last executing test programs:

33.670491327s ago: executing program 3 (id=66):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{}], 0x1, 0x40800)
syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00')
r1 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4)
sendmsg$netlink(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000002200"], 0x1c}], 0x1}, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
pipe2(&(0x7f0000000400)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x44000)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000000, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x40)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x88001, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x1})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="351a000010000100000010c1109545f4040011"], 0x28}}, 0x20040881)
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="1c0000f5"], 0xfd1)

33.415004233s ago: executing program 3 (id=69):
prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0xc)

33.347143784s ago: executing program 3 (id=70):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r0, &(0x7f0000000380)={0x27, 0x0, 0x0, 0x4, 0x0, 0x3, "e88509de7f1939e8abff005597c8ef039a5be42200", 0x13}, 0x60)
listen(r0, 0x0)
r1 = fsopen(&(0x7f0000000400)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='\x04S{O', &(0x7f0000000500)='\x1e\x00\xedgt\x9a\xbet_\xbf\xc4\xa3k\xb0p\xe5\xe0\xd5\r:\xde}', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000001680)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000f40)='dU|\xcbM\xe6\x91q\xe0\x05\xbes\xc0\xd2\xdb0}\xa6\xc4tly\xe0\xab\xb8~\xd9ymx\x00\x00\x01\x00\xf3Q:\xfem\xea\xed\xfc\x04\xf88\xe0\xa1&\xa8\xff\x10\xb3\xb2\x92N\f\x00!\xdbV\xc3\xca\r\x8c\xfb\x8esJ\xb3\x1bf\xce\v\x0e\xe3\xd5\x89\x86B\xb9!\xbbG\x86\xa9\xf2~zx\xc8w\x89\x84 !\\\x04\xbcnG\xf7B\xde\xaaE\\Sz\'\x04\x00\xa7\x11l\xfb\xb9\x9au\x99ci&\xd8n\xea\xdb\xd7\xab\xeaR\xde\xf5\x14\x01\x15q\x99\x010\xf2{N\xf9j\xa2kDP\xa1\xaev\xb6\xd4\x1d\xaa\xd4s_\xa1l\x8d\x95\xee\x14\tl;\xca-\t\xae\xc1lN\xccq\xa4)\x84\xc7\x81\xed\xef&#\xea\xab\x1e\xabf\fy\xda\xa9\xd7J\xad\nW\xc6U?M\xcdS\x88\xc9E\x93\x96y\x8e\b\x7fWO\xdf\xa9\x19\xa7\t\rq\xb7T<`\x8b \x19\x15\xde\xef\xae\x06\x00\x00\x00I\xe3\xf0\xcf<\x83\x0fl\xdc\x86\r\x19\xab\x1e14\xe55\xf6\xc5\\\x17\xee\xef\xfaab\x7f\xceP\xb9v*\x05\xd0\x16xt(\x04\xafj]CN\v\x17)\x878GuX9\xe4Y)\xd9\xd0\x94\'\x85\x84\xe0\x985\x14\x17\x19\xf8k\xbb\xf8-7\r\x16Pg\xc4\xb1\xbd\xa0N\x13\xb0\xe6\x91 ', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000040)='\x00', &(0x7f0000000dc0)='dE\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000280)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f00000000c0)='dE\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000007c0)='{)+}@@!}\x00', &(0x7f0000000140)='dU|\xcbM\xe6\x91q\xe0', 0x0)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f00000002c0)=0x3)
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {0x453}, {}, {}, 0x0, 0x3f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x2d, 0x1, 0x0, 0x5})
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f00000000c0)=0x40)
read$dsp(r2, &(0x7f0000000340)=""/100, 0x64)
fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000ec0)='\xcfD\xbc\xbf\x95@\xd6j\'$\x1d\x14\xb7!\x8b\xff\xdc\x83\xc5$\xb3\xecr\xe4G:\x93\xdfj\x96\x7f\x03\xe5\x94\x04[\x02\xa9[>\xf9\x9c\x83@\x1e\x99\xcah\x85\xb8\xbeSAk\xf4\xb6 \xdf\xa0P\x18\x19\xae\x8c\x9a\x19mm\r<|\xe8\x9e\xa0x\x84p2\xf9\xe2\xed\xb0\f\x7f;\xf6J18G\x84c\x88\x9d{\xf4~\xdby\xe1\xdf\x1a\xae\xd6ez\xe5\xa8\xe1\'', 0x0, r1)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f0000000a00)='wsync', &(0x7f0000000b40)="b2", 0x1)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='$\x00', &(0x7f0000000340)='{)+}@@!}\x00', 0x0)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r4, &(0x7f0000000380)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a03760760beeab91e8ff0055e5c0d48bd63ffdb93bd43a847a1597c8ef03da5be42200", 0x37}, 0x60)

33.029123903s ago: executing program 3 (id=74):
prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x4})
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='msdos\x00', 0x200000, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="0b00000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d906000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080003000000020000000700000001000000"], 0x118)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000003c0)={0x0, 0x5, 0xfeff, 0x0, 0x0, 0xfffffffffffffffc, 0x3, 0x0, 0xfeff})
fallocate(r0, 0x30, 0x3ff, 0x7)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000240)='hfs\x00', 0x200000, 0x0)
r1 = syz_clone(0x20820000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r1, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x4)

32.838955102s ago: executing program 3 (id=75):
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0xf00, &(0x7f0000000200)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x2a}, @multicast1}}}], 0x20}, 0x4000)

32.667948551s ago: executing program 3 (id=76):
keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000080)={0x0, 0x2b6}, 0x0, &(0x7f0000000140)="d7ccdda338f4b7b90149cfa77c263d48e2e4660f33225f56eb6e8c5ae960e23024526265f06c13b32f73f405cc02194efeb20680ecd71ee7efb660f88504db061b7251bd090c4f62f6272c6ab955f9da18e3eb90ac804e72a7386b67fdace319f9ca175cff60be0a2ea7c08b22bd5b1979a2d3b90d689f5182fd35104d84f368733e8303fd234c4f98f4eb763b40cad20cf53b98345352870e220bc54ede62131b343555152a901a25587480dd18638a2f72c557ec4631311008a7072044ef99a6e9353c4b778dbc66339fdf4637b3593c30be8a899f4b528bd8e796c143f7e65052c636bcd9337d8bb9c89edf99cca5c481ddc19e128eb52771ac686565c2bbac2d4faf92797a365fb0724326afb9e19d02227026012bb59c77632014b2b5c1429ea2e11c6472359ca00d171a393540a49c02fcf3bc76891f3fd9210bff91c229e19a77c6b8b7e6fc4dc9a93f5225148be27364149915609800e554da5142bbb5d9c9c3178bfc76d49980ac6c05fd66750931d5f25a6047b5a776bb18dbf6bb47c052a5838d9b7f6cd0a9b9f01234233d325772ee88ef5e3e7300e7c9e4e97f446599037fb933f107c67eca127de358729da2ad3cb81063f4862ab1742176b91b9a3a6058db53c8f6626c5916268475e8b04e04d0fe816c073a109587d00635534553a8cfe0c83f51885905effb2028d8482114957f22affb4c8fc24b3d21939973d1b0f3790938811369f51e0d858678639cfe337f116e6e330a2ec8788fa831faad19da530a5f9c6289a0c48577e00f4b2ce2c538c498f56176c4545a120760442b2ae2bb2fad8854f91b3da79c94539126e3019986c7bbaed1f86042abfce06886ab59cc5216a967a8627a189a24a01ce9fde677e1e8e560f3690c4e3622b8d86f2242050e90baaaac43bd312af46e4e403f7da1758a35cdc82fbecc1850968ff0617e3eebe6856bddba3cc3bf01622ff54684cd", 0x0)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r3, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r2, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)
r5 = syz_open_dev$cec(&(0x7f0000000180), 0x0, 0x2480)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
add_key(&(0x7f0000000000)='id_resolver\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, 0x0, 0x0)
ioctl$CEC_TRANSMIT(r5, 0xc0386105, &(0x7f0000000480)={0x9, 0xfffffffffffffffc, 0x2000009, 0x0, 0x0, 0x0, "0ff840c3a86d00", 0xff, 0x2, 0x5, 0xff, 0x0, 0x1, 0xff})

32.393618438s ago: executing program 32 (id=76):
keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f0000000080)={0x0, 0x2b6}, 0x0, &(0x7f0000000140)="d7ccdda338f4b7b90149cfa77c263d48e2e4660f33225f56eb6e8c5ae960e23024526265f06c13b32f73f405cc02194efeb20680ecd71ee7efb660f88504db061b7251bd090c4f62f6272c6ab955f9da18e3eb90ac804e72a7386b67fdace319f9ca175cff60be0a2ea7c08b22bd5b1979a2d3b90d689f5182fd35104d84f368733e8303fd234c4f98f4eb763b40cad20cf53b98345352870e220bc54ede62131b343555152a901a25587480dd18638a2f72c557ec4631311008a7072044ef99a6e9353c4b778dbc66339fdf4637b3593c30be8a899f4b528bd8e796c143f7e65052c636bcd9337d8bb9c89edf99cca5c481ddc19e128eb52771ac686565c2bbac2d4faf92797a365fb0724326afb9e19d02227026012bb59c77632014b2b5c1429ea2e11c6472359ca00d171a393540a49c02fcf3bc76891f3fd9210bff91c229e19a77c6b8b7e6fc4dc9a93f5225148be27364149915609800e554da5142bbb5d9c9c3178bfc76d49980ac6c05fd66750931d5f25a6047b5a776bb18dbf6bb47c052a5838d9b7f6cd0a9b9f01234233d325772ee88ef5e3e7300e7c9e4e97f446599037fb933f107c67eca127de358729da2ad3cb81063f4862ab1742176b91b9a3a6058db53c8f6626c5916268475e8b04e04d0fe816c073a109587d00635534553a8cfe0c83f51885905effb2028d8482114957f22affb4c8fc24b3d21939973d1b0f3790938811369f51e0d858678639cfe337f116e6e330a2ec8788fa831faad19da530a5f9c6289a0c48577e00f4b2ce2c538c498f56176c4545a120760442b2ae2bb2fad8854f91b3da79c94539126e3019986c7bbaed1f86042abfce06886ab59cc5216a967a8627a189a24a01ce9fde677e1e8e560f3690c4e3622b8d86f2242050e90baaaac43bd312af46e4e403f7da1758a35cdc82fbecc1850968ff0617e3eebe6856bddba3cc3bf01622ff54684cd", 0x0)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r3, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r2, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0)
r5 = syz_open_dev$cec(&(0x7f0000000180), 0x0, 0x2480)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
add_key(&(0x7f0000000000)='id_resolver\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, 0x0, 0x0)
ioctl$CEC_TRANSMIT(r5, 0xc0386105, &(0x7f0000000480)={0x9, 0xfffffffffffffffc, 0x2000009, 0x0, 0x0, 0x0, "0ff840c3a86d00", 0xff, 0x2, 0x5, 0xff, 0x0, 0x1, 0xff})

3.662842163s ago: executing program 0 (id=280):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
mkdirat(0xffffffffffffffff, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00')
fchdir(r1)
sendmmsg$unix(r0, &(0x7f0000000c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_START_AP(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x68, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x3a, 0xe, {{{}, {}, @device_a, @device_a, @random="40d1f20340e9"}, 0x0, @default, 0x1, @void, @val, @val={0x3, 0x1, 0x3}, @val={0x4, 0x6, {0x1, 0x40, 0x2, 0x4}}, @void, @val={0x5, 0x3, {0x5, 0xcc, 0x6}}, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r2, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000008100000008000300", @ANYRES32=r5, @ANYBLOB="0a000c00080211000001000006006600c78800001a0033"], 0x50}, 0x1, 0x0, 0x0, 0x4004840}, 0x80c0)

3.523012064s ago: executing program 0 (id=283):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001d00), 0x0, 0x2, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000600))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

3.466528683s ago: executing program 0 (id=285):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x3f46137792f68265)
openat$cgroup_ro(r2, &(0x7f00000003c0)='cpuacct.usage_sys\x00', 0x275a, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000900)={0x0, 0x2, 0x1, [0xffff, 0x13a0000000000, 0x1, 0x88, 0x1], [0xffffffffffffff63, 0x8, 0x1, 0x80000001, 0x10000, 0x9, 0x2d9, 0x4, 0x40000003, 0xc5, 0x8001, 0x9, 0xfffffffffffffffb, 0x7e, 0x7d, 0x3ae7, 0x8, 0x101, 0x80, 0xffffffffffff8000, 0x3, 0x9, 0x7f, 0x6, 0x1, 0x7, 0x5, 0xff800000000000, 0x100401, 0x7fffffff, 0xc333, 0x9, 0x6, 0x8001, 0x1, 0xd5d, 0x8, 0x1, 0x7, 0x5, 0x6cf2, 0x2, 0x9, 0xa, 0x0, 0xffffffff00000001, 0x7fffffffffffffff, 0x2, 0x5, 0x4cc2, 0xfffffffffffffff7, 0x6, 0x0, 0x3a67, 0x7f, 0x1aac, 0xffff, 0xffffffffffffffff, 0x8, 0x3, 0x706, 0x4002, 0x5b4, 0x4, 0xfffffffffffffffb, 0xb, 0xb88a, 0x20000000003, 0x3, 0x6, 0x2, 0x77, 0x8, 0x346, 0x0, 0xfffffffffffffff9, 0x8, 0xffff800000000000, 0x7, 0xc67d, 0x7, 0xffffffffffffff92, 0x7, 0x5, 0xe39, 0x3, 0x9, 0x5, 0x8, 0x6, 0x40000000000003, 0x6, 0x684, 0x2, 0x401, 0x5, 0x6fc, 0xc90, 0xfff, 0xfffffffffffffeff, 0x72, 0x3, 0x8be0, 0x28, 0x3, 0x1, 0x8d45, 0x100000000, 0x3ff, 0x2000000f2, 0x800, 0x8, 0x8, 0x8001, 0x5, 0x9, 0xa, 0x1ff, 0x2, 0x6b, 0x334]})
chdir(&(0x7f0000000140)='./bus\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000280), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r3, 0x0)
sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x13}}, 0x40408c1)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, <r5=>0x0}, &(0x7f0000000280)=0x5)
setuid(r5)
ioctl$FS_IOC_SETFLAGS(r3, 0xc0189436, &(0x7f0000000140))
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc000, 0x4, 0x5, 0x0, 0x8, 0x3, 0xa, 0xb9, 0x1, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x1, 0x45, 0x7, 0x2, 0x2, 0xff, 0x0, 0x4, 0x6, 0x7f, 0x20c}, {0x1, 0x3, 0x18, 0x5, 0x84, 0xfc, 0x3, 0x2, 0x0, 0x70, 0x4, 0x5}], 0xffffffff})
ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r1, 0x4068aea3, &(0x7f0000000080)={0xed, 0x0, 0x3})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f00000007c0)={[{0x8a0, 0x1ff, 0x10, 0x44, 0x0, 0x2, 0x2, 0x1, 0x6, 0x5, 0x0, 0x6, 0x6}, {0x3, 0x1, 0x1, 0x2a, 0xe1, 0xf6, 0x5, 0x2, 0x94, 0x2, 0x1, 0x2, 0x2}, {0xfff, 0x4, 0x9, 0x6, 0x0, 0x9, 0x7f, 0x8, 0x9, 0xfc, 0x4, 0x0, 0x3fb}], 0x401})

2.804321771s ago: executing program 0 (id=287):
creat(&(0x7f0000001380)='./file0\x00', 0x4)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x4)
ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000380))
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x1, 0x0, &(0x7f0000000600)=""/52, 0x0, 0xffff1000})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/236, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/66})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000300)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)
r4 = open(&(0x7f0000000340)='./bus\x00', 0x14927e, 0x102)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r4, 0x0)
mount$fuseblk(&(0x7f0000000080), &(0x7f0000002480)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000020000,us%r_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
mount$fuseblk(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000540), 0x1004040, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, <r5=>0x0})
syz_open_procfs(r5, &(0x7f00000001c0)='net/fib_trie\x00')

2.682975668s ago: executing program 2 (id=288):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x20400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"])
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000002008a04"])

2.675987429s ago: executing program 0 (id=289):
r0 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)={0x34, r0, 0x8d61ddcfedb48df, 0x0, 0x1000000, {}, [@ETHTOOL_A_FEATURES_WANTED={0x8, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x34}}, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201500285d5c2086004040031960154030109021b000100031003090458080119662194090586d7"], &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x2, &(0x7f0000000080)=@string={0x2}}]})
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0xffffffcb, &(0x7f0000000300)={&(0x7f0000000380)={0x24, 0x0, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x0, 0x33, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xc4}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c044}, 0x40800)

2.566941577s ago: executing program 4 (id=290):
creat(&(0x7f0000001380)='./file0\x00', 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) (async)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)="604a772826dea736729103ad8de752c24b2367617ecb7b6e6831a11ecd0b3617817414bf3243338133aeb1ef59f7bb", 0x2f, 0x4}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c0002800800014000000002080002400000000b05000300000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x80}}, 0x0) (async)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mtu(r4, 0x0, 0xa, &(0x7f0000000080)=0x3, 0x4) (async)
sendto$inet(r4, &(0x7f0000000040)="0e00", 0xffec, 0x0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) (async)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) (async)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000340)=[@window, @sack_perm, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @sack_perm, @mss={0x2, 0x2}, @mss={0x2, 0x1}, @timestamp], 0x8)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async)
syz_clone3(&(0x7f0000000200)={0x4001000, 0x0, 0x0, 0x0, {0x33}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000003c0)=[@text32={0x20, 0x0}], 0x1, 0x6c, 0x0, 0x0) (async)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000008e04"]) (async)
sendto$inet(r2, &(0x7f0000000700)="1ede55", 0x3, 0x40011, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0x4) (async)
sendto$inet(r2, &(0x7f00000028c0)="e5418724ac1d", 0x6, 0x0, 0x0, 0x0) (async)
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
getpriority(0x1000000, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0, 0x3f}], 0x1, 0x0, 0x0, 0x0)

2.480786944s ago: executing program 2 (id=291):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000004c0)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x20, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}}, 0x0)

2.414863302s ago: executing program 4 (id=292):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000002700), r0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
pread64(r3, 0x0, 0x0, 0x9)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x4d, 0x3, 0x0, 0x0, 0x0)
r5 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r6=>0x0}, &(0x7f0000cab000)=0xc)
setregid(0xffffffffffffffff, r6)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0)
poll(&(0x7f0000000080)=[{r7, 0x1004}], 0x1, 0x2)
socket$inet(0x2, 0x2, 0x1)
sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="180000002400010325bd7000fcffffff0000000400238000b0346fe4002252f67e048a14b610151917dba368af129891e044a767813fb0ead0135731ecb9c72c9aa7008c463795fd11513a2bbe06f272eb6e4ad7ccadf0590edea8cef8c63bc7be64cd765c6555d3c8564adcc2cb92f50080c035d8a1b7b3afe3dd0916581475c69b24b70fd538988e3a11674cc4b06c48c049fc7a355aecc193e0bca9f8c2a7e33fb72c6e23316c0f95149ec832"], 0x18}, 0x1, 0x0, 0x0, 0x20004893}, 0x0)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r9=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r8, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r9, 0x0, 0x0, 0x0, <r10=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r8, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r10, r9, <r11=>0x0, 0x0, 0x0, 0xfffffffffffffdfe, 0x0})
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="600000000206010800000000000000000000000005000400000000000900020073797a31000000001400078008000840002400000800124040000000050005000a000000050001000600000012000300686173683a6e6574"], 0x60}}, 0x0)
r13 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_inet_SIOCSIFFLAGS(r13, 0x89b0, &(0x7f0000000040)={'bond0\x00'})
ioctl$IOMMU_HWPT_ALLOC$TEST(r8, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r10, r11, <r14=>0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
ioctl$IOMMU_HWPT_INVALIDATE$TEST(r8, 0x3b8d, &(0x7f0000000280)={0x20, r14, &(0x7f0000000480)=[{0x1, 0x2}], 0xdeadbeef, 0x8, 0x1})
sendmsg$NFT_MSG_GETRULE(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYRES32=r0], 0x2c}, 0x1, 0x0, 0x0, 0x4000810}, 0x4000000)
sendmsg$GTP_CMD_GETPDP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000002840)={&(0x7f0000000040)=ANY=[@ANYBLOB="0ac21d843441eadb5b3de10f5e6f680701c8db86dac6fa24318b", @ANYRES16=r1, @ANYBLOB="000025bd7000fedbdf2502000000"], 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x24008040)

2.355083627s ago: executing program 2 (id=293):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000000c0)={0x10, &(0x7f0000000240)={0x20, 0x15, 0x1, "ca"}, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0})

2.271881301s ago: executing program 4 (id=294):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000080000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000021440011800a0001006d61746368000000340002800800024000000000"], 0xc8}}, 0x0)
sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000010a0103"], 0x14}, 0x1, 0x0, 0x0, 0x4040}, 0x2004c810)

2.206442564s ago: executing program 4 (id=295):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000200000040d80472f3000000000001090224000100000000090400000103000000092100000001220300090581030000400000e151612a6034ff678b56544ae03933fc2277968b8984ea8327706645608c62e2f19c"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x22402, 0x0)
ftruncate(0xffffffffffffffff, 0x80079a0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x1fc})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000001c0)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000080)={{&(0x7f00003fe000/0x4000)=nil, 0x4000}})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r1 = getpid()
sched_setaffinity(r1, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f00000004c0)=[{0x28, 0x0, 0x5, 0xfffff034}, {0x80000006, 0x0, 0x12, 0xf9}]}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000034000000030a01020000000000000000010000000900030073797a320000000008000a40000000040900010073797a310000000030000000050a01020000000000000000010020000c00024000000000000000010900010073797a31"], 0xac}}, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f00000000c0)={0x84, @multicast2, 0x4e21, 0x3, 'rr\x00', 0x30, 0x4, 0x42}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r4, 0x0, 0x487, &(0x7f0000000000)={{0x3b, @broadcast, 0x4e21, 0x3, 'fo\x00', 0x11, 0x3240, 0x3a}, {@local, 0x4e23, 0x3, 0x200000c3, 0x800, 0x12d5c}}, 0x44)
setsockopt$IP_VS_SO_SET_DELDEST(r3, 0x0, 0x488, &(0x7f0000000280)={{0x84, @empty, 0x4e23, 0x3, 'lblc\x00', 0x1d, 0x2, 0x2a}, {@loopback, 0x4e23, 0x4, 0xc24, 0x2, 0xfffffffb}}, 0x44)

1.293951723s ago: executing program 0 (id=296):
fsopen(0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000180))
pipe(&(0x7f0000000100))
syz_usbip_server_init(0x4)
syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x4f, 0x86, 0x49, 0x20, 0x7ca, 0xa868, 0x8a99, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x3, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xe3, 0x0, 0x0, 0xa6, 0x63, 0x62}}]}}]}}, 0x0)
syz_usbip_server_init(0x2)

878.959573ms ago: executing program 1 (id=297):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)="0d18687da3e7f33aed145cf8ff2d1e5a18c0d5f9856f4824f41040f6987d0b531da10713ed151bc4867681f28e033aef683334d03864ed30590dd4ea64a20ecbbc1346c9f42510d91eec0632885b7da95ca85f4b1435c5c1e993a85257df5f19bdfc5e038a16e6a8aef907e34708", 0x6e}, {0x0}], 0x2}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000001800)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade92e88e50a05a95dd5c6cbbdfb086fa53bca14d40c8c3f7149b39b16b7c7370978389366174db5fbc99dbe958f8c1690cd695dfbe6c384162a412c8d3cfd7cf223f9df4c67b92514111891f53d4e19826797302e1a87e7a627c52740bb3bd311771a68d349c0a68ef6f2a765f8220323add67b2b6695ca41adcda387a4264bcd94c8578a9ccca3b55ebcda45369b56068cfeec34abc2cbd94b9b12d057fa9d4328d57073f40e5ae64443e4a10ed400575bbd1168a170a0134b9ad28735dbd9603a9e417cce864f2141a92f57e1fdfcff4776f94a794d6db8d3e9e0ecc783956c7ab15a8d5639d3df1ac9da6057af913a563bd55b657f37cbf4cae2919aea6ff8a748eb4c036361b8866cc062bbad019f43d02b0c38bd6309f2baa53924466203ab8d00daaac4c9da846e645d64c10e47c32e9824e79ad", 0x282}], 0x1}}], 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

776.683005ms ago: executing program 1 (id=298):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001740)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000000000003b00000008000300", @ANYRES32=r1, @ANYBLOB="26003300b0980300ffffffffffff080211000000505050505050"], 0x4c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

617.073035ms ago: executing program 4 (id=299):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000000)={0x28, 0x7, 0x6, 0x401, 0x0, 0x0, {0x5, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}}, 0x40000040)

543.055126ms ago: executing program 1 (id=300):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0xf5}, @NFTA_MATCH_INFO={0x4}, @NFTA_MATCH_NAME={0xa, 0x1, 'limit\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x84}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)

492.185528ms ago: executing program 4 (id=301):
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0xb5, 0x40, 0x33, 0x40, 0x1a86, 0x7522, 0x3536, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe4, 0xd6, 0x24}}]}}]}}, 0x0)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e07480204"], 0xa)

412.583491ms ago: executing program 1 (id=302):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000f00)=[{{&(0x7f0000000040)={0xa, 0x4e23, 0x4, @loopback, 0x6}, 0x1c, 0x0}}], 0x1, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x9, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000440)={0x900, 0x0, &(0x7f0000000400)={&(0x7f0000000040)={0x2, 0xa, 0xfc, 0x0, 0x7, 0x0, 0x70bd28, 0x25dfdbfe, [@sadb_x_filter={0x5, 0x1a, @in=@empty, @in=@rand_addr=0x64010100, 0x2c, 0x30}]}, 0x38}}, 0x40408c0)

303.055428ms ago: executing program 2 (id=303):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
ioctl$FIONREAD(r0, 0x541b, &(0x7f0000000100))

259.929175ms ago: executing program 1 (id=304):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00'})

175.590235ms ago: executing program 2 (id=305):
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
bind$inet6(r0, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000180)=0x80000039f8, 0x4)
sendto$inet6(r0, &(0x7f0000000000)="8d", 0x1, 0x40, 0x0, 0x0)
recvmmsg(r0, &(0x7f000000d980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/129, 0x81}, 0xb}], 0x1, 0x2131, 0x0)

46.773565ms ago: executing program 1 (id=306):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000040)={@val, @void, @eth={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}, @remote, @val={@val={0x88a8, 0x5, 0x1, 0x2}, {0x8100, 0x4, 0x0, 0x3}}, {@ipv6={0x86dd, @generic={0x6, 0x6, "83d31e", 0x8, 0x3c, 0xff, @loopback, @dev={0xfe, 0x80, '\x00', 0x1f}, {[@hopopts={0x73}]}}}}}}, 0x4a)

0s ago: executing program 2 (id=307):
socket(0x840000000002, 0x3, 0xff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x11, 0xa, 0x300)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$nl_route(0x10, 0x3, 0x0)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x1)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x0)
syz_usbip_server_init(0x3)
syz_usbip_server_init(0x3)
syz_usbip_server_init(0x3)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.60' (ED25519) to the list of known hosts.
[   84.421453][ T5821] cgroup: Unknown subsys name 'net'
[   84.569498][ T5821] cgroup: Unknown subsys name 'cpuset'
[   84.578533][ T5821] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   86.266696][ T5821] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   88.696922][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.705156][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.713003][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   88.721323][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   88.729180][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   88.836419][ T5152] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   88.844834][ T5152] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   88.855213][ T5152] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   88.863472][ T5152] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   88.871350][ T5152] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   88.893692][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   88.910415][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   88.918346][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   88.926811][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   88.934503][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   89.005046][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   89.013117][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   89.026192][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   89.036197][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   89.044763][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   89.212624][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   89.426281][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.433451][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.441089][ T5830] bridge_slave_0: entered allmulticast mode
[   89.448673][ T5830] bridge_slave_0: entered promiscuous mode
[   89.492356][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.499687][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.507212][ T5830] bridge_slave_1: entered allmulticast mode
[   89.514375][ T5830] bridge_slave_1: entered promiscuous mode
[   89.597135][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.616846][ T5837] chnl_net:caif_netlink_parms(): no params data found
[   89.639651][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.711485][ T5830] team0: Port device team_slave_0 added
[   89.726495][ T5830] team0: Port device team_slave_1 added
[   89.761168][ T5835] chnl_net:caif_netlink_parms(): no params data found
[   89.837257][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.844246][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.870865][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.885893][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.892857][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.919349][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.956108][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.963305][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.970874][ T5837] bridge_slave_0: entered allmulticast mode
[   89.978159][ T5837] bridge_slave_0: entered promiscuous mode
[   89.992468][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.000091][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.007825][ T5837] bridge_slave_1: entered allmulticast mode
[   90.015016][ T5837] bridge_slave_1: entered promiscuous mode
[   90.111997][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.119304][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.127756][ T5835] bridge_slave_0: entered allmulticast mode
[   90.135044][ T5835] bridge_slave_0: entered promiscuous mode
[   90.206248][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.213475][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.223785][ T5835] bridge_slave_1: entered allmulticast mode
[   90.231161][ T5835] bridge_slave_1: entered promiscuous mode
[   90.240415][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.261257][ T5830] hsr_slave_0: entered promiscuous mode
[   90.268305][ T5830] hsr_slave_1: entered promiscuous mode
[   90.289551][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.333958][ T5841] chnl_net:caif_netlink_parms(): no params data found
[   90.376727][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.389342][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.406692][ T5837] team0: Port device team_slave_0 added
[   90.442182][ T5837] team0: Port device team_slave_1 added
[   90.512933][ T5835] team0: Port device team_slave_0 added
[   90.570007][ T5835] team0: Port device team_slave_1 added
[   90.603707][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.610830][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.637285][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.680736][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.689088][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.715179][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.733117][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.740708][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.767100][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.778757][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.786295][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.793571][ T5841] bridge_slave_0: entered allmulticast mode
[   90.801008][ T5841] bridge_slave_0: entered promiscuous mode
[   90.807896][   T51] Bluetooth: hci0: command tx timeout
[   90.812427][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.820761][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.828348][ T5841] bridge_slave_1: entered allmulticast mode
[   90.836512][ T5841] bridge_slave_1: entered promiscuous mode
[   90.861464][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.868538][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.894627][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.967758][   T51] Bluetooth: hci1: command tx timeout
[   90.973689][ T5152] Bluetooth: hci2: command tx timeout
[   90.974688][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.992447][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   91.110077][ T5837] hsr_slave_0: entered promiscuous mode
[   91.116751][ T5837] hsr_slave_1: entered promiscuous mode
[   91.122903][ T5837] debugfs: 'hsr0' already exists in 'hsr'
[   91.128775][ T5152] Bluetooth: hci3: command tx timeout
[   91.134305][ T5837] Cannot create hsr debugfs directory
[   91.151453][ T5835] hsr_slave_0: entered promiscuous mode
[   91.158338][ T5835] hsr_slave_1: entered promiscuous mode
[   91.164475][ T5835] debugfs: 'hsr0' already exists in 'hsr'
[   91.170637][ T5835] Cannot create hsr debugfs directory
[   91.178386][ T5841] team0: Port device team_slave_0 added
[   91.223137][ T5841] team0: Port device team_slave_1 added
[   91.309315][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.316418][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.342507][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.394625][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.401898][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.428074][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.454395][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   91.479243][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   91.509681][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   91.550883][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   91.639190][ T5841] hsr_slave_0: entered promiscuous mode
[   91.646423][ T5841] hsr_slave_1: entered promiscuous mode
[   91.652519][ T5841] debugfs: 'hsr0' already exists in 'hsr'
[   91.658484][ T5841] Cannot create hsr debugfs directory
[   91.872197][ T5837] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   91.902434][ T5837] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   91.929858][ T5837] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   91.960986][ T5837] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   92.018660][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   92.037403][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   92.069388][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   92.080839][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   92.099229][   T43] cfg80211: failed to load regulatory.db
[   92.165359][ T5841] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   92.182157][ T5841] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   92.193357][ T5841] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   92.211975][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.224362][ T5841] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   92.293842][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   92.319169][ T1105] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.326460][ T1105] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.363004][ T1105] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.370181][ T1105] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.494656][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.539268][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.574338][ T5837] 8021q: adding VLAN 0 to HW filter on device team0
[   92.589150][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.624812][ T1105] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.631997][ T1105] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.665054][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.672228][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.699447][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[   92.713751][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[   92.735462][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.742666][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.760750][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.767952][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.785032][ T1105] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.792241][ T1105] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.834061][ T1105] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.841373][ T1105] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.885944][ T5152] Bluetooth: hci0: command tx timeout
[   93.044485][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.057265][ T5152] Bluetooth: hci2: command tx timeout
[   93.062730][ T5152] Bluetooth: hci1: command tx timeout
[   93.142077][ T5830] veth0_vlan: entered promiscuous mode
[   93.158655][ T5830] veth1_vlan: entered promiscuous mode
[   93.206996][ T5152] Bluetooth: hci3: command tx timeout
[   93.259162][ T5830] veth0_macvtap: entered promiscuous mode
[   93.308569][ T5830] veth1_macvtap: entered promiscuous mode
[   93.352345][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.397699][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.433742][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.502945][  T976] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.519401][  T976] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.538401][ T5837] veth0_vlan: entered promiscuous mode
[   93.557373][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.569718][  T976] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.579704][   T67] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.603093][ T5837] veth1_vlan: entered promiscuous mode
[   93.634800][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.738990][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.770327][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.794649][ T5837] veth0_macvtap: entered promiscuous mode
[   93.827424][ T5835] veth0_vlan: entered promiscuous mode
[   93.834582][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.838434][ T5837] veth1_macvtap: entered promiscuous mode
[   93.849022][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.862276][ T5841] veth0_vlan: entered promiscuous mode
[   93.896031][ T5841] veth1_vlan: entered promiscuous mode
[   93.906914][ T5835] veth1_vlan: entered promiscuous mode
[   93.934916][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.962833][ T5830] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   93.984546][ T5841] veth0_macvtap: entered promiscuous mode
[   94.001868][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.019102][ T5841] veth1_macvtap: entered promiscuous mode
[   94.042377][   T67] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.056442][   T67] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.065197][   T67] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.117466][   T67] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.161958][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.191028][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.205529][ T5835] veth0_macvtap: entered promiscuous mode
[   94.244745][   T67] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.262783][ T5835] veth1_macvtap: entered promiscuous mode
[   94.276164][   T67] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.289139][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.300071][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.307722][   T67] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.322486][   T67] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.366135][   T24] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[   94.394447][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.416907][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.423840][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.439603][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.460693][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.470272][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.482038][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.492578][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.542468][   T24] usb 1-1: config 0 has an invalid interface number: 170 but max is 0
[   94.552311][   T24] usb 1-1: config 0 has no interface number 0
[   94.560270][   T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.574428][   T24] usb 1-1: config 0 interface 170 has no altsetting 0
[   94.581366][   T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.630037][   T24] usb 1-1: New USB device found, idVendor=c383, idProduct=abd3, bcdDevice=60.bf
[   94.632899][ T5922] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   94.648144][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.701391][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.719532][   T24] usb 1-1: config 0 descriptor??
[   94.741481][ T5922] FAULT_INJECTION: forcing a failure.
[   94.741481][ T5922] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   94.743579][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.768573][ T5922] CPU: 0 UID: 0 PID: 5922 Comm: syz.1.2 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[   94.768599][ T5922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   94.768617][ T5922] Call Trace:
[   94.768625][ T5922]  <TASK>
[   94.768631][ T5922]  dump_stack_lvl+0x189/0x250
[   94.768664][ T5922]  ? __pfx____ratelimit+0x10/0x10
[   94.768691][ T5922]  ? __pfx_dump_stack_lvl+0x10/0x10
[   94.768709][ T5922]  ? __pfx__printk+0x10/0x10
[   94.768744][ T5922]  should_fail_ex+0x414/0x560
[   94.768781][ T5922]  _copy_to_user+0x31/0xb0
[   94.768803][ T5922]  simple_read_from_buffer+0xe1/0x170
[   94.768833][ T5922]  proc_fail_nth_read+0x1df/0x250
[   94.768852][ T5922]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   94.768871][ T5922]  ? rw_verify_area+0x258/0x650
[   94.768890][ T5922]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   94.768909][ T5922]  vfs_read+0x200/0x980
[   94.768936][ T5922]  ? __pfx___mutex_lock+0x10/0x10
[   94.768959][ T5922]  ? __pfx_vfs_read+0x10/0x10
[   94.768982][ T5922]  ? __fget_files+0x2a/0x420
[   94.769013][ T5922]  ? __fget_files+0x3a0/0x420
[   94.769038][ T5922]  ? __fget_files+0x2a/0x420
[   94.769072][ T5922]  ksys_read+0x145/0x250
[   94.769090][ T5922]  ? __fget_files+0x3a0/0x420
[   94.769116][ T5922]  ? __pfx_ksys_read+0x10/0x10
[   94.769145][ T5922]  ? do_syscall_64+0xbe/0x3b0
[   94.769175][ T5922]  do_syscall_64+0xfa/0x3b0
[   94.769198][ T5922]  ? lockdep_hardirqs_on+0x9c/0x150
[   94.769221][ T5922]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.769240][ T5922]  ? clear_bhb_loop+0x60/0xb0
[   94.769264][ T5922]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.769282][ T5922] RIP: 0033:0x7f4475b8d33c
[   94.769312][ T5922] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   94.769328][ T5922] RSP: 002b:00007f4476a07030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   94.769350][ T5922] RAX: ffffffffffffffda RBX: 00007f4475db5fa0 RCX: 00007f4475b8d33c
[   94.769378][ T5922] RDX: 000000000000000f RSI: 00007f4476a070a0 RDI: 0000000000000006
[   94.769390][ T5922] RBP: 00007f4476a07090 R08: 0000000000000000 R09: 0000000000000000
[   94.769401][ T5922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.769412][ T5922] R13: 0000000000000000 R14: 00007f4475db5fa0 R15: 00007ffd8b846a88
[   94.769439][ T5922]  </TASK>
[   94.971806][ T5152] Bluetooth: hci0: command tx timeout
[   95.017179][   T24] usb 1-1: bad CDC descriptors
[   95.018462][ T5918] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1'.
[   95.046401][ T5918] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[   95.092043][   T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.121474][   T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.125827][ T5152] Bluetooth: hci1: command tx timeout
[   95.129179][   T51] Bluetooth: hci2: command tx timeout
[   95.156271][   T24] usb 1-1: USB disconnect, device number 2
[   95.288031][   T51] Bluetooth: hci3: command tx timeout
[   95.365346][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.406866][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.499302][ T5930] Zero length message leads to an empty skb
[   95.683171][ T5940] FAULT_INJECTION: forcing a failure.
[   95.683171][ T5940] name failslab, interval 1, probability 0, space 0, times 1
[   95.702288][ T5940] CPU: 0 UID: 0 PID: 5940 Comm: syz.2.8 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[   95.702327][ T5940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   95.702340][ T5940] Call Trace:
[   95.702348][ T5940]  <TASK>
[   95.702357][ T5940]  dump_stack_lvl+0x189/0x250
[   95.702386][ T5940]  ? __pfx____ratelimit+0x10/0x10
[   95.702413][ T5940]  ? __pfx_dump_stack_lvl+0x10/0x10
[   95.702436][ T5940]  ? __pfx__printk+0x10/0x10
[   95.702464][ T5940]  ? __pfx___might_resched+0x10/0x10
[   95.702483][ T5940]  ? fs_reclaim_acquire+0x7d/0x100
[   95.702514][ T5940]  should_fail_ex+0x414/0x560
[   95.702552][ T5940]  should_failslab+0xa8/0x100
[   95.702578][ T5940]  __kmalloc_noprof+0xcb/0x4f0
[   95.702599][ T5940]  ? copy_splice_read+0x143/0x9b0
[   95.702630][ T5940]  copy_splice_read+0x143/0x9b0
[   95.702669][ T5940]  ? __pfx_copy_splice_read+0x10/0x10
[   95.702692][ T5940]  ? look_up_lock_class+0x74/0x170
[   95.702719][ T5940]  ? register_lock_class+0x51/0x320
[   95.702752][ T5940]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[   95.702785][ T5940]  ? alloc_pipe_info+0x374/0x4d0
[   95.702812][ T5940]  ? __pfx_copy_splice_read+0x10/0x10
[   95.702836][ T5940]  splice_direct_to_actor+0x4a9/0xcc0
[   95.702884][ T5940]  ? __pfx_direct_splice_actor+0x10/0x10
[   95.702910][ T5940]  ? __pfx_splice_direct_to_actor+0x10/0x10
[   95.702948][ T5940]  do_splice_direct+0x181/0x270
[   95.702977][ T5940]  ? __pfx_do_splice_direct+0x10/0x10
[   95.703004][ T5940]  ? __pfx_direct_file_splice_eof+0x10/0x10
[   95.703034][ T5940]  ? bpf_lsm_file_permission+0x9/0x20
[   95.703052][ T5940]  ? security_file_permission+0x75/0x290
[   95.703083][ T5940]  ? rw_verify_area+0x258/0x650
[   95.703110][ T5940]  do_sendfile+0x4da/0x7e0
[   95.703139][ T5940]  ? __pfx_vfs_write+0x10/0x10
[   95.703168][ T5940]  ? __pfx_do_sendfile+0x10/0x10
[   95.703198][ T5940]  ? __fget_files+0x3a0/0x420
[   95.703237][ T5940]  __se_sys_sendfile64+0x13e/0x190
[   95.703268][ T5940]  ? __pfx___se_sys_sendfile64+0x10/0x10
[   95.703295][ T5940]  ? rcu_is_watching+0x15/0xb0
[   95.703326][ T5940]  ? do_syscall_64+0xbe/0x3b0
[   95.703357][ T5940]  do_syscall_64+0xfa/0x3b0
[   95.703382][ T5940]  ? lockdep_hardirqs_on+0x9c/0x150
[   95.703407][ T5940]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.703426][ T5940]  ? clear_bhb_loop+0x60/0xb0
[   95.703450][ T5940]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   95.703470][ T5940] RIP: 0033:0x7f5c3938e929
[   95.703488][ T5940] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   95.703504][ T5940] RSP: 002b:00007f5c3a160038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[   95.703526][ T5940] RAX: ffffffffffffffda RBX: 00007f5c395b5fa0 RCX: 00007f5c3938e929
[   95.703540][ T5940] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[   95.703552][ T5940] RBP: 00007f5c3a160090 R08: 0000000000000000 R09: 0000000000000000
[   95.703564][ T5940] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001
[   95.703576][ T5940] R13: 0000000000000000 R14: 00007f5c395b5fa0 R15: 00007ffe90a620a8
[   95.703607][ T5940]  </TASK>
[   96.346033][ T5919] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   96.456063][   T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   96.530629][ T5954] syz.2.14 uses obsolete (PF_INET,SOCK_PACKET)
[   96.537387][ T5919] usb 2-1: Using ep0 maxpacket: 32
[   96.550986][ T5919] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[   96.559833][ T5919] usb 2-1: config 0 has no interface number 0
[   96.566479][ T5919] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   96.609815][ T5919] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[   96.629513][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.631559][   T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   96.647417][ T5919] usb 2-1: Product: syz
[   96.647440][ T5919] usb 2-1: Manufacturer: syz
[   96.647456][ T5919] usb 2-1: SerialNumber: syz
[   96.667620][ T5919] usb 2-1: config 0 descriptor??
[   96.684028][   T10] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[   96.688287][ T5919] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[   96.713529][   T10] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   96.726042][ T5919] em28xx 2-1:0.132: Video interface 132 found:
[   96.739421][   T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[   96.749053][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[   96.757400][   T10] usb 1-1: Product: syz
[   96.761767][   T10] usb 1-1: Manufacturer: syz
[   96.767343][   T10] usb 1-1: SerialNumber: syz
[   96.936289][ T5887] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   96.965803][ T5877] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   96.992362][   T10] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[   97.046546][   T51] Bluetooth: hci0: command tx timeout
[   97.091673][ T5919] em28xx 2-1:0.132: unknown em28xx chip ID (0)
[   97.115807][ T5887] usb 3-1: Using ep0 maxpacket: 8
[   97.122595][ T5887] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   97.134906][ T5887] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[   97.146850][ T5877] usb 4-1: Using ep0 maxpacket: 32
[   97.152089][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[   97.163868][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[   97.175289][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   97.193251][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[   97.205732][   T51] Bluetooth: hci1: command tx timeout
[   97.211225][ T5877] usb 4-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[   97.222025][   T51] Bluetooth: hci2: command tx timeout
[   97.223835][ T5887] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   97.241928][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.250135][ T5877] usb 4-1: Product: syz
[   97.254338][ T5877] usb 4-1: Manufacturer: syz
[   97.260427][ T5877] usb 4-1: SerialNumber: syz
[   97.268652][ T5887] usb 3-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[   97.280326][ T5877] usb 4-1: config 0 descriptor??
[   97.288738][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.301941][ T5887] usb 3-1: Product: syz
[   97.307221][ T5877] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[   97.308322][   T10] usb 1-1: USB disconnect, device number 3
[   97.321327][ T5887] usb 3-1: Manufacturer: syz
[   97.338739][ T5887] usb 3-1: SerialNumber: syz
[   97.342458][ T5959] usblp0: removed
[   97.365739][   T51] Bluetooth: hci3: command tx timeout
[   97.377142][ T5887] usb 3-1: config 0 descriptor??
[   97.383656][ T5954] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[   97.423895][ T5887] ati_remote 3-1:0.0: Initializing ati_remote hardware failed.
[   97.443933][ T5887] ati_remote 3-1:0.0: probe with driver ati_remote failed with error -5
[   97.521417][ T5919] em28xx 2-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5)
[   97.545388][ T5919] em28xx 2-1:0.132: board has no eeprom
[   97.603035][   T10] usb 3-1: USB disconnect, device number 2
[   97.617263][ T5919] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[   97.636478][ T5919] em28xx 2-1:0.132: analog set to bulk mode.
[   97.644735][ T5887] em28xx 2-1:0.132: Registering V4L2 extension
[   97.672243][ T5919] usb 2-1: USB disconnect, device number 2
[   97.698154][ T5919] em28xx 2-1:0.132: Disconnecting em28xx
[   97.886799][ T5887] em28xx 2-1:0.132: Config register raw data: 0xffffffed
[   97.905019][ T5887] em28xx 2-1:0.132: AC97 chip type couldn't be determined
[   97.922121][ T5887] em28xx 2-1:0.132: No AC97 audio processor
[   97.938218][ T5887] usb 2-1: Decoder not found
[   97.943110][ T5887] em28xx 2-1:0.132: failed to create media graph
[   97.951114][ T5887] em28xx 2-1:0.132: V4L2 device video103 deregistered
[   97.962475][ T5887] em28xx 2-1:0.132: Remote control support is not available for this card.
[   97.972475][ T5919] em28xx 2-1:0.132: Closing input extension
[   97.997631][ T5919] em28xx 2-1:0.132: Freeing device
[   98.147282][ T5971] omfs: Invalid superblock (0)
[   98.401892][ T5979] ref_tracker: memory allocation failure, unreliable refcount tracker.
[   98.460717][   T51] Bluetooth: hci0: unexpected cc 0x080f length: 3 > 1
[   98.531669][ T5982] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   98.592030][   T24] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[   98.705575][ T5919] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   98.748290][   T24] usb 2-1: config 0 has an invalid interface number: 170 but max is 0
[   98.756999][   T24] usb 2-1: config 0 has no interface number 0
[   98.766453][   T24] usb 2-1: config 0 interface 170 has no altsetting 0
[   98.773553][   T24] usb 2-1: New USB device found, idVendor=c383, idProduct=abd3, bcdDevice=60.bf
[   98.783879][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.797774][   T24] usb 2-1: config 0 descriptor??
[   98.808282][   T24] usb 2-1: bad CDC descriptors
[   98.831397][ T5877] gspca_topro: reg_r err -71
[   98.836611][ T5877] gspca_topro: Sensor soi763a
[   98.853314][ T5877] usb 4-1: USB disconnect, device number 2
[   98.872182][ T5919] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   98.881898][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.890208][ T5919] usb 1-1: Product: syz
[   98.894475][ T5919] usb 1-1: Manufacturer: syz
[   98.901893][   T10] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   98.904483][ T5919] usb 1-1: SerialNumber: syz
[   98.926940][ T5919] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   98.963312][   T24] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   99.066672][   T10] usb 3-1: Using ep0 maxpacket: 16
[   99.082027][   T10] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   99.082482][ T5976] netlink: 12 bytes leftover after parsing attributes in process `syz.1.19'.
[   99.097769][   T10] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[   99.102968][ T5976] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[   99.114339][   T10] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   99.143845][   T10] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   99.153910][ T5919] usb 2-1: USB disconnect, device number 3
[   99.154914][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.180491][   T10] usb 3-1: Product: syz
[   99.191348][   T10] usb 3-1: Manufacturer: syz
[   99.196262][   T10] usb 3-1: SerialNumber: syz
[   99.628004][   T10] usb 3-1: 2:1 : format type 0 is detected, processed as PCM
[   99.752788][ T5991] capability: warning: `syz.1.23' uses deprecated v2 capabilities in a way that may be insecure
[   99.756062][ T5887] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   99.935701][ T5887] usb 4-1: Using ep0 maxpacket: 16
[   99.948759][ T5887] usb 4-1: config 3 has an invalid interface number: 99 but max is 0
[   99.957398][ T5887] usb 4-1: config 3 has no interface number 0
[   99.964570][ T5887] usb 4-1: config 3 interface 99 has no altsetting 0
[   99.974865][ T5887] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=85.74
[   99.984382][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.993680][ T5887] usb 4-1: Product: syz
[   99.998751][ T5887] usb 4-1: Manufacturer: syz
[  100.003484][ T5887] usb 4-1: SerialNumber: syz
[  100.009069][   T24] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  100.028656][   T24] ath9k_htc: Failed to initialize the device
[  100.038357][   T10] usb 3-1: 2:1: cannot set freq 9338507 to ep 0x82
[  100.101871][   T24] usb 1-1: ath9k_htc: USB layer deinitialized
[  100.119220][  T980] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  100.137333][   T10] usb 3-1: USB disconnect, device number 3
[  100.224716][ T5834] udevd[5834]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  100.290965][  T980] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  100.335910][ T5893] usb 1-1: USB disconnect, device number 4
[  100.351277][  T980] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  100.378805][  T980] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  100.389297][  T980] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  100.413292][  T980] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  100.423036][  T980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.437475][  T980] usb 2-1: config 0 descriptor??
[  100.905013][ T6001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  100.917423][ T6001] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  101.288067][   T24] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  101.458862][   T24] usb 1-1: Using ep0 maxpacket: 32
[  101.466564][   T24] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  101.474825][   T24] usb 1-1: config 0 has no interface number 0
[  101.484926][   T24] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  101.494637][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.502776][   T24] usb 1-1: Product: syz
[  101.507379][   T24] usb 1-1: Manufacturer: syz
[  101.512029][   T24] usb 1-1: SerialNumber: syz
[  101.522778][   T24] usb 1-1: config 0 descriptor??
[  101.539732][   T24] smsc95xx v2.0.0
[  101.945016][   T24] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  101.963791][   T24] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  102.035715][ T5877] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  102.209166][ T5877] usb 3-1: Using ep0 maxpacket: 16
[  102.220120][ T5877] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  102.229638][ T5877] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  102.237885][ T5877] usb 3-1: Product: syz
[  102.242118][ T5877] usb 3-1: Manufacturer: syz
[  102.248837][ T5877] usb 3-1: SerialNumber: syz
[  102.258196][ T5877] usb 3-1: config 0 descriptor??
[  102.507662][ T6007] input: syz1 as /devices/virtual/input/input7
[  102.515013][ T5887] usb 4-1: USB disconnect, device number 3
[  102.898254][  T980] usbhid 2-1:0.0: can't add hid device: -71
[  102.904320][  T980] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  102.918071][  T980] usb 2-1: USB disconnect, device number 4
[  102.952422][ T5893] usb 3-1: USB disconnect, device number 4
[  102.986338][ T6016] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  103.864699][ T6027] hpfs: Bad magic ... probably not HPFS
[  103.915742][ T5887] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  104.098351][ T5887] usb 4-1: config 0 has an invalid interface number: 170 but max is 0
[  104.105838][ T5893] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  104.106875][ T5887] usb 4-1: config 0 has no interface number 0
[  104.120521][ T5887] usb 4-1: config 0 interface 170 has no altsetting 0
[  104.127425][ T5887] usb 4-1: New USB device found, idVendor=c383, idProduct=abd3, bcdDevice=60.bf
[  104.136622][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.147693][ T5887] usb 4-1: config 0 descriptor??
[  104.158341][ T5887] usb 4-1: bad CDC descriptors
[  104.227362][   T24] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  104.241004][   T24] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71
[  104.270970][   T24] usb 1-1: USB disconnect, device number 5
[  104.290144][ T5893] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  104.306696][ T5893] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  104.321052][ T5893] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  104.331763][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.345302][ T6029] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  104.357856][ T5893] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  104.400412][ T6021] netlink: 12 bytes leftover after parsing attributes in process `syz.3.33'.
[  104.422030][ T6021] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  104.472377][   T24] usb 4-1: USB disconnect, device number 4
[  104.614800][ T5887] usb 3-1: USB disconnect, device number 5
[  105.115689][ T5893] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  105.165821][   T43] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  105.268376][ T5893] usb 2-1: device descriptor read/64, error -71
[  105.346474][   T43] usb 1-1: Using ep0 maxpacket: 8
[  105.366384][   T43] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 13
[  105.386456][   T43] usb 1-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  105.403828][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.424795][   T43] usb 1-1: Product: syz
[  105.432493][   T43] usb 1-1: Manufacturer: syz
[  105.442608][   T43] usb 1-1: SerialNumber: syz
[  105.456862][   T43] usb 1-1: config 0 descriptor??
[  105.466194][   T43] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  105.586057][ T5893] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  105.725605][ T5893] usb 2-1: device descriptor read/64, error -71
[  105.811668][ T5877] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  105.836669][ T5893] usb usb2-port1: attempt power cycle
[  105.935596][ T5887] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  105.977762][ T5877] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  105.993089][ T5877] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  106.010397][ T5877] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  106.026115][ T5877] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  106.040711][ T5877] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  106.050085][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.062655][ T5877] usb 3-1: config 0 descriptor??
[  106.115815][ T5887] usb 4-1: Using ep0 maxpacket: 32
[  106.123695][ T5887] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  106.134375][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.149403][ T5887] usb 4-1: config 0 descriptor??
[  106.195700][ T5893] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  106.216366][ T5893] usb 2-1: device descriptor read/8, error -71
[  106.361722][ T5887] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  106.380327][ T5887] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  106.397646][ T5887] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  106.405254][ T5887] usb 4-1: media controller created
[  106.456012][ T5887] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  106.465580][ T5893] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  106.496365][ T5877] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  106.503924][ T5877] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  106.511931][ T5893] usb 2-1: device descriptor read/8, error -71
[  106.523435][ T5877] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  106.531391][ T5877] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  106.539521][ T5877] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  106.549315][ T5877] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  106.558512][ T5877] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  106.573169][ T5887] az6027: usb out operation failed. (-71)
[  106.587241][ T5877] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  106.597195][ T5877] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  106.604806][ T5887] az6027: usb out operation failed. (-71)
[  106.612613][ T5877] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  106.623342][ T5887] stb0899_attach: Driver disabled by Kconfig
[  106.629508][ T5887] az6027: no front-end attached
[  106.629508][ T5887] 
[  106.631669][ T5893] usb usb2-port1: unable to enumerate USB device
[  106.646181][ T5887] az6027: usb out operation failed. (-71)
[  106.660924][ T5877] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  106.674001][ T5887] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  106.696690][ T5887] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input8
[  106.740530][ T5887] dvb-usb: schedule remote query interval to 400 msecs.
[  106.766239][ T5887] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  106.797773][ T5877] usb 3-1: USB disconnect, device number 6
[  106.807496][ T5887] usb 4-1: USB disconnect, device number 5
[  106.869881][ T6057] fido_id[6057]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  106.942162][ T5887] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  107.407284][ T6061] capability: warning: `syz.2.51' uses 32-bit capabilities (legacy support in use)
[  107.425553][ T5893] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  107.577535][ T5893] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  107.579105][ T6065] =======================================================
[  107.579105][ T6065] WARNING: The mand mount option has been deprecated and
[  107.579105][ T6065]          and is ignored by this kernel. Remove the mand
[  107.579105][ T6065]          option from the mount to silence this warning.
[  107.579105][ T6065] =======================================================
[  107.589299][ T5893] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  107.632923][ T5893] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  107.642369][ T5893] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  107.644097][ T6065] netlink: 'syz.2.53': attribute type 11 has an invalid length.
[  107.653390][ T5893] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  107.666943][ T5893] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  107.686318][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  107.689913][ T6066] netlink: 'syz.2.53': attribute type 11 has an invalid length.
[  107.694333][ T5893] usb 4-1: Product: syz
[  107.694352][ T5893] usb 4-1: Manufacturer: syz
[  107.710651][ T5893] cdc_wdm 4-1:1.0: skipping garbage
[  107.717470][ T6065] netlink: 48 bytes leftover after parsing attributes in process `syz.2.53'.
[  107.722421][ T5893] cdc_wdm 4-1:1.0: skipping garbage
[  107.736229][ T5893] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  107.742352][ T5893] cdc_wdm 4-1:1.0: Unknown control protocol
[  107.826136][ T6069] netlink: 16 bytes leftover after parsing attributes in process `syz.2.54'.
[  107.943451][ T5877] usb 4-1: USB disconnect, device number 6
[  108.109922][ T6076] netlink: 'syz.2.57': attribute type 13 has an invalid length.
[  108.123090][ T6076] macvtap0: entered promiscuous mode
[  108.146989][ T6076] macvtap0: refused to change device tx_queue_len
[  108.421860][ T6082] XFS (rnullb0): Invalid superblock magic number
[  108.667949][ T6097] netlink: 20 bytes leftover after parsing attributes in process `syz.1.64'.
[  108.810981][ T6100] hfs: can't find a HFS filesystem on dev rnullb0
[  108.855793][ T5877] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  109.012715][ T5877] usb 3-1: device descriptor read/64, error -71
[  109.142384][   T43] gspca_zc3xx: i2c_r status error 10
[  109.265611][ T5877] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  109.397369][   T51] Bluetooth: Wrong link type (-22)
[  109.406718][ T5877] usb 3-1: device descriptor read/64, error -71
[  109.409470][ T6122] netlink: 'syz.1.73': attribute type 10 has an invalid length.
[  109.439949][ T6122] team0: Port device geneve1 added
[  109.454586][   T51] Bluetooth: hci2: Malformed Event: 0x02
[  109.477388][ T6124] FAT-fs (rnullb0): bogus number of reserved sectors
[  109.484878][ T6124] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[  109.546097][ T5877] usb usb3-port1: attempt power cycle
[  109.655899][   T43] gspca_zc3xx: reg_r err -110
[  109.660842][   T43] gspca_zc3xx 1-1:0.0: probe with driver gspca_zc3xx failed with error -110
[  109.695725][  T980] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  109.869296][  T980] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  109.878605][  T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.896131][  T980] usb 2-1: Product: syz
[  109.900338][  T980] usb 2-1: Manufacturer: syz
[  109.904945][  T980] usb 2-1: SerialNumber: syz
[  109.904977][ T5877] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  109.924250][   T10] usb 1-1: USB disconnect, device number 6
[  109.958837][  T980] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  109.978076][ T5877] usb 3-1: device descriptor read/8, error -71
[  109.997014][ T5893] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  110.265574][ T5877] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  110.308692][ T5877] usb 3-1: device descriptor read/8, error -71
[  110.448035][ T5877] usb usb3-port1: unable to enumerate USB device
[  110.534585][ T5152] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  110.557068][ T5152] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  110.565726][ T5152] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  110.574110][ T5152] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  110.582591][ T5152] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  110.646839][    T0] NOHZ tick-stop error: local softirq work is pending, handler #102!!!
[  110.697188][   T10] usb 2-1: USB disconnect, device number 9
[  111.004333][ T6129] chnl_net:caif_netlink_parms(): no params data found
[  111.085996][ T6143] Dead loop on virtual device ip6_vti0, fix it urgently!
[  111.098823][ T6143] ntfs3(rnullb0): Primary boot signature is not NTFS.
[  111.107387][ T6143] ntfs3(rnullb0): Alternative boot signature is not NTFS.
[  111.127134][ T5893] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  111.140326][ T5893] ath9k_htc: Failed to initialize the device
[  111.150605][   T10] usb 2-1: ath9k_htc: USB layer deinitialized
[  111.184392][ T6146] netlink: 8 bytes leftover after parsing attributes in process `syz.1.84'.
[  111.369053][ T6129] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.380430][ T6129] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.389624][ T6129] bridge_slave_0: entered allmulticast mode
[  111.398195][ T6129] bridge_slave_0: entered promiscuous mode
[  111.412329][ T6129] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.422597][ T6129] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.430386][ T6129] bridge_slave_1: entered allmulticast mode
[  111.440000][ T6129] bridge_slave_1: entered promiscuous mode
[  111.503133][ T6155] netlink: 14 bytes leftover after parsing attributes in process `syz.0.87'.
[  111.724254][ T6155] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  111.753137][ T6155] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  111.787159][ T6155] bond0 (unregistering): Released all slaves
[  111.831319][ T6129] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.865410][ T6129] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  112.023622][ T6129] team0: Port device team_slave_0 added
[  112.047971][ T6129] team0: Port device team_slave_1 added
[  112.205855][ T6159] mkiss: ax0: crc mode is auto.
[  112.206623][ T6129] batman_adv: batadv0: Adding interface: batadv_slave_0
[  112.224332][ T6129] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.255936][ T5958] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  112.271355][ T6129] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  112.310529][ T6129] batman_adv: batadv0: Adding interface: batadv_slave_1
[  112.318454][ T6129] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  112.353085][ T6129] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  112.427920][ T5958] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  112.455917][ T5958] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  112.480784][ T5958] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  112.505565][ T5958] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  112.523901][ T6129] hsr_slave_0: entered promiscuous mode
[  112.526016][ T5958] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  112.542692][ T6129] hsr_slave_1: entered promiscuous mode
[  112.569648][ T6129] debugfs: 'hsr0' already exists in 'hsr'
[  112.575453][ T6129] Cannot create hsr debugfs directory
[  112.575551][ T5958] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  112.626543][ T5958] usb 1-1: config 0 descriptor??
[  112.650458][ T5152] Bluetooth: hci1: command tx timeout
[  112.819979][ T6175] qnx4: no qnx4 filesystem (no root dir).
[  112.855308][ T6177] FAULT_INJECTION: forcing a failure.
[  112.855308][ T6177] name failslab, interval 1, probability 0, space 0, times 0
[  112.872698][ T6177] CPU: 1 UID: 0 PID: 6177 Comm: syz.2.93 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  112.872727][ T6177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  112.872738][ T6177] Call Trace:
[  112.872750][ T6177]  <TASK>
[  112.872758][ T6177]  dump_stack_lvl+0x189/0x250
[  112.872806][ T6177]  ? __pfx____ratelimit+0x10/0x10
[  112.872831][ T6177]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.872853][ T6177]  ? __pfx__printk+0x10/0x10
[  112.872878][ T6177]  ? __page_table_check_zero+0x406/0x530
[  112.872911][ T6177]  should_fail_ex+0x414/0x560
[  112.872947][ T6177]  should_failslab+0xa8/0x100
[  112.872972][ T6177]  __kmalloc_noprof+0xcb/0x4f0
[  112.872992][ T6177]  ? blk_rq_map_user_iov+0x153/0x18c0
[  112.873018][ T6177]  ? blk_rq_map_user_iov+0x3d3/0x18c0
[  112.873049][ T6177]  blk_rq_map_user_iov+0x3d3/0x18c0
[  112.873080][ T6177]  ? stack_depot_save_flags+0x429/0x900
[  112.873112][ T6177]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[  112.873136][ T6177]  ? sg_build_indirect+0x100/0x850
[  112.873157][ T6177]  ? sg_write+0xacd/0xea0
[  112.873173][ T6177]  ? vfs_writev+0x4b3/0x960
[  112.873199][ T6177]  ? do_writev+0x14d/0x2d0
[  112.873240][ T6177]  ? import_ubuf+0xfb/0x1d0
[  112.873279][ T6177]  blk_rq_map_user_io+0x252/0x3a0
[  112.873314][ T6177]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[  112.873352][ T6177]  ? sg_common_write+0xb85/0x13d0
[  112.873378][ T6177]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  112.873406][ T6177]  ? set_page_refcounted+0xa0/0x1e0
[  112.873433][ T6177]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  112.873461][ T6177]  ? sg_build_indirect+0x5f8/0x850
[  112.873495][ T6177]  sg_common_write+0xcd8/0x13d0
[  112.873536][ T6177]  ? __pfx_sg_common_write+0x10/0x10
[  112.873573][ T6177]  sg_write+0xacd/0xea0
[  112.873601][ T6177]  ? __pfx_sg_write+0x10/0x10
[  112.873625][ T6177]  ? __pfx_aa_file_perm+0x10/0x10
[  112.873680][ T6177]  ? bpf_lsm_file_permission+0x9/0x20
[  112.873699][ T6177]  ? security_file_permission+0x75/0x290
[  112.873731][ T6177]  ? rw_verify_area+0x258/0x650
[  112.873758][ T6177]  vfs_writev+0x4b3/0x960
[  112.873799][ T6177]  ? __pfx_sg_write+0x10/0x10
[  112.873822][ T6177]  ? __pfx_vfs_writev+0x10/0x10
[  112.873867][ T6177]  ? __fget_files+0x2a/0x420
[  112.873899][ T6177]  ? __fget_files+0x3a0/0x420
[  112.873925][ T6177]  ? __fget_files+0x2a/0x420
[  112.873961][ T6177]  do_writev+0x14d/0x2d0
[  112.873993][ T6177]  ? __pfx_do_writev+0x10/0x10
[  112.874020][ T6177]  ? rcu_is_watching+0x15/0xb0
[  112.874046][ T6177]  ? do_syscall_64+0xbe/0x3b0
[  112.874076][ T6177]  do_syscall_64+0xfa/0x3b0
[  112.874102][ T6177]  ? lockdep_hardirqs_on+0x9c/0x150
[  112.874127][ T6177]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.874147][ T6177]  ? clear_bhb_loop+0x60/0xb0
[  112.874171][ T6177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.874190][ T6177] RIP: 0033:0x7f5c3938e929
[  112.874208][ T6177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  112.874225][ T6177] RSP: 002b:00007f5c3a160038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  112.874246][ T6177] RAX: ffffffffffffffda RBX: 00007f5c395b5fa0 RCX: 00007f5c3938e929
[  112.874260][ T6177] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000003
[  112.874273][ T6177] RBP: 00007f5c3a160090 R08: 0000000000000000 R09: 0000000000000000
[  112.874285][ T6177] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  112.874296][ T6177] R13: 0000000000000000 R14: 00007f5c395b5fa0 R15: 00007ffe90a620a8
[  112.874327][ T6177]  </TASK>
[  113.217829][    C1] vkms_vblank_simulate: vblank timer overrun
[  113.332500][ T6129] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  113.347218][ T6129] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  113.360045][ T6129] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  113.374658][ T6129] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  113.495994][ T5877] usb 2-1: new low-speed USB device number 10 using dummy_hcd
[  113.564692][ T6129] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.592225][ T6129] 8021q: adding VLAN 0 to HW filter on device team0
[  113.609279][  T976] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.616509][  T976] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.637944][ T5958] usbhid 1-1:0.0: can't add hid device: -71
[  113.644011][ T5958] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  113.663142][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.666597][ T5958] usb 1-1: USB disconnect, device number 7
[  113.670422][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.678578][ T5877] usb 2-1: Invalid ep0 maxpacket: 16
[  113.762573][ T6129] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  113.815771][ T5877] usb 2-1: new low-speed USB device number 11 using dummy_hcd
[  113.967088][ T6129] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.979670][ T5919] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  114.005580][ T5877] usb 2-1: Invalid ep0 maxpacket: 16
[  114.011368][ T5877] usb usb2-port1: attempt power cycle
[  114.167224][ T5919] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  114.188078][ T5919] usb 3-1: config 0 interface 0 has no altsetting 0
[  114.194777][ T5919] usb 3-1: New USB device found, idVendor=0458, idProduct=5019, bcdDevice= 0.00
[  114.227427][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.241443][ T5919] usb 3-1: config 0 descriptor??
[  114.342655][ T6129] veth0_vlan: entered promiscuous mode
[  114.356163][ T5877] usb 2-1: new low-speed USB device number 12 using dummy_hcd
[  114.358044][ T6129] veth1_vlan: entered promiscuous mode
[  114.397808][ T5877] usb 2-1: Invalid ep0 maxpacket: 16
[  114.402419][ T6129] veth0_macvtap: entered promiscuous mode
[  114.422579][ T6129] veth1_macvtap: entered promiscuous mode
[  114.445235][ T6129] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.462021][ T6129] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.482378][   T67] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.493306][   T67] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.503006][   T67] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.516938][   T67] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.545850][ T5877] usb 2-1: new low-speed USB device number 13 using dummy_hcd
[  114.585013][ T6206] sg_write: process 37 (syz.0.97) changed security contexts after opening file descriptor, this is not allowed.
[  114.601282][ T5877] usb 2-1: Invalid ep0 maxpacket: 16
[  114.608826][ T5877] usb usb2-port1: unable to enumerate USB device
[  114.612419][   T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.624101][   T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.666667][ T5919] usbhid 3-1:0.0: can't add hid device: -71
[  114.672715][ T5919] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  114.683554][ T5919] usb 3-1: USB disconnect, device number 11
[  114.691288][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.709431][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.725816][   T51] Bluetooth: hci1: command tx timeout
[  114.805409][ T6208] vxfs: WRONG superblock magic 00000000 at 1
[  114.814131][ T6208] vxfs: WRONG superblock magic 00000000 at 8
[  114.821095][ T6208] vxfs: can't find superblock.
[  115.074945][ T6220] syzkaller1: entered promiscuous mode
[  115.084982][ T6220] syzkaller1: entered allmulticast mode
[  115.227053][ T6224] dlm: non-version read from control device 2
[  115.239878][ T6224] netlink: 24 bytes leftover after parsing attributes in process `syz.0.102'.
[  115.445880][ T5152] Bluetooth: hci3: command 0x0406 tx timeout
[  115.774208][ T6240] ecryptfs: Unknown parameter 'fd'
[  116.355630][ T5920] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  116.527493][ T5920] usb 2-1: config 0 interface 0 altsetting 218 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  116.558212][ T5920] usb 2-1: config 0 interface 0 altsetting 218 endpoint 0x81 has invalid wMaxPacketSize 0
[  116.579167][ T5920] usb 2-1: config 0 interface 0 has no altsetting 0
[  116.608708][ T5920] usb 2-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00
[  116.622855][ T5920] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.623021][ T6266] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  116.637531][ T6266] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  116.643008][ T5920] usb 2-1: config 0 descriptor??
[  116.660981][ T6266] vhci_hcd vhci_hcd.0: Device attached
[  116.805616][   T51] Bluetooth: hci1: command tx timeout
[  116.905666][ T5919] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[  116.925753][   T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  117.101845][ T5920] hid_parser_main: 5 callbacks suppressed
[  117.101869][ T5920] kye 0003:0458:0087.0002: unknown main item tag 0x0
[  117.114997][ T5920] kye 0003:0458:0087.0002: item fetching failed at offset 3/5
[  117.124203][   T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  117.138528][ T5920] kye 0003:0458:0087.0002: parse failed
[  117.144140][ T5920] kye 0003:0458:0087.0002: probe with driver kye failed with error -22
[  117.153545][   T10] usb 1-1: config 0 has no interfaces?
[  117.161358][   T10] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  117.174156][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.188767][   T10] usb 1-1: config 0 descriptor??
[  117.300490][   T10] usb 2-1: USB disconnect, device number 14
[  117.413314][ T5920] usb 1-1: USB disconnect, device number 8
[  117.416010][ T6267] vhci_hcd: connection closed
[  117.424219][   T12] vhci_hcd: stop threads
[  117.439161][   T12] vhci_hcd: release socket
[  117.444446][   T12] vhci_hcd: disconnect device
[  117.476163][ T5919] vhci_hcd: vhci_device speed not set
[  117.513063][ T6273] tipc: Started in network mode
[  117.519153][ T6273] tipc: Node identity 7, cluster identity 4711
[  117.525379][ T6273] tipc: Node number set to 7
[  117.687562][   T51] Bluetooth: hci0: command tx timeout
[  118.505654][   T43] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  118.675591][   T43] usb 1-1: Using ep0 maxpacket: 32
[  118.688477][   T43] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[  118.710531][   T43] usb 1-1: config 0 has no interface number 0
[  118.719996][   T43] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  118.734993][   T43] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  118.746875][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.754920][   T43] usb 1-1: Product: syz
[  118.759977][   T43] usb 1-1: Manufacturer: syz
[  118.764612][   T43] usb 1-1: SerialNumber: syz
[  118.788659][   T43] usb 1-1: config 0 descriptor??
[  118.802476][   T43] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  118.814548][   T43] em28xx 1-1:0.132: Video interface 132 found:
[  118.821762][ T5919] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  118.886897][   T51] Bluetooth: hci1: command tx timeout
[  119.017035][ T6325] syzkaller1: entered promiscuous mode
[  119.025655][ T5919] usb 3-1: Using ep0 maxpacket: 8
[  119.033913][ T6325] syzkaller1: entered allmulticast mode
[  119.044742][ T5919] usb 3-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f
[  119.055077][ T5919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=1
[  119.075789][ T5919] usb 3-1: Product: syz
[  119.101011][ T5919] usb 3-1: Manufacturer: syz
[  119.110972][ T5919] usb 3-1: SerialNumber: syz
[  119.125018][ T5919] usb 3-1: config 0 descriptor??
[  119.135109][ T5919] usbtest 3-1:0.0: FX2 device
[  119.140369][ T5919] usbtest 3-1:0.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  119.208736][   T43] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[  119.342013][   T10] usb 3-1: USB disconnect, device number 12
[  119.358915][ T5893] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  119.420428][   T43] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  119.440619][   T43] em28xx 1-1:0.132: board has no eeprom
[  119.515673][   T43] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  119.525442][   T43] em28xx 1-1:0.132: analog set to bulk mode.
[  119.534820][ T5919] em28xx 1-1:0.132: Registering V4L2 extension
[  119.553122][ T5893] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  119.557657][   T43] usb 1-1: USB disconnect, device number 9
[  119.586111][ T5893] usb 2-1: config 0 interface 0 has no altsetting 0
[  119.600441][   T43] em28xx 1-1:0.132: Disconnecting em28xx
[  119.619267][ T5893] usb 2-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  119.636594][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.657285][ T5893] usb 2-1: Product: syz
[  119.665072][ T5893] usb 2-1: Manufacturer: syz
[  119.675210][ T5893] usb 2-1: SerialNumber: syz
[  119.689230][ T5893] usb 2-1: config 0 descriptor??
[  119.723249][ T5893] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  119.753307][ T5893] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  119.782052][ T5893] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  119.794103][ T5893] usb 2-1: media controller created
[  119.803967][ T5919] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[  119.819224][ T5919] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[  119.825664][ T5893] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  119.838111][ T5919] em28xx 1-1:0.132: No AC97 audio processor
[  119.856593][ T5919] usb 1-1: Decoder not found
[  119.862184][ T5919] em28xx 1-1:0.132: failed to create media graph
[  119.895729][ T5919] em28xx 1-1:0.132: V4L2 device video103 deregistered
[  119.921264][ T5919] em28xx 1-1:0.132: Remote control support is not available for this card.
[  119.953693][ T5893] DVB: Unable to find symbol tda10046_attach()
[  119.965116][   T43] em28xx 1-1:0.132: Closing input extension
[  119.977903][ T5893] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  119.998453][   T43] em28xx 1-1:0.132: Freeing device
[  120.016057][ T5893] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  120.417378][   T30] audit: type=1800 audit(1751507736.510:2): pid=6359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.158" name="bus" dev="overlay" ino=274 res=0 errno=0
[  120.835760][  T980] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[  120.865380][ T5893] dvb_usb_m920x 2-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  120.879374][ T5893] usb 2-1: USB disconnect, device number 15
[  120.998396][  T980] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  121.007758][  T980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.019972][  T980] usb 3-1: config 0 descriptor??
[  121.456450][ T5893] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  121.625597][ T5893] usb 1-1: Using ep0 maxpacket: 32
[  121.635374][ T5893] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[  121.649648][ T5893] usb 1-1: config 0 has no interface number 0
[  121.656137][ T5893] usb 1-1: config 0 interface 12 has no altsetting 0
[  121.671272][ T5893] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  121.681943][ T5893] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.698866][ T5893] usb 1-1: Product: syz
[  121.705271][ T5893] usb 1-1: Manufacturer: syz
[  121.711108][ T5893] usb 1-1: SerialNumber: syz
[  121.730320][ T5893] usb 1-1: config 0 descriptor??
[  121.747777][ T5893] f81534 1-1:0.12: required endpoints missing
[  121.955158][   T43] usb 1-1: USB disconnect, device number 10
[  122.249843][  T980] pegasus 3-1:0.0: can't reset MAC
[  122.256142][  T980] pegasus 3-1:0.0: probe with driver pegasus failed with error -5
[  122.271338][  T980] usb 3-1: USB disconnect, device number 13
[  122.609691][ T6401] process 'syz.0.175' launched '/dev/fd/3' with NULL argv: empty string added
[  123.075567][ T5893] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  123.249538][ T5893] usb 3-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5
[  123.264903][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.303424][ T5893] usb 3-1: config 0 descriptor??
[  123.731922][ T5893] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  123.763171][ T5893] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  123.794295][ T5893] asix 3-1:0.0: probe with driver asix failed with error -71
[  123.867583][ T5893] usb 3-1: USB disconnect, device number 14
[  124.403878][   T30] audit: type=1800 audit(1751507740.490:3): pid=6428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.184" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  125.285922][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  125.286658][ T6412] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  126.167408][ T6412] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  126.184415][ T6412] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  126.191776][ T6412] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  126.200854][ T6412] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  126.208015][ T6412] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  126.215186][ T6412] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  126.223344][ T6412] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  126.230660][ T6412] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  126.242501][ T6412] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  126.248995][ T6412] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  126.257072][ T6412] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  126.525692][ T5919] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  126.536272][ T5877] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  126.705637][ T5919] usb 1-1: Using ep0 maxpacket: 32
[  126.714229][ T5919] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  126.725322][ T5919] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.734875][ T5877] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  126.745790][ T5877] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.755040][ T5919] usb 1-1: config 0 descriptor??
[  126.769385][ T5877] usb 3-1: Product: syz
[  126.775296][ T5877] usb 3-1: Manufacturer: syz
[  126.780071][ T5877] usb 3-1: SerialNumber: syz
[  126.788410][ T5877] usb 3-1: config 0 descriptor??
[  126.968263][ T5919] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  126.980344][ T5919] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  126.991154][ T5919] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  127.002286][ T5919] usb 1-1: media controller created
[  127.031414][ T5919] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  127.172256][ T5919] az6027: usb out operation failed. (-71)
[  127.180909][ T5919] az6027: usb out operation failed. (-71)
[  127.186836][ T5919] stb0899_attach: Driver disabled by Kconfig
[  127.192976][ T5919] az6027: no front-end attached
[  127.192976][ T5919] 
[  127.200779][ T5919] az6027: usb out operation failed. (-71)
[  127.208043][ T5919] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  127.218424][ T5919] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input9
[  127.236390][ T5919] dvb-usb: schedule remote query interval to 400 msecs.
[  127.244916][ T5919] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  127.257352][ T5919] usb 1-1: USB disconnect, device number 11
[  127.288485][    T0] NOHZ tick-stop error: local softirq work is pending, handler #108!!!
[  127.346125][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  127.364651][ T5919] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  127.373648][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  127.813838][ T5877] usb 3-1: Firmware version (0.0) predates our first public release.
[  127.834359][ T5877] usb 3-1: Please update to version 0.2 or newer
[  127.920415][ T5877] usb 3-1: USB disconnect, device number 15
[  128.027914][ T5919] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  128.175773][   T10] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  128.225547][ T5919] usb 5-1: Using ep0 maxpacket: 8
[  128.232363][ T5919] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  128.241790][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.245785][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  128.257210][ T5152] Bluetooth: hci3: command 0x0406 tx timeout
[  128.263253][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout
[  128.267240][ T5919] usb 5-1: config 0 descriptor??
[  128.270419][  T980] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  128.355702][   T10] usb 2-1: Using ep0 maxpacket: 16
[  128.380200][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  128.392944][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  128.403428][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  128.420037][   T10] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  128.429282][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.440627][  T980] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  128.451266][  T980] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  128.466662][  T980] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  128.480822][   T10] usb 2-1: config 0 descriptor??
[  128.511113][  T980] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  128.530729][  T980] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.557665][  T980] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  128.577745][  T980] usb 1-1: invalid MIDI out EP 0
[  128.702913][  T980] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22
[  128.757786][ T6466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  128.769485][ T6466] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  128.779058][  T980] usb 1-1: USB disconnect, device number 12
[  128.806594][ T5893] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  128.923018][   T10] usbhid 2-1:0.0: can't add hid device: -71
[  128.932990][   T10] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  128.944144][   T10] usb 2-1: USB disconnect, device number 16
[  128.955651][ T5893] usb 3-1: Using ep0 maxpacket: 16
[  128.974379][ T5893] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  128.985416][ T5893] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  128.997132][ T5893] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  129.010589][ T5893] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  129.019795][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.027855][ T5893] usb 3-1: Product: syz
[  129.032065][ T5893] usb 3-1: Manufacturer: syz
[  129.036997][ T5893] usb 3-1: SerialNumber: syz
[  129.294461][ T5919] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  129.312638][ T5919] asix 5-1:0.0: probe with driver asix failed with error -71
[  129.324732][ T5919] usb 5-1: USB disconnect, device number 2
[  129.446200][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout
[  129.486435][ T5893] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  129.899944][ T5887] usb 3-1: USB disconnect, device number 16
[  129.946461][ T5152] Bluetooth: hci2: Malformed LE Event: 0x0b
[  130.160003][ T5152] Bluetooth: hci2: Malformed Event: 0x2f
[  130.327694][ T5152] Bluetooth: hci2: command 0x0c1a tx timeout
[  130.327710][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  130.327747][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  130.590263][    T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  130.778453][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  130.798332][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  130.800912][    T9] usb 1-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00
[  130.818081][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.826570][    T9] usb 1-1: Product: syz
[  130.831073][    T9] usb 1-1: Manufacturer: syz
[  130.836524][    T9] usb 1-1: SerialNumber: syz
[  130.847233][    T9] usb 1-1: config 0 descriptor??
[  130.856756][    T9] ums-isd200 1-1:0.0: USB Mass Storage device detected
[  131.060104][ T5877] usb 1-1: USB disconnect, device number 13
[  131.525778][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  132.405858][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout
[  132.412116][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  132.527430][   T30] audit: type=1326 audit(1751507748.610:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.2.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3938e929 code=0x7ffc0000
[  132.605314][   T30] audit: type=1326 audit(1751507748.610:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.2.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3938e929 code=0x7ffc0000
[  132.677932][ T6528] syz.0.225 (6528): drop_caches: 2
[  132.690991][   T30] audit: type=1326 audit(1751507748.660:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.2.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5c3938e929 code=0x7ffc0000
[  132.753397][   T30] audit: type=1326 audit(1751507748.660:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.2.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3938e929 code=0x7ffc0000
[  132.846828][   T30] audit: type=1326 audit(1751507748.660:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.2.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3938e929 code=0x7ffc0000
[  132.882194][ T6543] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  132.895556][   T30] audit: type=1326 audit(1751507748.660:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.2.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5c3938e929 code=0x7ffc0000
[  132.896425][ T5877] IPVS: starting estimator thread 0...
[  132.983108][   T30] audit: type=1326 audit(1751507748.660:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.2.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3938e929 code=0x7ffc0000
[  133.056635][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  133.063182][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  133.114282][   T30] audit: type=1326 audit(1751507748.660:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6538 comm="syz.2.229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c3938e929 code=0x7ffc0000
[  133.136922][ T6548] IPVS: using max 28 ests per chain, 67200 per kthread
[  133.402781][ T6562] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  133.423312][ T6562] tipc: Disabling bearer <eth:syzkaller0>
[  133.554383][ T6570] netlink: 'syz.0.243': attribute type 10 has an invalid length.
[  133.576107][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  133.585866][    T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!!
[  133.737621][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  133.978092][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  134.198670][ T6565] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  134.204949][ T6565] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  134.211357][ T6565] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  134.218490][ T6565] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  134.475667][    T9] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  134.486341][ T5893] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  134.647056][    T9] usb 1-1: Using ep0 maxpacket: 32
[  134.653214][ T5893] usb 5-1: Using ep0 maxpacket: 32
[  134.660262][    T9] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  134.678851][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.698458][ T5893] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  134.720934][    T9] usb 1-1: config 0 descriptor??
[  134.730416][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.744265][ T5893] usb 5-1: Product: syz
[  134.758495][ T5893] usb 5-1: Manufacturer: syz
[  134.763161][ T5893] usb 5-1: SerialNumber: syz
[  134.776637][ T5893] usb 5-1: config 0 descriptor??
[  134.788842][ T5893] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  134.815573][ T6471] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  134.841397][ T5152] Bluetooth: hci2: unexpected event for opcode 0x0407
[  134.953907][    T9] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  134.970641][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  134.994658][ T6471] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  135.006922][ T6471] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  135.021221][    T9] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  135.028590][ T6471] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  135.038596][    T9] usb 1-1: media controller created
[  135.048640][ T6471] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  135.082043][ T6471] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  135.091768][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  135.100258][ T6471] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.121900][ T6471] usb 3-1: config 0 descriptor??
[  135.159947][    T9] az6027: usb out operation failed. (-71)
[  135.175653][    T9] az6027: usb out operation failed. (-71)
[  135.185184][    T9] stb0899_attach: Driver disabled by Kconfig
[  135.191884][    T9] az6027: no front-end attached
[  135.191884][    T9] 
[  135.200005][   T10] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  135.209176][    T9] az6027: usb out operation failed. (-71)
[  135.214965][    T9] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  135.231741][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input10
[  135.246135][    T9] dvb-usb: schedule remote query interval to 400 msecs.
[  135.253176][    T9] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  135.267979][    T9] usb 1-1: USB disconnect, device number 14
[  135.365702][   T10] usb 2-1: Using ep0 maxpacket: 32
[  135.379786][    T9] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  135.399830][   T10] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  135.418547][   T10] usb 2-1: config 0 has no interface number 0
[  135.435555][   T10] usb 2-1: config 0 interface 12 has no altsetting 0
[  135.450760][   T10] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  135.460175][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.470967][   T10] usb 2-1: Product: syz
[  135.475197][   T10] usb 2-1: Manufacturer: syz
[  135.480422][   T10] usb 2-1: SerialNumber: syz
[  135.496315][   T10] usb 2-1: config 0 descriptor??
[  135.554423][ T6591] loop3: detected capacity change from 0 to 1
[  135.572436][ T5996]  loop3: [POWERTEC] p1 p2 p3 p4
[  135.579852][ T5996] loop3: p1 start 1868915817 is beyond EOD, truncated
[  135.593992][ T5996] loop3: p2 start 65280 is beyond EOD, truncated
[  135.601283][ T5996] loop3: p3 start 16777280 is beyond EOD, truncated
[  135.609245][ T5996] loop3: p4 start 1798272613 is beyond EOD, truncated
[  135.617824][ T5893] gspca_stk1135: reg_w 0x5 err -71
[  135.642693][ T6591]  loop3: [POWERTEC] p1 p2 p3 p4
[  135.649332][ T5893] gspca_stk1135: serial bus timeout: status=0x00
[  135.658665][ T6591] loop3: p1 start 1868915817 is beyond EOD, truncated
[  135.666556][ T5893] gspca_stk1135: Sensor write failed
[  135.672119][ T6591] loop3: p2 start 65280 is beyond EOD, truncated
[  135.679153][ T5893] gspca_stk1135: serial bus timeout: status=0x00
[  135.686029][ T5152] Bluetooth: hci0: command 0x0c1a tx timeout
[  135.692415][ T6591] loop3: p3 start 16777280 is beyond EOD, truncated
[  135.699519][ T5893] gspca_stk1135: Sensor write failed
[  135.705926][ T6591] loop3: p4 start 1798272613 is beyond EOD, truncated
[  135.710505][ T5893] gspca_stk1135: serial bus timeout: status=0x00
[  135.720228][ T5893] gspca_stk1135: Sensor read failed
[  135.725692][ T5893] gspca_stk1135: serial bus timeout: status=0x00
[  135.737309][ T5893] gspca_stk1135: Sensor read failed
[  135.742843][ T5893] gspca_stk1135: Detected sensor type unknown (0x0)
[  135.749759][ T6471] usbhid 3-1:0.0: can't add hid device: -71
[  135.756097][ T6471] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  135.768357][ T6471] usb 3-1: USB disconnect, device number 17
[  135.782729][ T5893] gspca_stk1135: serial bus timeout: status=0x00
[  135.790105][ T5893] gspca_stk1135: Sensor read failed
[  135.795889][ T5893] gspca_stk1135: serial bus timeout: status=0x00
[  135.802344][ T5893] gspca_stk1135: Sensor read failed
[  135.808715][ T5893] gspca_stk1135: serial bus timeout: status=0x00
[  135.816405][ T5893] gspca_stk1135: Sensor write failed
[  135.827063][ T5893] gspca_stk1135: serial bus timeout: status=0x00
[  135.838793][ T5893] gspca_stk1135: Sensor write failed
[  135.845300][ T5893] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71
[  135.878078][ T5893] usb 5-1: USB disconnect, device number 3
[  136.248369][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  136.248373][ T5152] Bluetooth: hci1: command 0x0c1a tx timeout
[  136.606067][ T5893] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  136.716581][   T51] Bluetooth: hci3: unexpected event for opcode 0x0c12
[  136.767705][ T5893] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.809445][ T5893] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  136.842224][ T5893] usb 1-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00
[  136.853651][ T5893] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.896113][ T5893] usb 1-1: config 0 descriptor??
[  136.930197][   T51] Bluetooth: hci3: ACL packet for unknown connection handle 201
[  136.946389][   T10] f81534 2-1:0.12: f81534_set_register: reg: 1002 data: 2f failed: -71
[  136.961503][   T10] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71
[  136.969967][   T10] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  136.983367][   T10] f81534 2-1:0.12: probe with driver f81534 failed with error -71
[  137.016311][   T10] usb 2-1: USB disconnect, device number 17
[  137.055676][ T5877] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  137.216618][ T5877] usb 5-1: Using ep0 maxpacket: 16
[  137.227818][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  137.241626][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  137.252154][ T5877] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  137.265125][ T5877] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  137.275246][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.287369][ T5877] usb 5-1: config 0 descriptor??
[  137.326436][ T5893] hid-led 0003:1D34:0004.0003: unknown main item tag 0x0
[  137.345748][ T5887] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  137.504093][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  137.518441][ T5887] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0
[  137.528905][ T5887] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  137.535423][ T5893] hid-led 0003:1D34:0004.0003: hidraw0: USB HID v0.00 Device [HID 1d34:0004] on usb-dummy_hcd.0-1/input0
[  137.567870][ T5893] hid-led 0003:1D34:0004.0003: Dream Cheeky Webmail Notifier initialized
[  137.568712][ T5887] usb 3-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00
[  137.609651][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.629547][ T5887] usb 3-1: Product: syz
[  137.633799][ T5887] usb 3-1: Manufacturer: syz
[  137.665515][ T5887] usb 3-1: SerialNumber: syz
[  137.688720][ T5887] usb 3-1: config 0 descriptor??
[  137.709599][ T5887] ums-isd200 3-1:0.0: USB Mass Storage device detected
[  137.722913][ T5877] usbhid 5-1:0.0: can't add hid device: -71
[  137.732418][ T5877] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  137.734846][ T5893] usb 1-1: USB disconnect, device number 15
[  137.764858][ T5877] usb 5-1: USB disconnect, device number 4
[  137.903879][ T5887] usb 3-1: USB disconnect, device number 18
[  138.095680][   T10] usb 2-1: new low-speed USB device number 18 using dummy_hcd
[  138.269250][   T10] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  138.291828][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.309859][   T10] usb 2-1: config 0 descriptor??
[  138.595505][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  138.637572][ T6654] netlink: 16 bytes leftover after parsing attributes in process `syz.0.278'.
[  138.764051][ T6658] netlink: 'syz.0.280': attribute type 12 has an invalid length.
[  138.772171][ T6658] netlink: 4 bytes leftover after parsing attributes in process `syz.0.280'.
[  139.024565][   T30] audit: type=1800 audit(1751507755.110:12): pid=6667 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.284" name="bus" dev="overlay" ino=437 res=0 errno=0
[  139.179922][ T6671] netlink: 88 bytes leftover after parsing attributes in process `syz.2.286'.
[  139.329290][ T6669] overlayfs: failed to resolve './file1': -2
[  139.450054][ T6669] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  139.973384][ T6687] netlink: 'syz.2.291': attribute type 5 has an invalid length.
[  139.981461][ T6687] netlink: 8 bytes leftover after parsing attributes in process `syz.2.291'.
[  140.070223][ T5877] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  140.107697][ T6689] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  140.189610][ T6693] netlink: 40 bytes leftover after parsing attributes in process `syz.4.294'.
[  140.245987][ T5877] usb 1-1: Using ep0 maxpacket: 8
[  140.254001][ T5877] usb 1-1: unable to get BOS descriptor or descriptor too short
[  140.273385][ T5877] usb 1-1: config 0 has an invalid interface number: 88 but max is 0
[  140.283129][ T5877] usb 1-1: config 0 has no interface number 0
[  140.289457][ T5877] usb 1-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  140.300854][ T5877] usb 1-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid maxpacket 8313, setting to 1024
[  140.312334][ T5877] usb 1-1: config 0 interface 88 has no altsetting 0
[  140.319915][ T5877] usb 1-1: language id specifier not provided by device, defaulting to English
[  140.331093][ T5877] usb 1-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  140.341378][ T5887] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  140.349093][ T5877] usb 1-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  140.357427][ T5877] usb 1-1: Product: syz
[  140.361688][ T5877] usb 1-1: Manufacturer: syz
[  140.367047][ T5877] usb 1-1: SerialNumber: syz
[  140.375217][ T5877] usb 1-1: config 0 descriptor??
[  140.495684][ T5884] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  140.517887][ T5887] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  140.528324][ T5887] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  140.537483][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.552441][ T5887] usb 3-1: config 0 descriptor??
[  140.563873][ T5887] pwc: Askey VC010 type 2 USB webcam detected.
[  140.590345][ T5877] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.88/input/input11
[  140.615296][ T5877] usb 1-1: USB disconnect, device number 16
[  140.660020][ T5884] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10
[  140.674411][ T5884] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  140.690097][ T5884] usb 5-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00
[  140.702926][ T5884] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.718505][ T5884] usb 5-1: config 0 descriptor??
[  140.940867][   T10] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  140.954907][   T10] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write Medium Mode mode to 0x0306: ffffffb9
[  140.967344][ T5887] pwc: recv_control_msg error -32 req 02 val 2b00
[  140.967748][   T10] asix 2-1:0.0: probe with driver asix failed with error -71
[  140.982728][ T5887] pwc: recv_control_msg error -32 req 02 val 2700
[  140.986799][   T10] usb 2-1: USB disconnect, device number 18
[  140.997666][ T5887] pwc: recv_control_msg error -32 req 02 val 2c00
[  141.005815][ T5887] pwc: recv_control_msg error -32 req 04 val 1000
[  141.182503][ T6695] netlink: 4 bytes leftover after parsing attributes in process `syz.4.295'.
[  141.195290][ T6698] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  141.198898][ T6695] IPVS: set_ctl: invalid protocol: 59 255.255.255.255:20001
[  141.201844][ T6698] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  141.206148][ T6698] vhci_hcd vhci_hcd.0: Device attached
[  141.210064][   T10] IPVS: starting estimator thread 0...
[  141.217982][ T5887] pwc: recv_control_msg error -32 req 04 val 1400
[  141.238274][ T5887] pwc: recv_control_msg error -32 req 02 val 2000
[  141.250783][ T5887] pwc: recv_control_msg error -32 req 02 val 2100
[  141.257934][ T5887] pwc: recv_control_msg error -32 req 04 val 1500
[  141.267843][ T5887] pwc: recv_control_msg error -32 req 02 val 2500
[  141.328967][ T6701] IPVS: using max 26 ests per chain, 62400 per kthread
[  141.344183][ T5884] usbhid 5-1:0.0: can't add hid device: -71
[  141.354467][ T5884] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  141.378486][ T5884] usb 5-1: USB disconnect, device number 5
[  141.382977][ T5877] vhci_hcd: vhci_device speed not set
[  141.456058][ T5877] usb 33-1: new full-speed USB device number 3 using vhci_hcd
[  141.476526][ T5887] pwc: recv_control_msg error -71 req 02 val 2600
[  141.478676][   T10] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  141.483548][ T5887] pwc: recv_control_msg error -71 req 02 val 2900
[  141.518616][ T5887] pwc: recv_control_msg error -71 req 02 val 2800
[  141.533875][ T5887] pwc: recv_control_msg error -71 req 04 val 1100
[  141.546517][ T5887] pwc: recv_control_msg error -71 req 04 val 1200
[  141.558023][ T5887] pwc: Registered as video103.
[  141.574479][ T5887] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input12
[  141.610119][ T5887] usb 3-1: USB disconnect, device number 19
[  141.688422][   T10] usb 1-1: Using ep0 maxpacket: 32
[  141.698209][   T10] usb 1-1: config 3 has an invalid interface number: 227 but max is 0
[  141.712997][   T10] usb 1-1: config 3 has no interface number 0
[  141.732087][   T10] usb 1-1: New USB device found, idVendor=07ca, idProduct=a868, bcdDevice=8a.99
[  141.744127][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.755036][ T6706] netlink: 8 bytes leftover after parsing attributes in process `syz.1.298'.
[  141.769392][   T10] usb 1-1: Product: syz
[  141.784985][   T10] usb 1-1: Manufacturer: syz
[  141.789792][   T10] usb 1-1: SerialNumber: syz
[  141.822099][   T10] dvb-usb: found a 'AVerMedia AVerTVHD Volar (A868R)' in warm state.
[  141.846069][   T10] cxusb: set interface failed
[  141.860230][   T10] dvb-usb: bulk message failed: -22 (1/0)
[  141.886468][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  141.911233][   T10] dvbdev: DVB: registering new adapter (AVerMedia AVerTVHD Volar (A868R))
[  141.940653][   T10] usb 1-1: media controller created
[  141.988678][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  142.025608][ T6698] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(11)
[  142.032265][ T6698] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  142.070027][ T6698] vhci_hcd vhci_hcd.0: Device attached
[  142.090718][ T6713] vhci_hcd: connection closed
[  142.092334][ T6699] vhci_hcd: connection reset by peer
[  142.102609][   T67] vhci_hcd: stop threads
[  142.123501][   T67] vhci_hcd: release socket
[  142.131471][   T67] vhci_hcd: disconnect device
[  142.138598][   T67] vhci_hcd: stop threads
[  142.142876][   T67] vhci_hcd: release socket
[  142.148754][   T67] vhci_hcd: disconnect device
[  142.213648][   T10] DVB: Unable to find symbol lgdt330x_attach()
[  142.225990][   T10] dvb-usb: no frontend was attached by 'AVerMedia AVerTVHD Volar (A868R)'
[  142.240731][   T10] dvb-usb: bulk message failed: -22 (1/0)
[  142.258323][   T10] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully initialized and connected.
[  142.285704][ T5887] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  142.317375][   T10] usb 1-1: USB disconnect, device number 17
[  142.410232][   T10] dvb-usb: AVerMedia AVerTVHD Volar (A868R) successfully deinitialized and disconnected.
[  142.420098][    C0] ==================================================================
[  142.420117][    C0] BUG: KASAN: slab-use-after-free in flush_tlb_func+0x23d/0x6c0
[  142.420158][    C0] Write of size 8 at addr ffff88805e2a6000 by task kworker/0:1/10
[  142.420176][    C0] 
[  142.420195][    C0] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  142.420218][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  142.420231][    C0] Workqueue: usb_hub_wq hub_event
[  142.420256][    C0] Call Trace:
[  142.420263][    C0]  <IRQ>
[  142.420271][    C0]  dump_stack_lvl+0x189/0x250
[  142.420293][    C0]  ? __virt_addr_valid+0x1c8/0x5c0
[  142.420314][    C0]  ? rcu_is_watching+0x15/0xb0
[  142.420332][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.420357][    C0]  ? rcu_is_watching+0x15/0xb0
[  142.420374][    C0]  ? lock_release+0x4b/0x3e0
[  142.420422][    C0]  ? __virt_addr_valid+0x1c8/0x5c0
[  142.420444][    C0]  ? __virt_addr_valid+0x4a5/0x5c0
[  142.420467][    C0]  print_report+0xd2/0x2b0
[  142.420493][    C0]  ? flush_tlb_func+0x23d/0x6c0
[  142.420515][    C0]  kasan_report+0x118/0x150
[  142.420539][    C0]  ? flush_tlb_func+0x23d/0x6c0
[  142.420566][    C0]  kasan_check_range+0x2b0/0x2c0
[  142.420591][    C0]  flush_tlb_func+0x23d/0x6c0
[  142.420619][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  142.420641][    C0]  ? sched_clock_cpu+0x74/0x430
[  142.420661][    C0]  ? rcu_is_watching+0x15/0xb0
[  142.420680][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  142.420704][    C0]  __flush_smp_call_function_queue+0x370/0xaa0
[  142.420725][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  142.420751][    C0]  __sysvec_call_function_single+0xa8/0x3d0
[  142.420778][    C0]  sysvec_call_function_single+0x9e/0xc0
[  142.420802][    C0]  </IRQ>
[  142.420809][    C0]  <TASK>
[  142.420816][    C0]  asm_sysvec_call_function_single+0x1a/0x20
[  142.420837][    C0] RIP: 0010:console_flush_all+0x7f7/0xc40
[  142.420875][    C0] Code: 48 21 c3 0f 85 e9 01 00 00 e8 b5 36 1f 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 a6 36 1f 00 eb 06 e8 9f 36 1f 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 0a 4a 83 00 48 8b 1b 48 8b 44 24
[  142.420892][    C0] RSP: 0018:ffffc900000f6f00 EFLAGS: 00000283
[  142.420910][    C0] RAX: 1ffffffff1d78ef3 RBX: ffffffff8ebc7798 RCX: 0000000000100000
[  142.420925][    C0] RDX: ffffc90016440000 RSI: 000000000001221b RDI: 000000000001221c
[  142.420938][    C0] RBP: ffffc900000f7050 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6
[  142.420953][    C0] R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: dffffc0000000000
[  142.420967][    C0] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8ebc7740
[  142.420992][    C0]  ? console_flush_all+0x13a/0xc40
[  142.421017][    C0]  ? __pfx_console_flush_all+0x10/0x10
[  142.421046][    C0]  ? is_printk_cpu_sync_owner+0x32/0x40
[  142.421074][    C0]  console_unlock+0xc4/0x270
[  142.421103][    C0]  ? __pfx_console_unlock+0x10/0x10
[  142.421124][    C0]  ? is_printk_cpu_sync_owner+0x32/0x40
[  142.421152][    C0]  vprintk_emit+0x5b7/0x7a0
[  142.421173][    C0]  ? __pfx_vprintk_emit+0x10/0x10
[  142.421195][    C0]  ? __free_frozen_pages+0x686/0xd80
[  142.421225][    C0]  _printk+0xcf/0x120
[  142.421245][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  142.421271][    C0]  ? __pfx__printk+0x10/0x10
[  142.421295][    C0]  ? free_large_kmalloc+0x13a/0x1f0
[  142.421319][    C0]  dvb_usb_device_exit+0x29b/0x350
[  142.421337][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.421362][    C0]  ? __pfx_dvb_usb_device_exit+0x10/0x10
[  142.421379][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  142.421405][    C0]  ? usb_disable_interface+0x31d/0x350
[  142.421432][    C0]  usb_unbind_interface+0x26b/0x910
[  142.421460][    C0]  ? __pfx_usb_unbind_interface+0x10/0x10
[  142.421485][    C0]  device_release_driver_internal+0x4d9/0x7c0
[  142.421514][    C0]  bus_remove_device+0x34d/0x410
[  142.421546][    C0]  device_del+0x511/0x8e0
[  142.421575][    C0]  ? __pm_runtime_barrier+0x212/0x460
[  142.421611][    C0]  ? __pfx_device_del+0x10/0x10
[  142.421630][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  142.421659][    C0]  usb_disable_device+0x3e9/0x8a0
[  142.421685][    C0]  usb_disconnect+0x330/0x950
[  142.421708][    C0]  hub_event+0x1cdb/0x4a00
[  142.421742][    C0]  ? do_raw_spin_lock+0x121/0x290
[  142.421765][    C0]  ? register_lock_class+0x51/0x320
[  142.421799][    C0]  ? __pfx_hub_event+0x10/0x10
[  142.421820][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  142.421856][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  142.421876][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  142.421904][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  142.421934][    C0]  process_scheduled_works+0xae1/0x17b0
[  142.421977][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  142.422015][    C0]  worker_thread+0x8a0/0xda0
[  142.422045][    C0]  kthread+0x70e/0x8a0
[  142.422069][    C0]  ? __pfx_worker_thread+0x10/0x10
[  142.422086][    C0]  ? __pfx_kthread+0x10/0x10
[  142.422108][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  142.422129][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.422151][    C0]  ? __pfx_kthread+0x10/0x10
[  142.422173][    C0]  ret_from_fork+0x3fc/0x770
[  142.422192][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  142.422211][    C0]  ? __switch_to_asm+0x39/0x70
[  142.422233][    C0]  ? __switch_to_asm+0x33/0x70
[  142.422254][    C0]  ? __pfx_kthread+0x10/0x10
[  142.422274][    C0]  ret_from_fork_asm+0x1a/0x30
[  142.422303][    C0]  </TASK>
[  142.422309][    C0] 
[  142.422321][    C0] Allocated by task 5841:
[  142.422331][    C0]  kasan_save_track+0x3e/0x80
[  142.422349][    C0]  __kasan_slab_alloc+0x6c/0x80
[  142.422367][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  142.422386][    C0]  copy_mm+0xdb/0x4b0
[  142.422402][    C0]  copy_process+0x1706/0x3c00
[  142.422418][    C0]  kernel_clone+0x21e/0x870
[  142.422436][    C0]  __x64_sys_clone+0x18b/0x1e0
[  142.422456][    C0]  do_syscall_64+0xfa/0x3b0
[  142.422479][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.422497][    C0] 
[  142.422502][    C0] Freed by task 6723:
[  142.422511][    C0]  kasan_save_track+0x3e/0x80
[  142.422528][    C0]  kasan_save_free_info+0x46/0x50
[  142.422552][    C0]  __kasan_slab_free+0x62/0x70
[  142.422570][    C0]  kmem_cache_free+0x18f/0x400
[  142.422589][    C0]  exit_mm+0x1da/0x2c0
[  142.422608][    C0]  do_exit+0x648/0x2300
[  142.422627][    C0]  do_group_exit+0x21c/0x2d0
[  142.422647][    C0]  __x64_sys_exit_group+0x3f/0x40
[  142.422667][    C0]  x64_sys_call+0x21f7/0x2200
[  142.422687][    C0]  do_syscall_64+0xfa/0x3b0
[  142.422708][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.422725][    C0] 
[  142.422730][    C0] The buggy address belongs to the object at ffff88805e2a5600
[  142.422730][    C0]  which belongs to the cache mm_struct of size 2584
[  142.422745][    C0] The buggy address is located 2560 bytes inside of
[  142.422745][    C0]  freed 2584-byte region [ffff88805e2a5600, ffff88805e2a6018)
[  142.422764][    C0] 
[  142.422768][    C0] The buggy address belongs to the physical page:
[  142.422776][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5e2a0
[  142.422793][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  142.422808][    C0] memcg:ffff888030f80101
[  142.422816][    C0] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  142.422849][    C0] page_type: f5(slab)
[  142.422866][    C0] raw: 00fff00000000040 ffff88801a84bb40 0000000000000000 dead000000000001
[  142.422881][    C0] raw: 0000000000000000 00000000000b000b 00000000f5000000 ffff888030f80101
[  142.422898][    C0] head: 00fff00000000040 ffff88801a84bb40 0000000000000000 dead000000000001
[  142.422915][    C0] head: 0000000000000000 00000000000b000b 00000000f5000000 ffff888030f80101
[  142.422932][    C0] head: 00fff00000000003 ffffea000178a801 00000000ffffffff 00000000ffffffff
[  142.422949][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  142.422959][    C0] page dumped because: kasan: bad access detected
[  142.422974][    C0] page_owner tracks the page as allocated
[  142.422981][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5212, tgid 5212 (udevd), ts 45854814081, free_ts 45788710564
[  142.423014][    C0]  post_alloc_hook+0x240/0x2a0
[  142.423037][    C0]  get_page_from_freelist+0x21e4/0x22c0
[  142.423063][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[  142.423087][    C0]  alloc_pages_mpol+0x232/0x4a0
[  142.423107][    C0]  allocate_slab+0x8a/0x370
[  142.423130][    C0]  ___slab_alloc+0xbeb/0x1410
[  142.423152][    C0]  kmem_cache_alloc_noprof+0x283/0x3c0
[  142.423169][    C0]  copy_mm+0xdb/0x4b0
[  142.423186][    C0]  copy_process+0x1706/0x3c00
[  142.423202][    C0]  kernel_clone+0x21e/0x870
[  142.423220][    C0]  __x64_sys_clone+0x18b/0x1e0
[  142.423239][    C0]  do_syscall_64+0xfa/0x3b0
[  142.423261][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.423277][    C0] page last free pid 5203 tgid 5203 stack trace:
[  142.423287][    C0]  __free_frozen_pages+0xb80/0xd80
[  142.423308][    C0]  __put_partials+0x156/0x1a0
[  142.423329][    C0]  put_cpu_partial+0x17c/0x250
[  142.423352][    C0]  __slab_free+0x2d5/0x3c0
[  142.423375][    C0]  qlist_free_all+0x97/0x140
[  142.423392][    C0]  kasan_quarantine_reduce+0x148/0x160
[  142.423409][    C0]  __kasan_slab_alloc+0x22/0x80
[  142.423428][    C0]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  142.423446][    C0]  getname_flags+0xb8/0x540
[  142.423471][    C0]  do_sys_openat2+0xbc/0x1c0
[  142.423487][    C0]  __x64_sys_openat+0x138/0x170
[  142.423503][    C0]  do_syscall_64+0xfa/0x3b0
[  142.423526][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  142.423543][    C0] 
[  142.423548][    C0] Memory state around the buggy address:
[  142.423558][    C0]  ffff88805e2a5f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  142.423571][    C0]  ffff88805e2a5f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  142.423585][    C0] >ffff88805e2a6000: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[  142.423595][    C0]                    ^
[  142.423605][    C0]  ffff88805e2a6080: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00
[  142.423618][    C0]  ffff88805e2a6100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  142.423629][    C0] ==================================================================
[  142.423646][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  142.423660][    C0] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) 
[  142.423682][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  142.423695][    C0] Workqueue: usb_hub_wq hub_event
[  142.423719][    C0] Call Trace:
[  142.423727][    C0]  <IRQ>
[  142.423735][    C0]  dump_stack_lvl+0x99/0x250
[  142.423757][    C0]  ? __asan_memcpy+0x40/0x70
[  142.423775][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.423796][    C0]  ? __pfx__printk+0x10/0x10
[  142.423823][    C0]  panic+0x2db/0x790
[  142.423852][    C0]  ? __pfx_panic+0x10/0x10
[  142.423872][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  142.423895][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  142.423917][    C0]  ? print_memory_metadata+0x314/0x400
[  142.423946][    C0]  ? flush_tlb_func+0x23d/0x6c0
[  142.423969][    C0]  check_panic_on_warn+0x89/0xb0
[  142.423993][    C0]  ? flush_tlb_func+0x23d/0x6c0
[  142.424015][    C0]  end_report+0x78/0x160
[  142.424037][    C0]  kasan_report+0x129/0x150
[  142.424060][    C0]  ? flush_tlb_func+0x23d/0x6c0
[  142.424085][    C0]  kasan_check_range+0x2b0/0x2c0
[  142.424110][    C0]  flush_tlb_func+0x23d/0x6c0
[  142.424138][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  142.424161][    C0]  ? sched_clock_cpu+0x74/0x430
[  142.424180][    C0]  ? rcu_is_watching+0x15/0xb0
[  142.424199][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  142.424223][    C0]  __flush_smp_call_function_queue+0x370/0xaa0
[  142.424244][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  142.424268][    C0]  __sysvec_call_function_single+0xa8/0x3d0
[  142.424294][    C0]  sysvec_call_function_single+0x9e/0xc0
[  142.424317][    C0]  </IRQ>
[  142.424325][    C0]  <TASK>
[  142.424333][    C0]  asm_sysvec_call_function_single+0x1a/0x20
[  142.424353][    C0] RIP: 0010:console_flush_all+0x7f7/0xc40
[  142.424377][    C0] Code: 48 21 c3 0f 85 e9 01 00 00 e8 b5 36 1f 00 48 8b 5c 24 20 4d 85 f6 75 07 e8 a6 36 1f 00 eb 06 e8 9f 36 1f 00 fb 48 8b 44 24 28 <42> 80 3c 20 00 74 08 48 89 df e8 0a 4a 83 00 48 8b 1b 48 8b 44 24
[  142.424394][    C0] RSP: 0018:ffffc900000f6f00 EFLAGS: 00000283
[  142.424412][    C0] RAX: 1ffffffff1d78ef3 RBX: ffffffff8ebc7798 RCX: 0000000000100000
[  142.424427][    C0] RDX: ffffc90016440000 RSI: 000000000001221b RDI: 000000000001221c
[  142.424442][    C0] RBP: ffffc900000f7050 R08: ffffffff8fc29e37 R09: 1ffffffff1f853c6
[  142.424457][    C0] R10: dffffc0000000000 R11: fffffbfff1f853c7 R12: dffffc0000000000
[  142.424471][    C0] R13: 0000000000000001 R14: 0000000000000200 R15: ffffffff8ebc7740
[  142.424496][    C0]  ? console_flush_all+0x13a/0xc40
[  142.424521][    C0]  ? __pfx_console_flush_all+0x10/0x10
[  142.424550][    C0]  ? is_printk_cpu_sync_owner+0x32/0x40
[  142.424576][    C0]  console_unlock+0xc4/0x270
[  142.424597][    C0]  ? __pfx_console_unlock+0x10/0x10
[  142.424618][    C0]  ? is_printk_cpu_sync_owner+0x32/0x40
[  142.424646][    C0]  vprintk_emit+0x5b7/0x7a0
[  142.424667][    C0]  ? __pfx_vprintk_emit+0x10/0x10
[  142.424690][    C0]  ? __free_frozen_pages+0x686/0xd80
[  142.424720][    C0]  _printk+0xcf/0x120
[  142.424739][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  142.424765][    C0]  ? __pfx__printk+0x10/0x10
[  142.424788][    C0]  ? free_large_kmalloc+0x13a/0x1f0
[  142.424812][    C0]  dvb_usb_device_exit+0x29b/0x350
[  142.424831][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.424864][    C0]  ? __pfx_dvb_usb_device_exit+0x10/0x10
[  142.424881][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  142.424906][    C0]  ? usb_disable_interface+0x31d/0x350
[  142.424932][    C0]  usb_unbind_interface+0x26b/0x910
[  142.424960][    C0]  ? __pfx_usb_unbind_interface+0x10/0x10
[  142.424983][    C0]  device_release_driver_internal+0x4d9/0x7c0
[  142.425011][    C0]  bus_remove_device+0x34d/0x410
[  142.425043][    C0]  device_del+0x511/0x8e0
[  142.425066][    C0]  ? __pm_runtime_barrier+0x212/0x460
[  142.425088][    C0]  ? __pfx_device_del+0x10/0x10
[  142.425109][    C0]  ? __pfx___mutex_lock+0x10/0x10
[  142.425139][    C0]  usb_disable_device+0x3e9/0x8a0
[  142.425165][    C0]  usb_disconnect+0x330/0x950
[  142.425188][    C0]  hub_event+0x1cdb/0x4a00
[  142.425223][    C0]  ? do_raw_spin_lock+0x121/0x290
[  142.425247][    C0]  ? register_lock_class+0x51/0x320
[  142.425283][    C0]  ? __pfx_hub_event+0x10/0x10
[  142.425305][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  142.425338][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  142.425360][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  142.425389][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  142.425420][    C0]  process_scheduled_works+0xae1/0x17b0
[  142.425462][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  142.425499][    C0]  worker_thread+0x8a0/0xda0
[  142.425530][    C0]  kthread+0x70e/0x8a0
[  142.425554][    C0]  ? __pfx_worker_thread+0x10/0x10
[  142.425572][    C0]  ? __pfx_kthread+0x10/0x10
[  142.425594][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  142.425615][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  142.425638][    C0]  ? __pfx_kthread+0x10/0x10
[  142.425661][    C0]  ret_from_fork+0x3fc/0x770
[  142.425680][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  142.425701][    C0]  ? __switch_to_asm+0x39/0x70
[  142.425724][    C0]  ? __switch_to_asm+0x33/0x70
[  142.425747][    C0]  ? __pfx_kthread+0x10/0x10
[  142.425770][    C0]  ret_from_fork_asm+0x1a/0x30
[  142.425801][    C0]  </TASK>
[  142.426172][    C0] Kernel Offset: disabled