last executing test programs: 11.672574444s ago: executing program 2 (id=14): bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x0}, 0x20) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0xf88e470f, 0xed}]}) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0xe45, 0x9, 0xfffffffffffffffd, 0x10000000, 0x10000, 0x3, 0x4002004c2, 0x7ff, 0x1, 0x0, 0x400, 0x80, 0x88, 0x0, 0x8, 0x8d], 0xeeee8000, 0x240046}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11.128334985s ago: executing program 2 (id=17): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x0, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @flat=@binder={0x73622a85, 0x10b}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000bc0)={0x44, 0x0, &(0x7f0000000940)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x79, 0x0, &(0x7f0000000ac0)="4d2c542cf3e08202a0a71b48b4331fffd4aa8db4cff84a461568f528dd65b23eedf8fb17f9b391486f965f51b217ddbff82e6dfc04d73360a5ade6ca875e75cb1eb906731e9e4dc389a87d7e7d9c9fbffb38dc672ff7a7f7c02ff7b70d75123333f0396607c5464b5a9b05091fe9d492bf6dac8dfb180afd7f"}) 10.59408502s ago: executing program 2 (id=18): r0 = socket$nl_route(0x10, 0x3, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 10.071864745s ago: executing program 2 (id=21): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x1}) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0xc}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000200)={0x28, 0x3, r2, r1, 0x0, 0x0, 0xdead, 0x4, &(0x7f00000001c0)}) close_range(r0, 0xffffffffffffffff, 0x0) 8.875525344s ago: executing program 2 (id=26): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="1201000000080008d804dd0000000000000109022400010000a008090400fe01030001000921fffffd0122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000080)={0x18, &(0x7f00000012c0)=ANY=[@ANYBLOB="001105"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x2, 0x40402) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f00000000c0)={0x1, 0x0, 0x1, &(0x7f0000000500)={0xe, "c93eb2de09e5ff07000000000000000000000000000038400100"}}) 7.031061999s ago: executing program 3 (id=36): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x1}) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000200)={0xc}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000200)={0x28, 0x3, r2, r1, 0x0, 0x0, 0xdead, 0x4, &(0x7f00000001c0)}) close_range(r0, 0xffffffffffffffff, 0x0) 6.251391247s ago: executing program 2 (id=40): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a31000000000c00078008000640000007010500050002000000050004000000000016000300686173683a6e65742c706f7274"], 0x5c}}, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a00000014000780050015000000"], 0x60}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000680001"], 0x14}}, 0x2000c800) sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000ffff00000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070011000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) 6.210291982s ago: executing program 3 (id=41): r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000380)={0x29, 0x4, 0x0, {0x1, 0x100000000, 0x1, 0x0, [0x0]}}, 0x29) 5.195188255s ago: executing program 3 (id=44): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x1fd, 0x1, 0x9000, 0x2000, &(0x7f0000b07000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.265912928s ago: executing program 0 (id=45): socket$packet(0x11, 0x3, 0x300) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@bridge_dellink={0x20, 0x13, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x180, 0x41009}}, 0x20}}, 0x0) 3.601761155s ago: executing program 0 (id=49): r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) io_uring_enter(r0, 0x2319, 0x43fb, 0x16, 0x0, 0x0) 3.333469388s ago: executing program 3 (id=50): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20100, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000480)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000040)={0x28, 0x1, r2, r1, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r2, r1, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) 3.113983289s ago: executing program 0 (id=52): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x9730514a12869b60, 0x0) ioctl$COMEDI_INSNLIST(r0, 0x8010640b, &(0x7f000003cac0)={0x1, &(0x7f0000000200)=[{0xa000005, 0x0, 0x0, 0x4, 0x4000000e}]}) 2.6512275s ago: executing program 0 (id=54): r0 = socket$inet(0x2b, 0x801, 0x0) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) 2.625047508s ago: executing program 3 (id=55): openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x9730514a12869b60, 0x0) pselect6(0x40, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x300}, 0x0, &(0x7f0000000100)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0) 1.754741923s ago: executing program 0 (id=57): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES16], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) pwritev(r0, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d702140", 0x9}], 0x1, 0xfffffffe, 0x2) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 1.710390139s ago: executing program 1 (id=58): syz_emit_vhci(&(0x7f0000001080)=ANY=[@ANYBLOB="040e04017a0c"], 0x7) 1.610231619s ago: executing program 4 (id=59): socket$packet(0x11, 0x3, 0x300) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=@bridge_dellink={0x20, 0x13, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x180, 0x41009}}, 0x20}}, 0x0) 1.496244799s ago: executing program 1 (id=60): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000005ec0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, r1, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x4751}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0xd3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) 1.482818266s ago: executing program 3 (id=61): syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES16], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) pwritev(r0, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d702140", 0x9}], 0x1, 0xfffffffe, 0x2) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]}) close_range(r1, 0xffffffffffffffff, 0x0) 1.431982844s ago: executing program 4 (id=62): r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) io_uring_enter(r0, 0x2319, 0x43fb, 0x16, 0x0, 0x0) 1.22572723s ago: executing program 1 (id=63): r0 = landlock_create_ruleset(&(0x7f0000000080)={0xc0d8, 0x1, 0x3}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000040), 0x400000c, 0x0) ioctl$LOOP_CONFIGURE(r1, 0x5450, 0x0) 1.15980892s ago: executing program 4 (id=64): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000200)={0x203, 0xa, 0x2}) ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000500)=@userptr={0x5, 0xa, 0x4, 0x2000, 0x8, {0x0, 0x2710}, {0x2, 0x0, 0xd5, 0x6, 0x74, 0x3, "fbebff7f"}, 0x4000ff, 0x2, {&(0x7f00000002c0)}, 0x4}) 1.04830812s ago: executing program 1 (id=65): r0 = socket(0x2, 0x80805, 0x0) socket(0x26, 0x80805, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) close(0x3) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={0x0, @in6={{0xa, 0x3, 0x3, @mcast1}}}, &(0x7f0000000040)=0x84) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000001c0)=@assoc_value={0x0, 0x8}, 0x8) 786.014951ms ago: executing program 4 (id=66): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0, 0x1}) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x1, 0x0) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000000)={0x48, 0x1, 0x0, 0x0, 0x0, 0xa}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000200)={0x28, 0x3, r2, r1, 0x0, 0x0, 0xdead, 0x4, &(0x7f00000001c0)}) close_range(r0, 0xffffffffffffffff, 0x0) 714.232327ms ago: executing program 1 (id=67): openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0) keyctl$join(0x1, 0xfffffffffffffffd) openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000"], 0x48) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0b080510"], 0xe) 443.978874ms ago: executing program 4 (id=68): r0 = socket$inet(0x2b, 0x801, 0x0) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) 319.527934ms ago: executing program 1 (id=69): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x901800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x1, 0x8, 0x7fffffff, 0x2, 0x80007, 0x7f, 0x20000006, 0xca, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x100001, 0x3, 0x0, 0x5, 0x6, 0x2000001, 0x7, 0x3c5b, 0x1, 0x24, 0x8006, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x89d2, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0xfffffffc, 0x80008071, 0x7, 0x17, 0xd, 0x3, 0x2, 0x3e, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x4, 0x5, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0x10, 0x312, 0xd, 0x8, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x7ffe, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x20009, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x8, 0xa6d, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x2000000, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x1fe, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0x4000a9, 0x5, 0x9, 0xac8, 0x2000af, 0xfffffffe, 0x8, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0x2, 0x5, 0x42c2, 0x6, 0x6, 0x0, 0xb9, 0x4e7, 0x5, 0x2, 0x57, 0x4, 0x8000003, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x8, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x6, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xffffffff, 0x5, 0x45, 0x8, 0x30b1d693, 0x5, 0x1f40, 0x7, 0x41, 0x6c1b, 0x0, 0x804, 0xac1, 0xb1e, 0xd7, 0x9, 0xffff3441, 0xfff]}, 0x45c) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) syz_open_dev$vim2m(&(0x7f0000000040), 0x40005, 0x2) ppoll(&(0x7f00000000c0)=[{}, {0xffffffffffffffff, 0x300}], 0x20000000000000dc, 0x0, 0x0, 0x0) 74.932617ms ago: executing program 0 (id=70): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', &(0x7f00000004c0), 0x4, 0x0) umount2(&(0x7f00000000c0)='./file0\x00', 0x4) umount2(&(0x7f0000000040)='./file0\x00', 0x4) 0s ago: executing program 4 (id=71): r0 = syz_usb_connect(0x0, 0x371, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000057ec0020c215dcff30bd0102030109025f03019b000000090400000b403b4e000905e2379c"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000) write$char_usb(r1, &(0x7f0000001300)="db", 0x1) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_disconnect(r0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.164' (ED25519) to the list of known hosts. [ 82.019360][ T5580] cgroup: Unknown subsys name 'net' [ 82.278802][ T5580] cgroup: Unknown subsys name 'cpuset' [ 82.344232][ T5580] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.322071][ T5580] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.019618][ T10] cfg80211: failed to load regulatory.db [ 88.162602][ T5598] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.197975][ T5604] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.210248][ T5604] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.221197][ T5604] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.221804][ T5604] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.242446][ T5604] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.247436][ T5604] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.249830][ T5604] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.264127][ T5604] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.264298][ T5604] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.265341][ T5612] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.272142][ T5612] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.272566][ T5612] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.273361][ T5612] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.274286][ T5613] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 88.283249][ T5612] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.283725][ T5611] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.288485][ T5613] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.303976][ T59] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 88.305111][ T5611] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.307625][ T59] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 88.315806][ T5598] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 88.321665][ T5598] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 88.394236][ T5598] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.410204][ T5606] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.354669][ T4911] Bluetooth: hci3: command tx timeout [ 90.354676][ T5606] Bluetooth: hci0: command tx timeout [ 90.434439][ T5606] Bluetooth: hci1: command tx timeout [ 90.434630][ T4911] Bluetooth: hci4: command tx timeout [ 90.516119][ T4911] Bluetooth: hci2: command tx timeout [ 91.033004][ T5597] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.033115][ T5597] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.033223][ T5597] bridge_slave_0: entered allmulticast mode [ 91.037737][ T5597] bridge_slave_0: entered promiscuous mode [ 91.109377][ T5597] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.109455][ T5597] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.109565][ T5597] bridge_slave_1: entered allmulticast mode [ 91.112392][ T5597] bridge_slave_1: entered promiscuous mode [ 91.118045][ T5593] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.118197][ T5593] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.118353][ T5593] bridge_slave_0: entered allmulticast mode [ 91.121022][ T5593] bridge_slave_0: entered promiscuous mode [ 91.148125][ T5595] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.148248][ T5595] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.148733][ T5595] bridge_slave_0: entered allmulticast mode [ 91.151624][ T5595] bridge_slave_0: entered promiscuous mode [ 91.201882][ T5593] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.202019][ T5593] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.202334][ T5593] bridge_slave_1: entered allmulticast mode [ 91.206556][ T5593] bridge_slave_1: entered promiscuous mode [ 91.246160][ T5595] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.246297][ T5595] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.246471][ T5595] bridge_slave_1: entered allmulticast mode [ 91.248370][ T5595] bridge_slave_1: entered promiscuous mode [ 91.250021][ T5594] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.250129][ T5594] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.250226][ T5594] bridge_slave_0: entered allmulticast mode [ 91.251745][ T5594] bridge_slave_0: entered promiscuous mode [ 91.336780][ T5596] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.336884][ T5596] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.336986][ T5596] bridge_slave_0: entered allmulticast mode [ 91.338843][ T5596] bridge_slave_0: entered promiscuous mode [ 91.363012][ T5594] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.363163][ T5594] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.363321][ T5594] bridge_slave_1: entered allmulticast mode [ 91.366744][ T5594] bridge_slave_1: entered promiscuous mode [ 91.381765][ T5597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.402613][ T5596] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.402736][ T5596] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.402883][ T5596] bridge_slave_1: entered allmulticast mode [ 91.409492][ T5596] bridge_slave_1: entered promiscuous mode [ 91.452453][ T5597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.465100][ T5593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.484083][ T5595] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.518864][ T5593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.544072][ T5595] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.548959][ T5594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.587755][ T5596] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.610367][ T5594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.612375][ T5597] team0: Port device team_slave_0 added [ 91.644748][ T5596] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.681213][ T5597] team0: Port device team_slave_1 added [ 91.683024][ T5593] team0: Port device team_slave_0 added [ 91.705630][ T5595] team0: Port device team_slave_0 added [ 91.737052][ T5593] team0: Port device team_slave_1 added [ 91.758820][ T5595] team0: Port device team_slave_1 added [ 91.760601][ T5594] team0: Port device team_slave_0 added [ 91.796409][ T5596] team0: Port device team_slave_0 added [ 91.817796][ T5594] team0: Port device team_slave_1 added [ 91.818674][ T5597] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.818685][ T5597] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.818700][ T5597] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.847298][ T5596] team0: Port device team_slave_1 added [ 91.896553][ T5597] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.896571][ T5597] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.896600][ T5597] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.898825][ T5593] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.898838][ T5593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.898853][ T5593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.962509][ T5595] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.962527][ T5595] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.962550][ T5595] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.005705][ T5593] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.005722][ T5593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.005746][ T5593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.038375][ T5595] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.038391][ T5595] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.038414][ T5595] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.043184][ T5594] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.043200][ T5594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.043222][ T5594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.068502][ T5596] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 92.068518][ T5596] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.068540][ T5596] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.104637][ T5594] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.104654][ T5594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.104677][ T5594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.115039][ T5596] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.115054][ T5596] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.115077][ T5596] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.270850][ T5597] hsr_slave_0: entered promiscuous mode [ 92.272417][ T5597] hsr_slave_1: entered promiscuous mode [ 92.342938][ T5593] hsr_slave_0: entered promiscuous mode [ 92.349717][ T5593] hsr_slave_1: entered promiscuous mode [ 92.350449][ T5593] debugfs: 'hsr0' already exists in 'hsr' [ 92.350523][ T5593] Cannot create hsr debugfs directory [ 92.378286][ T5595] hsr_slave_0: entered promiscuous mode [ 92.379141][ T5595] hsr_slave_1: entered promiscuous mode [ 92.379688][ T5595] debugfs: 'hsr0' already exists in 'hsr' [ 92.379707][ T5595] Cannot create hsr debugfs directory [ 92.409473][ T5594] hsr_slave_0: entered promiscuous mode [ 92.410300][ T5594] hsr_slave_1: entered promiscuous mode [ 92.410877][ T5594] debugfs: 'hsr0' already exists in 'hsr' [ 92.410896][ T5594] Cannot create hsr debugfs directory [ 92.433884][ T4911] Bluetooth: hci3: command tx timeout [ 92.444038][ T4911] Bluetooth: hci0: command tx timeout [ 92.466866][ T5596] hsr_slave_0: entered promiscuous mode [ 92.470139][ T5596] hsr_slave_1: entered promiscuous mode [ 92.470780][ T5596] debugfs: 'hsr0' already exists in 'hsr' [ 92.470802][ T5596] Cannot create hsr debugfs directory [ 92.523757][ T4911] Bluetooth: hci4: command tx timeout [ 92.523795][ T4911] Bluetooth: hci1: command tx timeout [ 92.593702][ T5606] Bluetooth: hci2: command tx timeout [ 93.944890][ T5597] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.996890][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.002317][ T5597] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.056445][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.069582][ T5597] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.098865][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.119850][ T5597] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.148334][ T5597] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.262049][ T5593] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.287918][ T5593] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.293443][ T5593] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.338128][ T5593] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.342344][ T5593] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.371086][ T5593] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.398975][ T5593] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.427484][ T5593] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.514464][ T5606] Bluetooth: hci0: command tx timeout [ 94.514503][ T5606] Bluetooth: hci3: command tx timeout [ 94.549224][ T5594] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.577344][ T5594] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.591429][ T5594] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.593726][ T5606] Bluetooth: hci1: command tx timeout [ 94.593764][ T5606] Bluetooth: hci4: command tx timeout [ 94.630370][ T5594] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.659544][ T5594] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.674355][ T4911] Bluetooth: hci2: command tx timeout [ 94.691980][ T5594] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.720233][ T5594] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.748088][ T5594] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.926470][ T5595] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.968197][ T5595] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.981580][ T5595] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.006870][ T5595] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 95.012672][ T5595] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.056862][ T5595] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 95.088737][ T5595] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.117044][ T5595] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 95.275122][ T5596] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.307729][ T5596] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 95.319302][ T5597] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.320982][ T5596] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.369352][ T5596] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 95.382500][ T5596] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.407832][ T5596] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 95.412173][ T5596] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.439823][ T5596] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 95.538560][ T5593] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.540930][ T5597] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.595888][ T1035] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.596054][ T1035] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.667734][ T174] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.667857][ T174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.705403][ T5593] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.777827][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.777964][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.785307][ T5594] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.862377][ T1035] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.862513][ T1035] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.956873][ T5594] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.002883][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.003058][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.036715][ T5595] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.072773][ T3397] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.072942][ T3397] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.210726][ T5595] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.227758][ T5596] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.280582][ T174] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.280729][ T174] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.369476][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.378764][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.448131][ T5596] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.527569][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.527784][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.588173][ T56] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.588399][ T56] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.593715][ T4911] Bluetooth: hci3: command tx timeout [ 96.594295][ T4911] Bluetooth: hci0: command tx timeout [ 96.684664][ T5606] Bluetooth: hci1: command tx timeout [ 96.684721][ T4911] Bluetooth: hci4: command tx timeout [ 96.753919][ T4911] Bluetooth: hci2: command tx timeout [ 98.023323][ T5597] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.165625][ T5593] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.319589][ T5594] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.443031][ T5597] veth0_vlan: entered promiscuous mode [ 98.462788][ T5595] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.592223][ T5597] veth1_vlan: entered promiscuous mode [ 98.665552][ T5593] veth0_vlan: entered promiscuous mode [ 98.782041][ T5594] veth0_vlan: entered promiscuous mode [ 98.825951][ T5593] veth1_vlan: entered promiscuous mode [ 98.878459][ T5594] veth1_vlan: entered promiscuous mode [ 98.941579][ T5597] veth0_macvtap: entered promiscuous mode [ 98.958393][ T5597] veth1_macvtap: entered promiscuous mode [ 98.977062][ T5596] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 99.041471][ T5593] veth0_macvtap: entered promiscuous mode [ 99.060690][ T5597] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.087693][ T5593] veth1_macvtap: entered promiscuous mode [ 99.095182][ T5594] veth0_macvtap: entered promiscuous mode [ 99.116323][ T5597] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.155772][ T5594] veth1_macvtap: entered promiscuous mode [ 99.191896][ T3397] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.196889][ T5595] veth0_vlan: entered promiscuous mode [ 99.211534][ T3397] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.229073][ T3397] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.251159][ T3397] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.267089][ T5593] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.357141][ T5593] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.357795][ T5595] veth1_vlan: entered promiscuous mode [ 99.370750][ T5594] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.440781][ T5596] veth0_vlan: entered promiscuous mode [ 99.478831][ T67] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.481815][ T5594] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.535881][ T67] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.566205][ T67] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.582697][ T67] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.673894][ T67] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.738255][ T67] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.742996][ T5596] veth1_vlan: entered promiscuous mode [ 99.748889][ T67] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.776642][ T67] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.888768][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.888789][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.256056][ T5595] veth0_macvtap: entered promiscuous mode [ 100.293971][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.293994][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.441171][ T5595] veth1_macvtap: entered promiscuous mode [ 100.465358][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.465381][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.582290][ T5596] veth0_macvtap: entered promiscuous mode [ 100.616443][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.616465][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.661349][ T5596] veth1_macvtap: entered promiscuous mode [ 100.701352][ T5595] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.704776][ T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.704795][ T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.770661][ T5595] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.910736][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.910826][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.910842][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.944589][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.950912][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.963105][ T5596] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.981987][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.019018][ T5596] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.191843][ T56] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.299432][ T56] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.299883][ T56] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.300234][ T56] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 101.739386][ T3397] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.739408][ T3397] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.773007][ T5791] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 102.844646][ T5731] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 102.888759][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.888781][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.191883][ T5731] usb 4-1: config 0 has no interfaces? [ 103.191926][ T5731] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 103.191961][ T5731] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.407288][ T5731] usb 4-1: config 0 descriptor?? [ 103.617929][ T5808] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 103.722954][ T5718] usb 4-1: USB disconnect, device number 2 [ 104.337866][ T1035] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.337891][ T1035] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.782638][ T1404] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.782661][ T1404] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.573861][ T5844] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 106.835961][ T820] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 107.122959][ T820] usb 4-1: Using ep0 maxpacket: 8 [ 107.154614][ T820] usb 4-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b [ 107.154648][ T820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.154670][ T820] usb 4-1: Product: syz [ 107.154684][ T820] usb 4-1: Manufacturer: syz [ 107.154699][ T820] usb 4-1: SerialNumber: syz [ 107.181370][ T5841] syz.0.20 (5841) used greatest stack depth: 18288 bytes left [ 107.302368][ T820] usb 4-1: config 0 descriptor?? [ 107.571308][ T820] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state. [ 107.621963][ T820] dvb-usb: bulk message failed: -22 (2/0) [ 107.862434][ T5863] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 107.888793][ T820] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 107.893943][ T5843] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 107.919724][ T820] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201)) [ 107.919829][ T820] usb 4-1: media controller created [ 107.968974][ T820] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 108.049200][ T5843] usb 3-1: Using ep0 maxpacket: 8 [ 108.062733][ T820] cxusb: set interface failed [ 108.062765][ T820] dvb-usb: bulk message failed: -22 (1/0) [ 108.063314][ T5843] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 108.063346][ T5843] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 108.063367][ T5843] usb 3-1: config 0 interface 0 has no altsetting 0 [ 108.063401][ T5843] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 108.063421][ T5843] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 108.238548][ T5843] usb 3-1: config 0 descriptor?? [ 108.557643][ T820] DVB: Unable to find symbol mt352_attach() [ 108.557659][ T820] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)' [ 108.978086][ T820] rc_core: IR keymap rc-dvico-portable not found [ 108.978109][ T820] Registered IR keymap rc-empty [ 109.217052][ T5843] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 109.217098][ T5843] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 109.217123][ T5843] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 109.217147][ T5843] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 109.217172][ T5843] mcp2221 0003:04D8:00DD.0001: unknown main item tag 0x0 [ 109.222280][ T5843] mcp2221 0003:04D8:00DD.0001: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 109.305091][ T820] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0 [ 109.381261][ T820] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input5 [ 109.415427][ T820] dvb-usb: schedule remote query interval to 100 msecs. [ 109.415454][ T820] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected. [ 109.456206][ T820] usb 4-1: USB disconnect, device number 3 [ 109.730421][ T5892] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 110.126334][ T5851] usb 2-1: new low-speed USB device number 2 using dummy_hcd [ 110.319518][ T5851] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 110.319577][ T5851] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 110.319603][ T5851] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 110.319627][ T5851] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 110.319653][ T5851] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 110.325914][ T5851] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 110.325969][ T5851] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 110.325995][ T5851] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 110.326017][ T5851] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 110.326042][ T5851] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 110.333178][ T5851] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 110.333237][ T5851] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 110.333266][ T5851] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 110.333292][ T5851] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 110.333319][ T5851] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 110.570529][ T5851] usb 2-1: string descriptor 0 read error: -22 [ 110.570699][ T5851] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 110.570724][ T5851] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.111212][ T5843] usb 3-1: USB disconnect, device number 2 [ 111.740353][ T5851] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 112.004005][ T820] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected. [ 112.733717][ T5851] usb 2-1: USB disconnect, device number 2 [ 113.311555][ T5937] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 113.406672][ T5940] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 113.817527][ T5945] input: syz0 as /devices/virtual/input/input6 [ 114.823772][ T5851] usb 1-1: new low-speed USB device number 2 using dummy_hcd [ 114.976435][ T5851] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 114.976588][ T5851] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 114.976618][ T5851] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 114.976643][ T5851] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 114.976669][ T5851] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 114.978166][ T5851] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 114.978219][ T5851] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 114.978246][ T5851] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 114.978272][ T5851] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 114.978299][ T5851] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 114.979769][ T5851] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 114.979823][ T5851] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 114.979850][ T5851] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 114.979876][ T5851] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 114.979910][ T5851] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 115.143672][ T5851] usb 1-1: string descriptor 0 read error: -22 [ 115.156245][ T5851] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 115.156275][ T5851] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.187151][ T820] usb 4-1: new low-speed USB device number 4 using dummy_hcd [ 115.272756][ T5971] use of bytesused == 0 is deprecated and will be removed in the future, [ 115.272772][ T5971] use the actual size instead. [ 115.327392][ T5851] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 115.450430][ T5975] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 115.474722][ T820] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 115.474784][ T820] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 115.474812][ T820] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 115.474837][ T820] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 115.474863][ T820] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 115.479609][ T820] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 115.479736][ T820] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 115.479763][ T820] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 115.479789][ T820] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 115.479816][ T820] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 115.483196][ T820] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 115.483254][ T820] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 115.483280][ T820] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 115.483305][ T820] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 115.483331][ T820] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 115.581504][ T820] usb 4-1: string descriptor 0 read error: -22 [ 115.581682][ T820] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 115.581707][ T820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.758800][ T820] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 115.898667][ T9] usb 1-1: USB disconnect, device number 2 [ 115.974433][ T5964] adutux: adu_open - error, can't find device for minor 0 [ 116.076383][ T5851] usb 4-1: USB disconnect, device number 4 [ 116.225906][ T3397] ------------[ cut here ]------------ [ 116.225920][ T3397] in_task() && kcov_mode_enabled(mode) [ 116.225928][ T3397] WARNING: kernel/kcov.c:884 at kcov_remote_start+0x5d8/0x710, CPU#0: kworker/u8:12/3397 [ 116.225972][ T3397] Modules linked in: [ 116.225993][ T3397] CPU: 0 UID: 0 PID: 3397 Comm: kworker/u8:12 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 116.226016][ T3397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 116.226030][ T3397] Workqueue: events_unbound cfg80211_wiphy_work [ 116.226056][ T3397] RIP: 0010:kcov_remote_start+0x5d8/0x710 [ 116.226081][ T3397] Code: 00 5b 41 5c 41 5d 41 5e 41 5f 5d e9 52 da dc 02 90 0f 0b 90 e9 62 fa ff ff 90 0f 0b 90 0f b7 83 c0 04 00 00 e9 a3 fa ff ff 90 <0f> 0b 90 eb 04 90 0f 0b 90 e8 5a ef 57 09 89 c0 48 c7 c7 10 04 6b [ 116.226099][ T3397] RSP: 0018:ffffc9000e0979d8 EFLAGS: 00010202 [ 116.226117][ T3397] RAX: 0000000000000002 RBX: ffff888033468000 RCX: 0000000000000000 [ 116.226132][ T3397] RDX: 0000000000000000 RSI: ffffffff8ba74d40 RDI: ffffffff8ba74d00 [ 116.226147][ T3397] RBP: ffff888040aae780 R08: ffffffff8b1ea760 R09: ffffffff8dfc8140 [ 116.226163][ T3397] R10: dffffc0000000000 R11: fffffbfff1f11c3f R12: ffff88804e305dc8 [ 116.226178][ T3397] R13: ffff88804e6c07c0 R14: 0000000000000000 R15: ffff88804e305de0 [ 116.226193][ T3397] FS: 0000000000000000(0000) GS:ffff888126179000(0000) knlGS:0000000000000000 [ 116.226210][ T3397] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 116.226225][ T3397] CR2: 00007fb89ce9da08 CR3: 000000005cc98000 CR4: 00000000003526f0 [ 116.226245][ T3397] Call Trace: [ 116.226254][ T3397] [ 116.226269][ T3397] ieee80211_iface_work+0x211/0x1390 [ 116.226313][ T3397] cfg80211_wiphy_work+0x2cf/0x460 [ 116.226339][ T3397] ? process_scheduled_works+0xa70/0x1860 [ 116.226387][ T3397] process_scheduled_works+0xb5d/0x1860 [ 116.226451][ T3397] ? __pfx_process_scheduled_works+0x10/0x10 [ 116.226484][ T3397] ? assign_work+0x3d5/0x5e0 [ 116.226515][ T3397] worker_thread+0xa53/0xfc0 [ 116.226575][ T3397] kthread+0x388/0x470 [ 116.226606][ T3397] ? __pfx_worker_thread+0x10/0x10 [ 116.226628][ T3397] ? __pfx_kthread+0x10/0x10 [ 116.226669][ T3397] ret_from_fork+0x514/0xb70 [ 116.226698][ T3397] ? __pfx_ret_from_fork+0x10/0x10 [ 116.226723][ T3397] ? __switch_to+0xc79/0x1410 [ 116.226761][ T3397] ? __pfx_kthread+0x10/0x10 [ 116.226790][ T3397] ret_from_fork_asm+0x1a/0x30 [ 116.226838][ T3397] [ 116.226850][ T3397] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 116.226865][ T3397] CPU: 0 UID: 0 PID: 3397 Comm: kworker/u8:12 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 116.226887][ T3397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 116.226899][ T3397] Workqueue: events_unbound cfg80211_wiphy_work [ 116.226921][ T3397] Call Trace: [ 116.226930][ T3397] [ 116.226938][ T3397] vpanic+0x56c/0xa60 [ 116.226963][ T3397] ? __pfx__printk+0x10/0x10 [ 116.226993][ T3397] ? __pfx_vpanic+0x10/0x10 [ 116.227015][ T3397] ? is_bpf_text_address+0x292/0x2b0 [ 116.227046][ T3397] ? is_bpf_text_address+0x26/0x2b0 [ 116.227083][ T3397] panic+0xc5/0xd0 [ 116.227107][ T3397] ? __pfx_panic+0x10/0x10 [ 116.227141][ T3397] ? ret_from_fork_asm+0x1a/0x30 [ 116.227174][ T3397] __warn+0x315/0x4c0 [ 116.227198][ T3397] ? kcov_remote_start+0x5d8/0x710 [ 116.227224][ T3397] ? kcov_remote_start+0x5d8/0x710 [ 116.227249][ T3397] __report_bug+0x29a/0x540 [ 116.227281][ T3397] ? kcov_remote_start+0x5d8/0x710 [ 116.227305][ T3397] ? __pfx___report_bug+0x10/0x10 [ 116.227328][ T3397] ? do_raw_spin_lock+0x12b/0x2f0 [ 116.227351][ T3397] ? __pfx_rtlock_slowlock_locked+0x10/0x10 [ 116.227386][ T3397] ? rt_spin_lock+0x1e0/0x400 [ 116.227416][ T3397] ? rt_spin_lock+0x1e0/0x400 [ 116.227447][ T3397] ? kcov_remote_start+0x5d8/0x710 [ 116.227470][ T3397] report_bug+0x16a/0x220 [ 116.227493][ T3397] ? kcov_remote_start+0x5d8/0x710 [ 116.227514][ T3397] ? kcov_remote_start+0x5da/0x710 [ 116.227535][ T3397] handle_bug+0x9c/0x200 [ 116.227563][ T3397] exc_invalid_op+0x1a/0x50 [ 116.227590][ T3397] asm_exc_invalid_op+0x1a/0x20 [ 116.227609][ T3397] RIP: 0010:kcov_remote_start+0x5d8/0x710 [ 116.227633][ T3397] Code: 00 5b 41 5c 41 5d 41 5e 41 5f 5d e9 52 da dc 02 90 0f 0b 90 e9 62 fa ff ff 90 0f 0b 90 0f b7 83 c0 04 00 00 e9 a3 fa ff ff 90 <0f> 0b 90 eb 04 90 0f 0b 90 e8 5a ef 57 09 89 c0 48 c7 c7 10 04 6b [ 116.227660][ T3397] RSP: 0018:ffffc9000e0979d8 EFLAGS: 00010202 [ 116.227678][ T3397] RAX: 0000000000000002 RBX: ffff888033468000 RCX: 0000000000000000 [ 116.227691][ T3397] RDX: 0000000000000000 RSI: ffffffff8ba74d40 RDI: ffffffff8ba74d00 [ 116.227705][ T3397] RBP: ffff888040aae780 R08: ffffffff8b1ea760 R09: ffffffff8dfc8140 [ 116.227719][ T3397] R10: dffffc0000000000 R11: fffffbfff1f11c3f R12: ffff88804e305dc8 [ 116.227734][ T3397] R13: ffff88804e6c07c0 R14: 0000000000000000 R15: ffff88804e305de0 [ 116.227759][ T3397] ? rt_spin_lock+0x1e0/0x400 [ 116.227797][ T3397] ? kcov_remote_start+0xe0/0x710 [ 116.227824][ T3397] ieee80211_iface_work+0x211/0x1390 [ 116.227866][ T3397] cfg80211_wiphy_work+0x2cf/0x460 [ 116.227890][ T3397] ? process_scheduled_works+0xa70/0x1860 [ 116.227917][ T3397] process_scheduled_works+0xb5d/0x1860 [ 116.227978][ T3397] ? __pfx_process_scheduled_works+0x10/0x10 [ 116.228010][ T3397] ? assign_work+0x3d5/0x5e0 [ 116.228041][ T3397] worker_thread+0xa53/0xfc0 [ 116.228096][ T3397] kthread+0x388/0x470 [ 116.228126][ T3397] ? __pfx_worker_thread+0x10/0x10 [ 116.228148][ T3397] ? __pfx_kthread+0x10/0x10 [ 116.228176][ T3397] ret_from_fork+0x514/0xb70 [ 116.228203][ T3397] ? __pfx_ret_from_fork+0x10/0x10 [ 116.228227][ T3397] ? __switch_to+0xc79/0x1410 [ 116.228261][ T3397] ? __pfx_kthread+0x10/0x10 [ 116.228290][ T3397] ret_from_fork_asm+0x1a/0x30 [ 116.228337][ T3397] [ 116.228975][ T3397] Kernel Offset: disabled