last executing test programs: 3.250107885s ago: executing program 0 (id=1): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x2}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f00000004c0)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f00000016c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x60, 0x2, &(0x7f0000000800)={@flat=@weak_handle={0x77682a85, 0x110b, 0x1}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x200000000000, 0xffffffffffffffff}, @fda={0x66646185, 0x8, 0x0, 0x3f}}, &(0x7f0000000240)={0x0, 0x18, 0x44}}, 0x1000}], 0x0, 0x0, 0x0}) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$uinput_user_dev(r4, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x3ff, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0xffffffff, 0xf78, 0x0, 0xfffffffe, 0x0, 0x0, 0x1], [0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xedc0, 0xb9, 0x5ee, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xffffffff, 0x7fc, 0x2, 0x8, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x3, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4771], [0xc35, 0x7f, 0x3, 0x0, 0x3, 0x0, 0x2000000, 0x0, 0x1, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffb, 0x0, 0x0, 0xfffffffc, 0x4], [0x2, 0x0, 0x6, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x6, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x100000, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x5) r5 = openat$panthor(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000540)={0x3, 0x0, 0x1}) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f0000000580)={r6, 0x90}) ioctl$UI_SET_SWBIT(r4, 0x4004556d, 0x3) ioctl$UI_DEV_CREATE(r4, 0x5501) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000070d29bd7000efdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="2d880200a00800002800128008000100677265001c00028008000100", @ANYRES32, @ANYBLOB="08000700ac"], 0x48}, 0x1, 0x0, 0x0, 0xc886}, 0x0) 2.746028315s ago: executing program 0 (id=6): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000640)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x7, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = getpid() sendmmsg$inet(r1, &(0x7f00000084c0)=[{{0x0, 0x0, &(0x7f0000001c40)=[{&(0x7f00000003c0)="ea250644ccc7a7b759ed65d29a6141705acf9778b5d90cdaff171eff0699e0ffad", 0x21}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x4, 0x4000000) sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ptrace$setopts(0x4206, 0xffffffffffffffff, 0xb43, 0x42) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) (fail_nth: 4) 1.003774718s ago: executing program 0 (id=7): r0 = socket$kcm(0x10, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000080), 0x4) syz_emit_ethernet(0x7a, &(0x7f0000000240)=ANY=[@ANYRESOCT=r0, @ANYBLOB="b5dc75a096032b2802108f15175d1d151e630877c59aa92cb7f899ee295931c7fb2ae26c90ad215d376798bd866fba69f62198d07a0eb472503ffe4dc8f894604343416407df4fbacf20ad77ba25f948e0f435b33ddb3fb5888b5cd08ae6", @ANYBLOB="62a7535ac2c0ace78b946f542ef6c063d196", @ANYRESDEC=r0, @ANYRESOCT=r0, @ANYRES8=r0, @ANYRESDEC=r0], 0x0) r1 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r1, &(0x7f0000000900)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0}], 0x1, 0x0) (async) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000080)={r3, 0x7}, 0x8) (async) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10) (async) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d08007b490d4f1e81f8d815001b003a05142603600e12080005007a010401a800160020e0034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993b134e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db79826521340fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x44000) (async) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) (async) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000100)=@req3, 0x1c) creat(&(0x7f0000000040)='./file0\x00', 0x0) 0s ago: executing program 0 (id=8): socket$nl_generic(0x10, 0x3, 0x10) socket(0x40000000015, 0x805, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) socket$can_j1939(0x1d, 0x2, 0x7) socket(0x22, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$l2tp6(0xa, 0x2, 0x73) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x1, 0x84) socket(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0xb) socket$nl_generic(0x10, 0x3, 0x10) pipe(&(0x7f0000000140)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)) pipe(&(0x7f0000000040)) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x1, 0x0, 0x111, 0x6}}, 0x20) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100fffffffffffffc001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.162' (ED25519) to the list of known hosts. [ 73.435842][ T5780] cgroup: Unknown subsys name 'net' [ 73.696746][ T5780] cgroup: Unknown subsys name 'cpuset' [ 73.762324][ T5780] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.346518][ T5780] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.704062][ T5804] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.705755][ T5804] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.706674][ T5804] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.708802][ T5804] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.719830][ T5810] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.724250][ T5814] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.724985][ T5810] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.725879][ T5814] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.727189][ T5810] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.727855][ T5810] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 79.728107][ T5810] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.731292][ T5810] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.732425][ T5804] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 79.747331][ T5806] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.748331][ T5804] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.802178][ T5806] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.804185][ T5806] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.821878][ T5806] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.828433][ T5806] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.829978][ T60] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.834084][ T5806] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.834989][ T60] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.836703][ T60] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.837390][ T5112] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.863366][ T5112] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 80.540346][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 80.570487][ T5793] chnl_net:caif_netlink_parms(): no params data found [ 80.787464][ T5795] chnl_net:caif_netlink_parms(): no params data found [ 80.800209][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 80.870058][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 80.944994][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.945681][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.946001][ T5796] bridge_slave_0: entered allmulticast mode [ 80.947427][ T5796] bridge_slave_0: entered promiscuous mode [ 80.950055][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.950171][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.950314][ T5793] bridge_slave_0: entered allmulticast mode [ 80.952754][ T5793] bridge_slave_0: entered promiscuous mode [ 81.020995][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.021110][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.021592][ T5796] bridge_slave_1: entered allmulticast mode [ 81.043614][ T5796] bridge_slave_1: entered promiscuous mode [ 81.047392][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.047497][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.047612][ T5793] bridge_slave_1: entered allmulticast mode [ 81.049003][ T5793] bridge_slave_1: entered promiscuous mode [ 81.185814][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.188362][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.229660][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.232365][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.232826][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.233011][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.233168][ T5795] bridge_slave_0: entered allmulticast mode [ 81.235678][ T5795] bridge_slave_0: entered promiscuous mode [ 81.269492][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.269603][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.269747][ T5794] bridge_slave_0: entered allmulticast mode [ 81.273397][ T5794] bridge_slave_0: entered promiscuous mode [ 81.310570][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.310705][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.310810][ T5795] bridge_slave_1: entered allmulticast mode [ 81.322866][ T5795] bridge_slave_1: entered promiscuous mode [ 81.343262][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.343410][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.343569][ T5794] bridge_slave_1: entered allmulticast mode [ 81.345493][ T5794] bridge_slave_1: entered promiscuous mode [ 81.390904][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.391034][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.392188][ T5792] bridge_slave_0: entered allmulticast mode [ 81.394631][ T5792] bridge_slave_0: entered promiscuous mode [ 81.419869][ T5796] team0: Port device team_slave_0 added [ 81.423754][ T5793] team0: Port device team_slave_0 added [ 81.644981][ T31] cfg80211: failed to load regulatory.db [ 81.659882][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.660024][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.660188][ T5792] bridge_slave_1: entered allmulticast mode [ 81.663607][ T5792] bridge_slave_1: entered promiscuous mode [ 81.667202][ T5796] team0: Port device team_slave_1 added [ 81.688618][ T5793] team0: Port device team_slave_1 added [ 81.693924][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.754815][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.780494][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.794235][ T5112] Bluetooth: hci1: command tx timeout [ 81.794580][ T5802] Bluetooth: hci4: command tx timeout [ 81.831263][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.872164][ T5112] Bluetooth: hci0: command tx timeout [ 81.872174][ T5802] Bluetooth: hci2: command tx timeout [ 81.872288][ T5112] Bluetooth: hci3: command tx timeout [ 81.894442][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.917063][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.917079][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.917103][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.923075][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.923088][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.923111][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.947927][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.948886][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.948898][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.948921][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.977961][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.977977][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.978002][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.981112][ T5795] team0: Port device team_slave_0 added [ 82.030478][ T5794] team0: Port device team_slave_0 added [ 82.033074][ T5795] team0: Port device team_slave_1 added [ 82.078909][ T5794] team0: Port device team_slave_1 added [ 82.083999][ T5792] team0: Port device team_slave_0 added [ 82.145398][ T5792] team0: Port device team_slave_1 added [ 82.207799][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.207818][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.207842][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.263731][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.263747][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.263771][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.276428][ T5796] hsr_slave_0: entered promiscuous mode [ 82.277938][ T5796] hsr_slave_1: entered promiscuous mode [ 82.280630][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.280642][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.280665][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.314108][ T5793] hsr_slave_0: entered promiscuous mode [ 82.315347][ T5793] hsr_slave_1: entered promiscuous mode [ 82.316347][ T5793] debugfs: 'hsr0' already exists in 'hsr' [ 82.316456][ T5793] Cannot create hsr debugfs directory [ 82.317367][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.317378][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.317401][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.336031][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.336048][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.336071][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.356094][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.356111][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.356133][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.553054][ T5795] hsr_slave_0: entered promiscuous mode [ 82.554328][ T5795] hsr_slave_1: entered promiscuous mode [ 82.555236][ T5795] debugfs: 'hsr0' already exists in 'hsr' [ 82.555259][ T5795] Cannot create hsr debugfs directory [ 82.969179][ T5794] hsr_slave_0: entered promiscuous mode [ 82.969955][ T5794] hsr_slave_1: entered promiscuous mode [ 82.970502][ T5794] debugfs: 'hsr0' already exists in 'hsr' [ 82.970519][ T5794] Cannot create hsr debugfs directory [ 83.025180][ T5792] hsr_slave_0: entered promiscuous mode [ 83.025915][ T5792] hsr_slave_1: entered promiscuous mode [ 83.026497][ T5792] debugfs: 'hsr0' already exists in 'hsr' [ 83.026513][ T5792] Cannot create hsr debugfs directory [ 83.555982][ T5796] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 83.579916][ T5796] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 83.676422][ T5796] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 83.729445][ T5796] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 83.818904][ T5793] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.858084][ T5793] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.873282][ T5799] Bluetooth: hci1: command tx timeout [ 83.873297][ T5112] Bluetooth: hci4: command tx timeout [ 83.907422][ T5793] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.952017][ T5799] Bluetooth: hci2: command tx timeout [ 83.952047][ T5799] Bluetooth: hci3: command tx timeout [ 83.952066][ T5799] Bluetooth: hci0: command tx timeout [ 83.968286][ T5793] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.082810][ T5795] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 84.127684][ T5795] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 84.151078][ T5795] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 84.204558][ T5795] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 84.326728][ T5794] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.362924][ T5794] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.391538][ T5794] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.441104][ T5794] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.553707][ T5792] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 84.590312][ T5792] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 84.607932][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.618741][ T5792] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 84.648594][ T5792] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 84.719317][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.729677][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.760667][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.761397][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.798761][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.798843][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.830960][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.853192][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.875185][ T1525] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.875330][ T1525] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.905541][ T1525] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.905674][ T1525] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.955824][ T5795] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.987581][ T1422] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.987697][ T1422] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.995229][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.044512][ T1525] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.044602][ T1525] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.114072][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.167823][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.168823][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.185046][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.219564][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.219736][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.281016][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.333781][ T1525] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.333908][ T1525] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.388208][ T1437] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.388348][ T1437] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.537258][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.766026][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.954566][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.955840][ T5112] Bluetooth: hci4: command tx timeout [ 85.955869][ T5112] Bluetooth: hci1: command tx timeout [ 86.031914][ T5799] Bluetooth: hci0: command tx timeout [ 86.031942][ T5799] Bluetooth: hci3: command tx timeout [ 86.031960][ T5799] Bluetooth: hci2: command tx timeout [ 86.085396][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.096563][ T5793] veth0_vlan: entered promiscuous mode [ 86.170857][ T5793] veth1_vlan: entered promiscuous mode [ 86.211052][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 86.267090][ T5795] veth0_vlan: entered promiscuous mode [ 86.315307][ T5795] veth1_vlan: entered promiscuous mode [ 86.325365][ T5794] veth0_vlan: entered promiscuous mode [ 86.326140][ T5793] veth0_macvtap: entered promiscuous mode [ 86.350180][ T5796] veth0_vlan: entered promiscuous mode [ 86.364932][ T5793] veth1_macvtap: entered promiscuous mode [ 86.387854][ T5794] veth1_vlan: entered promiscuous mode [ 86.398932][ T5796] veth1_vlan: entered promiscuous mode [ 86.431015][ T5792] veth0_vlan: entered promiscuous mode [ 86.446871][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.470285][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.489649][ T5792] veth1_vlan: entered promiscuous mode [ 86.491073][ T5795] veth0_macvtap: entered promiscuous mode [ 86.518732][ T1437] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.535906][ T1437] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.542493][ T5795] veth1_macvtap: entered promiscuous mode [ 86.548205][ T1437] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.569863][ T1437] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.628246][ T5794] veth0_macvtap: entered promiscuous mode [ 86.646512][ T5796] veth0_macvtap: entered promiscuous mode [ 86.693850][ T5794] veth1_macvtap: entered promiscuous mode [ 86.718321][ T5796] veth1_macvtap: entered promiscuous mode [ 86.721070][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.808375][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.835687][ T5792] veth0_macvtap: entered promiscuous mode [ 86.849735][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.868146][ T1437] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.884337][ T1437] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.902884][ T5792] veth1_macvtap: entered promiscuous mode [ 86.903874][ T1437] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.905368][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.910744][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.910827][ T1437] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.932702][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.932727][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.964556][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.026735][ T1422] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.046693][ T1422] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.060537][ T1422] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.077916][ T1422] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.115921][ T1422] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.119220][ T4097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.119238][ T4097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.126609][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.128821][ T1422] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.139324][ T1422] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.188268][ T1422] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.296525][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.473320][ T1437] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.495906][ T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.495924][ T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.517461][ T1437] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.559027][ T5914] input: syz0 as /devices/virtual/input/input5 [ 87.577098][ T1437] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.614795][ T5915] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1'. [ 87.631255][ T173] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.031817][ T5112] Bluetooth: hci1: command tx timeout [ 88.031847][ T5112] Bluetooth: hci4: command tx timeout [ 88.061680][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 88.071712][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 88.081701][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 88.091690][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 88.101700][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 88.104675][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 88.111693][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 88.121697][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 88.131688][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 88.141693][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 88.696110][ T5930] FAULT_INJECTION: forcing a failure. [ 88.696110][ T5930] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 88.696186][ T5930] CPU: 0 UID: 0 PID: 5930 Comm: syz.0.6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 88.696208][ T5930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 88.696224][ T5930] Call Trace: [ 88.696231][ T5930] [ 88.696236][ T5930] dump_stack_lvl+0xe8/0x150 [ 88.696260][ T5930] should_fail_ex+0x46b/0x600 [ 88.696275][ T5930] _copy_to_user+0x31/0xb0 [ 88.696292][ T5930] simple_read_from_buffer+0xe1/0x170 [ 88.696309][ T5930] proc_fail_nth_read+0x1be/0x230 [ 88.696321][ T5930] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 88.696335][ T5930] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 88.696345][ T5930] vfs_read+0x212/0xa70 [ 88.696359][ T5930] ? __pfx_vfs_read+0x10/0x10 [ 88.696374][ T5930] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 88.696388][ T5930] ? lockdep_hardirqs_on+0x7a/0x110 [ 88.696401][ T5930] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 88.696413][ T5930] ? mutex_lock_nested+0x152/0x1d0 [ 88.696422][ T5930] ? fdget_pos+0x252/0x320 [ 88.696440][ T5930] ksys_read+0x156/0x270 [ 88.696450][ T5930] ? __pfx_ksys_read+0x10/0x10 [ 88.696465][ T5930] do_syscall_64+0x14d/0xf80 [ 88.696478][ T5930] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.696488][ T5930] ? clear_bhb_loop+0x40/0x90 [ 88.696499][ T5930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 88.696509][ T5930] RIP: 0033:0x7fe1c1fbc84e [ 88.696521][ T5930] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 88.696529][ T5930] RSP: 002b:00007fe1c022cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 88.696541][ T5930] RAX: ffffffffffffffda RBX: 00007fe1c022d6c0 RCX: 00007fe1c1fbc84e [ 88.696548][ T5930] RDX: 000000000000000f RSI: 00007fe1c022d0a0 RDI: 0000000000000006 [ 88.696554][ T5930] RBP: 00007fe1c022d090 R08: 0000000000000000 R09: 0000000000000000 [ 88.696560][ T5930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 88.696566][ T5930] R13: 00007fe1c2276128 R14: 00007fe1c2276090 R15: 00007ffce0289df8 [ 88.696581][ T5930] [ 89.611691][ T5799] Bluetooth: hci2: command tx timeout [ 89.611727][ T5799] Bluetooth: hci3: command tx timeout [ 89.611748][ T5799] Bluetooth: hci0: command tx timeout [ 89.636161][ T4097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.636181][ T4097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.471020][ T5945] netlink: 'syz.0.7': attribute type 27 has an invalid length. [ 90.471043][ T5945] netlink: 164 bytes leftover after parsing attributes in process `syz.0.7'. [ 91.952523][ T5850] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 91.952546][ T5850] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 91.952927][ T5112] Bluetooth: hci1: command 0x0c1a tx timeout [ 94.111770][ T5850] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 94.111795][ T5850] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 94.111946][ C1] ------------[ cut here ]------------ [ 94.111953][ C1] workqueue: cannot queue hci_cmd_timeout on wq hci2 [ 94.112000][ C1] WARNING: kernel/workqueue.c:2271 at __queue_work+0xd5c/0xff0, CPU#1: ktimers/1/29 [ 94.112029][ C1] Modules linked in: [ 94.112045][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 94.112063][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 94.112071][ C1] RIP: 0010:__queue_work+0xd87/0xff0 [ 94.112086][ C1] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 3a dd 9b 00 49 8b 75 00 49 81 c7 68 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d e9 01 bf [ 94.112097][ C1] RSP: 0018:ffffc90000a3f9b0 EFLAGS: 00010082 [ 94.112107][ C1] RAX: 1ffff110054d6953 RBX: 0000000000000008 RCX: ffff88801d2e3c00 [ 94.112116][ C1] RDX: ffff8880391e9968 RSI: ffffffff8a06da30 RDI: ffffffff8f4be900 [ 94.112125][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 94.112133][ C1] R10: dffffc0000000000 R11: ffffffff818c5800 R12: dffffc0000000000 [ 94.112142][ C1] R13: ffff88802a6b4a98 R14: ffffffff8f4be900 R15: ffff8880391e9968 [ 94.112151][ C1] FS: 0000000000000000(0000) GS:ffff888126695000(0000) knlGS:0000000000000000 [ 94.112161][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 94.112170][ C1] CR2: 0000559e4e9ad138 CR3: 000000000d9ba000 CR4: 00000000003526f0 [ 94.112182][ C1] Call Trace: [ 94.112188][ C1] [ 94.112196][ C1] ? do_raw_spin_lock+0x12b/0x2f0 [ 94.112220][ C1] call_timer_fn+0x192/0x5a0 [ 94.112238][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 94.112252][ C1] ? call_timer_fn+0xd4/0x5a0 [ 94.112267][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 94.112290][ C1] ? do_raw_spin_unlock+0xf5/0x210 [ 94.112303][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 94.112320][ C1] __run_timer_base+0x764/0x9f0 [ 94.112347][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 94.112366][ C1] ? __local_bh_disable_ip+0x3c/0x420 [ 94.112382][ C1] ? __local_bh_disable_ip+0x3c/0x420 [ 94.112401][ C1] run_timer_softirq+0xb7/0x170 [ 94.112417][ C1] handle_softirqs+0x1de/0x640 [ 94.112437][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 94.112453][ C1] run_ktimerd+0x69/0x100 [ 94.112468][ C1] smpboot_thread_fn+0x541/0xa50 [ 94.112485][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 94.112506][ C1] kthread+0x388/0x470 [ 94.112524][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 94.112538][ C1] ? __pfx_kthread+0x10/0x10 [ 94.112555][ C1] ret_from_fork+0x51e/0xb90 [ 94.112573][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 94.112587][ C1] ? __switch_to+0xc7d/0x1400 [ 94.112604][ C1] ? __pfx_kthread+0x10/0x10 [ 94.112621][ C1] ret_from_fork_asm+0x1a/0x30 [ 94.112652][ C1] [ 94.112659][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 94.112669][ C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 94.112684][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 94.112691][ C1] Call Trace: [ 94.112696][ C1] [ 94.112702][ C1] vpanic+0x1e0/0x670 [ 94.112721][ C1] panic+0xc5/0xd0 [ 94.112737][ C1] ? __pfx_panic+0x10/0x10 [ 94.112762][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 94.112783][ C1] __warn+0x315/0x4a0 [ 94.112799][ C1] ? __queue_work+0xd5c/0xff0 [ 94.112815][ C1] ? __queue_work+0xd5c/0xff0 [ 94.112831][ C1] __report_bug+0x29a/0x540 [ 94.112848][ C1] ? __queue_work+0xc70/0xff0 [ 94.112865][ C1] ? __queue_work+0xd5c/0xff0 [ 94.112881][ C1] ? __pfx___report_bug+0x10/0x10 [ 94.112895][ C1] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 94.112918][ C1] ? register_lock_class+0x31/0x2e0 [ 94.112941][ C1] ? __lock_acquire+0x6b5/0x2cf0 [ 94.112961][ C1] report_bug_entry+0x19a/0x290 [ 94.112987][ C1] ? __queue_work+0xd87/0xff0 [ 94.113001][ C1] ? __queue_work+0xd8c/0xff0 [ 94.113016][ C1] handle_bug+0xca/0x200 [ 94.113037][ C1] exc_invalid_op+0x1a/0x50 [ 94.113055][ C1] asm_exc_invalid_op+0x1a/0x20 [ 94.113069][ C1] RIP: 0010:__queue_work+0xd87/0xff0 [ 94.113088][ C1] Code: 83 c5 18 4c 89 e8 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 ef e8 3a dd 9b 00 49 8b 75 00 49 81 c7 68 01 00 00 4c 89 f7 4c 89 fa <67> 48 0f b9 3a 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d e9 01 bf [ 94.113100][ C1] RSP: 0018:ffffc90000a3f9b0 EFLAGS: 00010082 [ 94.113115][ C1] RAX: 1ffff110054d6953 RBX: 0000000000000008 RCX: ffff88801d2e3c00 [ 94.113125][ C1] RDX: ffff8880391e9968 RSI: ffffffff8a06da30 RDI: ffffffff8f4be900 [ 94.113136][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 94.113145][ C1] R10: dffffc0000000000 R11: ffffffff818c5800 R12: dffffc0000000000 [ 94.113158][ C1] R13: ffff88802a6b4a98 R14: ffffffff8f4be900 R15: ffff8880391e9968 [ 94.113174][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 94.113198][ C1] ? __pfx_hci_cmd_timeout+0x10/0x10 [ 94.113223][ C1] ? do_raw_spin_lock+0x12b/0x2f0 [ 94.113252][ C1] call_timer_fn+0x192/0x5a0 [ 94.113272][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 94.113286][ C1] ? call_timer_fn+0xd4/0x5a0 [ 94.113303][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 94.113332][ C1] ? do_raw_spin_unlock+0xf5/0x210 [ 94.113350][ C1] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 94.113368][ C1] __run_timer_base+0x764/0x9f0 [ 94.113395][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 94.113414][ C1] ? __local_bh_disable_ip+0x3c/0x420 [ 94.113431][ C1] ? __local_bh_disable_ip+0x3c/0x420 [ 94.113452][ C1] run_timer_softirq+0xb7/0x170 [ 94.113469][ C1] handle_softirqs+0x1de/0x640 [ 94.113495][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 94.113512][ C1] run_ktimerd+0x69/0x100 [ 94.113531][ C1] smpboot_thread_fn+0x541/0xa50 [ 94.113551][ C1] ? smpboot_thread_fn+0x4d/0xa50 [ 94.113576][ C1] kthread+0x388/0x470 [ 94.113596][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 94.113611][ C1] ? __pfx_kthread+0x10/0x10 [ 94.113633][ C1] ret_from_fork+0x51e/0xb90 [ 94.113654][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 94.113670][ C1] ? __switch_to+0xc7d/0x1400 [ 94.113691][ C1] ? __pfx_kthread+0x10/0x10 [ 94.113709][ C1] ret_from_fork_asm+0x1a/0x30 [ 94.113740][ C1] [ 94.114501][ C1] Kernel Offset: disabled