last executing test programs: 4.592616856s ago: executing program 2 (id=3): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="98000000", @ANYRES16=r1, @ANYBLOB="2da52abd7000fbdbdf250300000008000100000000000800010000000000340007800c0001800800", @ANYRES16], 0x98}, 0x1, 0x0, 0x0, 0x40000c0}, 0x4000) 4.363184528s ago: executing program 2 (id=5): mprotect(&(0x7f0000afb000/0x4000)=nil, 0x4000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_vs\x00') preadv(r2, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/83, 0x53}], 0x1, 0x8f, 0x3b16) 4.30253666s ago: executing program 0 (id=1): prlimit64(0x0, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000740)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x7fffffffffffffff, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x2, 0x1}]}, @void, @void, @void, @void, @void, @void, [{0xdd, 0x6, "506096d24559"}]}, 0x37) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20) 3.801288628s ago: executing program 1 (id=2): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040bd28050900000000000109022400010000000009040200010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000180)=ANY=[@ANYBLOB="00017c"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0) 3.529419698s ago: executing program 3 (id=4): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, 0x0, 0x0) accept(r2, 0x0, 0x0) lsm_set_self_attr(0x68, 0x0, 0x20, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) setrlimit(0x0, &(0x7f0000000040)={0x3, 0x7}) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$sock(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@mark={{0x14, 0x1, 0x4f, 0x594}}], 0x18}, 0x2400c055) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0) fstatfs(0xffffffffffffffff, 0x0) sendfile(r6, r6, 0x0, 0x101) r7 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) ioctl$SIOCAX25CTLCON(r7, 0x89e8, &(0x7f0000000100)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, 0x63, 0xffffffffffff0001, 0x0, [@default, @default, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}) mmap(&(0x7f00003d9000/0x3000)=nil, 0x3000, 0x2000000, 0x30, r4, 0x3fa99000) add_key$fscrypt_provisioning(0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB], 0xfff, 0xfffffffffffffffe) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000080)="29000300010003", 0x7) 3.30258359s ago: executing program 2 (id=6): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$ax25(0x3, 0x3, 0x8) ioctl$SIOCAX25OPTRT(r3, 0x89e7, &(0x7f00000003c0)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x2, 0x20}) 2.183765341s ago: executing program 2 (id=7): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4001, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) bind$inet6(r0, 0x0, 0x0) 2.140292504s ago: executing program 0 (id=8): ioctl$AUTOFS_IOC_EXPIRE_MULTI(0xffffffffffffffff, 0x40049366, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x53, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x40086602, 0xffffffffffffffff) ioctl$EVIOCGMASK(r1, 0x5b02, 0x0) write$char_usb(r1, 0x0, 0x0) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 2.001054045s ago: executing program 2 (id=9): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x1044, 0x7a4d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x33, 0x1, {0x22, 0x1}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x2, {[@global=@item_012={0x1, 0x1, 0x4, '\x00'}]}}, 0x0}, 0x0) 1.895258366s ago: executing program 3 (id=10): socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x8031, 0xffffffffffffffff, 0x295eb000) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket(0x14, 0x2, 0x4) ioctl$NBD_SET_TIMEOUT(r0, 0x5411, 0x8) 1.241346435s ago: executing program 3 (id=11): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x30, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) syz_80211_inject_frame(&(0x7f0000000040)=@device_b, &(0x7f0000000280)=ANY=[@ANYBLOB="50000000080211000001ffffffffffff0802110000000000000000000000000064000100000602020202020201010b"], 0x48) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f00000021c0)=ANY=[@ANYBLOB="b00000000802110000010802110000000802110000001000000002"], 0x1e) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000080211000001080211000000080211000000200004a000000c0001"], 0x3c) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_TDLS_OPER(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, r1, 0xfd39e943ccf1163b, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000010}, 0x50) 613.395689ms ago: executing program 1 (id=12): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 449.499624ms ago: executing program 3 (id=13): socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x8031, 0xffffffffffffffff, 0x295eb000) r0 = socket(0x14, 0x2, 0x4) ioctl$NBD_SET_TIMEOUT(r0, 0x541b, 0x8) 118.965909ms ago: executing program 2 (id=14): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)={{0x14, 0x10, 0x4, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0xfffc}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x68}}, 0x4000000) 0s ago: executing program 0 (id=15): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() r0 = socket$inet_tcp(0x2, 0x1, 0x0) io_submit(0x0, 0x1, &(0x7f0000000080)=[0x0]) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) socket$kcm(0x2, 0xa, 0x2) write$tun(0xffffffffffffffff, 0x0, 0xfce) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x11}}, 0x1e) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bic', 0xff3d) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) mmap(&(0x7f00002bb000/0x2000)=nil, 0x2000, 0xd, 0x8010, 0xffffffffffffffff, 0x8a7fe000) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.75' (ED25519) to the list of known hosts. [ 80.603347][ T5816] cgroup: Unknown subsys name 'net' [ 80.699434][ T5816] cgroup: Unknown subsys name 'cpuset' [ 80.708799][ T5816] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.337916][ T5816] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.161700][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.165332][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.171058][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.183947][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.189185][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.195057][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.199740][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.206699][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.220251][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.220513][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.229686][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.242717][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.243171][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.252230][ T5836] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.264701][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.272491][ T5836] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.282717][ T5846] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.297209][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.299505][ T5846] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.306411][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.858404][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 87.110732][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 87.198982][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 87.340665][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.348750][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.356234][ T5831] bridge_slave_0: entered allmulticast mode [ 87.364766][ T5831] bridge_slave_0: entered promiscuous mode [ 87.373940][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 87.387932][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.395403][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.402806][ T5831] bridge_slave_1: entered allmulticast mode [ 87.410723][ T5831] bridge_slave_1: entered promiscuous mode [ 87.570104][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.593667][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.601083][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.608808][ T5832] bridge_slave_0: entered allmulticast mode [ 87.616800][ T5832] bridge_slave_0: entered promiscuous mode [ 87.635937][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.645903][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.653428][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.660700][ T5829] bridge_slave_0: entered allmulticast mode [ 87.668868][ T5829] bridge_slave_0: entered promiscuous mode [ 87.677779][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.685299][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.692706][ T5832] bridge_slave_1: entered allmulticast mode [ 87.700732][ T5832] bridge_slave_1: entered promiscuous mode [ 87.729053][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.736435][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.743845][ T5829] bridge_slave_1: entered allmulticast mode [ 87.751738][ T5829] bridge_slave_1: entered promiscuous mode [ 87.860553][ T5831] team0: Port device team_slave_0 added [ 87.872755][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.888668][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.903622][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.913714][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.921080][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.928574][ T5830] bridge_slave_0: entered allmulticast mode [ 87.937157][ T5830] bridge_slave_0: entered promiscuous mode [ 87.947939][ T5831] team0: Port device team_slave_1 added [ 87.972505][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.995938][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.003650][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.010886][ T5830] bridge_slave_1: entered allmulticast mode [ 88.019306][ T5830] bridge_slave_1: entered promiscuous mode [ 88.084008][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.091003][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.117412][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.149797][ T5832] team0: Port device team_slave_0 added [ 88.171754][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.178797][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.205130][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.219470][ T5829] team0: Port device team_slave_0 added [ 88.228400][ T5832] team0: Port device team_slave_1 added [ 88.239499][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.253832][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.279168][ T5829] team0: Port device team_slave_1 added [ 88.333635][ T51] Bluetooth: hci0: command tx timeout [ 88.333640][ T5835] Bluetooth: hci3: command tx timeout [ 88.334007][ T51] Bluetooth: hci1: command tx timeout [ 88.388220][ T5830] team0: Port device team_slave_0 added [ 88.409640][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.416833][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.422930][ T51] Bluetooth: hci2: command tx timeout [ 88.444635][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.476354][ T5830] team0: Port device team_slave_1 added [ 88.483867][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.490829][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.517627][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.530667][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.537716][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.563854][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.583553][ T5831] hsr_slave_0: entered promiscuous mode [ 88.591314][ T5831] hsr_slave_1: entered promiscuous mode [ 88.613639][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.620706][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.646993][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.695192][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.702196][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.728878][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.742986][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.750061][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.776098][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.924543][ T5829] hsr_slave_0: entered promiscuous mode [ 88.931845][ T5829] hsr_slave_1: entered promiscuous mode [ 88.939543][ T5829] debugfs: 'hsr0' already exists in 'hsr' [ 88.945596][ T5829] Cannot create hsr debugfs directory [ 88.958607][ T5832] hsr_slave_0: entered promiscuous mode [ 88.965756][ T5832] hsr_slave_1: entered promiscuous mode [ 88.972522][ T5832] debugfs: 'hsr0' already exists in 'hsr' [ 88.979216][ T5832] Cannot create hsr debugfs directory [ 89.057408][ T5830] hsr_slave_0: entered promiscuous mode [ 89.064544][ T5830] hsr_slave_1: entered promiscuous mode [ 89.071427][ T5830] debugfs: 'hsr0' already exists in 'hsr' [ 89.077627][ T5830] Cannot create hsr debugfs directory [ 89.604972][ T5831] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.620180][ T5831] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.632337][ T5831] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.655586][ T5831] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.734499][ T5829] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.749444][ T5829] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.768878][ T5829] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.796539][ T5829] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.909451][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.946772][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.961149][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.991883][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.086291][ T5830] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 90.111226][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.119502][ T5830] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 90.139656][ T5830] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 90.150787][ T5830] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 90.209738][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.240402][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.269868][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.277396][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.288729][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.296043][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.346505][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.380501][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.387712][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.413400][ T51] Bluetooth: hci1: command tx timeout [ 90.422527][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.429760][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.437736][ T51] Bluetooth: hci3: command tx timeout [ 90.444416][ T5846] Bluetooth: hci0: command tx timeout [ 90.493519][ T51] Bluetooth: hci2: command tx timeout [ 90.641431][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.749394][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.777898][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.824915][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.832137][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.848838][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.856181][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.897827][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.921707][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.017289][ T866] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.024544][ T866] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.051753][ T866] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.059209][ T866] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.140140][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.240840][ T5831] veth0_vlan: entered promiscuous mode [ 91.335766][ T5831] veth1_vlan: entered promiscuous mode [ 91.415508][ T5829] veth0_vlan: entered promiscuous mode [ 91.448113][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.506257][ T5829] veth1_vlan: entered promiscuous mode [ 91.519484][ T5831] veth0_macvtap: entered promiscuous mode [ 91.582215][ T5831] veth1_macvtap: entered promiscuous mode [ 91.665720][ T5832] veth0_vlan: entered promiscuous mode [ 91.696236][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.714359][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.730775][ T5829] veth0_macvtap: entered promiscuous mode [ 91.760041][ T5832] veth1_vlan: entered promiscuous mode [ 91.768596][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.781070][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.796240][ T5829] veth1_macvtap: entered promiscuous mode [ 91.818233][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.827937][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.869940][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.889285][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.910020][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.959142][ T65] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.969042][ T65] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.978433][ T65] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.001139][ T65] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.026358][ T10] cfg80211: failed to load regulatory.db [ 92.101786][ T5832] veth0_macvtap: entered promiscuous mode [ 92.109988][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.120154][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.147860][ T5832] veth1_macvtap: entered promiscuous mode [ 92.252385][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.272398][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.289991][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.303957][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.311844][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.333547][ T5830] veth0_vlan: entered promiscuous mode [ 92.365648][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.381030][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 92.456860][ T5830] veth1_vlan: entered promiscuous mode [ 92.478268][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.497371][ T51] Bluetooth: hci3: command tx timeout [ 92.500239][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.502991][ T5846] Bluetooth: hci0: command tx timeout [ 92.512180][ T5835] Bluetooth: hci1: command tx timeout [ 92.534994][ T866] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.544324][ T866] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.555432][ T5922] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3'. [ 92.569082][ T5922] block nbd0: not configured, cannot reconfigure [ 92.575821][ T5835] Bluetooth: hci2: command tx timeout [ 92.611119][ T866] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.630213][ T866] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.773847][ T5830] veth0_macvtap: entered promiscuous mode [ 92.871920][ T5830] veth1_macvtap: entered promiscuous mode [ 92.951209][ T866] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.967182][ T866] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.034941][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.050047][ T866] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.059948][ T866] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.077479][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.086531][ T5927] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 93.117769][ T1010] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.126686][ T1010] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.145437][ T1010] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.157771][ T1010] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.195356][ T5927] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 93.257777][ T5929] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 93.358400][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.380958][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.414397][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.422420][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.643145][ T5920] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 93.828385][ T5920] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 93.963037][ T5938] Bluetooth: MGMT ver 1.23 [ 94.572765][ T5835] Bluetooth: hci0: command tx timeout [ 94.583590][ T5835] Bluetooth: hci1: command tx timeout [ 94.589159][ T51] Bluetooth: hci3: command tx timeout [ 94.802707][ T5846] Bluetooth: hci2: command tx timeout [ 94.974163][ T5920] usb 2-1: config 0 has no interface number 0 [ 94.980571][ T5920] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 95.084085][ T5920] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.101274][ T5920] usb 2-1: New USB device found, idVendor=28bd, idProduct=0905, bcdDevice= 0.00 [ 95.114613][ T5920] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.163753][ T5920] usb 2-1: config 0 descriptor?? [ 95.253287][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 95.412806][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 95.418194][ T802] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 95.430320][ T9] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 95.439167][ T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 95.449577][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 95.461617][ T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 95.474769][ T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 95.490032][ T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 95.499734][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.588044][ T802] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 95.600934][ T802] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 95.618770][ T802] usb 3-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 95.628266][ T802] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.643564][ T5920] uclogic 0003:28BD:0905.0001: Interface probing failed: -22 [ 95.650545][ T802] usb 3-1: config 0 descriptor?? [ 95.651609][ T5920] uclogic 0003:28BD:0905.0001: interface is invalid, ignoring [ 95.731263][ T9] usb 1-1: GET_CAPABILITIES returned 0 [ 95.738758][ T9] usbtmc 1-1:16.0: can't read capabilities [ 95.854457][ T5953] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 95.872358][ T5920] usb 2-1: USB disconnect, device number 2 [ 95.891679][ T9] wlan1: No basic rates, using min rate instead [ 95.903193][ T9] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 95.914543][ T9] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 95.956997][ T1010] wlan1: authenticated [ 95.958375][ T5953] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 95.973323][ T9] wlan1: associating to AP 08:02:11:00:00:00 with corrupt probe response [ 95.984099][ T49] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0xa004 status=0 aid=12) [ 95.985264][ T5953] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 95.998345][ T49] wlan1: No basic rates, using min rate instead [ 96.011036][ T49] wlan1: associated [ 96.106886][ T802] waterforce 0003:1044:7A4D.0002: item fetching failed at offset 0/1 [ 96.116245][ T802] waterforce 0003:1044:7A4D.0002: hid parse failed with -22 [ 96.126108][ T802] waterforce 0003:1044:7A4D.0002: probe with driver waterforce failed with error -22 [ 96.200988][ T5944] usbtmc 1-1:16.0: usb_control_msg returned -71 [ 96.202940][ T802] usb 1-1: USB disconnect, device number 2 [ 96.305755][ T5920] usb 3-1: USB disconnect, device number 2 [ 97.057763][ T866] ------------[ cut here ]------------ [ 97.063411][ T866] !sta [ 97.063442][ T866] WARNING: net/mac80211/mlme.c:4504 at ieee80211_mgd_probe_ap_send+0x497/0x560, CPU#0: kworker/u8:6/866 [ 97.077876][ T866] Modules linked in: [ 97.082040][ T866] CPU: 0 UID: 0 PID: 866 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) [ 97.091560][ T866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 97.101984][ T866] Workqueue: events_unbound cfg80211_wiphy_work [ 97.108941][ T866] RIP: 0010:ieee80211_mgd_probe_ap_send+0x497/0x560 [ 97.115662][ T866] Code: 4c 89 fe 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 2d d1 6c f6 e8 28 dc 80 f6 90 0f 0b 90 e9 3a fc ff ff e8 1a dc 80 f6 90 <0f> 0b 90 e9 d3 fc ff ff e8 0c dc 80 f6 90 0f 0b 90 e9 3c ff ff ff [ 97.137411][ T866] RSP: 0018:ffffc90004c47aa0 EFLAGS: 00010293 [ 97.143584][ T866] RAX: ffffffff8b451676 RBX: ffff888068a88dc0 RCX: ffff888027015ac0 [ 97.152272][ T866] RDX: 0000000000000000 RSI: ffffffff8e287ccb RDI: ffff888027015ac0 [ 97.160811][ T866] RBP: 0000000000000001 R08: ffff888027015ac0 R09: 000000000000000c [ 97.168895][ T866] R10: 000000000000000c R11: 0000000000000000 R12: ffff888068a8aae2 [ 97.177156][ T866] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff888068a89d40 [ 97.185386][ T866] FS: 0000000000000000(0000) GS:ffff888125002000(0000) knlGS:0000000000000000 [ 97.194576][ T866] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 97.201206][ T866] CR2: 0000001b31520ff8 CR3: 0000000029644000 CR4: 00000000003526f0 [ 97.209572][ T866] Call Trace: [ 97.213262][ T866] [ 97.216245][ T866] cfg80211_wiphy_work+0x2ab/0x4a0 [ 97.221429][ T866] ? process_one_work+0x87c/0x1650 [ 97.227108][ T866] process_one_work+0x949/0x1650 [ 97.232138][ T866] ? __pfx_process_one_work+0x10/0x10 [ 97.237928][ T866] ? do_raw_spin_lock+0x12b/0x2f0 [ 97.243405][ T866] worker_thread+0xb46/0x1140 [ 97.249196][ T866] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 97.255937][ T866] kthread+0x388/0x470 [ 97.260119][ T866] ? __pfx_worker_thread+0x10/0x10 [ 97.265603][ T866] ? __pfx_kthread+0x10/0x10 [ 97.270288][ T866] ret_from_fork+0x51e/0xb90 [ 97.275308][ T866] ? __pfx_ret_from_fork+0x10/0x10 [ 97.280730][ T866] ? __switch_to+0xc7d/0x1450 [ 97.285747][ T866] ? __pfx_kthread+0x10/0x10 [ 97.290404][ T866] ret_from_fork_asm+0x1a/0x30 [ 97.296438][ T866] [ 97.299506][ T866] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 97.307086][ T866] CPU: 0 UID: 0 PID: 866 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) [ 97.316486][ T866] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 97.326666][ T866] Workqueue: events_unbound cfg80211_wiphy_work [ 97.332973][ T866] Call Trace: [ 97.336299][ T866] [ 97.339269][ T866] vpanic+0x56c/0xa60 [ 97.343312][ T866] ? __pfx__printk+0x10/0x10 [ 97.348003][ T866] ? __pfx_vpanic+0x10/0x10 [ 97.352563][ T866] ? is_bpf_text_address+0x292/0x2b0 [ 97.357905][ T866] ? is_bpf_text_address+0x26/0x2b0 [ 97.363165][ T866] panic+0xc5/0xd0 [ 97.366956][ T866] ? __pfx_panic+0x10/0x10 [ 97.371472][ T866] ? ret_from_fork_asm+0x1a/0x30 [ 97.376506][ T866] __warn+0x315/0x4f0 [ 97.380544][ T866] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 97.386579][ T866] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 97.392605][ T866] __report_bug+0x29a/0x540 [ 97.397168][ T866] ? lockdep_hardirqs_on+0x7a/0x110 [ 97.402438][ T866] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 97.408505][ T866] ? __pfx___report_bug+0x10/0x10 [ 97.413577][ T866] ? __lock_acquire+0x6b5/0x2cf0 [ 97.418628][ T866] ? nla_put+0xd0/0x150 [ 97.422836][ T866] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 97.428873][ T866] report_bug+0x16a/0x220 [ 97.433257][ T866] ? ieee80211_mgd_probe_ap_send+0x497/0x560 [ 97.439275][ T866] ? ieee80211_mgd_probe_ap_send+0x499/0x560 [ 97.445301][ T866] handle_bug+0x98/0x200 [ 97.449605][ T866] exc_invalid_op+0x1a/0x50 [ 97.454140][ T866] asm_exc_invalid_op+0x1a/0x20 [ 97.459031][ T866] RIP: 0010:ieee80211_mgd_probe_ap_send+0x497/0x560 [ 97.465662][ T866] Code: 4c 89 fe 48 83 c4 18 5b 41 5c 41 5d 41 5e 41 5f 5d e9 2d d1 6c f6 e8 28 dc 80 f6 90 0f 0b 90 e9 3a fc ff ff e8 1a dc 80 f6 90 <0f> 0b 90 e9 d3 fc ff ff e8 0c dc 80 f6 90 0f 0b 90 e9 3c ff ff ff [ 97.485305][ T866] RSP: 0018:ffffc90004c47aa0 EFLAGS: 00010293 [ 97.491460][ T866] RAX: ffffffff8b451676 RBX: ffff888068a88dc0 RCX: ffff888027015ac0 [ 97.499479][ T866] RDX: 0000000000000000 RSI: ffffffff8e287ccb RDI: ffff888027015ac0 [ 97.507492][ T866] RBP: 0000000000000001 R08: ffff888027015ac0 R09: 000000000000000c [ 97.515596][ T866] R10: 000000000000000c R11: 0000000000000000 R12: ffff888068a8aae2 [ 97.523606][ T866] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff888068a89d40 [ 97.531630][ T866] ? ieee80211_mgd_probe_ap_send+0x496/0x560 [ 97.537679][ T866] cfg80211_wiphy_work+0x2ab/0x4a0 [ 97.542852][ T866] ? process_one_work+0x87c/0x1650 [ 97.548021][ T866] process_one_work+0x949/0x1650 [ 97.553032][ T866] ? __pfx_process_one_work+0x10/0x10 [ 97.558547][ T866] ? do_raw_spin_lock+0x12b/0x2f0 [ 97.563660][ T866] worker_thread+0xb46/0x1140 [ 97.568419][ T866] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 97.574286][ T866] kthread+0x388/0x470 [ 97.578401][ T866] ? __pfx_worker_thread+0x10/0x10 [ 97.583561][ T866] ? __pfx_kthread+0x10/0x10 [ 97.588204][ T866] ret_from_fork+0x51e/0xb90 [ 97.592854][ T866] ? __pfx_ret_from_fork+0x10/0x10 [ 97.598012][ T866] ? __switch_to+0xc7d/0x1450 [ 97.602739][ T866] ? __pfx_kthread+0x10/0x10 [ 97.607386][ T866] ret_from_fork_asm+0x1a/0x30 [ 97.612232][ T866] [ 97.615874][ T866] Kernel Offset: disabled [ 97.620206][ T866] Rebooting in 86400 seconds..