last executing test programs: 16.870054871s ago: executing program 3 (id=97): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fanotify_mark(0xffffffffffffffff, 0x105, 0x10000839, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) listen(0xffffffffffffffff, 0x6) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) 11.470019666s ago: executing program 0 (id=104): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10) r1 = gettid() setpriority(0x1, r1, 0x6) 11.186340832s ago: executing program 0 (id=105): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000700), 0x143380, 0x0) ioctl$SNDCTL_SEQ_TESTMIDI(r0, 0x40045108, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x50) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=@delchain={0x24, 0x65, 0x400, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x509d884560ba1ba6, 0x3}, {}, {0x8, 0x10}}}, 0x24}}, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000100)=ANY=[@ANYBLOB="60b80000", @ANYRES16, @ANYBLOB="050427bd7000fedbdf250100000008000100", @ANYRES32, @ANYBLOB="4400028040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005"], 0x60}, 0x1, 0x0, 0x0, 0x4000401}, 0x4040084) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x1, 0x80000000, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x8, 0x3}, {0xa, 0xffe0}, {0xfff1, 0x9}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_LIMIT={0x8, 0x1, 0xf4b6}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xfe2a}]}}]}, 0x44}}, 0x20004055) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x11}, 0x400c840) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) r3 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) 10.444887577s ago: executing program 3 (id=106): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043) r2 = dup(r0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2a}}, 0x200007, 0x1000, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) 10.185464843s ago: executing program 2 (id=108): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc2c45513, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$kcm(0x10, 0x3, 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x181200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f00000003c0)="92e189088debce1f6bc1093d80ea466f56f701f4acf15716acf40082be79afd46fb564ee9cfd9c81d2498403d22e0907d8e9ffda0465f00d04bc2d612d4c9c95b0570a5405bfefecdb110840c7575ad0cdda1675f75468f10aa57a8dbbe926dbf9e9113252650dfa08a30a7b0259abf98f16d57f048550d80526741b74b2b5fc851d3bcca5028f5c1a9aa56a8d9246a14a119c108eed72451d006d05c0422167f0f93ec1ab94", 0xa6) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0x42) sendfile(r2, r2, 0x0, 0x101) 9.39965005s ago: executing program 3 (id=109): mkdirat(0xffffffffffffff9c, 0x0, 0x0) syz_open_dev$dvb_demux(&(0x7f0000000140), 0x0, 0x62400) r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000001440), 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0e0000000400000004000000ffff010000000000", @ANYRES32=0x1, @ANYBLOB="000000d17c"], 0x50) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x8c48, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0xff, 0x3}, 0x90) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000840)={r2, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xb5, 0x7, 0x4}, 0x9c) ioctl$VIDIOC_ENUMAUDIO(r0, 0xc0345641, &(0x7f0000001480)={0x80, "c21fead35dacaffab15599d9c7d075f15b9bab055e859ab2bfa6e8d1ffe1ec7c", 0x1}) 9.39842397s ago: executing program 1 (id=110): read$FUSE(0xffffffffffffffff, 0x0, 0x0) ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x8, &(0x7f0000002540)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40880}, 0x8040) r0 = semget(0x3, 0x2, 0x800) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) semtimedop(r0, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r4 = socket$tipc(0x1e, 0x5, 0x0) listen(r4, 0x3) ioctl$int_in(r4, 0x5421, &(0x7f0000000280)=0x521f) accept4(r4, 0x0, 0x0, 0x400000000000000) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000240)={0x0, 0x3, 0xffffffffffffffff, 0xad, 0x80000}) 8.030606349s ago: executing program 1 (id=111): r0 = socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) lremovexattr(0x0, &(0x7f0000000040)=@known='trusted.syz\x00') accept$alg(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, &(0x7f0000001bc0)={{r0, 0x0, 0x200000, 0x0, 0x4, 0x0, 0x0}, 0x1, &(0x7f0000001a80)=[{0x3, 0x10001, 0x0, &(0x7f0000000780)="98", 0x1, 0x10}]}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x40) 8.011026269s ago: executing program 0 (id=112): socket(0x8, 0x2, 0x10001) socket$nl_route(0x10, 0x3, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000002c0)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0x0, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101400, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$comedi(0xffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x300, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket(0x2b, 0x80801, 0x1) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0x1000000f, 0x80000006}, 0x0, 0x0) 7.909748951s ago: executing program 2 (id=113): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10) setpriority(0x1, 0x0, 0x6) 7.786980024s ago: executing program 2 (id=114): madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17) 6.671429738s ago: executing program 1 (id=115): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000280), 0x106, 0x2}}, 0xfe5e) r3 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x153a, 0x0, 0xa, 0x17a}) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r3, 0x10, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)=[{0x0}], 0x0, 0x1}, 0x20) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="40000000100001040000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x40}}, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) socket$qrtr(0x2a, 0x2, 0x0) 6.58252661s ago: executing program 3 (id=116): openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$HIDIOCSUSAGES(0xffffffffffffffff, 0x501c4814, &(0x7f0000000dc0)={{0x1, 0x3, 0x9, 0x800, 0x5, 0x5}, 0x8d, [0x7, 0x93b, 0x6, 0x1, 0x1, 0xb8a, 0x2f, 0x100, 0x5, 0x7, 0x7, 0x5, 0x41d4, 0x83, 0x4, 0xffffffff, 0x9, 0x1000, 0x77e4, 0xffff0c56, 0x3, 0x1, 0x0, 0x40, 0x9, 0x200, 0x69, 0x2, 0x0, 0x6, 0x3, 0x7, 0x8, 0x8, 0xa522, 0x100, 0xfffffff8, 0x80000001, 0x0, 0x40, 0x1, 0x6, 0x1, 0x7fffffff, 0x5eb9, 0x5, 0x9c05, 0x800000c, 0x401, 0x4, 0x75, 0x817, 0xb, 0x3, 0xda90, 0x7, 0xf, 0xbc4b, 0x106, 0xfd, 0x81, 0x6, 0x101, 0x39, 0xffffff7f, 0x6, 0x5, 0x5, 0x77, 0xfffffffd, 0x0, 0x9, 0x73f, 0x5, 0x8, 0x4, 0x3, 0xffffffff, 0x5, 0x26be23d3, 0x7, 0x2, 0x9, 0x8, 0xdd2, 0xfffffffb, 0x3, 0x4, 0x2, 0xfff, 0x80000001, 0x9, 0x4, 0x0, 0x3, 0x2, 0x2, 0x5, 0x6, 0x1, 0x80000001, 0x7, 0x0, 0x40, 0x5, 0x101, 0x8, 0x9, 0x334c230c, 0x6, 0x4, 0xfffffff9, 0x8, 0x3, 0xffff0000, 0x7, 0x2, 0xffffffff, 0x4, 0x3, 0x4, 0x4, 0x3f, 0x81, 0x3, 0x400, 0x4, 0x984, 0x1, 0x6, 0x7, 0x6, 0x1ff, 0x2a3, 0x6d, 0x1, 0x10000, 0x5, 0x80000000, 0x1d01e, 0x1, 0x3, 0xfffffffb, 0x8, 0x63, 0x400, 0x5, 0x401, 0x4, 0xfff, 0x0, 0x9, 0x3, 0x8, 0xfffffff9, 0x2, 0x80000000, 0x3, 0xc, 0x1, 0xad, 0x100, 0x144, 0x2, 0xfffffffc, 0x2, 0x5, 0x0, 0x5, 0x9, 0x1, 0x4, 0x1000, 0x974, 0x5, 0x2, 0x8, 0x5, 0x88, 0x1000, 0x0, 0x1, 0x2, 0x5, 0x9, 0x0, 0x57a, 0x0, 0x0, 0x6, 0x9, 0x5c, 0x6, 0x9, 0xd22, 0x2, 0x7, 0x10, 0x8, 0xffffffff, 0x2149, 0xf, 0x26a02622, 0x7fff, 0x8, 0x8, 0x7ff, 0x5, 0x8, 0x81, 0x8, 0xff, 0x5, 0xfffffffa, 0x2, 0x2, 0xffff, 0xf, 0x5, 0x7, 0x5, 0x100, 0x1e06, 0xf, 0xdf2, 0x0, 0xbb, 0xfff, 0x400, 0x2, 0x80000000, 0x7, 0x8, 0xf9b, 0x8, 0x7ff, 0x7, 0x3ff, 0x630a, 0x5, 0xcff, 0x9, 0xb7, 0x1, 0xff, 0x4, 0x5, 0x10, 0x1, 0x92a, 0x3, 0x5, 0xd, 0x5, 0x101, 0x6, 0x7fff, 0x800, 0x3, 0x4, 0x0, 0x7f, 0x200, 0x20, 0x7, 0x1000000, 0x0, 0x7f, 0x53, 0x8, 0x8, 0x5, 0x2, 0xf, 0xd81c, 0x840, 0x1, 0x9, 0x2, 0x81, 0x9, 0x3, 0x5, 0x1000, 0x8, 0x47, 0x94, 0x7, 0x8, 0x8001, 0x56f71053, 0x1, 0x867, 0x3ff, 0x40, 0x6, 0x3, 0xfff, 0x4, 0x197, 0x9, 0x6, 0x5, 0x6, 0x7, 0x0, 0x84, 0x3, 0x1ff, 0x400, 0x3, 0xd42, 0x9, 0x5, 0x1ff, 0x4, 0x9, 0xbec, 0x5, 0x7, 0x3, 0x5, 0x64000000, 0x2, 0x1e, 0x3a, 0x6, 0x5, 0x18000, 0x2, 0xffff, 0x9, 0x6, 0x9, 0x0, 0xe4f, 0x67c, 0x27b7, 0xe, 0x9, 0x9, 0x5, 0xd, 0x5, 0x7f, 0x76, 0x9, 0xc4fe, 0x9, 0x3, 0x4, 0x8, 0x87, 0x1, 0x4, 0x6, 0x40, 0x9, 0x8, 0x1, 0x6, 0x8, 0xc75e, 0x4, 0x6, 0x1b, 0xfd3, 0x2, 0x3, 0x9, 0x10, 0x4, 0x5d2f, 0x5, 0x1b, 0x3ff, 0x5, 0x8, 0x6, 0xc000000, 0x5c, 0x9, 0x541b, 0xce, 0x6, 0x4, 0x69f, 0x3, 0x5, 0x7, 0x4, 0x200, 0x7, 0x8, 0x2323, 0xfffffff7, 0xffff, 0x7ff, 0x4, 0xd, 0xffffff42, 0x89, 0x80000001, 0x3ff, 0x3, 0x554, 0xde, 0x0, 0x400, 0x3, 0x9, 0x800, 0x7cb3aca3, 0x6, 0x6, 0x4, 0xf8000000, 0x1, 0xfffffff9, 0x9, 0xffffffff, 0x0, 0x7, 0x10000, 0x4, 0x3, 0x8001, 0x8, 0xbb, 0x2, 0xf548, 0x3, 0x36c, 0xffffffff, 0x10, 0x676, 0xe67, 0x88, 0x808, 0x560, 0x6db5, 0xa7b, 0x2, 0x4, 0x9, 0x3, 0x4, 0xffffffff, 0x6, 0xed2, 0x24bdaad2, 0x9, 0x4, 0x3, 0x1, 0xd599, 0x2, 0x6c51, 0x2, 0x0, 0x0, 0x2, 0xfce6, 0xf, 0xcd0, 0x4, 0xf, 0x0, 0x9, 0x5, 0x200, 0x6, 0x5, 0x2, 0x7, 0x17, 0xc36, 0x0, 0x8fbb, 0x3, 0x5, 0x0, 0x8, 0x8, 0x1, 0x8, 0x1000001, 0x45d8, 0x9, 0x0, 0x60000, 0x7, 0x2, 0xfffffff1, 0x3, 0x2, 0xfffffd67, 0x2, 0x4, 0x5, 0x3, 0x800, 0x10, 0xa, 0xb12c, 0x5ce, 0x1, 0xfffffffd, 0xf9c8, 0x0, 0x80f4, 0x10000, 0x3, 0x8, 0x2, 0x7, 0x5, 0x8, 0x401, 0x7, 0x10, 0x0, 0x6b, 0x100, 0x8, 0x2, 0x2, 0x5273, 0xe45f, 0x10, 0x0, 0x8, 0x4, 0x7, 0x7, 0x6, 0x4, 0x8e8b, 0x5, 0x3, 0x7, 0x3, 0xe535, 0x80, 0x5, 0x6, 0x0, 0x3, 0xff, 0x7fffffff, 0x5, 0x1, 0xa, 0x4, 0x1, 0x31, 0x0, 0xee1, 0x10001, 0x3, 0xfffffffc, 0x4, 0x1, 0x6f9, 0x7, 0xb26c, 0xb, 0x0, 0xfffffff3, 0x4000008, 0x8, 0x1ff, 0x6, 0xfd, 0x3, 0x3d, 0x6, 0x80000001, 0x5, 0x7, 0x1, 0xffffffff, 0x6, 0x3d29, 0x4, 0x7, 0x8, 0xb04, 0x3, 0xea6, 0x9, 0x101, 0x4, 0x1400, 0xfffffeff, 0x7, 0x2, 0x4, 0x8, 0x7, 0xe, 0x2, 0xc, 0x2, 0x2, 0x64c1, 0x80000000, 0x200, 0x2, 0xfffffffd, 0x1, 0x91, 0x8001, 0x401, 0x781d, 0x80, 0xfffff5b0, 0x8, 0x3, 0x8, 0xfff, 0xcd800000, 0x9, 0x6, 0x0, 0x5b5, 0x7, 0x3, 0x2, 0x5, 0x10001, 0xc, 0x9e9, 0x53, 0xfffffdd5, 0xc, 0xc00, 0x40, 0x401, 0xf2a6, 0x7, 0x3, 0x2, 0x7, 0x3800000, 0x0, 0x3ff, 0x3, 0x7fffffff, 0x4, 0x0, 0x1, 0xf, 0x7, 0xa84d, 0x3, 0xaf, 0xaf72, 0x5f, 0x1, 0xe, 0x6, 0x9, 0x5, 0x7, 0x3, 0x5, 0x3, 0x40, 0x1000, 0x75f1, 0x4, 0x3, 0x1, 0xfffffffd, 0x4, 0x8, 0x10, 0x80, 0x2, 0x6, 0x0, 0xe, 0xc, 0x3, 0x2, 0xd, 0x8, 0xfffff3f6, 0x6, 0x8, 0x3, 0x6, 0x5, 0x3, 0x101, 0x8, 0xbd, 0xa, 0x8, 0xffffed34, 0x8000, 0x2, 0x0, 0x7, 0x55f4727b, 0xd, 0x3b, 0x5, 0x8, 0xffffffff, 0x4, 0x81, 0x6, 0xb, 0x2, 0xa53, 0xff, 0x0, 0x2, 0x5, 0x3233, 0xff, 0x6, 0x2, 0x9, 0x1, 0x0, 0x3ff, 0x5, 0x8, 0x40, 0x0, 0x40, 0x88, 0x5, 0x80, 0x4, 0xd0000000, 0x8, 0x4, 0x5, 0x5, 0x7, 0x0, 0x0, 0x76b, 0xbb, 0x2, 0x5, 0x7fff, 0x9, 0xa, 0x5, 0x80, 0x4, 0x8, 0x8, 0x1f, 0x1, 0x3, 0x4, 0xd126, 0x7, 0x5, 0x0, 0x0, 0x8, 0x7, 0x1, 0x5, 0xfffffffa, 0x8, 0x270b, 0x5, 0x7fff, 0x4, 0x5, 0x6, 0x3, 0x4, 0x13f, 0x0, 0xc906, 0x6, 0x100, 0x4, 0x3, 0x3, 0x7f, 0x2b, 0x4, 0x3, 0x3, 0x8001, 0x46f, 0x19f1, 0x6, 0x20, 0x2, 0x2, 0x6, 0x5, 0x5, 0x401, 0x5, 0x6, 0x5, 0x7, 0xb, 0x200, 0x6, 0x9, 0x7, 0x3, 0x1, 0x7f, 0x9, 0xc3b, 0xfdf5, 0x0, 0x3, 0x0, 0xf, 0x1, 0x800, 0x4f35, 0x1, 0x18, 0x5, 0x0, 0x6, 0xaa5, 0x800, 0xf, 0x7, 0x800, 0xc, 0xfffffffb, 0xff, 0x5, 0x1000, 0x8, 0x81, 0x6, 0x2, 0x9, 0x8, 0x5, 0x8, 0x8, 0x100, 0x5, 0x10, 0x3, 0x7, 0x82, 0x4, 0x40, 0xabde, 0x1, 0xb, 0x8, 0x5, 0x8, 0x7f, 0x100, 0x8, 0x9, 0x6, 0x80000001, 0x2, 0x8, 0x2, 0x7fff, 0x3, 0x6, 0x4, 0x5, 0x3, 0x0, 0x1, 0x8, 0x59, 0x1, 0x0, 0x48, 0xaa19, 0xc, 0x400, 0x1, 0x401, 0x8, 0xc11, 0x4, 0x0, 0x7, 0x2, 0x7f, 0x0, 0x1, 0xc0000, 0x7, 0x4, 0xef47, 0x3, 0x1, 0x0, 0x2, 0x1, 0x0, 0xe14f, 0x5, 0x7, 0x8, 0x7fffffff, 0x7f, 0xffffffff, 0xffffff88, 0x400, 0x7fffffff, 0x10, 0x5, 0x9, 0x5, 0x0, 0xff, 0x0, 0x8, 0x3, 0x5, 0xfffffffc, 0x9, 0x11, 0x9, 0xfffffffe, 0x40, 0x3, 0x7, 0x0, 0x1, 0x2, 0x6, 0x81, 0x4, 0x401, 0x6, 0x5, 0x3, 0x0, 0xd, 0x6, 0xc, 0x2, 0x1, 0xfffffe5c, 0x40, 0x0, 0x9, 0x24, 0x1ff, 0x4, 0xe92, 0x5, 0x6e3, 0x4, 0xff, 0x0, 0xdf, 0x5, 0x7, 0x100, 0x3ac9, 0x10001, 0xae27, 0x80, 0x5, 0x7, 0x7fff, 0x0, 0xb, 0x4, 0x1, 0x1, 0x0, 0x9, 0x331d, 0x5, 0xb6, 0x7, 0x4, 0x4, 0x9, 0x6cf3, 0x8, 0x7, 0xf, 0x80, 0x9, 0xffff, 0x8000, 0x1, 0x2, 0x2, 0xdc0, 0x0, 0x100, 0x9, 0x1, 0xfffffff8, 0x800, 0x3, 0x0, 0x9, 0x644d, 0x93, 0xb0, 0x2, 0x3ff, 0x800, 0xfffffff7, 0x2, 0x0, 0xff]}) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_LOOKUP_BATCH(0x19, 0x0, 0x0) r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000500)='/dev/comedi3\x00', 0x0, 0x0) r4 = openat$comedi(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'pcl816\x00', [0x100, 0x2007, 0x2, 0x1000, 0xe, 0x5, 0x79, 0x3, 0x80008, 0x0, 0xffffffff, 0x1, 0x8, 0x1, 0x100, 0xfd, 0xfffffffb, 0x9, 0x3, 0x7fffffff, 0x86, 0xca9f, 0xfffffffe, 0x20001e58, 0xffffffff, 0xf39e, 0x3, 0x8, 0xa6b5, 0x0, 0xfffffff8]}) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r5, 0x4b72, &(0x7f0000000000)={0x0, 0x1, 0x1, 0x13, 0x200, &(0x7f00000003c0)="1ae19327aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a730900000000fdfd000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000005000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c536689a4a62f872f9ca3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d228186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f91ffffffffd51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6ece06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a2a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0600000000000000a1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe021c773a6664b66ae04aa62c564d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000004000000000f800"}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000000, 0x11, r3, 0x22052000) sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x20008010) r6 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IP_VS_SO_GET_INFO(r6, 0x0, 0x29, 0x0, &(0x7f0000000240)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a44000000090a010400000000000000000100000208000a40000000000900010073797a300000000008000540000000db78bb02421c0900020073797a3200000000080003400000008c140000001000010000000000000000000784000a41b9b48c94160facfbcb07f53179818328135a9501a300f6f4d38a0b0ace1606"], 0x6c}, 0x1, 0x0, 0x0, 0x4404c810}, 0x0) socket(0x2, 0x80805, 0x0) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r7, 0x0) 6.56755909s ago: executing program 0 (id=117): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043) r2 = dup(r0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2a}}, 0x200007, 0x1000, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) 6.537964521s ago: executing program 2 (id=118): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4, 0x0, &(0x7f0000000280)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c56454e873dd7336ccf21a1eeb8da7adf80d6e06ef46c7f36222fadaed2103c286468b3f44adee51445bd1bedf8fcc1c0b9fdc8b3829b1bf0c9d2d409cdecb12ad033e299c029331993ae9760345bf7feb91ee96b0eee19454ad3dbce5019b68c114ff1921a9b4665744c7784ac6736101a70592d83c448a84c31ec60bb901d96ea99471d823ee523318878ee704a8d9502b566cad45587cb74ea8259c1c0a926fc09499395b2db5af40bb6f4c526", 0x0, 0x8000, 0x6}, 0x50) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211000000505050505050"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) 6.452114183s ago: executing program 2 (id=119): read$FUSE(0xffffffffffffffff, 0x0, 0x0) ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x8, &(0x7f0000002540)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40880}, 0x8040) r0 = semget(0x3, 0x2, 0x800) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) semtimedop(r0, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r4 = socket$tipc(0x1e, 0x5, 0x0) listen(r4, 0x3) ioctl$int_in(r4, 0x5421, &(0x7f0000000280)=0x521f) accept4(r4, 0x0, 0x0, 0x400000000000000) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000240)={0x0, 0x3, 0xffffffffffffffff, 0xad, 0x80000}) 4.801072148s ago: executing program 2 (id=120): r0 = openat$ublk_ctrl(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_tracing={0x1a, 0xa, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xf475, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x40000000}, 0x94) r1 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000001780)={&(0x7f00000003c0)=@caif, 0x80, 0x0}, 0x0) syz_ublk_add_dev(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2e, 0x0, 0x0, r0, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f0000000500)=@new_dev={0x1, 0x104, 0x0, 0x0, 0x1000, 0xffffffff, 0xffffffffffffffff, 0x0, 0xc4ddfbc9bba2bd78}}}, &(0x7f0000000300)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=0x0], 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x20004080) ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x80000) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0401273, &(0x7f0000000280)={'\x00', 0x4a, 0x7, 0xf3e, 0x3bd2, 0x40}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) getrandom(&(0x7f0000000580)=""/265, 0xffffff3f, 0x3) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 4.386848937s ago: executing program 0 (id=121): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc2c45513, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$kcm(0x10, 0x3, 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x181200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f00000003c0)="92e189088debce1f6bc1093d80ea466f56f701f4acf15716acf40082be79afd46fb564ee9cfd9c81d2498403d22e0907d8e9ffda0465f00d04bc2d612d4c9c95b0570a5405bfefecdb110840c7575ad0cdda1675f75468f10aa57a8dbbe926dbf9e9113252650dfa08a30a7b0259abf98f16d57f048550d80526741b74b2b5fc851d3bcca5028f5c1a9aa56a8d9246a14a119c108eed72451d006d05c0422167f0f93ec1ab94", 0xa6) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0) openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0x42) sendfile(r2, r2, 0x0, 0x101) 4.345877267s ago: executing program 1 (id=122): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10) setpriority(0x1, 0x0, 0x6) 1.344106722s ago: executing program 1 (id=123): r0 = socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) lremovexattr(0x0, &(0x7f0000000040)=@known='trusted.syz\x00') accept$alg(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, &(0x7f0000001bc0)={{r0, 0x0, 0x200000, 0x0, 0x4, 0x0, 0x0}, 0x1, &(0x7f0000001a80)=[{0x3, 0x10001, 0x0, &(0x7f0000000780)="98", 0x1, 0x10}]}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x40) 1.343560982s ago: executing program 3 (id=124): mkdirat(0xffffffffffffff9c, 0x0, 0x0) syz_open_dev$dvb_demux(&(0x7f0000000140), 0x0, 0x62400) r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000001440), 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0e0000000400000004000000ffff010000000000", @ANYRES32=0x1, @ANYBLOB="000000d17c"], 0x50) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x8c48, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0xff, 0x3}, 0x90) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000840)={r1, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xb5, 0x7, 0x4}, 0x9c) ioctl$VIDIOC_ENUMAUDIO(r0, 0xc0345641, &(0x7f0000001480)={0x80, "c21fead35dacaffab15599d9c7d075f15b9bab055e859ab2bfa6e8d1ffe1ec7c", 0x1}) 872.494402ms ago: executing program 0 (id=125): socket(0x8, 0x2, 0x10001) socket$nl_route(0x10, 0x3, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) renameat2(0xffffffffffffffff, &(0x7f00000002c0)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0x0, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101400, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$comedi(0xffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x300, 0x0) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket(0x2b, 0x80801, 0x1) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0x1000000f, 0x80000006}, 0x0, 0x0) 108.757908ms ago: executing program 1 (id=126): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xc, 0x8, &(0x7f0000000d80)=ANY=[@ANYBLOB="1800000000000000000000000000000018020000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000d000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x3e8, 0xe80, 0x0, &(0x7f0000000000)="c1df07000000d30a298ee68886dd87", 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) 0s ago: executing program 3 (id=127): madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.5' (ED25519) to the list of known hosts. [ 75.807818][ T5758] cgroup: Unknown subsys name 'net' [ 75.947220][ T5758] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 77.624520][ T5758] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 80.073128][ T5780] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.095982][ T5785] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.104890][ T5780] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.104944][ T5785] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.119650][ T5785] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.127648][ T5780] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.140592][ T5785] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.148784][ T5780] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.157669][ T5780] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.165600][ T5785] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.166163][ T5780] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.180235][ T5789] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 80.188483][ T5787] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 80.192458][ T5786] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.196298][ T5789] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.211696][ T5780] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.220299][ T5789] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.237739][ T5780] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.246515][ T5789] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 80.254124][ T5789] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.263151][ T5789] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.281478][ T5787] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 80.291945][ T5083] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 80.313109][ T5083] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.679222][ T5774] chnl_net:caif_netlink_parms(): no params data found [ 80.802875][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 80.851845][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.860394][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.868651][ T5774] bridge_slave_0: entered allmulticast mode [ 80.875735][ T5774] bridge_slave_0: entered promiscuous mode [ 80.893605][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.900909][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.908181][ T5774] bridge_slave_1: entered allmulticast mode [ 80.915389][ T5774] bridge_slave_1: entered promiscuous mode [ 81.021324][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 81.035798][ T5774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.084015][ T5774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.109377][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.116526][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.124413][ T5772] bridge_slave_0: entered allmulticast mode [ 81.131832][ T5772] bridge_slave_0: entered promiscuous mode [ 81.141159][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.148419][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.155581][ T5772] bridge_slave_1: entered allmulticast mode [ 81.162927][ T5772] bridge_slave_1: entered promiscuous mode [ 81.222400][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 81.237408][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.261415][ T5774] team0: Port device team_slave_0 added [ 81.281977][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.304043][ T5774] team0: Port device team_slave_1 added [ 81.376963][ T5772] team0: Port device team_slave_0 added [ 81.385494][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.393683][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.401497][ T5771] bridge_slave_0: entered allmulticast mode [ 81.409066][ T5771] bridge_slave_0: entered promiscuous mode [ 81.427098][ T5772] team0: Port device team_slave_1 added [ 81.445800][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.455785][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.482186][ T5774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.494379][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.504233][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.512289][ T5771] bridge_slave_1: entered allmulticast mode [ 81.521636][ T5771] bridge_slave_1: entered promiscuous mode [ 81.556020][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.565345][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.591570][ T5774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.621541][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.628789][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.655184][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.675516][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.682574][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.709387][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.723266][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.735972][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.819983][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.827271][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.834785][ T5773] bridge_slave_0: entered allmulticast mode [ 81.842366][ T5773] bridge_slave_0: entered promiscuous mode [ 81.891791][ T5774] hsr_slave_0: entered promiscuous mode [ 81.899379][ T5774] hsr_slave_1: entered promiscuous mode [ 81.906876][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.914151][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.921715][ T5773] bridge_slave_1: entered allmulticast mode [ 81.929200][ T5773] bridge_slave_1: entered promiscuous mode [ 81.940004][ T5771] team0: Port device team_slave_0 added [ 81.952704][ T5772] hsr_slave_0: entered promiscuous mode [ 81.959833][ T5772] hsr_slave_1: entered promiscuous mode [ 81.966230][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.974274][ T5772] Cannot create hsr debugfs directory [ 81.995254][ T5771] team0: Port device team_slave_1 added [ 82.037285][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.068221][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.075235][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.101830][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.122384][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.150923][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.158085][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.184303][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.256976][ T5773] team0: Port device team_slave_0 added [ 82.272713][ T5773] team0: Port device team_slave_1 added [ 82.338946][ T5778] Bluetooth: hci3: command tx timeout [ 82.344690][ T5778] Bluetooth: hci1: command tx timeout [ 82.351234][ T5789] Bluetooth: hci0: command tx timeout [ 82.360858][ T5083] Bluetooth: hci2: command tx timeout [ 82.382122][ T5771] hsr_slave_0: entered promiscuous mode [ 82.388637][ T5771] hsr_slave_1: entered promiscuous mode [ 82.394828][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.402530][ T5771] Cannot create hsr debugfs directory [ 82.420894][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.430800][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.457552][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.495637][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.502823][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.529325][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.692426][ T5773] hsr_slave_0: entered promiscuous mode [ 82.702244][ T5773] hsr_slave_1: entered promiscuous mode [ 82.708542][ T5773] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 82.716147][ T5773] Cannot create hsr debugfs directory [ 82.863794][ T5772] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 82.885479][ T5772] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 82.915834][ T5772] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.927782][ T5772] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 83.024432][ T5774] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 83.037050][ T5774] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 83.053112][ T5774] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 83.064700][ T5774] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 83.144848][ T5771] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 83.162849][ T5771] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 83.174666][ T5771] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 83.191527][ T5771] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 83.303690][ T5773] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.314263][ T5773] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.325790][ T5773] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.358143][ T5773] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.440257][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.531064][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.544018][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.565195][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.572711][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.599792][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.616583][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.623802][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.650623][ T5774] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.686573][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.710496][ T2885] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.717745][ T2885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.744702][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.751974][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.762264][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.769503][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.786414][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.805814][ T2885] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.813077][ T2885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.893403][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.910082][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.917265][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.954727][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.961951][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.419082][ T5083] Bluetooth: hci2: command tx timeout [ 84.419297][ T5789] Bluetooth: hci3: command tx timeout [ 84.424578][ T5083] Bluetooth: hci0: command tx timeout [ 84.434201][ T5778] Bluetooth: hci1: command tx timeout [ 84.462813][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.564314][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.623471][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.666533][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.694599][ T5772] veth0_vlan: entered promiscuous mode [ 84.730611][ T5772] veth1_vlan: entered promiscuous mode [ 84.784685][ T5771] veth0_vlan: entered promiscuous mode [ 84.812713][ T5771] veth1_vlan: entered promiscuous mode [ 84.825641][ T5774] veth0_vlan: entered promiscuous mode [ 84.871844][ T5774] veth1_vlan: entered promiscuous mode [ 84.900698][ T5773] veth0_vlan: entered promiscuous mode [ 84.921082][ T5772] veth0_macvtap: entered promiscuous mode [ 84.931543][ T5771] veth0_macvtap: entered promiscuous mode [ 84.949335][ T5772] veth1_macvtap: entered promiscuous mode [ 84.965758][ T5773] veth1_vlan: entered promiscuous mode [ 84.981448][ T5771] veth1_macvtap: entered promiscuous mode [ 85.011203][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.052807][ T5774] veth0_macvtap: entered promiscuous mode [ 85.066427][ T5774] veth1_macvtap: entered promiscuous mode [ 85.077393][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.099939][ T5773] veth0_macvtap: entered promiscuous mode [ 85.122456][ T5772] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.131617][ T5772] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.141086][ T5772] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.150568][ T5772] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.163701][ T5773] veth1_macvtap: entered promiscuous mode [ 85.178771][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.190176][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.202567][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.228159][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.239211][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.249834][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.260885][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.273567][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.290265][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.301682][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.313786][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.343266][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.353991][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.364861][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.375622][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.387304][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.406549][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.418788][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.431481][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.442876][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.452832][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.464319][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.475730][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.490991][ T5771] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.500884][ T5771] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.510752][ T5771] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.520031][ T5771] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.533646][ T5773] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.544078][ T5773] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.554772][ T5773] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.563947][ T5773] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.591963][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.603036][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.613674][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.626838][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.638095][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.649706][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.661574][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.695550][ T5774] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.712528][ T5774] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.722267][ T5774] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.731739][ T5774] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.831746][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.846085][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.904856][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.918809][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.957143][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.974551][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.052950][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.063890][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.081382][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.089311][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.190301][ T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.204728][ T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.226681][ T992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.281516][ T992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.386944][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.406690][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.505998][ T5778] Bluetooth: hci1: command tx timeout [ 86.513205][ T5789] Bluetooth: hci3: command tx timeout [ 86.518963][ T5778] Bluetooth: hci2: command tx timeout [ 86.524405][ T5778] Bluetooth: hci0: command tx timeout [ 86.941182][ T5845] netlink: 44 bytes leftover after parsing attributes in process `syz.3.4'. [ 86.973893][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.982998][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.493339][ T5845] syz.3.4 (5845) used greatest stack depth: 20872 bytes left [ 87.495507][ T5847] warning: `syz.0.1' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 87.881265][ T5853] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5'. [ 88.625730][ T5083] Bluetooth: hci0: command tx timeout [ 88.631301][ T5083] Bluetooth: hci3: command tx timeout [ 88.636738][ T5083] Bluetooth: hci2: command tx timeout [ 88.647509][ T5083] Bluetooth: hci1: command tx timeout [ 88.775775][ T5861] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 92.849262][ T171] cfg80211: failed to load regulatory.db [ 94.222726][ T5903] netlink: 32 bytes leftover after parsing attributes in process `syz.2.16'. [ 95.720039][ T5908] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 96.241158][ T5915] netlink: 44 bytes leftover after parsing attributes in process `syz.3.19'. [ 99.791626][ T5943] netlink: 32 bytes leftover after parsing attributes in process `syz.1.27'. [ 101.610762][ T5952] netlink: 44 bytes leftover after parsing attributes in process `syz.3.31'. [ 104.416695][ T5965] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 105.804177][ T5980] netlink: 32 bytes leftover after parsing attributes in process `syz.2.38'. [ 109.045695][ T6005] netlink: 44 bytes leftover after parsing attributes in process `syz.0.44'. [ 109.856009][ T6005] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.864215][ T6005] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.937854][ T6014] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 115.402145][ T6052] netlink: 44 bytes leftover after parsing attributes in process `syz.2.57'. [ 115.883611][ T6052] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.891540][ T6052] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.402446][ T6069] Zero length message leads to an empty skb [ 121.561457][ T6081] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 124.617509][ T6104] netlink: 44 bytes leftover after parsing attributes in process `syz.0.68'. [ 130.152462][ T6142] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 133.618412][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.632494][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.617649][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 135.882650][ T28] audit: type=1326 audit(1782819882.231:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6168 comm="syz.0.89" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f02c0f9ce59 code=0x0 [ 135.921180][ T6176] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 143.944961][ T6229] netlink: 4 bytes leftover after parsing attributes in process `syz.0.105'. [ 143.989700][ T6229] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 143.998926][ T6229] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.007716][ T6229] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.017698][ T6229] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 144.289161][ T6234] netlink: 4 bytes leftover after parsing attributes in process `syz.0.105'. [ 146.318110][ T6246] ======================================================= [ 146.318110][ T6246] WARNING: The mand mount option has been deprecated and [ 146.318110][ T6246] and is ignored by this kernel. Remove the mand [ 146.318110][ T6246] option from the mount to silence this warning. [ 146.318110][ T6246] ======================================================= [ 147.767799][ T6263] netlink: 8 bytes leftover after parsing attributes in process `syz.2.118'. [ 149.515034][ T6275] netlink: 32 bytes leftover after parsing attributes in process `syz.1.115'. [ 154.767929][ T992] ------------[ cut here ]------------ [ 154.773865][ T992] WARNING: CPU: 1 PID: 992 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x110e/0x2900 [ 154.785068][ T992] Modules linked in: [ 154.789138][ T992] CPU: 1 PID: 992 Comm: kworker/u4:5 Not tainted syzkaller #0 [ 154.796799][ T992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 154.807106][ T992] Workqueue: phy5 ieee80211_csa_finalize_work [ 154.813463][ T992] RIP: 0010:ieee80211_vif_use_reserved_switch+0x110e/0x2900 [ 154.821034][ T992] Code: 48 89 df e8 a4 8d d8 f7 e9 d6 fc ff ff e8 4a 19 80 f7 eb 24 e8 43 19 80 f7 c7 04 24 f4 ff ff ff e9 cc f5 ff ff e8 32 19 80 f7 <0f> 0b 0f 0b e9 b7 f5 ff ff e8 24 19 80 f7 48 8b 7c 24 08 4c 8b 74 [ 154.841078][ T992] RSP: 0018:ffffc900041679c0 EFLAGS: 00010293 [ 154.847318][ T992] RAX: ffffffff8a06c812 RBX: 0000000000000001 RCX: ffff888022df8000 [ 154.855559][ T992] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 154.863943][ T992] RBP: dffffc0000000000 R08: ffff88805ddb562f R09: 1ffff1100bbb6ac5 [ 154.871705][ C0] ------------[ cut here ]------------ [ 154.873838][ T992] R10: dffffc0000000000 R11: ffffed100bbb6ac6 R12: 0000000000000001 [ 154.877628][ C0] WARNING: CPU: 0 PID: 16 at net/mac80211/tx.c:5033 __ieee80211_beacon_get+0x1141/0x1520 [ 154.877677][ C0] Modules linked in: [ 154.877691][ C0] CPU: 0 PID: 16 Comm: ksoftirqd/0 Not tainted syzkaller #0 [ 154.877712][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 154.877724][ C0] RIP: 0010:__ieee80211_beacon_get+0x1141/0x1520 [ 154.877754][ C0] Code: f7 4c 89 ef e8 b0 a4 c2 f7 45 31 ed 4c 8b bc 24 a0 00 00 00 e9 7f fe ff ff e8 7b c6 84 f7 0f 0b e9 61 f8 ff ff e8 6f c6 84 f7 <0f> 0b e9 85 fb ff ff e8 63 c6 84 f7 48 c7 c7 40 50 64 8e 4c 89 e6 [ 154.877772][ C0] RSP: 0018:ffffc90000157878 EFLAGS: 00010246 [ 154.877792][ C0] RAX: ffffffff8a021ee1 RBX: dffffc0000000000 RCX: ffff88801a27da00 [ 154.877808][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 154.877822][ C0] RBP: 0000000000000000 R08: ffff88801a27da00 R09: 0000000000000003 [ 154.886103][ T992] R13: ffff88805ddb6659 R14: ffff88805ddead48 R15: ffff888026681400 [ 154.895648][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805ddb6440 [ 154.895667][ C0] R13: ffff888021dafc24 R14: ffff88805ddb6930 R15: ffff888021dafc00 [ 154.895686][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 154.895706][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 154.895723][ C0] CR2: 00007fd7abfea540 CR3: 000000002baa2000 CR4: 00000000003506f0 [ 154.895743][ C0] Call Trace: [ 154.895754][ C0] [ 154.895765][ C0] ? __ieee80211_beacon_get+0x36/0x1520 [ 154.895813][ C0] ieee80211_beacon_get_tim+0xbf/0x580 [ 154.895850][ C0] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 154.900874][ T992] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 154.907077][ C0] mac80211_hwsim_beacon_tx+0x3bd/0x770 [ 154.907121][ C0] __iterate_interfaces+0x225/0x4c0 [ 154.907148][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 154.907177][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 154.907203][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 154.907230][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 154.907258][ C0] mac80211_hwsim_beacon+0xbb/0x1b0 [ 154.907284][ C0] ? hw_scan_work+0xf10/0xf10 [ 154.907311][ C0] __hrtimer_run_queues+0x525/0xc10 [ 154.918157][ T992] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 154.923780][ C0] ? hrtimer_interrupt+0x980/0x980 [ 154.923808][ C0] ? read_tsc+0x9/0x20 [ 154.923844][ C0] hrtimer_run_softirq+0x177/0x290 [ 154.923885][ C0] handle_softirqs+0x27d/0x820 [ 154.944369][ T992] CR2: 000020000000e000 CR3: 000000007e3db000 CR4: 00000000003506e0 [ 154.949630][ C0] ? run_ksoftirqd+0xa8/0x100 [ 154.949663][ C0] ? do_softirq+0x1a0/0x1a0 [ 154.949698][ C0] run_ksoftirqd+0xa8/0x100 [ 154.949723][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 154.949744][ C0] ? takeover_tasklets+0x770/0x770 [ 154.958156][ T992] Call Trace: [ 154.965740][ C0] ? takeover_tasklets+0x770/0x770 [ 154.965766][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 154.965790][ C0] smpboot_thread_fn+0x651/0x9f0 [ 154.965824][ C0] ? smpboot_thread_fn+0x4d/0x9f0 [ 154.965866][ C0] kthread+0x2fa/0x390 [ 154.975928][ T992] [ 154.981884][ C0] ? smpboot_unregister_percpu_thread+0x2a0/0x2a0 [ 154.981942][ C0] ? kthread_blkcg+0xd0/0xd0 [ 154.981965][ C0] ret_from_fork+0x48/0x80 [ 154.981989][ C0] ? kthread_blkcg+0xd0/0xd0 [ 154.982011][ C0] ret_from_fork_asm+0x11/0x20 [ 154.982052][ C0] [ 154.982062][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 154.982071][ C0] CPU: 0 PID: 16 Comm: ksoftirqd/0 Not tainted syzkaller #0 [ 154.982088][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 154.982099][ C0] Call Trace: [ 154.982106][ C0] [ 154.982113][ C0] dump_stack_lvl+0x18c/0x250 [ 154.982141][ C0] ? show_regs_print_info+0x20/0x20 [ 154.982197][ C0] ? load_image+0x420/0x420 [ 154.982294][ C0] panic+0x2ca/0x720 [ 154.982402][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 154.982501][ C0] ? ret_from_fork_asm+0x11/0x20 [ 154.982575][ C0] __warn+0x2e0/0x470 [ 154.982645][ C0] ? __ieee80211_beacon_get+0x1141/0x1520 [ 154.982726][ C0] ? __ieee80211_beacon_get+0x1141/0x1520 [ 154.982799][ C0] report_bug+0x2be/0x4f0 [ 154.982858][ C0] ? __ieee80211_beacon_get+0x1141/0x1520 [ 154.982937][ C0] ? __ieee80211_beacon_get+0x1141/0x1520 [ 154.983009][ C0] ? __ieee80211_beacon_get+0x1143/0x1520 [ 154.983081][ C0] handle_bug+0xcf/0x120 [ 154.983149][ C0] exc_invalid_op+0x1a/0x50 [ 154.983211][ C0] asm_exc_invalid_op+0x1a/0x20 [ 154.983283][ C0] RIP: 0010:__ieee80211_beacon_get+0x1141/0x1520 [ 154.983372][ C0] Code: f7 4c 89 ef e8 b0 a4 c2 f7 45 31 ed 4c 8b bc 24 a0 00 00 00 e9 7f fe ff ff e8 7b c6 84 f7 0f 0b e9 61 f8 ff ff e8 6f c6 84 f7 <0f> 0b e9 85 fb ff ff e8 63 c6 84 f7 48 c7 c7 40 50 64 8e 4c 89 e6 [ 154.983412][ C0] RSP: 0018:ffffc90000157878 EFLAGS: 00010246 [ 154.983461][ C0] RAX: ffffffff8a021ee1 RBX: dffffc0000000000 RCX: ffff88801a27da00 [ 154.983501][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 154.983532][ C0] RBP: 0000000000000000 R08: ffff88801a27da00 R09: 0000000000000003 [ 154.983562][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805ddb6440 [ 154.983593][ C0] R13: ffff888021dafc24 R14: ffff88805ddb6930 R15: ffff888021dafc00 [ 154.983666][ C0] ? __ieee80211_beacon_get+0x1141/0x1520 [ 154.983784][ C0] ? __ieee80211_beacon_get+0x1141/0x1520 [ 154.983851][ C0] ? __ieee80211_beacon_get+0x36/0x1520 [ 154.983955][ C0] ieee80211_beacon_get_tim+0xbf/0x580 [ 154.984036][ C0] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 154.984146][ C0] mac80211_hwsim_beacon_tx+0x3bd/0x770 [ 154.984236][ C0] __iterate_interfaces+0x225/0x4c0 [ 154.984298][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 154.984377][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 154.984440][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0 [ 154.984510][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 154.984583][ C0] mac80211_hwsim_beacon+0xbb/0x1b0 [ 154.984651][ C0] ? hw_scan_work+0xf10/0xf10 [ 154.984713][ C0] __hrtimer_run_queues+0x525/0xc10 [ 154.984816][ C0] ? hrtimer_interrupt+0x980/0x980 [ 154.984867][ C0] ? read_tsc+0x9/0x20 [ 154.984940][ C0] hrtimer_run_softirq+0x177/0x290 [ 154.985026][ C0] handle_softirqs+0x27d/0x820 [ 154.985108][ C0] ? run_ksoftirqd+0xa8/0x100 [ 154.985183][ C0] ? do_softirq+0x1a0/0x1a0 [ 154.985255][ C0] run_ksoftirqd+0xa8/0x100 [ 154.985306][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 154.985365][ C0] ? takeover_tasklets+0x770/0x770 [ 154.985433][ C0] ? takeover_tasklets+0x770/0x770 [ 154.985477][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 154.985536][ C0] smpboot_thread_fn+0x651/0x9f0 [ 154.985614][ C0] ? smpboot_thread_fn+0x4d/0x9f0 [ 154.985708][ C0] kthread+0x2fa/0x390 [ 154.985750][ C0] ? smpboot_unregister_percpu_thread+0x2a0/0x2a0 [ 154.985840][ C0] ? kthread_blkcg+0xd0/0xd0 [ 154.985889][ C0] ret_from_fork+0x48/0x80 [ 154.985942][ C0] ? kthread_blkcg+0xd0/0xd0 [ 154.985995][ C0] ret_from_fork_asm+0x11/0x20 [ 154.986097][ C0] [ 154.990689][ C0] Kernel Offset: disabled