last executing test programs: 4.743188481s ago: executing program 2 (id=3): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) sendmsg$inet6(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000080)="2905f74dd00887", 0x206c}], 0x1}, 0x4000010) 4.324393762s ago: executing program 2 (id=5): syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e0a056020"], 0xd) 4.184362693s ago: executing program 2 (id=6): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) r1 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000340)=0x0) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$FE_GET_EVENT(r1, 0x80286f4e, &(0x7f0000000140)) ioctl$FE_SET_FRONTEND(r1, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @qam={0x3, 0xb, 0xa}}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) r3 = timerfd_create(0x1, 0x800) timerfd_gettime(r3, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x3, 0x1000002, 0x0, 0x5, "d52c2000000102000300ecffffff0100"}) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0x6) syz_open_dev$vbi(&(0x7f0000000100), 0x1, 0x2) 3.567446496s ago: executing program 2 (id=7): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000440)}) ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f00000002c0)="66b9800000c00f326635010000000f3064660f38828e4258660f08676ac744240012e93bf96766c744240201000000f20f78ecf5543e660f3829544e66b9800000c00f326635002000000f01df66b805000000f3a5baf80c66b80e5ca48f66efbafc4cec0f01310f019c09000f01c2", 0x6f}], 0x1, 0x7d, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r1, 0x4068aea3, &(0x7f0000000100)={0xbc, 0x0, 0x4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.794118882s ago: executing program 0 (id=1): socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000002a80)=[{&(0x7f0000000080)="c2", 0x1}], 0x1) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) write$cgroup_pid(r4, &(0x7f0000000000), 0xffffff98) splice(r0, 0x0, r4, 0x0, 0x80, 0x8) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r5, 0x0, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) write(r2, 0x0, 0x0) 2.543508218s ago: executing program 2 (id=12): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000", @ANYBLOB="f7", @ANYRESDEC], 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ppoll(&(0x7f00000000c0)=[{r1, 0x200}], 0x1, 0x0, 0x0, 0x0) syz_usb_disconnect(r0) 2.19622248s ago: executing program 3 (id=15): mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x80101, 0x101) dup2(r2, r0) close(0x3) 1.891097998s ago: executing program 1 (id=16): socket$can_raw(0x1d, 0x3, 0x1) socket(0x10, 0x4, 0x8) openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x14) 1.704892814s ago: executing program 1 (id=17): socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x1, 0x0}, 0x200400c0) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100400000000000020344000000080003", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140002"], 0x4c}, 0x1, 0x0, 0x0, 0x40010}, 0x4090) 1.578208749s ago: executing program 0 (id=18): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x161140, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04250c20"], 0x7) 1.368091671s ago: executing program 1 (id=19): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, 0x0, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x30}}, 0x4) 1.193385462s ago: executing program 1 (id=20): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x300, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000440)}) ioctl$KVM_SET_CLOCK(r1, 0x4188aec6, &(0x7f0000000040)={0x1, 0x8, 0x0, 0xb, 0x100a}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f00000002c0)="66b9800000c00f326635010000000f3064660f38828e4258660f08676ac744240012e93bf96766c744240201000000f20f78ecf5543e660f3829544e66b9800000c00f326635002000000f01df66b805000000f3a5baf80c66b80e5ca48f66efbafc4cec0f01310f019c09000f01c2", 0x6f}], 0x1, 0x7d, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CAP_X86_USER_SPACE_MSR(r1, 0x4068aea3, &(0x7f0000000100)={0xbc, 0x0, 0x4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.16505617s ago: executing program 3 (id=21): mkdir(&(0x7f0000000280)='./file0\x00', 0x0) lchown(&(0x7f0000000100)='./file0\x00', 0xee00, 0x0) 698.990595ms ago: executing program 0 (id=22): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000280)={0x13, 0x1, 0x5}) ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f0000000080)={0xc100000000000000, 0xffff1000, 0x2, 0x6, 0x1d}) 698.89993ms ago: executing program 3 (id=23): r0 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) sendmsg$inet6(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000080)="2905f74dd00887", 0x206c}], 0x1}, 0x4000010) 573.109087ms ago: executing program 3 (id=24): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) r1 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002) fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$FE_GET_EVENT(r1, 0x80286f4e, &(0x7f0000000140)) ioctl$FE_SET_FRONTEND(r1, 0x40246f4c, &(0x7f0000000080)={0x30a32c0, 0x1, @qam={0x3, 0xb, 0xa}}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) r2 = timerfd_create(0x1, 0x800) timerfd_gettime(r2, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x3, 0x1000002, 0x0, 0x5, "d52c2000000102000300ecffffff0100"}) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0x6) syz_open_dev$vbi(&(0x7f0000000100), 0x1, 0x2) 487.165863ms ago: executing program 1 (id=25): socket$can_raw(0x1d, 0x3, 0x1) socket(0x10, 0x4, 0x8) openat$sequencer(0xffffffffffffff9c, 0x0, 0x80200, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x14) 259.410436ms ago: executing program 1 (id=26): socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000002a80)=[{&(0x7f0000000080)="c2", 0x1}], 0x1) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) write$cgroup_pid(r4, &(0x7f0000000000), 0xffffff98) splice(r0, 0x0, r4, 0x0, 0x80, 0x8) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r5, 0x0, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) write(r2, 0x0, 0x0) 122.235393ms ago: executing program 0 (id=27): socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x1, 0x0}, 0x200400c0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYBLOB="010040000000000002034400000008000300", @ANYRES32=r1, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140002"], 0x4c}, 0x1, 0x0, 0x0, 0x40010}, 0x4090) 79.805805ms ago: executing program 3 (id=28): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, 0x0, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x30}}, 0x4) 0s ago: executing program 3 (id=29): pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) mq_getsetattr(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.127' (ED25519) to the list of known hosts. [ 75.792639][ T5605] cgroup: Unknown subsys name 'net' [ 76.036257][ T5605] cgroup: Unknown subsys name 'cpuset' [ 76.089755][ T5605] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 77.732924][ T5605] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 80.055242][ T5619] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 80.076433][ T5619] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 80.084132][ T5619] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 80.116512][ T5625] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 80.131712][ T5627] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 80.147069][ T5627] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 80.167739][ T5627] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 80.181972][ T5627] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.182921][ T5627] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 80.199788][ T5634] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 80.202126][ T5634] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 80.205630][ T5634] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 80.211175][ T5634] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 80.211360][ T5631] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 80.212903][ T5634] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 80.213367][ T5634] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 80.214484][ T5631] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 80.215828][ T5634] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 80.226624][ T5634] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 80.289272][ T5625] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.644593][ T823] cfg80211: failed to load regulatory.db [ 82.260832][ T5625] Bluetooth: hci3: command tx timeout [ 82.339225][ T5634] Bluetooth: hci0: command tx timeout [ 82.339730][ T5625] Bluetooth: hci2: command tx timeout [ 82.388281][ T5622] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.390010][ T5622] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.390283][ T5622] bridge_slave_0: entered allmulticast mode [ 82.393700][ T5622] bridge_slave_0: entered promiscuous mode [ 82.419193][ T5625] Bluetooth: hci1: command tx timeout [ 82.451608][ T5622] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.452180][ T5622] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.452360][ T5622] bridge_slave_1: entered allmulticast mode [ 82.454099][ T5622] bridge_slave_1: entered promiscuous mode [ 82.607906][ T5617] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.608237][ T5617] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.608728][ T5617] bridge_slave_0: entered allmulticast mode [ 82.631438][ T5617] bridge_slave_0: entered promiscuous mode [ 82.641134][ T5622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.641771][ T5623] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.642098][ T5623] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.642356][ T5623] bridge_slave_0: entered allmulticast mode [ 82.646699][ T5623] bridge_slave_0: entered promiscuous mode [ 82.653781][ T5620] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.654071][ T5620] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.654338][ T5620] bridge_slave_0: entered allmulticast mode [ 82.657486][ T5620] bridge_slave_0: entered promiscuous mode [ 82.666991][ T5617] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.667260][ T5617] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.667988][ T5617] bridge_slave_1: entered allmulticast mode [ 82.672642][ T5617] bridge_slave_1: entered promiscuous mode [ 82.678836][ T5622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.681277][ T5623] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.681552][ T5623] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.681797][ T5623] bridge_slave_1: entered allmulticast mode [ 82.684866][ T5623] bridge_slave_1: entered promiscuous mode [ 82.751233][ T5620] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.752659][ T5620] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.752929][ T5620] bridge_slave_1: entered allmulticast mode [ 82.756022][ T5620] bridge_slave_1: entered promiscuous mode [ 82.887298][ T5617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.893113][ T5622] team0: Port device team_slave_0 added [ 82.901947][ T5623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.913721][ T5620] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.917265][ T5617] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.922046][ T5622] team0: Port device team_slave_1 added [ 82.928139][ T5623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.934869][ T5620] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.061525][ T5617] team0: Port device team_slave_0 added [ 83.063423][ T5622] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.063440][ T5622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.063454][ T5622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.067069][ T5623] team0: Port device team_slave_0 added [ 83.078495][ T5620] team0: Port device team_slave_0 added [ 83.086652][ T5617] team0: Port device team_slave_1 added [ 83.089218][ T5622] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.089231][ T5622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.089253][ T5622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.095464][ T5623] team0: Port device team_slave_1 added [ 83.106943][ T5620] team0: Port device team_slave_1 added [ 83.247858][ T5617] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.247870][ T5617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.247884][ T5617] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.252866][ T5623] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.252882][ T5623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.252905][ T5623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.256157][ T5620] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.256170][ T5620] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.256191][ T5620] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.262129][ T5617] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.262144][ T5617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.262166][ T5617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.286453][ T5623] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.286470][ T5623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.286494][ T5623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.288940][ T5620] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.288953][ T5620] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 83.288975][ T5620] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.377518][ T5622] hsr_slave_0: entered promiscuous mode [ 83.379829][ T5622] hsr_slave_1: entered promiscuous mode [ 83.562486][ T5617] hsr_slave_0: entered promiscuous mode [ 83.563613][ T5617] hsr_slave_1: entered promiscuous mode [ 83.564838][ T5617] debugfs: 'hsr0' already exists in 'hsr' [ 83.564921][ T5617] Cannot create hsr debugfs directory [ 83.587623][ T5623] hsr_slave_0: entered promiscuous mode [ 83.589621][ T5623] hsr_slave_1: entered promiscuous mode [ 83.594852][ T5623] debugfs: 'hsr0' already exists in 'hsr' [ 83.594874][ T5623] Cannot create hsr debugfs directory [ 83.608364][ T5620] hsr_slave_0: entered promiscuous mode [ 83.610688][ T5620] hsr_slave_1: entered promiscuous mode [ 83.612245][ T5620] debugfs: 'hsr0' already exists in 'hsr' [ 83.612267][ T5620] Cannot create hsr debugfs directory [ 84.339628][ T5625] Bluetooth: hci3: command tx timeout [ 84.419297][ T5625] Bluetooth: hci2: command tx timeout [ 84.419327][ T5625] Bluetooth: hci0: command tx timeout [ 84.499308][ T5634] Bluetooth: hci1: command tx timeout [ 84.715772][ T5622] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 84.755845][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 84.768360][ T5622] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 84.806659][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 84.810776][ T5622] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 84.842708][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 84.867039][ T5622] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 84.893829][ T5622] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 84.994142][ T5623] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 85.025172][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.038224][ T5623] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 85.075707][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.087345][ T5623] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 85.120691][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.148521][ T5623] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 85.176716][ T5623] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.364354][ T5620] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 85.406014][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.421180][ T5620] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 85.464817][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.488871][ T5620] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 85.523995][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.552914][ T5620] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 85.587112][ T5620] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.744556][ T5617] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 85.782823][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 85.788444][ T5617] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 85.825294][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 85.837326][ T5617] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 85.875136][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 85.886621][ T5617] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 85.924150][ T5617] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 85.965937][ T5622] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.058572][ T5622] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.123490][ T5623] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.136044][ T1784] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.136297][ T1784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.192339][ T1784] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.192655][ T1784] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.262747][ T5623] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.303693][ T1193] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.303830][ T1193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.328470][ T5620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.376492][ T1193] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.376603][ T1193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.419630][ T5634] Bluetooth: hci3: command tx timeout [ 86.477156][ T5620] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.499208][ T5634] Bluetooth: hci0: command tx timeout [ 86.499236][ T5634] Bluetooth: hci2: command tx timeout [ 86.536357][ T5617] 8021q: adding VLAN 0 to HW filter on device bond0 [ 86.554283][ T1784] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.554572][ T1784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.579726][ T5625] Bluetooth: hci1: command tx timeout [ 86.611896][ T1753] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.612077][ T1753] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.713901][ T5617] 8021q: adding VLAN 0 to HW filter on device team0 [ 86.762378][ T1193] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.762615][ T1193] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.827538][ T1193] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.827773][ T1193] bridge0: port 2(bridge_slave_1) entered forwarding state [ 87.503752][ T5622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 87.887705][ T5622] veth0_vlan: entered promiscuous mode [ 87.964061][ T5623] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.004448][ T5622] veth1_vlan: entered promiscuous mode [ 88.173378][ T5620] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.198820][ T5617] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.305337][ T5622] veth0_macvtap: entered promiscuous mode [ 88.335067][ T5623] veth0_vlan: entered promiscuous mode [ 88.337867][ T5622] veth1_macvtap: entered promiscuous mode [ 88.407393][ T5623] veth1_vlan: entered promiscuous mode [ 88.463683][ T5620] veth0_vlan: entered promiscuous mode [ 88.468283][ T5622] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.487618][ T5617] veth0_vlan: entered promiscuous mode [ 88.499860][ T5625] Bluetooth: hci3: command tx timeout [ 88.508662][ T5622] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.556865][ T5620] veth1_vlan: entered promiscuous mode [ 88.577289][ T5617] veth1_vlan: entered promiscuous mode [ 88.579842][ T5625] Bluetooth: hci2: command tx timeout [ 88.579871][ T5625] Bluetooth: hci0: command tx timeout [ 88.602012][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.606063][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.626530][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.646801][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.662047][ T5634] Bluetooth: hci1: command tx timeout [ 88.745048][ T5623] veth0_macvtap: entered promiscuous mode [ 88.814107][ T5623] veth1_macvtap: entered promiscuous mode [ 89.071101][ T5620] veth0_macvtap: entered promiscuous mode [ 89.084850][ T5617] veth0_macvtap: entered promiscuous mode [ 89.115547][ T5623] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.116380][ T5620] veth1_macvtap: entered promiscuous mode [ 89.133721][ T5617] veth1_macvtap: entered promiscuous mode [ 89.174170][ T5623] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.205156][ T800] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.205179][ T800] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.223573][ T1193] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.236193][ T1193] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.268594][ T1193] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.279410][ T1193] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.284694][ T5620] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.295400][ T5617] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.358731][ T5620] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.363214][ T5617] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.446013][ T800] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.446032][ T800] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.504282][ T2800] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.529995][ T2800] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.551355][ T2791] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.588826][ T2791] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.633485][ T2791] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.657333][ T2791] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.670032][ T2791] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.844993][ T2791] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.429527][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.429548][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.723903][ T1784] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.723922][ T1784] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.790825][ T1784] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.790844][ T1784] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.966506][ T2800] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.966524][ T2800] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.146138][ T5779] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 91.273315][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.273333][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.400146][ T5781] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 91.591347][ T5784] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4'. [ 91.665069][ T70] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.665087][ T70] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.541767][ T32] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 93.882778][ T32] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 93.882809][ T32] usb 3-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config [ 93.882828][ T32] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 93.882879][ T32] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 93.900963][ T32] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 93.900993][ T32] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 93.901012][ T32] usb 3-1: Product: syz [ 93.901027][ T32] usb 3-1: Manufacturer: syz [ 94.260277][ T32] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22 [ 94.513312][ T5730] usb 3-1: USB disconnect, device number 2 [ 95.013376][ T2800] ------------[ cut here ]------------ [ 95.013391][ T2800] in_task() && kcov_mode_enabled(mode) [ 95.013404][ T2800] WARNING: kernel/kcov.c:894 at kcov_remote_start+0x5d8/0x710, CPU#1: kworker/u8:26/2800 [ 95.013446][ T2800] Modules linked in: [ 95.013480][ T2800] CPU: 1 UID: 0 PID: 2800 Comm: kworker/u8:26 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 95.013502][ T2800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 95.013514][ T2800] Workqueue: events_unbound cfg80211_wiphy_work [ 95.013542][ T2800] RIP: 0010:kcov_remote_start+0x5d8/0x710 [ 95.013566][ T2800] Code: 00 5b 41 5c 41 5d 41 5e 41 5f 5d e9 f2 88 f4 02 90 0f 0b 90 e9 62 fa ff ff 90 0f 0b 90 0f b7 83 c0 04 00 00 e9 a3 fa ff ff 90 <0f> 0b 90 eb 04 90 0f 0b 90 e8 ca 35 78 09 89 c0 48 c7 c7 c0 e2 bb [ 95.013583][ T2800] RSP: 0018:ffffc9000dfefa38 EFLAGS: 00010202 [ 95.013600][ T2800] RAX: 0000000000000002 RBX: ffff8880316d8000 RCX: 0000000000000000 [ 95.013614][ T2800] RDX: 0000000000000000 RSI: ffffffff8bcc4d60 RDI: ffffffff8bcc4d20 [ 95.013629][ T2800] RBP: ffff88802effa280 R08: ffffffff8b404b20 R09: ffffffff8e3cb2a0 [ 95.013645][ T2800] R10: dffffc0000000000 R11: fffffbfff1f9e71f R12: ffff8880256b9ed8 [ 95.013660][ T2800] R13: ffff88805ca107d8 R14: 0000000000000000 R15: ffff8880256b9040 [ 95.013675][ T2800] FS: 0000000000000000(0000) GS:ffff888125b6b000(0000) knlGS:0000000000000000 [ 95.013692][ T2800] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 95.013706][ T2800] CR2: 00007fb627c9dac0 CR3: 000000003897c000 CR4: 00000000003526f0 [ 95.013723][ T2800] Call Trace: [ 95.013735][ T2800] [ 95.013748][ T2800] ieee80211_iface_work+0x20e/0x1020 [ 95.013809][ T2800] cfg80211_wiphy_work+0x2a2/0x440 [ 95.013838][ T2800] ? process_one_work+0x8be/0x1630 [ 95.013866][ T2800] process_one_work+0x98b/0x1630 [ 95.013913][ T2800] ? __pfx_process_one_work+0x10/0x10 [ 95.013940][ T2800] ? do_raw_spin_lock+0x12b/0x2f0 [ 95.013976][ T2800] worker_thread+0xb49/0x1140 [ 95.014015][ T2800] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 95.014054][ T2800] kthread+0x388/0x470 [ 95.014077][ T2800] ? __pfx_worker_thread+0x10/0x10 [ 95.014102][ T2800] ? __pfx_kthread+0x10/0x10 [ 95.014120][ T2800] ret_from_fork+0x514/0xb70 [ 95.014143][ T2800] ? __pfx_ret_from_fork+0x10/0x10 [ 95.014167][ T2800] ? __switch_to+0xc79/0x1410 [ 95.014189][ T2800] ? __pfx_kthread+0x10/0x10 [ 95.014211][ T2800] ret_from_fork_asm+0x1a/0x30 [ 95.014252][ T2800] [ 95.014263][ T2800] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 95.014279][ T2800] CPU: 1 UID: 0 PID: 2800 Comm: kworker/u8:26 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 95.014299][ T2800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 95.014311][ T2800] Workqueue: events_unbound cfg80211_wiphy_work [ 95.014333][ T2800] Call Trace: [ 95.014341][ T2800] [ 95.014350][ T2800] vpanic+0x56c/0xa60 [ 95.014390][ T2800] ? __pfx__printk+0x10/0x10 [ 95.014412][ T2800] ? __pfx_vpanic+0x10/0x10 [ 95.014439][ T2800] ? is_bpf_text_address+0x292/0x2b0 [ 95.014468][ T2800] ? is_bpf_text_address+0x26/0x2b0 [ 95.014504][ T2800] panic+0xc5/0xd0 [ 95.014532][ T2800] ? __pfx_panic+0x10/0x10 [ 95.014567][ T2800] ? ret_from_fork_asm+0x1a/0x30 [ 95.014596][ T2800] __warn+0x315/0x4c0 [ 95.014624][ T2800] ? kcov_remote_start+0x5d8/0x710 [ 95.014648][ T2800] ? kcov_remote_start+0x5d8/0x710 [ 95.014670][ T2800] __report_bug+0x339/0x540 [ 95.014703][ T2800] ? kcov_remote_start+0x5d8/0x710 [ 95.014724][ T2800] ? __pfx___report_bug+0x10/0x10 [ 95.014755][ T2800] ? do_raw_spin_lock+0x12b/0x2f0 [ 95.014776][ T2800] ? __pfx_rtlock_slowlock_locked+0x10/0x10 [ 95.014801][ T2800] ? rt_spin_lock+0x1e0/0x400 [ 95.014818][ T2800] ? rt_spin_lock+0x1e0/0x400 [ 95.014837][ T2800] ? kcov_remote_start+0x5d8/0x710 [ 95.014861][ T2800] report_bug+0x16a/0x220 [ 95.014887][ T2800] ? kcov_remote_start+0x5d8/0x710 [ 95.014909][ T2800] ? kcov_remote_start+0x5da/0x710 [ 95.014930][ T2800] handle_bug+0x9c/0x200 [ 95.014959][ T2800] exc_invalid_op+0x1a/0x50 [ 95.014988][ T2800] asm_exc_invalid_op+0x1a/0x20 [ 95.015009][ T2800] RIP: 0010:kcov_remote_start+0x5d8/0x710 [ 95.015033][ T2800] Code: 00 5b 41 5c 41 5d 41 5e 41 5f 5d e9 f2 88 f4 02 90 0f 0b 90 e9 62 fa ff ff 90 0f 0b 90 0f b7 83 c0 04 00 00 e9 a3 fa ff ff 90 <0f> 0b 90 eb 04 90 0f 0b 90 e8 ca 35 78 09 89 c0 48 c7 c7 c0 e2 bb [ 95.015050][ T2800] RSP: 0018:ffffc9000dfefa38 EFLAGS: 00010202 [ 95.015067][ T2800] RAX: 0000000000000002 RBX: ffff8880316d8000 RCX: 0000000000000000 [ 95.015081][ T2800] RDX: 0000000000000000 RSI: ffffffff8bcc4d60 RDI: ffffffff8bcc4d20 [ 95.015097][ T2800] RBP: ffff88802effa280 R08: ffffffff8b404b20 R09: ffffffff8e3cb2a0 [ 95.015114][ T2800] R10: dffffc0000000000 R11: fffffbfff1f9e71f R12: ffff8880256b9ed8 [ 95.015129][ T2800] R13: ffff88805ca107d8 R14: 0000000000000000 R15: ffff8880256b9040 [ 95.015149][ T2800] ? rt_spin_lock+0x1e0/0x400 [ 95.015175][ T2800] ? kcov_remote_start+0xe0/0x710 [ 95.015200][ T2800] ieee80211_iface_work+0x20e/0x1020 [ 95.015240][ T2800] cfg80211_wiphy_work+0x2a2/0x440 [ 95.015266][ T2800] ? process_one_work+0x8be/0x1630 [ 95.015293][ T2800] process_one_work+0x98b/0x1630 [ 95.015336][ T2800] ? __pfx_process_one_work+0x10/0x10 [ 95.015371][ T2800] ? do_raw_spin_lock+0x12b/0x2f0 [ 95.015409][ T2800] worker_thread+0xb49/0x1140 [ 95.015446][ T2800] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 95.015486][ T2800] kthread+0x388/0x470 [ 95.015511][ T2800] ? __pfx_worker_thread+0x10/0x10 [ 95.015539][ T2800] ? __pfx_kthread+0x10/0x10 [ 95.015564][ T2800] ret_from_fork+0x514/0xb70 [ 95.015594][ T2800] ? __pfx_ret_from_fork+0x10/0x10 [ 95.015618][ T2800] ? __switch_to+0xc79/0x1410 [ 95.015640][ T2800] ? __pfx_kthread+0x10/0x10 [ 95.015664][ T2800] ret_from_fork_asm+0x1a/0x30 [ 95.015704][ T2800] [ 95.016008][ T2800] Kernel Offset: disabled