last executing test programs: 11m12.977286368s ago: executing program 0 (id=129): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) getpeername$packet(0xffffffffffffffff, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000600)=0x14) setsockopt$MRT6_DEL_MIF(0xffffffffffffffff, 0x29, 0xcb, 0x0, 0x0) sendmmsg$unix(r3, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r4 = socket$tipc(0x1e, 0x5, 0x0) prctl$PR_SET_NAME(0xf, 0x0) bind$tipc(r4, &(0x7f0000000340)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}, 0x100000}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10) r5 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) write$binfmt_script(r6, &(0x7f0000000100), 0xfffffd9d) write$sequencer(r6, &(0x7f0000000000), 0xca80) write$FUSE_INIT(r6, &(0x7f0000000180)={0x50, 0xfffffffffffffffe, 0x0, {0x7, 0x28, 0x0, 0x840, 0x1, 0x0, 0x400400}}, 0x50) syz_emit_ethernet(0x2a, &(0x7f0000000a80)={@local, @random="ce3500590a7f", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0xf, 0x1c, 0x66, 0x5, 0x4, 0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x40}, @local}, {0x13, 0x1, 0x0, @empty}}}}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x1f, &(0x7f00000004c0)={&(0x7f0000001000)}, 0x1) 11m8.210397625s ago: executing program 0 (id=134): r0 = socket$nl_rdma(0x10, 0x3, 0x14) close(0xffffffffffffffff) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB="00250000ffb74bd52d7e808e030000000000edfff2361695d8d20c1f3d444de08abc3f6cdcbea405725ddf30278a17d3531fe3f5dc3b62f6fe159cdc8b32f672a29cd2b5df677d0f3eb71599c9ab0f6f4718a8c5332d4f436601e9ee8fac76791967aea8994caa17e63b52f49ebe34b2bb674e4e9d138153bb1cd9f4bf0d3450fd31e799", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r1}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, 0x0, 0x0}, 0x94) sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000009000000440003800800010002000000140002007663616e3000000000000000000000000800030000000000140006"], 0x58}}, 0x0) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_GET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)={0x28, r5, 0x1, 0x0, 0x0, {0x7}, [@L2TP_ATTR_IFNAME={0x14}]}, 0x28}}, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000540), 0xffffffffffffffff) r6 = socket(0x10, 0x3, 0x0) write(r6, &(0x7f0000000000), 0x0) getsockopt$inet_mreqn(r6, 0x0, 0x23, &(0x7f0000000580)={@remote, @initdev}, &(0x7f00000005c0)=0xffffffffffffff1c) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r8, &(0x7f00000004c0)={&(0x7f0000000200), 0xc, &(0x7f0000000240)={&(0x7f0000000480)={0x14, 0xa, 0x6, 0x5, 0x0, 0x0, {0x9, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x24004007) sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_newroute={0x1c, 0x18, 0xffffffffffffffff, 0x70bd2b, 0x0, {0xa, 0x0, 0x0, 0x0, 0xff, 0x0, 0xfd, 0x9}}, 0x1c}}, 0x4004) r9 = socket$inet6(0xa, 0x3, 0xff) sendmmsg$inet6(r9, &(0x7f0000002bc0)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000000700)}, {&(0x7f0000000800)="b8977f79ab359dae635b2f09d0cbb961fef2fb5af79d677e4a596d93d438ab8a72b2dfff22a4a0515c201b83bcbd91b784ed0d02f6dc7014959a4fee3530d63c2e3535a543aadc32bb3230d943214302e3a6b7e03f7294fcdb4d5a738ccbf1eb2d3e92fe9760f4545a8b694bfa585a49d1edf227ffc20229c527af286557f87af061505e853bc08132e92c884faae3e1ea00300936b710beed0fb95f8f9e0e181d125da5d0cb97d499", 0xa9}, {&(0x7f00000008c0)="810f2336173d0fd74454f367bdd5d5d191c08adc8cccdcc812df1a73bd6d704e61bcdcb8e8336a62a9a7d96a7c65754c22a6441bc3c26a69e230a6cbd3d59585b3e4edf97b81485d3f68aafa9deca2cd1d60a88112792af0f2a3814f9f3bb22f3642dad68f9fe904706ec090b4a5640d58bf82c01f5d81319a318727cb8a06af4fc2f0018056a1298cf179fab5cf28f6bccb99e68900bc36e07a057a17cd87ade05b56c1ef67678bedbfd8261adb0b1f237cdbf5b5c53abe80c86d7332bb35eb376515abbb356f5b07a6eaef6486ad15b62d057006d5c69d73b5fe79efa40c2a1974c1", 0xe3}, {&(0x7f00000009c0)="4fd39c80d6f20dbfd0414b54b48874cee1c6c222ef6fd02961887609778e170ab02afefb4a4d15fc9d2bd0adeecd1b0f211ab7c0355fc413462c58332e65cf2b49a5336aaa5415a906f588189e6e6621cccd717f61", 0x55}, {0x0}, {&(0x7f0000001b40)}], 0x6}}], 0x2, 0x0) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, 0x0, 0x20004801) 11m7.276916674s ago: executing program 0 (id=138): r0 = socket$can_bcm(0x1d, 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() landlock_create_ruleset(0x0, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0xa8, &(0x7f0000000040)=ANY=[]) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setresuid(0xee01, 0x0, 0x0) syz_pidfd_open(0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) process_madvise(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r4}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYBLOB='\x00\x00\x00\x00'], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x1, 0x16b, 0x1, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @can={{0x2}, 0x8, 0x3, 0x0, 0x0, "ae771949a0cb35d4"}}, 0x48}}, 0x80) 11m6.865742252s ago: executing program 1 (id=140): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x10000008, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getgroups(0x0, 0x0) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r3, &(0x7f0000000180)=@in6={0x21, 0x0, 0x2, 0x1c, {0x2d, 0x0, 0x0, @local}}, 0x42) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0x8, 0x4c5, 0x0, 0x2, 0x4, 0x80000001, 0xf, 0x0, 0xbe, 0xe39, 0x0, 0x532, 0x3, 0xb, 0xa, 0x26, {0x2001, 0x3}, 0x0, 0x2}}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r4, 0x0, 0x0, 0xffff, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300), 0x0}) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), r8) sendmsg$ETHTOOL_MSG_COALESCE_SET(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, r9, 0x1, 0x70bd2e}, 0x14}, 0x1, 0x0, 0x0, 0x104}, 0x20000000) r10 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_buf(r10, 0x6, 0x1f, 0x0, 0x0) 11m4.708805851s ago: executing program 0 (id=142): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{0x0}], 0x1) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = syz_io_uring_setup(0x497, &(0x7f00000002c0)={0x0, 0x89b8, 0x800, 0x0, 0x207}, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, 0x0) io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0) 11m4.661254916s ago: executing program 1 (id=143): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TIOCMSET(r0, 0x5418, 0x0) socket$kcm(0x10, 0x2, 0x10) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125b2ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb03bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2033aae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b85b7b26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1111c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeab7ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b96007d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c669bb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b2967cbfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36edd16f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad242c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d6748c2ce5bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4658098549646bd63175adf77b5cdcf102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4baea02fa76fb4830aebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f8426a9049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21abfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e0068607000000fb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9fb4000000f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002afea6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b46e7d62fbcfc1c2cfb01fcf0db5e8a162bfb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae66444a8f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb32473c345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28297852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63b9e5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a7800000001a00", 0x1000}}, 0x1006) r1 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f00000003c0), 0x8140, 0x0) r3 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n0xffffffffffffffff}) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x2, 0x3, 0x0, 0x2, 0x10, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "fd"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfd}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}]}, 0x80}, 0x1, 0x7}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x2, &(0x7f00000001c0)=0x7ff, 0x4) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002, 0x2000}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x3, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00", 0xca, 0x1, 0x0, 0x0) r4 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r4, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) r5 = socket$tipc(0x1e, 0x5, 0x0) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000080)={0x42, 0x80000009, 0x2}, 0x10) r7 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000300)={0x42, 0x3}, 0x10) bind$tipc(r5, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x4, 0x10000000}}, 0x10) sendmsg$tipc(r6, &(0x7f0000000180)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40040}, 0x4) splice(r3, 0x0, r1, 0x0, 0x406f413, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) rseq(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) pipe2(&(0x7f0000000040), 0x0) 11m3.808134842s ago: executing program 0 (id=145): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x1f, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x8, 0x3, 0x1ff, 0x3d, 0x963, 0x3, 0x53, 0x202, 0x1, 0xc}) 11m3.257732416s ago: executing program 1 (id=146): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) syz_emit_ethernet(0x116b, &(0x7f0000002240)=ANY=[@ANYBLOB], 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x3, '\x00', 0x0, r0, 0x1}, 0x50) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x5) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$unix(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) openat$vim2m(0xffffff9c, 0x0, 0x2, 0x0) 11m1.8148845s ago: executing program 0 (id=147): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0xf, &(0x7f0000000080)=0x4, 0x4) listen(0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) close(0xffffffffffffffff) 10m53.292816876s ago: executing program 1 (id=152): r0 = socket$can_bcm(0x1d, 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r1 = getpid() landlock_create_ruleset(0x0, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0xa8, &(0x7f0000000040)=ANY=[]) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setresuid(0xee01, 0x0, 0x0) syz_pidfd_open(0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) process_madvise(0xffffffffffffffff, &(0x7f0000000280), 0x0, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r4}, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=ANY=[@ANYBLOB="0100"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYBLOB='\x00\x00\x00\x00'], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x1, 0x16b, 0x1, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @can={{0x2}, 0x8, 0x3, 0x0, 0x0, "ae771949a0cb35d4"}}, 0x48}}, 0x80) 10m48.983887271s ago: executing program 1 (id=158): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0xf0b, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x0, 0x800000, 0x0, 0xffffffff}, 0x20, 0x0, 0x7, 0x8, 0x101, 0x14, 0x0, 0x0, 0x0, 0x0, {0x200}}}}]}, 0x78}}, 0x4080) r5 = socket(0x10, 0x803, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtclass={0x60, 0x28, 0x800, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0x2, 0x4}, {0x0, 0xa}, {0x10, 0xffe0}}, [@TCA_RATE={0x6, 0x5, {0x4, 0xb7}}, @TCA_RATE={0x6, 0x5, {0xa, 0x7}}, @tclass_kind_options=@c_htb={{0x8}, {0x10, 0x2, [@TCA_HTB_RATE64={0xc, 0x6, 0x3}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0x10}}, @tclass_kind_options=@c_multiq={0xb}]}, 0x60}}, 0x24040084) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) clock_adjtime(0x0, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) process_mrelease(0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') pread64(r8, &(0x7f0000002180)=""/4101, 0x1005, 0x1) 10m46.130347601s ago: executing program 32 (id=147): madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0xf, &(0x7f0000000080)=0x4, 0x4) listen(0xffffffffffffffff, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) close(0xffffffffffffffff) 10m33.927941503s ago: executing program 33 (id=158): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=@newqdisc={0x78, 0x24, 0xf0b, 0xfffffffe, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x0, 0x800000, 0x0, 0xffffffff}, 0x20, 0x0, 0x7, 0x8, 0x101, 0x14, 0x0, 0x0, 0x0, 0x0, {0x200}}}}]}, 0x78}}, 0x4080) r5 = socket(0x10, 0x803, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtclass={0x60, 0x28, 0x800, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0x2, 0x4}, {0x0, 0xa}, {0x10, 0xffe0}}, [@TCA_RATE={0x6, 0x5, {0x4, 0xb7}}, @TCA_RATE={0x6, 0x5, {0xa, 0x7}}, @tclass_kind_options=@c_htb={{0x8}, {0x10, 0x2, [@TCA_HTB_RATE64={0xc, 0x6, 0x3}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0x10}}, @tclass_kind_options=@c_multiq={0xb}]}, 0x60}}, 0x24040084) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) clock_adjtime(0x0, 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) process_mrelease(0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') pread64(r8, &(0x7f0000002180)=""/4101, 0x1005, 0x1) 5m57.06038208s ago: executing program 2 (id=544): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), r0) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x28, r1, 0x1, 0x70bd2e, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x4}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_TX={0x5, 0x18, 0x1}, @ETHTOOL_A_COALESCE_RX_USECS_IRQ={0x8, 0x4, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x104}, 0x20000000) 5m54.973822688s ago: executing program 2 (id=546): r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) writev(r0, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1) 5m54.79089766s ago: executing program 2 (id=547): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={0x0, 0x80}}, 0x0) sendmmsg(r3, &(0x7f0000000180), 0x400008a, 0x0) 5m53.462619521s ago: executing program 2 (id=549): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x2, 0x3, 0x0, 0x2, 0x10, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "fd"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfd}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}]}, 0x80}, 0x1, 0x7}, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000001c0)=0x7ff, 0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x3, @loopback}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) socket$tipc(0x1e, 0x2, 0x0) r2 = socket$tipc(0x1e, 0x5, 0x0) socket$tipc(0x1e, 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x4, 0x10000000}}, 0x10) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x406f413, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) rseq(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 5m48.0797401s ago: executing program 2 (id=556): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) syz_emit_ethernet(0x116b, &(0x7f0000002240)=ANY=[@ANYBLOB], 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x3, '\x00', 0x0, r0, 0x1}, 0x50) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x5) ioctl$TIOCSTI(r2, 0x5412, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$unix(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) openat$vim2m(0xffffff9c, 0x0, 0x2, 0x0) 5m42.580516906s ago: executing program 2 (id=564): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x2, 0x3, 0x0, 0x2, 0x10, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "fd"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfd}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}]}, 0x80}, 0x1, 0x7}, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000001c0)=0x7ff, 0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x3, @loopback}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) socket$tipc(0x1e, 0x2, 0x0) r2 = socket$tipc(0x1e, 0x5, 0x0) socket$tipc(0x1e, 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x4, 0x10000000}}, 0x10) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x406f413, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) rseq(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 5m26.496145268s ago: executing program 34 (id=564): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x2, 0x3, 0x0, 0x2, 0x10, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "fd"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfd}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local}}]}, 0x80}, 0x1, 0x7}, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000001c0)=0x7ff, 0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x3, @loopback}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) socket$tipc(0x1e, 0x2, 0x0) r2 = socket$tipc(0x1e, 0x5, 0x0) socket$tipc(0x1e, 0x2, 0x0) socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x4, 0x10000000}}, 0x10) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x406f413, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) rseq(0x0, 0x0, 0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 8.310338224s ago: executing program 4 (id=1034): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) msgget(0x1, 0x2b0) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x400, &(0x7f0000000340)=ANY=[@ANYRESHEX, @ANYRES64]) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x18, 0x30, 0x4, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) socket$inet6(0xa, 0x5, 0x6) sync() tkill(0x0, 0x7) r4 = socket$inet6(0xa, 0x2, 0x3a) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, 0x0) 6.865713997s ago: executing program 4 (id=1037): r0 = socket$packet(0x11, 0x3, 0x300) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000000, 0x810, 0xffffffffffffffff, 0x5eba6000) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendmmsg$inet(r1, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, 0x0}}], 0x1, 0x2400c042) getdents64(0xffffffffffffffff, 0x0, 0x0) poll(&(0x7f0000000300)=[{0xffffffffffffffff, 0x804}, {r1, 0xa640}, {}, {0xffffffffffffffff, 0x4279}, {0xffffffffffffffff, 0x2}, {0xffffffffffffffff, 0x10}, {}], 0x7, 0xfffffffd) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0) pipe2(0x0, 0x80c80) rt_sigprocmask(0x3, 0x0, &(0x7f0000000240), 0xfea4) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000), 0x10, 0x0}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[], 0x48) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSIGACCEPT(r2, 0x5607, 0x2c) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = dup(r3) ioctl$TIOCL_SETVESABLANK(r4, 0x560e, &(0x7f0000000140)) r5 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$VT_ACTIVATE(r5, 0x5606, 0x4) ioctl$TIOCL_BLANKSCREEN(r5, 0x541c, &(0x7f0000000000)) set_tid_address(&(0x7f0000000040)) ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f0000000080)={0xd, 0x8, 0x2, 0x0, 0x0, 0x1000}) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) 5.748652835s ago: executing program 4 (id=1041): r0 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f00000007c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100030010651fbe347b2c2b00000c0001", @ANYRES16=r1], 0x20}}, 0x0) 5.662025402s ago: executing program 4 (id=1042): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d000000040105"], 0x254}}, 0x0) 5.536012988s ago: executing program 4 (id=1043): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000020000090900010073797a31000000007c000000030a01040000000000000000020000060900010073797a31000000000900030073797a30000000"], 0xc4}, 0x1, 0x0, 0x0, 0x24004900}, 0x2000) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c000}, 0x20008800) 5.379789248s ago: executing program 4 (id=1044): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'pim6reg1\x00', 0x2}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x336) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @link_local}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @dev}) 3.018824002s ago: executing program 3 (id=1047): socketpair$unix(0x1, 0x3, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000600)={@in={{0x2, 0x4e20, @loopback}}, 0x0, 0x0, 0x3b, 0x0, "9ded9d61b06dc81d103e0f6900b695edeff80e01663328c082467cf0b42433fa4d47dd6a7ee2e05eba7dfa68546306f79be4052eb940143e88471c090e7c9ac0a4089613564c75d3a57acf6eb249f175"}, 0xd8) bind$inet(r3, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) fcntl$setstatus(r3, 0x4, 0x40800) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) ftruncate(r4, 0x2000009) sendfile(r3, r4, 0x0, 0x7ffff004) mkdirat(r4, &(0x7f0000000000)='./file0\x00', 0x428294d5555bdd45) mount$tmpfs(0x0, 0x0, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, 0x0) read$FUSE(r5, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) 2.009724575s ago: executing program 3 (id=1048): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sys_enter\x00'}, 0x10) futex(&(0x7f0000004000), 0x5, 0x0, 0x0, 0x0, 0x92020007) 1.936248352s ago: executing program 3 (id=1049): syz_io_uring_setup(0x7b, &(0x7f0000000540)={0x0, 0x3bce, 0x10100, 0x0, 0x313}, &(0x7f00000005c0)=0x0, &(0x7f0000000100)=0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r0, r1, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r3, 0x0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1}, 0x0, 0x40000103}) write(r2, 0x0, 0x0) 1.837297318s ago: executing program 3 (id=1050): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) msgget(0x1, 0x2b0) mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x400, &(0x7f0000000340)=ANY=[@ANYRESHEX, @ANYRES64]) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x18, 0x30, 0x4, 0x0, 0x0, {}, [{0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810) socket$inet6(0xa, 0x5, 0x6) sync() tkill(0x0, 0x7) r4 = socket$inet6(0xa, 0x2, 0x3a) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, 0x0) 421.362816ms ago: executing program 3 (id=1051): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) r3 = socket(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5) getsockname$packet(r5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r6, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x7, 0x4, 0x438, 0x240, 0x240, 0x0, 0x350, 0x370, 0x350, 0x4, 0x0, {[{{@arp={@private, @local, 0x0, 0x0, 0x0, 0x0, {@mac=@broadcast}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth1_to_batadv\x00', 'batadv0\x00'}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "bc2e329885ea3654891fbae8c6c66e07212432bde429bcda7deb48d85c6f5e269c2021c8f8dc09af0b3f2e10e8ac79cc67e264613c4be6838ee2daacf7926a6e"}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @rand_addr, @broadcast}}}, {{@arp={@private, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0\x00', 'veth0_to_bond\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x488) r7 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r7, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r7, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendto$inet6(r7, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) sendmsg$nl_route_sched(r3, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x2c, 0x24, 0x5820a61ca228651, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=@newtfilter={0x3c, 0x28, 0x575ac7824d421509, 0x70bd2a, 0x4, {0x0, 0x0, 0x0, r6, {}, {0x1}, {0x4, 0x3d}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x5}}, @filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x3c}}, 0x40) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@delchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x0, 0x1}}}, 0x24}}, 0x10) 0s ago: executing program 3 (id=1052): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a00060000000000ff0000000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmmsg(r4, &(0x7f0000000180), 0x400008a, 0x0) kernel console output (not intermixed with test programs): _simulate: vblank timer overrun [ 477.299814][ T7933] hsr_slave_0: entered promiscuous mode [ 477.301314][ T7933] hsr_slave_1: entered promiscuous mode [ 477.803974][ C1] vkms_vblank_simulate: vblank timer overrun [ 477.915392][ C1] vkms_vblank_simulate: vblank timer overrun [ 478.144004][ C1] vkms_vblank_simulate: vblank timer overrun [ 478.391053][ C1] vkms_vblank_simulate: vblank timer overrun [ 480.146891][ C1] vkms_vblank_simulate: vblank timer overrun [ 480.593904][ C1] vkms_vblank_simulate: vblank timer overrun [ 481.497951][ C1] vkms_vblank_simulate: vblank timer overrun [ 481.813230][ T8037] chnl_net:caif_netlink_parms(): no params data found [ 482.097600][ T5954] bridge_slave_1: left allmulticast mode [ 482.097633][ T5954] bridge_slave_1: left promiscuous mode [ 482.097912][ T5954] bridge0: port 2(bridge_slave_1) entered disabled state [ 482.184012][ C1] vkms_vblank_simulate: vblank timer overrun [ 482.344691][ C1] vkms_vblank_simulate: vblank timer overrun [ 482.635824][ C1] vkms_vblank_simulate: vblank timer overrun [ 482.897392][ C1] vkms_vblank_simulate: vblank timer overrun [ 482.899365][ T5954] bridge_slave_0: left allmulticast mode [ 482.899394][ T5954] bridge_slave_0: left promiscuous mode [ 482.899683][ T5954] bridge0: port 1(bridge_slave_0) entered disabled state [ 483.252259][ C1] vkms_vblank_simulate: vblank timer overrun [ 483.404850][ C1] vkms_vblank_simulate: vblank timer overrun [ 483.835269][ C1] vkms_vblank_simulate: vblank timer overrun [ 483.957642][ C1] vkms_vblank_simulate: vblank timer overrun [ 484.139318][ C1] vkms_vblank_simulate: vblank timer overrun [ 484.230179][ T5954] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 484.345520][ T5954] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 484.423061][ T5954] bond0 (unregistering): Released all slaves [ 484.585431][ C1] vkms_vblank_simulate: vblank timer overrun [ 485.354824][ T8265] netlink: 'syz.3.538': attribute type 4 has an invalid length. [ 485.380669][ C1] vkms_vblank_simulate: vblank timer overrun [ 485.666167][ C1] vkms_vblank_simulate: vblank timer overrun [ 485.718813][ C1] vkms_vblank_simulate: vblank timer overrun [ 486.345140][ C1] vkms_vblank_simulate: vblank timer overrun [ 486.448531][ T8270] netlink: 'syz.3.538': attribute type 4 has an invalid length. [ 486.600567][ T8269] lo speed is unknown, defaulting to 1000 [ 486.604139][ T8269] lo speed is unknown, defaulting to 1000 [ 486.607651][ T8269] lo speed is unknown, defaulting to 1000 [ 486.902791][ T8269] infiniband sz1: set active [ 486.902815][ T8269] infiniband sz1: added lo [ 486.906531][ T8269] sz1: rxe_create_cq: returned err = -12 [ 486.906704][ T8269] infiniband sz1: Couldn't create ib_mad CQ [ 486.906900][ T8269] infiniband sz1: Couldn't open port 1 [ 486.964689][ T8269] RDS/IB: sz1: added [ 486.965519][ T8269] smc: adding ib device sz1 with port count 1 [ 486.966421][ T8269] smc: ib device sz1 port 1 has pnetid [ 487.385901][ T5954] hsr_slave_0: left promiscuous mode [ 487.415002][ T5954] hsr_slave_1: left promiscuous mode [ 487.415880][ T5954] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 487.457429][ T5954] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 488.105605][ T5954] team0 (unregistering): Port device team_slave_1 removed [ 488.225600][ T5954] team0 (unregistering): Port device team_slave_0 removed [ 488.729356][ T8269] lo speed is unknown, defaulting to 1000 [ 488.834965][ T5881] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 488.902327][ T8037] bridge0: port 1(bridge_slave_0) entered blocking state [ 488.902513][ T8037] bridge0: port 1(bridge_slave_0) entered disabled state [ 488.902689][ T8037] bridge_slave_0: entered allmulticast mode [ 488.946404][ T8037] bridge_slave_0: entered promiscuous mode [ 489.055929][ T8037] bridge0: port 2(bridge_slave_1) entered blocking state [ 489.056070][ T8037] bridge0: port 2(bridge_slave_1) entered disabled state [ 489.056287][ T8037] bridge_slave_1: entered allmulticast mode [ 489.061193][ T5909] lo speed is unknown, defaulting to 1000 [ 489.065636][ T8037] bridge_slave_1: entered promiscuous mode [ 489.067466][ T8269] lo speed is unknown, defaulting to 1000 [ 489.132982][ T6040] lo speed is unknown, defaulting to 1000 [ 489.383308][ T5881] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db71, bcdDevice=53.3e [ 489.383334][ T5881] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 489.383351][ T5881] usb 5-1: Product: syz [ 489.383363][ T5881] usb 5-1: Manufacturer: syz [ 489.383376][ T5881] usb 5-1: SerialNumber: syz [ 489.419521][ T5881] dvb-usb: found a 'DViCO FusionHDTV DVB-T NANO2 w/o firmware' in warm state. [ 489.419571][ T5881] usb 5-1: setting power ON [ 489.419588][ T5881] dvb-usb: bulk message failed: -22 (2/0) [ 489.438904][ T5881] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 489.443606][ T5881] dvb-usb: DViCO FusionHDTV DVB-T NANO2 w/o firmware error while loading driver (-19) [ 489.443874][ T5881] dvb_usb_cxusb 5-1:4.0: probe with driver dvb_usb_cxusb failed with error -22 [ 489.526491][ T8269] lo speed is unknown, defaulting to 1000 [ 489.806625][ T8269] lo speed is unknown, defaulting to 1000 [ 489.807880][ T7933] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 490.031446][ T8269] lo speed is unknown, defaulting to 1000 [ 490.410950][ T8037] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 490.626029][ T8288] netlink: 'syz.3.543': attribute type 4 has an invalid length. [ 490.626083][ T8288] netlink: 17 bytes leftover after parsing attributes in process `syz.3.543'. [ 493.102487][ T5895] usb 5-1: USB disconnect, device number 12 [ 493.112097][ T7933] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 493.970972][ T8037] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 493.989437][ T7933] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 494.686160][ T8302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.548'. [ 494.686191][ T8302] netlink: 8 bytes leftover after parsing attributes in process `syz.3.548'. [ 494.734489][ T8302] futex_wake_op: syz.3.548 tries to shift op by 32; fix this program [ 494.786115][ T7933] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 495.111062][ T8037] team0: Port device team_slave_0 added [ 495.135767][ T8037] team0: Port device team_slave_1 added [ 496.012319][ T5836] Bluetooth: Wrong link type (-57) [ 496.732765][ T8037] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 496.732780][ T8037] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 496.732801][ T8037] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 496.798478][ T8037] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 496.798493][ T8037] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 496.798515][ T8037] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 497.360953][ T8337] rdma_rxe: rxe_newlink: failed to add lo [ 498.225022][ T5895] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 498.353367][ T8037] hsr_slave_0: entered promiscuous mode [ 498.375602][ T8037] hsr_slave_1: entered promiscuous mode [ 498.376480][ T8037] debugfs: 'hsr0' already exists in 'hsr' [ 498.376501][ T8037] Cannot create hsr debugfs directory [ 498.383505][ T5895] usb 4-1: New USB device found, idVendor=0fe9, idProduct=db71, bcdDevice=53.3e [ 498.383530][ T5895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.383546][ T5895] usb 4-1: Product: syz [ 498.383559][ T5895] usb 4-1: Manufacturer: syz [ 498.383571][ T5895] usb 4-1: SerialNumber: syz [ 498.700094][ T5895] dvb-usb: found a 'DViCO FusionHDTV DVB-T NANO2 w/o firmware' in warm state. [ 498.700158][ T5895] usb 4-1: setting power ON [ 498.700175][ T5895] dvb-usb: bulk message failed: -22 (2/0) [ 498.755982][ T5895] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 498.868653][ T5895] dvb-usb: DViCO FusionHDTV DVB-T NANO2 w/o firmware error while loading driver (-19) [ 498.868907][ T5895] dvb_usb_cxusb 4-1:4.0: probe with driver dvb_usb_cxusb failed with error -22 [ 500.045324][ T5824] usb 4-1: USB disconnect, device number 10 [ 501.452073][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.452147][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.303328][ T8358] mkiss: ax0: crc mode is auto. [ 502.473684][ T7933] 8021q: adding VLAN 0 to HW filter on device bond0 [ 503.417314][ T7933] 8021q: adding VLAN 0 to HW filter on device team0 [ 503.462616][ T5986] bridge0: port 1(bridge_slave_0) entered blocking state [ 503.465018][ T5986] bridge0: port 1(bridge_slave_0) entered forwarding state [ 503.502536][ T5986] bridge0: port 2(bridge_slave_1) entered blocking state [ 503.502705][ T5986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 504.551775][ T8388] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 505.716758][ C1] vkms_vblank_simulate: vblank timer overrun [ 506.116251][ C1] vkms_vblank_simulate: vblank timer overrun [ 506.372336][ T8414] netlink: 'syz.3.563': attribute type 4 has an invalid length. [ 506.372382][ T8414] netlink: 17 bytes leftover after parsing attributes in process `syz.3.563'. [ 506.409937][ C1] vkms_vblank_simulate: vblank timer overrun [ 507.097289][ C1] vkms_vblank_simulate: vblank timer overrun [ 508.898683][ T6040] usb 5-1: new full-speed USB device number 13 using dummy_hcd [ 509.059185][ T6040] usb 5-1: device descriptor read/all, error -71 [ 509.548239][ C1] vkms_vblank_simulate: vblank timer overrun [ 510.093570][ C1] vkms_vblank_simulate: vblank timer overrun [ 510.360941][ C1] vkms_vblank_simulate: vblank timer overrun [ 510.420741][ T8430] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 510.423965][ T8428] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 510.463264][ T8428] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 510.475364][ T8428] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 510.476434][ T8428] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 510.652695][ T8433] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 512.554987][ T5836] Bluetooth: hci4: command tx timeout [ 514.954828][ T5836] Bluetooth: hci4: command tx timeout [ 515.960331][ T8452] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 517.035070][ T8428] Bluetooth: hci4: command tx timeout [ 519.124889][ T8428] Bluetooth: hci4: command tx timeout [ 521.280832][ T8459] Falling back ldisc for ttyS3. [ 521.565502][ C1] vkms_vblank_simulate: vblank timer overrun [ 522.051685][ C1] vkms_vblank_simulate: vblank timer overrun [ 523.100199][ C1] vkms_vblank_simulate: vblank timer overrun [ 523.908089][ T8426] lo speed is unknown, defaulting to 1000 [ 524.050534][ C1] vkms_vblank_simulate: vblank timer overrun [ 524.545741][ C1] vkms_vblank_simulate: vblank timer overrun [ 524.798709][ C1] vkms_vblank_simulate: vblank timer overrun [ 525.270608][ C1] vkms_vblank_simulate: vblank timer overrun [ 525.463847][ T8494] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 525.480120][ C1] vkms_vblank_simulate: vblank timer overrun [ 526.272284][ C1] vkms_vblank_simulate: vblank timer overrun [ 526.309535][ T5836] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 526.333394][ T5836] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 526.335258][ T5836] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 526.336387][ T5836] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 526.337824][ T5836] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 526.411053][ T8430] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 526.498494][ T8428] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 526.499605][ T8428] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 526.500827][ T8428] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 526.501977][ T8428] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 526.502788][ C1] vkms_vblank_simulate: vblank timer overrun [ 528.452116][ C1] vkms_vblank_simulate: vblank timer overrun [ 528.475002][ T8428] Bluetooth: hci5: command tx timeout [ 528.672472][ T8428] Bluetooth: hci6: command tx timeout [ 528.839506][ T8428] Bluetooth: Wrong link type (-57) [ 529.493968][ C1] vkms_vblank_simulate: vblank timer overrun [ 529.653931][ T8520] netlink: 8 bytes leftover after parsing attributes in process `syz.4.588'. [ 529.653951][ T8520] netlink: 12 bytes leftover after parsing attributes in process `syz.4.588'. [ 529.721210][ T8522] netlink: 48 bytes leftover after parsing attributes in process `syz.3.587'. [ 529.742398][ T37] audit: type=1326 audit(1756594025.281:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8519 comm="syz.4.588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0cc18ebe9 code=0x7ffc0000 [ 529.743576][ T37] audit: type=1326 audit(1756594025.281:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8519 comm="syz.4.588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0cc18ebe9 code=0x7ffc0000 [ 529.743624][ T37] audit: type=1326 audit(1756594025.281:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8519 comm="syz.4.588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=154 compat=0 ip=0x7fd0cc18ebe9 code=0x7ffc0000 [ 529.743666][ T37] audit: type=1326 audit(1756594025.281:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8519 comm="syz.4.588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0cc18ebe9 code=0x7ffc0000 [ 529.743706][ T37] audit: type=1326 audit(1756594025.281:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8519 comm="syz.4.588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0cc18ebe9 code=0x7ffc0000 [ 530.243168][ T8491] lo speed is unknown, defaulting to 1000 [ 530.263517][ T8535] netlink: 104 bytes leftover after parsing attributes in process `syz.4.591'. [ 530.527065][ T8542] netlink: 12 bytes leftover after parsing attributes in process `syz.4.592'. [ 530.555770][ T8428] Bluetooth: hci5: command tx timeout [ 530.826148][ C1] vkms_vblank_simulate: vblank timer overrun [ 530.837438][ T8546] netlink: 4 bytes leftover after parsing attributes in process `syz.4.592'. [ 530.847995][ T8428] Bluetooth: hci6: command tx timeout [ 531.725174][ C1] vkms_vblank_simulate: vblank timer overrun [ 531.837357][ C1] vkms_vblank_simulate: vblank timer overrun [ 532.417212][ C1] vkms_vblank_simulate: vblank timer overrun [ 533.129534][ T8428] Bluetooth: hci5: command tx timeout [ 533.129566][ T8428] Bluetooth: hci6: command tx timeout [ 533.210976][ T8559] netlink: 300 bytes leftover after parsing attributes in process `syz.3.595'. [ 533.364390][ T8492] lo speed is unknown, defaulting to 1000 [ 534.486913][ C1] vkms_vblank_simulate: vblank timer overrun [ 534.674171][ C1] vkms_vblank_simulate: vblank timer overrun [ 534.838195][ C1] vkms_vblank_simulate: vblank timer overrun [ 535.013144][ C1] vkms_vblank_simulate: vblank timer overrun [ 535.142167][ C1] vkms_vblank_simulate: vblank timer overrun [ 535.376307][ C1] vkms_vblank_simulate: vblank timer overrun [ 535.376856][ T5836] Bluetooth: hci6: command tx timeout [ 535.376886][ T5836] Bluetooth: hci5: command tx timeout [ 535.420479][ C1] vkms_vblank_simulate: vblank timer overrun [ 535.662728][ T145] bridge_slave_1: left allmulticast mode [ 535.662759][ T145] bridge_slave_1: left promiscuous mode [ 535.663011][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.766121][ T145] bridge_slave_0: left allmulticast mode [ 535.766151][ T145] bridge_slave_0: left promiscuous mode [ 535.766420][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.935229][ T8580] rdma_rxe: rxe_newlink: failed to add lo [ 536.085991][ C1] vkms_vblank_simulate: vblank timer overrun [ 537.184121][ C1] vkms_vblank_simulate: vblank timer overrun [ 537.415632][ T8599] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 540.697734][ T8603] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 541.665707][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 541.705978][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 541.748987][ T145] bond0 (unregistering): Released all slaves [ 541.947355][ T8426] chnl_net:caif_netlink_parms(): no params data found [ 543.213201][ C1] vkms_vblank_simulate: vblank timer overrun [ 543.369656][ C1] vkms_vblank_simulate: vblank timer overrun [ 543.891178][ C1] vkms_vblank_simulate: vblank timer overrun [ 544.284540][ C1] vkms_vblank_simulate: vblank timer overrun [ 544.628638][ C1] vkms_vblank_simulate: vblank timer overrun [ 544.928341][ T8639] netlink: 'syz.4.604': attribute type 4 has an invalid length. [ 544.928412][ T8639] netlink: 17 bytes leftover after parsing attributes in process `syz.4.604'. [ 544.931397][ C1] vkms_vblank_simulate: vblank timer overrun [ 545.077749][ C1] vkms_vblank_simulate: vblank timer overrun [ 545.650858][ C1] vkms_vblank_simulate: vblank timer overrun [ 546.547035][ C1] vkms_vblank_simulate: vblank timer overrun [ 546.634599][ T145] hsr_slave_0: left promiscuous mode [ 546.667863][ T145] hsr_slave_1: left promiscuous mode [ 546.668996][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 546.693146][ T8641] netlink: 20 bytes leftover after parsing attributes in process `syz.3.606'. [ 546.704431][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 546.795165][ C1] vkms_vblank_simulate: vblank timer overrun [ 546.996695][ C1] vkms_vblank_simulate: vblank timer overrun [ 547.157968][ C1] vkms_vblank_simulate: vblank timer overrun [ 547.255779][ T145] team0 (unregistering): Port device team_slave_1 removed [ 547.375446][ T145] team0 (unregistering): Port device team_slave_0 removed [ 551.561318][ T8426] bridge0: port 1(bridge_slave_0) entered blocking state [ 551.561463][ T8426] bridge0: port 1(bridge_slave_0) entered disabled state [ 551.561691][ T8426] bridge_slave_0: entered allmulticast mode [ 551.564394][ T8426] bridge_slave_0: entered promiscuous mode [ 552.815095][ T8426] bridge0: port 2(bridge_slave_1) entered blocking state [ 552.815252][ T8426] bridge0: port 2(bridge_slave_1) entered disabled state [ 552.815800][ T8426] bridge_slave_1: entered allmulticast mode [ 552.818564][ T8426] bridge_slave_1: entered promiscuous mode [ 553.163494][ T8689] 9pnet_fd: Insufficient options for proto=fd [ 553.641109][ T8426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 553.726457][ T8426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 554.311202][ T8426] team0: Port device team_slave_0 added [ 554.314315][ T8491] chnl_net:caif_netlink_parms(): no params data found [ 554.346094][ T8426] team0: Port device team_slave_1 added [ 554.702062][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.516513][ C0] vkms_vblank_simulate: vblank timer overrun [ 556.352240][ T8426] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 556.352255][ T8426] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 556.352279][ T8426] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 556.441121][ T8426] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 556.441137][ T8426] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 556.441161][ T8426] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 556.535248][ T8492] chnl_net:caif_netlink_parms(): no params data found [ 557.167942][ T8491] bridge0: port 1(bridge_slave_0) entered blocking state [ 557.168876][ T8491] bridge0: port 1(bridge_slave_0) entered disabled state [ 557.169102][ T8491] bridge_slave_0: entered allmulticast mode [ 557.205092][ T8491] bridge_slave_0: entered promiscuous mode [ 557.576254][ T8491] bridge0: port 2(bridge_slave_1) entered blocking state [ 557.577315][ T8491] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.577518][ T8491] bridge_slave_1: entered allmulticast mode [ 557.580368][ T8491] bridge_slave_1: entered promiscuous mode [ 558.355467][ T8725] 9pnet_fd: Insufficient options for proto=fd [ 559.109897][ T8426] hsr_slave_0: entered promiscuous mode [ 559.111400][ T8426] hsr_slave_1: entered promiscuous mode [ 561.817980][ T8491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 561.948732][ T8428] Bluetooth: Wrong link type (-57) [ 562.881491][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.881566][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.869071][ T8778] 9pnet_fd: Insufficient options for proto=fd [ 564.871609][ T145] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 564.958345][ T8491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 564.964424][ T8492] bridge0: port 1(bridge_slave_0) entered blocking state [ 564.964630][ T8492] bridge0: port 1(bridge_slave_0) entered disabled state [ 564.965852][ T8492] bridge_slave_0: entered allmulticast mode [ 565.012215][ T8492] bridge_slave_0: entered promiscuous mode [ 565.267245][ T8492] bridge0: port 2(bridge_slave_1) entered blocking state [ 565.267383][ T8492] bridge0: port 2(bridge_slave_1) entered disabled state [ 565.267592][ T8492] bridge_slave_1: entered allmulticast mode [ 565.272902][ T8492] bridge_slave_1: entered promiscuous mode [ 566.760817][ T145] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 567.111050][ T8491] team0: Port device team_slave_0 added [ 568.014868][ T8428] Bluetooth: Wrong link type (-57) [ 568.251173][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 568.253908][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 568.256386][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 568.257515][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 568.258655][ T5836] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 568.602594][ T8491] team0: Port device team_slave_1 added [ 569.870170][ T8492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 570.118138][ T145] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 570.189665][ T8492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 570.317881][ T5836] Bluetooth: hci0: command tx timeout [ 570.369642][ T8814] 9pnet_fd: Insufficient options for proto=fd [ 570.431027][ T8491] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 570.431042][ T8491] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 570.431065][ T8491] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 572.013720][ T145] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.096568][ T8491] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 572.096585][ T8491] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 572.096610][ T8491] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 572.159027][ T8492] team0: Port device team_slave_0 added [ 572.279934][ T8492] team0: Port device team_slave_1 added [ 572.395025][ T5836] Bluetooth: hci0: command tx timeout [ 572.519480][ T8799] lo speed is unknown, defaulting to 1000 [ 573.282197][ T5836] Bluetooth: Wrong link type (-57) [ 573.698573][ T8492] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 573.698589][ T8492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 573.698613][ T8492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 574.497108][ T5836] Bluetooth: hci0: command tx timeout [ 575.772478][ T8492] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 575.772494][ T8492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 575.772517][ T8492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 575.859754][ T8491] hsr_slave_0: entered promiscuous mode [ 575.876494][ T8491] hsr_slave_1: entered promiscuous mode [ 575.882175][ T8491] debugfs: 'hsr0' already exists in 'hsr' [ 575.882199][ T8491] Cannot create hsr debugfs directory [ 576.636421][ T5836] Bluetooth: hci0: command tx timeout [ 577.113429][ T8855] netlink: 'syz.3.652': attribute type 1 has an invalid length. [ 577.306221][ T8492] hsr_slave_0: entered promiscuous mode [ 577.307624][ T8492] hsr_slave_1: entered promiscuous mode [ 577.308592][ T8492] debugfs: 'hsr0' already exists in 'hsr' [ 577.308614][ T8492] Cannot create hsr debugfs directory [ 579.671813][ T5836] Bluetooth: Wrong link type (-57) [ 580.748289][ C0] vkms_vblank_simulate: vblank timer overrun [ 580.777636][ C0] vkms_vblank_simulate: vblank timer overrun [ 580.893319][ C0] vkms_vblank_simulate: vblank timer overrun [ 580.957769][ C0] vkms_vblank_simulate: vblank timer overrun [ 582.370553][ C0] vkms_vblank_simulate: vblank timer overrun [ 582.978901][ C0] vkms_vblank_simulate: vblank timer overrun [ 583.726372][ T8912] 9pnet_fd: Insufficient options for proto=fd [ 584.478847][ T8799] chnl_net:caif_netlink_parms(): no params data found [ 584.683182][ T8428] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 584.701918][ T8428] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 584.734501][ T8428] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 584.746110][ T8428] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 584.747062][ T8428] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 584.831591][ T5836] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 584.852820][ T5836] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 584.887003][ T5836] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 584.889796][ T5836] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 584.890734][ T5836] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 585.633952][ T8932] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 586.334286][ T145] bridge_slave_1: left allmulticast mode [ 586.334319][ T145] bridge_slave_1: left promiscuous mode [ 586.334617][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.432228][ T145] bridge_slave_0: left allmulticast mode [ 586.432262][ T145] bridge_slave_0: left promiscuous mode [ 586.432534][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.519708][ T145] bridge_slave_1: left allmulticast mode [ 586.519730][ T145] bridge_slave_1: left promiscuous mode [ 586.519932][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.617211][ T145] bridge_slave_0: left allmulticast mode [ 586.617332][ T145] bridge_slave_0: left promiscuous mode [ 586.617520][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.875089][ T8428] Bluetooth: hci3: command tx timeout [ 586.955137][ T8428] Bluetooth: hci4: command tx timeout [ 588.343407][ C0] vkms_vblank_simulate: vblank timer overrun [ 588.693142][ C0] vkms_vblank_simulate: vblank timer overrun [ 589.084232][ T8428] Bluetooth: hci3: command tx timeout [ 589.084263][ T8428] Bluetooth: hci4: command tx timeout [ 590.020915][ C0] vkms_vblank_simulate: vblank timer overrun [ 590.476935][ C0] vkms_vblank_simulate: vblank timer overrun [ 590.765057][ C0] vkms_vblank_simulate: vblank timer overrun [ 590.924953][ T8985] 9pnet_fd: Insufficient options for proto=fd [ 591.120081][ T5836] Bluetooth: hci4: command tx timeout [ 591.120114][ T5836] Bluetooth: hci3: command tx timeout [ 591.361944][ T8994] netlink: 'syz.3.671': attribute type 1 has an invalid length. [ 591.966048][ C0] vkms_vblank_simulate: vblank timer overrun [ 593.369282][ T8428] Bluetooth: hci3: command tx timeout [ 593.369397][ T8428] Bluetooth: hci4: command tx timeout [ 593.951997][ C0] vkms_vblank_simulate: vblank timer overrun [ 594.363615][ C0] vkms_vblank_simulate: vblank timer overrun [ 595.038510][ C0] vkms_vblank_simulate: vblank timer overrun [ 595.312645][ C0] vkms_vblank_simulate: vblank timer overrun [ 595.921591][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 596.067349][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 596.129407][ T145] bond0 (unregistering): Released all slaves [ 596.705705][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 596.795474][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 596.857955][ T145] bond0 (unregistering): Released all slaves [ 597.333546][ C0] vkms_vblank_simulate: vblank timer overrun [ 598.039238][ C0] vkms_vblank_simulate: vblank timer overrun [ 598.478223][ C0] vkms_vblank_simulate: vblank timer overrun [ 598.793585][ T9045] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 598.895227][ T5909] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 599.158161][ T5909] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 599.158188][ T5909] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.331691][ T5909] usb 5-1: config 0 descriptor?? [ 600.196505][ T9047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 600.316414][ T9047] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 603.633561][ C0] vkms_vblank_simulate: vblank timer overrun [ 603.838484][ C0] vkms_vblank_simulate: vblank timer overrun [ 603.999280][ T8799] bridge0: port 1(bridge_slave_0) entered blocking state [ 603.999604][ T8799] bridge0: port 1(bridge_slave_0) entered disabled state [ 604.001462][ T8799] bridge_slave_0: entered allmulticast mode [ 604.074070][ T8799] bridge_slave_0: entered promiscuous mode [ 604.248331][ T8925] lo speed is unknown, defaulting to 1000 [ 604.272129][ T8799] bridge0: port 2(bridge_slave_1) entered blocking state [ 604.273015][ T8799] bridge0: port 2(bridge_slave_1) entered disabled state [ 604.273420][ T8799] bridge_slave_1: entered allmulticast mode [ 604.960392][ T8799] bridge_slave_1: entered promiscuous mode [ 605.022501][ C0] vkms_vblank_simulate: vblank timer overrun [ 605.159673][ C0] vkms_vblank_simulate: vblank timer overrun [ 605.204885][ T5909] usb 5-1: Cannot read MAC address [ 605.205148][ T5909] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -32 [ 605.709288][ T5881] usb 5-1: USB disconnect, device number 15 [ 606.003383][ T8926] lo speed is unknown, defaulting to 1000 [ 606.037106][ C0] vkms_vblank_simulate: vblank timer overrun [ 606.175634][ C0] vkms_vblank_simulate: vblank timer overrun [ 606.209413][ C0] vkms_vblank_simulate: vblank timer overrun [ 606.266248][ C0] vkms_vblank_simulate: vblank timer overrun [ 606.364332][ C0] vkms_vblank_simulate: vblank timer overrun [ 606.443505][ T9063] netlink: 'syz.4.687': attribute type 1 has an invalid length. [ 607.045231][ T8799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 607.182050][ T8799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 607.264293][ C0] vkms_vblank_simulate: vblank timer overrun [ 608.630310][ T8799] team0: Port device team_slave_0 added [ 608.799189][ T8799] team0: Port device team_slave_1 added [ 613.171938][ T9081] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 614.831000][ T8799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 614.831017][ T8799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 614.831041][ T8799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 614.930589][ T8799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 614.930601][ T8799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 614.930615][ T8799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 615.254671][ T9091] rdma_rxe: rxe_newlink: failed to add lo [ 615.968226][ C0] vkms_vblank_simulate: vblank timer overrun [ 616.398281][ T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 616.503435][ C0] vkms_vblank_simulate: vblank timer overrun [ 616.625003][ C0] vkms_vblank_simulate: vblank timer overrun [ 616.735592][ C0] vkms_vblank_simulate: vblank timer overrun [ 616.814972][ C0] vkms_vblank_simulate: vblank timer overrun [ 616.856874][ T9098] netlink: 'syz.4.696': attribute type 1 has an invalid length. [ 616.946587][ T9101] netlink: 8 bytes leftover after parsing attributes in process `syz.4.697'. [ 616.980894][ T9] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 616.980921][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 616.998698][ T9] usb 4-1: config 0 descriptor?? [ 617.105101][ T145] hsr_slave_0: left promiscuous mode [ 617.122692][ T9104] netlink: 4 bytes leftover after parsing attributes in process `syz.4.697'. [ 617.145081][ T145] hsr_slave_1: left promiscuous mode [ 617.147669][ T145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 617.147699][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 617.189296][ T145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 617.189326][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 617.233362][ T9093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 617.246348][ T9093] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 617.257599][ T9093] netlink: 28 bytes leftover after parsing attributes in process `syz.3.694'. [ 617.413926][ T145] hsr_slave_0: left promiscuous mode [ 617.474064][ T145] hsr_slave_1: left promiscuous mode [ 617.495445][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 617.517885][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 617.606409][ T145] veth1_macvtap: left promiscuous mode [ 617.606528][ T145] veth0_macvtap: left promiscuous mode [ 617.606832][ T145] veth1_vlan: left promiscuous mode [ 617.607039][ T145] veth0_vlan: left promiscuous mode [ 620.775714][ T145] team0 (unregistering): Port device team_slave_1 removed [ 621.125165][ T145] team0 (unregistering): Port device team_slave_0 removed [ 622.088843][ T9] usb 4-1: Cannot read MAC address [ 622.089116][ T9] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -32 [ 623.644603][ T163] smc: removing ib device sz1 [ 624.323599][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.323674][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.884515][ T145] team0 (unregistering): Port device team_slave_1 removed [ 625.108258][ T145] team0 (unregistering): Port device team_slave_0 removed [ 626.802989][ T6445] lo speed is unknown, defaulting to 1000 [ 626.803027][ T6445] sz1: Port: 1 Link DOWN [ 627.001352][ T6445] usb 4-1: USB disconnect, device number 11 [ 627.552652][ T8925] chnl_net:caif_netlink_parms(): no params data found [ 627.992502][ T9127] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 628.475536][ T8926] chnl_net:caif_netlink_parms(): no params data found [ 629.353579][ C0] vkms_vblank_simulate: vblank timer overrun [ 629.522319][ T5836] Bluetooth: Wrong link type (-57) [ 629.644831][ C0] vkms_vblank_simulate: vblank timer overrun [ 630.148727][ T5836] Bluetooth: hci2: link tx timeout [ 630.149210][ T5836] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 630.265702][ T8430] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 630.279039][ T8430] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 630.282136][ T8430] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 630.295042][ T8430] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 630.296121][ T8430] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 630.488430][ T8925] bridge0: port 1(bridge_slave_0) entered blocking state [ 630.488647][ T8925] bridge0: port 1(bridge_slave_0) entered disabled state [ 630.488896][ T8925] bridge_slave_0: entered allmulticast mode [ 630.535699][ T8925] bridge_slave_0: entered promiscuous mode [ 631.058772][ T8925] bridge0: port 2(bridge_slave_1) entered blocking state [ 631.059292][ T8925] bridge0: port 2(bridge_slave_1) entered disabled state [ 631.060513][ T8925] bridge_slave_1: entered allmulticast mode [ 631.219534][ T8925] bridge_slave_1: entered promiscuous mode [ 631.443412][ T9154] mkiss: ax0: crc mode is auto. [ 632.253271][ T5836] Bluetooth: hci2: command 0x0406 tx timeout [ 632.417580][ T5836] Bluetooth: hci0: command tx timeout [ 633.707333][ C0] vkms_vblank_simulate: vblank timer overrun [ 633.730504][ C0] vkms_vblank_simulate: vblank timer overrun [ 634.475856][ T8428] Bluetooth: hci0: command tx timeout [ 634.655026][ T6040] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 634.700689][ T8925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 634.807415][ T6040] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 634.807444][ T6040] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.834241][ T6040] usb 4-1: config 0 descriptor?? [ 634.866755][ T8925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 634.985318][ T8926] bridge0: port 1(bridge_slave_0) entered blocking state [ 634.985578][ T8926] bridge0: port 1(bridge_slave_0) entered disabled state [ 634.985826][ T8926] bridge_slave_0: entered allmulticast mode [ 634.995305][ T8926] bridge_slave_0: entered promiscuous mode [ 635.047762][ T9172] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 635.048677][ T9172] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 635.052642][ T9172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.706'. [ 635.247473][ T8926] bridge0: port 2(bridge_slave_1) entered blocking state [ 635.247632][ T8926] bridge0: port 2(bridge_slave_1) entered disabled state [ 635.247941][ T8926] bridge_slave_1: entered allmulticast mode [ 635.278924][ T8926] bridge_slave_1: entered promiscuous mode [ 635.757066][ T6040] usb 4-1: Cannot read MAC address [ 635.757328][ T6040] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 635.773565][ T8925] team0: Port device team_slave_0 added [ 635.805543][ T6040] usb 4-1: USB disconnect, device number 12 [ 636.106040][ T8925] team0: Port device team_slave_1 added [ 636.257887][ T8926] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 636.446283][ T8926] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 636.468060][ T8925] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 636.468076][ T8925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 636.468099][ T8925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 636.565012][ T8428] Bluetooth: hci0: command tx timeout [ 636.627933][ T8925] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 636.627950][ T8925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 636.627975][ T8925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 636.964021][ T8926] team0: Port device team_slave_0 added [ 637.071392][ T8926] team0: Port device team_slave_1 added [ 638.190598][ T8926] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 638.190614][ T8926] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 638.190629][ T8926] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 638.230769][ T8925] hsr_slave_0: entered promiscuous mode [ 638.234653][ T8925] hsr_slave_1: entered promiscuous mode [ 638.237043][ T8925] debugfs: 'hsr0' already exists in 'hsr' [ 638.238196][ T8925] Cannot create hsr debugfs directory [ 638.242937][ T145] bridge_slave_1: left allmulticast mode [ 638.242965][ T145] bridge_slave_1: left promiscuous mode [ 638.243233][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 638.299397][ T145] bridge_slave_0: left allmulticast mode [ 638.299430][ T145] bridge_slave_0: left promiscuous mode [ 638.299705][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 638.482603][ T145] bridge_slave_1: left allmulticast mode [ 638.482634][ T145] bridge_slave_1: left promiscuous mode [ 638.507531][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 638.586582][ T145] bridge_slave_0: left allmulticast mode [ 638.586614][ T145] bridge_slave_0: left promiscuous mode [ 638.586911][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 638.644919][ T8428] Bluetooth: hci0: command tx timeout [ 638.696988][ T145] bridge_slave_1: left allmulticast mode [ 638.697020][ T145] bridge_slave_1: left promiscuous mode [ 638.697275][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 638.772953][ T145] bridge_slave_0: left allmulticast mode [ 638.772986][ T145] bridge_slave_0: left promiscuous mode [ 638.773260][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 638.891939][ T145] bridge_slave_1: left allmulticast mode [ 638.891975][ T145] bridge_slave_1: left promiscuous mode [ 638.892236][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 639.014011][ T145] bridge_slave_0: left allmulticast mode [ 639.014032][ T145] bridge_slave_0: left promiscuous mode [ 639.014288][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 639.712865][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 639.815825][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 639.889589][ T145] bond0 (unregistering): Released all slaves [ 640.496227][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 640.580460][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 640.639237][ T145] bond0 (unregistering): Released all slaves [ 641.047343][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 641.175529][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 641.322097][ C0] vkms_vblank_simulate: vblank timer overrun [ 641.367032][ C0] vkms_vblank_simulate: vblank timer overrun [ 641.496549][ C0] vkms_vblank_simulate: vblank timer overrun [ 641.607576][ C0] vkms_vblank_simulate: vblank timer overrun [ 641.654127][ T145] bond0 (unregistering): Released all slaves [ 641.661990][ T9213] netlink: 'syz.4.719': attribute type 1 has an invalid length. [ 642.015852][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 642.999319][ C0] vkms_vblank_simulate: vblank timer overrun [ 643.942188][ C0] vkms_vblank_simulate: vblank timer overrun [ 643.987978][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 644.208748][ T145] bond0 (unregistering): Released all slaves [ 644.269616][ T8926] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 644.269633][ T8926] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 644.269658][ T8926] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 645.304543][ C0] vkms_vblank_simulate: vblank timer overrun [ 646.044134][ C0] vkms_vblank_simulate: vblank timer overrun [ 646.546349][ C0] vkms_vblank_simulate: vblank timer overrun [ 646.718941][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 647.546330][ C0] vkms_vblank_simulate: vblank timer overrun [ 647.581607][ C0] vkms_vblank_simulate: vblank timer overrun [ 647.616998][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 647.687448][ T5836] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 647.706711][ T5836] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 647.707836][ T5836] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 647.710719][ T5836] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 647.711881][ T5836] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 647.775075][ C0] vkms_vblank_simulate: vblank timer overrun [ 647.875326][ T9252] netlink: 32 bytes leftover after parsing attributes in process `syz.3.727'. [ 647.920893][ T5836] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 647.945819][ T5836] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 647.947688][ T5836] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 647.949357][ T5836] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 647.950204][ T5836] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 648.045749][ T145] hsr_slave_0: left promiscuous mode [ 648.099166][ T145] hsr_slave_1: left promiscuous mode [ 648.100106][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 648.269562][ C0] vkms_vblank_simulate: vblank timer overrun [ 648.340262][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 648.430542][ C0] vkms_vblank_simulate: vblank timer overrun [ 648.509694][ C0] vkms_vblank_simulate: vblank timer overrun [ 648.565856][ C0] vkms_vblank_simulate: vblank timer overrun [ 648.662579][ C0] vkms_vblank_simulate: vblank timer overrun [ 648.744230][ T9258] netlink: 'syz.3.728': attribute type 1 has an invalid length. [ 648.805133][ T145] hsr_slave_0: left promiscuous mode [ 648.872880][ T145] hsr_slave_1: left promiscuous mode [ 648.873810][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 649.088171][ C0] vkms_vblank_simulate: vblank timer overrun [ 649.122355][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 649.772980][ T5836] Bluetooth: hci4: command tx timeout [ 649.949309][ C0] vkms_vblank_simulate: vblank timer overrun [ 650.479269][ T5836] Bluetooth: hci5: command tx timeout [ 650.752031][ C0] vkms_vblank_simulate: vblank timer overrun [ 650.775621][ T145] hsr_slave_0: left promiscuous mode [ 650.815350][ T145] hsr_slave_1: left promiscuous mode [ 650.816572][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 650.863168][ C0] vkms_vblank_simulate: vblank timer overrun [ 650.935583][ C0] vkms_vblank_simulate: vblank timer overrun [ 651.005000][ C0] vkms_vblank_simulate: vblank timer overrun [ 651.097724][ C0] vkms_vblank_simulate: vblank timer overrun [ 651.414367][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 651.728158][ C0] vkms_vblank_simulate: vblank timer overrun [ 651.939164][ T5836] Bluetooth: hci4: command tx timeout [ 652.230295][ T9286] netlink: 32 bytes leftover after parsing attributes in process `syz.4.737'. [ 652.555367][ T5836] Bluetooth: hci5: command tx timeout [ 652.592241][ C0] vkms_vblank_simulate: vblank timer overrun [ 652.774575][ T5836] Bluetooth: Wrong link type (-57) [ 652.935327][ C0] vkms_vblank_simulate: vblank timer overrun [ 653.545252][ T145] team0 (unregistering): Port device team_slave_1 removed [ 653.901754][ C0] vkms_vblank_simulate: vblank timer overrun [ 654.884902][ T5836] Bluetooth: hci4: command tx timeout [ 654.947939][ C0] vkms_vblank_simulate: vblank timer overrun [ 654.991663][ C0] vkms_vblank_simulate: vblank timer overrun [ 655.061318][ T5836] Bluetooth: hci5: command tx timeout [ 655.084731][ C0] vkms_vblank_simulate: vblank timer overrun [ 655.117009][ C0] vkms_vblank_simulate: vblank timer overrun [ 655.178834][ C0] vkms_vblank_simulate: vblank timer overrun [ 655.307079][ C0] vkms_vblank_simulate: vblank timer overrun [ 655.628401][ T145] team0 (unregistering): Port device team_slave_0 removed [ 655.781462][ C0] vkms_vblank_simulate: vblank timer overrun [ 656.391874][ C0] vkms_vblank_simulate: vblank timer overrun [ 656.557386][ C0] vkms_vblank_simulate: vblank timer overrun [ 656.687456][ C0] vkms_vblank_simulate: vblank timer overrun [ 656.785285][ C0] vkms_vblank_simulate: vblank timer overrun [ 656.839123][ C0] vkms_vblank_simulate: vblank timer overrun [ 657.024535][ T5836] Bluetooth: hci4: command tx timeout [ 657.118015][ T5836] Bluetooth: hci5: command tx timeout [ 657.524071][ C0] vkms_vblank_simulate: vblank timer overrun [ 657.933436][ C0] vkms_vblank_simulate: vblank timer overrun [ 658.223134][ T5836] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 658.933278][ C0] vkms_vblank_simulate: vblank timer overrun [ 659.127575][ T9331] netlink: 300 bytes leftover after parsing attributes in process `syz.3.750'. [ 659.299945][ C0] vkms_vblank_simulate: vblank timer overrun [ 660.979350][ C0] vkms_vblank_simulate: vblank timer overrun [ 661.809617][ C0] vkms_vblank_simulate: vblank timer overrun [ 661.945650][ T145] team0 (unregistering): Port device team_slave_1 removed [ 662.390033][ T145] team0 (unregistering): Port device team_slave_0 removed [ 663.215561][ T9357] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 664.137456][ C0] vkms_vblank_simulate: vblank timer overrun [ 664.957236][ T5836] Bluetooth: Wrong link type (-57) [ 665.762058][ C0] vkms_vblank_simulate: vblank timer overrun [ 665.934080][ C0] vkms_vblank_simulate: vblank timer overrun [ 666.729791][ T145] team0 (unregistering): Port device team_slave_1 removed [ 666.972529][ T145] team0 (unregistering): Port device team_slave_0 removed [ 668.642403][ T9390] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 669.063148][ C0] vkms_vblank_simulate: vblank timer overrun [ 669.335759][ T145] team0 (unregistering): Port device team_slave_1 removed [ 669.545867][ T145] team0 (unregistering): Port device team_slave_0 removed [ 669.941621][ T9402] netlink: 8 bytes leftover after parsing attributes in process `syz.4.769'. [ 670.126432][ T9405] netlink: 4 bytes leftover after parsing attributes in process `syz.4.769'. [ 670.536064][ T9407] netlink: 12 bytes leftover after parsing attributes in process `syz.3.770'. [ 670.538189][ T9147] chnl_net:caif_netlink_parms(): no params data found [ 670.694898][ C0] vkms_vblank_simulate: vblank timer overrun [ 671.279824][ T9410] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 672.033690][ T4179] Bluetooth: hci3: Frame reassembly failed (-84) [ 672.052640][ T12] Bluetooth: hci3: Frame reassembly failed (-84) [ 672.666477][ T9415] netlink: 40 bytes leftover after parsing attributes in process `syz.4.772'. [ 673.836377][ T5836] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 674.528647][ C0] vkms_vblank_simulate: vblank timer overrun [ 674.785936][ C0] vkms_vblank_simulate: vblank timer overrun [ 675.780706][ T9147] bridge0: port 1(bridge_slave_0) entered blocking state [ 675.780922][ T9147] bridge0: port 1(bridge_slave_0) entered disabled state [ 675.781115][ T9147] bridge_slave_0: entered allmulticast mode [ 675.795058][ T9147] bridge_slave_0: entered promiscuous mode [ 675.841205][ T9147] bridge0: port 2(bridge_slave_1) entered blocking state [ 675.841379][ T9147] bridge0: port 2(bridge_slave_1) entered disabled state [ 675.841586][ T9147] bridge_slave_1: entered allmulticast mode [ 675.856858][ T9147] bridge_slave_1: entered promiscuous mode [ 675.894059][ T5881] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 676.055448][ T5881] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 676.055473][ T5881] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 676.056915][ T5881] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 676.056942][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 676.056959][ T5881] usb 4-1: SerialNumber: syz [ 676.237009][ T9147] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 676.339175][ T9147] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 676.379923][ T5881] usb 4-1: 0:2 : does not exist [ 676.669825][ T5881] usb 4-1: USB disconnect, device number 13 [ 676.848440][ T9418] udevd[9418]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 676.909642][ C0] vkms_vblank_simulate: vblank timer overrun [ 677.167497][ T9147] team0: Port device team_slave_0 added [ 677.175244][ T9147] team0: Port device team_slave_1 added [ 677.577631][ T9147] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 677.577643][ T9147] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 677.577657][ T9147] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 677.775912][ T9147] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 677.775927][ T9147] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 677.775952][ T9147] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 678.790493][ T9147] hsr_slave_0: entered promiscuous mode [ 678.791808][ T9147] hsr_slave_1: entered promiscuous mode [ 679.131318][ C0] vkms_vblank_simulate: vblank timer overrun [ 679.246258][ C0] vkms_vblank_simulate: vblank timer overrun [ 679.276231][ C0] vkms_vblank_simulate: vblank timer overrun [ 679.371620][ C0] vkms_vblank_simulate: vblank timer overrun [ 679.495258][ C0] vkms_vblank_simulate: vblank timer overrun [ 679.597608][ C0] vkms_vblank_simulate: vblank timer overrun [ 679.659593][ C0] vkms_vblank_simulate: vblank timer overrun [ 679.721121][ T9451] netlink: 'syz.3.780': attribute type 1 has an invalid length. [ 679.894552][ T9253] chnl_net:caif_netlink_parms(): no params data found [ 679.954054][ T9456] netlink: 300 bytes leftover after parsing attributes in process `syz.3.781'. [ 680.106854][ T9249] chnl_net:caif_netlink_parms(): no params data found [ 680.501450][ C0] vkms_vblank_simulate: vblank timer overrun [ 680.783951][ C0] vkms_vblank_simulate: vblank timer overrun [ 681.965486][ T10] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 682.096848][ T10] usb 5-1: device descriptor read/64, error -71 [ 682.366478][ T10] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 682.430819][ T9253] bridge0: port 1(bridge_slave_0) entered blocking state [ 682.430954][ T9253] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.431772][ T9253] bridge_slave_0: entered allmulticast mode [ 682.455594][ T9253] bridge_slave_0: entered promiscuous mode [ 682.490618][ T9249] bridge0: port 1(bridge_slave_0) entered blocking state [ 682.490756][ T9249] bridge0: port 1(bridge_slave_0) entered disabled state [ 682.492315][ T9249] bridge_slave_0: entered allmulticast mode [ 682.506306][ T10] usb 5-1: device descriptor read/64, error -71 [ 682.521874][ T9249] bridge_slave_0: entered promiscuous mode [ 682.526268][ T9478] netlink: 12 bytes leftover after parsing attributes in process `syz.3.786'. [ 682.527001][ T9253] bridge0: port 2(bridge_slave_1) entered blocking state [ 682.527152][ T9253] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.527367][ T9253] bridge_slave_1: entered allmulticast mode [ 682.542628][ T9253] bridge_slave_1: entered promiscuous mode [ 682.626912][ T10] usb usb5-port1: attempt power cycle [ 682.647367][ T9478] netlink: 4 bytes leftover after parsing attributes in process `syz.3.786'. [ 682.679303][ T9249] bridge0: port 2(bridge_slave_1) entered blocking state [ 682.679514][ T9249] bridge0: port 2(bridge_slave_1) entered disabled state [ 682.679667][ T9249] bridge_slave_1: entered allmulticast mode [ 682.681223][ T9249] bridge_slave_1: entered promiscuous mode [ 682.975121][ T10] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 683.011636][ T10] usb 5-1: device descriptor read/8, error -71 [ 683.127200][ T9253] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 683.268532][ T10] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 683.286348][ T10] usb 5-1: device descriptor read/8, error -71 [ 683.395592][ T10] usb usb5-port1: unable to enumerate USB device [ 683.619864][ T9253] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 683.623472][ T9249] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 683.665729][ T9249] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 684.329983][ T9253] team0: Port device team_slave_0 added [ 684.660202][ C0] vkms_vblank_simulate: vblank timer overrun [ 684.698800][ T9249] team0: Port device team_slave_0 added [ 684.702145][ T9253] team0: Port device team_slave_1 added [ 685.586710][ C0] vkms_vblank_simulate: vblank timer overrun [ 685.698926][ T9488] lo speed is unknown, defaulting to 1000 [ 685.767316][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.767392][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.864462][ T9495] netlink: 'syz.4.789': attribute type 1 has an invalid length. [ 685.985669][ T9488] lo speed is unknown, defaulting to 1000 [ 685.986535][ T9488] lo speed is unknown, defaulting to 1000 [ 686.136730][ T9488] infiniband sz1: set active [ 686.136744][ T9488] infiniband sz1: added lo [ 686.137320][ T9488] sz1: rxe_create_cq: returned err = -12 [ 686.137356][ T9488] infiniband sz1: Couldn't create ib_mad CQ [ 686.137445][ T9488] infiniband sz1: Couldn't open port 1 [ 686.142400][ C0] vkms_vblank_simulate: vblank timer overrun [ 686.161209][ T9488] RDS/IB: sz1: added [ 686.161298][ T9488] smc: adding ib device sz1 with port count 1 [ 686.161320][ T9488] smc: ib device sz1 port 1 has pnetid [ 686.164488][ T9488] lo speed is unknown, defaulting to 1000 [ 686.226673][ T9249] team0: Port device team_slave_1 added [ 686.377504][ T10] lo speed is unknown, defaulting to 1000 [ 686.382080][ T9488] lo speed is unknown, defaulting to 1000 [ 686.550355][ T9488] lo speed is unknown, defaulting to 1000 [ 686.714123][ T9488] lo speed is unknown, defaulting to 1000 [ 686.879263][ T9488] lo speed is unknown, defaulting to 1000 [ 687.046225][ T9488] lo speed is unknown, defaulting to 1000 [ 687.346575][ T46] lo speed is unknown, defaulting to 1000 [ 687.348235][ T9488] lo speed is unknown, defaulting to 1000 [ 687.404528][ T145] bridge_slave_1: left allmulticast mode [ 687.404563][ T145] bridge_slave_1: left promiscuous mode [ 687.404944][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.478223][ T9498] netlink: 12 bytes leftover after parsing attributes in process `syz.4.790'. [ 687.659306][ T9501] netlink: 4 bytes leftover after parsing attributes in process `syz.4.790'. [ 687.866803][ T145] bridge_slave_0: left allmulticast mode [ 687.866836][ T145] bridge_slave_0: left promiscuous mode [ 687.867115][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 687.933542][ T145] bridge_slave_1: left allmulticast mode [ 687.933574][ T145] bridge_slave_1: left promiscuous mode [ 687.933820][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 687.986663][ T145] bridge_slave_0: left allmulticast mode [ 687.986701][ T145] bridge_slave_0: left promiscuous mode [ 687.986959][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 688.305414][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 688.396459][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 688.459148][ T145] bond0 (unregistering): Released all slaves [ 688.735584][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 688.843011][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 688.909025][ T145] bond0 (unregistering): Released all slaves [ 689.008722][ T8428] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 689.028908][ T8428] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 689.030777][ T8428] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 689.032497][ T8428] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 689.033419][ T8428] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 689.800099][ C0] vkms_vblank_simulate: vblank timer overrun [ 690.749371][ T9513] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes. [ 690.961858][ T37] audit: type=1326 audit(1756594186.501:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9515 comm="syz.3.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 690.964585][ T37] audit: type=1326 audit(1756594186.501:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9515 comm="syz.3.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 690.967515][ T9253] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 690.967528][ T9253] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 690.967552][ T9253] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 690.996461][ T37] audit: type=1326 audit(1756594186.541:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9515 comm="syz.3.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 690.996512][ T37] audit: type=1326 audit(1756594186.541:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9515 comm="syz.3.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 690.996550][ T37] audit: type=1326 audit(1756594186.541:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9515 comm="syz.3.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 690.996815][ T37] audit: type=1326 audit(1756594186.541:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9515 comm="syz.3.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 691.124915][ T5836] Bluetooth: hci3: command tx timeout [ 691.199486][ T9253] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 691.199503][ T9253] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 691.199527][ T9253] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 691.211077][ T37] audit: type=1326 audit(1756594186.741:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9515 comm="syz.3.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 691.217640][ T37] audit: type=1326 audit(1756594186.751:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9515 comm="syz.3.794" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 691.230183][ T9517] vlan2: entered promiscuous mode [ 691.230520][ T9517] vlan2: entered allmulticast mode [ 691.230533][ T9517] hsr_slave_1: entered allmulticast mode [ 691.276737][ T9249] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 691.276753][ T9249] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 691.276777][ T9249] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 691.406249][ T9249] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 691.406271][ T9249] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 691.406297][ T9249] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 692.057033][ T6445] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 692.082441][ C0] vkms_vblank_simulate: vblank timer overrun [ 692.168971][ C0] vkms_vblank_simulate: vblank timer overrun [ 692.234957][ T6445] usb 5-1: device descriptor read/64, error -71 [ 692.490867][ C0] vkms_vblank_simulate: vblank timer overrun [ 692.545662][ T9524] netlink: 'syz.3.797': attribute type 1 has an invalid length. [ 692.654940][ T6445] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 692.703455][ T9505] lo speed is unknown, defaulting to 1000 [ 692.756960][ T9253] hsr_slave_0: entered promiscuous mode [ 692.766593][ T9253] hsr_slave_1: entered promiscuous mode [ 692.767517][ T9253] debugfs: 'hsr0' already exists in 'hsr' [ 692.767540][ T9253] Cannot create hsr debugfs directory [ 693.163130][ T5836] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 693.168165][ C0] vkms_vblank_simulate: vblank timer overrun [ 693.743665][ T5836] Bluetooth: hci3: command tx timeout [ 693.743798][ T6445] usb 5-1: device descriptor read/64, error -71 [ 693.879415][ T6445] usb usb5-port1: attempt power cycle [ 694.245119][ T6445] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 694.280696][ T6445] usb 5-1: device descriptor read/8, error -71 [ 694.293149][ T9249] hsr_slave_0: entered promiscuous mode [ 694.305892][ T9249] hsr_slave_1: entered promiscuous mode [ 694.306869][ T9249] debugfs: 'hsr0' already exists in 'hsr' [ 694.306893][ T9249] Cannot create hsr debugfs directory [ 694.943241][ T9537] netlink: 8 bytes leftover after parsing attributes in process `syz.4.801'. [ 695.137243][ T9543] netlink: 4 bytes leftover after parsing attributes in process `syz.4.801'. [ 695.755081][ T5836] Bluetooth: hci3: command tx timeout [ 696.627385][ C0] vkms_vblank_simulate: vblank timer overrun [ 696.669726][ T9551] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 696.828141][ C0] vkms_vblank_simulate: vblank timer overrun [ 696.968801][ C0] vkms_vblank_simulate: vblank timer overrun [ 696.988100][ T145] hsr_slave_0: left promiscuous mode [ 697.029688][ T145] hsr_slave_1: left promiscuous mode [ 697.030699][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 697.079358][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 697.162789][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 697.335230][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.365353][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.405638][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 697.417177][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.480698][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.554559][ T9555] netlink: 'syz.3.806': attribute type 1 has an invalid length. [ 697.803733][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.837362][ T5836] Bluetooth: hci3: command tx timeout [ 697.838182][ C0] vkms_vblank_simulate: vblank timer overrun [ 697.896776][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.044992][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.146710][ C0] vkms_vblank_simulate: vblank timer overrun [ 698.782130][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.177889][ C0] vkms_vblank_simulate: vblank timer overrun [ 699.442631][ T9571] netlink: 16 bytes leftover after parsing attributes in process `syz.3.810'. [ 699.455861][ T145] team0 (unregistering): Port device team_slave_1 removed [ 699.615864][ T145] team0 (unregistering): Port device team_slave_0 removed [ 700.362829][ T145] team0 (unregistering): Port device team_slave_1 removed [ 700.485821][ T145] team0 (unregistering): Port device team_slave_0 removed [ 701.116325][ C0] vkms_vblank_simulate: vblank timer overrun [ 701.274299][ C0] vkms_vblank_simulate: vblank timer overrun [ 701.438713][ T9583] netlink: 12 bytes leftover after parsing attributes in process `syz.4.814'. [ 701.685389][ C0] vkms_vblank_simulate: vblank timer overrun [ 701.855515][ C0] vkms_vblank_simulate: vblank timer overrun [ 701.985983][ C0] vkms_vblank_simulate: vblank timer overrun [ 702.025397][ T9590] netlink: 4 bytes leftover after parsing attributes in process `syz.4.814'. [ 702.661872][ T9598] netlink: 16 bytes leftover after parsing attributes in process `syz.4.818'. [ 703.942975][ T9505] chnl_net:caif_netlink_parms(): no params data found [ 704.100533][ C0] vkms_vblank_simulate: vblank timer overrun [ 704.172087][ T9253] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 704.425397][ T9253] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 704.600818][ C0] vkms_vblank_simulate: vblank timer overrun [ 704.846665][ T9621] rdma_rxe: rxe_newlink: failed to add lo [ 705.477439][ C0] vkms_vblank_simulate: vblank timer overrun [ 705.737871][ C0] vkms_vblank_simulate: vblank timer overrun [ 705.788833][ T9253] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 705.875353][ T9253] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 706.150372][ T9505] bridge0: port 1(bridge_slave_0) entered blocking state [ 706.151522][ T9505] bridge0: port 1(bridge_slave_0) entered disabled state [ 706.151725][ T9505] bridge_slave_0: entered allmulticast mode [ 706.154515][ T9505] bridge_slave_0: entered promiscuous mode [ 706.190692][ T9505] bridge0: port 2(bridge_slave_1) entered blocking state [ 706.190850][ T9505] bridge0: port 2(bridge_slave_1) entered disabled state [ 706.191165][ T9505] bridge_slave_1: entered allmulticast mode [ 706.194735][ T9505] bridge_slave_1: entered promiscuous mode [ 706.520563][ T9505] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 706.568519][ T9505] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 706.847765][ C0] vkms_vblank_simulate: vblank timer overrun [ 707.046906][ T9642] sz1: rxe_newlink: already configured on lo [ 707.781129][ C0] vkms_vblank_simulate: vblank timer overrun [ 708.429819][ T9655] netlink: 'syz.3.830': attribute type 4 has an invalid length. [ 708.960134][ T8428] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 708.986326][ T8428] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 708.993548][ T8428] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 709.017736][ T8428] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 709.018579][ T8428] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 709.062090][ T8428] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 709.097735][ T8430] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 709.099043][ T8430] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 709.099770][ T8430] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 709.100220][ T8430] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 709.182170][ T9505] team0: Port device team_slave_0 added [ 709.183170][ T5909] lo speed is unknown, defaulting to 1000 [ 709.183193][ T5909] sz1: Port: 1 Link DOWN [ 709.183723][ T145] bridge_slave_1: left allmulticast mode [ 709.183750][ T145] bridge_slave_1: left promiscuous mode [ 709.184004][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.292373][ T145] bridge_slave_0: left allmulticast mode [ 709.292407][ T145] bridge_slave_0: left promiscuous mode [ 709.292685][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 709.896754][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 710.162425][ C0] vkms_vblank_simulate: vblank timer overrun [ 711.090511][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 711.237039][ T5836] Bluetooth: hci0: command tx timeout [ 711.237055][ T8428] Bluetooth: hci4: command tx timeout [ 711.299795][ T145] bond0 (unregistering): Released all slaves [ 711.336666][ T9671] netlink: 8 bytes leftover after parsing attributes in process `syz.4.834'. [ 711.367890][ T5909] lo speed is unknown, defaulting to 1000 [ 711.372338][ T9505] team0: Port device team_slave_1 added [ 711.444582][ T9673] netlink: 4 bytes leftover after parsing attributes in process `syz.4.834'. [ 712.283187][ T9505] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 712.283203][ T9505] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 712.283227][ T9505] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 712.351491][ T9505] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 712.351514][ T9505] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 712.351537][ T9505] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 712.624925][ T9659] lo speed is unknown, defaulting to 1000 [ 712.965001][ T5881] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 713.104972][ T5881] usb 5-1: device descriptor read/64, error -71 [ 713.174049][ T145] hsr_slave_0: left promiscuous mode [ 713.195040][ T145] hsr_slave_1: left promiscuous mode [ 713.196014][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 713.245755][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 713.279624][ T5836] Bluetooth: hci0: command tx timeout [ 713.285010][ T5836] Bluetooth: hci4: command tx timeout [ 713.355321][ T5881] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 713.499195][ T5881] usb 5-1: device descriptor read/64, error -71 [ 713.611836][ T5881] usb usb5-port1: attempt power cycle [ 714.057169][ T5881] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 714.075580][ T5881] usb 5-1: device descriptor read/8, error -71 [ 714.325123][ T5881] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 714.357222][ T5881] usb 5-1: device descriptor read/8, error -71 [ 714.465542][ T5881] usb usb5-port1: unable to enumerate USB device [ 714.493095][ T145] team0 (unregistering): Port device team_slave_1 removed [ 714.674123][ T145] team0 (unregistering): Port device team_slave_0 removed [ 715.355226][ T5836] Bluetooth: hci4: command tx timeout [ 715.355259][ T5836] Bluetooth: hci0: command tx timeout [ 715.382606][ C0] vkms_vblank_simulate: vblank timer overrun [ 715.506654][ C0] vkms_vblank_simulate: vblank timer overrun [ 715.555101][ C0] vkms_vblank_simulate: vblank timer overrun [ 716.520381][ C0] vkms_vblank_simulate: vblank timer overrun [ 716.855067][ T9702] netlink: 8 bytes leftover after parsing attributes in process `syz.4.843'. [ 716.873554][ T9505] hsr_slave_0: entered promiscuous mode [ 716.875495][ T9505] hsr_slave_1: entered promiscuous mode [ 716.876667][ C0] vkms_vblank_simulate: vblank timer overrun [ 716.895122][ T9662] lo speed is unknown, defaulting to 1000 [ 717.507911][ C0] vkms_vblank_simulate: vblank timer overrun [ 717.617366][ T9705] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 717.703603][ T8430] Bluetooth: hci4: command tx timeout [ 717.706575][ T5836] Bluetooth: hci0: command tx timeout [ 717.731418][ C0] vkms_vblank_simulate: vblank timer overrun [ 717.853041][ T9707] netlink: 4 bytes leftover after parsing attributes in process `syz.4.843'. [ 718.330295][ C0] vkms_vblank_simulate: vblank timer overrun [ 719.161637][ C0] vkms_vblank_simulate: vblank timer overrun [ 719.320016][ C0] vkms_vblank_simulate: vblank timer overrun [ 719.522626][ C0] vkms_vblank_simulate: vblank timer overrun [ 719.845978][ T9721] netlink: 8 bytes leftover after parsing attributes in process `syz.4.847'. [ 719.955117][ T9723] netlink: 4 bytes leftover after parsing attributes in process `syz.4.847'. [ 723.164387][ C0] vkms_vblank_simulate: vblank timer overrun [ 723.576962][ C0] vkms_vblank_simulate: vblank timer overrun [ 723.668562][ T9659] chnl_net:caif_netlink_parms(): no params data found [ 723.886273][ T9662] chnl_net:caif_netlink_parms(): no params data found [ 723.994120][ T9505] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 724.434977][ T9505] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 724.705467][ T9505] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 724.823308][ T9753] netlink: 300 bytes leftover after parsing attributes in process `syz.3.854'. [ 724.849907][ T9505] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 725.493840][ T9659] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.494058][ T9659] bridge0: port 1(bridge_slave_0) entered disabled state [ 725.494267][ T9659] bridge_slave_0: entered allmulticast mode [ 725.518498][ T9659] bridge_slave_0: entered promiscuous mode [ 725.707391][ T9659] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.707553][ T9659] bridge0: port 2(bridge_slave_1) entered disabled state [ 725.707754][ T9659] bridge_slave_1: entered allmulticast mode [ 725.710478][ T9659] bridge_slave_1: entered promiscuous mode [ 725.745067][ T9662] bridge0: port 1(bridge_slave_0) entered blocking state [ 725.745176][ T9662] bridge0: port 1(bridge_slave_0) entered disabled state [ 725.745367][ T9662] bridge_slave_0: entered allmulticast mode [ 725.757948][ T9662] bridge_slave_0: entered promiscuous mode [ 726.160884][ C0] vkms_vblank_simulate: vblank timer overrun [ 726.173296][ T9662] bridge0: port 2(bridge_slave_1) entered blocking state [ 726.173433][ T9662] bridge0: port 2(bridge_slave_1) entered disabled state [ 726.173653][ T9662] bridge_slave_1: entered allmulticast mode [ 726.176540][ T9662] bridge_slave_1: entered promiscuous mode [ 726.610623][ T9773] netlink: 12 bytes leftover after parsing attributes in process `syz.4.858'. [ 726.678548][ T9659] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 726.811253][ T9773] netlink: 4 bytes leftover after parsing attributes in process `syz.4.858'. [ 726.967711][ T9659] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 727.272888][ T9662] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 727.480872][ T9662] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 727.703409][ T9659] team0: Port device team_slave_0 added [ 727.886890][ T9659] team0: Port device team_slave_1 added [ 728.080001][ T9662] team0: Port device team_slave_0 added [ 728.236699][ T9662] team0: Port device team_slave_1 added [ 728.583014][ C0] vkms_vblank_simulate: vblank timer overrun [ 728.706363][ T8428] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 728.779121][ C0] vkms_vblank_simulate: vblank timer overrun [ 729.463871][ C0] vkms_vblank_simulate: vblank timer overrun [ 729.899356][ T9659] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 729.899372][ T9659] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 729.899397][ T9659] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 730.351168][ C0] vkms_vblank_simulate: vblank timer overrun [ 730.627151][ C0] vkms_vblank_simulate: vblank timer overrun [ 730.985913][ T9805] netlink: 12 bytes leftover after parsing attributes in process `syz.3.865'. [ 731.142780][ T9659] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 731.142796][ T9659] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 731.142820][ T9659] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 731.196929][ T9808] netlink: 4 bytes leftover after parsing attributes in process `syz.3.865'. [ 731.275298][ T9662] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 731.275314][ T9662] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 731.275338][ T9662] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 731.738053][ T9662] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 731.738068][ T9662] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 731.738093][ T9662] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 733.443899][ C0] vkms_vblank_simulate: vblank timer overrun [ 733.505054][ C0] vkms_vblank_simulate: vblank timer overrun [ 734.074700][ C0] vkms_vblank_simulate: vblank timer overrun [ 734.105928][ T9659] hsr_slave_0: entered promiscuous mode [ 734.107290][ T9659] hsr_slave_1: entered promiscuous mode [ 734.108264][ T9659] debugfs: 'hsr0' already exists in 'hsr' [ 734.108287][ T9659] Cannot create hsr debugfs directory [ 734.232727][ T9826] sz1: rxe_newlink: already configured on lo [ 734.776382][ C0] vkms_vblank_simulate: vblank timer overrun [ 734.999877][ C0] vkms_vblank_simulate: vblank timer overrun [ 735.273838][ T9662] hsr_slave_0: entered promiscuous mode [ 735.284342][ T9662] hsr_slave_1: entered promiscuous mode [ 735.288306][ T9662] debugfs: 'hsr0' already exists in 'hsr' [ 735.288329][ T9662] Cannot create hsr debugfs directory [ 735.308158][ C0] vkms_vblank_simulate: vblank timer overrun [ 735.728058][ T8428] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 736.042671][ C0] vkms_vblank_simulate: vblank timer overrun [ 736.355251][ C0] vkms_vblank_simulate: vblank timer overrun [ 736.618240][ T37] audit: type=1326 audit(1756594232.161:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9832 comm="syz.3.872" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x0 [ 739.039414][ C0] vkms_vblank_simulate: vblank timer overrun [ 740.243615][ C0] vkms_vblank_simulate: vblank timer overrun [ 740.770136][ C0] vkms_vblank_simulate: vblank timer overrun [ 741.123273][ T145] bridge_slave_1: left allmulticast mode [ 741.123308][ T145] bridge_slave_1: left promiscuous mode [ 741.123610][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 741.141379][ C0] vkms_vblank_simulate: vblank timer overrun [ 741.215235][ C0] vkms_vblank_simulate: vblank timer overrun [ 741.255998][ T37] audit: type=1326 audit(1756594236.801:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9853 comm="syz.3.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 741.259442][ T37] audit: type=1326 audit(1756594236.801:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9853 comm="syz.3.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 741.260794][ T37] audit: type=1326 audit(1756594236.801:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9853 comm="syz.3.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 741.261731][ T37] audit: type=1326 audit(1756594236.801:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9853 comm="syz.3.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 741.262036][ T37] audit: type=1326 audit(1756594236.801:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9853 comm="syz.3.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 742.203839][ C0] vkms_vblank_simulate: vblank timer overrun [ 742.236897][ T145] bridge_slave_0: left allmulticast mode [ 742.236928][ T145] bridge_slave_0: left promiscuous mode [ 742.237202][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 742.292762][ T9857] netlink: 4 bytes leftover after parsing attributes in process `syz.3.877'. [ 742.408874][ C0] vkms_vblank_simulate: vblank timer overrun [ 742.493588][ T145] bridge_slave_1: left allmulticast mode [ 742.493619][ T145] bridge_slave_1: left promiscuous mode [ 742.493884][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 742.767444][ C0] vkms_vblank_simulate: vblank timer overrun [ 742.782582][ T145] bridge_slave_0: left allmulticast mode [ 742.782611][ T145] bridge_slave_0: left promiscuous mode [ 742.782852][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 742.958759][ C0] vkms_vblank_simulate: vblank timer overrun [ 743.085001][ C0] vkms_vblank_simulate: vblank timer overrun [ 743.542461][ C0] vkms_vblank_simulate: vblank timer overrun [ 743.823702][ C0] vkms_vblank_simulate: vblank timer overrun [ 744.026046][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 744.109389][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 744.169266][ T145] bond0 (unregistering): Released all slaves [ 744.517470][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 744.597579][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 744.683136][ T145] bond0 (unregistering): Released all slaves [ 746.159031][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.376835][ C0] vkms_vblank_simulate: vblank timer overrun [ 746.470989][ T9505] 8021q: adding VLAN 0 to HW filter on device bond0 [ 746.545589][ T37] audit: type=1326 audit(1756594242.091:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9880 comm="syz.3.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 746.545871][ T37] audit: type=1326 audit(1756594242.091:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9880 comm="syz.3.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 746.616674][ T9505] 8021q: adding VLAN 0 to HW filter on device team0 [ 746.618411][ T37] audit: type=1326 audit(1756594242.161:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9880 comm="syz.3.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 746.618457][ T37] audit: type=1326 audit(1756594242.161:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9880 comm="syz.3.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 746.618495][ T37] audit: type=1326 audit(1756594242.161:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9880 comm="syz.3.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 746.618533][ T37] audit: type=1326 audit(1756594242.161:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9880 comm="syz.3.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 746.622114][ T37] audit: type=1326 audit(1756594242.161:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9880 comm="syz.3.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 746.622160][ T37] audit: type=1326 audit(1756594242.161:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9880 comm="syz.3.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 746.622200][ T37] audit: type=1326 audit(1756594242.161:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9880 comm="syz.3.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 746.622238][ T37] audit: type=1326 audit(1756594242.161:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9880 comm="syz.3.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 746.995447][ T1174] bridge0: port 1(bridge_slave_0) entered blocking state [ 746.997334][ T1174] bridge0: port 1(bridge_slave_0) entered forwarding state [ 747.986495][ C0] vkms_vblank_simulate: vblank timer overrun [ 748.002815][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 748.002887][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.057458][ C0] vkms_vblank_simulate: vblank timer overrun [ 748.061977][ T1174] bridge0: port 2(bridge_slave_1) entered blocking state [ 748.062116][ T1174] bridge0: port 2(bridge_slave_1) entered forwarding state [ 748.093257][ T9887] netlink: 12 bytes leftover after parsing attributes in process `syz.3.885'. [ 748.370998][ T9894] netlink: 4 bytes leftover after parsing attributes in process `syz.3.885'. [ 749.261618][ T145] hsr_slave_0: left promiscuous mode [ 749.482176][ C0] vkms_vblank_simulate: vblank timer overrun [ 749.517476][ T145] hsr_slave_1: left promiscuous mode [ 749.524946][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 749.566083][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 749.819412][ T145] hsr_slave_0: left promiscuous mode [ 749.838335][ T145] hsr_slave_1: left promiscuous mode [ 749.839248][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 749.875875][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 750.675808][ T145] team0 (unregistering): Port device team_slave_1 removed [ 750.968432][ T5836] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 750.982191][ T5836] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 750.983380][ T5836] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 750.990497][ T5836] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 750.992674][ T5836] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 751.111842][ C0] vkms_vblank_simulate: vblank timer overrun [ 751.128091][ T145] team0 (unregistering): Port device team_slave_0 removed [ 752.009178][ C0] vkms_vblank_simulate: vblank timer overrun [ 752.225841][ C0] vkms_vblank_simulate: vblank timer overrun [ 752.531183][ C0] vkms_vblank_simulate: vblank timer overrun [ 753.479272][ T9919] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 753.511198][ C0] vkms_vblank_simulate: vblank timer overrun [ 753.512296][ T8428] Bluetooth: hci5: command tx timeout [ 753.642729][ C0] vkms_vblank_simulate: vblank timer overrun [ 754.395651][ T145] team0 (unregistering): Port device team_slave_1 removed [ 754.518604][ T145] team0 (unregistering): Port device team_slave_0 removed [ 754.544639][ C0] vkms_vblank_simulate: vblank timer overrun [ 755.012515][ C0] vkms_vblank_simulate: vblank timer overrun [ 755.570319][ C0] vkms_vblank_simulate: vblank timer overrun [ 755.576188][ T8428] Bluetooth: hci5: command tx timeout [ 756.173587][ C0] vkms_vblank_simulate: vblank timer overrun [ 756.237751][ T9928] netlink: 'syz.4.893': attribute type 4 has an invalid length. [ 756.946298][ C0] vkms_vblank_simulate: vblank timer overrun [ 757.258235][ C0] vkms_vblank_simulate: vblank timer overrun [ 757.436592][ T8428] Bluetooth: Wrong link type (-57) [ 758.925390][ C0] vkms_vblank_simulate: vblank timer overrun [ 758.957033][ T8428] Bluetooth: hci5: command tx timeout [ 759.157456][ C0] vkms_vblank_simulate: vblank timer overrun [ 759.227074][ C0] vkms_vblank_simulate: vblank timer overrun [ 759.588750][ T9947] netlink: 12 bytes leftover after parsing attributes in process `syz.4.900'. [ 760.061951][ C0] vkms_vblank_simulate: vblank timer overrun [ 760.191887][ T9958] rdma_rxe: rxe_newlink: failed to add lo [ 760.964747][ C0] vkms_vblank_simulate: vblank timer overrun [ 761.044425][ T8428] Bluetooth: hci5: command tx timeout [ 761.195997][ C0] vkms_vblank_simulate: vblank timer overrun [ 761.486997][ T9907] lo speed is unknown, defaulting to 1000 [ 762.434039][ C0] vkms_vblank_simulate: vblank timer overrun [ 763.221799][ C0] vkms_vblank_simulate: vblank timer overrun [ 767.816520][ T9997] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 768.224441][ C0] vkms_vblank_simulate: vblank timer overrun [ 768.275529][ T9998] rdma_rxe: rxe_newlink: failed to add lo [ 769.373086][ T9907] chnl_net:caif_netlink_parms(): no params data found [ 770.337057][ C0] vkms_vblank_simulate: vblank timer overrun [ 771.199915][T10034] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 771.231762][ C0] vkms_vblank_simulate: vblank timer overrun [ 771.555925][ C0] vkms_vblank_simulate: vblank timer overrun [ 771.587916][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 771.624358][ T5836] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 771.632111][ T5836] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 771.652425][ T5836] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 771.660714][ T5843] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 771.664137][ T8428] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 771.709416][T10040] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 771.713172][T10040] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 771.726522][T10040] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 771.740931][T10040] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 772.818585][ C0] vkms_vblank_simulate: vblank timer overrun [ 772.971775][ C0] vkms_vblank_simulate: vblank timer overrun [ 773.092533][ C0] vkms_vblank_simulate: vblank timer overrun [ 773.593638][ C0] vkms_vblank_simulate: vblank timer overrun [ 773.819656][ T5836] Bluetooth: hci0: command tx timeout [ 773.835011][ T5836] Bluetooth: hci3: command tx timeout [ 773.917796][T10074] netlink: 300 bytes leftover after parsing attributes in process `syz.4.923'. [ 774.594227][ C0] vkms_vblank_simulate: vblank timer overrun [ 774.618422][T10081] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 775.370167][ C0] vkms_vblank_simulate: vblank timer overrun [ 775.838595][ T5836] Bluetooth: hci0: command tx timeout [ 775.913027][ T9907] bridge0: port 1(bridge_slave_0) entered blocking state [ 775.913199][ T9907] bridge0: port 1(bridge_slave_0) entered disabled state [ 775.913435][ T9907] bridge_slave_0: entered allmulticast mode [ 775.919756][ T5836] Bluetooth: hci3: command tx timeout [ 775.931154][ T9907] bridge_slave_0: entered promiscuous mode [ 775.967677][T10088] netlink: 12 bytes leftover after parsing attributes in process `syz.3.926'. [ 776.153322][T10091] netlink: 4 bytes leftover after parsing attributes in process `syz.3.926'. [ 776.266942][ T9907] bridge0: port 2(bridge_slave_1) entered blocking state [ 776.267026][ T9907] bridge0: port 2(bridge_slave_1) entered disabled state [ 776.267320][ T9907] bridge_slave_1: entered allmulticast mode [ 776.269178][ T9907] bridge_slave_1: entered promiscuous mode [ 777.008825][T10036] lo speed is unknown, defaulting to 1000 [ 777.325829][ T9907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 777.340237][ T9907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 777.902545][ C0] vkms_vblank_simulate: vblank timer overrun [ 777.915083][ T5836] Bluetooth: hci0: command tx timeout [ 777.997044][ T5836] Bluetooth: hci3: command tx timeout [ 778.078479][T10120] sz1: rxe_newlink: already configured on lo [ 778.241097][ C0] vkms_vblank_simulate: vblank timer overrun [ 778.848880][ C0] vkms_vblank_simulate: vblank timer overrun [ 779.124217][ C0] vkms_vblank_simulate: vblank timer overrun [ 779.265486][ T9907] team0: Port device team_slave_0 added [ 779.446212][ T9907] team0: Port device team_slave_1 added [ 779.847255][T10140] sz1: rxe_newlink: already configured on lo [ 779.982380][ C0] vkms_vblank_simulate: vblank timer overrun [ 779.995458][ T5836] Bluetooth: hci0: command tx timeout [ 780.024832][T10038] lo speed is unknown, defaulting to 1000 [ 780.075082][ T5836] Bluetooth: hci3: command tx timeout [ 780.689885][ T9907] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 780.689902][ T9907] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 780.689927][ T9907] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 780.828180][ T9907] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 780.828195][ T9907] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 780.828219][ T9907] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 781.386537][ T145] bridge_slave_1: left allmulticast mode [ 781.386558][ T145] bridge_slave_1: left promiscuous mode [ 781.386715][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 781.465854][ T145] bridge_slave_0: left allmulticast mode [ 781.465877][ T145] bridge_slave_0: left promiscuous mode [ 781.466050][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 783.065626][T10171] netlink: 44 bytes leftover after parsing attributes in process `syz.3.940'. [ 783.102854][T10169] rdma_rxe: rxe_newlink: failed to add lo [ 783.159409][T10171] netlink: 48 bytes leftover after parsing attributes in process `syz.3.940'. [ 783.819745][ C0] vkms_vblank_simulate: vblank timer overrun [ 783.986793][ C0] vkms_vblank_simulate: vblank timer overrun [ 784.827356][ C0] vkms_vblank_simulate: vblank timer overrun [ 785.177817][T10188] rdma_rxe: rxe_newlink: failed to add lo [ 785.313832][ C0] vkms_vblank_simulate: vblank timer overrun [ 785.878614][ C0] vkms_vblank_simulate: vblank timer overrun [ 786.170022][T10197] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 786.913551][ C0] vkms_vblank_simulate: vblank timer overrun [ 787.087922][ C0] vkms_vblank_simulate: vblank timer overrun [ 787.500228][ C0] vkms_vblank_simulate: vblank timer overrun [ 787.626786][T10205] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 788.459122][ C0] vkms_vblank_simulate: vblank timer overrun [ 788.625536][ C0] vkms_vblank_simulate: vblank timer overrun [ 789.066554][ C0] vkms_vblank_simulate: vblank timer overrun [ 789.385673][ C0] vkms_vblank_simulate: vblank timer overrun [ 789.887017][ C0] vkms_vblank_simulate: vblank timer overrun [ 789.887068][T10214] sz1: rxe_newlink: already configured on lo [ 790.110045][ C0] vkms_vblank_simulate: vblank timer overrun [ 790.797660][T10222] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 790.895739][ C0] vkms_vblank_simulate: vblank timer overrun [ 790.993622][ C0] vkms_vblank_simulate: vblank timer overrun [ 792.126615][ C0] vkms_vblank_simulate: vblank timer overrun [ 792.415657][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 792.495641][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 792.577544][ T145] bond0 (unregistering): Released all slaves [ 792.594680][T10232] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 792.955135][ T9907] hsr_slave_0: entered promiscuous mode [ 792.956443][ T9907] hsr_slave_1: entered promiscuous mode [ 792.957302][ T9907] debugfs: 'hsr0' already exists in 'hsr' [ 792.957324][ T9907] Cannot create hsr debugfs directory [ 793.954956][ T145] hsr_slave_0: left promiscuous mode [ 793.996862][ T145] hsr_slave_1: left promiscuous mode [ 793.997770][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 794.676112][T10040] Bluetooth: hci4: command 0x1003 tx timeout [ 794.676375][ T5836] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 794.738034][ C0] vkms_vblank_simulate: vblank timer overrun [ 794.802706][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 796.030213][ C0] vkms_vblank_simulate: vblank timer overrun [ 796.431105][ C0] vkms_vblank_simulate: vblank timer overrun [ 797.239427][ C0] vkms_vblank_simulate: vblank timer overrun [ 797.353034][ C0] vkms_vblank_simulate: vblank timer overrun [ 797.692445][ C0] vkms_vblank_simulate: vblank timer overrun [ 797.702110][ T145] team0 (unregistering): Port device team_slave_1 removed [ 797.890973][ T145] team0 (unregistering): Port device team_slave_0 removed [ 797.923818][ C0] vkms_vblank_simulate: vblank timer overrun [ 798.041122][ C0] vkms_vblank_simulate: vblank timer overrun [ 798.101423][ C0] vkms_vblank_simulate: vblank timer overrun [ 798.269344][ C0] vkms_vblank_simulate: vblank timer overrun [ 798.421003][ C0] vkms_vblank_simulate: vblank timer overrun [ 798.488856][ C0] vkms_vblank_simulate: vblank timer overrun [ 798.582604][ C0] vkms_vblank_simulate: vblank timer overrun [ 798.806068][ C0] vkms_vblank_simulate: vblank timer overrun [ 799.640207][ C0] vkms_vblank_simulate: vblank timer overrun [ 800.590831][T10292] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 800.902919][ C0] vkms_vblank_simulate: vblank timer overrun [ 801.123051][ C0] vkms_vblank_simulate: vblank timer overrun [ 801.259688][ C0] vkms_vblank_simulate: vblank timer overrun [ 801.330659][ C0] vkms_vblank_simulate: vblank timer overrun [ 801.518454][ C0] vkms_vblank_simulate: vblank timer overrun [ 801.662200][ C0] vkms_vblank_simulate: vblank timer overrun [ 802.156060][ C0] vkms_vblank_simulate: vblank timer overrun [ 803.070074][ C0] vkms_vblank_simulate: vblank timer overrun [ 803.404089][ C0] vkms_vblank_simulate: vblank timer overrun [ 803.580830][T10308] sz1: rxe_newlink: already configured on lo [ 804.328057][ C0] vkms_vblank_simulate: vblank timer overrun [ 804.396383][T10036] chnl_net:caif_netlink_parms(): no params data found [ 804.827649][T10315] pimreg: entered allmulticast mode [ 804.911786][T10038] chnl_net:caif_netlink_parms(): no params data found [ 806.412058][T10036] bridge0: port 1(bridge_slave_0) entered blocking state [ 806.412206][T10036] bridge0: port 1(bridge_slave_0) entered disabled state [ 806.412463][T10036] bridge_slave_0: entered allmulticast mode [ 806.436161][T10036] bridge_slave_0: entered promiscuous mode [ 806.588495][T10036] bridge0: port 2(bridge_slave_1) entered blocking state [ 806.588578][T10036] bridge0: port 2(bridge_slave_1) entered disabled state [ 806.588729][T10036] bridge_slave_1: entered allmulticast mode [ 806.590282][T10036] bridge_slave_1: entered promiscuous mode [ 806.945153][T10038] bridge0: port 1(bridge_slave_0) entered blocking state [ 806.945297][T10038] bridge0: port 1(bridge_slave_0) entered disabled state [ 806.945509][T10038] bridge_slave_0: entered allmulticast mode [ 806.948273][T10038] bridge_slave_0: entered promiscuous mode [ 807.272723][T10038] bridge0: port 2(bridge_slave_1) entered blocking state [ 807.272895][T10038] bridge0: port 2(bridge_slave_1) entered disabled state [ 807.273126][T10038] bridge_slave_1: entered allmulticast mode [ 807.276212][T10038] bridge_slave_1: entered promiscuous mode [ 807.345238][ T37] kauditd_printk_skb: 29 callbacks suppressed [ 807.345255][ T37] audit: type=1326 audit(1756594302.881:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10343 comm="syz.3.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 807.352820][ T37] audit: type=1326 audit(1756594302.891:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10343 comm="syz.3.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 807.354294][ T37] audit: type=1326 audit(1756594302.891:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10343 comm="syz.3.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 807.354338][ T37] audit: type=1326 audit(1756594302.891:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10343 comm="syz.3.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 807.354378][ T37] audit: type=1326 audit(1756594302.891:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10343 comm="syz.3.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 807.354422][ T37] audit: type=1326 audit(1756594302.891:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10343 comm="syz.3.979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 808.241961][T10036] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 808.433665][ C0] vkms_vblank_simulate: vblank timer overrun [ 809.243845][ C0] vkms_vblank_simulate: vblank timer overrun [ 809.313756][ C0] vkms_vblank_simulate: vblank timer overrun [ 809.320242][ T1323] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.323277][ T1323] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.354239][ C0] vkms_vblank_simulate: vblank timer overrun [ 809.393354][T10036] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 809.600214][ C0] vkms_vblank_simulate: vblank timer overrun [ 809.806293][T10364] netlink: 12 bytes leftover after parsing attributes in process `syz.3.985'. [ 809.913438][T10366] netlink: 4 bytes leftover after parsing attributes in process `syz.3.985'. [ 809.978128][ C0] vkms_vblank_simulate: vblank timer overrun [ 810.862711][ C0] vkms_vblank_simulate: vblank timer overrun [ 810.863609][T10367] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 811.022461][T10038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 811.355873][T10038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 811.425674][T10036] team0: Port device team_slave_0 added [ 811.532073][T10036] team0: Port device team_slave_1 added [ 811.801946][T10038] team0: Port device team_slave_0 added [ 811.944980][T10038] team0: Port device team_slave_1 added [ 811.955229][T10036] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 811.955244][T10036] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 811.955267][T10036] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 812.401087][T10375] sz1: rxe_newlink: already configured on lo [ 812.470586][ C0] vkms_vblank_simulate: vblank timer overrun [ 812.617754][ C0] vkms_vblank_simulate: vblank timer overrun [ 813.245028][ C0] vkms_vblank_simulate: vblank timer overrun [ 813.380746][T10040] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 813.401897][T10040] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 813.403494][T10040] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 813.420141][T10040] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 813.421351][T10040] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 813.440641][T10036] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 813.440655][T10036] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 813.440679][T10036] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 813.757969][T10038] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 813.757984][T10038] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 813.758008][T10038] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 813.818651][T10038] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 813.818665][T10038] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 813.818688][T10038] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 814.258354][T10036] hsr_slave_0: entered promiscuous mode [ 814.261615][T10036] hsr_slave_1: entered promiscuous mode [ 814.288218][T10389] pimreg: entered allmulticast mode [ 814.578282][T10038] hsr_slave_0: entered promiscuous mode [ 814.579618][T10038] hsr_slave_1: entered promiscuous mode [ 814.580510][T10038] debugfs: 'hsr0' already exists in 'hsr' [ 814.580533][T10038] Cannot create hsr debugfs directory [ 814.926497][ C0] vkms_vblank_simulate: vblank timer overrun [ 815.142619][ C0] vkms_vblank_simulate: vblank timer overrun [ 815.956786][ C0] vkms_vblank_simulate: vblank timer overrun [ 815.965242][ T5836] Bluetooth: hci4: command tx timeout [ 816.151193][ C0] vkms_vblank_simulate: vblank timer overrun [ 816.237517][ C0] vkms_vblank_simulate: vblank timer overrun [ 816.362270][T10379] lo speed is unknown, defaulting to 1000 [ 816.370339][T10404] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 816.512986][ C0] vkms_vblank_simulate: vblank timer overrun [ 816.762905][ T37] audit: type=1326 audit(1756594312.301:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10407 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 816.763063][ T37] audit: type=1326 audit(1756594312.301:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10407 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 816.788021][ T37] audit: type=1326 audit(1756594312.331:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10407 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 816.796545][ T37] audit: type=1326 audit(1756594312.341:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10407 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 816.796592][ T37] audit: type=1326 audit(1756594312.341:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10407 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 816.796632][ T37] audit: type=1326 audit(1756594312.341:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10407 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 816.950465][ T37] audit: type=1326 audit(1756594312.491:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10407 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 816.950614][ T37] audit: type=1326 audit(1756594312.491:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10407 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 816.968048][T10408] netlink: 4 bytes leftover after parsing attributes in process `syz.3.995'. [ 816.968095][ T37] audit: type=1326 audit(1756594312.511:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10407 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 817.257408][ T37] audit: type=1326 audit(1756594312.801:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10407 comm="syz.3.995" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90b2cbebe9 code=0x7ffc0000 [ 817.996236][ T5836] Bluetooth: hci4: command tx timeout [ 819.015919][ C0] vkms_vblank_simulate: vblank timer overrun [ 819.260868][T10431] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 819.964285][ C0] vkms_vblank_simulate: vblank timer overrun [ 820.075241][ T5836] Bluetooth: hci4: command tx timeout [ 820.149898][ C0] vkms_vblank_simulate: vblank timer overrun [ 820.676829][ C0] vkms_vblank_simulate: vblank timer overrun [ 821.594521][ C0] vkms_vblank_simulate: vblank timer overrun [ 821.695623][T10433] mkiss: ax0: crc mode is auto. [ 821.844124][ C0] vkms_vblank_simulate: vblank timer overrun [ 822.159138][ T5836] Bluetooth: hci4: command tx timeout [ 823.381491][T10379] chnl_net:caif_netlink_parms(): no params data found [ 823.571511][T10459] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1007'. [ 823.991989][ C0] vkms_vblank_simulate: vblank timer overrun [ 825.404285][ C0] vkms_vblank_simulate: vblank timer overrun [ 825.584669][ C0] vkms_vblank_simulate: vblank timer overrun [ 825.696435][ T145] bridge_slave_1: left allmulticast mode [ 825.696469][ T145] bridge_slave_1: left promiscuous mode [ 825.696719][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 825.934649][ C0] vkms_vblank_simulate: vblank timer overrun [ 825.979787][ T145] bridge_slave_0: left allmulticast mode [ 825.979808][ T145] bridge_slave_0: left promiscuous mode [ 825.979978][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 826.868512][ C0] vkms_vblank_simulate: vblank timer overrun [ 827.071134][ T145] bridge_slave_1: left allmulticast mode [ 827.071157][ T145] bridge_slave_1: left promiscuous mode [ 827.071309][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 827.156751][ T145] bridge_slave_0: left allmulticast mode [ 827.156773][ T145] bridge_slave_0: left promiscuous mode [ 827.157667][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 827.627217][T10489] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 828.417144][ C0] vkms_vblank_simulate: vblank timer overrun [ 828.985499][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 829.075720][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 829.149395][ T145] bond0 (unregistering): Released all slaves [ 829.640650][ C0] vkms_vblank_simulate: vblank timer overrun [ 829.656239][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 829.763437][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 829.818031][ T145] bond0 (unregistering): Released all slaves [ 830.027164][T10379] bridge0: port 1(bridge_slave_0) entered blocking state [ 830.027345][T10379] bridge0: port 1(bridge_slave_0) entered disabled state [ 830.027580][T10379] bridge_slave_0: entered allmulticast mode [ 830.033173][T10379] bridge_slave_0: entered promiscuous mode [ 830.042319][T10379] bridge0: port 2(bridge_slave_1) entered blocking state [ 830.042654][T10379] bridge0: port 2(bridge_slave_1) entered disabled state [ 830.042842][T10379] bridge_slave_1: entered allmulticast mode [ 830.048137][T10379] bridge_slave_1: entered promiscuous mode [ 830.354228][T10379] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 830.370445][T10379] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 830.959158][T10379] team0: Port device team_slave_0 added [ 831.153306][T10379] team0: Port device team_slave_1 added [ 831.272635][T10040] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 831.295357][T10040] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 831.297051][T10040] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 831.304090][T10040] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 831.347255][T10040] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 831.957537][ T145] hsr_slave_0: left promiscuous mode [ 832.001080][ T145] hsr_slave_1: left promiscuous mode [ 832.001985][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 832.021512][ T5836] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 832.049526][ T5836] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 832.052675][ T5836] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 832.053837][ T5836] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 832.071982][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 832.085612][ T5836] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 832.305078][ T145] hsr_slave_0: left promiscuous mode [ 832.356144][ T145] hsr_slave_1: left promiscuous mode [ 832.357066][ T145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 832.416665][ T145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 833.321402][ T145] team0 (unregistering): Port device team_slave_1 removed [ 833.435080][T10040] Bluetooth: hci5: command tx timeout [ 833.455854][ T145] team0 (unregistering): Port device team_slave_0 removed [ 834.155447][T10040] Bluetooth: hci6: command tx timeout [ 834.666040][ T145] team0 (unregistering): Port device team_slave_1 removed [ 834.807244][ T145] team0 (unregistering): Port device team_slave_0 removed [ 835.422130][T10379] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 835.422145][T10379] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 835.422169][T10379] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 835.514987][T10040] Bluetooth: hci5: command tx timeout [ 836.140118][T10379] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 836.140130][T10379] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 836.140144][T10379] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 836.235492][T10040] Bluetooth: hci6: command tx timeout [ 836.980651][T10379] hsr_slave_0: entered promiscuous mode [ 836.981968][T10379] hsr_slave_1: entered promiscuous mode [ 837.000151][T10379] debugfs: 'hsr0' already exists in 'hsr' [ 837.000176][T10379] Cannot create hsr debugfs directory [ 837.002433][T10503] lo speed is unknown, defaulting to 1000 [ 837.612880][T10040] Bluetooth: hci5: command tx timeout [ 838.314953][T10040] Bluetooth: hci6: command tx timeout [ 838.334355][T10564] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8) [ 838.334379][T10564] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 838.405986][T10564] vhci_hcd vhci_hcd.0: Device attached [ 838.477091][T10523] lo speed is unknown, defaulting to 1000 [ 838.582356][T10566] vhci_hcd: connection closed [ 838.588973][ T57] vhci_hcd: stop threads [ 838.589739][ T57] vhci_hcd: release socket [ 838.624879][ T57] vhci_hcd: disconnect device [ 838.634997][ T9] usb 41-1: new high-speed USB device number 2 using vhci_hcd [ 838.635171][ T9] usb 41-1: enqueue for inactive port 0 [ 838.712304][ T9] vhci_hcd: vhci_device speed not set [ 839.674853][T10040] Bluetooth: hci5: command tx timeout [ 839.755543][T10582] smc: net device bond0 applied user defined pnetid SYZ0 [ 840.166844][ C0] vkms_vblank_simulate: vblank timer overrun [ 840.464172][T10599] rdma_rxe: rxe_newlink: failed to add lo [ 840.530870][ C0] vkms_vblank_simulate: vblank timer overrun [ 840.576991][T10040] Bluetooth: hci6: command tx timeout [ 840.680075][ C0] vkms_vblank_simulate: vblank timer overrun [ 840.725622][ C0] vkms_vblank_simulate: vblank timer overrun [ 840.955311][ C0] vkms_vblank_simulate: vblank timer overrun [ 841.176757][ C0] vkms_vblank_simulate: vblank timer overrun [ 841.907902][T10626] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1039'. [ 842.167254][ T145] bridge_slave_1: left allmulticast mode [ 842.167286][ T145] bridge_slave_1: left promiscuous mode [ 842.167608][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 842.220431][ T145] bridge_slave_0: left allmulticast mode [ 842.220462][ T145] bridge_slave_0: left promiscuous mode [ 842.231068][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 842.328237][ T145] bridge_slave_1: left allmulticast mode [ 842.328272][ T145] bridge_slave_1: left promiscuous mode [ 842.328524][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 842.427064][ T145] bridge_slave_0: left allmulticast mode [ 842.427100][ T145] bridge_slave_0: left promiscuous mode [ 842.427351][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 842.648952][T10639] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1043'. [ 842.778576][ T145] bridge_slave_1: left allmulticast mode [ 842.778608][ T145] bridge_slave_1: left promiscuous mode [ 842.778883][ T145] bridge0: port 2(bridge_slave_1) entered disabled state [ 842.904020][ T145] bridge_slave_0: left allmulticast mode [ 842.904057][ T145] bridge_slave_0: left promiscuous mode [ 842.904306][ T145] bridge0: port 1(bridge_slave_0) entered disabled state [ 843.477738][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 843.578431][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 843.663186][T10647] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1045'. [ 843.678664][ T145] bond0 (unregistering): Released all slaves [ 844.027916][ C0] vkms_vblank_simulate: vblank timer overrun [ 844.688217][ C0] vkms_vblank_simulate: vblank timer overrun [ 844.901078][ C0] vkms_vblank_simulate: vblank timer overrun [ 844.905930][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 845.165961][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 846.163680][ T145] bond0 (unregistering): Released all slaves [ 846.583453][ C0] vkms_vblank_simulate: vblank timer overrun [ 846.754347][T10664] sz1: rxe_newlink: already configured on lo [ 847.507882][ C0] vkms_vblank_simulate: vblank timer overrun [ 847.586045][ T145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 847.693631][ C0] vkms_vblank_simulate: vblank timer overrun [ 847.744376][T10670] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1051'. [ 847.793799][ T145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 847.871560][ T145] bond0 (unregistering): Released all slaves [ 847.906904][T10673] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1051'. [ 847.945869][T10643] pim6reg1: entered allmulticast mode [ 849.115720][ C0] ------------[ cut here ]------------ [ 849.115742][ C0] WARNING: CPU: 0 PID: 16 at ./include/linux/seqlock.h:221 est_timer+0x6dc/0x9f0 [ 849.115790][ C0] Modules linked in: [ 849.115838][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 849.115893][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 849.115927][ C0] RIP: 0010:est_timer+0x6dc/0x9f0 [ 849.115950][ C0] Code: ff c7 42 80 3c 23 00 74 08 4c 89 f7 e8 bd 2c 41 f9 4d 89 3e 42 80 3c 23 00 0f 85 54 ff ff ff e9 57 ff ff ff e8 d5 f4 e1 f8 90 <0f> 0b 90 e9 63 fd ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 65 fa ff ff [ 849.115969][ C0] RSP: 0018:ffffc900001577a0 EFLAGS: 00010246 [ 849.115988][ C0] RAX: ffffffff88dc677b RBX: 0000000000000001 RCX: ffff88801ae85940 [ 849.116005][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 849.116019][ C0] RBP: ffffc900001578b0 R08: 0000000000000000 R09: 0000000000000100 [ 849.116034][ C0] R10: dffffc0000000000 R11: fffff5200002af0a R12: 0000000000000005 [ 849.116049][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88801b2bb468 [ 849.116064][ C0] FS: 0000000000000000(0000) GS:ffff8881268c2000(0000) knlGS:0000000000000000 [ 849.116082][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 849.116097][ C0] CR2: 00007fb9f8f074a8 CR3: 000000003b398000 CR4: 00000000003526f0 [ 849.116116][ C0] Call Trace: [ 849.116125][ C0] [ 849.116151][ C0] ? __pfx_est_timer+0x10/0x10 [ 849.116189][ C0] call_timer_fn+0x17b/0x5f0 [ 849.116225][ C0] ? __pfx_est_timer+0x10/0x10 [ 849.116246][ C0] ? call_timer_fn+0xbe/0x5f0 [ 849.116272][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 849.116311][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 849.116339][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 849.116364][ C0] ? __pfx_est_timer+0x10/0x10 [ 849.116390][ C0] __run_timer_base+0x648/0x970 [ 849.116440][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 849.116487][ C0] run_timer_softirq+0xb7/0x180 [ 849.116513][ C0] handle_softirqs+0x22c/0x710 [ 849.116552][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 849.116591][ C0] run_ktimerd+0xcf/0x190 [ 849.116615][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 849.116637][ C0] ? schedule+0x91/0x360 [ 849.116664][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 849.116687][ C0] smpboot_thread_fn+0x542/0xa60 [ 849.116714][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 849.116747][ C0] kthread+0x711/0x8a0 [ 849.116775][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 849.116798][ C0] ? __pfx_kthread+0x10/0x10 [ 849.116834][ C0] ? __pfx_kthread+0x10/0x10 [ 849.116866][ C0] ret_from_fork+0x3f9/0x770 [ 849.116897][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 849.116932][ C0] ? __switch_to_asm+0x39/0x70 [ 849.116952][ C0] ? __switch_to_asm+0x33/0x70 [ 849.116971][ C0] ? __pfx_kthread+0x10/0x10 [ 849.117003][ C0] ret_from_fork_asm+0x1a/0x30 [ 849.117044][ C0] [ 849.117054][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 849.117070][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 849.117094][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 849.117107][ C0] Call Trace: [ 849.117115][ C0] [ 849.117123][ C0] dump_stack_lvl+0x99/0x250 [ 849.117154][ C0] ? __asan_memcpy+0x40/0x70 [ 849.117178][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 849.117208][ C0] ? __pfx__printk+0x10/0x10 [ 849.117248][ C0] vpanic+0x281/0x750 [ 849.117278][ C0] ? __pfx__printk+0x10/0x10 [ 849.117300][ C0] ? __pfx_vpanic+0x10/0x10 [ 849.117330][ C0] ? is_bpf_text_address+0x26/0x2b0 [ 849.117372][ C0] panic+0xb9/0xc0 [ 849.117407][ C0] ? __pfx_panic+0x10/0x10 [ 849.117456][ C0] __warn+0x31b/0x4b0 [ 849.117483][ C0] ? est_timer+0x6dc/0x9f0 [ 849.117509][ C0] ? est_timer+0x6dc/0x9f0 [ 849.117531][ C0] report_bug+0x2be/0x4f0 [ 849.117557][ C0] ? est_timer+0x6dc/0x9f0 [ 849.117580][ C0] ? est_timer+0x6dc/0x9f0 [ 849.117602][ C0] ? est_timer+0x6de/0x9f0 [ 849.117624][ C0] handle_bug+0x84/0x160 [ 849.117654][ C0] exc_invalid_op+0x1a/0x50 [ 849.117684][ C0] asm_exc_invalid_op+0x1a/0x20 [ 849.117705][ C0] RIP: 0010:est_timer+0x6dc/0x9f0 [ 849.117727][ C0] Code: ff c7 42 80 3c 23 00 74 08 4c 89 f7 e8 bd 2c 41 f9 4d 89 3e 42 80 3c 23 00 0f 85 54 ff ff ff e9 57 ff ff ff e8 d5 f4 e1 f8 90 <0f> 0b 90 e9 63 fd ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 65 fa ff ff [ 849.117745][ C0] RSP: 0018:ffffc900001577a0 EFLAGS: 00010246 [ 849.117764][ C0] RAX: ffffffff88dc677b RBX: 0000000000000001 RCX: ffff88801ae85940 [ 849.117780][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 849.117793][ C0] RBP: ffffc900001578b0 R08: 0000000000000000 R09: 0000000000000100 [ 849.117808][ C0] R10: dffffc0000000000 R11: fffff5200002af0a R12: 0000000000000005 [ 849.117824][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88801b2bb468 [ 849.117848][ C0] ? est_timer+0x6db/0x9f0 [ 849.117897][ C0] ? __pfx_est_timer+0x10/0x10 [ 849.117934][ C0] call_timer_fn+0x17b/0x5f0 [ 849.117960][ C0] ? __pfx_est_timer+0x10/0x10 [ 849.117982][ C0] ? call_timer_fn+0xbe/0x5f0 [ 849.118008][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 849.118047][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 849.118074][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 849.118099][ C0] ? __pfx_est_timer+0x10/0x10 [ 849.118125][ C0] __run_timer_base+0x648/0x970 [ 849.118169][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 849.118216][ C0] run_timer_softirq+0xb7/0x180 [ 849.118242][ C0] handle_softirqs+0x22c/0x710 [ 849.118281][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 849.118320][ C0] run_ktimerd+0xcf/0x190 [ 849.118348][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 849.118374][ C0] ? schedule+0x91/0x360 [ 849.118413][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 849.118438][ C0] smpboot_thread_fn+0x542/0xa60 [ 849.118466][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 849.118503][ C0] kthread+0x711/0x8a0 [ 849.118537][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 849.118564][ C0] ? __pfx_kthread+0x10/0x10 [ 849.118601][ C0] ? __pfx_kthread+0x10/0x10 [ 849.118633][ C0] ret_from_fork+0x3f9/0x770 [ 849.118662][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 849.118698][ C0] ? __switch_to_asm+0x39/0x70 [ 849.118717][ C0] ? __switch_to_asm+0x33/0x70 [ 849.118736][ C0] ? __pfx_kthread+0x10/0x10 [ 849.118768][ C0] ret_from_fork_asm+0x1a/0x30 [ 849.118808][ C0] [ 849.119075][ C0] Kernel Offset: disabled