last executing test programs:

4.059817991s ago: executing program 2 (id=223):
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000040)="2703022b590200c90000002f1eafbcf706e105000000894f000f11", 0x1b}], 0x1}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.68105238s ago: executing program 2 (id=227):
r0 = syz_clone(0x2000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
syz_open_procfs$namespace(r0, &(0x7f0000000100)='ns/net\x00')

3.599739045s ago: executing program 2 (id=229):
syz_usb_connect(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000226aa140070ad0001310010203010902240001000000000904000002bd22f00009050303000000000009058aff"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x28000000000000)
writev(r0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="7126b47494", 0x5}], 0x1)

1.947942588s ago: executing program 2 (id=240):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0x40015b0b, &(0x7f0000000040))

1.943072256s ago: executing program 1 (id=248):
syz_usb_connect(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000226aa140070ad0001310010203010902240001000000000904000002bd22f00009050303000000000009058aff"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x28000000000000)
writev(r0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="7126b47494", 0x5}], 0x1)

1.835960421s ago: executing program 3 (id=244):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, 0x0, 0x0)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000002600)=0x5, 0x2)

1.717205441s ago: executing program 3 (id=246):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4000, 0x0, 0x7, 0x2)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps_rollup\x00')
read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020)

885.025056ms ago: executing program 3 (id=253):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a20000000000a01010000000000000000010000090900010073797a3100000000380000000b0a03060000000000000000000000080900020073797a31000000000800044000000001040012800900010073797a300000000078000000160a01080000000000000000010000070900010073797a31000000000900020073797a31000000000900020073797a320000000040000380080002400000000608000140000000002c0003801400010070696d726567310000000000000000001400010070696d72656731"], 0xf8}, 0x1, 0x0, 0x0, 0x40}, 0x8880)

826.817785ms ago: executing program 0 (id=254):
syz_open_procfs(0x0, &(0x7f0000000040)='net/dev_mcast\x00')
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)="fa", 0x1}], 0x1}}], 0x1, 0x24040890)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4)
pselect6(0x40, &(0x7f0000000080)={0xef, 0x800, 0xc, 0x2, 0x6, 0x9, 0x6, 0x6}, 0x0, 0x0, &(0x7f0000000440), 0x0)

708.061738ms ago: executing program 0 (id=255):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, &(0x7f0000000080)=0x4, 0x4)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, 0x0, 0x0)

707.860435ms ago: executing program 3 (id=256):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_STATION(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000180)={0x58, r0, 0x9, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_WME={0x2c, 0x81, [@NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x5}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x2}, @NL80211_STA_WME_UAPSD_QUEUES={0x5}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x7}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x5}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)

693.909973ms ago: executing program 0 (id=257):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000440)='/dev/comedi0\x00', 0x101001, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)

617.078071ms ago: executing program 3 (id=258):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)=<r1=>0x0)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r2, &(0x7f00000000c0)={0x27, r1, 0x1, 0x3, 0x0, 0xff, "bac5115c7dad488702b535116fad55baf63cdd52fc30106310abb622a1c3c01c13c04df6b906288e64e96754059e65c39c5759b069d6e6d9589e5f2348878c", 0x18}, 0x60)
close(r0)

606.737431ms ago: executing program 0 (id=259):
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000040)="2703022b590200c90000002f1eafbcf706e105000000894f000f11", 0x1b}], 0x1}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x3, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

444.006646ms ago: executing program 1 (id=260):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000680), r0)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x20000804)

435.372159ms ago: executing program 3 (id=261):
r0 = syz_clone(0x2000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
syz_usb_disconnect(0xffffffffffffffff)
syz_open_procfs$namespace(r0, &(0x7f0000000100)='ns/net\x00')

382.827676ms ago: executing program 1 (id=262):
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x62, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x7cce8c743ee810df})
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r0, &(0x7f00000004c0)=ANY=[], 0x232)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x149002, 0x0)
write$P9_RSTATu(r2, &(0x7f00000004c0)=ANY=[], 0x232)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
close_range(r1, 0xffffffffffffffff, 0x400000000000000)

266.303803ms ago: executing program 1 (id=263):
syz_open_procfs(0x0, &(0x7f0000000040)='net/dev_mcast\x00')
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x36}}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)="fa", 0x1}], 0x1}}], 0x1, 0x24040890)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4)
pselect6(0x40, &(0x7f0000000080)={0xef, 0x800, 0xc, 0x2, 0x6, 0x9, 0x6, 0x6}, 0x0, 0x0, &(0x7f0000000440), 0x0)

265.521197ms ago: executing program 2 (id=264):
syz_emit_vhci(&(0x7f0000000040)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x22}, @l2cap_cid_signaling={{0x1e}, [@l2cap_disconn_rsp={{0x7, 0xd9, 0x4}, {0x8, 0xfda}}, @l2cap_disconn_req={{0x6, 0xff, 0x4}, {0x1, 0x9}}, @l2cap_disconn_req={{0x6, 0x7f, 0x4}, {0xf, 0x3}}, @l2cap_cmd_rej_unk={{0x1, 0x4, 0x2}, {0xfa8}}]}}, 0x27)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

183.956665ms ago: executing program 0 (id=265):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, &(0x7f0000000080)=0x4, 0x4)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, 0x0, 0x0)

182.097837ms ago: executing program 1 (id=266):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
sendmsg$NL80211_CMD_SET_STATION(r0, 0x0, 0x4000000)

83.526141ms ago: executing program 2 (id=267):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000440)={r3, 0x0, 0x0, 0x0, 0x1, [<r4=>0x0], [], [], [0x0, 0x100000000]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={r4, 0x0, <r5=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000280)={r3, 0x0, 0x0, 0x0, 0x0, [<r6=>0x0], [], [], [0x0, 0x3, 0x400000008]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000100)={r6})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r5})

79.155156ms ago: executing program 0 (id=268):
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000180)={0xfffffffffffffcd2, 0x0, &(0x7f0000000280)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x28000000000000)
writev(r0, &(0x7f00000004c0)=[{&(0x7f00000002c0)="7126b47494", 0x5}], 0x1)

0s ago: executing program 1 (id=269):
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000002c0)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100d0000000fbdbdf25010000001800018014000200766574683100000000000000000000001c0002800c00018008000100030000000c000180080001"], 0x48}, 0x1, 0x0, 0x0, 0x840}, 0x4008800)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.84' (ED25519) to the list of known hosts.
[  101.442319][ T5848] cgroup: Unknown subsys name 'net'
[  101.586934][ T5848] cgroup: Unknown subsys name 'cpuset'
[  101.596559][ T5848] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  103.480083][ T5848] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  107.276204][ T5861] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  107.293472][ T5871] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  107.303567][ T5871] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  107.312513][ T5871] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  107.321308][ T5871] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  107.348861][ T5869] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  107.353672][ T5871] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  107.366685][ T5871] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  107.369124][ T5869] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  107.375652][ T5871] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  107.390984][ T5871] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  107.398732][ T5869] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  107.400877][ T5871] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  107.413585][ T5872] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  107.416311][ T5871] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  107.423163][ T5872] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  107.431492][ T5871] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  107.439953][ T5872] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  107.443811][ T5861] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  107.465237][ T5871] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  108.061313][ T5864] chnl_net:caif_netlink_parms(): no params data found
[  108.119445][ T5868] chnl_net:caif_netlink_parms(): no params data found
[  108.244917][ T5860] chnl_net:caif_netlink_parms(): no params data found
[  108.409203][ T5857] chnl_net:caif_netlink_parms(): no params data found
[  108.427262][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.435300][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.443291][ T5864] bridge_slave_0: entered allmulticast mode
[  108.451167][ T5864] bridge_slave_0: entered promiscuous mode
[  108.505138][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.512469][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.520564][ T5864] bridge_slave_1: entered allmulticast mode
[  108.528189][ T5864] bridge_slave_1: entered promiscuous mode
[  108.557999][ T5868] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.565688][ T5868] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.573322][ T5868] bridge_slave_0: entered allmulticast mode
[  108.581775][ T5868] bridge_slave_0: entered promiscuous mode
[  108.634213][ T5868] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.642100][ T5868] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.649826][ T5868] bridge_slave_1: entered allmulticast mode
[  108.657776][ T5868] bridge_slave_1: entered promiscuous mode
[  108.665242][ T5860] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.673040][ T5860] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.680586][ T5860] bridge_slave_0: entered allmulticast mode
[  108.688425][ T5860] bridge_slave_0: entered promiscuous mode
[  108.731686][ T5860] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.741376][ T5860] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.749212][ T5860] bridge_slave_1: entered allmulticast mode
[  108.757359][ T5860] bridge_slave_1: entered promiscuous mode
[  108.768281][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.820302][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.839791][ T5868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.854170][ T5868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.907437][    T9] cfg80211: failed to load regulatory.db
[  108.935610][ T5860] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.010330][ T5860] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.039357][ T5864] team0: Port device team_slave_0 added
[  109.048860][ T5864] team0: Port device team_slave_1 added
[  109.074233][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.081773][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.093697][ T5857] bridge_slave_0: entered allmulticast mode
[  109.102385][ T5857] bridge_slave_0: entered promiscuous mode
[  109.115663][ T5868] team0: Port device team_slave_0 added
[  109.155137][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.163151][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.170405][ T5857] bridge_slave_1: entered allmulticast mode
[  109.179269][ T5857] bridge_slave_1: entered promiscuous mode
[  109.189277][ T5868] team0: Port device team_slave_1 added
[  109.215721][ T5860] team0: Port device team_slave_0 added
[  109.225150][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.232348][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.262647][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.313106][ T5860] team0: Port device team_slave_1 added
[  109.320132][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.329339][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.358521][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.397190][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.408273][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.419106][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.446554][ T5868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.461563][ T5868] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.470316][ T5868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.499239][ T5868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.533799][ T5867] Bluetooth: hci0: command tx timeout
[  109.534736][   T52] Bluetooth: hci1: command tx timeout
[  109.540040][ T5867] Bluetooth: hci2: command tx timeout
[  109.545952][   T52] Bluetooth: hci3: command tx timeout
[  109.565280][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.613908][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.621543][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.649477][ T5860] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.663918][ T5860] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.671354][ T5860] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.698026][ T5860] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.730471][ T5857] team0: Port device team_slave_0 added
[  109.775733][ T5857] team0: Port device team_slave_1 added
[  109.803113][ T5868] hsr_slave_0: entered promiscuous mode
[  109.810524][ T5868] hsr_slave_1: entered promiscuous mode
[  109.857403][ T5864] hsr_slave_0: entered promiscuous mode
[  109.865291][ T5864] hsr_slave_1: entered promiscuous mode
[  109.872980][ T5864] debugfs: 'hsr0' already exists in 'hsr'
[  109.879237][ T5864] Cannot create hsr debugfs directory
[  109.889897][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.898710][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.925888][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.981609][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.989627][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.016134][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.047720][ T5860] hsr_slave_0: entered promiscuous mode
[  110.055453][ T5860] hsr_slave_1: entered promiscuous mode
[  110.061842][ T5860] debugfs: 'hsr0' already exists in 'hsr'
[  110.067664][ T5860] Cannot create hsr debugfs directory
[  110.279219][ T5857] hsr_slave_0: entered promiscuous mode
[  110.286148][ T5857] hsr_slave_1: entered promiscuous mode
[  110.292454][ T5857] debugfs: 'hsr0' already exists in 'hsr'
[  110.298447][ T5857] Cannot create hsr debugfs directory
[  110.659625][ T5868] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  110.684753][ T5868] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  110.701381][ T5868] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  110.724533][ T5868] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  110.805671][ T5864] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  110.822258][ T5864] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  110.844090][ T5864] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  110.875820][ T5864] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  110.947486][ T5860] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  110.975190][ T5860] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  110.991674][ T5860] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  111.006098][ T5860] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  111.115203][ T5857] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  111.127628][ T5857] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  111.155659][ T5857] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  111.169629][ T5857] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  111.240509][ T5868] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.294523][ T5868] 8021q: adding VLAN 0 to HW filter on device team0
[  111.334253][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.342018][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.354394][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.361711][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.434768][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.497944][ T5864] 8021q: adding VLAN 0 to HW filter on device team0
[  111.529439][ T5860] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.541955][ T3509] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.549608][ T3509] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.587100][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.594576][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.613568][   T52] Bluetooth: hci2: command tx timeout
[  111.619074][   T52] Bluetooth: hci1: command tx timeout
[  111.626090][ T5867] Bluetooth: hci0: command tx timeout
[  111.631650][ T5867] Bluetooth: hci3: command tx timeout
[  111.704310][ T5860] 8021q: adding VLAN 0 to HW filter on device team0
[  111.738524][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0
[  111.765469][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.772744][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.814477][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.821726][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.856587][ T5857] 8021q: adding VLAN 0 to HW filter on device team0
[  111.911626][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.918865][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.979089][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.986479][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.039894][ T5868] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.121905][ T5857] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  112.250841][ T5868] veth0_vlan: entered promiscuous mode
[  112.314444][ T5868] veth1_vlan: entered promiscuous mode
[  112.335223][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.456221][ T5868] veth0_macvtap: entered promiscuous mode
[  112.498534][ T5868] veth1_macvtap: entered promiscuous mode
[  112.525459][ T5864] veth0_vlan: entered promiscuous mode
[  112.603526][ T5864] veth1_vlan: entered promiscuous mode
[  112.628537][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.639491][ T5860] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.684031][ T5868] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.708985][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.726051][ T1011] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.748757][ T1011] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.757851][ T1011] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.772090][ T5864] veth0_macvtap: entered promiscuous mode
[  112.780166][ T1011] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.816380][ T5864] veth1_macvtap: entered promiscuous mode
[  112.870048][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.907587][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.938884][   T60] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.965798][ T5860] veth0_vlan: entered promiscuous mode
[  112.979086][   T60] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.989685][   T60] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.028175][ T5860] veth1_vlan: entered promiscuous mode
[  113.028169][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.044537][   T60] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.050935][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.071963][ T5857] veth0_vlan: entered promiscuous mode
[  113.110479][ T5857] veth1_vlan: entered promiscuous mode
[  113.188087][ T5860] veth0_macvtap: entered promiscuous mode
[  113.199716][ T1011] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.209913][ T5860] veth1_macvtap: entered promiscuous mode
[  113.217905][ T1011] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.252126][ T5857] veth0_macvtap: entered promiscuous mode
[  113.284643][ T1011] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.297065][ T1011] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.317830][ T5857] veth1_macvtap: entered promiscuous mode
[  113.357736][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.377195][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.397404][ T5868] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  113.403121][ T5860] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.430661][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.445763][   T60] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.473932][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.491332][   T60] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.500602][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.502778][   T60] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.516756][   T60] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.565591][   T60] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.620109][   T60] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.630288][   T60] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.689367][   T60] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.704188][   T52] Bluetooth: hci1: command tx timeout
[  113.709701][ T5867] Bluetooth: hci3: command tx timeout
[  113.714012][ T5871] Bluetooth: hci0: command tx timeout
[  113.718740][ T5872] Bluetooth: hci2: command tx timeout
[  113.786428][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.799802][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.834967][   T43] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  113.847999][   T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.856305][   T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.917521][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.927222][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.968136][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.984735][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.015131][   T43] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  114.043414][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.102947][   T43] usb 3-1: config 0 descriptor??
[  114.322472][ T5960] netlink: 'syz.1.4': attribute type 21 has an invalid length.
[  114.330650][ T5960] netlink: 164 bytes leftover after parsing attributes in process `syz.1.4'.
[  114.493191][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  114.550909][ T5953] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  114.560974][ T5953] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  114.658331][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  114.668345][    T9] usb 1-1: config 0 has an invalid interface number: 238 but max is 0
[  114.678605][    T9] usb 1-1: config 0 has no interface number 0
[  114.688278][    T9] usb 1-1: config 0 interface 238 has no altsetting 0
[  114.708206][    T9] usb 1-1: New USB device found, idVendor=1776, idProduct=501c, bcdDevice=f1.0d
[  114.717861][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.726129][    T9] usb 1-1: Product: syz
[  114.730591][    T9] usb 1-1: Manufacturer: syz
[  114.737035][    T9] usb 1-1: SerialNumber: syz
[  114.746886][    T9] usb 1-1: config 0 descriptor??
[  114.857259][ T5970] netlink: 14 bytes leftover after parsing attributes in process `syz.1.6'.
[  114.959569][ T5973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  114.969612][ T5973] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  114.998149][    T9] gspca_main: spca501-2.14.0 probing 1776:501c
[  115.009644][ T5970] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  115.011704][    T9] gspca_spca501: reg write: error -71
[  115.025496][    T9] spca501 1-1:0.238: Reg write failed for 0x02,0x07,0x05
[  115.035010][    T9] spca501 1-1:0.238: probe with driver spca501 failed with error -22
[  115.046847][ T5970] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  115.059055][ T5970] bond0 (unregistering): Released all slaves
[  115.086344][    T9] usb 1-1: USB disconnect, device number 2
[  115.205445][ T5975] netlink: 'syz.3.7': attribute type 4 has an invalid length.
[  115.228845][ T5975] netlink: 17 bytes leftover after parsing attributes in process `syz.3.7'.
[  115.743288][ T5954] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  115.773422][   T52] Bluetooth: hci1: command tx timeout
[  115.779005][ T5867] Bluetooth: hci3: command tx timeout
[  115.784616][ T5872] Bluetooth: hci2: command tx timeout
[  115.790180][ T5867] Bluetooth: hci0: command tx timeout
[  115.912914][ T5954] usb 4-1: Using ep0 maxpacket: 16
[  115.927084][ T5954] usb 4-1: config 166 has an invalid interface number: 177 but max is 1
[  115.942100][ T5954] usb 4-1: config 166 has an invalid interface number: 34 but max is 1
[  115.952822][ T5954] usb 4-1: config 166 has no interface number 0
[  115.972975][ T5954] usb 4-1: config 166 has no interface number 1
[  115.979525][ T5954] usb 4-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  115.995397][ T5954] usb 4-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  116.008485][ T5954] usb 4-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  116.029640][ T5954] usb 4-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[  116.058097][ T5954] usb 4-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[  116.084790][ T5954] usb 4-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  116.123656][ T5954] usb 4-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  116.150593][ T5954] usb 4-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0
[  116.164319][ T5997] tipc: Started in network mode
[  116.169473][ T5997] tipc: Node identity , cluster identity 4711
[  116.177521][ T5997] tipc: Failed to obtain node identity
[  116.185050][ T5997] tipc: Enabling of bearer <eth:caif0> rejected, failed to enable media
[  116.193962][ T5954] usb 4-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  116.209130][ T5997] netlink: 'syz.1.15': attribute type 27 has an invalid length.
[  116.217382][ T5954] usb 4-1: config 166 interface 177 has no altsetting 0
[  116.240849][ T5954] usb 4-1: config 166 interface 34 has no altsetting 0
[  116.262845][ T5954] usb 4-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12
[  116.279027][ T5954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.297369][ T5954] usb 4-1: Product: syz
[  116.302979][ T5954] usb 4-1: Manufacturer: syz
[  116.309081][ T5954] usb 4-1: SerialNumber: syz
[  116.351971][ T5997] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.360345][ T5997] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.396498][   T43] pegasus 3-1:0.0: setup Pegasus II specific registers
[  116.421741][ T6000] netlink: 4 bytes leftover after parsing attributes in process `syz.0.16'.
[  116.441879][ T6000] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  116.520534][   T43] pegasus 3-1:0.0: can't locate MII phy, using default
[  116.528776][ T5997] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  116.555340][ T5997] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  116.658404][ T5985] netlink: 164 bytes leftover after parsing attributes in process `syz.3.11'.
[  116.678116][ T5954] ums-realtek 4-1:166.177: USB Mass Storage device detected
[  116.827492][ T6001] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.860696][ T5954] ums-realtek 4-1:166.34: USB Mass Storage device detected
[  116.891018][   T43] pegasus 3-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, 6a:38:08:71:08:b0
[  116.891018][   T50] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  116.891081][   T50] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  116.933651][   T50] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  116.978884][ T5954] ums-realtek 4-1:166.34: probe with driver ums-realtek failed with error -5
[  116.980725][   T43] usb 3-1: USB disconnect, device number 2
[  117.004837][ T5954] usb 4-1: Found UVC 0.00 device syz (0bda:0138)
[  117.027618][ T5954] usb 4-1: No valid video chain found.
[  117.090604][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.097951][ T5954] usb 4-1: USB disconnect, device number 2
[  117.120897][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.137597][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.167524][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.223356][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.256463][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.336895][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.367045][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.378514][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.388178][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.398477][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.437813][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.448193][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.458030][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.471760][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.482224][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.491694][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.501725][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.514751][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.526133][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.552850][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.578610][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.635026][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.657710][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.668536][ T5954] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  117.680005][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.698336][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.710056][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.719603][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.728914][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.738430][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.749228][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.758790][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.778790][ T6007] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.17' sets config #-1
[  117.837676][ T5954] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  117.872679][ T5954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.901548][ T5954] usb 4-1: Product: syz
[  117.911550][ T5954] usb 4-1: Manufacturer: syz
[  117.918604][ T5954] usb 4-1: SerialNumber: syz
[  117.938247][ T5954] usb 4-1: config 0 descriptor??
[  117.974249][ T5954] gspca_main: sunplus-2.14.0 probing 055f:c230
[  118.042989][ T6022] netlink: 'syz.0.20': attribute type 21 has an invalid length.
[  118.050766][ T6022] netlink: 164 bytes leftover after parsing attributes in process `syz.0.20'.
[  118.363076][   T43] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  118.529033][   T43] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  118.546214][   T43] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  118.556941][   T43] usb 3-1: config 0 interface 0 altsetting 9 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  118.570304][   T43] usb 3-1: config 0 interface 0 has no altsetting 0
[  118.580595][ T5954] gspca_sunplus: reg_r err -71
[  118.588848][   T43] usb 3-1: New USB device found, idVendor=056a, idProduct=0100, bcdDevice= 0.00
[  118.594059][ T5954] sunplus 4-1:0.0: probe with driver sunplus failed with error -71
[  118.613862][ T5954] usb 4-1: USB disconnect, device number 3
[  118.632632][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.663728][   T43] usb 3-1: config 0 descriptor??
[  118.670664][ T6030] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  118.702705][ T5912] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  118.864915][ T5912] usb 1-1: config 0 has an invalid interface number: 128 but max is 0
[  118.873947][ T5912] usb 1-1: config 0 has no interface number 0
[  118.890439][ T5912] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  118.910495][ T6030] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  118.927024][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.936673][ T6030] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  118.948637][ T5912] usb 1-1: Product: syz
[  118.963907][ T5912] usb 1-1: Manufacturer: syz
[  118.968645][ T5912] usb 1-1: SerialNumber: syz
[  118.978423][ T5912] usb 1-1: config 0 descriptor??
[  119.361069][ T6057] team0: No ports can be present during mode change
[  119.393434][ T5912] usb 1-1: Firmware version (0.0) predates our first public release.
[  119.426890][ T5912] usb 1-1: Please update to version 0.2 or newer
[  119.611625][ T6037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  119.653192][ T6037] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  119.694335][ T5954] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  119.725055][ T5871] Bluetooth: hci1: Malformed Event: 0x02
[  119.757137][ T5912] usb 1-1: USB disconnect, device number 3
[  119.894690][ T5954] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  119.907973][ T5954] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.932726][ T5954] usb 2-1: config 0 descriptor??
[  120.351665][ T6059] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  120.360672][ T6059] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.747404][ T6074] netlink: 4 bytes leftover after parsing attributes in process `syz.3.29'.
[  120.767888][ T6074] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  121.072767][  T919] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  121.164396][   T43] usbhid 3-1:0.0: can't add hid device: -71
[  121.203424][   T43] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  121.236349][  T919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  121.253677][   T43] usb 3-1: USB disconnect, device number 3
[  121.262720][   T30] audit: type=1326 audit(1757149501.931:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6079 comm="syz.2.32" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1fc838ebe9 code=0x0
[  121.276030][  T919] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  121.322177][   T30] audit: type=1326 audit(1757149501.991:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6079 comm="syz.2.32" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1fc838ebe9 code=0x0
[  121.332865][  T919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.376911][  T919] usb 1-1: Product: syz
[  121.381144][  T919] usb 1-1: Manufacturer: syz
[  121.404926][  T919] usb 1-1: SerialNumber: syz
[  121.432534][  T919] usb 1-1: config 0 descriptor??
[  121.992807][ T2152] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  122.152747][ T2152] usb 4-1: Using ep0 maxpacket: 16
[  122.163712][ T2152] usb 4-1: New USB device found, idVendor=046d, idProduct=08b2, bcdDevice=80.59
[  122.175015][ T2152] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.185246][ T2152] usb 4-1: Product: syz
[  122.189537][ T2152] usb 4-1: Manufacturer: syz
[  122.194740][ T2152] usb 4-1: SerialNumber: syz
[  122.214436][ T5954] pegasus 2-1:0.0: setup Pegasus II specific registers
[  122.223480][ T2152] usb 4-1: config 0 descriptor??
[  122.243486][ T2152] pwc: Logitech QuickCam 4000 Pro USB webcam detected.
[  122.310778][  T919] usb 1-1: USB disconnect, device number 4
[  122.326282][ T5954] pegasus 2-1:0.0: can't locate MII phy, using default
[  122.418368][ T5954] pegasus 2-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, 9e:0f:8b:c6:38:1c
[  122.457744][ T5954] usb 2-1: USB disconnect, device number 2
[  122.475040][ T5964] udevd[5964]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  122.516067][ T2152] pwc: Failed to set LED on/off time (-71)
[  122.526259][ T2152] pwc: send_video_command error -71
[  122.532204][ T2152] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  122.545947][ T2152] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71
[  122.617686][ T2152] usb 4-1: USB disconnect, device number 4
[  123.051677][ T6100] netlink: 'syz.0.35': attribute type 27 has an invalid length.
[  123.132699][ T6100] netlink: 'syz.0.35': attribute type 1 has an invalid length.
[  123.140395][ T6100] bridge0: port 1(bridge_slave_0) entered learning state
[  123.481430][ T2152] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  123.767318][ T2152] usb 1-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  123.795055][ T2152] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.829369][ T2152] usb 1-1: Product: syz
[  123.839648][ T2152] usb 1-1: Manufacturer: syz
[  123.852600][ T2152] usb 1-1: SerialNumber: syz
[  123.859274][ T6116] Zero length message leads to an empty skb
[  123.870680][ T2152] usb 1-1: config 0 descriptor??
[  123.951924][ T5871] Bluetooth: hci4: urb ffff888028aa0c00 submission failed (2)
[  124.143985][ T6124] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  124.664923][ T6139] netlink: 'syz.1.44': attribute type 4 has an invalid length.
[  124.833601][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  125.176561][ T6153] syz.2.42 uses obsolete (PF_INET,SOCK_PACKET)
[  125.692723][  T919] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  125.772756][   T43] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  125.846832][  T919] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  125.858187][  T919] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  125.868153][  T919] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  125.879317][  T919] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  125.892179][  T919] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  125.901462][  T919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.909716][  T919] usb 3-1: Product: syz
[  125.914217][  T919] usb 3-1: Manufacturer: syz
[  125.918836][  T919] usb 3-1: SerialNumber: syz
[  125.926517][  T919] usb 3-1: config 0 descriptor??
[  125.932697][   T43] usb 4-1: Using ep0 maxpacket: 8
[  125.941291][   T43] usb 4-1: config index 0 descriptor too short (expected 74, got 45)
[  125.949586][   T43] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  125.961130][   T43] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  125.971810][   T43] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  125.983805][   T43] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  126.002768][   T43] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  126.034551][   T43] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  126.046084][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.085183][    T9] usb 1-1: USB disconnect, device number 5
[  126.158221][  T919] adutux 3-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  126.304264][   T43] usb 4-1: GET_CAPABILITIES returned 0
[  126.309825][   T43] usbtmc 4-1:16.0: can't read capabilities
[  126.357496][ T6163] usb 3-1: Couldn't submit interrupt_out_urb -90
[  126.376990][   T43] usb 3-1: USB disconnect, device number 4
[  126.436233][ T6173] 9pnet_virtio: no channels available for device syz
[  126.517195][    T9] usb 4-1: USB disconnect, device number 5
[  126.775658][ T6186] warning: `syz.0.60' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  126.985739][ T6191] binder: 6190:6191 ioctl c0306201 2000000001c0 returned -14
[  127.233522][ T6200] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  127.260173][ T6200] block device autoloading is deprecated and will be removed.
[  127.454748][    C1] bridge0: port 1(bridge_slave_0) entered forwarding state
[  127.703602][   T43] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  127.874942][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  127.892917][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  127.916247][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  127.933076][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  127.946532][   T43] usb 4-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  127.960482][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.969793][   T43] usb 4-1: Product: syz
[  127.987285][   T43] usb 4-1: Manufacturer: syz
[  127.994174][   T43] usb 4-1: SerialNumber: syz
[  128.015407][   T43] usb 4-1: config 0 descriptor??
[  128.095274][  T919] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  128.252346][   T43] adutux 4-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  128.275672][  T919] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  128.306576][  T919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  128.341371][  T919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  128.364935][  T919] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  128.388630][  T919] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  128.424558][  T919] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.444350][  T919] usb 1-1: config 0 descriptor??
[  128.480811][ T6210] usb 4-1: Couldn't submit interrupt_out_urb -90
[  128.499183][ T5912] usb 4-1: USB disconnect, device number 6
[  128.564220][ T6244] netlink: 64 bytes leftover after parsing attributes in process `syz.2.86'.
[  128.575912][ T6244] team0: No ports can be present during mode change
[  128.899785][  T919] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  128.930775][  T919] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  128.944591][  T919] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  128.952059][  T919] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  128.960644][  T919] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  128.971486][  T919] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  128.979968][  T919] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  128.991302][  T919] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  129.000201][  T919] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  129.010528][  T919] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  129.054962][  T919] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  129.171974][    T9] usb 1-1: USB disconnect, device number 6
[  129.230520][ T6259] fido_id[6259]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  130.062791][    T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  130.225460][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  130.236375][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  130.246087][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  130.257069][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  130.270554][    T9] usb 1-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  130.279723][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.289855][    T9] usb 1-1: Product: syz
[  130.294145][    T9] usb 1-1: Manufacturer: syz
[  130.298781][    T9] usb 1-1: SerialNumber: syz
[  130.305764][    T9] usb 1-1: config 0 descriptor??
[  130.520744][    T9] adutux 1-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  130.728621][ T6283] usb 1-1: Couldn't submit interrupt_out_urb -90
[  130.736481][   T43] usb 1-1: USB disconnect, device number 7
[  131.345384][ T6292] tap0: tun_chr_ioctl cmd 1074025675
[  131.350747][ T6292] tap0: persist enabled
[  131.367090][ T6292] tap0: tun_chr_ioctl cmd 1074025675
[  131.372441][ T6292] tap0: persist disabled
[  131.447148][ T3509] nci: nci_extract_activation_params_nfc_dep: unsupported activation_rf_tech_and_mode 0x1
[  132.072860][  T919] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  132.123193][ T6326] loop6: detected capacity change from 0 to 64
[  132.160589][ T5863] Buffer I/O error on dev loop6, logical block 0, async page read
[  132.183774][ T5863] Buffer I/O error on dev loop6, logical block 0, async page read
[  132.205822][ T5863] Buffer I/O error on dev loop6, logical block 0, async page read
[  132.233708][ T5863] Buffer I/O error on dev loop6, logical block 0, async page read
[  132.248334][  T919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  132.270712][ T5863] Buffer I/O error on dev loop6, logical block 0, async page read
[  132.278913][  T919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  132.312226][  T919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  132.346515][  T919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  132.380501][  T919] usb 1-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  132.400695][  T919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.422954][  T919] usb 1-1: Product: syz
[  132.433466][  T919] usb 1-1: Manufacturer: syz
[  132.438190][  T919] usb 1-1: SerialNumber: syz
[  132.454164][  T919] usb 1-1: config 0 descriptor??
[  132.692293][  T919] adutux 1-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  132.897749][    T9] usb 1-1: USB disconnect, device number 8
[  132.986863][ T6356] comedi comedi0: Minor 3 could not be opened
[  133.503393][ T6375] comedi comedi0: Minor 3 could not be opened
[  134.152669][  T919] usb 2-1: new low-speed USB device number 3 using dummy_hcd
[  134.253039][ T5912] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  134.324969][  T919] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  134.333551][  T919] usb 2-1: config 0 has no interface number 0
[  134.339694][  T919] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  134.350843][  T919] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  134.372696][  T919] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  134.412088][  T919] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  134.427771][  T919] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  134.439984][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  134.451720][  T919] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  134.472620][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  134.490076][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  134.510014][  T919] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  134.520332][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  134.530530][  T919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.541284][ T5912] usb 1-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  134.555119][  T919] usb 2-1: config 0 descriptor??
[  134.579857][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.589620][ T6389] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  134.593240][ T5912] usb 1-1: Product: syz
[  134.602222][ T5912] usb 1-1: Manufacturer: syz
[  134.607391][ T5912] usb 1-1: SerialNumber: syz
[  134.616399][ T5912] usb 1-1: config 0 descriptor??
[  134.622362][ T6389] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  134.637488][  T919] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  134.720029][ T6413] comedi comedi0: Minor 3 specified more than once!
[  134.856972][ T5912] adutux 1-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux1
[  134.872938][ T6389] ldusb 2-1:0.55: Write buffer overflow, 3 bytes dropped
[  134.888235][  T919] usb 2-1: USB disconnect, device number 3
[  134.912471][  T919] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  135.096753][    T9] usb 1-1: USB disconnect, device number 9
[  136.060009][ T6448] tap0: tun_chr_ioctl cmd 1074025675
[  136.065878][ T6448] tap0: persist enabled
[  136.071596][ T6448] tap0: tun_chr_ioctl cmd 1074025675
[  136.078095][ T6448] tap0: persist enabled
[  136.462738][ T5912] usb 3-1: new low-speed USB device number 5 using dummy_hcd
[  136.627877][ T5912] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  136.636266][ T5912] usb 3-1: config 0 has no interface number 0
[  136.642495][ T5912] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  136.654081][ T5912] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  136.667464][ T5912] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  136.679489][ T5912] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  136.691192][ T5912] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  136.703825][ T5912] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  136.718028][ T5912] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  136.727583][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.743492][ T5912] usb 3-1: config 0 descriptor??
[  136.753497][ T6454] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  136.791435][ T6454] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  136.815757][ T5912] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  137.026820][ T6454] ldusb 3-1:0.55: Write buffer overflow, 3 bytes dropped
[  137.047090][ T5912] usb 3-1: USB disconnect, device number 5
[  137.065049][ T5912] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  137.152694][ T2152] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  137.337094][ T2152] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  137.349232][ T2152] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  137.359660][ T2152] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  137.371483][ T2152] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  137.384912][ T2152] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  137.394417][ T2152] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.402508][ T2152] usb 2-1: Product: syz
[  137.412703][ T2152] usb 2-1: Manufacturer: syz
[  137.423500][ T2152] usb 2-1: SerialNumber: syz
[  137.443764][ T2152] usb 2-1: config 0 descriptor??
[  137.680096][ T2152] adutux 2-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  137.886033][ T2152] usb 2-1: USB disconnect, device number 4
[  138.504705][ T5912] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  138.664439][ T5912] usb 4-1: Using ep0 maxpacket: 8
[  138.672296][ T5912] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  138.683860][ T5912] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  138.694150][ T5912] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  138.704673][ T5912] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  138.717752][ T5912] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  138.726908][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.949409][ T5912] usb 4-1: GET_CAPABILITIES returned 0
[  138.955197][ T5912] usbtmc 4-1:16.0: can't read capabilities
[  139.167111][    T9] usb 4-1: USB disconnect, device number 7
[  139.627901][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  139.636559][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  139.862999][ T2152] usb 1-1: new low-speed USB device number 10 using dummy_hcd
[  140.024352][ T2152] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  140.058692][ T2152] usb 1-1: config 0 has no interface number 0
[  140.077087][ T2152] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  140.125542][ T2152] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  140.145955][ T2152] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  140.172127][ T2152] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  140.183528][ T2152] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  140.205894][ T2152] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  140.229250][ T2152] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  140.251390][ T2152] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.268842][ T2152] usb 1-1: config 0 descriptor??
[  140.282673][ T5951] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  140.292449][ T6506] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  140.302879][ T6506] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  140.318767][ T2152] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  140.446588][ T5951] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  140.462103][ T5951] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  140.487479][ T5951] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  140.501195][ T5951] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  140.537847][ T5951] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  140.563481][ T5951] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  140.565103][ T6506] ldusb 1-1:0.55: Write buffer overflow, 3 bytes dropped
[  140.571513][ T5951] usb 3-1: Product: syz
[  140.571535][ T5951] usb 3-1: Manufacturer: syz
[  140.571552][ T5951] usb 3-1: SerialNumber: syz
[  140.597106][ T5951] usb 3-1: config 0 descriptor??
[  140.658794][    C0] ldusb 1-1:0.55: usb_submit_urb failed (-1)
[  140.713982][ T2152] usb 1-1: USB disconnect, device number 10
[  140.725328][ T2152] ldusb 1-1:0.55: LD USB Device #0 now disconnected
[  140.831077][ T5951] adutux 3-1:0.0: ADU208  now attached to /dev/usb/adutux0
[  140.851685][ T5951] usb 3-1: USB disconnect, device number 6
[  141.033054][   T43] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  141.183418][   T43] usb 2-1: Using ep0 maxpacket: 8
[  141.190617][   T43] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  141.202251][   T43] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  141.212484][   T43] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  141.224379][   T43] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  141.237793][   T43] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  141.246960][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.479395][   T43] usb 2-1: GET_CAPABILITIES returned 0
[  141.493996][   T43] usbtmc 2-1:16.0: can't read capabilities
[  141.708947][    T9] usb 2-1: USB disconnect, device number 5
[  142.266963][   T43] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  142.322937][ T2152] usb 4-1: new low-speed USB device number 8 using dummy_hcd
[  142.461728][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  142.502737][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  142.515052][ T2152] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  142.522384][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  142.539006][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  142.553018][ T2152] usb 4-1: config 0 has no interface number 0
[  142.561425][ T2152] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  142.564617][   T43] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  142.599720][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.608084][ T2152] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  142.608115][ T2152] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  142.608138][ T2152] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  142.608160][ T2152] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  142.608192][ T2152] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  142.608235][ T2152] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  142.608255][ T2152] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.619465][ T2152] usb 4-1: config 0 descriptor??
[  142.622105][   T43] usb 3-1: Product: syz
[  142.665626][ T6585] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  142.707011][ T6585] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  142.722410][ T2152] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  142.802180][   T43] usb 3-1: Manufacturer: syz
[  142.810271][   T43] usb 3-1: SerialNumber: syz
[  142.845254][   T43] usb 3-1: config 0 descriptor??
[  142.942138][ T6585] ldusb 4-1:0.55: Write buffer overflow, 3 bytes dropped
[  142.958393][  T919] usb 4-1: USB disconnect, device number 8
[  142.974379][  T919] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[  143.070916][   T43] adutux 3-1:0.0: ADU208  now attached to /dev/usb/adutux0
[  143.082839][   T43] usb 3-1: USB disconnect, device number 7
[  143.873894][   T43] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  143.924643][  T919] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  144.073303][   T43] usb 3-1: Using ep0 maxpacket: 8
[  144.080600][   T43] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  144.104825][   T43] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  144.120433][  T919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  144.143185][   T43] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  144.156400][  T919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  144.166761][   T43] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  144.182493][  T919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  144.195143][   T43] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  144.204418][  T919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  144.214393][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.226145][  T919] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  144.237892][  T919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.262703][  T919] usb 2-1: Product: syz
[  144.266961][  T919] usb 2-1: Manufacturer: syz
[  144.271607][  T919] usb 2-1: SerialNumber: syz
[  144.313528][  T919] usb 2-1: config 0 descriptor??
[  144.540431][   T43] usb 3-1: GET_CAPABILITIES returned 0
[  144.554494][   T43] usbtmc 3-1:16.0: can't read capabilities
[  144.578120][  T919] adutux 2-1:0.0: ADU208  now attached to /dev/usb/adutux1
[  144.604833][  T919] usb 2-1: USB disconnect, device number 6
[  144.753697][ T2152] usb 3-1: USB disconnect, device number 8
[  145.620865][ T6673] ==================================================================
[  145.628979][ T6673] BUG: KASAN: slab-out-of-bounds in change_page_attr_set_clr+0x625/0xfc0
[  145.637449][ T6673] Read of size 8 at addr ffff88807d681ee0 by task syz.2.267/6673
[  145.645179][ T6673] 
[  145.647543][ T6673] CPU: 1 UID: 0 PID: 6673 Comm: syz.2.267 Not tainted syzkaller #0 PREEMPT(full) 
[  145.647563][ T6673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  145.647579][ T6673] Call Trace:
[  145.647586][ T6673]  <TASK>
[  145.647593][ T6673]  dump_stack_lvl+0x189/0x250
[  145.647611][ T6673]  ? __kasan_check_byte+0x12/0x40
[  145.647631][ T6673]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.647644][ T6673]  ? lock_release+0x4b/0x3e0
[  145.647664][ T6673]  ? __virt_addr_valid+0x4a5/0x5c0
[  145.647689][ T6673]  print_report+0xca/0x240
[  145.647705][ T6673]  ? change_page_attr_set_clr+0x625/0xfc0
[  145.647722][ T6673]  kasan_report+0x118/0x150
[  145.647741][ T6673]  ? change_page_attr_set_clr+0x625/0xfc0
[  145.647762][ T6673]  change_page_attr_set_clr+0x625/0xfc0
[  145.647782][ T6673]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[  145.647800][ T6673]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[  145.647825][ T6673]  ? memtype_reserve+0x874/0xb30
[  145.647855][ T6673]  _set_pages_array+0x145/0x270
[  145.647877][ T6673]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[  145.647904][ T6673]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  145.647932][ T6673]  drm_gem_shmem_pin_locked+0x22c/0x460
[  145.647957][ T6673]  ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10
[  145.647983][ T6673]  ? ww_mutex_lock+0x3f/0x1c0
[  145.648000][ T6673]  drm_gem_map_attach+0x19c/0x1f0
[  145.648026][ T6673]  dma_buf_dynamic_attach+0x1ea/0x3d0
[  145.648049][ T6673]  ? __fget_files+0x3a0/0x420
[  145.648070][ T6673]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  145.648086][ T6673]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[  145.648101][ T6673]  ? drm_gem_prime_fd_to_handle+0x185/0x4d0
[  145.648126][ T6673]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  145.648142][ T6673]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[  145.648168][ T6673]  drm_ioctl_kernel+0x2cc/0x390
[  145.648189][ T6673]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  145.648214][ T6673]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  145.648251][ T6673]  drm_ioctl+0x67f/0xb10
[  145.648272][ T6673]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  145.648299][ T6673]  ? __pfx_drm_ioctl+0x10/0x10
[  145.648324][ T6673]  ? __fget_files+0x3a0/0x420
[  145.648345][ T6673]  ? __fget_files+0x2a/0x420
[  145.648366][ T6673]  ? bpf_lsm_file_ioctl+0x9/0x20
[  145.648380][ T6673]  ? __pfx_drm_ioctl+0x10/0x10
[  145.648400][ T6673]  __se_sys_ioctl+0xf9/0x170
[  145.648417][ T6673]  do_syscall_64+0xfa/0xfa0
[  145.648431][ T6673]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.648444][ T6673]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.648459][ T6673]  ? clear_bhb_loop+0x60/0xb0
[  145.648476][ T6673]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.648492][ T6673] RIP: 0033:0x7f1fc838ebe9
[  145.648510][ T6673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.648523][ T6673] RSP: 002b:00007f1fc92c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  145.648540][ T6673] RAX: ffffffffffffffda RBX: 00007f1fc85c5fa0 RCX: 00007f1fc838ebe9
[  145.648552][ T6673] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000004
[  145.648562][ T6673] RBP: 00007f1fc8411e19 R08: 0000000000000000 R09: 0000000000000000
[  145.648572][ T6673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  145.648581][ T6673] R13: 00007f1fc85c6038 R14: 00007f1fc85c5fa0 R15: 00007ffff14ee508
[  145.648600][ T6673]  </TASK>
[  145.648605][ T6673] 
[  145.981866][ T6673] Allocated by task 6673:
[  145.986216][ T6673]  kasan_save_track+0x3e/0x80
[  145.990919][ T6673]  __kasan_kmalloc+0x93/0xb0
[  145.995539][ T6673]  __kvmalloc_node_noprof+0x5cd/0x910
[  146.000946][ T6673]  drm_gem_get_pages+0x166/0xa20
[  146.005910][ T6673]  drm_gem_shmem_get_pages_locked+0x201/0x440
[  146.012017][ T6673]  drm_gem_shmem_pin_locked+0x22c/0x460
[  146.017604][ T6673]  drm_gem_map_attach+0x19c/0x1f0
[  146.022671][ T6673]  dma_buf_dynamic_attach+0x1ea/0x3d0
[  146.028080][ T6673]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[  146.034350][ T6673]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[  146.040114][ T6673]  drm_ioctl_kernel+0x2cc/0x390
[  146.045089][ T6673]  drm_ioctl+0x67f/0xb10
[  146.049368][ T6673]  __se_sys_ioctl+0xf9/0x170
[  146.053988][ T6673]  do_syscall_64+0xfa/0xfa0
[  146.058515][ T6673]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.064433][ T6673] 
[  146.066773][ T6673] The buggy address belongs to the object at ffff88807d681e80
[  146.066773][ T6673]  which belongs to the cache kmalloc-96 of size 96
[  146.080666][ T6673] The buggy address is located 0 bytes to the right of
[  146.080666][ T6673]  allocated 96-byte region [ffff88807d681e80, ffff88807d681ee0)
[  146.095108][ T6673] 
[  146.097442][ T6673] The buggy address belongs to the physical page:
[  146.103881][ T6673] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7d681
[  146.112657][ T6673] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  146.119776][ T6673] page_type: f5(slab)
[  146.123762][ T6673] raw: 00fff00000000000 ffff88801a841280 dead000000000100 dead000000000122
[  146.132348][ T6673] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000
[  146.140932][ T6673] page dumped because: kasan: bad access detected
[  146.147357][ T6673] page_owner tracks the page as allocated
[  146.153075][ T6673] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5997, tgid 5996 (syz.1.15), ts 116230618647, free_ts 116184195288
[  146.172188][ T6673]  post_alloc_hook+0x240/0x2a0
[  146.176964][ T6673]  get_page_from_freelist+0x21e4/0x22c0
[  146.182520][ T6673]  __alloc_frozen_pages_noprof+0x181/0x370
[  146.188341][ T6673]  alloc_pages_mpol+0x232/0x4a0
[  146.193207][ T6673]  allocate_slab+0x8a/0x330
[  146.197724][ T6673]  ___slab_alloc+0xbd1/0x13f0
[  146.202402][ T6673]  __slab_alloc+0x55/0xa0
[  146.206737][ T6673]  __kmalloc_noprof+0x471/0x7f0
[  146.211592][ T6673]  cfg80211_inform_single_bss_data+0x905/0x1ac0
[  146.217845][ T6673]  cfg80211_inform_bss_data+0x1fb/0x3b30
[  146.223487][ T6673]  cfg80211_inform_bss_frame_data+0x3d7/0x730
[  146.229566][ T6673]  ieee80211_bss_info_update+0x746/0x9e0
[  146.235214][ T6673]  ieee80211_scan_rx+0x593/0xa20
[  146.240166][ T6673]  ieee80211_rx_list+0x201c/0x2a90
[  146.245302][ T6673]  ieee80211_rx_napi+0x1a8/0x3d0
[  146.250262][ T6673]  ieee80211_handle_queued_frames+0xe8/0x1f0
[  146.256255][ T6673] page last free pid 15 tgid 15 stack trace:
[  146.262233][ T6673]  __free_frozen_pages+0xbc4/0xd30
[  146.267353][ T6673]  rcu_core+0xcab/0x1770
[  146.271607][ T6673]  handle_softirqs+0x283/0x870
[  146.276386][ T6673]  run_ksoftirqd+0x9b/0x100
[  146.280910][ T6673]  smpboot_thread_fn+0x542/0xa60
[  146.285861][ T6673]  kthread+0x70e/0x8a0
[  146.289946][ T6673]  ret_from_fork+0x47c/0x820
[  146.294541][ T6673]  ret_from_fork_asm+0x1a/0x30
[  146.299315][ T6673] 
[  146.301641][ T6673] Memory state around the buggy address:
[  146.307275][ T6673]  ffff88807d681d80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[  146.315351][ T6673]  ffff88807d681e00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[  146.323421][ T6673] >ffff88807d681e80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc
[  146.331476][ T6673]                                                        ^
[  146.338670][ T6673]  ffff88807d681f00: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
[  146.346748][ T6673]  ffff88807d681f80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  146.354830][ T6673] ==================================================================
[  146.372618][ T6673] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  146.379870][ T6673] CPU: 0 UID: 0 PID: 6673 Comm: syz.2.267 Not tainted syzkaller #0 PREEMPT(full) 
[  146.389091][ T6673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  146.399178][ T6673] Call Trace:
[  146.402480][ T6673]  <TASK>
[  146.405438][ T6673]  dump_stack_lvl+0x99/0x250
[  146.410064][ T6673]  ? __asan_memcpy+0x40/0x70
[  146.414676][ T6673]  ? __pfx_dump_stack_lvl+0x10/0x10
[  146.419896][ T6673]  ? __pfx__printk+0x10/0x10
[  146.424509][ T6673]  vpanic+0x237/0x6d0
[  146.428590][ T6673]  ? __pfx_vpanic+0x10/0x10
[  146.433104][ T6673]  ? preempt_schedule+0xae/0xc0
[  146.437974][ T6673]  ? __pfx_preempt_schedule+0x10/0x10
[  146.443380][ T6673]  panic+0xb9/0xc0
[  146.447149][ T6673]  ? __pfx_panic+0x10/0x10
[  146.451577][ T6673]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  146.457497][ T6673]  ? change_page_attr_set_clr+0x625/0xfc0
[  146.463230][ T6673]  check_panic_on_warn+0x89/0xb0
[  146.468179][ T6673]  ? change_page_attr_set_clr+0x625/0xfc0
[  146.473920][ T6673]  end_report+0x78/0x160
[  146.478174][ T6673]  kasan_report+0x129/0x150
[  146.482694][ T6673]  ? change_page_attr_set_clr+0x625/0xfc0
[  146.488481][ T6673]  change_page_attr_set_clr+0x625/0xfc0
[  146.494053][ T6673]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[  146.500139][ T6673]  ? __pfx_pagerange_is_ram_callback+0x10/0x10
[  146.506341][ T6673]  ? memtype_reserve+0x874/0xb30
[  146.511314][ T6673]  _set_pages_array+0x145/0x270
[  146.516185][ T6673]  drm_gem_shmem_get_pages_locked+0x2d0/0x440
[  146.522285][ T6673]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  146.528907][ T6673]  drm_gem_shmem_pin_locked+0x22c/0x460
[  146.534479][ T6673]  ? __pfx_drm_gem_shmem_pin_locked+0x10/0x10
[  146.540565][ T6673]  ? ww_mutex_lock+0x3f/0x1c0
[  146.545262][ T6673]  drm_gem_map_attach+0x19c/0x1f0
[  146.550321][ T6673]  dma_buf_dynamic_attach+0x1ea/0x3d0
[  146.555710][ T6673]  ? __fget_files+0x3a0/0x420
[  146.560410][ T6673]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  146.567374][ T6673]  drm_gem_shmem_prime_import_no_map+0xc1/0x2f0
[  146.573623][ T6673]  ? drm_gem_prime_fd_to_handle+0x185/0x4d0
[  146.579540][ T6673]  ? __pfx_drm_gem_shmem_prime_import_no_map+0x10/0x10
[  146.586415][ T6673]  drm_gem_prime_fd_to_handle+0x196/0x4d0
[  146.592156][ T6673]  drm_ioctl_kernel+0x2cc/0x390
[  146.597021][ T6673]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  146.603449][ T6673]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  146.608833][ T6673]  drm_ioctl+0x67f/0xb10
[  146.613095][ T6673]  ? __pfx_drm_prime_fd_to_handle_ioctl+0x10/0x10
[  146.619539][ T6673]  ? __pfx_drm_ioctl+0x10/0x10
[  146.624339][ T6673]  ? __fget_files+0x3a0/0x420
[  146.629056][ T6673]  ? __fget_files+0x2a/0x420
[  146.633671][ T6673]  ? bpf_lsm_file_ioctl+0x9/0x20
[  146.638631][ T6673]  ? __pfx_drm_ioctl+0x10/0x10
[  146.643431][ T6673]  __se_sys_ioctl+0xf9/0x170
[  146.648042][ T6673]  do_syscall_64+0xfa/0xfa0
[  146.652583][ T6673]  ? lockdep_hardirqs_on+0x9c/0x150
[  146.657801][ T6673]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.663901][ T6673]  ? clear_bhb_loop+0x60/0xb0
[  146.668594][ T6673]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.674515][ T6673] RIP: 0033:0x7f1fc838ebe9
[  146.678951][ T6673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  146.698572][ T6673] RSP: 002b:00007f1fc92c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  146.707005][ T6673] RAX: ffffffffffffffda RBX: 00007f1fc85c5fa0 RCX: 00007f1fc838ebe9
[  146.715081][ T6673] RDX: 0000200000000300 RSI: 00000000c00c642e RDI: 0000000000000004
[  146.723067][ T6673] RBP: 00007f1fc8411e19 R08: 0000000000000000 R09: 0000000000000000
[  146.731046][ T6673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  146.739025][ T6673] R13: 00007f1fc85c6038 R14: 00007f1fc85c5fa0 R15: 00007ffff14ee508
[  146.747023][ T6673]  </TASK>
[  146.750401][ T6673] Kernel Offset: disabled
[  146.754750][ T6673] Rebooting in 86400 seconds..