last executing test programs: 3.878757211s ago: executing program 0 (id=74): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$unix(0x1, 0x5, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r7) r8 = socket$unix(0x1, 0x2, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r10, {0x0, 0x6}, {0x2, 0xb}, {0xe, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x4000800) ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 3.700307579s ago: executing program 0 (id=75): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000b00)=ANY=[@ANYBLOB="1201000000000008d804dd0000000000000109022400010000a008090400fe01030001000921fffffd0122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f00000012c0)={0x40, 0x3, 0x5, {0x5, 0x4, "26ed60"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x41) ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000080)={0x0, 0xb, 0x7, &(0x7f0000000000)={0x18, "da8eaa7b3e587e7131e2770ee75cb8207a1c8d475452be4d033e77bd6b2763616c"}}) 3.259416763s ago: executing program 2 (id=84): syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000108117980800000000000109022400010000000009040000020308000009210000010122290a0905810300"], 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000300)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae000034aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a9eee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"}) 2.608600252s ago: executing program 3 (id=86): r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000200)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 2.169165319s ago: executing program 3 (id=92): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$unix(0x1, 0x5, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r7) r8 = socket$unix(0x1, 0x2, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r10, {0x0, 0x6}, {0x2, 0xb}, {0xe, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x4000800) ioctl$SIOCSIFHWADDR(r7, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) 2.045182056s ago: executing program 3 (id=93): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) fanotify_init(0x8, 0x40000) sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) syz_emit_ethernet(0x76, &(0x7f0000000640)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x15, 0x10, 0x0, 0x0, 0x0, {[@mptcp=@capable={0x1e, 0xc}, @mptcp=@syn={0x1e, 0xc}, @sack={0x5, 0x16, [0x0, 0x0, 0x0, 0x0, 0x0]}, @md5sig={0x13, 0x12, "a4bcbcee95c6179191d2675112a6689b"}]}}}}}}}, 0x0) 2.044888311s ago: executing program 2 (id=94): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0500000000000000000021"], 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x40305829, &(0x7f0000000140)={0x17c04, 0xffffffffffffffff, 0x2, 0x973f, 0x84, 0x8000}) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000100)=ANY=[@ANYBLOB="50000000080211000001080211000000080211000000000000000000000000000100010000060202020202020101822d1a00080800000000000000800900e7000b0000000003ffc004000000000000ff01"], 0x54) 1.969993235s ago: executing program 0 (id=95): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x8, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_skb=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000240)={r2, r3, 0x1, 0x0, @void}, 0x10) setsockopt$inet6_tcp_int(r1, 0x6, 0x22, &(0x7f0000000080)=0x1, 0x4) bind$inet6(r1, &(0x7f0000000240)={0xa, 0x4e20, 0xf, @empty, 0x5}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000000ac0)=[{{&(0x7f0000000440)={0xa, 0x4e20, 0x2, @empty, 0x6}, 0x1c, &(0x7f0000000c40)=[{&(0x7f0000000300)="d5", 0x1}], 0x1}}], 0x1, 0x20080058) 1.458564367s ago: executing program 1 (id=97): syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e1301"], 0x16) sendmsg$802154_raw(0xffffffffffffffff, 0x0, 0x4008084) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="0423"], 0x10) 1.458297105s ago: executing program 2 (id=98): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x4, 0x4, &(0x7f0000000500)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x7, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.458153483s ago: executing program 1 (id=99): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_clone(0x0, 0x0, 0xfffffffffffffead, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace(0x8, r1) r2 = syz_pidfd_open(r1, 0x0) process_mrelease(r2, 0x700000000000000) process_vm_writev(r1, &(0x7f0000000700)=[{&(0x7f00000004c0)=""/199, 0xc7}], 0x1, &(0x7f0000000c40)=[{&(0x7f0000000d80)=""/95, 0x5f}], 0x1, 0x0) 1.399889002s ago: executing program 2 (id=100): syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000600)=ANY=[@ANYBLOB="5000000008021100000108021100000050505050505000000000000000000000000401000006020202020202"], 0x36) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NL80211_CMD_ASSOCIATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fedbdf252600000008000300", @ANYRES32=r4, @ANYBLOB="0a0034000202020202020000080026006c0900000a000600505050505050000008004200010000001e009400f4"], 0x70}, 0x1, 0x0, 0x0, 0x4000815}, 0x850) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001280)={0x28, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) 1.399660627s ago: executing program 1 (id=101): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$unix(0x1, 0x5, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r7) r8 = socket$unix(0x1, 0x2, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r10, {0x0, 0x6}, {0x2, 0xb}, {0xe, 0xb}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x2b}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x4000800) ioctl$SIOCSIFHWADDR(r7, 0x8922, 0x0) 1.239806756s ago: executing program 1 (id=102): r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, 0x0, &(0x7f00000002c0)) syz_usb_connect$cdc_ecm(0x3, 0x52, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000020000202505a1a440000000010109024000010100c07d090400fe1602020000052406000005240000000d240f01000000000000000000052401"], 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000180), 0x10000001d, 0x8041) ioctl$USBDEVFS_IOCTL(r1, 0xc0105512, &(0x7f0000000200)=@usbdevfs_connect) 1.149755903s ago: executing program 3 (id=103): socket$inet(0x2, 0x4000000000000001, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket$inet6_sctp(0xa, 0x5, 0x84) socket$nl_route(0x10, 0x3, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000f40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x78}, 0x0) sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010028bd70000700000002000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004) r4 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_inet_SIOCSIFDSTADDR(r5, 0x8918, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e21, @remote}}) 1.149522749s ago: executing program 0 (id=104): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x24008090}, 0x40000) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r1, &(0x7f00000233c0)={0x0, 0x0, &(0x7f0000023380)={&(0x7f0000000040)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0x890) recvmmsg(r1, &(0x7f000000a140)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000001980)=""/109, 0x6d}], 0x1}, 0x8}], 0x1, 0x40010061, 0x0) 1.14768572s ago: executing program 3 (id=105): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000018000100feffffff0001000000000000000000000000ffffe0000002fc0100000000000000000000000000010001071c4e230005", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c000000ac14142500000000000000000000000000000000000000009201000000000000a39b000000000000ffff0000000000001c250800000000000500000000000000fcffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000fefffffffffffffffafffffffcffffff00000000800000000035000002"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 1.058363067s ago: executing program 3 (id=106): syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100008e88052086800095d8b601020301090212000100000000090401"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x2, 0x40402) ioctl$I2C_SMBUS(r0, 0x720, &(0x7f00000000c0)={0x0, 0x1, 0x4, &(0x7f0000000140)={0xb, "1a0c1c9da4693f2542f9eb34767f98bba3d2309893660cc16d461581326c87719d"}}) 859.396936ms ago: executing program 0 (id=107): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f00000001c0)="91", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000140)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001d7545517fd18b5d29978f32a5b5c81755cb89cc0490958", 0x75}, {&(0x7f0000000340)="31cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1170080000000000000a51a0917861009000080f049c606ccab7cda1f0e3490fbe385ea", 0x4c}, {&(0x7f00000003c0)="a7c652df", 0x4}], 0x3}}], 0x2, 0x14) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={0xffffffffffffffff}) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 858.926019ms ago: executing program 2 (id=108): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x4, 0x4, &(0x7f0000000500)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x7, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x28, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 858.73581ms ago: executing program 2 (id=109): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002000905", @ANYRES64], 0x0) syz_usb_disconnect(r0) syz_usb_disconnect(0xffffffffffffffff) syz_usb_connect$cdc_ecm(0x5, 0x4d, &(0x7f0000000a00)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x7, 0x10, 0x5, "", [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}}}]}}]}}, 0x0) 89.428379ms ago: executing program 1 (id=110): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$unix(0x1, 0x5, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000026c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r4) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r5) sendmsg$TIPC_CMD_ENABLE_BEARER(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r7) r8 = socket$unix(0x1, 0x2, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r10, {0x0, 0x6}, {0x2, 0xb}, {0xe, 0xb}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x2b}}]}, 0x38}, 0x1, 0x0, 0x0, 0x2404c0f1}, 0x4000800) ioctl$SIOCSIFHWADDR(r7, 0x8922, 0x0) 483.716µs ago: executing program 0 (id=111): connect$unix(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) connect$bt_rfcomm(0xffffffffffffffff, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa) syz_emit_vhci(&(0x7f00000003c0)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0xa}, @l2cap_cid_signaling={{0x6}, [@l2cap_cmd_rej_unk={{0x1, 0x1, 0x2}}]}}, 0xf) 0s ago: executing program 1 (id=112): prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) syz_usb_connect$cdc_ecm(0x0, 0x55, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000020000082505a5a4400001020301090243000101000002090400030302060000052406000005240000000d240f0101000080ff0f04000008241cbeef02060009058202000000000009050302"], 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000180), 0x10000001d, 0x8041) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000200)=@usbdevfs_connect) kernel console output (not intermixed with test programs): Warning: Permanently added '[localhost]:53627' (ED25519) to the list of known hosts. [ 48.167655][ T5906] cgroup: Unknown subsys name 'net' [ 48.272735][ T5906] cgroup: Unknown subsys name 'cpuset' [ 48.276751][ T5906] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 49.181687][ T5906] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 52.696751][ T63] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 52.699797][ T63] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 52.703758][ T63] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 52.708293][ T63] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 52.713517][ T5938] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 52.716943][ T5938] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 52.719383][ T5938] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 52.719867][ T5941] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 52.722729][ T5938] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 52.725579][ T5939] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 52.727077][ T5938] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 52.729388][ T5939] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 52.731626][ T5938] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 52.734725][ T5939] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 52.740426][ T5939] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 52.743305][ T5293] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 52.745962][ T5939] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 52.747584][ T5947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 52.748753][ T5939] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 52.749246][ T5293] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 53.026936][ T5942] chnl_net:caif_netlink_parms(): no params data found [ 53.036214][ T5931] chnl_net:caif_netlink_parms(): no params data found [ 53.140519][ T5936] chnl_net:caif_netlink_parms(): no params data found [ 53.184164][ T5935] chnl_net:caif_netlink_parms(): no params data found [ 53.333226][ T5931] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.335765][ T5931] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.338159][ T5931] bridge_slave_0: entered allmulticast mode [ 53.342513][ T5931] bridge_slave_0: entered promiscuous mode [ 53.346780][ T5931] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.349104][ T5931] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.351659][ T5931] bridge_slave_1: entered allmulticast mode [ 53.354683][ T5931] bridge_slave_1: entered promiscuous mode [ 53.370546][ T5942] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.373122][ T5942] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.375699][ T5942] bridge_slave_0: entered allmulticast mode [ 53.379060][ T5942] bridge_slave_0: entered promiscuous mode [ 53.384178][ T5942] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.387237][ T5942] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.389668][ T5942] bridge_slave_1: entered allmulticast mode [ 53.393504][ T5942] bridge_slave_1: entered promiscuous mode [ 53.413367][ T5936] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.415707][ T5936] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.418285][ T5936] bridge_slave_0: entered allmulticast mode [ 53.422440][ T5936] bridge_slave_0: entered promiscuous mode [ 53.425482][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.427815][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state [ 53.431086][ T5935] bridge_slave_0: entered allmulticast mode [ 53.434111][ T5935] bridge_slave_0: entered promiscuous mode [ 53.459265][ T5931] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.464111][ T5936] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.466854][ T5936] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.470104][ T5936] bridge_slave_1: entered allmulticast mode [ 53.473915][ T5936] bridge_slave_1: entered promiscuous mode [ 53.477671][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.480118][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state [ 53.482474][ T5935] bridge_slave_1: entered allmulticast mode [ 53.486452][ T5935] bridge_slave_1: entered promiscuous mode [ 53.511332][ T5931] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.531916][ T5942] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.548068][ T5931] team0: Port device team_slave_0 added [ 53.557203][ T5931] team0: Port device team_slave_1 added [ 53.560434][ T5935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.565048][ T5942] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.569710][ T5936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 53.579811][ T5936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.584419][ T5935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 53.623702][ T5942] team0: Port device team_slave_0 added [ 53.636230][ T5931] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.638530][ T5931] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.647286][ T5931] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.652432][ T5931] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.654774][ T5931] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.663050][ T5931] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.673923][ T5942] team0: Port device team_slave_1 added [ 53.677957][ T5935] team0: Port device team_slave_0 added [ 53.685964][ T5935] team0: Port device team_slave_1 added [ 53.688955][ T5936] team0: Port device team_slave_0 added [ 53.692808][ T5936] team0: Port device team_slave_1 added [ 53.725685][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.727962][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.737463][ T5936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.742347][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.745913][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.755902][ T5942] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.762662][ T5942] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.766071][ T5942] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.776599][ T5942] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.802720][ T5936] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.805375][ T5936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.814808][ T5936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.819032][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 53.821431][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.831114][ T5935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 53.835914][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 53.838212][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 53.847154][ T5935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 53.854315][ T5931] hsr_slave_0: entered promiscuous mode [ 53.857014][ T5931] hsr_slave_1: entered promiscuous mode [ 53.919599][ T5942] hsr_slave_0: entered promiscuous mode [ 53.923001][ T5942] hsr_slave_1: entered promiscuous mode [ 53.925291][ T5942] debugfs: 'hsr0' already exists in 'hsr' [ 53.927243][ T5942] Cannot create hsr debugfs directory [ 53.932029][ T5935] hsr_slave_0: entered promiscuous mode [ 53.935383][ T5935] hsr_slave_1: entered promiscuous mode [ 53.937946][ T5935] debugfs: 'hsr0' already exists in 'hsr' [ 53.940092][ T5935] Cannot create hsr debugfs directory [ 53.961087][ T5936] hsr_slave_0: entered promiscuous mode [ 53.963500][ T5936] hsr_slave_1: entered promiscuous mode [ 53.965637][ T5936] debugfs: 'hsr0' already exists in 'hsr' [ 53.967795][ T5936] Cannot create hsr debugfs directory [ 54.257705][ T5931] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 54.271488][ T5931] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 54.276734][ T5931] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 54.285148][ T5931] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 54.311564][ T5942] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 54.318435][ T5942] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 54.323509][ T5942] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 54.329671][ T5942] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 54.390429][ T5936] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 54.395472][ T5936] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 54.399763][ T5936] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 54.404373][ T5936] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 54.455511][ T5935] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 54.460415][ T5935] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 54.464377][ T5935] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 54.473286][ T5935] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 54.500618][ T5931] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.512023][ T5942] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.532591][ T5931] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.539526][ T5942] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.571829][ T5936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.576188][ T1223] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.578554][ T1223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.583139][ T1223] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.585398][ T1223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.591469][ T1223] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.594457][ T1223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.599871][ T1223] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.602557][ T1223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.674028][ T5935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 54.679619][ T5936] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.695554][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.698933][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.705061][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.708220][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.724476][ T5935] 8021q: adding VLAN 0 to HW filter on device team0 [ 54.743765][ T1223] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.746113][ T1223] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.749427][ T1223] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.751877][ T1223] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.763859][ T5932] Bluetooth: hci3: command tx timeout [ 54.763868][ T5941] Bluetooth: hci0: command tx timeout [ 54.797745][ T5931] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.835381][ T5931] veth0_vlan: entered promiscuous mode [ 54.840646][ T5941] Bluetooth: hci2: command tx timeout [ 54.840679][ T5932] Bluetooth: hci1: command tx timeout [ 54.843142][ T5931] veth1_vlan: entered promiscuous mode [ 54.864591][ T5942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.872552][ T5931] veth0_macvtap: entered promiscuous mode [ 54.878704][ T5931] veth1_macvtap: entered promiscuous mode [ 54.896347][ T5931] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 54.900978][ T5931] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 54.914152][ T59] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.922040][ T59] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.925082][ T59] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.934198][ T59] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 54.947706][ T5936] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.956924][ T5935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.975600][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 54.978505][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 54.985554][ T5942] veth0_vlan: entered promiscuous mode [ 54.998606][ T5942] veth1_vlan: entered promiscuous mode [ 54.999078][ T100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.003355][ T100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.036100][ T5931] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 55.045383][ T5936] veth0_vlan: entered promiscuous mode [ 55.050562][ T5942] veth0_macvtap: entered promiscuous mode [ 55.054154][ T5935] veth0_vlan: entered promiscuous mode [ 55.057689][ T5936] veth1_vlan: entered promiscuous mode [ 55.071957][ T5942] veth1_macvtap: entered promiscuous mode [ 55.082370][ T5935] veth1_vlan: entered promiscuous mode [ 55.096300][ T5936] veth0_macvtap: entered promiscuous mode [ 55.104441][ T5936] veth1_macvtap: entered promiscuous mode [ 55.122492][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.126841][ T5942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.140856][ T1223] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.144017][ T1223] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.152146][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.155301][ T1223] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.161779][ T1223] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.175261][ T5936] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.192439][ T5935] veth0_macvtap: entered promiscuous mode [ 55.197740][ T100] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.201029][ T100] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.203930][ T100] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.206791][ T100] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.225432][ T5935] veth1_macvtap: entered promiscuous mode [ 55.235119][ T100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.237724][ T100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.282826][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.285497][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.286309][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 55.296236][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 55.316191][ T1140] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.325261][ T1140] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.325264][ T100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.328128][ T100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.331072][ T1140] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.343183][ T1140] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 55.362044][ T100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.364972][ T100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.415528][ T1223] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.418330][ T1223] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.465220][ T6029] tipc: Started in network mode [ 55.466962][ T6029] tipc: Node identity f63952b60232, cluster identity 4711 [ 55.471112][ T6029] tipc: Enabled bearer , priority 0 [ 55.474931][ T104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 55.477553][ T104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 55.495595][ T6029] syzkaller0: entered promiscuous mode [ 55.497444][ T6029] syzkaller0: entered allmulticast mode [ 55.507222][ T6029] tipc: Resetting bearer [ 55.512112][ T6028] tipc: Resetting bearer [ 55.528287][ T6028] tipc: Disabling bearer [ 55.548951][ T6039] 8021q: adding VLAN 0 to HW filter on device bond0 [ 55.561288][ T6039] team0: Port device bond0 added [ 55.669545][ T6051] netlink: 24 bytes leftover after parsing attributes in process `syz.3.15'. [ 55.757139][ T40] audit: type=1326 audit(1772317301.474:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.2.20" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x7ffc0000 [ 55.766715][ T40] audit: type=1326 audit(1772317301.474:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.2.20" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x7ffc0000 [ 55.774162][ T40] audit: type=1326 audit(1772317301.484:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.2.20" exe="/syz-executor" sig=0 arch=40000003 syscall=374 compat=1 ip=0xf703ef6c code=0x7ffc0000 [ 55.783084][ T40] audit: type=1326 audit(1772317301.484:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.2.20" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x7ffc0000 [ 55.790471][ T40] audit: type=1326 audit(1772317301.484:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6058 comm="syz.2.20" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703ef6c code=0x7ffc0000 [ 55.835067][ T6067] tipc: Started in network mode [ 55.837294][ T6067] tipc: Node identity 82d6510c90a3, cluster identity 4711 [ 55.840799][ T6067] tipc: Enabled bearer , priority 0 [ 55.844250][ T6067] syzkaller0: entered promiscuous mode [ 55.846703][ T6067] syzkaller0: entered allmulticast mode [ 55.852286][ T6067] Zero length message leads to an empty skb [ 55.857510][ T6067] tipc: Resetting bearer [ 55.862097][ T6066] tipc: Resetting bearer [ 55.868451][ T6066] tipc: Disabling bearer [ 56.060105][ T6073] netlink: 'syz.2.25': attribute type 4 has an invalid length. [ 56.840687][ T5932] Bluetooth: hci0: command tx timeout [ 56.840720][ T5941] Bluetooth: hci3: command tx timeout [ 56.930581][ T5941] Bluetooth: hci2: command tx timeout [ 56.930837][ T5932] Bluetooth: hci1: command tx timeout [ 57.097402][ T6104] netlink: 72 bytes leftover after parsing attributes in process `syz.2.38'. [ 57.257424][ T6119] tipc: Enabled bearer , priority 0 [ 57.260795][ T6119] syzkaller0: entered promiscuous mode [ 57.262836][ T6119] syzkaller0: entered allmulticast mode [ 57.267618][ T6119] tipc: Resetting bearer [ 57.272405][ T6118] tipc: Resetting bearer [ 57.278670][ T6118] tipc: Disabling bearer [ 57.406719][ T6125] netlink: 72 bytes leftover after parsing attributes in process `syz.0.47'. [ 57.556166][ T6131] Bluetooth: MGMT ver 1.23 [ 57.596417][ T60] libceph: connect (1)[c::]:6789 error -101 [ 57.599403][ T60] libceph: mon0 (1)[c::]:6789 connect error [ 57.639882][ T6133] ceph: No mds server is up or the cluster is laggy [ 57.962427][ T5999] IPVS: starting estimator thread 0... [ 57.967227][ T6142] bridge0: port 3(syz_tun) entered blocking state [ 57.970936][ T6142] bridge0: port 3(syz_tun) entered disabled state [ 57.974398][ T6142] syz_tun: entered allmulticast mode [ 57.978441][ T6142] syz_tun: entered promiscuous mode [ 57.982388][ T6142] bridge0: port 3(syz_tun) entered blocking state [ 57.984899][ T6142] bridge0: port 3(syz_tun) entered forwarding state [ 58.050083][ T6143] IPVS: using max 43 ests per chain, 103200 per kthread [ 58.274424][ T5999] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 58.435951][ T5999] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 58.439589][ T5999] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 58.443474][ T5999] usb 6-1: config 0 interface 0 has no altsetting 0 [ 58.445610][ T5999] usb 6-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 58.448642][ T5999] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.454904][ T5999] usb 6-1: config 0 descriptor?? [ 58.647720][ T6151] netlink: 72 bytes leftover after parsing attributes in process `syz.3.57'. [ 58.708854][ T6123] Set syz1 is full, maxelem 65536 reached [ 58.783423][ T6159] netlink: 8 bytes leftover after parsing attributes in process `syz.3.60'. [ 58.866541][ T5999] hid-steam 0003:28DE:1102.0002: unknown main item tag 0x0 [ 58.869388][ T5999] hid-steam 0003:28DE:1102.0002: unknown main item tag 0x0 [ 58.877135][ T5999] hid-steam 0003:28DE:1102.0002: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.1-1/input0 [ 58.920074][ T5932] Bluetooth: hci3: command tx timeout [ 58.940295][ T5999] hid-steam 0003:28DE:1102.0002: Steam Controller 'XXXXXXXXXX' connected [ 58.944961][ T5999] input: Steam Controller as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:28DE:1102.0002/input/input5 [ 58.989443][ T5999] hid-steam 0003:28DE:1102.0003: unknown main item tag 0x0 [ 58.996221][ T5999] hid-steam 0003:28DE:1102.0003: unknown main item tag 0x0 [ 59.000026][ T5932] Bluetooth: hci1: command tx timeout [ 59.002218][ T5932] Bluetooth: hci2: command tx timeout [ 59.014851][ T5999] hid-steam 0003:28DE:1102.0003: hidraw1: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.1-1/input0 [ 59.070793][ T24] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 59.135321][ T6174] tipc: Enabled bearer , priority 0 [ 59.138509][ T6174] syzkaller0: entered promiscuous mode [ 59.142285][ T6174] syzkaller0: entered allmulticast mode [ 59.150820][ T6174] tipc: Resetting bearer [ 59.154108][ T6172] tipc: Resetting bearer [ 59.161047][ T6172] tipc: Disabling bearer [ 59.205901][ T39] input: Steam Controller as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/0003:28DE:1102.0002/input/input6 [ 59.214332][ T827] usb 6-1: USB disconnect, device number 2 [ 59.220054][ T24] usb 8-1: Using ep0 maxpacket: 8 [ 59.224686][ T24] usb 8-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 59.230081][ T24] usb 8-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 59.233511][ T24] usb 8-1: config 0 interface 0 has no altsetting 0 [ 59.235810][ T24] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 59.241551][ T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.255474][ T24] usb 8-1: config 0 descriptor?? [ 59.267657][ T827] hid-steam 0003:28DE:1102.0002: Steam Controller 'XXXXXXXXXX' disconnected [ 59.271957][ T6179] netlink: 72 bytes leftover after parsing attributes in process `syz.0.66'. [ 59.374415][ T6185] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 59.667097][ T24] mcp2221 0003:04D8:00DD.0004: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0 [ 59.690086][ T827] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 59.854479][ T827] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 59.857805][ T827] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 59.860904][ T827] usb 5-1: Product: syz [ 59.862393][ T827] usb 5-1: Manufacturer: syz [ 59.863919][ T827] usb 5-1: SerialNumber: syz [ 59.866999][ T6161] i2c i2c-2: unsupported multi-msg i2c transaction [ 59.873129][ T827] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 59.875391][ T6002] usb 8-1: USB disconnect, device number 2 [ 59.896631][ T24] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 60.040790][ T60] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 60.140745][ T827] usb 5-1: USB disconnect, device number 2 [ 60.191824][ T60] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 60.195478][ T60] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 60.203198][ T60] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 60.206186][ T60] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 60.208651][ T60] usb 6-1: SerialNumber: syz [ 60.215194][ T60] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22 [ 60.416032][ T60] usb 6-1: USB disconnect, device number 3 [ 60.640266][ T9] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 60.675248][ T6199] tipc: Enabled bearer , priority 0 [ 60.678450][ T6199] syzkaller0: entered promiscuous mode [ 60.681229][ T6199] syzkaller0: entered allmulticast mode [ 60.689561][ T6199] tipc: Resetting bearer [ 60.695017][ T6198] tipc: Resetting bearer [ 60.704489][ T6198] tipc: Disabling bearer [ 60.791327][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 60.794953][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 60.798120][ T9] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 60.810032][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.814834][ T9] usb 8-1: config 0 descriptor?? [ 60.877478][ T6203] netlink: 72 bytes leftover after parsing attributes in process `syz.2.76'. [ 60.920296][ T24] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 60.922852][ T24] ath9k_htc: Failed to initialize the device [ 60.926147][ T827] usb 5-1: ath9k_htc: USB layer deinitialized [ 61.009747][ T6211] lo speed is unknown, defaulting to 1000 [ 61.010466][ T5941] Bluetooth: hci3: command tx timeout [ 61.013370][ T6211] lo speed is unknown, defaulting to 1000 [ 61.018889][ T6211] lo speed is unknown, defaulting to 1000 [ 61.025633][ T6211] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 61.036500][ T6211] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 61.068188][ T6211] lo speed is unknown, defaulting to 1000 [ 61.069752][ T6216] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 61.074915][ T6211] lo speed is unknown, defaulting to 1000 [ 61.080248][ T5941] Bluetooth: hci2: command tx timeout [ 61.080342][ T5932] Bluetooth: hci1: command tx timeout [ 61.082074][ T6211] lo speed is unknown, defaulting to 1000 [ 61.085071][ T6211] lo speed is unknown, defaulting to 1000 [ 61.140008][ T6218] netlink: 20 bytes leftover after parsing attributes in process `syz.1.82'. [ 61.157450][ T6219] tipc: Started in network mode [ 61.159270][ T6219] tipc: Node identity cee02f290d4c, cluster identity 4711 [ 61.161807][ T6219] tipc: Enabled bearer , priority 0 [ 61.164983][ T6219] syzkaller0: entered promiscuous mode [ 61.166833][ T6219] syzkaller0: entered allmulticast mode [ 61.173960][ T6219] tipc: Resetting bearer [ 61.178467][ T6217] tipc: Resetting bearer [ 61.187806][ T6217] tipc: Disabling bearer [ 61.225128][ T9] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0 [ 61.227753][ T9] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0 [ 61.240155][ T9] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/0003:0D8C:0022.0005/input/input7 [ 61.241054][ T827] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 61.265682][ T9] cm6533_jd 0003:0D8C:0022.0005: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0 [ 61.390050][ T827] usb 5-1: Using ep0 maxpacket: 8 [ 61.393329][ T827] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.397013][ T827] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 61.400556][ T827] usb 5-1: config 0 interface 0 has no altsetting 0 [ 61.402903][ T827] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 61.405830][ T827] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.411767][ T827] usb 5-1: config 0 descriptor?? [ 61.431105][ T6002] usb 8-1: USB disconnect, device number 3 [ 61.531025][ T60] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 61.680216][ T60] usb 7-1: Using ep0 maxpacket: 16 [ 61.684948][ T60] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.689141][ T60] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 61.693341][ T60] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 61.698342][ T60] usb 7-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 61.702350][ T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.707312][ T60] usb 7-1: config 0 descriptor?? [ 61.713794][ T60] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input8 [ 61.720626][ T5326] pxrc 7-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 61.724111][ T5326] pxrc 7-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 61.730487][ T5326] pxrc 7-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 61.735286][ T5326] pxrc 7-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 61.745862][ T5326] pxrc 7-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 61.749832][ T5326] pxrc 7-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 61.753733][ T6162] pxrc 7-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 61.761540][ T5326] pxrc 7-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 61.766116][ T5326] pxrc 7-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 61.824330][ T827] mcp2221 0003:04D8:00DD.0006: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 61.914880][ T6223] usb 5-1: USB disconnect, device number 3 [ 61.941437][ T6227] netlink: 72 bytes leftover after parsing attributes in process `syz.1.85'. [ 61.971800][ T60] usb 7-1: USB disconnect, device number 2 [ 62.321009][ T6229] syz.3.86 (6229): drop_caches: 2 [ 62.388281][ T6245] tipc: Enabled bearer , priority 0 [ 62.413897][ T6245] syzkaller0: entered promiscuous mode [ 62.415896][ T6245] syzkaller0: entered allmulticast mode [ 62.422952][ T6245] tipc: Resetting bearer [ 62.426483][ T6244] tipc: Resetting bearer [ 62.434945][ T6244] tipc: Disabling bearer [ 62.551421][ T6250] netlink: 4 bytes leftover after parsing attributes in process `syz.2.94'. [ 62.563713][ T6250] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 63.031730][ T6257] netlink: 72 bytes leftover after parsing attributes in process `syz.1.96'. [ 63.133022][ T6266] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 63.151011][ T6266] netlink: 12 bytes leftover after parsing attributes in process `syz.2.100'. [ 63.157560][ T6266] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 63.161554][ T6266] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 63.176487][ T6268] tipc: Started in network mode [ 63.178474][ T6268] tipc: Node identity 22c32e95d89c, cluster identity 4711 [ 63.181199][ T6268] tipc: Enabled bearer , priority 0 [ 63.184224][ T6268] syzkaller0: entered promiscuous mode [ 63.186059][ T6268] syzkaller0: entered allmulticast mode [ 63.195324][ T6267] tipc: Resetting bearer [ 63.203016][ T6267] tipc: Disabling bearer [ 63.270830][ T1223] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 63.380355][ T100] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 63.447409][ T6280] netlink: 72 bytes leftover after parsing attributes in process `syz.3.105'. [ 63.503688][ T104] wlan1: authentication with 08:02:11:00:00:00 timed out [ 63.540141][ T840] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 63.590643][ T6277] trusted_key: syz.0.104 sent an empty control message without MSG_MORE. [ 63.690151][ T840] usb 6-1: Using ep0 maxpacket: 32 [ 63.693321][ T840] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 63.696675][ T840] usb 6-1: config 1 interface 0 altsetting 254 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 63.701294][ T840] usb 6-1: config 1 interface 0 has no altsetting 0 [ 63.704333][ T840] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 63.707414][ T840] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 63.710799][ T840] usb 6-1: SerialNumber: syz [ 63.713559][ T827] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 63.715986][ T840] cdc_acm 6-1:1.0: invalid descriptor buffer length [ 63.718529][ T840] cdc_acm 6-1:1.0: Control and data interfaces are not separated! [ 63.722088][ T840] cdc_acm 6-1:1.0: This needs exactly 3 endpoints [ 63.724360][ T840] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -22 [ 63.880139][ T827] usb 8-1: Using ep0 maxpacket: 32 [ 63.884374][ T827] usb 8-1: config 0 has an invalid interface number: 1 but max is 0 [ 63.888078][ T827] usb 8-1: config 0 has no interface number 0 [ 63.894139][ T827] usb 8-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 63.897152][ T827] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 63.899754][ T827] usb 8-1: Product: syz [ 63.901256][ T827] usb 8-1: Manufacturer: syz [ 63.902834][ T827] usb 8-1: SerialNumber: syz [ 63.909872][ T827] usb 8-1: config 0 descriptor?? [ 63.914321][ T827] usb 8-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 63.917255][ T827] usb 8-1: selecting invalid altsetting 1 [ 63.919147][ T827] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 63.924238][ T840] usb 6-1: USB disconnect, device number 4 [ 63.924678][ T827] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 63.929840][ T827] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 63.935999][ T827] usb 8-1: media controller created [ 63.944431][ T827] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 63.960328][ T24] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 64.111397][ T24] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 64.114444][ T24] usb 7-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 64.118118][ T24] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 64.121228][ T24] usb 7-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 64.125054][ T24] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 64.128685][ T24] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 64.133994][ T24] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 64.137070][ T24] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 64.139834][ T24] usb 7-1: Product: syz [ 64.141441][ T24] usb 7-1: Manufacturer: syz [ 64.145782][ T6292] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 64.149432][ T24] cdc_wdm 7-1:1.0: skipping garbage [ 64.151518][ T24] cdc_wdm 7-1:1.0: skipping garbage [ 64.156689][ T24] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 64.158805][ T24] cdc_wdm 7-1:1.0: Unknown control protocol [ 64.354516][ T24] usb 7-1: USB disconnect, device number 3 [ 64.470740][ T6295] tipc: Enabled bearer , priority 0 [ 64.473525][ T6295] syzkaller0: entered promiscuous mode [ 64.475440][ T6295] syzkaller0: entered allmulticast mode [ 64.485840][ T6294] tipc: Resetting bearer [ 64.493885][ T6294] tipc: Disabling bearer [ 64.810053][ T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 64.960045][ T9] usb 6-1: Using ep0 maxpacket: 8 [ 64.963139][ T9] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0x82 has invalid wMaxPacketSize 0 [ 64.967131][ T9] usb 6-1: config 1 interface 0 altsetting 3 bulk endpoint 0x82 has invalid maxpacket 0 [ 64.971275][ T9] usb 6-1: config 1 interface 0 altsetting 3 endpoint 0x3 has invalid maxpacket 40960, setting to 1024 [ 64.975774][ T9] usb 6-1: config 1 interface 0 altsetting 3 bulk endpoint 0x3 has invalid maxpacket 1024 [ 64.979857][ T9] usb 6-1: config 1 interface 0 altsetting 3 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 64.984643][ T9] usb 6-1: config 1 interface 0 has no altsetting 0 [ 64.988335][ T9] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 64.991791][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 64.995108][ T9] usb 6-1: Product: syz [ 64.996509][ T9] usb 6-1: Manufacturer: syz [ 64.998059][ T9] usb 6-1: SerialNumber: syz [ 65.000078][ T6177] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 65.003826][ T827] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 65.004663][ T9] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22 [ 65.006884][ T827] zl10353_read_register: readreg error (reg=127, ret==-110) [ 65.007072][ T6283] usb 8-1: dvb_usb_ce6230: I2C read not implemented [ 65.009619][ T9] usb-storage 6-1:1.0: USB Mass Storage device detected [ 65.015502][ T827] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 65.021775][ T9] usb-storage 6-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 65.039151][ T827] usb 8-1: USB disconnect, device number 4 [ 65.160168][ T5941] Bluetooth: hci3: command 0x2016 tx timeout [ 65.175113][ T5941] ------------[ cut here ]------------ [ 65.177797][ T5941] refcnt < 0 [ 65.177810][ T5941] WARNING: net/bluetooth/hci_conn.c:567 at hci_conn_timeout+0x16a/0x230, CPU#3: kworker/u33:5/5941 [ 65.184738][ T5941] Modules linked in: [ 65.186749][ T5941] CPU: 3 UID: 0 PID: 5941 Comm: kworker/u33:5 Not tainted syzkaller #0 PREEMPT(full) [ 65.191040][ T5941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 65.191795][ T6177] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 65.195451][ T5941] Workqueue: hci3 hci_conn_timeout [ 65.199036][ T6177] usb 7-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 65.201093][ T5941] RIP: 0010:hci_conn_timeout+0x16a/0x230 [ 65.204645][ T6177] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 65.207010][ T5941] Code: 44 0f b6 2d 13 cb 50 06 31 ff 41 83 e5 40 44 89 ee e8 3a 8d 83 f7 45 84 ed 0f 84 02 ff ff ff e9 76 28 ed f6 e8 d7 92 83 f7 90 <0f> 0b 90 e8 ce 92 83 f7 48 8d bb fd f5 ff ff 48 b8 00 00 00 00 00 [ 65.207025][ T5941] RSP: 0000:ffffc90003ae7c18 EFLAGS: 00010293 [ 65.207036][ T5941] RAX: 0000000000000000 RBX: ffff88806b080a40 RCX: ffffffff8a8466cf [ 65.207043][ T5941] RDX: ffff88802aa3a480 RSI: ffffffff8a8467c9 RDI: ffff88802aa3a480 [ 65.210602][ T6177] usb 7-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 65.218580][ T5941] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000 [ 65.218600][ T5941] R10: 00000000ffffffff R11: 00000000000075eb R12: ffff88806b080000 [ 65.218617][ T5941] R13: ffff88802aa3a904 R14: ffffffff90d9d9e4 R15: 0000000000000000 [ 65.218646][ T5941] FS: 0000000000000000(0000) GS:ffff88809744e000(0000) knlGS:0000000000000000 [ 65.221524][ T6177] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 65.223964][ T6022] usb 6-1: USB disconnect, device number 5 [ 65.224091][ T5941] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 65.224107][ T5941] CR2: 00007fffb77c7930 CR3: 000000006cc4a000 CR4: 0000000000352ef0 [ 65.226938][ T6177] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 65.232135][ T5941] Call Trace: [ 65.232145][ T5941] [ 65.232152][ T5941] process_one_work+0x9d7/0x1920 [ 65.232178][ T5941] ? __pfx_process_one_work+0x10/0x10 [ 65.232200][ T5941] ? __pfx_hci_conn_timeout+0x10/0x10 [ 65.232222][ T5941] worker_thread+0x5da/0xe40 [ 65.232251][ T5941] ? __pfx_worker_thread+0x10/0x10 [ 65.232274][ T5941] ? kthread+0x13a/0x450 [ 65.232294][ T5941] ? __pfx_worker_thread+0x10/0x10 [ 65.232316][ T5941] kthread+0x370/0x450 [ 65.232336][ T5941] ? __pfx_kthread+0x10/0x10 [ 65.232351][ T5941] ret_from_fork+0x754/0xd80 [ 65.232368][ T5941] ? __pfx_ret_from_fork+0x10/0x10 [ 65.232384][ T5941] ? native_load_gs_index+0x1e/0xc0 [ 65.232396][ T5941] ? __switch_to+0x7b4/0x1120 [ 65.232408][ T5941] ? __pfx_kthread+0x10/0x10 [ 65.232422][ T5941] ret_from_fork_asm+0x1a/0x30 [ 65.232440][ T5941] [ 65.232447][ T5941] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 65.232455][ T5941] CPU: 3 UID: 0 PID: 5941 Comm: kworker/u33:5 Not tainted syzkaller #0 PREEMPT(full) [ 65.232468][ T5941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 65.232476][ T5941] Workqueue: hci3 hci_conn_timeout [ 65.232490][ T5941] Call Trace: [ 65.232494][ T5941] [ 65.232498][ T5941] dump_stack_lvl+0x100/0x190 [ 65.232513][ T5941] vpanic+0x552/0x970 [ 65.232524][ T5941] ? __pfx_vpanic+0x10/0x10 [ 65.232537][ T5941] panic+0xd1/0xe0 [ 65.232547][ T5941] ? __pfx_panic+0x10/0x10 [ 65.232561][ T5941] ? check_panic_on_warn+0x1f/0x90 [ 65.232576][ T5941] check_panic_on_warn.cold+0x19/0x34 [ 65.232587][ T5941] ? hci_conn_timeout+0x16a/0x230 [ 65.232599][ T5941] __warn.cold+0x191/0x348 [ 65.232617][ T5941] __report_bug+0x296/0x3d0 [ 65.232627][ T5941] ? hci_conn_timeout+0x16a/0x230 [ 65.232640][ T5941] ? __pfx___report_bug+0x10/0x10 [ 65.232652][ T5941] ? __pfx___schedule+0x10/0x10 [ 65.232666][ T5941] ? hci_conn_timeout+0x16a/0x230 [ 65.232679][ T5941] report_bug+0xb2/0x220 [ 65.232689][ T5941] ? hci_conn_timeout+0x16a/0x230 [ 65.232701][ T5941] handle_bug+0x166/0x2a0 [ 65.232715][ T5941] exc_invalid_op+0x17/0x50 [ 65.232729][ T5941] asm_exc_invalid_op+0x1a/0x20 [ 65.232740][ T5941] RIP: 0010:hci_conn_timeout+0x16a/0x230 [ 65.232753][ T5941] Code: 44 0f b6 2d 13 cb 50 06 31 ff 41 83 e5 40 44 89 ee e8 3a 8d 83 f7 45 84 ed 0f 84 02 ff ff ff e9 76 28 ed f6 e8 d7 92 83 f7 90 <0f> 0b 90 e8 ce 92 83 f7 48 8d bb fd f5 ff ff 48 b8 00 00 00 00 00 [ 65.232763][ T5941] RSP: 0000:ffffc90003ae7c18 EFLAGS: 00010293 [ 65.232771][ T5941] RAX: 0000000000000000 RBX: ffff88806b080a40 RCX: ffffffff8a8466cf [ 65.232778][ T5941] RDX: ffff88802aa3a480 RSI: ffffffff8a8467c9 RDI: ffff88802aa3a480 [ 65.232785][ T5941] RBP: 00000000ffffffff R08: 0000000000000005 R09: 0000000000000000 [ 65.232791][ T5941] R10: 00000000ffffffff R11: 00000000000075eb R12: ffff88806b080000 [ 65.232798][ T5941] R13: ffff88802aa3a904 R14: ffffffff90d9d9e4 R15: 0000000000000000 [ 65.232807][ T5941] ? hci_conn_timeout+0x6f/0x230 [ 65.232819][ T5941] ? hci_conn_timeout+0x169/0x230 [ 65.232833][ T5941] ? hci_conn_timeout+0x169/0x230 [ 65.232846][ T5941] process_one_work+0x9d7/0x1920 [ 65.232866][ T5941] ? __pfx_process_one_work+0x10/0x10 [ 65.232884][ T5941] ? __pfx_hci_conn_timeout+0x10/0x10 [ 65.232898][ T5941] worker_thread+0x5da/0xe40 [ 65.232915][ T5941] ? __pfx_worker_thread+0x10/0x10 [ 65.232930][ T5941] ? kthread+0x13a/0x450 [ 65.232943][ T5941] ? __pfx_worker_thread+0x10/0x10 [ 65.232956][ T5941] kthread+0x370/0x450 [ 65.232969][ T5941] ? __pfx_kthread+0x10/0x10 [ 65.232983][ T5941] ret_from_fork+0x754/0xd80 [ 65.232998][ T5941] ? __pfx_ret_from_fork+0x10/0x10 [ 65.233013][ T5941] ? native_load_gs_index+0x1e/0xc0 [ 65.233024][ T5941] ? __switch_to+0x7b4/0x1120 [ 65.233035][ T5941] ? __pfx_kthread+0x10/0x10 [ 65.233049][ T5941] ret_from_fork_asm+0x1a/0x30 [ 65.233066][ T5941] [ 65.236112][ T5941] Kernel Offset: disabled