last executing test programs: 7.736086546s ago: executing program 0 (id=45): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, r1}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000280), 0x40203, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x101, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000001080)={{0x12, 0x1, 0x0, 0xff, 0x0, 0x0, 0x40, 0x572, 0xcb01, 0x2665, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xaa, 0x75, 0xb7}}]}}]}}, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) syz_emit_ethernet(0x5e, &(0x7f0000000740)={@broadcast, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "45208e", 0x28, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @local}, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @private1={0xfc, 0x1, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}}}}, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r3], 0x20) 6.056841011s ago: executing program 0 (id=53): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x8, {0x8, 0x0, "392cdaab4a73"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x1, 0x3, "c282fe"}, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0}) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) syz_usb_control_io(r0, 0x0, 0x0) readv(r1, &(0x7f0000000340)=[{0x0}, {&(0x7f0000000c40)=""/245, 0xf5}, {0x0}], 0x3) 4.855915868s ago: executing program 3 (id=57): syz_open_dev$tty1(0xc, 0x4, 0x1) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) unshare(0x2c020400) pselect6(0x35, &(0x7f0000000080)={0x3, 0x5, 0xf, 0x5, 0x1000, 0x7, 0x0, 0x80}, &(0x7f00000000c0)={0x38, 0xd, 0xffff, 0x7, 0x3ff, 0x9, 0x2b27a4b1, 0x1}, 0x0, 0x0, 0x0) 4.591991589s ago: executing program 3 (id=58): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) recvmmsg(r0, &(0x7f00000057c0)=[{{0x0, 0x0, &(0x7f0000000100)=[{0x0}, {&(0x7f0000000440)=""/134, 0x86}, {&(0x7f0000000540)=""/114, 0x72}], 0x3}, 0xa1}], 0x1, 0x0, 0x0) 4.46060868s ago: executing program 3 (id=59): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x100000) setsockopt$sock_int(r1, 0x1, 0x8, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect(0x6, 0x7a, 0x0, 0x0) r2 = epoll_create1(0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r4, &(0x7f0000000100)={0x20000014}) epoll_wait(r2, &(0x7f0000000140)=[{}], 0x1, 0x410) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=@newlink={0x48, 0x10, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00, 0x0, 0x0, 0x8110}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @batadv={{0xb}, {0xffffffffffffff89}}}, @IFLA_MASTER={0x8}, @IFLA_ADDRESS={0xa, 0x1, @multicast}]}, 0x48}}, 0x0) 4.256743506s ago: executing program 1 (id=60): r0 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000100)=@qipcrtr={0x2a, 0x4, 0x1}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000040)="27031c00160014000000002f1eafacf706e105000000884700050003ee0b80558ddbba9b37786f", 0x27}], 0x1}, 0x24004010) 3.96813565s ago: executing program 2 (id=61): socket$inet_udplite(0x2, 0x2, 0x88) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="10007d8005", @ANYRES8=0x0, @ANYRES32=r0], 0x2c}, 0x1, 0x0, 0x0, 0x20004080}, 0x0) 3.96795743s ago: executing program 1 (id=62): r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000004440)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0xe9a5, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000480)=[@tclass={{0x14, 0x29, 0x43, 0x1f85}}], 0x18}}], 0x1, 0x40) 3.834412051s ago: executing program 1 (id=63): socket$nl_netfilter(0x10, 0x3, 0xc) mkdir(0x0, 0x19a) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x1d, 0x0, 0x0, 0xb4c, 0x9, 0x1, 0x0, 0x8}, 0x0) add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) r3 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000dc0)={0x8, 'vlan1\x00', {'ip6_vti0\x00'}}) write$apparmor_current(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB="7065f8"], 0x10) ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00"}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYBLOB="08910400000000003400128009000100766c616e000000002400028004000480100003800c60ca002d0a0000030000000c000200160000001700000014000300766c616e30"], 0x68}}, 0x0) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_CLEAR_HALT(r5, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) open(&(0x7f0000000240)='./file0\x00', 0x40000, 0x122) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r6 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2) ioctl$VIDIOC_S_OUTPUT(r6, 0xc004562f, &(0x7f0000000000)=0x1) ioctl$VIDIOC_S_DV_TIMINGS(r6, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x190, 0x1, 0x0, 0xdd9f83, 0x1, 0xa, 0x1, 0x1, 0x5, 0x722, 0xed, 0x7, 0x81, 0x3f, 0xb763599953cb091d, {0x10000, 0x6fd8e84b}, 0x8, 0xed}}) mkdir(&(0x7f00000000c0)='./file0\x00', 0x143) 3.723838229s ago: executing program 2 (id=64): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x28}}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x0) 3.512188856s ago: executing program 2 (id=65): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", "545324f1"}, 0x28) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "0daf7461cfccf6ce"}, 0x28) close_range(r0, 0xffffffffffffffff, 0x0) 3.434355592s ago: executing program 0 (id=66): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_io_uring_setup(0x7660, &(0x7f0000000040)={0x0, 0x766b, 0x2, 0x1, 0x138}, &(0x7f0000000100), &(0x7f00000001c0)) syz_usbip_server_init(0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0xb) write$binfmt_aout(r4, &(0x7f0000000140)=ANY=[], 0xff2e) ioctl$TCFLSH(r4, 0x540b, 0x0) r5 = socket(0x1d, 0x2, 0x6) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="340000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00680000ac000000143fc9800b000100655f6e657665000004000280"], 0x34}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_gfeatures={0x33}}) socket$netlink(0x10, 0x3, 0xe) accept4(r0, 0x0, 0x0, 0x800) 3.073320402s ago: executing program 2 (id=67): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000340)={0x2, 0x5, 0x0, 0x2, 0x2, 0x0, 0x0, 0x7}, 0x10}, 0x1, 0x400000000000000}, 0x0) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r5 = io_uring_setup(0x67bb, &(0x7f0000000280)) io_uring_enter(r5, 0x0, 0x2, 0xf, &(0x7f0000000000), 0x18) 1.912205915s ago: executing program 2 (id=68): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@ipv6_newaddrlabel={0x1c, 0x48, 0x805, 0x70bd25, 0x25dfdbfc, {0xa, 0x0, 0x0, 0x0, 0x0, 0x80000003}}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x10) 1.781574186s ago: executing program 2 (id=69): socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/dev_mcast\x00') socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0) socket(0x200000100000011, 0x3, 0x0) openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r3, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r2, 0x3b89, &(0x7f00000002c0)={0x18, 0x3, r4, r5, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000480)={0x28, 0x4, r5, 0x0, &(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000100)={0x28, 0x4, r5, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x5}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r2, 0x3b8b, &(0x7f0000000040)={0x10, 0x1, r6}) 1.334058452s ago: executing program 1 (id=70): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0xfad6, 0x0, 0x0, 0x80}, 0x0, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r7, {}, {0x2, 0xb}, {0x9, 0xb}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 640.095838ms ago: executing program 1 (id=71): sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x5, 0x180, 0x9, {0x77359400}, {}, {0x2, 0x0, 0x1}, 0x1, @can={{0x4, 0x1, 0x1, 0x1}, 0x5, 0x1, 0x0, 0x0, "c251541693f8cfd1"}}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x4004844) r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x4e23, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x24) listen(r0, 0x8) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) accept4(r0, &(0x7f0000000480)=@nfc_llcp, &(0x7f0000000500)=0x80, 0x80000) 626.385399ms ago: executing program 3 (id=72): r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00') read$FUSE(r0, &(0x7f0000002600)={0x2020}, 0x2020) 441.808984ms ago: executing program 0 (id=73): unshare(0x400) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r0 = socket$nl_route(0x10, 0x3, 0x0) connect$netlink(r0, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) 260.275689ms ago: executing program 3 (id=74): syz_open_procfs(0xffffffffffffffff, 0x0) io_setup(0xffffff7f, 0x0) io_submit(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x807}, 0x94) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="60000000020601036c0000000000000000000000050005000a00000005000100060000000500040000000000090002e2ad5452ccb50073797a320000000012000300686173683a6e65742c706f7274000000140007800800124000211c0c2c1e83ab49fa35e9c19f4610ebb8a3b7bff44d7b340559ecb17da6191c31c46db777380b98cc953ea4210c2d90c17951c685214b4fff22855781d72953eeb41f07ef36cde5f701362905054e616084244769f5ee1cd3593dcc10458aa88af141470ca6e39af3087f44918921c8"], 0x60}}, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) 221.828082ms ago: executing program 0 (id=75): r0 = syz_open_dev$sndctrl(&(0x7f00000001c0), 0x2, 0x40082) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000340)={{0x6, 0x3, 0x2, 0x0, 'syz0\x00', 0x2}, 0x1, [0xffffffff, 0x1000, 0x9, 0x100, 0x3, 0xffffffffffffffff, 0x6, 0x1, 0xd6d9, 0x9, 0x0, 0x9, 0xfffffffffffffff9, 0x1, 0x2, 0x32, 0x40, 0xfffffffffffffffa, 0x8, 0x8000, 0xe776, 0x9, 0x6, 0x4, 0x80, 0x1, 0x2, 0x786, 0x7, 0x0, 0x5, 0xc4, 0x7, 0x4, 0x6, 0x7, 0x1, 0x3, 0x2, 0x8, 0x7, 0xd, 0x9, 0x8, 0x1, 0x6, 0x4, 0x5, 0x2, 0x800000, 0x20, 0x1000, 0x2, 0xe00, 0x5, 0x9, 0x46, 0x8, 0x6, 0x0, 0x6, 0x3, 0x200, 0x292, 0x4, 0x7, 0x5, 0x0, 0x8000, 0x1, 0x2e, 0x81, 0x0, 0x0, 0xffffffff, 0x1ea9, 0x5, 0x1be, 0x6, 0x6, 0xffffffffffffffd1, 0x3, 0xff, 0x0, 0x4, 0x523, 0x3, 0x7, 0x4, 0x4, 0x9, 0x7, 0x5, 0x5, 0x5, 0x863f, 0x1, 0x8, 0x9, 0xf67, 0xf, 0x3, 0x2000000000, 0x4, 0x3, 0xda4, 0x6, 0x1, 0x2, 0x3, 0x4, 0x2, 0x7ff, 0x10, 0x2d9, 0x7, 0x7, 0x1, 0x3, 0x7fffffffffffffff, 0x80000000, 0x81, 0x6, 0xd0f2, 0x9, 0x400, 0x29, 0xcd3]}) 64.945225ms ago: executing program 3 (id=76): r0 = socket(0x11, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'ip6gretap0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xe9, 0x4) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="3f011400"], 0xdd12}], 0x1}, 0x20040051) 173.22µs ago: executing program 0 (id=77): r0 = syz_usb_connect(0x5, 0x0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000200)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0}) r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x107734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2d, 0x0, 0x0, 0x6}]}, 0xfffffffffffffeea) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r1, 0x47bc, 0xfac7, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=78): sendmsg(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000080)="cf", 0x1}], 0x1, 0x0, 0x0, 0x11000000}, 0x8000) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000540)) ptrace$cont(0x20, r0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.112' (ED25519) to the list of known hosts. [ 73.124809][ T5776] cgroup: Unknown subsys name 'net' [ 73.261121][ T5776] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.024011][ T5776] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.733847][ T5792] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.741774][ T5795] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.751949][ T5795] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.759120][ T5798] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.767507][ T5798] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.775406][ T5798] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.784570][ T5795] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.793197][ T5798] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.801538][ T5795] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.810312][ T5798] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.818722][ T5795] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 76.827013][ T5798] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 76.834936][ T5795] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.840946][ T5799] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.842550][ T5798] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.850833][ T5799] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.860724][ T5798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.873529][ T5798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.883896][ T5803] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.885087][ T5804] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.903851][ T5799] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.911726][ T5799] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.922445][ T5804] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 76.932017][ T5804] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.333204][ T5788] chnl_net:caif_netlink_parms(): no params data found [ 77.478684][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 77.562584][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 77.599803][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.608570][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.617090][ T5788] bridge_slave_0: entered allmulticast mode [ 77.626333][ T5788] bridge_slave_0: entered promiscuous mode [ 77.634765][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 77.682266][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.689751][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.698151][ T5788] bridge_slave_1: entered allmulticast mode [ 77.707822][ T5788] bridge_slave_1: entered promiscuous mode [ 77.749771][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.757150][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.764584][ T5789] bridge_slave_0: entered allmulticast mode [ 77.771645][ T5789] bridge_slave_0: entered promiscuous mode [ 77.809548][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.829007][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.836593][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.844118][ T5789] bridge_slave_1: entered allmulticast mode [ 77.851730][ T5789] bridge_slave_1: entered promiscuous mode [ 77.880619][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.941213][ T5788] team0: Port device team_slave_0 added [ 77.951333][ T5788] team0: Port device team_slave_1 added [ 77.970538][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.983133][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.026433][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.034176][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.041480][ T5786] bridge_slave_0: entered allmulticast mode [ 78.049225][ T5786] bridge_slave_0: entered promiscuous mode [ 78.058557][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.065927][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.073687][ T5786] bridge_slave_1: entered allmulticast mode [ 78.080953][ T5786] bridge_slave_1: entered promiscuous mode [ 78.110342][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.117845][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.144199][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.158555][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.166164][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.193754][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.228739][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.236803][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.244687][ T5787] bridge_slave_0: entered allmulticast mode [ 78.251800][ T5787] bridge_slave_0: entered promiscuous mode [ 78.294795][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.308714][ T5789] team0: Port device team_slave_0 added [ 78.321464][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.329106][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.336648][ T5787] bridge_slave_1: entered allmulticast mode [ 78.345357][ T5787] bridge_slave_1: entered promiscuous mode [ 78.366060][ T5788] hsr_slave_0: entered promiscuous mode [ 78.372936][ T5788] hsr_slave_1: entered promiscuous mode [ 78.381958][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.393146][ T5789] team0: Port device team_slave_1 added [ 78.441596][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.492383][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.507304][ T5786] team0: Port device team_slave_0 added [ 78.523028][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.530456][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.557611][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.582709][ T5786] team0: Port device team_slave_1 added [ 78.607968][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.615452][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.642197][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.701561][ T5787] team0: Port device team_slave_0 added [ 78.711476][ T5787] team0: Port device team_slave_1 added [ 78.718344][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.726466][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.754108][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.809048][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.816345][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.843269][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.870661][ T5789] hsr_slave_0: entered promiscuous mode [ 78.878401][ T5789] hsr_slave_1: entered promiscuous mode [ 78.879300][ T5792] Bluetooth: hci2: command tx timeout [ 78.889899][ T5789] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.898184][ T5789] Cannot create hsr debugfs directory [ 78.918664][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.925892][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.953160][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.957844][ T5792] Bluetooth: hci0: command tx timeout [ 78.970457][ T5799] Bluetooth: hci1: command tx timeout [ 79.007085][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 79.014404][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.041186][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.052239][ T5799] Bluetooth: hci3: command tx timeout [ 79.129555][ T5786] hsr_slave_0: entered promiscuous mode [ 79.138417][ T5786] hsr_slave_1: entered promiscuous mode [ 79.145953][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.153758][ T5786] Cannot create hsr debugfs directory [ 79.208905][ T5787] hsr_slave_0: entered promiscuous mode [ 79.216792][ T5787] hsr_slave_1: entered promiscuous mode [ 79.223238][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.231722][ T5787] Cannot create hsr debugfs directory [ 79.439256][ T5788] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.478763][ T5788] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.490531][ T5788] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.501107][ T5788] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 79.675997][ T5789] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.689304][ T5789] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.702675][ T5789] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.721940][ T5789] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.823851][ T5786] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 79.865369][ T5786] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 79.877102][ T5786] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 79.890130][ T5786] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 79.921800][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.998488][ T5787] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 80.009374][ T5787] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 80.021747][ T5787] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 80.042030][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.050163][ T5787] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 80.114970][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.129104][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.136659][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.195561][ T2965] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.202932][ T2965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.242278][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.269154][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.290211][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.298121][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.308167][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.315394][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.338815][ T5788] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.426214][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.449985][ T2993] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.457655][ T2993] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.482542][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.504638][ T2993] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.512009][ T2993] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.621099][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.646396][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.653702][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.681365][ T2965] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.688651][ T2965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.875245][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.956212][ T5799] Bluetooth: hci2: command tx timeout [ 80.983340][ T5788] veth0_vlan: entered promiscuous mode [ 81.000100][ T5788] veth1_vlan: entered promiscuous mode [ 81.034655][ T5799] Bluetooth: hci1: command tx timeout [ 81.040144][ T5799] Bluetooth: hci0: command tx timeout [ 81.076291][ T5788] veth0_macvtap: entered promiscuous mode [ 81.090171][ T5788] veth1_macvtap: entered promiscuous mode [ 81.115146][ T5799] Bluetooth: hci3: command tx timeout [ 81.174745][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.201739][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.248522][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.290182][ T5788] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.301088][ T5788] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.316822][ T5788] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.328196][ T5788] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.372432][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.396877][ T5789] veth0_vlan: entered promiscuous mode [ 81.446932][ T5789] veth1_vlan: entered promiscuous mode [ 81.484097][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.542057][ T2965] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.556837][ T2965] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.606449][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.619041][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.621375][ T5786] veth0_vlan: entered promiscuous mode [ 81.701699][ T5786] veth1_vlan: entered promiscuous mode [ 81.713219][ T5789] veth0_macvtap: entered promiscuous mode [ 81.748202][ T5789] veth1_macvtap: entered promiscuous mode [ 81.788478][ T5787] veth0_vlan: entered promiscuous mode [ 81.842250][ T5787] veth1_vlan: entered promiscuous mode [ 81.843265][ T5875] syz.2.3[5875]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 81.870318][ T5875] loop2: detected capacity change from 0 to 512 [ 81.896236][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.921215][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.943040][ T5875] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.3: casefold flag without casefold feature [ 81.961405][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.982038][ T5875] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.3: couldn't read orphan inode 15 (err -117) [ 81.993929][ T5786] veth0_macvtap: entered promiscuous mode [ 82.015880][ T5875] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.053472][ T5789] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.080123][ T5789] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.115821][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.129468][ T5786] veth1_macvtap: entered promiscuous mode [ 82.200487][ T5789] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.212786][ T5789] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.227172][ T5789] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.241774][ T5789] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.418037][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.452848][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.472388][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.495413][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.567127][ T5883] process 'syz.2.3' launched './file0' with NULL argv: empty string added [ 82.593034][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.708405][ T5787] veth0_macvtap: entered promiscuous mode [ 82.741508][ T5787] veth1_macvtap: entered promiscuous mode [ 82.758439][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.776531][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.789757][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.807004][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.820314][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.032199][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 83.034411][ T5799] Bluetooth: hci2: command tx timeout [ 83.079157][ T5786] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.113814][ T5799] Bluetooth: hci0: command tx timeout [ 83.119483][ T5799] Bluetooth: hci1: command tx timeout [ 83.133883][ T5786] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.142731][ T5786] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.193961][ T5799] Bluetooth: hci3: command tx timeout [ 83.205743][ T5786] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.267767][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.297972][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.313721][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.326647][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.349401][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 83.364965][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.385872][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 83.462119][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.478367][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.488901][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.500318][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.510577][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 83.521970][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 83.540715][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 83.598764][ T5787] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.608124][ T5787] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.619480][ T5787] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.628671][ T5787] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.716396][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.753072][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.855873][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.878051][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.987654][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.003404][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.100754][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.133914][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.189818][ T5890] loop0: detected capacity change from 0 to 512 [ 84.195423][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.228208][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.246487][ T5890] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.1: casefold flag without casefold feature [ 84.261814][ T5890] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.1: couldn't read orphan inode 15 (err -117) [ 84.302338][ T5890] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 84.438942][ T2993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.461159][ T2993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.786750][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 85.038908][ T5898] loop1: detected capacity change from 0 to 2048 [ 85.059329][ T5898] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 85.114931][ T5799] Bluetooth: hci2: command tx timeout [ 85.194653][ T5799] Bluetooth: hci1: command tx timeout [ 85.194694][ T5792] Bluetooth: hci0: command tx timeout [ 85.276477][ T5792] Bluetooth: hci3: command tx timeout [ 85.294354][ T5802] udevd[5802]: incorrect nilfs2 checksum on /dev/loop1 [ 85.412507][ T5903] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 85.418674][ T5802] udevd[5802]: incorrect nilfs2 checksum on /dev/loop1 [ 85.489288][ T5904] loop2: detected capacity change from 0 to 512 [ 85.496282][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.570317][ T5904] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.6: casefold flag without casefold feature [ 85.668158][ T5904] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.6: couldn't read orphan inode 15 (err -117) [ 85.752452][ T5904] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.838903][ T5788] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.018128][ T5916] tipc: Started in network mode [ 87.023322][ T5916] tipc: Node identity 4e9efc268dfe, cluster identity 4711 [ 87.046166][ T5916] tipc: Enabled bearer , priority 0 [ 87.055482][ T5916] syzkaller0: entered promiscuous mode [ 87.061178][ T5916] syzkaller0: entered allmulticast mode [ 87.155309][ T1187] cfg80211: failed to load regulatory.db [ 87.356431][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.423895][ T5918] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 87.563336][ T5923] loop1: detected capacity change from 0 to 256 [ 87.623975][ T5923] exFAT-fs (loop1): bogus data start sector [ 87.637151][ T5923] exFAT-fs (loop1): failed to read boot sector [ 87.645240][ T5916] tipc: Resetting bearer [ 87.658218][ T5923] exFAT-fs (loop1): failed to recognize exfat type [ 87.975854][ T5916] tipc: Disabling bearer [ 87.976925][ T5929] loop3: detected capacity change from 0 to 512 [ 88.076242][ T5882] tipc: Node number set to 3277913126 [ 88.682553][ T5929] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.12: casefold flag without casefold feature [ 88.734734][ T5929] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.12: couldn't read orphan inode 15 (err -117) [ 88.759896][ T5929] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.068708][ T5937] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.625388][ T5946] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16'. [ 89.685964][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.706415][ T5948] warning: `syz.2.17' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 90.347387][ T5973] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 90.434922][ T5882] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 90.552534][ T5977] netlink: 83 bytes leftover after parsing attributes in process `syz.3.29'. [ 90.633692][ T5856] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 90.648758][ T5882] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 90.680297][ T5882] usb 1-1: config 0 has no interfaces? [ 90.723695][ T5882] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 90.751804][ T5882] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.777655][ T5882] usb 1-1: config 0 descriptor?? [ 90.857832][ T28] audit: type=1326 audit(1756728239.641:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f9198ebe9 code=0x7ffc0000 [ 90.881278][ C0] vkms_vblank_simulate: vblank timer overrun [ 90.925918][ T5856] usb 2-1: Using ep0 maxpacket: 32 [ 90.943146][ T5856] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 90.954698][ T5856] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 90.981283][ T28] audit: type=1326 audit(1756728239.671:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7f7f9198ebe9 code=0x7ffc0000 [ 91.004165][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 91.033412][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 91.074367][ T5856] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 91.093968][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.112803][ T5856] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.130713][ T5967] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 91.132493][ T28] audit: type=1326 audit(1756728239.671:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f9198ebe9 code=0x7ffc0000 [ 91.182516][ T5856] usb 2-1: config 0 descriptor?? [ 91.217143][ T28] audit: type=1326 audit(1756728239.671:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f7f9198ebe9 code=0x7ffc0000 [ 91.252938][ T5967] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 91.356819][ T5856] usb 1-1: USB disconnect, device number 2 [ 91.387682][ T28] audit: type=1326 audit(1756728239.681:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f9198ebe9 code=0x7ffc0000 [ 91.409971][ C0] vkms_vblank_simulate: vblank timer overrun [ 91.442962][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 91.452013][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.461418][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.470019][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.521154][ T28] audit: type=1326 audit(1756728239.681:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f9198ebe9 code=0x7ffc0000 [ 91.543337][ C0] vkms_vblank_simulate: vblank timer overrun [ 91.596118][ T28] audit: type=1326 audit(1756728239.681:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7f7f9198ebe9 code=0x7ffc0000 [ 91.652036][ T28] audit: type=1326 audit(1756728239.681:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f9198ebe9 code=0x7ffc0000 [ 91.696483][ T28] audit: type=1326 audit(1756728239.681:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7f9198d550 code=0x7ffc0000 [ 91.720881][ T28] audit: type=1326 audit(1756728239.681:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5981 comm="syz.3.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7f9198d550 code=0x7ffc0000 [ 91.743807][ C0] vkms_vblank_simulate: vblank timer overrun [ 92.024647][ T23] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 92.286341][ T23] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 92.310090][ T23] usb 3-1: config 0 has no interfaces? [ 92.342826][ T23] usb 3-1: New USB device found, idVendor=0867, idProduct=9812, bcdDevice=40.85 [ 92.354656][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.400903][ T23] usb 3-1: config 0 descriptor?? [ 92.453774][ T1187] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 92.634262][ T1187] usb 1-1: Using ep0 maxpacket: 8 [ 92.658064][ T1187] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 92.686753][ T1187] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 92.698836][ T1187] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 92.713070][ T1187] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 92.732228][ T1187] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 92.742052][ T1187] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.987195][ T1187] usb 1-1: GET_CAPABILITIES returned 0 [ 93.001611][ T1187] usbtmc 1-1:16.0: can't read capabilities [ 93.209353][ C1] usbtmc 1-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 93.244660][ T1187] usb 2-1: USB disconnect, device number 2 [ 93.270470][ T23] usb 1-1: USB disconnect, device number 3 [ 93.598374][ T6010] netlink: 24 bytes leftover after parsing attributes in process `syz.3.38'. [ 93.836214][ T1187] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 94.010143][ T6018] tmpfs: Unknown parameter '‰ö' [ 94.087641][ T6020] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition [ 94.098631][ T6020] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0) [ 94.199868][ T6025] netlink: 8 bytes leftover after parsing attributes in process `syz.0.43'. [ 94.223240][ T6025] netlink: 12 bytes leftover after parsing attributes in process `syz.0.43'. [ 94.639797][ T23] usb 3-1: USB disconnect, device number 2 [ 95.044760][ T5882] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 95.134906][ T6036] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 95.155090][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 95.304060][ T5882] usb 1-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 95.334059][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.342145][ T5882] usb 1-1: Product: syz [ 95.382693][ T5882] usb 1-1: Manufacturer: syz [ 95.393695][ T5882] usb 1-1: SerialNumber: syz [ 95.484621][ T5882] usb 1-1: config 0 descriptor?? [ 95.726109][ T5882] cx82310_eth: probe of 1-1:0.0 failed with error -22 [ 95.754686][ T5882] cxacru 1-1:0.0: usbatm_usb_probe: bind failed: -19! [ 95.774632][ T5882] usb 1-1: USB disconnect, device number 4 [ 96.108370][ T6051] kvm: pic: non byte write [ 96.644234][ T1187] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 96.803770][ T27] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 96.856648][ T1187] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.886189][ T1187] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 96.899979][ T1187] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 96.928722][ T1187] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.022202][ T1187] usb 1-1: config 0 descriptor?? [ 97.023725][ T27] usb 2-1: Using ep0 maxpacket: 8 [ 97.057332][ T27] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.080183][ T27] usb 2-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8 [ 97.102232][ T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.186646][ T27] usb 2-1: Product: syz [ 97.201879][ T27] usb 2-1: Manufacturer: syz [ 97.206664][ T27] usb 2-1: SerialNumber: syz [ 97.214084][ T27] usb 2-1: config 0 descriptor?? [ 97.236845][ T27] ati_remote 2-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints [ 97.457778][ T5856] usb 2-1: USB disconnect, device number 4 [ 97.519156][ T1187] cp2112 0003:10C4:EA90.0001: unknown main item tag 0x0 [ 97.589363][ T1187] cp2112 0003:10C4:EA90.0001: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 97.687640][ T1187] cp2112 0003:10C4:EA90.0001: Part Number: 0x82 Device Version: 0xFE [ 98.314529][ T1187] cp2112 0003:10C4:EA90.0001: error reading lock byte: -32 [ 98.373764][ T6080] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.402186][ T1187] usb 1-1: USB disconnect, device number 5 [ 98.436949][ T6082] netlink: 4 bytes leftover after parsing attributes in process `syz.3.59'. [ 98.951543][ T6091] usb usb8: usbfs: process 6091 (syz.1.63) did not claim interface 0 before use [ 99.828474][ T6098] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 99.835349][ T6098] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 99.863037][ T6098] vhci_hcd vhci_hcd.0: Device attached [ 100.116473][ T6098] netdevsim netdevsim0: Direct firmware load for x failed with error -2 [ 100.123741][ T1187] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 100.125305][ T6098] netdevsim netdevsim0: Falling back to sysfs fallback for: x [ 100.483690][ T6113] vhci_hcd: connection reset by peer [ 100.499281][ T12] vhci_hcd: stop threads [ 100.508598][ T12] vhci_hcd: release socket [ 100.530181][ T12] vhci_hcd: disconnect device [ 100.949043][ T6124] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 101.168816][ T6126] tipc: Started in network mode [ 101.247230][ T6126] tipc: Node identity ae384146cd4a, cluster identity 4711 [ 101.303250][ T6126] tipc: Enabled bearer , priority 0 [ 101.366514][ T6126] tipc: Resetting bearer [ 101.394108][ T6127] syzkaller0: entered promiscuous mode [ 101.404888][ T6127] syzkaller0: entered allmulticast mode [ 101.461545][ T6125] tipc: Resetting bearer [ 101.528719][ T6125] tipc: Disabling bearer [ 102.029295][ T6135] capability: warning: `syz.0.73' uses deprecated v2 capabilities in a way that may be insecure [ 102.400971][ T2993] ------------[ cut here ]------------ [ 102.407386][ T2993] WARNING: CPU: 0 PID: 2993 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 102.418490][ T2993] Modules linked in: [ 102.422428][ T2993] CPU: 0 PID: 2993 Comm: kworker/u4:10 Not tainted syzkaller #0 [ 102.430304][ T2993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 102.440671][ T2993] Workqueue: phy5 ieee80211_csa_finalize_work [ 102.447205][ T2993] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 102.455031][ T2993] Code: 48 89 df e8 1a 06 ea f7 e9 dc fc ff ff e8 f0 bf 92 f7 eb 24 e8 e9 bf 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 d8 bf 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ca bf 92 f7 48 8b 7c 24 08 4c 8b 7c [ 102.475115][ T2993] RSP: 0018:ffffc9000bf679c0 EFLAGS: 00010293 [ 102.481329][ T2993] RAX: ffffffff89f2cbce RBX: 0000000000000001 RCX: ffff88802b548000 [ 102.489761][ T2993] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 102.498429][ T2993] RBP: dffffc0000000000 R08: ffff88805c2955af R09: 1ffff1100b852ab5 [ 102.507645][ C0] ------------[ cut here ]------------ [ 102.507676][ C0] WARNING: CPU: 0 PID: 2993 at net/mac80211/tx.c:5031 __ieee80211_beacon_get+0x1233/0x1600 [ 102.507724][ C0] Modules linked in: [ 102.507743][ C0] CPU: 0 PID: 2993 Comm: kworker/u4:10 Not tainted syzkaller #0 [ 102.507764][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 102.507778][ C0] Workqueue: phy5 ieee80211_csa_finalize_work [ 102.507810][ C0] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 102.507841][ C0] Code: 24 4c 89 e7 e8 0e 88 d4 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 19 65 97 f7 0f 0b e9 f6 f7 ff ff e8 0d 65 97 f7 <0f> 0b e9 48 fb ff ff e8 01 65 97 f7 48 c7 c7 a0 09 24 8e 4c 89 e6 [ 102.507859][ C0] RSP: 0018:ffffc90000007a18 EFLAGS: 00010246 [ 102.507880][ C0] RAX: ffffffff89ee2a93 RBX: ffffffff89ee1896 RCX: ffff88802b548000 [ 102.507897][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 102.507912][ C0] RBP: 0000000000000000 R08: ffff88802b548000 R09: 0000000000000003 [ 102.507927][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805c2963c0 [ 102.507942][ C0] R13: dffffc0000000000 R14: ffff88805c2968b0 R15: ffff88802efee824 [ 102.507959][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 102.507978][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.507994][ C0] CR2: 0000200000346030 CR3: 000000006114b000 CR4: 00000000003506f0 [ 102.508015][ C0] Call Trace: [ 102.508024][ C0] [ 102.508037][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 102.508078][ C0] ieee80211_beacon_get_tim+0xb8/0x560 [ 102.508113][ C0] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 102.508156][ C0] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 102.508191][ C0] __iterate_interfaces+0x243/0x500 [ 102.508216][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 102.508241][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 102.508267][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 102.508292][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 102.508322][ C0] mac80211_hwsim_beacon+0xbb/0x1b0 [ 102.508350][ C0] __hrtimer_run_queues+0x51e/0xc40 [ 102.508381][ C0] ? hw_scan_work+0xf40/0xf40 [ 102.508413][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 102.508435][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 102.508471][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 102.508499][ C0] handle_softirqs+0x280/0x820 [ 102.508533][ C0] ? __irq_exit_rcu+0xc7/0x190 [ 102.508561][ C0] ? do_softirq+0x180/0x180 [ 102.508587][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 102.508616][ C0] __irq_exit_rcu+0xc7/0x190 [ 102.508637][ C0] ? irq_exit_rcu+0x20/0x20 [ 102.508668][ C0] irq_exit_rcu+0x9/0x20 [ 102.508686][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 102.508715][ C0] [ 102.508723][ C0] [ 102.508733][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 102.508756][ C0] RIP: 0010:console_flush_all+0x889/0xd00 [ 102.508781][ C0] Code: ed 01 00 00 e8 48 2a 1b 00 4d 85 ff 48 8b 5c 24 38 75 07 e8 39 2a 1b 00 eb 06 e8 32 2a 1b 00 fb 49 bf 00 00 00 00 00 fc ff df <48> 8b 44 24 50 42 0f b6 04 38 84 c0 0f 85 2f 02 00 00 80 3b 01 0f [ 102.508798][ C0] RSP: 0018:ffffc9000bf67340 EFLAGS: 00000293 [ 102.508819][ C0] RAX: ffffffff816a656e RBX: ffffc9000bf674df RCX: ffff88802b548000 [ 102.508836][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 102.508849][ C0] RBP: ffffc9000bf674b0 R08: ffffffff90da5507 R09: 1ffffffff21b4aa0 [ 102.508865][ C0] R10: dffffc0000000000 R11: fffffbfff21b4aa1 R12: ffffffff8d4b5960 [ 102.508881][ C0] R13: 1ffffffff19792b0 R14: ffffffff8d4b59b8 R15: dffffc0000000000 [ 102.508907][ C0] ? console_flush_all+0x87e/0xd00 [ 102.508944][ C0] ? console_flush_all+0x10f/0xd00 [ 102.508982][ C0] ? is_console_locked+0x20/0x20 [ 102.509007][ C0] ? lock_chain_count+0x20/0x20 [ 102.509034][ C0] ? __down_trylock_console_sem+0xef/0x1e0 [ 102.509061][ C0] console_unlock+0xae/0x340 [ 102.509089][ C0] ? other_cpu_in_panic+0xf0/0xf0 [ 102.509111][ C0] ? vprintk_emit+0x521/0x600 [ 102.509137][ C0] ? printk_sprint+0x460/0x460 [ 102.509163][ C0] ? __wake_up_klogd+0xd9/0x100 [ 102.509191][ C0] vprintk_emit+0x477/0x600 [ 102.509218][ C0] ? printk_sprint+0x460/0x460 [ 102.509244][ C0] ? _printk+0xd0/0x110 [ 102.509264][ C0] ? copy_from_kernel_nofault+0x1d2/0x320 [ 102.509301][ C0] _printk+0xd0/0x110 [ 102.509322][ C0] ? ieee80211_vif_use_reserved_switch+0x10be/0x28f0 [ 102.509355][ C0] ? load_image+0x3b0/0x3b0 [ 102.509391][ C0] __show_regs+0x1bf/0x610 [ 102.509421][ C0] ? dump_stack_print_info+0xf5/0x150 [ 102.509450][ C0] show_regs+0x44/0x90 [ 102.509477][ C0] __warn+0x160/0x470 [ 102.509501][ C0] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 102.509539][ C0] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 102.509567][ C0] report_bug+0x2be/0x4f0 [ 102.509590][ C0] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 102.509620][ C0] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 102.509648][ C0] ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0 [ 102.509676][ C0] handle_bug+0xcf/0x120 [ 102.509701][ C0] exc_invalid_op+0x1a/0x50 [ 102.509726][ C0] asm_exc_invalid_op+0x1a/0x20 [ 102.509754][ C0] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 102.509784][ C0] Code: 48 89 df e8 1a 06 ea f7 e9 dc fc ff ff e8 f0 bf 92 f7 eb 24 e8 e9 bf 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 d8 bf 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ca bf 92 f7 48 8b 7c 24 08 4c 8b 7c [ 102.509801][ C0] RSP: 0018:ffffc9000bf679c0 EFLAGS: 00010293 [ 102.509822][ C0] RAX: ffffffff89f2cbce RBX: 0000000000000001 RCX: ffff88802b548000 [ 102.509838][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 102.509852][ C0] RBP: dffffc0000000000 R08: ffff88805c2955af R09: 1ffff1100b852ab5 [ 102.509868][ C0] R10: dffffc0000000000 R11: ffffed100b852ab6 R12: 0000000000000001 [ 102.509883][ C0] R13: ffff88805c2965d9 R14: ffff88807c422c70 R15: ffff88807c422ce8 [ 102.509909][ C0] ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0 [ 102.509961][ C0] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 102.509996][ C0] ieee80211_csa_finalize+0x59a/0xf00 [ 102.510026][ C0] ? mutex_lock_nested+0x20/0x20 [ 102.510055][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 102.510079][ C0] ? ieee80211_csa_finalize_work+0x140/0x140 [ 102.510111][ C0] ? read_lock_is_recursive+0x20/0x20 [ 102.510143][ C0] ieee80211_csa_finalize_work+0xf6/0x140 [ 102.510175][ C0] ? process_scheduled_works+0x957/0x15b0 [ 102.510201][ C0] process_scheduled_works+0xa45/0x15b0 [ 102.510258][ C0] ? assign_work+0x400/0x400 [ 102.510290][ C0] ? assign_work+0x39e/0x400 [ 102.510320][ C0] worker_thread+0xa55/0xfc0 [ 102.510347][ C0] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 102.510377][ C0] ? _raw_spin_unlock+0x40/0x40 [ 102.510403][ C0] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 102.510456][ C0] kthread+0x2fa/0x390 [ 102.510475][ C0] ? pr_cont_work+0x560/0x560 [ 102.510500][ C0] ? kthread_blkcg+0xd0/0xd0 [ 102.510529][ C0] ret_from_fork+0x48/0x80 [ 102.510553][ C0] ? kthread_blkcg+0xd0/0xd0 [ 102.510574][ C0] ret_from_fork_asm+0x11/0x20 [ 102.510618][ C0] [ 102.510630][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 102.510639][ C0] CPU: 0 PID: 2993 Comm: kworker/u4:10 Not tainted syzkaller #0 [ 102.510658][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 102.510669][ C0] Workqueue: phy5 ieee80211_csa_finalize_work [ 102.510696][ C0] Call Trace: [ 102.510703][ C0] [ 102.510711][ C0] dump_stack_lvl+0x16c/0x230 [ 102.510737][ C0] ? show_regs_print_info+0x20/0x20 [ 102.510760][ C0] ? load_image+0x3b0/0x3b0 [ 102.510791][ C0] panic+0x2c0/0x710 [ 102.510854][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 102.510890][ C0] ? ret_from_fork_asm+0x11/0x20 [ 102.510920][ C0] __warn+0x2e0/0x470 [ 102.510944][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 102.510974][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 102.511002][ C0] report_bug+0x2be/0x4f0 [ 102.511024][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 102.511052][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 102.511079][ C0] ? __ieee80211_beacon_get+0x1235/0x1600 [ 102.511107][ C0] handle_bug+0xcf/0x120 [ 102.511130][ C0] exc_invalid_op+0x1a/0x50 [ 102.511152][ C0] asm_exc_invalid_op+0x1a/0x20 [ 102.511177][ C0] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600 [ 102.511205][ C0] Code: 24 4c 89 e7 e8 0e 88 d4 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 19 65 97 f7 0f 0b e9 f6 f7 ff ff e8 0d 65 97 f7 <0f> 0b e9 48 fb ff ff e8 01 65 97 f7 48 c7 c7 a0 09 24 8e 4c 89 e6 [ 102.511220][ C0] RSP: 0018:ffffc90000007a18 EFLAGS: 00010246 [ 102.511236][ C0] RAX: ffffffff89ee2a93 RBX: ffffffff89ee1896 RCX: ffff88802b548000 [ 102.511250][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 102.511262][ C0] RBP: 0000000000000000 R08: ffff88802b548000 R09: 0000000000000003 [ 102.511273][ C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88805c2963c0 [ 102.511285][ C0] R13: dffffc0000000000 R14: ffff88805c2968b0 R15: ffff88802efee824 [ 102.511304][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 102.511333][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 102.511368][ C0] ? __ieee80211_beacon_get+0x1233/0x1600 [ 102.511397][ C0] ? __ieee80211_beacon_get+0x36/0x1600 [ 102.511434][ C0] ieee80211_beacon_get_tim+0xb8/0x560 [ 102.511466][ C0] ? ieee80211_beacon_get_template_ema_list+0x90/0x90 [ 102.511507][ C0] mac80211_hwsim_beacon_tx+0x3c7/0x780 [ 102.511548][ C0] __iterate_interfaces+0x243/0x500 [ 102.511570][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 102.511593][ C0] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 102.511618][ C0] ? mac80211_hwsim_vendor_cmd_test+0x2b0/0x2b0 [ 102.511641][ C0] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 102.511668][ C0] mac80211_hwsim_beacon+0xbb/0x1b0 [ 102.511693][ C0] __hrtimer_run_queues+0x51e/0xc40 [ 102.511721][ C0] ? hw_scan_work+0xf40/0xf40 [ 102.511751][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 102.511771][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 102.511804][ C0] hrtimer_run_softirq+0x187/0x2b0 [ 102.511830][ C0] handle_softirqs+0x280/0x820 [ 102.511853][ C0] ? __irq_exit_rcu+0xc7/0x190 [ 102.511878][ C0] ? do_softirq+0x180/0x180 [ 102.511902][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 102.511929][ C0] __irq_exit_rcu+0xc7/0x190 [ 102.511946][ C0] ? irq_exit_rcu+0x20/0x20 [ 102.511974][ C0] irq_exit_rcu+0x9/0x20 [ 102.511990][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 102.512015][ C0] [ 102.512022][ C0] [ 102.512030][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 102.512049][ C0] RIP: 0010:console_flush_all+0x889/0xd00 [ 102.512071][ C0] Code: ed 01 00 00 e8 48 2a 1b 00 4d 85 ff 48 8b 5c 24 38 75 07 e8 39 2a 1b 00 eb 06 e8 32 2a 1b 00 fb 49 bf 00 00 00 00 00 fc ff df <48> 8b 44 24 50 42 0f b6 04 38 84 c0 0f 85 2f 02 00 00 80 3b 01 0f [ 102.512085][ C0] RSP: 0018:ffffc9000bf67340 EFLAGS: 00000293 [ 102.512120][ C0] RAX: ffffffff816a656e RBX: ffffc9000bf674df RCX: ffff88802b548000 [ 102.512134][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 102.512146][ C0] RBP: ffffc9000bf674b0 R08: ffffffff90da5507 R09: 1ffffffff21b4aa0 [ 102.512160][ C0] R10: dffffc0000000000 R11: fffffbfff21b4aa1 R12: ffffffff8d4b5960 [ 102.512174][ C0] R13: 1ffffffff19792b0 R14: ffffffff8d4b59b8 R15: dffffc0000000000 [ 102.512197][ C0] ? console_flush_all+0x87e/0xd00 [ 102.512232][ C0] ? console_flush_all+0x10f/0xd00 [ 102.512267][ C0] ? is_console_locked+0x20/0x20 [ 102.512290][ C0] ? lock_chain_count+0x20/0x20 [ 102.512314][ C0] ? __down_trylock_console_sem+0xef/0x1e0 [ 102.512342][ C0] console_unlock+0xae/0x340 [ 102.512366][ C0] ? other_cpu_in_panic+0xf0/0xf0 [ 102.512386][ C0] ? vprintk_emit+0x521/0x600 [ 102.512411][ C0] ? printk_sprint+0x460/0x460 [ 102.512435][ C0] ? __wake_up_klogd+0xd9/0x100 [ 102.512461][ C0] vprintk_emit+0x477/0x600 [ 102.512485][ C0] ? printk_sprint+0x460/0x460 [ 102.512508][ C0] ? _printk+0xd0/0x110 [ 102.512533][ C0] ? copy_from_kernel_nofault+0x1d2/0x320 [ 102.512569][ C0] _printk+0xd0/0x110 [ 102.512587][ C0] ? ieee80211_vif_use_reserved_switch+0x10be/0x28f0 [ 102.512618][ C0] ? load_image+0x3b0/0x3b0 [ 102.512652][ C0] __show_regs+0x1bf/0x610 [ 102.512679][ C0] ? dump_stack_print_info+0xf5/0x150 [ 102.512705][ C0] show_regs+0x44/0x90 [ 102.512728][ C0] __warn+0x160/0x470 [ 102.512751][ C0] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 102.512781][ C0] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 102.512808][ C0] report_bug+0x2be/0x4f0 [ 102.512838][ C0] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 102.512866][ C0] ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 102.512893][ C0] ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0 [ 102.512920][ C0] handle_bug+0xcf/0x120 [ 102.512943][ C0] exc_invalid_op+0x1a/0x50 [ 102.512966][ C0] asm_exc_invalid_op+0x1a/0x20 [ 102.512992][ C0] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0 [ 102.513018][ C0] Code: 48 89 df e8 1a 06 ea f7 e9 dc fc ff ff e8 f0 bf 92 f7 eb 24 e8 e9 bf 92 f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 d8 bf 92 f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 ca bf 92 f7 48 8b 7c 24 08 4c 8b 7c [ 102.513032][ C0] RSP: 0018:ffffc9000bf679c0 EFLAGS: 00010293 [ 102.513048][ C0] RAX: ffffffff89f2cbce RBX: 0000000000000001 RCX: ffff88802b548000 [ 102.513062][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 102.513074][ C0] RBP: dffffc0000000000 R08: ffff88805c2955af R09: 1ffff1100b852ab5 [ 102.513087][ C0] R10: dffffc0000000000 R11: ffffed100b852ab6 R12: 0000000000000001 [ 102.513101][ C0] R13: ffff88805c2965d9 R14: ffff88807c422c70 R15: ffff88807c422ce8 [ 102.513123][ C0] ? ieee80211_vif_use_reserved_switch+0xcee/0x28f0 [ 102.513171][ C0] ieee80211_link_use_reserved_context+0x383/0x5c0 [ 102.513204][ C0] ieee80211_csa_finalize+0x59a/0xf00 [ 102.513232][ C0] ? mutex_lock_nested+0x20/0x20 [ 102.513257][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 102.513277][ C0] ? ieee80211_csa_finalize_work+0x140/0x140 [ 102.513306][ C0] ? read_lock_is_recursive+0x20/0x20 [ 102.513336][ C0] ieee80211_csa_finalize_work+0xf6/0x140 [ 102.513366][ C0] ? process_scheduled_works+0x957/0x15b0 [ 102.513389][ C0] process_scheduled_works+0xa45/0x15b0 [ 102.513442][ C0] ? assign_work+0x400/0x400 [ 102.513471][ C0] ? assign_work+0x39e/0x400 [ 102.513499][ C0] worker_thread+0xa55/0xfc0 [ 102.513534][ C0] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 102.513558][ C0] ? _raw_spin_unlock+0x40/0x40 [ 102.513581][ C0] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 102.513630][ C0] kthread+0x2fa/0x390 [ 102.513647][ C0] ? pr_cont_work+0x560/0x560 [ 102.513670][ C0] ? kthread_blkcg+0xd0/0xd0 [ 102.513688][ C0] ret_from_fork+0x48/0x80 [ 102.513709][ C0] ? kthread_blkcg+0xd0/0xd0 [ 102.513728][ C0] ret_from_fork_asm+0x11/0x20 [ 102.513767][ C0] [ 102.514031][ C0] Kernel Offset: disabled