last executing test programs: 8m26.803396588s ago: executing program 4 (id=263): socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)) add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) io_uring_setup(0x2cee, &(0x7f00000003c0)={0x0, 0x93b0, 0x4, 0x1, 0x164}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x102, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDGKBDIACR(r1, 0x4b4a, &(0x7f0000000040)=""/96) r2 = openat$sysfs(0xffffff9c, &(0x7f0000000500)='/sys/kernel/notes', 0x0, 0x90) fsetxattr$security_capability(r2, &(0x7f0000000200), 0x0, 0x0, 0x0) 8m23.419141454s ago: executing program 4 (id=271): socket(0xa, 0x3, 0x3a) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000080), r0) sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="010027bd2200fbdbdf2503"], 0x14}}, 0x40040) 8m23.216829456s ago: executing program 4 (id=274): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x88f, &(0x7f00000002c0)={0x0, 0x17da, 0x0, 0x1, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000180)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_FILES_UPDATE={0x14, 0x40, 0x0, 0x0, 0x80, &(0x7f0000000100)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1], 0x4, 0x0, 0x1}) io_uring_enter(r2, 0x75fa, 0xe475, 0x0, 0x0, 0x0) 8m20.217093075s ago: executing program 4 (id=286): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x202}], 0x18}, 0x0) sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000980)=@newtaction={0x214, 0x30, 0x800, 0x70bd2b, 0xbc, {}, [{0x200, 0x1, [@m_ipt={0x1c0, 0x2, 0x0, 0x0, {{0x8}, {0x16c, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_TARG={0xbd, 0x6, {0x3, 'nat\x00', 0xd, 0x4, "6913ace14a6ed89a10126bdccf8bb0e47081056269c6b4936fa4dd86021e400713aaa74a4ed7ed21409e3670e5c1e0b6978f1ea244af83d36c88ea3fd2426e42da44e0d2bca6616cc7e5f21e0cd8f6a8062e8413d3c82db28de1c5702fd9a0c2415291aa1151a6ed6d7bd54b5779a32f19828d9c1dedfa99801bd6b8f167047c53cc93f2c49cf19fe1167292952695ee6b1fad"}}, @TCA_IPT_TARG={0x79, 0x6, {0x7, 'raw\x00', 0xd, 0x5, "59597faf36b40c48a2ef5c1d5715596a6e9dadfdb2deddaaba256a17bc50464be57f4ab9d1cd65b44eff95117dfdaf3075c90e4e64e2f5ed82584c73f1b9ab010a3fb34835b08922d70ee649789830"}}]}, {0x2d, 0x6, "d4404c4a8824b84368d09ccdb5597b825dbbd7aef99c354d3ef3d520abe9d4cb7dce90320fdae5b234"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ipt={0x3c, 0x16, 0x0, 0x0, {{0x8}, {0x14, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x4}, @TCA_IPT_INDEX={0x8, 0x3, 0x7}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x214}}, 0x0) recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)=""/229, 0xe5}, {&(0x7f0000000300)=""/225, 0xe1}, {0x0}], 0x3}}], 0x1, 0x60, 0x0) 8m19.710964016s ago: executing program 4 (id=288): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) getsockname$unix(r0, 0x0, &(0x7f00000000c0)) mremap(&(0x7f00005f4000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r1 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000001c0)="c683c320bb386bce45eb", 0xa, 0xfffffffffffffffe) r2 = add_key$user(0x0, &(0x7f0000000440), &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) 8m18.182255997s ago: executing program 4 (id=290): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) capset(0x0, &(0x7f0000000140)) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil) dup(0xffffffffffffffff) r5 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r5, 0xc044560f, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x0, 0x7, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10110401"}}) dup(0xffffffffffffffff) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'comedi_bond\x00', [0x2f, 0x80, 0x10006, 0x4, 0x1, 0xcc7, 0x8, 0x17, 0xa, 0x24c, 0xfff, 0x7, 0x5, 0x5, 0x4, 0x105, 0x8, 0x2, 0x2009, 0x1, 0x89, 0x6, 0x0, 0x20001e5a, 0x1000b, 0x7, 0x9, 0x8, 0x6, 0x401, 0xfffffffd]}) 8m2.892418041s ago: executing program 32 (id=290): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi0\x00', 0x400, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) capset(0x0, &(0x7f0000000140)) r4 = socket$kcm(0x10, 0x2, 0x4) sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010) prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil) dup(0xffffffffffffffff) r5 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$vim2m_VIDIOC_QUERYBUF(r5, 0xc044560f, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x0, 0x7, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "10110401"}}) dup(0xffffffffffffffff) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'comedi_bond\x00', [0x2f, 0x80, 0x10006, 0x4, 0x1, 0xcc7, 0x8, 0x17, 0xa, 0x24c, 0xfff, 0x7, 0x5, 0x5, 0x4, 0x105, 0x8, 0x2, 0x2009, 0x1, 0x89, 0x6, 0x0, 0x20001e5a, 0x1000b, 0x7, 0x9, 0x8, 0x6, 0x401, 0xfffffffd]}) 7m47.07206879s ago: executing program 1 (id=356): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, 0x0, 0x20000050) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, 0x0, 0x2040040) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) open(0x0, 0x60840, 0x1d2) bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10) sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001400010000000000000000c90300"], 0x1c}], 0x1, 0x0, 0x0, 0x100}, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0) 7m46.033394059s ago: executing program 1 (id=359): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) getsockname$unix(r0, 0x0, &(0x7f00000000c0)) mremap(&(0x7f00005f4000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000001c0)="c683c320bb386bce45eb", 0xa, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/83, 0x53, 0x0) 7m45.522657078s ago: executing program 1 (id=362): socket$inet6_udp(0xa, 0x2, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x9, 0x0, 0x0, 0x0, 0x3ff, 0x5d, &(0x7f0000000640)=""/93, 0x41000, 0x4, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000800)={0x3, 0x5, 0x763, 0x80000000}, 0x10, 0x0, 0xffffffffffffffff, 0x4, &(0x7f0000000b80)=[r1], &(0x7f0000000bc0)=[{0x3, 0x4, 0xa, 0x7}, {0x0, 0x4, 0xc, 0x7}, {0x4, 0x3, 0x6, 0x6}, {0x2, 0x1, 0x5, 0x5}], 0x10, 0x5b4d}, 0x94) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xc1103000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_TYPENAME={0x13, 0x3, 'hash:net,iface\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x58}}, 0x0) 7m43.486757812s ago: executing program 1 (id=364): socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r2, 0x6, 0x17, 0x0, 0x0) r3 = socket$inet(0x2, 0x1, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r3, 0x0, 0x50, 0x0, &(0x7f0000000000)=0x600) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0xffffffff}, 0x0) syz_usb_connect$hid(0x5, 0x3f, &(0x7f00000020c0)=ANY=[@ANYBLOB="1201010200000010f3044d0740000102030109022d"], 0x0) mlock2(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x1) syz_usb_connect$printer(0x6, 0x2d, &(0x7f0000002100)=ANY=[@ANYBLOB], 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000001b80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) socket$pptp(0x18, 0x1, 0x2) syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff) openat$sysfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00'}) sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, 0x0, 0x0) r5 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) keyctl$read(0x2, r5, &(0x7f00000000c0)=""/4096, 0x1000) keyctl$read(0xb, r5, &(0x7f00000010c0)=""/4096, 0x1000) 7m40.19074081s ago: executing program 1 (id=369): openat$dir(0xffffffffffffff9c, 0x0, 0x101000, 0x108) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000034700)=""/102400, 0x19000) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x60002000, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') fchdir(r1) exit(0xffff) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) 7m39.233724239s ago: executing program 1 (id=371): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xd8, 0x34, 0x88, 0x8, 0x1a0a, 0x101, 0x1b21, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9c, 0x50, 0x56}}]}}]}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$packet(0x11, 0x3, 0x300) r1 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0) syz_emit_ethernet(0xc2, &(0x7f0000000000)=ANY=[@ANYRES8, @ANYRESOCT=r1], 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, &(0x7f0000000400)={0x800100, 0xffffffff, 0x22, 0xe1d9, 0x1101, 0xff}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="640100000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400200100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe80000000000000000000000000000014000400ff0200000000000000000000000000010c00028005000100000000000800074000000000d0000d8008000100ac14140008000200000000001400", @ANYRESHEX=0x0], 0x164}, 0x1, 0x0, 0x0, 0x8090}, 0x0) setsockopt(r4, 0x84, 0x81, &(0x7f0000000280), 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r6 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x3, &(0x7f00000000c0)='source', &(0x7f00000001c0)='source', 0x0) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r7, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0xf, 0x27}, 0xfffffffd}) r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 7m24.068490492s ago: executing program 33 (id=371): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xd8, 0x34, 0x88, 0x8, 0x1a0a, 0x101, 0x1b21, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9c, 0x50, 0x56}}]}}]}}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$packet(0x11, 0x3, 0x300) r1 = socket$inet_udp(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0) syz_emit_ethernet(0xc2, &(0x7f0000000000)=ANY=[@ANYRES8, @ANYRESOCT=r1], 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, &(0x7f0000000400)={0x800100, 0xffffffff, 0x22, 0xe1d9, 0x1101, 0xff}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="640100000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400200100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe80000000000000000000000000000014000400ff0200000000000000000000000000010c00028005000100000000000800074000000000d0000d8008000100ac14140008000200000000001400", @ANYRESHEX=0x0], 0x164}, 0x1, 0x0, 0x0, 0x8090}, 0x0) setsockopt(r4, 0x84, 0x81, &(0x7f0000000280), 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r6 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x3, &(0x7f00000000c0)='source', &(0x7f00000001c0)='source', 0x0) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r7, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0xf, 0x27}, 0xfffffffd}) r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r8, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 12.259686651s ago: executing program 2 (id=1308): r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x106f) 11.978642222s ago: executing program 2 (id=1310): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000001c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x400000000010, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001300)=@newtfilter={0x2c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x7, 0x2}}, [@TCA_RATE={0x6, 0x5, {0x8, 0xe}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x800) 10.202605516s ago: executing program 2 (id=1315): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) socket$nl_generic(0x10, 0x3, 0x10) openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc) bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c) socket$nl_route(0x10, 0x3, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) 7.851609619s ago: executing program 2 (id=1317): mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0) chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/comedi3\x00', 0xc00, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f00000000c0)={'8255\x00', [0x40404f26, 0x5, 0x2, 0xd5db, 0xc, 0x9, 0xfff, 0x5c95238c, 0xa, 0x3bf, 0x6, 0x1600, 0x3, 0x20000001, 0x809, 0x400e1c8, 0x6, 0x7, 0x6, 0x19c, 0x6, 0x4, 0xb, 0x402, 0x10, 0x3, 0xef, 0x0, 0xa, 0x8000003, 0xdffffffd]}) 7.680502793s ago: executing program 3 (id=1319): lsm_get_self_attr(0x64, 0x0, &(0x7f0000001280), 0x0) mknod$loop(&(0x7f00000190c0)='./file0\x00', 0xfff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x13, 0x0, 0x0, 0x401}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000080)=0xd, 0x4) sendto$inet6(r2, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x18115, @rand_addr, 0x983a}, 0x1c) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0x406f413, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, 0x0, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0}}, 0x20) ioctl$SW_SYNC_IOC_INC(0xffffffffffffffff, 0x40045701, 0x0) r6 = socket(0x10, 0x3, 0x0) r7 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x30}}, 0x40800) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x1c, 0x52, 0x1, 0x70bd04, 0x24dfdbfc, {0xa}, [@typed={0x8, 0x1, 0x0, 0x0, @fd}]}, 0x1c}}, 0x8800) execve(&(0x7f0000019100)='./file0\x00', 0x0, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)) 7.589373759s ago: executing program 0 (id=1320): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r1}, 0x10) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x400) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3}) 7.182370528s ago: executing program 2 (id=1321): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') chdir(0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x80, 0x141) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 7.15208138s ago: executing program 0 (id=1322): socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r2, &(0x7f00000001c0)={0x2c, 0x8, r4}, 0x10) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f00000000c0), 0xf00) 7.02108598s ago: executing program 2 (id=1323): sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x4000080) syz_usb_connect(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) getsockname$unix(r0, 0x0, &(0x7f00000000c0)) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mremap(&(0x7f00005f4000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) socket$alg(0x26, 0x5, 0x0) add_key(&(0x7f0000000040)='pkcs7_test\x00', 0x0, &(0x7f00000000c0)="100c06", 0x3, 0xfffffffffffffffe) ioctl$EVIOCSMASK(0xffffffffffffffff, 0x40104593, 0x0) ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, 0x0) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) add_key$user(&(0x7f0000000200), 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) r2 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000001c0)="c683c320bb386bce45eb", 0xa, 0xfffffffffffffffe) r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r2, r3, r2}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) keyctl$update(0x2, r2, &(0x7f0000000340)="097c54fc37b886bd04d47f27a627e3fcb5adf2af5878909217d05f7a85e42c0f12ed5cacc1f32a2658c6ec0000410307bb5289925b934bdcd7c38da91c1fd6037fd7f955277887000000006c6fc059d574f7b50fe210777f2c0edd324762b4", 0x5f) r4 = openat$rdma_cm(0xffffff9c, &(0x7f00000006c0), 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x4d10, 0x2, 0x2, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000540)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000500)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000600)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x3, @loopback, 0x1}, {0xa, 0x0, 0x5, @mcast2}, r5}}, 0x48) prctl$PR_SET_IO_FLUSHER(0x43, 0x0) 5.960077091s ago: executing program 0 (id=1324): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) syz_clone3(&(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, {}, &(0x7f0000000000)=""/4112, 0x1010, 0x0, 0x0}, 0x32) 4.610672758s ago: executing program 0 (id=1325): syz_usb_connect(0x2, 0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000055bed40020000000000000003010902380002000000060904c700010e0101000300d009050a000000000000090400000101be260009"], 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(r1, 0x0, 0x0) 4.414833513s ago: executing program 3 (id=1326): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES16=r2], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="4005031833f703"], 0x7) 4.254772445s ago: executing program 3 (id=1327): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) socket$nl_generic(0x10, 0x3, 0x10) openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c) bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c) socket$nl_route(0x10, 0x3, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) 3.03050556s ago: executing program 3 (id=1328): getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x310) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB], 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x4800) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0xc) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-avx2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x40010}, 0x4040044) sendto$inet6(0xffffffffffffffff, &(0x7f0000001cc0), 0x0, 0x8000, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40002003, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) 1.6856915s ago: executing program 3 (id=1329): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000100)={0x14, 0x2, 0x6, 0x801}, 0x14}}, 0x0) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="90000000", @ANYRES16=r1, @ANYBLOB="01000000000000000000010000000c000500ff000000000000000c0002000000020000000000040007800c000800000000000000000008000a00000000004400078008000100", @ANYRES32, @ANYBLOB="380001"], 0x90}}, 0x0) 1.603398737s ago: executing program 0 (id=1330): socket$inet_udp(0x2, 0x2, 0x0) creat(0x0, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) open$dir(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x4d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000024000000080000000b"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r5, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)=r4}, 0x20) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r6, 0xffffffffffffffff}, &(0x7f0000000300), &(0x7f0000000380)=r7}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000740)={r8, &(0x7f00000006c0)}, 0x20) open$dir(&(0x7f0000000080)='./file0\x00', 0xc402, 0x80) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x13) 33.308313ms ago: executing program 0 (id=1331): rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8, @ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, 0xffffffffffffffff, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4}) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x1, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@version_u}]}}) 0s ago: executing program 3 (id=1332): socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r2, &(0x7f00000001c0)={0x2c, 0x8, r4}, 0x10) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f00000000c0), 0xf00) kernel console output (not intermixed with test programs): sb 1-1: config 0 has no interface number 0 [ 250.122116][ T31] usb 1-1: config 0 interface 12 has no altsetting 0 [ 250.126738][ T31] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 250.126765][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.126785][ T31] usb 1-1: Product: syz [ 250.126800][ T31] usb 1-1: Manufacturer: syz [ 250.126815][ T31] usb 1-1: SerialNumber: syz [ 250.210413][ T31] usb 1-1: config 0 descriptor?? [ 250.453534][ C1] vkms_vblank_simulate: vblank timer overrun [ 250.497387][ T7342] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 250.497695][ T7342] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 250.725409][ T31] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 250.725443][ T31] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 250.725452][ T31] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 250.725504][ T31] f81534 1-1:0.12: probe with driver f81534 failed with error -71 [ 250.769589][ T31] usb 1-1: USB disconnect, device number 12 [ 250.789531][ T5819] Bluetooth: hci4: command tx timeout [ 251.010331][ T7375] 9pnet_fd: Insufficient options for proto=fd [ 251.877965][ C1] vkms_vblank_simulate: vblank timer overrun [ 252.103187][ C1] vkms_vblank_simulate: vblank timer overrun [ 252.149972][ T7343] bridge0: port 1(bridge_slave_0) entered blocking state [ 252.150066][ T7343] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.150227][ T7343] bridge_slave_0: entered allmulticast mode [ 252.166917][ T7343] bridge_slave_0: entered promiscuous mode [ 253.000570][ C1] vkms_vblank_simulate: vblank timer overrun [ 253.065089][ T5819] Bluetooth: hci4: command tx timeout [ 253.101722][ T7343] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.101799][ T7343] bridge0: port 2(bridge_slave_1) entered disabled state [ 253.101933][ T7343] bridge_slave_1: entered allmulticast mode [ 253.132893][ T7343] bridge_slave_1: entered promiscuous mode [ 253.464620][ T5917] IPVS: starting estimator thread 0... [ 253.501991][ C1] vkms_vblank_simulate: vblank timer overrun [ 253.799344][ C1] vkms_vblank_simulate: vblank timer overrun [ 253.846472][ C1] vkms_vblank_simulate: vblank timer overrun [ 253.899242][ C1] vkms_vblank_simulate: vblank timer overrun [ 254.006378][ C1] vkms_vblank_simulate: vblank timer overrun [ 254.286456][ C1] vkms_vblank_simulate: vblank timer overrun [ 254.666688][ T7402] IPVS: using max 8 ests per chain, 19200 per kthread [ 254.758784][ C1] vkms_vblank_simulate: vblank timer overrun [ 254.848590][ C1] vkms_vblank_simulate: vblank timer overrun [ 255.191625][ T5819] Bluetooth: hci4: command tx timeout [ 255.244687][ C1] vkms_vblank_simulate: vblank timer overrun [ 255.677527][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.677600][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.916658][ C1] vkms_vblank_simulate: vblank timer overrun [ 256.949533][ C1] vkms_vblank_simulate: vblank timer overrun [ 256.976014][ C1] vkms_vblank_simulate: vblank timer overrun [ 257.021518][ T7343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 257.080382][ T7343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.109922][ T7007] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 257.257406][ C1] vkms_vblank_simulate: vblank timer overrun [ 257.269491][ T5819] Bluetooth: hci4: command tx timeout [ 257.394892][ C1] vkms_vblank_simulate: vblank timer overrun [ 257.659634][ C1] vkms_vblank_simulate: vblank timer overrun [ 258.075289][ C1] vkms_vblank_simulate: vblank timer overrun [ 258.189341][ T7423] bridge1: entered promiscuous mode [ 258.189367][ T7423] bridge1: entered allmulticast mode [ 258.274878][ C1] vkms_vblank_simulate: vblank timer overrun [ 258.558599][ T7432] Illegal XDP return value 256 on prog (id 55) dev syz_tun, expect packet loss! [ 258.584098][ T7343] team0: Port device team_slave_0 added [ 258.674999][ T7343] team0: Port device team_slave_1 added [ 258.886462][ T7442] 9pnet_fd: Insufficient options for proto=fd [ 259.382915][ C1] vkms_vblank_simulate: vblank timer overrun [ 260.389333][ C1] vkms_vblank_simulate: vblank timer overrun [ 260.743657][ C1] vkms_vblank_simulate: vblank timer overrun [ 260.877436][ C1] vkms_vblank_simulate: vblank timer overrun [ 260.878708][ T5801] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 261.117994][ T5801] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 261.118031][ T5801] usb 1-1: can't read configurations, error -71 [ 262.126527][ T6344] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.224949][ T7343] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 262.224964][ T7343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 262.224989][ T7343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 262.291670][ T7343] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 262.291681][ T7343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 262.291695][ T7343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 262.788605][ T6344] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.675730][ T6344] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 264.778349][ T7343] hsr_slave_0: entered promiscuous mode [ 264.811281][ T7343] hsr_slave_1: entered promiscuous mode [ 264.818555][ T7343] debugfs: 'hsr0' already exists in 'hsr' [ 264.818581][ T7343] Cannot create hsr debugfs directory [ 264.960492][ T7490] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 265.856302][ T7507] netlink: 4 bytes leftover after parsing attributes in process `syz.2.453'. [ 266.054801][ T6344] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 266.090796][ T7511] netlink: 4 bytes leftover after parsing attributes in process `syz.2.453'. [ 266.865475][ T7513] bond1 (unregistering): Released all slaves [ 267.582486][ C1] vkms_vblank_simulate: vblank timer overrun [ 267.750002][ C1] vkms_vblank_simulate: vblank timer overrun [ 267.873360][ C1] vkms_vblank_simulate: vblank timer overrun [ 268.084791][ T7526] vxfs: WRONG superblock magic 00000000 at 1 [ 268.090585][ T7526] vxfs: WRONG superblock magic 00000000 at 8 [ 268.090627][ T7526] vxfs: can't find superblock. [ 268.113106][ C1] vkms_vblank_simulate: vblank timer overrun [ 268.404538][ T7524] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 268.510791][ C1] vkms_vblank_simulate: vblank timer overrun [ 268.731774][ T7007] veth0_vlan: entered promiscuous mode [ 268.949416][ T5801] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 269.019278][ T5964] usb 3-1: new full-speed USB device number 9 using dummy_hcd [ 269.119957][ T5801] usb 4-1: Using ep0 maxpacket: 16 [ 269.136155][ T5801] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 269.136174][ T5801] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 269.163939][ T5801] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 269.163961][ T5801] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.163972][ T5801] usb 4-1: Product: syz [ 269.163980][ T5801] usb 4-1: Manufacturer: syz [ 269.163988][ T5801] usb 4-1: SerialNumber: syz [ 269.206574][ T5801] usb 4-1: config 0 descriptor?? [ 269.211987][ T5964] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 269.212023][ T5964] usb 3-1: can't read configurations, error -71 [ 269.266081][ T5801] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 269.266116][ T5801] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 269.316809][ T6344] bridge_slave_1: left allmulticast mode [ 269.316837][ T6344] bridge_slave_1: left promiscuous mode [ 269.317091][ T6344] bridge0: port 2(bridge_slave_1) entered disabled state [ 269.464987][ T6344] bridge_slave_0: left allmulticast mode [ 269.465015][ T6344] bridge_slave_0: left promiscuous mode [ 269.465275][ T6344] bridge0: port 1(bridge_slave_0) entered disabled state [ 269.556441][ T5817] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 269.567078][ T5817] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 269.569758][ T5817] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 269.571654][ T5817] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 269.572917][ T5817] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 269.831276][ T5801] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 269.832416][ T5801] em28xx 4-1:0.0: Config register raw data: 0x00 [ 271.083317][ C1] vkms_vblank_simulate: vblank timer overrun [ 271.671335][ T5819] Bluetooth: hci1: command tx timeout [ 271.746284][ C1] vkms_vblank_simulate: vblank timer overrun [ 271.971161][ C1] vkms_vblank_simulate: vblank timer overrun [ 272.328976][ C1] vkms_vblank_simulate: vblank timer overrun [ 272.619273][ T5870] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 272.828741][ T10] usb 4-1: USB disconnect, device number 6 [ 272.838074][ T10] em28xx 4-1:0.0: Disconnecting em28xx [ 272.843127][ T10] em28xx 4-1:0.0: Freeing device [ 273.557119][ C1] vkms_vblank_simulate: vblank timer overrun [ 273.657969][ C1] vkms_vblank_simulate: vblank timer overrun [ 273.665849][ T5870] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 273.665908][ T5870] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 273.665932][ T5870] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 273.712308][ T5870] usb 1-1: config 0 descriptor?? [ 273.759305][ T5819] Bluetooth: hci1: command tx timeout [ 274.042434][ C1] vkms_vblank_simulate: vblank timer overrun [ 274.063124][ T5870] pwc: Askey VC010 type 2 USB webcam detected. [ 274.304204][ C1] vkms_vblank_simulate: vblank timer overrun [ 274.347815][ C1] vkms_vblank_simulate: vblank timer overrun [ 274.388946][ C1] vkms_vblank_simulate: vblank timer overrun [ 274.781755][ C1] vkms_vblank_simulate: vblank timer overrun [ 275.745068][ C1] vkms_vblank_simulate: vblank timer overrun [ 275.842880][ T5819] Bluetooth: hci1: command tx timeout [ 275.976889][ T5870] pwc: recv_control_msg error -32 req 02 val 2b00 [ 275.978569][ T5870] pwc: recv_control_msg error -32 req 02 val 2700 [ 275.980414][ T5870] pwc: recv_control_msg error -32 req 02 val 2c00 [ 276.003352][ T5870] pwc: recv_control_msg error -32 req 04 val 1000 [ 276.004033][ T5870] pwc: recv_control_msg error -32 req 04 val 1300 [ 276.004946][ T5870] pwc: recv_control_msg error -32 req 04 val 1400 [ 276.006404][ T5870] pwc: recv_control_msg error -32 req 02 val 2000 [ 276.012721][ T5870] pwc: recv_control_msg error -32 req 02 val 2100 [ 276.173525][ C1] vkms_vblank_simulate: vblank timer overrun [ 276.216394][ T5870] pwc: recv_control_msg error -71 req 02 val 2500 [ 276.216882][ T5870] pwc: recv_control_msg error -71 req 02 val 2400 [ 276.217352][ T5870] pwc: recv_control_msg error -71 req 02 val 2600 [ 276.217839][ T5870] pwc: recv_control_msg error -71 req 02 val 2900 [ 276.218628][ T5870] pwc: recv_control_msg error -71 req 02 val 2800 [ 276.227439][ T5870] pwc: recv_control_msg error -71 req 04 val 1100 [ 276.228949][ T5870] pwc: recv_control_msg error -71 req 04 val 1200 [ 276.253053][ T5870] pwc: Registered as video103. [ 276.267156][ T5870] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input5 [ 276.467479][ T5870] usb 1-1: USB disconnect, device number 15 [ 277.764350][ C1] vkms_vblank_simulate: vblank timer overrun [ 277.967744][ C1] vkms_vblank_simulate: vblank timer overrun [ 278.000793][ T5819] Bluetooth: hci1: command tx timeout [ 278.547529][ C1] vkms_vblank_simulate: vblank timer overrun [ 278.954900][ C1] vkms_vblank_simulate: vblank timer overrun [ 279.289426][ C1] vkms_vblank_simulate: vblank timer overrun [ 279.754783][ C1] vkms_vblank_simulate: vblank timer overrun [ 280.026469][ C1] vkms_vblank_simulate: vblank timer overrun [ 280.111164][ C1] vkms_vblank_simulate: vblank timer overrun [ 280.862726][ C1] vkms_vblank_simulate: vblank timer overrun [ 281.071642][ C1] vkms_vblank_simulate: vblank timer overrun [ 281.238086][ C1] vkms_vblank_simulate: vblank timer overrun [ 281.895186][ C1] vkms_vblank_simulate: vblank timer overrun [ 283.533967][ C1] vkms_vblank_simulate: vblank timer overrun [ 283.773486][ T10] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 283.939368][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 284.059792][ T10] usb 3-1: config 8 has an invalid interface number: 166 but max is 0 [ 284.059870][ T10] usb 3-1: config 8 has no interface number 0 [ 284.060957][ T10] usb 3-1: config 8 interface 166 altsetting 8 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 284.061051][ T10] usb 3-1: config 8 interface 166 has no altsetting 0 [ 284.216870][ T10] usb 3-1: New USB device found, idVendor=0499, idProduct=5001, bcdDevice=d9.85 [ 284.216948][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.217017][ T10] usb 3-1: Product: syz [ 284.217056][ T10] usb 3-1: Manufacturer: syz [ 284.217094][ T10] usb 3-1: SerialNumber: syz [ 284.752376][ C1] vkms_vblank_simulate: vblank timer overrun [ 285.678230][ C1] vkms_vblank_simulate: vblank timer overrun [ 285.720821][ T6344] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 285.725554][ T10] cdc_mbim 3-1:8.166: CDC Union missing and no IAD found [ 285.725605][ T10] cdc_mbim 3-1:8.166: bind() failure [ 285.767740][ T10] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 285.863556][ T10] snd-usb-audio 3-1:8.166: probe with driver snd-usb-audio failed with error -2 [ 285.880744][ T10] usb 3-1: USB disconnect, device number 11 [ 286.001113][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.004228][ T6344] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 286.141471][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.245020][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.368334][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.776678][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.943089][ C1] vkms_vblank_simulate: vblank timer overrun [ 286.970699][ T6068] udevd[6068]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:8.166/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 286.972643][ T6344] bond0 (unregistering): Released all slaves [ 287.835086][ C1] vkms_vblank_simulate: vblank timer overrun [ 287.857056][ C1] vkms_vblank_simulate: vblank timer overrun [ 289.301667][ C1] vkms_vblank_simulate: vblank timer overrun [ 290.674153][ C1] vkms_vblank_simulate: vblank timer overrun [ 291.007874][ C1] vkms_vblank_simulate: vblank timer overrun [ 292.310028][ C1] vkms_vblank_simulate: vblank timer overrun [ 293.169983][ C1] vkms_vblank_simulate: vblank timer overrun [ 294.818066][ C1] vkms_vblank_simulate: vblank timer overrun [ 295.578620][ C1] vkms_vblank_simulate: vblank timer overrun [ 296.024449][ C1] vkms_vblank_simulate: vblank timer overrun [ 296.326911][ T7343] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 296.565765][ C1] vkms_vblank_simulate: vblank timer overrun [ 296.795993][ C1] vkms_vblank_simulate: vblank timer overrun [ 296.961579][ C1] vkms_vblank_simulate: vblank timer overrun [ 297.108388][ C1] vkms_vblank_simulate: vblank timer overrun [ 297.308249][ C1] vkms_vblank_simulate: vblank timer overrun [ 298.764631][ C1] vkms_vblank_simulate: vblank timer overrun [ 299.453289][ T7343] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 299.645451][ T7343] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 299.877087][ T7343] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 300.687539][ T6344] hsr_slave_0: left promiscuous mode [ 300.731233][ T6344] hsr_slave_1: left promiscuous mode [ 300.734353][ T6344] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 300.734377][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 300.814812][ T6344] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 300.814839][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 301.366180][ T6344] veth1_macvtap: left promiscuous mode [ 301.366292][ T6344] veth0_macvtap: left promiscuous mode [ 301.366582][ T6344] veth1_vlan: left promiscuous mode [ 301.366765][ T6344] veth0_vlan: left promiscuous mode [ 303.303492][ T5917] libceph: connect (1)[c::]:6789 error -101 [ 303.303766][ T5917] libceph: mon0 (1)[c::]:6789 connect error [ 303.325774][ T5917] libceph: connect (1)[c::]:6789 error -101 [ 303.325978][ T5917] libceph: mon0 (1)[c::]:6789 connect error [ 303.369520][ T7754] vxfs: WRONG superblock magic 00000000 at 1 [ 303.369883][ T7754] vxfs: WRONG superblock magic 00000000 at 8 [ 303.369900][ T7754] vxfs: can't find superblock. [ 303.579740][ T5972] libceph: connect (1)[c::]:6789 error -101 [ 303.579944][ T5972] libceph: mon0 (1)[c::]:6789 connect error [ 303.893458][ T7751] ceph: No mds server is up or the cluster is laggy [ 304.030443][ C0] vkms_vblank_simulate: vblank timer overrun [ 304.132789][ C0] vkms_vblank_simulate: vblank timer overrun [ 304.787534][ C0] vkms_vblank_simulate: vblank timer overrun [ 305.017823][ C0] vkms_vblank_simulate: vblank timer overrun [ 305.087791][ C0] vkms_vblank_simulate: vblank timer overrun [ 305.390821][ T6344] team0 (unregistering): Port device team_slave_1 removed [ 305.630189][ T6344] team0 (unregistering): Port device team_slave_0 removed [ 308.086818][ T5817] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 308.089508][ T5817] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 308.090607][ T5817] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 308.092085][ T5817] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 308.092854][ T5817] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 308.419742][ T7784] binder: 7778:7784 ioctl c0306201 0 returned -14 [ 309.883433][ T7343] kthread_run failed with err -4 [ 310.149302][ T5819] Bluetooth: hci5: command tx timeout [ 311.213017][ T7798] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 312.229327][ T5819] Bluetooth: hci5: command tx timeout [ 313.995614][ T7533] chnl_net:caif_netlink_parms(): no params data found [ 314.319213][ T5819] Bluetooth: hci5: command tx timeout [ 316.124845][ T7844] bridge4: entered promiscuous mode [ 316.124871][ T7844] bridge4: entered allmulticast mode [ 316.319495][ T7533] bridge0: port 1(bridge_slave_0) entered blocking state [ 316.319634][ T7533] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.319876][ T7533] bridge_slave_0: entered allmulticast mode [ 316.389291][ T5819] Bluetooth: hci5: command tx timeout [ 316.529878][ T7533] bridge_slave_0: entered promiscuous mode [ 316.536373][ T7533] bridge0: port 2(bridge_slave_1) entered blocking state [ 316.536557][ T7533] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.536759][ T7533] bridge_slave_1: entered allmulticast mode [ 316.539931][ T7533] bridge_slave_1: entered promiscuous mode [ 316.764344][ T7839] syz.0.545 (7839): drop_caches: 2 [ 316.871834][ T7781] chnl_net:caif_netlink_parms(): no params data found [ 317.755748][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.757125][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.354164][ T7533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 318.363975][ T7533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 319.738383][ T7533] team0: Port device team_slave_0 added [ 320.061390][ T7533] team0: Port device team_slave_1 added [ 320.086090][ T7889] comedi comedi3: 8255: I/O port conflict (0x40404f26,4) [ 320.086148][ T7889] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 320.087439][ T7889] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 320.087557][ T7889] comedi comedi3: 8255: I/O port conflict (0xc,4) [ 320.087615][ T7889] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 320.087705][ T7889] comedi comedi3: 8255: I/O port conflict (0x5c95238c,4) [ 320.087755][ T7889] comedi comedi3: 8255: I/O port conflict (0xa,4) [ 320.087806][ T7889] comedi comedi3: 8255: I/O port conflict (0x3bf,4) [ 320.087861][ T7889] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 320.087954][ T7889] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 320.088003][ T7889] comedi comedi3: 8255: I/O port conflict (0x20000001,4) [ 320.088103][ T7889] comedi comedi3: 8255: I/O port conflict (0x400e1c8,4) [ 320.088152][ T7889] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 320.088201][ T7889] comedi comedi3: 8255: I/O port conflict (0x7,4) [ 320.088250][ T7889] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 320.088667][ T7889] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 320.088726][ T7889] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 320.088775][ T7889] comedi comedi3: 8255: I/O port conflict (0xb,4) [ 320.088880][ T7889] comedi comedi3: 8255: I/O port conflict (0x10,4) [ 320.088930][ T7889] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 320.088979][ T7889] comedi comedi3: 8255: I/O port conflict (0xef,4) [ 320.357070][ T7896] netlink: 48 bytes leftover after parsing attributes in process `syz.2.559'. [ 325.034879][ T7928] binder: 7922:7928 ioctl c0306201 0 returned -14 [ 326.642289][ T7533] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 326.642306][ T7533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 326.642332][ T7533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 326.776952][ T31] libceph: connect (1)[c::]:6789 error -101 [ 326.777073][ T31] libceph: mon0 (1)[c::]:6789 connect error [ 326.834435][ T7947] vxfs: WRONG superblock magic 00000000 at 1 [ 326.835588][ T7947] vxfs: WRONG superblock magic 00000000 at 8 [ 326.835607][ T7947] vxfs: can't find superblock. [ 327.029811][ T31] libceph: connect (1)[c::]:6789 error -101 [ 327.030013][ T31] libceph: mon0 (1)[c::]:6789 connect error [ 327.143752][ T7781] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.143855][ T7781] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.144189][ T7781] bridge_slave_0: entered allmulticast mode [ 327.169323][ T7781] bridge_slave_0: entered promiscuous mode [ 327.173947][ T7533] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 327.173961][ T7533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 327.173985][ T7533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 327.176380][ T7781] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.176506][ T7781] bridge0: port 2(bridge_slave_1) entered disabled state [ 327.176684][ T7781] bridge_slave_1: entered allmulticast mode [ 327.185642][ T7781] bridge_slave_1: entered promiscuous mode [ 327.298070][ T7944] ceph: No mds server is up or the cluster is laggy [ 328.673931][ T7781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 328.834822][ T7955] 9pnet_fd: Insufficient options for proto=fd [ 328.901443][ T7781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 330.189054][ T5817] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 330.211938][ T5817] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 330.213266][ T5817] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 330.217121][ T5817] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 330.217990][ T5817] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 330.248901][ T7964] bridge5: entered promiscuous mode [ 330.248926][ T7964] bridge5: entered allmulticast mode [ 332.309378][ T5817] Bluetooth: hci4: command tx timeout [ 332.432864][ T7988] netlink: 4 bytes leftover after parsing attributes in process `syz.3.578'. [ 333.556510][ T7781] team0: Port device team_slave_0 added [ 333.786865][ T7781] team0: Port device team_slave_1 added [ 334.389586][ T5817] Bluetooth: hci4: command tx timeout [ 334.631410][ T7781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 334.631427][ T7781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 334.631451][ T7781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 334.696548][ T7781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 334.696564][ T7781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 334.696587][ T7781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 335.737817][ C0] vkms_vblank_simulate: vblank timer overrun [ 335.834062][ C0] vkms_vblank_simulate: vblank timer overrun [ 336.132919][ T8027] netlink: 8 bytes leftover after parsing attributes in process `syz.2.589'. [ 336.470099][ T5817] Bluetooth: hci4: command tx timeout [ 337.043658][ T8035] netlink: 4 bytes leftover after parsing attributes in process `syz.3.591'. [ 337.219925][ T8039] netlink: 4 bytes leftover after parsing attributes in process `syz.3.591'. [ 338.559625][ T5817] Bluetooth: hci4: command tx timeout [ 338.975864][ T5817] Bluetooth: hci3: unexpected event for opcode 0x0809 [ 338.978332][ T5817] Bluetooth: hci3: unexpected event for opcode 0x0419 [ 339.032881][ T7781] hsr_slave_0: entered promiscuous mode [ 339.034452][ T7781] hsr_slave_1: entered promiscuous mode [ 339.035497][ T7781] debugfs: 'hsr0' already exists in 'hsr' [ 339.037355][ T7781] Cannot create hsr debugfs directory [ 339.354832][ C0] vkms_vblank_simulate: vblank timer overrun [ 340.531781][ C0] vkms_vblank_simulate: vblank timer overrun [ 341.777196][ C0] vkms_vblank_simulate: vblank timer overrun [ 342.440121][ C0] vkms_vblank_simulate: vblank timer overrun [ 342.829843][ C0] vkms_vblank_simulate: vblank timer overrun [ 342.861260][ C0] vkms_vblank_simulate: vblank timer overrun [ 343.009198][ C0] vkms_vblank_simulate: vblank timer overrun [ 343.041009][ T5817] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 343.045705][ T5817] Bluetooth: hci3: Injecting HCI hardware error event [ 343.080648][ C0] vkms_vblank_simulate: vblank timer overrun [ 343.084403][ T5817] Bluetooth: hci3: hardware error 0x00 [ 343.160997][ C0] vkms_vblank_simulate: vblank timer overrun [ 343.229474][ C0] vkms_vblank_simulate: vblank timer overrun [ 343.761049][ C0] vkms_vblank_simulate: vblank timer overrun [ 343.888508][ C0] vkms_vblank_simulate: vblank timer overrun [ 344.475869][ C0] vkms_vblank_simulate: vblank timer overrun [ 344.506727][ T8091] tipc: Started in network mode [ 344.506757][ T8091] tipc: Node identity e6fe6fbd8b4f, cluster identity 4711 [ 344.511339][ T8091] tipc: Enabled bearer , priority 0 [ 344.839881][ T10] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 344.889905][ T31] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 344.990933][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 345.057711][ T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 345.057831][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 345.124148][ T10] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 345.125127][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.125811][ T10] usb 4-1: Product: syz [ 345.127081][ T10] usb 4-1: Manufacturer: syz [ 345.127098][ T10] usb 4-1: SerialNumber: syz [ 345.296184][ T10] usb 4-1: config 0 descriptor?? [ 345.349241][ T5817] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 345.472812][ T10] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 345.472854][ T10] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 345.724433][ T31] usb 3-1: Using ep0 maxpacket: 32 [ 346.056325][ T31] usb 3-1: config 0 has an invalid interface number: 230 but max is 0 [ 346.056351][ T31] usb 3-1: config 0 has no interface number 0 [ 346.056384][ T31] usb 3-1: config 0 interface 230 has no altsetting 0 [ 346.160069][ T31] usb 3-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 346.160153][ T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 346.160174][ T31] usb 3-1: Product: syz [ 346.160200][ T31] usb 3-1: Manufacturer: syz [ 346.160214][ T31] usb 3-1: SerialNumber: syz [ 346.207956][ T31] usb 3-1: config 0 descriptor?? [ 346.219700][ T5972] tipc: Node number set to 1840345021 [ 346.247814][ T31] ums-usbat 3-1:0.230: USB Mass Storage device detected [ 346.282675][ T31] ums-usbat 3-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 346.468764][ T8089] tipc: Resetting bearer [ 346.505164][ T31] usb 3-1: USB disconnect, device number 12 [ 346.581625][ T10] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 346.582467][ T10] em28xx 4-1:0.0: Config register raw data: 0x00 [ 346.946457][ T8087] tipc: Disabling bearer [ 347.371815][ T8116] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 348.008091][ T31] usb 4-1: USB disconnect, device number 7 [ 348.013143][ T31] em28xx 4-1:0.0: Disconnecting em28xx [ 348.076617][ T31] em28xx 4-1:0.0: Freeing device [ 349.112358][ T7967] chnl_net:caif_netlink_parms(): no params data found [ 349.520955][ T8125] binder: 8124:8125 ioctl c0306201 0 returned -14 [ 351.740963][ T8166] vxfs: WRONG superblock magic 00000000 at 1 [ 351.741239][ T8166] vxfs: WRONG superblock magic 00000000 at 8 [ 351.741255][ T8166] vxfs: can't find superblock. [ 351.752171][ T31] libceph: connect (1)[c::]:6789 error -101 [ 351.752368][ T31] libceph: mon0 (1)[c::]:6789 connect error [ 351.897136][ T8161] ceph: No mds server is up or the cluster is laggy [ 352.049445][ T5812] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 352.199319][ T5812] usb 4-1: Using ep0 maxpacket: 16 [ 352.201597][ T5812] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 352.201627][ T5812] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 352.205421][ T5812] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 352.205447][ T5812] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.205467][ T5812] usb 4-1: Product: syz [ 352.205481][ T5812] usb 4-1: Manufacturer: syz [ 352.205495][ T5812] usb 4-1: SerialNumber: syz [ 352.463450][ C1] vkms_vblank_simulate: vblank timer overrun [ 353.177924][ C1] vkms_vblank_simulate: vblank timer overrun [ 353.204989][ T5812] usb 4-1: config 0 descriptor?? [ 353.211024][ T5812] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 353.211054][ T5812] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 353.264850][ T6344] bridge_slave_1: left allmulticast mode [ 353.264879][ T6344] bridge_slave_1: left promiscuous mode [ 353.265239][ T6344] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.343168][ T6344] bridge_slave_0: left allmulticast mode [ 353.343202][ T6344] bridge_slave_0: left promiscuous mode [ 353.345124][ T6344] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.445698][ T6344] bridge_slave_1: left allmulticast mode [ 353.445725][ T6344] bridge_slave_1: left promiscuous mode [ 353.448246][ T6344] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.608201][ T8187] 9pnet_fd: Insufficient options for proto=fd [ 353.638879][ T6344] bridge_slave_0: left allmulticast mode [ 353.638906][ T6344] bridge_slave_0: left promiscuous mode [ 353.642908][ T6344] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.827858][ T5812] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 353.828586][ T5812] em28xx 4-1:0.0: Config register raw data: 0x00 [ 354.945489][ T6344] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 355.010289][ T6344] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 355.075719][ T5917] usb 4-1: USB disconnect, device number 8 [ 355.084396][ T5917] em28xx 4-1:0.0: Disconnecting em28xx [ 355.086750][ T5917] em28xx 4-1:0.0: Freeing device [ 355.117581][ T6344] bond0 (unregistering): Released all slaves [ 356.434821][ T8216] 9pnet_fd: Insufficient options for proto=fd [ 356.470794][ C1] vkms_vblank_simulate: vblank timer overrun [ 357.225766][ C1] vkms_vblank_simulate: vblank timer overrun [ 357.572958][ C1] vkms_vblank_simulate: vblank timer overrun [ 357.865273][ T8223] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 357.956543][ C1] vkms_vblank_simulate: vblank timer overrun [ 358.120600][ C1] vkms_vblank_simulate: vblank timer overrun [ 358.360429][ C1] vkms_vblank_simulate: vblank timer overrun [ 359.285496][ C1] vkms_vblank_simulate: vblank timer overrun [ 359.743542][ C1] vkms_vblank_simulate: vblank timer overrun [ 360.241141][ C1] vkms_vblank_simulate: vblank timer overrun [ 360.346401][ C1] vkms_vblank_simulate: vblank timer overrun [ 360.739327][ T31] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 360.909404][ T31] usb 1-1: Using ep0 maxpacket: 8 [ 360.911116][ T31] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 360.911132][ T31] usb 1-1: config 0 has no interface number 0 [ 360.911170][ T31] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 360.911183][ T31] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 360.911196][ T31] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 360.911209][ T31] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 360.911233][ T31] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 360.911245][ T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.916206][ T31] usb 1-1: config 0 descriptor?? [ 361.041157][ T31] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 362.120030][ T6344] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 362.220092][ T6344] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 362.272855][ T6344] bond0 (unregistering): Released all slaves [ 362.567831][ T7967] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.568001][ T7967] bridge0: port 1(bridge_slave_0) entered disabled state [ 362.568238][ T7967] bridge_slave_0: entered allmulticast mode [ 362.593640][ T7967] bridge_slave_0: entered promiscuous mode [ 362.774594][ T7967] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.774725][ T7967] bridge0: port 2(bridge_slave_1) entered disabled state [ 362.774965][ T7967] bridge_slave_1: entered allmulticast mode [ 362.841037][ T7967] bridge_slave_1: entered promiscuous mode [ 363.968067][ T5812] usb 1-1: USB disconnect, device number 16 [ 363.984201][ T5812] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 364.707949][ T8277] 9pnet_fd: Insufficient options for proto=fd [ 364.870756][ T6344] hsr_slave_0: left promiscuous mode [ 364.911000][ T6344] hsr_slave_1: left promiscuous mode [ 364.912441][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 364.988278][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 365.351400][ T6344] hsr_slave_0: left promiscuous mode [ 365.385368][ T6344] hsr_slave_1: left promiscuous mode [ 365.386284][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 365.447040][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 365.556379][ T6344] veth0_vlan: left promiscuous mode [ 367.232033][ T8312] random: crng reseeded on system resumption [ 368.328767][ T6344] team0 (unregistering): Port device team_slave_1 removed [ 368.566633][ T8326] netlink: 4 bytes leftover after parsing attributes in process `syz.0.670'. [ 368.580624][ T6344] team0 (unregistering): Port device team_slave_0 removed [ 368.690400][ T5819] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 368.720403][ T5819] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 368.731615][ T5819] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 368.736705][ T5819] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 368.749396][ T5819] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 369.913264][ T5972] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 370.091090][ T5972] usb 4-1: Using ep0 maxpacket: 32 [ 370.094324][ T5972] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 370.094349][ T5972] usb 4-1: config 0 has no interface number 0 [ 370.094398][ T5972] usb 4-1: config 0 interface 12 has no altsetting 0 [ 370.096747][ T5972] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 370.096780][ T5972] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.096800][ T5972] usb 4-1: Product: syz [ 370.096810][ T5972] usb 4-1: Manufacturer: syz [ 370.096818][ T5972] usb 4-1: SerialNumber: syz [ 370.159327][ T5972] usb 4-1: config 0 descriptor?? [ 370.701441][ T5972] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 370.701496][ T5972] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 370.701513][ T5972] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 370.701603][ T5972] f81534 4-1:0.12: probe with driver f81534 failed with error -71 [ 370.744978][ T5972] usb 4-1: USB disconnect, device number 9 [ 370.789526][ T5819] Bluetooth: hci1: command tx timeout [ 370.810132][ T6344] team0 (unregistering): Port device team_slave_1 removed [ 371.038439][ T6344] team0 (unregistering): Port device team_slave_0 removed [ 372.874934][ T5819] Bluetooth: hci1: command tx timeout [ 373.684763][ T7967] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 374.705883][ T7967] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 374.949282][ T5819] Bluetooth: hci1: command tx timeout [ 375.097481][ T8360] netlink: 8 bytes leftover after parsing attributes in process `syz.0.680'. [ 375.803241][ T7967] team0: Port device team_slave_0 added [ 375.925905][ T7967] team0: Port device team_slave_1 added [ 377.084150][ T5819] Bluetooth: hci1: command tx timeout [ 377.557011][ T7967] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 377.557027][ T7967] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 377.557052][ T7967] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 377.630574][ T8393] netlink: 4 bytes leftover after parsing attributes in process `syz.2.689'. [ 377.646469][ T7967] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 377.646484][ T7967] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 377.646509][ T7967] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 377.802824][ T8393] netlink: 4 bytes leftover after parsing attributes in process `syz.2.689'. [ 377.960248][ T8397] binder: BINDER_SET_CONTEXT_MGR already set [ 377.960264][ T8397] binder: 8387:8397 ioctl 4018620d 200000000040 returned -16 [ 379.270294][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.270365][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.999999][ T7967] hsr_slave_0: entered promiscuous mode [ 380.001423][ T7967] hsr_slave_1: entered promiscuous mode [ 380.002358][ T7967] debugfs: 'hsr0' already exists in 'hsr' [ 380.002381][ T7967] Cannot create hsr debugfs directory [ 380.729853][ T8427] warning: `syz.2.696' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 383.999241][ T5964] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 384.283165][ T5964] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 384.283195][ T5964] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.283215][ T5964] usb 4-1: Product: syz [ 384.283229][ T5964] usb 4-1: Manufacturer: syz [ 384.283243][ T5964] usb 4-1: SerialNumber: syz [ 384.925777][ T8457] 9pnet: Could not find request transport:  [ 385.659413][ T8327] chnl_net:caif_netlink_parms(): no params data found [ 385.684774][ T5964] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 385.684949][ T5964] cdc_ncm 4-1:1.0: bind() failure [ 385.722630][ T5964] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 385.722675][ T5964] cdc_ncm 4-1:1.1: bind() failure [ 385.750417][ T5964] usb 4-1: USB disconnect, device number 10 [ 386.252999][ T8480] vxfs: WRONG superblock magic 00000000 at 1 [ 386.259499][ T8480] vxfs: WRONG superblock magic 00000000 at 8 [ 386.259542][ T8480] vxfs: can't find superblock. [ 386.710813][ T8479] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 389.556975][ T8505] netlink: 8 bytes leftover after parsing attributes in process `syz.0.713'. [ 389.978112][ T5817] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 389.996197][ T5817] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 389.999071][ T5817] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 390.021735][ T5817] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 390.036687][ T5817] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 391.329030][ T8327] bridge0: port 1(bridge_slave_0) entered blocking state [ 391.340266][ T8327] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.340503][ T8327] bridge_slave_0: entered allmulticast mode [ 391.364060][ T8327] bridge_slave_0: entered promiscuous mode [ 391.439177][ T8327] bridge0: port 2(bridge_slave_1) entered blocking state [ 391.439346][ T8327] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.439559][ T8327] bridge_slave_1: entered allmulticast mode [ 391.441922][ T8327] bridge_slave_1: entered promiscuous mode [ 392.069460][ T5817] Bluetooth: hci5: command tx timeout [ 393.132776][ T8545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.723'. [ 393.370373][ T8551] netlink: 12 bytes leftover after parsing attributes in process `syz.3.724'. [ 393.370512][ T8327] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 393.695639][ T8327] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 393.911582][ T8554] bond1: (slave ip6gretap2): Enslaving as an active interface with an up link [ 393.969939][ T8555] bond1 (unregistering): (slave ip6gretap2): Releasing backup interface [ 394.035192][ T8555] bond1 (unregistering): Released all slaves [ 394.149364][ T5817] Bluetooth: hci5: command tx timeout [ 396.273745][ T5817] Bluetooth: hci5: command tx timeout [ 397.053460][ T8327] team0: Port device team_slave_0 added [ 397.169596][ T8327] team0: Port device team_slave_1 added [ 397.702915][ T8327] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 397.702931][ T8327] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 397.702956][ T8327] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 397.780270][ T8327] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 397.780286][ T8327] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 397.780310][ T8327] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 397.781181][ T8576] 9pnet_fd: Insufficient options for proto=fd [ 397.783706][ T6344] bridge_slave_1: left allmulticast mode [ 397.783728][ T6344] bridge_slave_1: left promiscuous mode [ 397.783978][ T6344] bridge0: port 2(bridge_slave_1) entered disabled state [ 397.930905][ T6344] bridge_slave_0: left allmulticast mode [ 397.930934][ T6344] bridge_slave_0: left promiscuous mode [ 397.931190][ T6344] bridge0: port 1(bridge_slave_0) entered disabled state [ 398.926762][ T5817] Bluetooth: hci5: command tx timeout [ 398.975447][ T6344] bridge_slave_1: left allmulticast mode [ 398.975476][ T6344] bridge_slave_1: left promiscuous mode [ 398.975674][ T6344] bridge0: port 2(bridge_slave_1) entered disabled state [ 399.104438][ T5972] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 399.405616][ T6344] bridge_slave_0: left allmulticast mode [ 399.405905][ T6344] bridge_slave_0: left promiscuous mode [ 399.407052][ T6344] bridge0: port 1(bridge_slave_0) entered disabled state [ 399.460426][ T5972] usb 4-1: config 0 has an invalid interface number: 199 but max is 1 [ 399.460578][ T5972] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 399.460653][ T5972] usb 4-1: config 0 has no interface number 1 [ 399.461421][ T5972] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 399.461461][ T5972] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 399.477637][ T5972] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 399.477776][ T5972] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 399.477798][ T5972] usb 4-1: SerialNumber: syz [ 399.747971][ T5972] usb 4-1: config 0 descriptor?? [ 399.991322][ T5972] uvcvideo 4-1:0.199: Found UVC 0.00 device (0002:0000) [ 399.991365][ T5972] uvcvideo 4-1:0.199: No valid video chain found. [ 400.035269][ T5972] usb 4-1: USB disconnect, device number 11 [ 400.759755][ T6344] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 400.879793][ T6344] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 400.979443][ T6344] bond0 (unregistering): Released all slaves [ 402.734041][ T6344] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 402.870127][ T6344] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 402.989563][ T6344] bond0 (unregistering): Released all slaves [ 403.214218][ T8585] netlink: 28 bytes leftover after parsing attributes in process `syz.2.734'. [ 404.262336][ T8327] hsr_slave_0: entered promiscuous mode [ 404.266120][ T8327] hsr_slave_1: entered promiscuous mode [ 404.266693][ T8327] debugfs: 'hsr0' already exists in 'hsr' [ 404.266708][ T8327] Cannot create hsr debugfs directory [ 404.539313][ T6344] hsr_slave_0: left promiscuous mode [ 404.617198][ T6344] hsr_slave_1: left promiscuous mode [ 404.618180][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 404.650458][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 404.701397][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 404.732045][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 406.708012][ T8643] netlink: 4 bytes leftover after parsing attributes in process `syz.3.745'. [ 406.860926][ T5917] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 406.898402][ T8639] netlink: 4 bytes leftover after parsing attributes in process `syz.3.745'. [ 407.621036][ T5917] usb 1-1: config 0 has an invalid interface number: 199 but max is 1 [ 407.621065][ T5917] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 407.621082][ T5917] usb 1-1: config 0 has no interface number 1 [ 407.621138][ T5917] usb 1-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 407.621173][ T5917] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 407.622627][ T5917] usb 1-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 407.622656][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 407.622671][ T5917] usb 1-1: SerialNumber: syz [ 407.693205][ T5917] usb 1-1: config 0 descriptor?? [ 407.742294][ T5917] uvcvideo 1-1:0.199: Found UVC 0.00 device (0002:0000) [ 407.742313][ T5917] uvcvideo 1-1:0.199: No valid video chain found. [ 407.885572][ T8650] syz.2.747 (8650): drop_caches: 2 [ 407.957375][ T31] usb 1-1: USB disconnect, device number 17 [ 408.890044][ T6344] team0 (unregistering): Port device team_slave_1 removed [ 409.040111][ T6344] team0 (unregistering): Port device team_slave_0 removed [ 409.724485][ T8667] random: crng reseeded on system resumption [ 410.760025][ T6344] team0 (unregistering): Port device team_slave_1 removed [ 410.969965][ T6344] team0 (unregistering): Port device team_slave_0 removed [ 413.659200][ T37] audit: type=1804 audit(1767282168.142:3): pid=8686 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.756" name="/newroot/219/file0" dev="tmpfs" ino=1179 res=1 errno=0 [ 416.599495][ T5917] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 416.781489][ T5917] usb 3-1: config 0 has an invalid interface number: 199 but max is 1 [ 416.781516][ T5917] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 416.781535][ T5917] usb 3-1: config 0 has no interface number 1 [ 416.781594][ T5917] usb 3-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 416.781634][ T5917] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 416.783924][ T5917] usb 3-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 416.783952][ T5917] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 416.783972][ T5917] usb 3-1: SerialNumber: syz [ 416.873770][ T5917] usb 3-1: config 0 descriptor?? [ 416.939233][ T5917] uvcvideo 3-1:0.199: Found UVC 0.00 device (0002:0000) [ 416.939266][ T5917] uvcvideo 3-1:0.199: No valid video chain found. [ 417.096476][ T5917] usb 3-1: USB disconnect, device number 13 [ 417.346443][ T8515] chnl_net:caif_netlink_parms(): no params data found [ 420.836818][ T8515] bridge0: port 1(bridge_slave_0) entered blocking state [ 420.836942][ T8515] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.837167][ T8515] bridge_slave_0: entered allmulticast mode [ 420.871175][ T8515] bridge_slave_0: entered promiscuous mode [ 420.877935][ T8515] bridge0: port 2(bridge_slave_1) entered blocking state [ 420.878064][ T8515] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.878255][ T8515] bridge_slave_1: entered allmulticast mode [ 420.907733][ T8515] bridge_slave_1: entered promiscuous mode [ 421.375537][ T8515] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 421.825379][ T8515] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 422.003016][ C1] vkms_vblank_simulate: vblank timer overrun [ 422.740551][ C1] vkms_vblank_simulate: vblank timer overrun [ 422.854049][ T8771] netlink: 8 bytes leftover after parsing attributes in process `syz.3.772'. [ 423.219300][ T5801] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 423.288420][ T8515] team0: Port device team_slave_0 added [ 423.303039][ T8515] team0: Port device team_slave_1 added [ 423.373394][ T5801] usb 3-1: config 0 has an invalid interface number: 199 but max is 1 [ 423.373421][ T5801] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 423.373439][ T5801] usb 3-1: config 0 has no interface number 1 [ 423.373497][ T5801] usb 3-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 423.373535][ T5801] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 423.375023][ T5801] usb 3-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 423.375049][ T5801] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 423.375074][ T5801] usb 3-1: SerialNumber: syz [ 423.399366][ T8785] netlink: 4 bytes leftover after parsing attributes in process `syz.3.778'. [ 423.466141][ T5801] usb 3-1: config 0 descriptor?? [ 423.484951][ T5801] uvcvideo 3-1:0.199: Found UVC 0.00 device (0002:0000) [ 423.484981][ T5801] uvcvideo 3-1:0.199: No valid video chain found. [ 423.716084][ T5801] usb 3-1: USB disconnect, device number 14 [ 423.895330][ C1] vkms_vblank_simulate: vblank timer overrun [ 424.753302][ C1] vkms_vblank_simulate: vblank timer overrun [ 424.827605][ C1] vkms_vblank_simulate: vblank timer overrun [ 424.931453][ T8515] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 424.931465][ T8515] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 424.931480][ T8515] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 425.016023][ T8515] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 425.016034][ T8515] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 425.016089][ T8515] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 425.017046][ T6344] bridge_slave_1: left allmulticast mode [ 425.017061][ T6344] bridge_slave_1: left promiscuous mode [ 425.017226][ T6344] bridge0: port 2(bridge_slave_1) entered disabled state [ 425.126656][ T6344] bridge_slave_0: left allmulticast mode [ 425.126683][ T6344] bridge_slave_0: left promiscuous mode [ 425.126951][ T6344] bridge0: port 1(bridge_slave_0) entered disabled state [ 425.621283][ T8799] binder: BINDER_SET_CONTEXT_MGR already set [ 425.621299][ T8799] binder: 8796:8799 ioctl 4018620d 200000000040 returned -16 [ 425.819831][ T6344] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 425.961418][ T6344] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 426.021434][ T6344] bond0 (unregistering): Released all slaves [ 426.604465][ C1] vkms_vblank_simulate: vblank timer overrun [ 426.872037][ C1] vkms_vblank_simulate: vblank timer overrun [ 427.050016][ C1] vkms_vblank_simulate: vblank timer overrun [ 427.364066][ C1] vkms_vblank_simulate: vblank timer overrun [ 427.577614][ T8515] hsr_slave_0: entered promiscuous mode [ 427.578956][ T8515] hsr_slave_1: entered promiscuous mode [ 427.590127][ T8515] debugfs: 'hsr0' already exists in 'hsr' [ 427.590153][ T8515] Cannot create hsr debugfs directory [ 427.689869][ C1] vkms_vblank_simulate: vblank timer overrun [ 427.916820][ T6344] hsr_slave_0: left promiscuous mode [ 427.988806][ T6344] hsr_slave_1: left promiscuous mode [ 427.995294][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 428.020433][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 428.215869][ C1] vkms_vblank_simulate: vblank timer overrun [ 429.132605][ C1] vkms_vblank_simulate: vblank timer overrun [ 429.214305][ C1] vkms_vblank_simulate: vblank timer overrun [ 429.978095][ T5819] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 430.000508][ T5819] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 430.018214][ T5819] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 430.168457][ T5819] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 430.181900][ T5819] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 430.990069][ T6344] team0 (unregistering): Port device team_slave_1 removed [ 431.225810][ T6344] team0 (unregistering): Port device team_slave_0 removed [ 431.955086][ T8851] binder: BINDER_SET_CONTEXT_MGR already set [ 431.955102][ T8851] binder: 8848:8851 ioctl 4018620d 200000000040 returned -16 [ 432.337969][ C1] vkms_vblank_simulate: vblank timer overrun [ 432.338547][ T5817] Bluetooth: hci4: command tx timeout [ 433.273560][ C1] vkms_vblank_simulate: vblank timer overrun [ 434.393415][ T5817] Bluetooth: hci4: command tx timeout [ 436.221236][ T8515] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 436.389453][ T8515] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 436.456676][ T8515] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 436.469277][ T5817] Bluetooth: hci4: command tx timeout [ 437.369206][ T8515] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 438.228584][ T8832] chnl_net:caif_netlink_parms(): no params data found [ 438.549261][ T5817] Bluetooth: hci4: command tx timeout [ 439.472665][ T8927] vxfs: WRONG superblock magic 00000000 at 1 [ 439.479590][ T8927] vxfs: WRONG superblock magic 00000000 at 8 [ 439.479635][ T8927] vxfs: can't find superblock. [ 439.967231][ C0] vkms_vblank_simulate: vblank timer overrun [ 439.995029][ T1321] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.995099][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.027706][ T8926] ceph: No mds server is up or the cluster is laggy [ 440.046190][ T5889] libceph: connect (1)[c::]:6789 error -101 [ 440.046396][ T5889] libceph: mon0 (1)[c::]:6789 connect error [ 440.623307][ T8832] bridge0: port 1(bridge_slave_0) entered blocking state [ 440.623511][ T8832] bridge0: port 1(bridge_slave_0) entered disabled state [ 440.623737][ T8832] bridge_slave_0: entered allmulticast mode [ 440.679463][ T8832] bridge_slave_0: entered promiscuous mode [ 440.869050][ T8832] bridge0: port 2(bridge_slave_1) entered blocking state [ 440.869445][ T8832] bridge0: port 2(bridge_slave_1) entered disabled state [ 440.869652][ T8832] bridge_slave_1: entered allmulticast mode [ 440.983359][ T8832] bridge_slave_1: entered promiscuous mode [ 441.873932][ T8832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 441.892995][ T6344] bridge_slave_1: left allmulticast mode [ 441.893023][ T6344] bridge_slave_1: left promiscuous mode [ 441.893544][ T6344] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.012737][ T6344] bridge_slave_0: left allmulticast mode [ 442.012764][ T6344] bridge_slave_0: left promiscuous mode [ 442.013011][ T6344] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.876364][ C0] vkms_vblank_simulate: vblank timer overrun [ 443.738421][ C0] vkms_vblank_simulate: vblank timer overrun [ 443.840353][ T6344] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 443.899762][ T6344] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 443.941014][ T6344] bond0 (unregistering): Released all slaves [ 444.004394][ T8832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 444.438964][ T8832] team0: Port device team_slave_0 added [ 444.453982][ T8832] team0: Port device team_slave_1 added [ 444.591292][ T6344] hsr_slave_0: left promiscuous mode [ 444.635374][ T6344] hsr_slave_1: left promiscuous mode [ 444.636357][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 444.677044][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 445.102440][ C0] vkms_vblank_simulate: vblank timer overrun [ 445.922158][ T6344] team0 (unregistering): Port device team_slave_1 removed [ 446.410675][ T6344] team0 (unregistering): Port device team_slave_0 removed [ 447.272242][ C0] vkms_vblank_simulate: vblank timer overrun [ 448.847228][ C0] vkms_vblank_simulate: vblank timer overrun [ 450.131669][ T8832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 450.131685][ T8832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 450.131711][ T8832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 450.348941][ T8832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 450.348957][ T8832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 450.348983][ T8832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 452.537372][ T5819] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 452.547665][ T5819] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 452.555956][ T5819] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 452.557435][ T5819] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 452.558254][ T5819] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 452.922532][ T8832] hsr_slave_0: entered promiscuous mode [ 452.923951][ T8832] hsr_slave_1: entered promiscuous mode [ 452.925935][ T8832] debugfs: 'hsr0' already exists in 'hsr' [ 452.926062][ T8832] Cannot create hsr debugfs directory [ 454.570328][ T9057] ubi31: attaching mtd0 [ 454.577829][ T9057] ubi31: scanning is finished [ 454.577852][ T9057] ubi31: empty MTD device detected [ 454.709231][ T5819] Bluetooth: hci1: command tx timeout [ 456.303620][ T9057] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 456.303648][ T9057] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 456.303666][ T9057] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 456.303683][ T9057] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 456.303710][ T9057] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 456.303726][ T9057] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 456.303744][ T9057] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 718281505 [ 456.303765][ T9057] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 456.305896][ T9070] ubi31: background thread "ubi_bgt31d" started, PID 9070 [ 456.789289][ T5819] Bluetooth: hci1: command tx timeout [ 457.133588][ T9083] binder: BINDER_SET_CONTEXT_MGR already set [ 457.133650][ T9083] binder: 9074:9083 ioctl 4018620d 200000000040 returned -16 [ 458.349888][ T9092] bridge6: entered promiscuous mode [ 458.349905][ T9092] bridge6: entered allmulticast mode [ 458.869193][ T5819] Bluetooth: hci1: command tx timeout [ 459.140811][ T9106] netlink: 8 bytes leftover after parsing attributes in process `syz.0.852'. [ 459.950210][ T9112] netlink: 4 bytes leftover after parsing attributes in process `syz.0.853'. [ 460.524861][ C1] vkms_vblank_simulate: vblank timer overrun [ 460.950802][ T5819] Bluetooth: hci1: command tx timeout [ 461.608085][ C1] vkms_vblank_simulate: vblank timer overrun [ 461.892253][ C1] vkms_vblank_simulate: vblank timer overrun [ 462.218135][ C1] vkms_vblank_simulate: vblank timer overrun [ 462.257744][ T9023] chnl_net:caif_netlink_parms(): no params data found [ 462.378117][ T6344] bridge_slave_1: left allmulticast mode [ 462.378146][ T6344] bridge_slave_1: left promiscuous mode [ 462.378379][ T6344] bridge0: port 2(bridge_slave_1) entered disabled state [ 462.465756][ T6344] bridge_slave_0: left allmulticast mode [ 462.465781][ T6344] bridge_slave_0: left promiscuous mode [ 462.466283][ T6344] bridge0: port 1(bridge_slave_0) entered disabled state [ 462.995619][ C1] vkms_vblank_simulate: vblank timer overrun [ 463.022256][ T9160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.865'. [ 464.251840][ C1] vkms_vblank_simulate: vblank timer overrun [ 465.071201][ T6344] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 465.962514][ T6344] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 466.040938][ T6344] bond0 (unregistering): Released all slaves [ 466.400871][ C1] vkms_vblank_simulate: vblank timer overrun [ 466.401506][ T5972] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 466.562121][ T5972] usb 3-1: config 0 has an invalid interface number: 199 but max is 1 [ 466.562148][ T5972] usb 3-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config [ 466.562167][ T5972] usb 3-1: config 0 has no interface number 1 [ 466.562221][ T5972] usb 3-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 466.562250][ T5972] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 466.563550][ T5972] usb 3-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 466.563566][ T5972] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 466.563576][ T5972] usb 3-1: SerialNumber: syz [ 466.567429][ T5972] usb 3-1: config 0 descriptor?? [ 466.621128][ T5972] uvcvideo 3-1:0.199: Found UVC 0.00 device (0002:0000) [ 466.621160][ T5972] uvcvideo 3-1:0.199: No valid video chain found. [ 466.819299][ T6344] hsr_slave_0: left promiscuous mode [ 466.845934][ T9187] netlink: 8 bytes leftover after parsing attributes in process `syz.2.872'. [ 466.859763][ T6344] hsr_slave_1: left promiscuous mode [ 466.860425][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 466.899999][ T6344] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 468.381097][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.414761][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.665077][ C1] vkms_vblank_simulate: vblank timer overrun [ 468.863663][ T6344] team0 (unregistering): Port device team_slave_1 removed [ 468.979829][ T6344] team0 (unregistering): Port device team_slave_0 removed [ 469.441888][ C1] vkms_vblank_simulate: vblank timer overrun [ 469.804989][ T5972] usb 3-1: USB disconnect, device number 15 [ 470.989044][ C0] vkms_vblank_simulate: vblank timer overrun [ 471.130851][ T9023] bridge0: port 1(bridge_slave_0) entered blocking state [ 471.131051][ T9023] bridge0: port 1(bridge_slave_0) entered disabled state [ 471.131319][ T9023] bridge_slave_0: entered allmulticast mode [ 471.134355][ T9023] bridge_slave_0: entered promiscuous mode [ 471.182887][ C0] vkms_vblank_simulate: vblank timer overrun [ 471.250868][ T9023] bridge0: port 2(bridge_slave_1) entered blocking state [ 471.251002][ T9023] bridge0: port 2(bridge_slave_1) entered disabled state [ 471.251226][ T9023] bridge_slave_1: entered allmulticast mode [ 471.263464][ T9023] bridge_slave_1: entered promiscuous mode [ 475.074110][ T8832] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 475.425004][ T9229] netlink: 8 bytes leftover after parsing attributes in process `syz.2.884'. [ 475.949946][ C0] vkms_vblank_simulate: vblank timer overrun [ 477.323119][ T8832] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 477.398294][ T9023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 477.420479][ T9023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 477.420822][ T8832] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 477.583879][ T8832] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 477.797367][ T9023] team0: Port device team_slave_0 added [ 478.511819][ T9023] team0: Port device team_slave_1 added [ 478.789759][ C0] vkms_vblank_simulate: vblank timer overrun [ 479.585115][ C0] vkms_vblank_simulate: vblank timer overrun [ 479.611875][ C0] vkms_vblank_simulate: vblank timer overrun [ 479.960467][ T9275] netlink: 8 bytes leftover after parsing attributes in process `syz.3.895'. [ 480.313560][ T9280] 9pnet_fd: Insufficient options for proto=fd [ 481.600784][ C0] vkms_vblank_simulate: vblank timer overrun [ 481.939018][ C0] vkms_vblank_simulate: vblank timer overrun [ 482.102452][ C0] vkms_vblank_simulate: vblank timer overrun [ 482.996861][ T9023] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 482.996878][ T9023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 482.996905][ T9023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 483.052222][ T9023] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 483.052237][ T9023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 483.052263][ T9023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 483.906764][ T9023] hsr_slave_0: entered promiscuous mode [ 483.919875][ T9023] hsr_slave_1: entered promiscuous mode [ 483.922794][ T9023] debugfs: 'hsr0' already exists in 'hsr' [ 483.922818][ T9023] Cannot create hsr debugfs directory [ 484.276032][ T9337] netlink: 8 bytes leftover after parsing attributes in process `syz.2.907'. [ 489.162454][ T9351] netlink: 8 bytes leftover after parsing attributes in process `syz.3.910'. [ 489.162867][ T9351] netlink: 4 bytes leftover after parsing attributes in process `syz.3.910'. [ 489.163106][ T9351] netlink: 'syz.3.910': attribute type 1 has an invalid length. [ 489.163122][ T9351] nbd: error processing sock list [ 489.956374][ T5817] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 489.967451][ T5817] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 489.970831][ T5817] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 489.974461][ T5817] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 489.978492][ T5817] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 491.505526][ T9394] netlink: 8 bytes leftover after parsing attributes in process `syz.2.918'. [ 492.080302][ T5817] Bluetooth: hci5: command tx timeout [ 494.458337][ T5817] Bluetooth: hci5: command tx timeout [ 494.458720][ C0] vkms_vblank_simulate: vblank timer overrun [ 496.384644][ T5889] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 496.535157][ T5889] usb 1-1: config 0 has an invalid interface number: 199 but max is 1 [ 496.535187][ T5889] usb 1-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config [ 496.535207][ T5889] usb 1-1: config 0 has no interface number 1 [ 496.535268][ T5889] usb 1-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 496.535310][ T5889] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 496.549241][ T5817] Bluetooth: hci5: command tx timeout [ 496.589883][ T5889] usb 1-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 496.589912][ T5889] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 496.589933][ T5889] usb 1-1: SerialNumber: syz [ 496.622600][ T5889] usb 1-1: config 0 descriptor?? [ 496.645386][ T5889] uvcvideo 1-1:0.199: Found UVC 0.00 device (0002:0000) [ 496.645417][ T5889] uvcvideo 1-1:0.199: No valid video chain found. [ 496.777143][ T9365] chnl_net:caif_netlink_parms(): no params data found [ 496.799644][ T9023] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 496.866872][ T9429] netlink: 8 bytes leftover after parsing attributes in process `syz.0.929'. [ 497.242128][ T9023] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 498.158276][ T9023] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 500.177023][ T9444] netlink: 8 bytes leftover after parsing attributes in process `syz.3.931'. [ 501.637509][ T5817] Bluetooth: hci5: command tx timeout [ 501.652845][ T5889] usb 1-1: USB disconnect, device number 18 [ 501.711867][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.821825][ T9023] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 502.861915][ T6345] bridge_slave_1: left allmulticast mode [ 502.861934][ T6345] bridge_slave_1: left promiscuous mode [ 502.862230][ T6345] bridge0: port 2(bridge_slave_1) entered disabled state [ 502.930051][ T6345] bridge_slave_0: left allmulticast mode [ 502.930131][ T6345] bridge_slave_0: left promiscuous mode [ 502.930351][ T6345] bridge0: port 1(bridge_slave_0) entered disabled state [ 503.564395][ T9481] ubi: mtd0 is already attached to ubi31 [ 507.684174][ T6345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 507.720984][ T9505] Bluetooth: MGMT ver 1.23 [ 507.721013][ T9505] Bluetooth: hci0: unsupported parameter 255 [ 507.721022][ T9505] Bluetooth: hci0: unsupported parameter 255 [ 507.770916][ T6345] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 507.821077][ T6345] bond0 (unregistering): Released all slaves [ 507.860151][ T9365] bridge0: port 1(bridge_slave_0) entered blocking state [ 507.860288][ T9365] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.860541][ T9365] bridge_slave_0: entered allmulticast mode [ 507.863350][ T9365] bridge_slave_0: entered promiscuous mode [ 507.897749][ T9365] bridge0: port 2(bridge_slave_1) entered blocking state [ 507.897930][ T9365] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.898161][ T9365] bridge_slave_1: entered allmulticast mode [ 507.906920][ T9365] bridge_slave_1: entered promiscuous mode [ 508.054910][ T9510] overlayfs: failed to resolve './file1': -2 [ 508.652006][ C1] vkms_vblank_simulate: vblank timer overrun [ 508.714780][ T9517] ubi: mtd0 is already attached to ubi31 [ 508.729228][ T9365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 508.889399][ T6345] hsr_slave_0: left promiscuous mode [ 508.921058][ T6345] hsr_slave_1: left promiscuous mode [ 508.922025][ T6345] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 509.096175][ C1] vkms_vblank_simulate: vblank timer overrun [ 509.122566][ T6345] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 509.336693][ C1] vkms_vblank_simulate: vblank timer overrun [ 509.485851][ C1] vkms_vblank_simulate: vblank timer overrun [ 509.878987][ C1] vkms_vblank_simulate: vblank timer overrun [ 510.080850][ T9536] Bluetooth: hci0: unsupported parameter 255 [ 510.080872][ T9536] Bluetooth: hci0: unsupported parameter 255 [ 510.255487][ C1] vkms_vblank_simulate: vblank timer overrun [ 510.330366][ C1] vkms_vblank_simulate: vblank timer overrun [ 510.508157][ C1] vkms_vblank_simulate: vblank timer overrun [ 510.639913][ T6345] team0 (unregistering): Port device team_slave_1 removed [ 510.671467][ C1] vkms_vblank_simulate: vblank timer overrun [ 510.700734][ T9544] overlayfs: failed to resolve './file1': -2 [ 510.961247][ T6345] team0 (unregistering): Port device team_slave_0 removed [ 511.503503][ C1] vkms_vblank_simulate: vblank timer overrun [ 511.512299][ T9546] process 'syz.3.964' launched './file0' with NULL argv: empty string added [ 511.687297][ T5817] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 511.703571][ T5817] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 511.704785][ T5817] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 511.707790][ T5817] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 511.708656][ T5817] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 511.936384][ C1] vkms_vblank_simulate: vblank timer overrun [ 512.197265][ T9564] ubi: mtd0 is already attached to ubi31 [ 512.493192][ T9365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 512.564215][ C1] vkms_vblank_simulate: vblank timer overrun [ 512.853681][ T9570] overlayfs: failed to resolve './file1': -2 [ 512.854277][ T9568] Bluetooth: hci0: unsupported parameter 255 [ 512.854295][ T9568] Bluetooth: hci0: unsupported parameter 255 [ 513.131185][ T9365] team0: Port device team_slave_0 added [ 513.151877][ T9365] team0: Port device team_slave_1 added [ 513.583686][ C1] vkms_vblank_simulate: vblank timer overrun [ 513.822233][ C1] vkms_vblank_simulate: vblank timer overrun [ 513.841750][ T5817] Bluetooth: hci4: command tx timeout [ 513.990227][ C1] vkms_vblank_simulate: vblank timer overrun [ 514.369476][ C1] vkms_vblank_simulate: vblank timer overrun [ 514.616663][ C1] vkms_vblank_simulate: vblank timer overrun [ 514.711903][ T9365] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 514.711921][ T9365] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 514.711947][ T9365] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 514.832798][ T9589] 9pnet_fd: Insufficient options for proto=fd [ 515.262068][ T9365] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 515.262085][ T9365] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 515.262112][ T9365] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 515.909253][ T5817] Bluetooth: hci4: command tx timeout [ 516.178101][ T9365] hsr_slave_0: entered promiscuous mode [ 516.191036][ T9365] hsr_slave_1: entered promiscuous mode [ 516.192035][ T9365] debugfs: 'hsr0' already exists in 'hsr' [ 516.192059][ T9365] Cannot create hsr debugfs directory [ 516.549536][ C1] vkms_vblank_simulate: vblank timer overrun [ 516.785238][ C1] vkms_vblank_simulate: vblank timer overrun [ 516.958864][ C1] vkms_vblank_simulate: vblank timer overrun [ 517.240545][ C1] vkms_vblank_simulate: vblank timer overrun [ 517.671410][ C1] vkms_vblank_simulate: vblank timer overrun [ 518.009436][ T5817] Bluetooth: hci4: command tx timeout [ 520.073790][ T5817] Bluetooth: hci4: command tx timeout [ 520.653261][ C1] vkms_vblank_simulate: vblank timer overrun [ 521.529866][ C1] vkms_vblank_simulate: vblank timer overrun [ 522.349925][ C1] vkms_vblank_simulate: vblank timer overrun [ 522.520369][ T9661] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1004'. [ 522.574062][ T9555] chnl_net:caif_netlink_parms(): no params data found [ 522.712014][ C1] vkms_vblank_simulate: vblank timer overrun [ 523.152562][ C1] vkms_vblank_simulate: vblank timer overrun [ 523.543408][ C1] vkms_vblank_simulate: vblank timer overrun [ 524.522739][ C1] vkms_vblank_simulate: vblank timer overrun [ 525.659022][ C1] vkms_vblank_simulate: vblank timer overrun [ 526.061176][ C1] vkms_vblank_simulate: vblank timer overrun [ 526.084131][ C1] vkms_vblank_simulate: vblank timer overrun [ 526.165508][ C1] vkms_vblank_simulate: vblank timer overrun [ 526.186691][ C1] vkms_vblank_simulate: vblank timer overrun [ 526.934944][ C1] vkms_vblank_simulate: vblank timer overrun [ 527.039908][ C1] vkms_vblank_simulate: vblank timer overrun [ 527.117274][ T5972] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 527.135389][ C1] vkms_vblank_simulate: vblank timer overrun [ 527.321517][ T9702] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1016'. [ 527.585850][ C1] vkms_vblank_simulate: vblank timer overrun [ 527.718858][ C1] vkms_vblank_simulate: vblank timer overrun [ 527.800231][ C1] vkms_vblank_simulate: vblank timer overrun [ 528.032921][ C1] vkms_vblank_simulate: vblank timer overrun [ 528.149838][ C1] vkms_vblank_simulate: vblank timer overrun [ 528.263308][ C1] vkms_vblank_simulate: vblank timer overrun [ 528.328459][ C1] vkms_vblank_simulate: vblank timer overrun [ 528.379893][ T5972] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 528.379933][ T5972] usb 3-1: can't read configurations, error -71 [ 528.563193][ C1] vkms_vblank_simulate: vblank timer overrun [ 529.863547][ C1] vkms_vblank_simulate: vblank timer overrun [ 530.396960][ C1] vkms_vblank_simulate: vblank timer overrun [ 530.436406][ C1] vkms_vblank_simulate: vblank timer overrun [ 530.601497][ C1] vkms_vblank_simulate: vblank timer overrun [ 531.296271][ T9555] bridge0: port 1(bridge_slave_0) entered blocking state [ 531.296421][ T9555] bridge0: port 1(bridge_slave_0) entered disabled state [ 531.296648][ T9555] bridge_slave_0: entered allmulticast mode [ 531.323987][ T9555] bridge_slave_0: entered promiscuous mode [ 531.403444][ C1] vkms_vblank_simulate: vblank timer overrun [ 531.427582][ T9555] bridge0: port 2(bridge_slave_1) entered blocking state [ 531.427714][ T9555] bridge0: port 2(bridge_slave_1) entered disabled state [ 531.427944][ T9555] bridge_slave_1: entered allmulticast mode [ 531.445109][ T9555] bridge_slave_1: entered promiscuous mode [ 531.668638][ C1] vkms_vblank_simulate: vblank timer overrun [ 531.814369][ C1] vkms_vblank_simulate: vblank timer overrun [ 532.057007][ C1] vkms_vblank_simulate: vblank timer overrun [ 532.232013][ C1] vkms_vblank_simulate: vblank timer overrun [ 532.250225][ C1] vkms_vblank_simulate: vblank timer overrun [ 532.404089][ C1] vkms_vblank_simulate: vblank timer overrun [ 532.537028][ C1] vkms_vblank_simulate: vblank timer overrun [ 532.856861][ C1] vkms_vblank_simulate: vblank timer overrun [ 533.033182][ C1] vkms_vblank_simulate: vblank timer overrun [ 533.628607][ T9555] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 533.654057][ T9555] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 533.845004][ T6345] bridge_slave_1: left allmulticast mode [ 533.845032][ T6345] bridge_slave_1: left promiscuous mode [ 533.845259][ T6345] bridge0: port 2(bridge_slave_1) entered disabled state [ 533.883351][ T9754] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1031'. [ 533.931413][ T6345] bridge_slave_0: left allmulticast mode [ 533.931442][ T6345] bridge_slave_0: left promiscuous mode [ 533.931696][ T6345] bridge0: port 1(bridge_slave_0) entered disabled state [ 534.069286][ T5962] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 534.221589][ T5962] usb 1-1: config 0 has an invalid interface number: 199 but max is 1 [ 534.221620][ T5962] usb 1-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config [ 534.221641][ T5962] usb 1-1: config 0 has no interface number 1 [ 534.221706][ T5962] usb 1-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 534.221748][ T5962] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 534.223270][ T5962] usb 1-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 534.223298][ T5962] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 534.223319][ T5962] usb 1-1: SerialNumber: syz [ 534.239297][ T5962] usb 1-1: config 0 descriptor?? [ 534.256644][ T5962] uvcvideo 1-1:0.199: Found UVC 0.00 device (0002:0000) [ 534.256678][ T5962] uvcvideo 1-1:0.199: No valid video chain found. [ 534.300984][ C1] vkms_vblank_simulate: vblank timer overrun [ 534.368727][ C1] vkms_vblank_simulate: vblank timer overrun [ 534.534308][ C1] vkms_vblank_simulate: vblank timer overrun [ 534.696679][ C1] vkms_vblank_simulate: vblank timer overrun [ 535.006512][ C1] vkms_vblank_simulate: vblank timer overrun [ 535.296198][ T9762] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1033'. [ 535.380152][ C1] vkms_vblank_simulate: vblank timer overrun [ 535.530202][ T6345] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 535.589676][ T6345] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 535.650982][ T6345] bond0 (unregistering): Released all slaves [ 535.764279][ C1] vkms_vblank_simulate: vblank timer overrun [ 535.853868][ T5889] usb 1-1: USB disconnect, device number 19 [ 535.933893][ T9555] team0: Port device team_slave_0 added [ 536.011757][ T9555] team0: Port device team_slave_1 added [ 536.298237][ C1] vkms_vblank_simulate: vblank timer overrun [ 537.356513][ C1] vkms_vblank_simulate: vblank timer overrun [ 537.378012][ T9555] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 537.378027][ T9555] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 537.378053][ T9555] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 537.606235][ C1] vkms_vblank_simulate: vblank timer overrun [ 537.775413][ C1] vkms_vblank_simulate: vblank timer overrun [ 538.113050][ C1] vkms_vblank_simulate: vblank timer overrun [ 538.391127][ C1] vkms_vblank_simulate: vblank timer overrun [ 538.499396][ T6345] hsr_slave_0: left promiscuous mode [ 538.520404][ T6345] hsr_slave_1: left promiscuous mode [ 538.521363][ T6345] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 538.538917][ T9802] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1046'. [ 538.538970][ T9802] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1046'. [ 538.538985][ T9802] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1046'. [ 538.610158][ T6345] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 539.249384][ C1] vkms_vblank_simulate: vblank timer overrun [ 539.396753][ C1] vkms_vblank_simulate: vblank timer overrun [ 539.600640][ C1] vkms_vblank_simulate: vblank timer overrun [ 539.700290][ T6345] team0 (unregistering): Port device team_slave_1 removed [ 539.799728][ T6345] team0 (unregistering): Port device team_slave_0 removed [ 539.999204][ C1] vkms_vblank_simulate: vblank timer overrun [ 540.225140][ C1] vkms_vblank_simulate: vblank timer overrun [ 540.370145][ T9555] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 540.370162][ T9555] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 540.370191][ T9555] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 540.509441][ T5889] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 540.978573][ T5889] usb 3-1: config 0 has an invalid interface number: 199 but max is 1 [ 540.978601][ T5889] usb 3-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config [ 540.978622][ T5889] usb 3-1: config 0 has no interface number 1 [ 540.978688][ T5889] usb 3-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 540.978724][ T5889] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 541.024770][ T5889] usb 3-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 541.024799][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 541.024820][ T5889] usb 3-1: SerialNumber: syz [ 541.090211][ T5889] usb 3-1: config 0 descriptor?? [ 541.116111][ T5889] uvcvideo 3-1:0.199: Found UVC 0.00 device (0002:0000) [ 541.116130][ T5889] uvcvideo 3-1:0.199: No valid video chain found. [ 541.299014][ T9812] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1049'. [ 541.382728][ T9365] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 541.455519][ T5889] usb 3-1: USB disconnect, device number 18 [ 541.492902][ T9555] hsr_slave_0: entered promiscuous mode [ 541.494275][ T9555] hsr_slave_1: entered promiscuous mode [ 541.499835][ T9555] debugfs: 'hsr0' already exists in 'hsr' [ 541.499860][ T9555] Cannot create hsr debugfs directory [ 541.501582][ T9365] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 541.554758][ T9365] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 541.604582][ T9365] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 541.981598][ C1] vkms_vblank_simulate: vblank timer overrun [ 542.329561][ C1] vkms_vblank_simulate: vblank timer overrun [ 542.417348][ C1] vkms_vblank_simulate: vblank timer overrun [ 542.858189][ C1] vkms_vblank_simulate: vblank timer overrun [ 543.036198][ C1] vkms_vblank_simulate: vblank timer overrun [ 549.605970][ T9365] kthread_run failed with err -4 [ 550.592436][ T5819] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 550.601641][ T5819] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 550.602856][ T5819] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 550.604504][ T5819] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 550.605698][ T5819] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 551.401268][ C0] vkms_vblank_simulate: vblank timer overrun [ 551.631080][ C0] vkms_vblank_simulate: vblank timer overrun [ 551.664079][ T9875] binder: BINDER_SET_CONTEXT_MGR already set [ 551.664094][ T9875] binder: 9866:9875 ioctl 4018620d 200000000040 returned -16 [ 551.704855][ T9874] tipc: Enabled bearer , priority 0 [ 551.709375][ T9877] syzkaller0: entered promiscuous mode [ 551.709391][ T9877] syzkaller0: entered allmulticast mode [ 551.989243][ C0] vkms_vblank_simulate: vblank timer overrun [ 552.063771][ C0] vkms_vblank_simulate: vblank timer overrun [ 552.093317][ C0] vkms_vblank_simulate: vblank timer overrun [ 552.630041][ T5819] Bluetooth: hci1: command tx timeout [ 552.637412][ T993] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 552.789651][ T993] usb 3-1: Using ep0 maxpacket: 32 [ 552.794203][ T993] usb 3-1: config 0 has an invalid interface number: 230 but max is 0 [ 552.794220][ T993] usb 3-1: config 0 has no interface number 0 [ 552.794239][ T993] usb 3-1: config 0 interface 230 has no altsetting 0 [ 552.801248][ T993] usb 3-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 552.801274][ T993] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.801295][ T993] usb 3-1: Product: syz [ 552.801309][ T993] usb 3-1: Manufacturer: syz [ 552.801323][ T993] usb 3-1: SerialNumber: syz [ 552.910316][ T993] usb 3-1: config 0 descriptor?? [ 552.914510][ T993] ums-usbat 3-1:0.230: USB Mass Storage device detected [ 552.944393][ T993] ums-usbat 3-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 553.410642][ C0] vkms_vblank_simulate: vblank timer overrun [ 553.514178][ T9865] tipc: Resetting bearer [ 553.518614][ T5801] usb 3-1: USB disconnect, device number 19 [ 554.355429][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.389623][ T9864] tipc: Resetting bearer [ 554.686108][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.840056][ T5819] Bluetooth: hci1: command tx timeout [ 555.400076][ T9864] tipc: Disabling bearer [ 555.546322][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.568589][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.881158][ C0] vkms_vblank_simulate: vblank timer overrun [ 556.106631][ C0] vkms_vblank_simulate: vblank timer overrun [ 556.911059][ C0] vkms_vblank_simulate: vblank timer overrun [ 556.950007][ T5819] Bluetooth: hci1: command tx timeout [ 557.188188][ C0] vkms_vblank_simulate: vblank timer overrun [ 558.667397][ C0] vkms_vblank_simulate: vblank timer overrun [ 558.671040][ T9917] binder: BINDER_SET_CONTEXT_MGR already set [ 558.671053][ T9917] binder: 9910:9917 ioctl 4018620d 200000000040 returned -16 [ 559.040672][ T5819] Bluetooth: hci1: command tx timeout [ 559.830108][ C0] vkms_vblank_simulate: vblank timer overrun [ 561.099698][ C0] vkms_vblank_simulate: vblank timer overrun [ 561.259677][ C0] vkms_vblank_simulate: vblank timer overrun [ 561.650012][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.390519][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.535548][ T9965] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1095'. [ 562.746079][ C0] vkms_vblank_simulate: vblank timer overrun [ 562.822040][ T9969] binder: BINDER_SET_CONTEXT_MGR already set [ 562.822055][ T9969] binder: 9966:9969 ioctl 4018620d 200000000040 returned -16 [ 562.971712][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.367181][ C0] vkms_vblank_simulate: vblank timer overrun [ 563.821623][ T9555] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 564.795289][ C0] vkms_vblank_simulate: vblank timer overrun [ 564.838149][ T9555] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 564.847727][ T9988] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1100'. [ 565.071287][ T9985] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1100'. [ 565.110277][ T9555] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 565.191837][ T9869] chnl_net:caif_netlink_parms(): no params data found [ 565.216423][ T9555] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 565.269801][ T43] bridge_slave_1: left allmulticast mode [ 565.269828][ T43] bridge_slave_1: left promiscuous mode [ 565.270090][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 565.372244][ T43] bridge_slave_0: left allmulticast mode [ 565.372271][ T43] bridge_slave_0: left promiscuous mode [ 565.372513][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 565.518880][ C0] vkms_vblank_simulate: vblank timer overrun [ 565.698974][ C0] vkms_vblank_simulate: vblank timer overrun [ 567.969907][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 568.389754][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 569.532930][ T43] bond0 (unregistering): Released all slaves [ 571.229204][ T43] hsr_slave_0: left promiscuous mode [ 571.272224][ T43] hsr_slave_1: left promiscuous mode [ 571.275095][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 571.329781][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 571.889569][T10049] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1114'. [ 571.907057][T10050] binder: BINDER_SET_CONTEXT_MGR already set [ 571.907071][T10050] binder: 10045:10050 ioctl 4018620d 200000000040 returned -16 [ 573.966415][ C1] vkms_vblank_simulate: vblank timer overrun [ 574.074060][ T5817] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 574.094461][ T5817] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 574.100768][ T43] team0 (unregistering): Port device team_slave_1 removed [ 574.120673][ T5817] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 574.121704][ T5817] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 574.123680][ T5817] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 574.606658][ C1] vkms_vblank_simulate: vblank timer overrun [ 574.670012][ T43] team0 (unregistering): Port device team_slave_0 removed [ 576.311509][ T5819] Bluetooth: hci5: command tx timeout [ 577.780472][T10069] overlayfs: missing 'lowerdir' [ 578.125186][T10072] ubi: mtd0 is already attached to ubi31 [ 578.419098][ T5817] Bluetooth: hci5: command tx timeout [ 579.074121][ T9869] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.074265][ T9869] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.074447][ T9869] bridge_slave_0: entered allmulticast mode [ 579.077171][ T9869] bridge_slave_0: entered promiscuous mode [ 579.159539][ T9869] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.159727][ T9869] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.159924][ T9869] bridge_slave_1: entered allmulticast mode [ 579.165065][ T9869] bridge_slave_1: entered promiscuous mode [ 579.490644][T10082] loop6: detected capacity change from 0 to 524288000 [ 580.093554][ T9869] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 580.274133][ T9869] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 580.451332][T10103] overlayfs: missing 'lowerdir' [ 580.469270][ T5817] Bluetooth: hci5: command tx timeout [ 582.247363][ T9869] team0: Port device team_slave_0 added [ 582.297489][ T9869] team0: Port device team_slave_1 added [ 582.667169][ T5817] Bluetooth: hci5: command tx timeout [ 582.989367][T10125] /dev/nullb0: Can't open blockdev [ 583.496005][T10123] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 583.592188][ C0] vkms_vblank_simulate: vblank timer overrun [ 583.670485][ T9869] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 583.670502][ T9869] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 583.670529][ T9869] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 583.730150][ T9869] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 583.730163][ T9869] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 583.730189][ T9869] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 583.848553][T10131] overlayfs: missing 'lowerdir' [ 585.786585][ T9869] hsr_slave_0: entered promiscuous mode [ 585.799636][ T9869] hsr_slave_1: entered promiscuous mode [ 585.800787][ T9869] debugfs: 'hsr0' already exists in 'hsr' [ 585.800811][ T9869] Cannot create hsr debugfs directory [ 586.549897][ C0] vkms_vblank_simulate: vblank timer overrun [ 587.384290][T10156] vxfs: WRONG superblock magic 00000000 at 1 [ 587.387052][T10156] vxfs: WRONG superblock magic 00000000 at 8 [ 587.387092][T10156] vxfs: can't find superblock. [ 587.801594][T10155] ceph: No mds server is up or the cluster is laggy [ 587.827263][ C0] vkms_vblank_simulate: vblank timer overrun [ 589.255468][T10177] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 589.686829][ C0] vkms_vblank_simulate: vblank timer overrun [ 589.714894][T10188] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1153'. [ 590.583574][ C0] vkms_vblank_simulate: vblank timer overrun [ 590.792945][T10197] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1153'. [ 591.099076][ C0] vkms_vblank_simulate: vblank timer overrun [ 591.737932][ C0] vkms_vblank_simulate: vblank timer overrun [ 591.826465][ C0] vkms_vblank_simulate: vblank timer overrun [ 592.026774][ C0] vkms_vblank_simulate: vblank timer overrun [ 592.303193][ C0] vkms_vblank_simulate: vblank timer overrun [ 593.287080][ C0] vkms_vblank_simulate: vblank timer overrun [ 593.326925][ C0] vkms_vblank_simulate: vblank timer overrun [ 594.076094][T10056] chnl_net:caif_netlink_parms(): no params data found [ 594.134094][T10219] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 596.404007][ C0] vkms_vblank_simulate: vblank timer overrun [ 596.489144][T10232] bridge7: entered promiscuous mode [ 596.489171][T10232] bridge7: entered allmulticast mode [ 597.978044][ C0] vkms_vblank_simulate: vblank timer overrun [ 599.574417][ C0] vkms_vblank_simulate: vblank timer overrun [ 599.641168][ C0] vkms_vblank_simulate: vblank timer overrun [ 599.864051][T10273] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 600.375343][ C0] vkms_vblank_simulate: vblank timer overrun [ 600.716864][T10286] bridge8: entered promiscuous mode [ 600.716893][T10286] bridge8: entered allmulticast mode [ 601.142760][ C0] vkms_vblank_simulate: vblank timer overrun [ 601.312926][T10056] bridge0: port 1(bridge_slave_0) entered blocking state [ 601.313062][T10056] bridge0: port 1(bridge_slave_0) entered disabled state [ 601.313297][T10056] bridge_slave_0: entered allmulticast mode [ 601.329301][T10056] bridge_slave_0: entered promiscuous mode [ 601.404079][T10056] bridge0: port 2(bridge_slave_1) entered blocking state [ 601.404218][T10056] bridge0: port 2(bridge_slave_1) entered disabled state [ 601.404442][T10056] bridge_slave_1: entered allmulticast mode [ 601.436299][T10056] bridge_slave_1: entered promiscuous mode [ 604.266515][T10301] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 605.177930][ T43] bridge_slave_1: left allmulticast mode [ 605.177958][ T43] bridge_slave_1: left promiscuous mode [ 605.178211][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 605.217052][T10304] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 605.263403][ T43] bridge_slave_0: left allmulticast mode [ 605.263431][ T43] bridge_slave_0: left promiscuous mode [ 605.263694][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 606.852789][ T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 607.109972][ T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 607.161073][ T43] bond0 (unregistering): Released all slaves [ 607.210294][T10056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 608.036276][T10056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 608.625142][ C1] vkms_vblank_simulate: vblank timer overrun [ 608.911171][ C1] vkms_vblank_simulate: vblank timer overrun [ 609.408338][ C1] vkms_vblank_simulate: vblank timer overrun [ 609.739212][ T43] hsr_slave_0: left promiscuous mode [ 609.793543][ T43] hsr_slave_1: left promiscuous mode [ 609.794545][ T43] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 609.841900][ T43] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 609.864169][T10341] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 610.267785][T10345] ubi: mtd0 is already attached to ubi31 [ 612.120843][ C1] vkms_vblank_simulate: vblank timer overrun [ 612.352479][ C1] vkms_vblank_simulate: vblank timer overrun [ 612.574595][ C1] vkms_vblank_simulate: vblank timer overrun [ 612.803204][ C1] vkms_vblank_simulate: vblank timer overrun [ 613.288300][ T43] team0 (unregistering): Port device team_slave_1 removed [ 613.431140][ T43] team0 (unregistering): Port device team_slave_0 removed [ 613.683539][ T5819] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 613.754197][ T5819] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 613.768830][ T5819] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 614.234472][ T5819] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 614.235391][ T5819] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 614.667786][T10056] team0: Port device team_slave_0 added [ 614.674093][T10056] team0: Port device team_slave_1 added [ 614.858290][ C1] vkms_vblank_simulate: vblank timer overrun [ 615.516006][T10056] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 615.516024][T10056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 615.516050][T10056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 615.557126][T10056] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 615.557143][T10056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 615.557169][T10056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 615.599237][T10377] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 615.942212][T10386] ubi: mtd0 is already attached to ubi31 [ 616.291623][ C1] vkms_vblank_simulate: vblank timer overrun [ 616.717001][T10395] binder: 10389:10395 ioctl c0306201 0 returned -14 [ 616.735935][ C1] vkms_vblank_simulate: vblank timer overrun [ 616.893251][ C1] vkms_vblank_simulate: vblank timer overrun [ 617.174079][ C1] vkms_vblank_simulate: vblank timer overrun [ 617.390040][T10056] hsr_slave_0: entered promiscuous mode [ 617.415804][ T5819] Bluetooth: hci4: command tx timeout [ 617.443582][T10056] hsr_slave_1: entered promiscuous mode [ 617.444163][T10056] debugfs: 'hsr0' already exists in 'hsr' [ 617.444178][T10056] Cannot create hsr debugfs directory [ 618.872959][T10415] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1206'. [ 618.989892][ C1] vkms_vblank_simulate: vblank timer overrun [ 619.102347][T10410] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1206'. [ 619.240946][T10430] binder: BINDER_SET_CONTEXT_MGR already set [ 619.240961][T10430] binder: 10421:10430 ioctl 4018620d 200000000040 returned -16 [ 619.440217][ T5819] Bluetooth: hci4: command tx timeout [ 622.007898][ T5819] Bluetooth: hci4: command tx timeout [ 622.601002][ C0] vkms_vblank_simulate: vblank timer overrun [ 623.517034][ C0] vkms_vblank_simulate: vblank timer overrun [ 623.655232][T10464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 623.823727][ C0] vkms_vblank_simulate: vblank timer overrun [ 624.095976][ T5819] Bluetooth: hci4: command tx timeout [ 626.979442][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 627.636364][T10489] binder: 10472:10489 ioctl c0306201 0 returned -14 [ 628.342019][T10485] ubi: mtd0 is already attached to ubi31 [ 630.152446][T10361] chnl_net:caif_netlink_parms(): no params data found [ 631.427980][T10361] bridge0: port 1(bridge_slave_0) entered blocking state [ 631.428780][T10361] bridge0: port 1(bridge_slave_0) entered disabled state [ 631.428941][T10361] bridge_slave_0: entered allmulticast mode [ 631.464638][T10361] bridge_slave_0: entered promiscuous mode [ 631.739231][T10361] bridge0: port 2(bridge_slave_1) entered blocking state [ 631.739362][T10361] bridge0: port 2(bridge_slave_1) entered disabled state [ 631.739591][T10361] bridge_slave_1: entered allmulticast mode [ 631.790886][T10361] bridge_slave_1: entered promiscuous mode [ 632.567970][T10521] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 632.654223][T10361] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 632.704213][T10361] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 634.581415][T10539] binder: BINDER_SET_CONTEXT_MGR already set [ 634.581460][T10539] binder: 10532:10539 ioctl 4018620d 200000000040 returned -16 [ 634.964615][T10544] binder: 10540:10544 ioctl c0306201 0 returned -14 [ 636.001102][T10361] team0: Port device team_slave_0 added [ 636.072540][ T5817] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 636.079658][ T5817] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 636.084724][ T5817] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 636.088261][ T5817] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 636.096366][ T5817] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 636.275699][T10361] team0: Port device team_slave_1 added [ 636.276318][ T1438] bridge_slave_1: left allmulticast mode [ 636.276340][ T1438] bridge_slave_1: left promiscuous mode [ 636.276686][ T1438] bridge0: port 2(bridge_slave_1) entered disabled state [ 636.521484][ T1438] bridge_slave_0: left allmulticast mode [ 636.521513][ T1438] bridge_slave_0: left promiscuous mode [ 636.521771][ T1438] bridge0: port 1(bridge_slave_0) entered disabled state [ 638.279149][ T37] audit: type=1804 audit(1767282392.622:4): pid=10559 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.1229" name="/newroot/382/file0" dev="tmpfs" ino=2056 res=1 errno=0 [ 638.662351][ T5817] Bluetooth: hci1: command tx timeout [ 638.756923][T10557] uprobe: syz.2.1229:10557 failed to unregister, leaking uprobe [ 639.287205][ T1438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 639.758988][ T1438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 640.022732][T10569] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 640.042982][ T1438] bond0 (unregistering): Released all slaves [ 640.494182][ C0] vkms_vblank_simulate: vblank timer overrun [ 640.669193][ C0] vkms_vblank_simulate: vblank timer overrun [ 640.721664][ C0] vkms_vblank_simulate: vblank timer overrun [ 640.743474][ T5817] Bluetooth: hci1: command tx timeout [ 640.867910][ C0] vkms_vblank_simulate: vblank timer overrun [ 640.919166][ C0] vkms_vblank_simulate: vblank timer overrun [ 640.979172][ C0] vkms_vblank_simulate: vblank timer overrun [ 641.033032][ C0] vkms_vblank_simulate: vblank timer overrun [ 641.274728][T10361] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 641.274744][T10361] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 641.274770][T10361] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 642.695117][ C0] vkms_vblank_simulate: vblank timer overrun [ 642.801673][ T5817] Bluetooth: hci1: command tx timeout [ 642.812036][ C0] vkms_vblank_simulate: vblank timer overrun [ 642.860126][ T1438] hsr_slave_0: left promiscuous mode [ 642.916499][ T1438] hsr_slave_1: left promiscuous mode [ 642.917469][ T1438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 643.231454][ T1438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 643.239216][ C0] vkms_vblank_simulate: vblank timer overrun [ 643.951710][ C0] vkms_vblank_simulate: vblank timer overrun [ 644.177683][ T31] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 644.213343][T10603] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 644.962530][ T5817] Bluetooth: hci1: command tx timeout [ 646.649021][ C0] vkms_vblank_simulate: vblank timer overrun [ 646.835985][ T31] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 646.836028][ T31] usb 3-1: can't read configurations, error -71 [ 647.123588][ C0] vkms_vblank_simulate: vblank timer overrun [ 647.169023][ C0] vkms_vblank_simulate: vblank timer overrun [ 647.330366][ C0] vkms_vblank_simulate: vblank timer overrun [ 647.553722][ C0] vkms_vblank_simulate: vblank timer overrun [ 647.621112][ T1438] team0 (unregistering): Port device team_slave_1 removed [ 647.654904][ C0] vkms_vblank_simulate: vblank timer overrun [ 647.755176][ T1438] team0 (unregistering): Port device team_slave_0 removed [ 647.788531][ C0] vkms_vblank_simulate: vblank timer overrun [ 647.827238][ C0] vkms_vblank_simulate: vblank timer overrun [ 647.873764][ C0] vkms_vblank_simulate: vblank timer overrun [ 648.804100][T10361] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 648.804123][T10361] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 648.804148][T10361] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 649.605051][T10637] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1250'. [ 649.825224][T10637] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1250'. [ 650.422224][T10361] hsr_slave_0: entered promiscuous mode [ 650.424053][T10361] hsr_slave_1: entered promiscuous mode [ 650.460994][T10361] debugfs: 'hsr0' already exists in 'hsr' [ 650.461157][T10361] Cannot create hsr debugfs directory [ 650.839119][ T5889] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 650.991512][ T5889] usb 4-1: config 0 has an invalid interface number: 199 but max is 1 [ 650.991540][ T5889] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 650.991560][ T5889] usb 4-1: config 0 has no interface number 1 [ 650.991619][ T5889] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 650.991657][ T5889] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 651.129178][ T5889] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 651.129207][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 651.129226][ T5889] usb 4-1: SerialNumber: syz [ 651.134341][ T5889] usb 4-1: config 0 descriptor?? [ 651.144061][ T5889] uvcvideo 4-1:0.199: Found UVC 0.00 device (0002:0000) [ 651.144092][ T5889] uvcvideo 4-1:0.199: No valid video chain found. [ 651.371317][T10655] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1254'. [ 651.498824][ T5962] usb 4-1: USB disconnect, device number 12 [ 655.115845][T10549] chnl_net:caif_netlink_parms(): no params data found [ 657.585664][T10549] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.585798][T10549] bridge0: port 1(bridge_slave_0) entered disabled state [ 657.585994][T10549] bridge_slave_0: entered allmulticast mode [ 657.622076][T10549] bridge_slave_0: entered promiscuous mode [ 657.673761][T10738] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1267'. [ 657.707460][T10549] bridge0: port 2(bridge_slave_1) entered blocking state [ 657.707587][T10549] bridge0: port 2(bridge_slave_1) entered disabled state [ 657.707779][T10549] bridge_slave_1: entered allmulticast mode [ 657.716435][T10549] bridge_slave_1: entered promiscuous mode [ 657.997253][T10731] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1267'. [ 658.168862][T10744] binder: 10735:10744 ioctl c0306201 0 returned -14 [ 660.433315][T10549] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 660.462516][T10549] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 661.026227][T10757] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 661.050108][T10549] team0: Port device team_slave_0 added [ 661.122145][T10361] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 661.184609][T10549] team0: Port device team_slave_1 added [ 661.199053][T10361] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 661.567677][ T1438] bridge_slave_1: left allmulticast mode [ 661.567696][ T1438] bridge_slave_1: left promiscuous mode [ 661.567851][ T1438] bridge0: port 2(bridge_slave_1) entered disabled state [ 661.632386][ T1438] bridge_slave_0: left allmulticast mode [ 661.632413][ T1438] bridge_slave_0: left promiscuous mode [ 661.632662][ T1438] bridge0: port 1(bridge_slave_0) entered disabled state [ 662.682371][ T1438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 663.270064][ T1438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 663.434355][ T1438] bond0 (unregistering): Released all slaves [ 663.490006][T10361] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 664.413923][T10361] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 664.516909][T10549] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 664.516921][T10549] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 664.516936][T10549] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 664.576014][T10549] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 664.576029][T10549] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 664.576055][T10549] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 665.240390][ T1438] hsr_slave_0: left promiscuous mode [ 665.283963][ T1438] hsr_slave_1: left promiscuous mode [ 665.284932][ T1438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 665.330071][ T1438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 665.351799][T10793] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 665.900077][ T5889] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 666.361207][ T10] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 666.379329][ C1] vkms_vblank_simulate: vblank timer overrun [ 666.560304][ T10] usb 1-1: config 0 has an invalid interface number: 199 but max is 1 [ 666.560334][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 666.560354][ T10] usb 1-1: config 0 has no interface number 1 [ 666.560414][ T10] usb 1-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 666.560449][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 666.565633][ T10] usb 1-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 666.565661][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 666.565681][ T10] usb 1-1: SerialNumber: syz [ 666.575130][ T10] usb 1-1: config 0 descriptor?? [ 666.597328][ T10] uvcvideo 1-1:0.199: Found UVC 0.00 device (0002:0000) [ 666.597359][ T10] uvcvideo 1-1:0.199: No valid video chain found. [ 666.909698][ T1438] team0 (unregistering): Port device team_slave_1 removed [ 667.039839][ T1438] team0 (unregistering): Port device team_slave_0 removed [ 667.066992][ C1] vkms_vblank_simulate: vblank timer overrun [ 667.570965][ T5870] usb 1-1: USB disconnect, device number 20 [ 667.954218][T10549] hsr_slave_0: entered promiscuous mode [ 667.955547][T10549] hsr_slave_1: entered promiscuous mode [ 667.956465][T10549] debugfs: 'hsr0' already exists in 'hsr' [ 667.956489][T10549] Cannot create hsr debugfs directory [ 668.423974][ C1] vkms_vblank_simulate: vblank timer overrun [ 668.487904][ C1] vkms_vblank_simulate: vblank timer overrun [ 669.394951][ C1] vkms_vblank_simulate: vblank timer overrun [ 669.526729][ C1] vkms_vblank_simulate: vblank timer overrun [ 670.077713][ C1] vkms_vblank_simulate: vblank timer overrun [ 670.094889][ T5889] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 670.094939][ T5889] usb 3-1: can't read configurations, error -71 [ 672.825746][ C1] vkms_vblank_simulate: vblank timer overrun [ 673.759589][ C1] vkms_vblank_simulate: vblank timer overrun [ 674.137919][ T5819] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 674.146088][ T5819] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 674.148180][ T5819] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 674.153829][ T5819] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 674.154659][ T5819] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 674.709605][ C1] vkms_vblank_simulate: vblank timer overrun [ 674.921191][ C1] vkms_vblank_simulate: vblank timer overrun [ 675.147384][ C1] vkms_vblank_simulate: vblank timer overrun [ 675.206121][T10549] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 675.253661][T10549] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 675.591755][ C1] vkms_vblank_simulate: vblank timer overrun [ 675.739752][ C1] vkms_vblank_simulate: vblank timer overrun [ 677.321483][ C1] vkms_vblank_simulate: vblank timer overrun [ 677.527287][ T5819] Bluetooth: hci4: command tx timeout [ 677.642579][T10549] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 677.724078][T10549] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 677.886543][ C1] vkms_vblank_simulate: vblank timer overrun [ 678.814668][ C1] vkms_vblank_simulate: vblank timer overrun [ 679.589121][ T5817] Bluetooth: hci4: command tx timeout [ 679.753546][ C1] vkms_vblank_simulate: vblank timer overrun [ 683.030460][ T5817] Bluetooth: hci4: command tx timeout [ 683.454555][T10972] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1318'. [ 683.454621][T10972] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1318'. [ 683.454636][T10972] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1318'. [ 683.481012][T10969] comedi comedi3: 8255: I/O port conflict (0x40404f26,4) [ 683.481046][T10969] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 683.481072][T10969] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 683.481143][T10969] comedi comedi3: 8255: I/O port conflict (0xc,4) [ 683.481169][T10969] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 683.481217][T10969] comedi comedi3: 8255: I/O port conflict (0x5c95238c,4) [ 683.481246][T10969] comedi comedi3: 8255: I/O port conflict (0xa,4) [ 683.481273][T10969] comedi comedi3: 8255: I/O port conflict (0x3bf,4) [ 683.481299][T10969] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 683.481346][T10969] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 683.481375][T10969] comedi comedi3: 8255: I/O port conflict (0x20000001,4) [ 683.481424][T10969] comedi comedi3: 8255: I/O port conflict (0x400e1c8,4) [ 683.481451][T10969] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 683.481476][T10969] comedi comedi3: 8255: I/O port conflict (0x7,4) [ 683.481502][T10969] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 683.481556][T10969] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 683.481583][T10969] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 683.481608][T10969] comedi comedi3: 8255: I/O port conflict (0xb,4) [ 683.481656][T10969] comedi comedi3: 8255: I/O port conflict (0x10,4) [ 683.481682][T10969] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 683.481707][T10969] comedi comedi3: 8255: I/O port conflict (0xef,4) [ 684.020775][T10983] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 684.266882][ C1] vkms_vblank_simulate: vblank timer overrun [ 684.822573][T10873] chnl_net:caif_netlink_parms(): no params data found [ 685.049526][ T1403] bridge_slave_1: left allmulticast mode [ 685.049565][ T1403] bridge_slave_1: left promiscuous mode [ 685.049838][ T1403] bridge0: port 2(bridge_slave_1) entered disabled state [ 685.173015][ T5817] Bluetooth: hci4: command tx timeout [ 685.281131][ T1403] bridge_slave_0: left allmulticast mode [ 685.281161][ T1403] bridge_slave_0: left promiscuous mode [ 685.281409][ T1403] bridge0: port 1(bridge_slave_0) entered disabled state [ 685.755432][ T1321] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.800546][ T5972] usb 1-1: new full-speed USB device number 21 using dummy_hcd [ 686.906694][ C1] vkms_vblank_simulate: vblank timer overrun [ 686.972644][ T5972] usb 1-1: config 0 has an invalid interface number: 199 but max is 1 [ 686.972674][ T5972] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 686.972693][ T5972] usb 1-1: config 0 has no interface number 1 [ 686.972754][ T5972] usb 1-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 686.972791][ T5972] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 686.974489][ T5972] usb 1-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 686.974516][ T5972] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 686.974537][ T5972] usb 1-1: SerialNumber: syz [ 687.049658][ T5972] usb 1-1: config 0 descriptor?? [ 687.070765][ T5972] uvcvideo 1-1:0.199: Found UVC 0.00 device (0002:0000) [ 687.070799][ T5972] uvcvideo 1-1:0.199: No valid video chain found. [ 687.170320][ C1] vkms_vblank_simulate: vblank timer overrun [ 687.376812][ C1] vkms_vblank_simulate: vblank timer overrun [ 687.611704][ C1] vkms_vblank_simulate: vblank timer overrun [ 687.910456][ C1] vkms_vblank_simulate: vblank timer overrun [ 688.224527][ T31] usb 1-1: USB disconnect, device number 21 [ 688.431789][ C1] vkms_vblank_simulate: vblank timer overrun [ 688.576733][ C1] vkms_vblank_simulate: vblank timer overrun [ 688.887712][ C1] vkms_vblank_simulate: vblank timer overrun [ 689.533270][T11026] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1329'. [ 689.533326][T11026] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1329'. [ 689.533341][T11026] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1329'. [ 691.149996][ C0] ------------[ cut here ]------------ [ 691.150007][ C0] refcount_t: addition on 0; use-after-free. [ 691.150285][ C0] WARNING: CPU: 0 PID: 16 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 [ 691.150314][ C0] Modules linked in: [ 691.150342][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 691.150371][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 691.150388][ C0] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 691.150404][ C0] Code: 00 00 e8 79 58 45 fd 5b 41 5e c3 cc cc cc cc cc e8 6b 58 45 fd c6 05 3f 22 47 0a 01 90 48 c7 c7 80 2e 3d 8b e8 57 9f 09 fd 90 <0f> 0b 90 90 eb d7 e8 4b 58 45 fd c6 05 20 22 47 0a 01 90 48 c7 c7 [ 691.150414][ C0] RSP: 0018:ffffc90000157830 EFLAGS: 00010246 [ 691.150423][ C0] RAX: 938da0245c37a500 RBX: 0000000000000002 RCX: ffff88801b6e5a00 [ 691.150431][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 691.150438][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 691.150445][ C0] R10: dffffc0000000000 R11: ffffed101710487b R12: 1ffff9200002af18 [ 691.150453][ C0] R13: ffff88806072a260 R14: ffff888060729e80 R15: dffffc0000000000 [ 691.150461][ C0] FS: 0000000000000000(0000) GS:ffff888126df7000(0000) knlGS:0000000000000000 [ 691.150470][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 691.150477][ C0] CR2: 000000110c49ef89 CR3: 000000002807c000 CR4: 00000000003526f0 [ 691.150487][ C0] Call Trace: [ 691.150495][ C0] [ 691.150501][ C0] mptcp_schedule_work+0x164/0x1a0 [ 691.150517][ C0] mptcp_tout_timer+0x21/0xa0 [ 691.150533][ C0] call_timer_fn+0x17e/0x5f0 [ 691.150548][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 691.150561][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 691.150574][ C0] ? call_timer_fn+0xbe/0x5f0 [ 691.150588][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 691.150605][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 691.150621][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 691.150635][ C0] __run_timer_base+0x648/0x970 [ 691.150657][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 691.150680][ C0] run_timer_softirq+0xb7/0x180 [ 691.150693][ C0] handle_softirqs+0x22f/0x710 [ 691.150712][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 691.150731][ C0] run_ktimerd+0xcf/0x190 [ 691.150745][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 691.150758][ C0] ? schedule+0x91/0x360 [ 691.150775][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 691.150788][ C0] smpboot_thread_fn+0x542/0xa60 [ 691.150805][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 691.150823][ C0] kthread+0x711/0x8a0 [ 691.150841][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 691.150854][ C0] ? __pfx_kthread+0x10/0x10 [ 691.150867][ C0] ? rt_spin_unlock+0x150/0x200 [ 691.150882][ C0] ? rt_spin_unlock+0x161/0x200 [ 691.150892][ C0] ? __pfx_kthread+0x10/0x10 [ 691.150908][ C0] ret_from_fork+0x4bc/0x870 [ 691.150923][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 691.150939][ C0] ? __switch_to_asm+0x39/0x70 [ 691.150949][ C0] ? __switch_to_asm+0x33/0x70 [ 691.150959][ C0] ? __pfx_kthread+0x10/0x10 [ 691.150974][ C0] ret_from_fork_asm+0x1a/0x30 [ 691.150995][ C0] [ 691.151004][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 691.151012][ C0] CPU: 0 UID: 0 PID: 16 Comm: ktimers/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 691.151024][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 691.151030][ C0] Call Trace: [ 691.151034][ C0] [ 691.151039][ C0] dump_stack_lvl+0x99/0x250 [ 691.151059][ C0] ? __asan_memcpy+0x40/0x70 [ 691.151072][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 691.151087][ C0] ? __pfx__printk+0x10/0x10 [ 691.151108][ C0] vpanic+0x237/0x6d0 [ 691.151118][ C0] ? __pfx_vpanic+0x10/0x10 [ 691.151134][ C0] panic+0xb9/0xc0 [ 691.151144][ C0] ? __pfx_panic+0x10/0x10 [ 691.151163][ C0] __warn+0x31b/0x4b0 [ 691.151172][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 691.151185][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 691.151197][ C0] report_bug+0x2be/0x4f0 [ 691.151211][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 691.151223][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 691.151234][ C0] ? refcount_warn_saturate+0xfc/0x1d0 [ 691.151246][ C0] handle_bug+0x84/0x160 [ 691.151256][ C0] exc_invalid_op+0x1a/0x50 [ 691.151267][ C0] asm_exc_invalid_op+0x1a/0x20 [ 691.151278][ C0] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 691.151289][ C0] Code: 00 00 e8 79 58 45 fd 5b 41 5e c3 cc cc cc cc cc e8 6b 58 45 fd c6 05 3f 22 47 0a 01 90 48 c7 c7 80 2e 3d 8b e8 57 9f 09 fd 90 <0f> 0b 90 90 eb d7 e8 4b 58 45 fd c6 05 20 22 47 0a 01 90 48 c7 c7 [ 691.151298][ C0] RSP: 0018:ffffc90000157830 EFLAGS: 00010246 [ 691.151307][ C0] RAX: 938da0245c37a500 RBX: 0000000000000002 RCX: ffff88801b6e5a00 [ 691.151315][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100 [ 691.151322][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000100 [ 691.151328][ C0] R10: dffffc0000000000 R11: ffffed101710487b R12: 1ffff9200002af18 [ 691.151336][ C0] R13: ffff88806072a260 R14: ffff888060729e80 R15: dffffc0000000000 [ 691.151354][ C0] mptcp_schedule_work+0x164/0x1a0 [ 691.151367][ C0] mptcp_tout_timer+0x21/0xa0 [ 691.151382][ C0] call_timer_fn+0x17e/0x5f0 [ 691.151395][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 691.151408][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 691.151420][ C0] ? call_timer_fn+0xbe/0x5f0 [ 691.151433][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 691.151451][ C0] ? preempt_schedule_thunk+0x16/0x30 [ 691.151466][ C0] ? __pfx_mptcp_tout_timer+0x10/0x10 [ 691.151480][ C0] __run_timer_base+0x648/0x970 [ 691.151502][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 691.151524][ C0] run_timer_softirq+0xb7/0x180 [ 691.151537][ C0] handle_softirqs+0x22f/0x710 [ 691.151555][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 691.151574][ C0] run_ktimerd+0xcf/0x190 [ 691.151588][ C0] ? __pfx_run_ktimerd+0x10/0x10 [ 691.151600][ C0] ? schedule+0x91/0x360 [ 691.151618][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 691.151630][ C0] smpboot_thread_fn+0x542/0xa60 [ 691.151644][ C0] ? smpboot_thread_fn+0x4d/0xa60 [ 691.151662][ C0] kthread+0x711/0x8a0 [ 691.151679][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 691.151692][ C0] ? __pfx_kthread+0x10/0x10 [ 691.151705][ C0] ? rt_spin_unlock+0x150/0x200 [ 691.151720][ C0] ? rt_spin_unlock+0x161/0x200 [ 691.151730][ C0] ? __pfx_kthread+0x10/0x10 [ 691.151746][ C0] ret_from_fork+0x4bc/0x870 [ 691.151759][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 691.151793][ C0] ? __switch_to_asm+0x39/0x70 [ 691.151802][ C0] ? __switch_to_asm+0x33/0x70 [ 691.151812][ C0] ? __pfx_kthread+0x10/0x10 [ 691.151827][ C0] ret_from_fork_asm+0x1a/0x30 [ 691.151848][ C0] [ 691.152110][ C0] Kernel Offset: disabled