09 f7 c3 00 02 00 00 0f 84 da fa ff ff e9 5a fc ff ff 90 <0f> 0b 90 e8 3e b2 8f 09 89 c0 48 c7 c7 68 23 73 92 48 03 3c c5 20 [ 113.627718][ T6162] RSP: 0018:ffffc9000af5e490 EFLAGS: 00010002 [ 113.633805][ T6162] RAX: 0000000080000200 RBX: 0000000000000246 RCX: 0000000000000002 [ 113.641788][ T6162] RDX: 0000000000030000 RSI: ffffffff8d924cb5 RDI: ffffffff8bc12300 [ 113.649775][ T6162] RBP: ffffc9000af5e6f0 R08: ffffc9000af5e220 R09: 0000000000000020 [ 113.657778][ T6162] R10: 0000000000000000 R11: ffffffff819eafe0 R12: ffff8880b8828368 [ 113.665908][ T6162] R13: ffffffff81bffa87 R14: ffff88801dfc9e00 R15: 0000000000000000 [ 113.673931][ T6162] FS: 00007f7b0005b6c0(0000) GS:ffff8881260f6000(0000) knlGS:0000000000000000 [ 113.682894][ T6162] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.689509][ T6162] CR2: 000000110c230000 CR3: 000000007d806000 CR4: 00000000003526f0 [ 113.697584][ T6162] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 113.705650][ T6162] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 113.713641][ T6162] Call Trace: [ 113.716928][ T6162] [ 113.719872][ T6162] ieee80211_rx_list+0x53a/0x2d80 [ 113.724919][ T6162] ? __d_instantiate+0x197/0x740 [ 113.729894][ T6162] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 113.735403][ T6162] ? __lock_acquire+0xaac/0xd20 [ 113.740299][ T6162] ? ieee80211_rx_napi+0xca/0x3d0 [ 113.745351][ T6162] ? ieee80211_rx_napi+0xca/0x3d0 [ 113.750423][ T6162] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 113.756348][ T6162] ? ieee80211_rx_napi+0xca/0x3d0 [ 113.761401][ T6162] ieee80211_rx_napi+0x1a8/0x3d0 [ 113.766381][ T6162] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 113.771881][ T6162] ? skb_dequeue+0x10e/0x150 [ 113.776513][ T6162] ieee80211_handle_queued_frames+0xe8/0x1f0 [ 113.782516][ T6162] ? ieee80211_stop_device+0x29/0xf0 [ 113.787815][ T6162] ieee80211_stop_device+0x3e/0xf0 [ 113.792945][ T6162] ieee80211_do_stop+0x17b9/0x1f80 [ 113.798113][ T6162] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 113.803525][ T6162] ? __pfx_ieee80211_do_stop+0x10/0x10 [ 113.809119][ T6162] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 113.815032][ T6162] ? lockdep_hardirqs_on+0x9c/0x150 [ 113.821227][ T6162] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 113.827596][ T6162] ieee80211_stop+0x444/0x4a0 [ 113.832303][ T6162] ? dev_deactivate_many+0x258/0xd40 [ 113.837690][ T6162] ? __pfx_ieee80211_stop+0x10/0x10 [ 113.842910][ T6162] __dev_close_many+0x361/0x6f0 [ 113.847782][ T6162] ? __pfx___dev_close_many+0x10/0x10 [ 113.853170][ T6162] __dev_change_flags+0x2c7/0x6d0 [ 113.858216][ T6162] ? __pfx___dev_change_flags+0x10/0x10 [ 113.863781][ T6162] ? vprintk_emit+0x63e/0x7a0 [ 113.868472][ T6162] ? __pfx_vprintk_emit+0x10/0x10 [ 113.873502][ T6162] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 113.879482][ T6162] ? lockdep_hardirqs_on+0x9c/0x150 [ 113.884791][ T6162] netif_change_flags+0x88/0x1a0 [ 113.889750][ T6162] do_setlink+0xcb9/0x40d0 [ 113.894196][ T6162] ? __pfx_do_setlink+0x10/0x10 [ 113.899061][ T6162] ? __lock_acquire+0xaac/0xd20 [ 113.903929][ T6162] ? __mutex_trylock_common+0x153/0x260 [ 113.909504][ T6162] ? __pfx___mutex_trylock_common+0x10/0x10 [ 113.915408][ T6162] ? rcu_is_watching+0x15/0xb0 [ 113.920188][ T6162] ? trace_contention_end+0x39/0x120 [ 113.925502][ T6162] ? __mutex_lock+0x330/0xe80 [ 113.930253][ T6162] ? rtnl_newlink+0x8db/0x1c70 [ 113.935041][ T6162] ? rcu_is_watching+0x15/0xb0 [ 113.939835][ T6162] ? __pfx___mutex_lock+0x10/0x10 [ 113.944887][ T6162] ? ns_capable+0x8a/0xf0 [ 113.949239][ T6162] ? rtnl_link_get_net_capable+0x16a/0x350 [ 113.955083][ T6162] rtnl_newlink+0x160b/0x1c70 [ 113.959790][ T6162] ? kasan_save_track+0x3e/0x80 [ 113.964761][ T6162] ? __pfx_rtnl_newlink+0x10/0x10 [ 113.969919][ T6162] ? kasan_quarantine_put+0xdd/0x220 [ 113.975230][ T6162] ? lockdep_hardirqs_on+0x9c/0x150 [ 113.980672][ T6162] ? nlmon_xmit+0xb0/0x100 [ 113.985122][ T6162] ? kmem_cache_free+0x192/0x3f0 [ 113.990094][ T6162] ? __local_bh_enable_ip+0x12d/0x1c0 [ 113.995496][ T6162] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.000714][ T6162] ? __local_bh_enable_ip+0x12d/0x1c0 [ 114.006113][ T6162] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 114.011857][ T6162] ? __dev_queue_xmit+0x27e/0x3a70 [ 114.017008][ T6162] ? __dev_queue_xmit+0x27e/0x3a70 [ 114.022143][ T6162] ? __dev_queue_xmit+0x27e/0x3a70 [ 114.027277][ T6162] ? __lock_acquire+0xaac/0xd20 [ 114.032168][ T6162] ? __pfx_rtnl_newlink+0x10/0x10 [ 114.037203][ T6162] rtnetlink_rcv_msg+0x7cc/0xb70 [ 114.042156][ T6162] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 114.047308][ T6162] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 114.052849][ T6162] ? ref_tracker_free+0x63a/0x7d0 [ 114.058095][ T6162] ? __copy_skb_header+0xa7/0x550 [ 114.063206][ T6162] netlink_rcv_skb+0x219/0x490 [ 114.068009][ T6162] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 114.073496][ T6162] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 114.078820][ T6162] ? netlink_deliver_tap+0x2e/0x1b0 [ 114.084042][ T6162] ? netlink_deliver_tap+0x2e/0x1b0 [ 114.089258][ T6162] netlink_unicast+0x75b/0x8d0 [ 114.094049][ T6162] netlink_sendmsg+0x805/0xb30 [ 114.098886][ T6162] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.104200][ T6162] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 114.110017][ T6162] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.115319][ T6162] __sock_sendmsg+0x21c/0x270 [ 114.120042][ T6162] ____sys_sendmsg+0x505/0x830 [ 114.124874][ T6162] ? __pfx_____sys_sendmsg+0x10/0x10 [ 114.130199][ T6162] ? import_iovec+0x74/0xa0 [ 114.134727][ T6162] ___sys_sendmsg+0x21f/0x2a0 [ 114.139424][ T6162] ? __pfx____sys_sendmsg+0x10/0x10 [ 114.144671][ T6162] ? __fget_files+0x2a/0x420 [ 114.149289][ T6162] ? __fget_files+0x3a0/0x420 [ 114.153985][ T6162] __x64_sys_sendmsg+0x19b/0x260 [ 114.158948][ T6162] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 114.164442][ T6162] ? do_syscall_64+0xba/0x210 [ 114.169145][ T6162] do_syscall_64+0xf6/0x210 [ 114.173673][ T6162] ? clear_bhb_loop+0x60/0xb0 [ 114.178379][ T6162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.184290][ T6162] RIP: 0033:0x7f7aff18e969 [ 114.188722][ T6162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.208628][ T6162] RSP: 002b:00007f7b0005b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 114.217065][ T6162] RAX: ffffffffffffffda RBX: 00007f7aff3b5fa0 RCX: 00007f7aff18e969 [ 114.225087][ T6162] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000005 [ 114.233162][ T6162] RBP: 00007f7aff210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 114.241147][ T6162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.249135][ T6162] R13: 0000000000000000 R14: 00007f7aff3b5fa0 R15: 00007ffd61bb3648 [ 114.257226][ T6162] [ 114.260259][ T6162] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 114.267665][ T6162] CPU: 0 UID: 0 PID: 6162 Comm: syz.2.89 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 114.279503][ T6162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 114.289608][ T6162] Call Trace: [ 114.292923][ T6162] [ 114.295876][ T6162] dump_stack_lvl+0x99/0x250 [ 114.300516][ T6162] ? __asan_memcpy+0x40/0x70 [ 114.305136][ T6162] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.310380][ T6162] ? __pfx__printk+0x10/0x10 [ 114.315018][ T6162] panic+0x2db/0x790 [ 114.318946][ T6162] ? __pfx_panic+0x10/0x10 [ 114.323427][ T6162] __warn+0x31b/0x4b0 [ 114.327453][ T6162] ? kcov_remote_start+0x55a/0x7f0 [ 114.332599][ T6162] ? kcov_remote_start+0x55a/0x7f0 [ 114.337732][ T6162] report_bug+0x2be/0x4f0 [ 114.342084][ T6162] ? kcov_remote_start+0x55a/0x7f0 [ 114.347232][ T6162] ? kcov_remote_start+0x55a/0x7f0 [ 114.352402][ T6162] ? kcov_remote_start+0x55c/0x7f0 [ 114.357634][ T6162] handle_bug+0x84/0x160 [ 114.361910][ T6162] exc_invalid_op+0x1a/0x50 [ 114.366444][ T6162] asm_exc_invalid_op+0x1a/0x20 [ 114.371402][ T6162] RIP: 0010:kcov_remote_start+0x55a/0x7f0 [ 114.377157][ T6162] Code: ff 4c 89 ff be 03 00 00 00 e8 f2 f8 f1 02 e9 eb fa ff ff e8 58 98 8f 09 f7 c3 00 02 00 00 0f 84 da fa ff ff e9 5a fc ff ff 90 <0f> 0b 90 e8 3e b2 8f 09 89 c0 48 c7 c7 68 23 73 92 48 03 3c c5 20 [ 114.396786][ T6162] RSP: 0018:ffffc9000af5e490 EFLAGS: 00010002 [ 114.402924][ T6162] RAX: 0000000080000200 RBX: 0000000000000246 RCX: 0000000000000002 [ 114.410932][ T6162] RDX: 0000000000030000 RSI: ffffffff8d924cb5 RDI: ffffffff8bc12300 [ 114.418938][ T6162] RBP: ffffc9000af5e6f0 R08: ffffc9000af5e220 R09: 0000000000000020 [ 114.426938][ T6162] R10: 0000000000000000 R11: ffffffff819eafe0 R12: ffff8880b8828368 [ 114.434928][ T6162] R13: ffffffff81bffa87 R14: ffff88801dfc9e00 R15: 0000000000000000 [ 114.442922][ T6162] ? kcov_remote_start+0x97/0x7f0 [ 114.447964][ T6162] ? __pfx_hlock_conflict+0x10/0x10 [ 114.453197][ T6162] ieee80211_rx_list+0x53a/0x2d80 [ 114.458257][ T6162] ? __d_instantiate+0x197/0x740 [ 114.463251][ T6162] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 114.468758][ T6162] ? __lock_acquire+0xaac/0xd20 [ 114.473645][ T6162] ? ieee80211_rx_napi+0xca/0x3d0 [ 114.478696][ T6162] ? ieee80211_rx_napi+0xca/0x3d0 [ 114.483743][ T6162] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 114.489660][ T6162] ? ieee80211_rx_napi+0xca/0x3d0 [ 114.494700][ T6162] ieee80211_rx_napi+0x1a8/0x3d0 [ 114.499662][ T6162] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 114.505154][ T6162] ? skb_dequeue+0x10e/0x150 [ 114.509792][ T6162] ieee80211_handle_queued_frames+0xe8/0x1f0 [ 114.515814][ T6162] ? ieee80211_stop_device+0x29/0xf0 [ 114.521125][ T6162] ieee80211_stop_device+0x3e/0xf0 [ 114.526253][ T6162] ieee80211_do_stop+0x17b9/0x1f80 [ 114.531397][ T6162] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 114.536821][ T6162] ? __pfx_ieee80211_do_stop+0x10/0x10 [ 114.542320][ T6162] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 114.548245][ T6162] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.553462][ T6162] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 114.559812][ T6162] ieee80211_stop+0x444/0x4a0 [ 114.564518][ T6162] ? dev_deactivate_many+0x258/0xd40 [ 114.570254][ T6162] ? __pfx_ieee80211_stop+0x10/0x10 [ 114.575485][ T6162] __dev_close_many+0x361/0x6f0 [ 114.580383][ T6162] ? __pfx___dev_close_many+0x10/0x10 [ 114.585789][ T6162] __dev_change_flags+0x2c7/0x6d0 [ 114.591018][ T6162] ? __pfx___dev_change_flags+0x10/0x10 [ 114.596582][ T6162] ? vprintk_emit+0x63e/0x7a0 [ 114.601272][ T6162] ? __pfx_vprintk_emit+0x10/0x10 [ 114.606302][ T6162] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 114.612208][ T6162] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.617420][ T6162] netif_change_flags+0x88/0x1a0 [ 114.622376][ T6162] do_setlink+0xcb9/0x40d0 [ 114.626820][ T6162] ? __pfx_do_setlink+0x10/0x10 [ 114.631691][ T6162] ? __lock_acquire+0xaac/0xd20 [ 114.636564][ T6162] ? __mutex_trylock_common+0x153/0x260 [ 114.642129][ T6162] ? __pfx___mutex_trylock_common+0x10/0x10 [ 114.648138][ T6162] ? rcu_is_watching+0x15/0xb0 [ 114.652972][ T6162] ? trace_contention_end+0x39/0x120 [ 114.658266][ T6162] ? __mutex_lock+0x330/0xe80 [ 114.662967][ T6162] ? rtnl_newlink+0x8db/0x1c70 [ 114.667743][ T6162] ? rcu_is_watching+0x15/0xb0 [ 114.672524][ T6162] ? __pfx___mutex_lock+0x10/0x10 [ 114.677657][ T6162] ? ns_capable+0x8a/0xf0 [ 114.682031][ T6162] ? rtnl_link_get_net_capable+0x16a/0x350 [ 114.687896][ T6162] rtnl_newlink+0x160b/0x1c70 [ 114.692603][ T6162] ? kasan_save_track+0x3e/0x80 [ 114.697492][ T6162] ? __pfx_rtnl_newlink+0x10/0x10 [ 114.702561][ T6162] ? kasan_quarantine_put+0xdd/0x220 [ 114.707876][ T6162] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.713108][ T6162] ? nlmon_xmit+0xb0/0x100 [ 114.718061][ T6162] ? kmem_cache_free+0x192/0x3f0 [ 114.723046][ T6162] ? __local_bh_enable_ip+0x12d/0x1c0 [ 114.728456][ T6162] ? lockdep_hardirqs_on+0x9c/0x150 [ 114.733682][ T6162] ? __local_bh_enable_ip+0x12d/0x1c0 [ 114.739163][ T6162] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 114.745010][ T6162] ? __dev_queue_xmit+0x27e/0x3a70 [ 114.750232][ T6162] ? __dev_queue_xmit+0x27e/0x3a70 [ 114.755379][ T6162] ? __dev_queue_xmit+0x27e/0x3a70 [ 114.760546][ T6162] ? __lock_acquire+0xaac/0xd20 [ 114.765577][ T6162] ? __pfx_rtnl_newlink+0x10/0x10 [ 114.770635][ T6162] rtnetlink_rcv_msg+0x7cc/0xb70 [ 114.775604][ T6162] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 114.780747][ T6162] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 114.786240][ T6162] ? ref_tracker_free+0x63a/0x7d0 [ 114.791279][ T6162] ? __copy_skb_header+0xa7/0x550 [ 114.796336][ T6162] netlink_rcv_skb+0x219/0x490 [ 114.801118][ T6162] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 114.806599][ T6162] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 114.811928][ T6162] ? netlink_deliver_tap+0x2e/0x1b0 [ 114.817142][ T6162] ? netlink_deliver_tap+0x2e/0x1b0 [ 114.822359][ T6162] netlink_unicast+0x75b/0x8d0 [ 114.827145][ T6162] netlink_sendmsg+0x805/0xb30 [ 114.831938][ T6162] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.837246][ T6162] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 114.842545][ T6162] ? __pfx_netlink_sendmsg+0x10/0x10 [ 114.847843][ T6162] __sock_sendmsg+0x21c/0x270 [ 114.852544][ T6162] ____sys_sendmsg+0x505/0x830 [ 114.857363][ T6162] ? __pfx_____sys_sendmsg+0x10/0x10 [ 114.862742][ T6162] ? import_iovec+0x74/0xa0 [ 114.867311][ T6162] ___sys_sendmsg+0x21f/0x2a0 [ 114.872112][ T6162] ? __pfx____sys_sendmsg+0x10/0x10 [ 114.877375][ T6162] ? __fget_files+0x2a/0x420 [ 114.881977][ T6162] ? __fget_files+0x3a0/0x420 [ 114.886688][ T6162] __x64_sys_sendmsg+0x19b/0x260 [ 114.891676][ T6162] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 114.897374][ T6162] ? do_syscall_64+0xba/0x210 [ 114.902084][ T6162] do_syscall_64+0xf6/0x210 [ 114.906802][ T6162] ? clear_bhb_loop+0x60/0xb0 [ 114.911498][ T6162] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.917440][ T6162] RIP: 0033:0x7f7aff18e969 [ 114.921881][ T6162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.941898][ T6162] RSP: 002b:00007f7b0005b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 114.950569][ T6162] RAX: ffffffffffffffda RBX: 00007f7aff3b5fa0 RCX: 00007f7aff18e969 [ 114.958604][ T6162] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000005 [ 114.966626][ T6162] RBP: 00007f7aff210ab1 R08: 0000000000000000 R09: 0000000000000000 [ 114.974622][ T6162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 114.982663][ T6162] R13: 0000000000000000 R14: 00007f7aff3b5fa0 R15: 00007ffd61bb3648 [ 114.990696][ T6162] [ 114.994000][ T6162] Kernel Offset: disabled [ 114.998355][ T6162] Rebooting in 86400 seconds..