last executing test programs:

42m20.729040567s ago: executing program 2 (id=109):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
sendmsg$inet_sctp(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)='\x00', 0x1}], 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="20000000000000008400000002000000ecff4000"], 0x20, 0x4048800}, 0x0)

42m20.02018849s ago: executing program 2 (id=112):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYBLOB='&'], 0x10)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000080)=ANY=[], 0x20)

42m19.795639792s ago: executing program 2 (id=115):
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x64000}, 0x4040)
socket$nl_crypto(0x10, 0x3, 0x15)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='projid_map\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_clone(0x2000, 0x0, 0xff36, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
write(r0, &(0x7f0000000080)="240000001a007f0214f9f4070009040803000000000000050002000008000f40fe00000e", 0x24)

42m17.371508082s ago: executing program 2 (id=119):
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x49a6a03276b449aa, 0x54, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x3ff4, 0x0, 0x2, 0x1000003}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
syz_open_dev$vbi(&(0x7f0000000140), 0x3, 0x2)
r0 = syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000005580)=""/102392, 0x18ff8)
mount(&(0x7f0000000200)=@rnullb, &(0x7f0000000240)='./file0\x00', &(0x7f00000002c0)='aufs\x00', 0x9010, &(0x7f0000000300)='eth0\x00')
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000e56000/0x4000)=nil, 0x4000, 0x11)
ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000180)={0x0, 0x0, 0x102, 0x6, {0x5, 0x9, 0xd, 0x58}})
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0x0)

42m11.831514544s ago: executing program 2 (id=130):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x442, 0x40)
renameat2(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0xffffffffffffff9c, 0x0, 0x1)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r1)
setsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000040)=""/106, &(0x7f0000000380)=0x6a)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x100, 0x5, 0x6, 0x4002, 0x5, 0x37, 0xefffffffffffffff, 0x0, 0x0, 0x2000005, 0xfffffffface6e3cd, 0x40000000001c, 0x1, 0xffffffffffffffff, 0xfd]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

42m11.425398697s ago: executing program 2 (id=132):
r0 = fsopen(&(0x7f0000000000)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
fchdir(r1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000680)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r2}})

41m56.337468199s ago: executing program 32 (id=132):
r0 = fsopen(&(0x7f0000000000)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
fchdir(r1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000480), 0x84, &(0x7f0000000680)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r2}})

14.791809802s ago: executing program 0 (id=7774):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000a00)={0x84, &(0x7f0000000280)={0x20, 0x18, 0x1, '6'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

12.496773741s ago: executing program 4 (id=7780):
syz_emit_vhci(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f0000000480)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000280), 0xffffffffffffffff, 0x0, 0x2, 0x4}}, 0x20)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
ptrace$getsig(0x4202, 0x0, 0x26, &(0x7f0000000500))
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0xa, 0x5, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x50, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0x3c, 0x1, [@m_sample={0x38, 0x1, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x50}}, 0x0)
r1 = inotify_init1(0x0)
fanotify_init(0x1a, 0x800)
inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0x2000434)

11.725018779s ago: executing program 0 (id=7782):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x7fda9000)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, 0x0, 0x4000040)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@hyper})

11.532921686s ago: executing program 3 (id=7783):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000440)=@newtfilter={0x90, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0xffff, 0x5}, {}, {0x7, 0x3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x5c, 0x2, [@TCA_MATCHALL_ACT={0x58, 0x2, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x8, 0x8, 0x4, 0xa, 0x3}, 0x1}}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_PRIO={0x8, 0x3, @val=0x9}]}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x404c000}, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r7 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$kcm(r7, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r8, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000140)='\r', 0x5dc}], 0x1}, 0x4)

11.359598497s ago: executing program 0 (id=7784):
r0 = socket$kcm(0x23, 0x2, 0x0)
sendmsg$sock(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
recvmmsg(r0, &(0x7f0000004140)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x20, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000240)=0x9, 0x4)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="1c0000f500000000000000862dfdff00000065"], 0x78)

9.036608101s ago: executing program 4 (id=7788):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
syz_emit_vhci(0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x4)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0xfff, 0x80301)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000003c0)={<r3=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000480)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000280), r3, 0x0, 0x2, 0x4}}, 0x20)
ioctl$VIDIOC_SUBDEV_S_CROP(r2, 0xc038563c, &(0x7f00000001c0)={0x0, 0x0, {0x6, 0xd74c, 0x5, 0x8}})
r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f00000004c0)={0x0, <r5=>0x0})
ptrace$getsig(0x4202, r5, 0x26, &(0x7f0000000500))
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r6 = socket(0xa, 0x5, 0x0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r6, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0x2}, &(0x7f0000000100)=0x8)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)=ANY=[@ANYRESOCT, @ANYRES16], 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x50, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0x3c, 0x1, [@m_sample={0x38, 0x1, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x50}}, 0x0)
r7 = inotify_init1(0x0)
r8 = fanotify_init(0x1a, 0x800)
fanotify_mark(r8, 0x641, 0x1028, 0xffffffffffffffff, 0x0)
inotify_add_watch(r7, &(0x7f0000000080)='.\x00', 0x2000434)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)

4.688867929s ago: executing program 4 (id=7792):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r3)
sendmsg$NLBL_MGMT_C_LISTDEF(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="2358a5544287ca48df2506000000"], 0x14}, 0x1, 0x0, 0x0, 0x24004800}, 0x40000800)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f00000001c0)=0x3)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000569000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, 0x0}], 0x1, 0x30, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000000380)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ffd3bf79a1f5c5dc34cf2645cbc11c4562d22db8780edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b000000fb354673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0100f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce78754182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f26df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132155fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'lo\x00'})
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@gettaction={0x14, 0x32, 0x20, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x4000000)
r7 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
ioctl$TIOCMSET(r7, 0x5418, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xffffffffffffffff)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0b080510"], 0xe)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000140))

4.495604886s ago: executing program 1 (id=7794):
socket(0x10, 0x803, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406301, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

3.926142349s ago: executing program 0 (id=7795):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d4", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(r1, &(0x7f0000007480)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000080)=""/5, 0x5}, {&(0x7f00000001c0)=""/43, 0x2b}], 0x2}, 0x8}], 0x1, 0x2, 0x0)

3.894923064s ago: executing program 3 (id=7796):
socket$packet(0x11, 0x3, 0x300)
set_mempolicy(0x2002, &(0x7f0000000000)=0x9, 0x9)
syz_open_procfs(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = fsopen(&(0x7f0000000080)='pvfs2\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
socket$inet6_sctp(0xa, 0x1, 0x84)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r2, 0xc01864ba, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x121682, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'erspan0\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x40, 0x10, 0x4b, 0x4, {{0x6, 0x4, 0x2, 0x10, 0x18, 0x68, 0x0, 0x8, 0x29, 0x0, @loopback, @broadcast, {[@end]}}}}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
readv(r3, &(0x7f0000000380)=[{&(0x7f0000000180)=""/117, 0x75}], 0x1)

3.297730832s ago: executing program 1 (id=7797):
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback, 0x6}}, 0x3, 0x81}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
syz_emit_ethernet(0x0, 0x0, 0x0)
pipe2(0x0, 0x0)
r1 = syz_io_uring_setup(0x10d, &(0x7f00000006c0)={0x0, 0x5885, 0x0, 0x2}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
unshare(0x20000400)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x40, 0x0, 0x0, 0x6, &(0x7f00000000c0), 0x1, 0x40, 0x1})
io_uring_enter(r1, 0x3516, 0xc2de, 0x8, 0x0, 0x0)

3.282526519s ago: executing program 4 (id=7798):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.183605262s ago: executing program 3 (id=7799):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xa0}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
socket$pppoe(0x18, 0x1, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x40002, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000ac0)='./file0\x00', 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r7, @ANYRES32=r6, @ANYBLOB='\a'], 0x10)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x5, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x29}}, './file0\x00'})
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000000c300)={{0x14}, [@NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x30, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0xc, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "c4"}]}, @NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xa4}}, 0x0)

2.885884572s ago: executing program 0 (id=7800):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
syz_emit_vhci(0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x4)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0xfff, 0x80301)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000003c0)={<r3=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000480)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000280), r3, 0x0, 0x2, 0x4}}, 0x20)
ioctl$VIDIOC_SUBDEV_S_CROP(r2, 0xc038563c, &(0x7f00000001c0)={0x0, 0x0, {0x6, 0xd74c, 0x5, 0x8}})
r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f00000004c0)={0x0, <r5=>0x0})
ptrace$getsig(0x4202, r5, 0x26, &(0x7f0000000500))
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r6 = socket(0xa, 0x5, 0x0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r6, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0x2}, &(0x7f0000000100)=0x8)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)=ANY=[@ANYRESOCT, @ANYRES16], 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x50, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0x3c, 0x1, [@m_sample={0x38, 0x1, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x50}}, 0x0)
r7 = inotify_init1(0x0)
r8 = fanotify_init(0x1a, 0x800)
fanotify_mark(r8, 0x641, 0x1028, 0xffffffffffffffff, 0x0)
inotify_add_watch(r7, &(0x7f0000000080)='.\x00', 0x2000434)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)

2.775740293s ago: executing program 4 (id=7801):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

2.159081858s ago: executing program 1 (id=7802):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x2}, 0x6)

2.039582578s ago: executing program 3 (id=7803):
r0 = socket$kcm(0x23, 0x2, 0x0)
sendmsg$sock(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
recvmmsg(r0, &(0x7f0000004140)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x20, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000240)=0x9, 0x4)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="1c0000f500000000000000862dfdff00000065"], 0x78)

1.945772562s ago: executing program 1 (id=7804):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
syz_emit_vhci(0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x4)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$video4linux(&(0x7f0000000080), 0xfff, 0x80301)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000003c0)={<r2=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000480)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000280), r2, 0x0, 0x2, 0x4}}, 0x20)
r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f00000004c0)={0x0, <r4=>0x0})
ptrace$getsig(0x4202, r4, 0x26, &(0x7f0000000500))
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r5 = socket(0xa, 0x5, 0x0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f0000000040)=@assoc_value={0x0, 0x2}, &(0x7f0000000100)=0x8)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)=ANY=[@ANYRESOCT, @ANYRES16], 0x50)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtaction={0x50, 0x30, 0xffff, 0xfffffffe, 0x0, {}, [{0x3c, 0x1, [@m_sample={0x38, 0x1, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_SAMPLE_RATE={0x8, 0x3, 0x3}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x50}}, 0x0)
r6 = inotify_init1(0x0)
inotify_add_watch(r6, &(0x7f0000000080)='.\x00', 0x2000434)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)

1.555410795s ago: executing program 0 (id=7805):
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f00000021c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0xab, 0x10400}}, 0x50)
syz_fuse_handle_req(r2, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000140)={0x30, 0x5, 0x0, {0x0, 0x1, 0x3, 0x67a7}}, 0x30)
r4 = syz_open_procfs(0xffffffffffffffff, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004b41460860163209ea800102030109021e0001000000"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000ffffffff000010000000e67c67fed2a51b610000950000000000000000a32b82edf3ff79a3841b96f328ea92475070ff914d27958536300f394f2cd14d20afc58c5c38f6e3cb66a95f96878b8c30af55b20f61344dd55dda4dc7a283159a64d1fcf8c7ca2675567d92df3c26096a4c48aefa8038f79001bcaf29e6f243d6e872e9fce5404176ff86b8a24acc01b6eaf29d4671ac15b9bae66557f9c2e546521a20410f68534394afa97b27adb4f63209dd39409a3155746fa9204ac4da14d54760fb29b731b66c4edc83b382770a62260eefa395"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141042, 0x1)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
io_setup(0x5, &(0x7f0000000140)=<r6=>0x0)
r7 = eventfd2(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x10044, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r7, @ANYBLOB=',wfdno=', @ANYRESHEX=r5])
io_submit(r6, 0x1, &(0x7f0000000280)=[&(0x7f0000000300)={0x1802, 0x0, 0x0, 0x5, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x1, r7}])
shutdown(r5, 0x0)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000140)={0x3, 0x2000bb22, 0x2, {0x1, @raw_data="3d924b827139e8a4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed32147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc331c96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a700"}})

835.627122ms ago: executing program 3 (id=7806):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r3)
sendmsg$NLBL_MGMT_C_LISTDEF(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="2358a5544287ca48df2506000000"], 0x14}, 0x1, 0x0, 0x0, 0x24004800}, 0x40000800)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f00000001c0)=0x3)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000569000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, 0x0}], 0x1, 0x30, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000000380)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ffd3bf79a1f5c5dc34cf2645cbc11c4562d22db8780edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b000000fb354673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0100f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce78754182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f26df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132155fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'lo\x00'})
sendmsg$nl_route_sched(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@gettaction={0x14, 0x32, 0x20, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x4000000)
r7 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
ioctl$TIOCMSET(r7, 0x5418, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xffffffffffffffff)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0b080510"], 0xe)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000140))

769.345201ms ago: executing program 4 (id=7807):
socket$packet(0x11, 0x3, 0x300)
set_mempolicy(0x2002, &(0x7f0000000000)=0x9, 0x9)
syz_open_procfs(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
r0 = fsopen(&(0x7f0000000080)='pvfs2\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, &(0x7f0000000040)='c:::\x00', 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102400, 0x19000)
socket$inet6_sctp(0xa, 0x1, 0x84)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r2, 0xc01864ba, 0x0)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x121682, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'erspan0\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x40, 0x10, 0x4b, 0x4, {{0x6, 0x4, 0x2, 0x10, 0x18, 0x68, 0x0, 0x8, 0x29, 0x0, @loopback, @broadcast, {[@end]}}}}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
readv(r3, &(0x7f0000000380)=[{&(0x7f0000000180)=""/117, 0x75}], 0x1)

253.057403ms ago: executing program 1 (id=7808):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d4", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
recvmmsg(r1, &(0x7f0000007480)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000080)=""/5, 0x5}, {&(0x7f00000001c0)=""/43, 0x2b}], 0x2}, 0x8}], 0x1, 0x2, 0x0)

200.180684ms ago: executing program 1 (id=7809):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

0s ago: executing program 3 (id=7810):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03)
syz_open_dev$video4linux(&(0x7f00000000c0), 0x3, 0x2)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0)
fcntl$notify(0xffffffffffffffff, 0x402, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$video4linux(0x0, 0x3, 0x3cf281)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000340), 0x204100, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x4, 0x4, 0x538, 0xffffffff, 0x398, 0xe8, 0x398, 0xfeffffff, 0xffffffff, 0x468, 0x468, 0x468, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffffff, 0xff000000, 0xff, 0xffffff00], [0xffffff00, 0xffffffff, 0xff000000, 0xffffffff], 'hsr0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [0xff], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00', {}, {}, 0x0, 0x0, 0x6}, 0x0, 0x270, 0x2b0, 0x0, {}, [@common=@srh1={{0x90}, {0x2, 0xe, 0x6, 0x5, 0x9, @remote, @local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0x0, 0xff, 0xffffff00, 0xffffff00], [0xff, 0xffffff00, 0xff, 0xffffff00], [0x0, 0xffffffff, 0x0, 0xff], 0x4000, 0x11}}, @common=@rt={{0x138}, {0x401, [0xfffffffe], 0x1, 0x2, 0x3, [@remote, @empty, @remote, @remote, @remote, @mcast1, @mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, @mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @remote, @rand_addr=' \x01\x00', @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}], 0x9}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x1, {0x2000010}}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x598)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000)
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f00000005c0)={{{@in=@initdev, @in=@loopback}}, {{@in6=@local}, 0x0, @in=@initdev}}, &(0x7f0000000180)=0xe8)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x5422, 0x0)
ioctl$TIOCL_PASTESEL(r5, 0x541c, &(0x7f0000000140))

kernel console output (not intermixed with test programs):

t 27)
[ 2227.372345][T25166] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2227.401660][T25166] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2227.420905][T25166] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2227.451334][T25166] usb 2-1: Manufacturer: syz
[ 2227.470881][T25166] usb 2-1: config 0 descriptor??
[ 2227.613672][T25166] rc_core: IR keymap rc-hauppauge not found
[ 2227.619661][T25166] Registered IR keymap rc-empty
[ 2227.634996][T25166] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 2227.681202][T25166] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input33
[ 2227.725615][T25166] usb 2-1: USB disconnect, device number 112
[ 2228.117740][T28596] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6915'.
[ 2228.499253][T28603] netlink: 32 bytes leftover after parsing attributes in process `syz.4.6918'.
[ 2229.095406][T28609] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6917'.
[ 2229.626483][T28598] delete_channel: no stack
[ 2230.105329][T28625] netlink: 40 bytes leftover after parsing attributes in process `syz.3.6924'.
[ 2230.284524][T28625] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 2230.863049][    T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[ 2231.125366][    T9] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2231.150116][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2231.211373][    T9] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2231.253793][    T9] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2231.262500][    T9] usb 5-1: Manufacturer: syz
[ 2231.295313][    T9] usb 5-1: config 0 descriptor??
[ 2231.756985][    T9] rc_core: IR keymap rc-hauppauge not found
[ 2231.773240][    T9] Registered IR keymap rc-empty
[ 2231.788139][    T9] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[ 2231.802395][    T9] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input34
[ 2231.828695][    T9] usb 5-1: USB disconnect, device number 10
[ 2232.069841][T28644] delete_channel: no stack
[ 2232.390833][T28663] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6935'.
[ 2232.446111][    T9] usb 2-1: new high-speed USB device number 113 using dummy_hcd
[ 2232.663976][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2232.692464][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2232.720310][    T9] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 2232.753959][    T9] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 2232.771996][    T9] usb 2-1: Manufacturer: syz
[ 2232.789491][    T9] usb 2-1: config 0 descriptor??
[ 2233.603825][T28669] netlink: 40 bytes leftover after parsing attributes in process `syz.4.6936'.
[ 2233.642492][T28665] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 2233.860139][    T9] uclogic 0003:256C:006D.0030: failed retrieving string descriptor #200: -71
[ 2233.885179][    T9] uclogic 0003:256C:006D.0030: failed retrieving pen parameters: -71
[ 2233.917082][    T9] uclogic 0003:256C:006D.0030: failed probing pen v2 parameters: -71
[ 2233.927370][    T9] uclogic 0003:256C:006D.0030: failed probing parameters: -71
[ 2234.178889][    T9] uclogic: probe of 0003:256C:006D.0030 failed with error -71
[ 2234.206233][    T9] usb 2-1: USB disconnect, device number 113
[ 2234.643899][T10560] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[ 2234.875247][T10560] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2234.884106][T10560] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 2234.895153][T10560] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2234.904932][T10560] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 2234.916921][T10560] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 2234.929845][T10560] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2234.939358][T10560] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2234.947947][T10560] usb 5-1: Product: syz
[ 2234.952173][T10560] usb 5-1: Manufacturer: syz
[ 2234.967972][T10560] cdc_wdm 5-1:1.0: skipping garbage
[ 2234.974038][T10560] cdc_wdm 5-1:1.0: skipping garbage
[ 2234.982580][T10560] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[ 2234.988930][T10560] cdc_wdm 5-1:1.0: Unknown control protocol
[ 2235.003869][  T966] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[ 2235.207328][  T966] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2235.216264][  T966] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2235.229937][  T966] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2235.239747][  T966] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2235.253860][  T966] usb 4-1: Manufacturer: syz
[ 2235.264782][  T966] usb 4-1: config 0 descriptor??
[ 2235.364473][  T966] rc_core: IR keymap rc-hauppauge not found
[ 2235.372727][T28682] delete_channel: no stack
[ 2235.388012][T28690] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6944'.
[ 2235.397313][  T966] Registered IR keymap rc-empty
[ 2235.398580][    C0] cdc_wdm 5-1:1.0: unknown notification 129 received: index 49755 len 0
[ 2235.414257][  T966] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[ 2235.446973][T10560] usb 5-1: USB disconnect, device number 11
[ 2235.469976][  T966] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input35
[ 2235.554105][  T966] usb 4-1: USB disconnect, device number 36
[ 2236.730507][T28701] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6946'.
[ 2236.754510][T28701] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 2237.090465][T28708] syzkaller0: entered promiscuous mode
[ 2237.096160][T28708] syzkaller0: entered allmulticast mode
[ 2237.189472][T28712] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[ 2237.196036][T28712] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 2237.213296][T28712] vhci_hcd vhci_hcd.0: Device attached
[ 2237.223231][T28713] vhci_hcd: connection closed
[ 2237.225468][   T48] vhci_hcd: stop threads
[ 2237.243900][   T48] vhci_hcd: release socket
[ 2237.253674][   T48] vhci_hcd: disconnect device
[ 2237.573752][  T966] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[ 2237.747609][T28727] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6954'.
[ 2238.605231][  T966] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2238.665160][  T966] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2238.706600][  T966] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 2238.738405][  T966] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 2238.750885][  T966] usb 4-1: Manufacturer: syz
[ 2238.793170][  T966] usb 4-1: config 0 descriptor??
[ 2239.600552][T28742] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6959'.
[ 2239.614015][T28742] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 2239.973091][  T966] usbhid 4-1:0.0: can't add hid device: -71
[ 2239.979803][  T966] usbhid: probe of 4-1:0.0 failed with error -71
[ 2240.043022][  T966] usb 4-1: USB disconnect, device number 37
[ 2240.601812][T28754] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[ 2240.608384][T28754] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 2240.696823][T28754] vhci_hcd vhci_hcd.0: Device attached
[ 2240.949158][T10560] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[ 2241.088971][T28755] vhci_hcd: connection closed
[ 2241.099909][T15487] vhci_hcd: stop threads
[ 2241.135679][T15487] vhci_hcd: release socket
[ 2241.152801][T15487] vhci_hcd: disconnect device
[ 2241.203993][    T9] vhci_hcd: vhci_device speed not set
[ 2241.324299][T10560] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2241.341142][T10560] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2241.349485][T10560] usb 5-1: Product: syz
[ 2241.362640][T10560] usb 5-1: Manufacturer: syz
[ 2241.367643][T10560] usb 5-1: SerialNumber: syz
[ 2241.375104][T10560] usb 5-1: config 0 descriptor??
[ 2243.032312][T28772] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6970'.
[ 2243.073669][T28772] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 2243.177934][T10560] usb 5-1: unexpected transceiver, part 0xe2 version 0x1a
[ 2243.390379][T10560] usb 5-1: Firmware version (0.0) predates our first public release.
[ 2243.572240][T10560] usb 5-1: Please update to version 0.2 or newer
[ 2243.615107][T10560] usb 5-1: atusb_probe: initialization failed, error = -19
[ 2243.747512][T10560] usb 5-1: USB disconnect, device number 12
[ 2243.952990][T28789] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6974'.
[ 2243.995679][ T5833] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[ 2244.166909][T13444] Bluetooth: hci0: link tx timeout
[ 2244.173132][T13444] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 2244.196115][T27526] Bluetooth: hci0: link tx timeout
[ 2244.201295][T27526] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 2244.213755][T27526] Bluetooth: hci0: link tx timeout
[ 2244.219032][T27526] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 2244.225572][ T5833] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2244.252497][ T5833] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 2244.308795][ T5833] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2244.345855][ T5833] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 2244.417496][ T5833] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 2244.442036][ T5833] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2244.451587][ T5833] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2244.474818][ T5833] usb 2-1: Product: syz
[ 2244.509657][ T5833] usb 2-1: Manufacturer: syz
[ 2244.560043][ T5833] cdc_wdm 2-1:1.0: skipping garbage
[ 2244.566446][ T5833] cdc_wdm 2-1:1.0: skipping garbage
[ 2244.574382][ T5833] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[ 2244.582360][ T5833] cdc_wdm 2-1:1.0: Unknown control protocol
[ 2244.823717][  T966] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[ 2244.983897][  T966] usb 4-1: device descriptor read/64, error -71
[ 2244.987442][ T5833] usb 2-1: USB disconnect, device number 114
[ 2245.273821][  T966] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 2245.441174][  T966] usb 4-1: device descriptor read/64, error -71
[ 2245.567548][  T966] usb usb4-port1: attempt power cycle
[ 2245.811066][T28807] netlink: 40 bytes leftover after parsing attributes in process `syz.1.6981'.
[ 2245.837743][T28807] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 2246.154044][  T966] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[ 2246.214820][  T966] usb 4-1: device descriptor read/8, error -71
[ 2246.228063][T27526] Bluetooth: hci0: command 0x0406 tx timeout
[ 2246.503700][  T966] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 2246.544784][  T966] usb 4-1: device descriptor read/8, error -71
[ 2246.663969][  T966] usb usb4-port1: unable to enumerate USB device
[ 2248.587157][T28834] ubi: mtd0 is already attached to ubi31
[ 2249.247999][T28838] netlink: 40 bytes leftover after parsing attributes in process `syz.0.6990'.
[ 2249.267070][T28838] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 2249.935961][T28849] syzkaller0: entered promiscuous mode
[ 2249.975482][T28849] syzkaller0: entered allmulticast mode
[ 2250.393749][ T5833] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[ 2250.593740][ T5833] usb 5-1: device descriptor read/64, error -71
[ 2250.893830][ T5833] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[ 2251.073777][ T5833] usb 5-1: device descriptor read/64, error -71
[ 2251.224061][ T5833] usb usb5-port1: attempt power cycle
[ 2251.526869][T28868] ubi: mtd0 is already attached to ubi31
[ 2251.793773][ T5833] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[ 2252.089584][ T5833] usb 5-1: device descriptor read/8, error -71
[ 2252.115139][T28874] netlink: 40 bytes leftover after parsing attributes in process `syz.0.7002'.
[ 2252.137395][T28874] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 2252.603777][ T5833] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[ 2252.647258][ T5833] usb 5-1: device descriptor read/8, error -71
[ 2252.803867][ T5833] usb usb5-port1: unable to enumerate USB device
[ 2252.990695][T28883] syzkaller0: entered promiscuous mode
[ 2253.134643][T28883] syzkaller0: entered allmulticast mode
[ 2256.207364][T28905] ip6t_srh: unknown srh match flags  4000
[ 2257.905035][T28911] netlink: 40 bytes leftover after parsing attributes in process `syz.1.7011'.
[ 2257.932448][T28911] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 2258.883776][T25166] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[ 2259.769593][T25166] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2259.908618][T25166] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2259.923328][T25166] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 2259.932607][T25166] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 2260.066652][T25166] usb 2-1: Manufacturer: syz
[ 2260.243723][T25166] usb 2-1: config 0 descriptor??
[ 2260.827334][T25166] usbhid 2-1:0.0: can't add hid device: -71
[ 2260.844526][T25166] usbhid: probe of 2-1:0.0 failed with error -71
[ 2260.876942][T25166] usb 2-1: USB disconnect, device number 115
[ 2261.535646][T28948] ip6t_srh: unknown srh match flags  4000
[ 2263.460832][T28956] netlink: 40 bytes leftover after parsing attributes in process `syz.4.7023'.
[ 2263.482892][T28956] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 2267.138144][T28991] ip6t_srh: unknown srh match flags  4000
[ 2268.785539][T29002] syzkaller0: entered promiscuous mode
[ 2268.793598][T29002] syzkaller0: entered allmulticast mode
[ 2271.738727][T29030] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7042'.
[ 2271.837027][T29023] delete_channel: no stack
[ 2273.744636][ T5809] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[ 2274.647616][ T5809] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2274.665585][ T5809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2274.675044][ T5809] usb 2-1: Product: syz
[ 2274.679380][ T5809] usb 2-1: Manufacturer: syz
[ 2274.685033][ T5809] usb 2-1: SerialNumber: syz
[ 2274.726415][ T5809] usb 2-1: config 0 descriptor??
[ 2275.736174][T29075] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[ 2275.746760][T29075] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 2275.918239][T13444] Bluetooth: hci2: unexpected event for opcode 0x1005
[ 2275.943734][ T5809] usb 2-1: Firmware version (0.0) predates our first public release.
[ 2275.954123][ T5809] usb 2-1: Please update to version 0.2 or newer
[ 2276.104580][ T5809] usb 2-1: USB disconnect, device number 116
[ 2276.217283][T29071] delete_channel: no stack
[ 2277.421353][T29092] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7055'.
[ 2282.631744][T29129] delete_channel: no stack
[ 2283.514799][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 2283.521198][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 2283.552797][T29138] delete_channel: no stack
[ 2288.166482][T29202] delete_channel: no stack
[ 2289.434020][ T5809] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[ 2289.473180][T29220] sctp: [Deprecated]: syz.3.7083 (pid 29220) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2289.473180][T29220] Use struct sctp_sack_info instead
[ 2289.994985][ T5809] usb 5-1: device descriptor read/64, error -71
[ 2290.162358][T29229] ERROR: device name not specified.
[ 2290.400279][T29226] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7085'.
[ 2290.474160][ T5809] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[ 2290.673267][ T5809] usb 5-1: device descriptor read/64, error -71
[ 2290.806104][ T5809] usb usb5-port1: attempt power cycle
[ 2294.868345][T29249] delete_channel: no stack
[ 2297.326811][T29288] netlink: 40 bytes leftover after parsing attributes in process `syz.1.7101'.
[ 2297.349015][T29288] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 2301.604263][T29322] ubi: mtd0 is already attached to ubi31
[ 2306.004600][ T5809] usb 4-1: new full-speed USB device number 42 using dummy_hcd
[ 2306.303602][ T5809] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2306.353714][ T5809] usb 4-1: New USB device found, idVendor=0572, idProduct=0041, bcdDevice=70.54
[ 2306.364123][ T5809] usb 4-1: New USB device strings: Mfr=1, Product=34, SerialNumber=7
[ 2306.372552][ T5809] usb 4-1: Product: syz
[ 2306.377240][ T5809] usb 4-1: Manufacturer: syz
[ 2306.382345][ T5809] usb 4-1: SerialNumber: syz
[ 2306.544508][ T5809] usb 4-1: config 0 descriptor??
[ 2306.746569][ T5809] gspca_main: conex-2.14.0 probing 0572:0041
[ 2307.037903][T29334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2307.098509][T29334] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2307.472861][ T5809] usb 4-1: USB disconnect, device number 42
[ 2308.064081][ T5809] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[ 2308.293840][ T5809] usb 2-1: Using ep0 maxpacket: 32
[ 2308.336299][ T5809] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2308.363251][ T5809] usb 2-1: config 0 has no interfaces?
[ 2308.377341][ T5809] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2308.393720][ T5809] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2308.402116][ T5809] usb 2-1: Product: syz
[ 2308.453634][ T5809] usb 2-1: Manufacturer: syz
[ 2308.458282][ T5809] usb 2-1: SerialNumber: syz
[ 2308.505354][ T5809] usb 2-1: config 0 descriptor??
[ 2308.833973][T13444] Bluetooth: hci0: link tx timeout
[ 2308.839266][T13444] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[ 2309.031922][T13444] Bluetooth: hci0: link tx timeout
[ 2309.038602][T13444] Bluetooth: hci0: killing stalled connection 10:aa:aa:aa:aa:aa
[ 2309.154635][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2309.278810][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2309.291816][T27536] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 2309.305427][T27536] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 2309.316316][T27536] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 2309.329687][T27536] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 2309.339493][T27536] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 2309.348085][T27536] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 2309.406063][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2309.428676][T29370] delete_channel: no stack
[ 2309.602005][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2310.353016][T29394] netlink: 'syz.0.7128': attribute type 3 has an invalid length.
[ 2310.450356][T29377] chnl_net:caif_netlink_parms(): no params data found
[ 2311.033695][ T5809] usb 2-1: USB disconnect, device number 117
[ 2311.107539][T13444] Bluetooth: hci0: command 0x0406 tx timeout
[ 2311.424293][T27526] Bluetooth: hci1: command tx timeout
[ 2311.578677][ T5809] usb 2-1: new full-speed USB device number 118 using dummy_hcd
[ 2311.849830][ T5809] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2311.874714][ T5809] usb 2-1: New USB device found, idVendor=0572, idProduct=0041, bcdDevice=70.54
[ 2311.896644][ T5809] usb 2-1: New USB device strings: Mfr=1, Product=34, SerialNumber=7
[ 2311.939342][ T5809] usb 2-1: Product: syz
[ 2311.973723][ T5809] usb 2-1: Manufacturer: syz
[ 2311.978355][ T5809] usb 2-1: SerialNumber: syz
[ 2311.985693][ T5809] usb 2-1: config 0 descriptor??
[ 2312.007447][ T5809] gspca_main: conex-2.14.0 probing 0572:0041
[ 2312.134085][T29377] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2312.151568][T29377] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2312.173943][T29377] bridge_slave_0: entered allmulticast mode
[ 2312.195772][T29377] bridge_slave_0: entered promiscuous mode
[ 2312.686055][T29377] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2312.687178][T29401] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2312.693209][T29377] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2312.741988][T29401] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2312.766142][T29411] delete_channel: no stack
[ 2312.809404][T29377] bridge_slave_1: entered allmulticast mode
[ 2312.843357][T29377] bridge_slave_1: entered promiscuous mode
[ 2312.858052][ T5833] usb 2-1: USB disconnect, device number 118
[ 2314.245678][T13444] Bluetooth: hci1: command tx timeout
[ 2314.275366][T29377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2314.708293][T29244] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[ 2315.058309][T29377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2315.154188][T29244] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2315.252812][T29244] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2315.324879][T29244] usb 2-1: Product: syz
[ 2315.329107][T29244] usb 2-1: Manufacturer: syz
[ 2315.363131][T29244] usb 2-1: SerialNumber: syz
[ 2315.400924][T29244] usb 2-1: config 0 descriptor??
[ 2315.554573][T29377] team0: Port device team_slave_0 added
[ 2315.569682][T29377] team0: Port device team_slave_1 added
[ 2315.818663][T29377] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2315.849634][T29377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2315.934836][T29377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2315.961714][T29377] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2315.978666][T29377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2316.020211][T29377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2316.305478][T13444] Bluetooth: hci1: command tx timeout
[ 2316.747106][T29244] usb 2-1: Firmware version (0.0) predates our first public release.
[ 2316.764017][T29244] usb 2-1: Please update to version 0.2 or newer
[ 2316.876826][T29377] hsr_slave_0: entered promiscuous mode
[ 2316.902201][T29377] hsr_slave_1: entered promiscuous mode
[ 2316.922402][T29244] usb 2-1: USB disconnect, device number 119
[ 2316.928622][T29377] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2316.941955][T29377] Cannot create hsr debugfs directory
[ 2317.913090][T29465] sctp: [Deprecated]: syz.1.7142 (pid 29465) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2317.913090][T29465] Use struct sctp_sack_info instead
[ 2319.472179][T13444] Bluetooth: hci1: command tx timeout
[ 2319.524630][   T12] hsr_slave_0: left promiscuous mode
[ 2319.593782][   T12] hsr_slave_1: left promiscuous mode
[ 2319.634490][T29477] netlink: 'syz.3.7144': attribute type 3 has an invalid length.
[ 2319.673860][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2319.701724][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2319.745680][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2320.041448][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2320.154238][   T12] bridge_slave_1: left allmulticast mode
[ 2320.170089][   T12] bridge_slave_1: left promiscuous mode
[ 2320.204541][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2320.247182][   T12] bridge_slave_0: left allmulticast mode
[ 2320.291948][   T12] bridge_slave_0: left promiscuous mode
[ 2320.318373][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2320.396747][   T12] veth1_macvtap: left promiscuous mode
[ 2320.402870][   T12] veth0_macvtap: left promiscuous mode
[ 2320.421498][   T12] veth1_vlan: left promiscuous mode
[ 2320.436032][   T12] veth0_vlan: left promiscuous mode
[ 2322.331736][   T12] team0 (unregistering): Port device team_slave_1 removed
[ 2322.462887][   T12] team0 (unregistering): Port device team_slave_0 removed
[ 2322.587157][   T12] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2322.715784][   T12] .` (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2323.595264][   T12] .` (unregistering): Released all slaves
[ 2326.355548][T29377] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2326.414145][T29377] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2327.699641][T29377] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2327.744558][T29377] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2328.138432][T29377] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2328.163971][T29377] 8021q: adding VLAN 0 to HW filter on device team0
[ 2328.190530][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2328.197718][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2328.397120][T27551] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2328.404258][T27551] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2328.688741][T29377] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2330.176153][T29377] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2330.814577][T29567] sctp: [Deprecated]: syz.3.7154 (pid 29567) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2330.814577][T29567] Use struct sctp_sack_info instead
[ 2331.287143][T29573] sg_write: data in/out 360476/2 bytes for SCSI command 0xc2-- guessing data in;
[ 2331.287143][T29573]    program syz.3.7161 not setting count and/or reply_len properly
[ 2331.594255][  T966] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 2331.666580][T29377] veth0_vlan: entered promiscuous mode
[ 2331.698254][T29377] veth1_vlan: entered promiscuous mode
[ 2331.771020][T29377] veth0_macvtap: entered promiscuous mode
[ 2331.793380][T29377] veth1_macvtap: entered promiscuous mode
[ 2331.804137][  T966] usb 4-1: Using ep0 maxpacket: 32
[ 2331.812599][  T966] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xA6, skipping
[ 2331.846751][  T966] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[ 2331.862696][T29377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2331.881519][  T966] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[ 2331.893222][T29377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2331.911474][T29377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2331.923097][T29377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2331.942104][  T966] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 2331.953076][  T966] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2331.961598][T29377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2331.978625][  T966] usb 4-1: Product: syz
[ 2331.983153][T29377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2332.002205][  T966] usb 4-1: Manufacturer: syz
[ 2332.007021][  T966] usb 4-1: SerialNumber: syz
[ 2332.012283][T29377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2332.025371][  T966] usb 4-1: config 0 descriptor??
[ 2332.031082][T29377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2332.046799][T29377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2332.062265][T29377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2332.087597][T29377] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2332.119346][T29377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2332.138472][T29377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2332.149796][T29377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2332.161010][T29377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2332.177633][T29377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2332.190723][T29377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2332.220013][T29377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2332.243804][T29377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2332.269685][T29377] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2332.288808][T29377] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2332.301593][T29377] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2332.337133][T29377] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2332.348098][T29377] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2332.363664][T29377] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2332.382708][T29377] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2332.536315][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2333.804271][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2333.929113][T27551] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2333.965063][T27551] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2333.988188][T29601] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7164'.
[ 2334.553802][T29608] ubi: mtd0 is already attached to ubi31
[ 2336.005741][ T5833] usb 4-1: USB disconnect, device number 43
[ 2336.113306][T29612] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7165'.
[ 2337.902300][T29638] ubi: mtd0 is already attached to ubi31
[ 2341.025185][T29655] netlink: 228 bytes leftover after parsing attributes in process `syz.0.7176'.
[ 2344.565064][T29685] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7175'.
[ 2345.085813][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 2345.098244][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 2345.590881][T29703] sctp: [Deprecated]: syz.0.7183 (pid 29703) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2345.590881][T29703] Use struct sctp_sack_info instead
[ 2345.873630][T29244] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[ 2346.063847][T29244] usb 5-1: Using ep0 maxpacket: 32
[ 2346.076245][T29244] usb 5-1: config 32 has an invalid interface number: 85 but max is 0
[ 2346.096032][T29244] usb 5-1: config 32 has no interface number 0
[ 2346.125872][T29244] usb 5-1: config 32 interface 85 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2346.143818][T29244] usb 5-1: config 32 interface 85 has no altsetting 0
[ 2346.192207][T29244] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2346.212415][T29244] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2346.231693][T29244] usb 5-1: Product: syz
[ 2346.237684][T29244] usb 5-1: Manufacturer: syz
[ 2346.242426][T29244] usb 5-1: SerialNumber: syz
[ 2346.826590][T29244] appletouch 5-1:32.85: Could not find int-in endpoint
[ 2346.833862][T29244] appletouch: probe of 5-1:32.85 failed with error -5
[ 2346.841056][T29244] usbhid 5-1:32.85: couldn't find an input interrupt endpoint
[ 2348.688666][T11909] usb 5-1: USB disconnect, device number 20
[ 2348.884179][T29727] delete_channel: no stack
[ 2349.394150][T29735] netlink: 'syz.3.7181': attribute type 3 has an invalid length.
[ 2350.314809][T29753] netlink: 'syz.0.7188': attribute type 3 has an invalid length.
[ 2350.329231][T29754] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[ 2350.338954][T29754] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 2350.384389][T10560] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[ 2351.512762][T10560] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2351.708115][T10560] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 2351.903283][T10560] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2351.967517][T10560] usb 2-1: config 0 descriptor??
[ 2353.563635][ T5833] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[ 2353.669364][T10560] usb 2-1: USB disconnect, device number 120
[ 2353.745406][ T5833] usb 4-1: Using ep0 maxpacket: 32
[ 2353.773077][ T5833] usb 4-1: config 32 has an invalid interface number: 85 but max is 0
[ 2353.805951][ T5833] usb 4-1: config 32 has no interface number 0
[ 2353.857348][ T5833] usb 4-1: config 32 interface 85 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2353.999127][ T5833] usb 4-1: config 32 interface 85 has no altsetting 0
[ 2354.155445][ T5833] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2354.246653][ T5833] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2354.341753][ T5833] usb 4-1: Product: syz
[ 2354.397216][ T5833] usb 4-1: Manufacturer: syz
[ 2354.443747][ T5833] usb 4-1: SerialNumber: syz
[ 2354.614639][ T5833] appletouch 4-1:32.85: Could not find int-in endpoint
[ 2354.621530][ T5833] appletouch: probe of 4-1:32.85 failed with error -5
[ 2354.637150][ T5833] usbhid 4-1:32.85: couldn't find an input interrupt endpoint
[ 2356.090626][T29788] netlink: 'syz.0.7205': attribute type 3 has an invalid length.
[ 2356.903936][T25166] usb 4-1: USB disconnect, device number 44
[ 2358.126803][T29793] [U] ø
[ 2360.539768][T29818] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7213'.
[ 2364.731708][T29843] sctp: [Deprecated]: syz.0.7221 (pid 29843) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2364.731708][T29843] Use struct sctp_sack_info instead
[ 2365.043655][T29846] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7222'.
[ 2367.163786][T10560] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[ 2367.755206][T29862] netlink: 'syz.4.7219': attribute type 3 has an invalid length.
[ 2367.864064][T10560] usb 4-1: config 0 has no interfaces?
[ 2367.872600][T10560] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2367.901146][T10560] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2367.923645][T10560] usb 4-1: Manufacturer: syz
[ 2367.934820][T10560] usb 4-1: config 0 descriptor??
[ 2368.218744][  T966] usb 4-1: USB disconnect, device number 45
[ 2370.138235][T29881] sctp: [Deprecated]: syz.4.7232 (pid 29881) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2370.138235][T29881] Use struct sctp_sack_info instead
[ 2372.977294][T29902] netlink: 'syz.1.7226': attribute type 3 has an invalid length.
[ 2374.838530][T29917] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7242'.
[ 2375.013652][T25166] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[ 2375.466320][T25166] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2375.515471][T25166] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2375.543289][T25166] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2375.583665][T25166] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2375.592285][T25166] usb 5-1: Manufacturer: syz
[ 2375.619468][T25166] usb 5-1: config 0 descriptor??
[ 2375.651419][T25166] igorplugusb 5-1:0.0: incorrect number of endpoints
[ 2376.364985][ T5833] usb 5-1: USB disconnect, device number 21
[ 2378.359950][ T5809] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[ 2378.563211][ T5809] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2378.573697][ T5809] usb 2-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[ 2378.587757][ T5809] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2378.602685][ T5809] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7
[ 2378.618577][ T5809] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024
[ 2378.699722][ T5809] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2378.756705][ T5809] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2378.773821][ T5809] usb 2-1: Product: syz
[ 2378.778132][ T5809] usb 2-1: Manufacturer: syz
[ 2378.842567][ T5809] cdc_wdm 2-1:1.0: skipping garbage
[ 2378.849445][ T5809] cdc_wdm 2-1:1.0: skipping garbage
[ 2378.864766][ T5809] cdc_wdm: probe of 2-1:1.0 failed with error -22
[ 2379.212140][ T5809] usb 2-1: USB disconnect, device number 121
[ 2382.486903][T29955] delete_channel: no stack
[ 2382.910650][T29976] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7255'.
[ 2387.436293][T29992] delete_channel: no stack
[ 2389.057697][T30015] ERROR: device name not specified.
[ 2389.345465][T30014] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7262'.
[ 2392.520048][T30028] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7273'.
[ 2392.533901][T30024] delete_channel: no stack
[ 2393.625514][T30042] sctp: [Deprecated]: syz.0.7278 (pid 30042) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2393.625514][T30042] Use struct sctp_sack_info instead
[ 2394.715163][T30051] ERROR: device name not specified.
[ 2394.734755][T30051] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7282'.
[ 2395.463909][  T966] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[ 2395.702049][  T966] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2395.713418][  T966] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2395.735727][  T966] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 2395.746398][  T966] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 2395.756735][  T966] usb 4-1: Manufacturer: syz
[ 2395.778370][  T966] usb 4-1: config 0 descriptor??
[ 2395.811084][  T966] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 2396.140530][T30057] delete_channel: no stack
[ 2397.527022][T30078] netlink: 'syz.1.7288': attribute type 4 has an invalid length.
[ 2397.535062][T30078] netlink: 152 bytes leftover after parsing attributes in process `syz.1.7288'.
[ 2397.585393][T30078] .`: renamed from bond0 (while UP)
[ 2397.813742][ T5809] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[ 2398.537860][ T5809] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2398.550280][ T5809] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2398.561038][ T5809] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2398.576177][ T5809] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2398.588969][ T5809] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2398.614750][ T5809] usb 5-1: Manufacturer: syz
[ 2398.767764][ T5809] usb 5-1: config 0 descriptor??
[ 2398.800819][ T5809] igorplugusb 5-1:0.0: incorrect number of endpoints
[ 2399.040506][ T5809] usb 5-1: USB disconnect, device number 22
[ 2399.133073][ T5833] usb 4-1: USB disconnect, device number 46
[ 2399.302663][T30093] sctp: [Deprecated]: syz.3.7292 (pid 30093) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2399.302663][T30093] Use struct sctp_sack_info instead
[ 2400.465564][T30090] delete_channel: no stack
[ 2401.843913][ T5833] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[ 2402.013700][ T5833] usb 2-1: device descriptor read/64, error -71
[ 2402.153590][ T5809] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[ 2402.273742][T25166] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[ 2402.283876][ T5833] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[ 2402.348906][ T5809] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2402.360485][ T5809] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2402.375101][ T5809] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 2402.385027][ T5809] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 2402.393042][ T5809] usb 4-1: Manufacturer: syz
[ 2402.400147][ T5809] usb 4-1: config 0 descriptor??
[ 2402.413714][ T5809] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 2402.433669][ T5833] usb 2-1: device descriptor read/64, error -71
[ 2402.463679][T25166] usb 5-1: Using ep0 maxpacket: 8
[ 2402.476880][T25166] usb 5-1: config index 0 descriptor too short (expected 30, got 18)
[ 2402.485932][T25166] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2402.497395][T25166] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 2402.508953][T25166] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 2402.518259][T25166] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2402.526311][T25166] usb 5-1: Product: syz
[ 2402.530631][T25166] usb 5-1: Manufacturer: syz
[ 2402.535271][T25166] usb 5-1: SerialNumber: syz
[ 2402.541815][T25166] usb 5-1: config 0 descriptor??
[ 2402.557913][ T5833] usb usb2-port1: attempt power cycle
[ 2402.983697][ T5833] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[ 2403.014465][ T5833] usb 2-1: device descriptor read/8, error -71
[ 2403.283636][ T5833] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[ 2403.314489][ T5833] usb 2-1: device descriptor read/8, error -71
[ 2403.434741][ T5833] usb usb2-port1: unable to enumerate USB device
[ 2405.635432][T29127] usb 5-1: USB disconnect, device number 23
[ 2405.672580][ T5809] usb 4-1: USB disconnect, device number 47
[ 2406.233785][T30144] netlink: 'syz.4.7306': attribute type 3 has an invalid length.
[ 2406.412868][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 2406.419667][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 2406.713709][T25166] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[ 2406.995685][T25166] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2407.014172][T25166] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2407.025495][T25166] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2407.405222][T30152] sctp: [Deprecated]: syz.4.7310 (pid 30152) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2407.405222][T30152] Use struct sctp_sack_info instead
[ 2407.425440][T25166] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2407.440240][T25166] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2407.493715][T25166] usb 4-1: Manufacturer: syz
[ 2407.564491][T25166] usb 4-1: config 0 descriptor??
[ 2407.576772][T25166] igorplugusb 4-1:0.0: incorrect number of endpoints
[ 2407.798281][T25166] usb 4-1: USB disconnect, device number 48
[ 2408.113837][T27865] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[ 2408.344112][T27865] usb 5-1: device descriptor read/64, error -71
[ 2408.731512][T27865] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[ 2410.104385][T27865] usb 5-1: device descriptor read/64, error -71
[ 2410.260119][T27865] usb usb5-port1: attempt power cycle
[ 2410.733812][T27865] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[ 2410.866093][T27865] usb 5-1: device descriptor read/8, error -71
[ 2412.556322][ T5833] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[ 2413.144831][ T5833] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2413.206584][ T5833] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2413.386672][ T5833] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2413.480195][ T5833] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2413.578324][ T5833] usb 2-1: Manufacturer: syz
[ 2413.647672][ T5833] usb 2-1: config 0 descriptor??
[ 2413.692946][ T5833] igorplugusb 2-1:0.0: incorrect number of endpoints
[ 2414.212954][T10560] usb 2-1: USB disconnect, device number 126
[ 2416.363856][ T5833] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[ 2416.563745][ T5833] usb 5-1: device descriptor read/64, error -71
[ 2416.947365][ T5833] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[ 2417.133594][ T5833] usb 5-1: device descriptor read/64, error -71
[ 2418.003653][ T5833] usb usb5-port1: attempt power cycle
[ 2418.667976][T30238] sctp: [Deprecated]: syz.3.7338 (pid 30238) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2418.667976][T30238] Use struct sctp_sack_info instead
[ 2418.914580][    T9] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[ 2419.245696][    T9] usb 2-1: Using ep0 maxpacket: 32
[ 2419.261237][    T9] usb 2-1: config 32 has an invalid interface number: 85 but max is 0
[ 2419.386045][    T9] usb 2-1: config 32 has no interface number 0
[ 2419.392261][    T9] usb 2-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2419.408389][    T9] usb 2-1: config 32 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2419.428631][    T9] usb 2-1: config 32 interface 85 has no altsetting 0
[ 2419.458675][    T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2419.470943][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2419.480179][    T9] usb 2-1: Product: syz
[ 2419.484677][    T9] usb 2-1: Manufacturer: syz
[ 2419.489267][    T9] usb 2-1: SerialNumber: syz
[ 2420.890214][    T9] appletouch 2-1:32.85: Geyser mode initialized.
[ 2420.905385][    T9] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:32.85/input/input38
[ 2421.014716][ T5809] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[ 2421.105027][T25166] usb 2-1: USB disconnect, device number 127
[ 2421.132264][T25166] appletouch 2-1:32.85: input: appletouch disconnected
[ 2421.199748][ T5809] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2421.210530][ T5809] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 2421.220898][ T5809] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2421.235342][ T5809] usb 5-1: config 0 descriptor??
[ 2421.299616][T30253] netlink: 'syz.3.7343': attribute type 3 has an invalid length.
[ 2421.433896][T30256] ERROR: device name not specified.
[ 2421.445751][T30256] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7344'.
[ 2422.187456][    T9] usb 5-1: USB disconnect, device number 31
[ 2425.630440][T30282] netlink: 'syz.0.7352': attribute type 3 has an invalid length.
[ 2425.923795][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 2426.185609][    T9] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2426.281005][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2426.510392][    T9] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2426.607470][    T9] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2426.633629][    T9] usb 2-1: Manufacturer: syz
[ 2426.654496][    T9] usb 2-1: config 0 descriptor??
[ 2426.686804][    T9] igorplugusb 2-1:0.0: incorrect number of endpoints
[ 2428.165166][T29127] usb 2-1: USB disconnect, device number 2
[ 2434.433933][T11909] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[ 2434.613961][T29127] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[ 2434.639418][T11909] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2434.665396][T11909] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 2434.683638][T11909] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 2434.693613][T11909] usb 4-1: Manufacturer: syz
[ 2434.713059][T11909] usb 4-1: config 0 descriptor??
[ 2434.721597][T11909] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 2434.813620][T29127] usb 5-1: device descriptor read/64, error -71
[ 2436.145587][T29127] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 2436.303686][T29127] usb 5-1: device descriptor read/64, error -71
[ 2436.443164][T29127] usb usb5-port1: attempt power cycle
[ 2436.450673][  T966] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[ 2436.472479][T13444] Bluetooth: hci1: link tx timeout
[ 2436.480905][T13444] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa
[ 2436.491091][T13444] Bluetooth: hci1: link tx timeout
[ 2436.496490][T13444] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[ 2436.685711][  T966] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2436.694468][  T966] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 2436.706514][  T966] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2436.715745][  T966] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2436.723883][  T966] usb 2-1: Manufacturer: syz
[ 2436.734748][  T966] usb 2-1: config 0 descriptor??
[ 2436.742820][  T966] igorplugusb 2-1:0.0: incorrect number of endpoints
[ 2436.853652][T29127] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[ 2436.884725][T29127] usb 5-1: device descriptor read/8, error -71
[ 2436.949069][T11909] usb 2-1: USB disconnect, device number 3
[ 2437.021454][    T9] usb 4-1: USB disconnect, device number 49
[ 2437.172872][T30352] netlink: 'syz.3.7371': attribute type 3 has an invalid length.
[ 2437.305350][T29127] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[ 2437.580420][T29127] usb 5-1: device descriptor read/8, error -71
[ 2437.733965][T29127] usb usb5-port1: unable to enumerate USB device
[ 2438.543881][T13444] Bluetooth: hci1: command 0x0406 tx timeout
[ 2438.645170][T30365] ERROR: device name not specified.
[ 2438.706686][T30365] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7375'.
[ 2441.580871][T13444] Bluetooth: hci1: command 0x0406 tx timeout
[ 2442.753823][  T966] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[ 2442.975273][  T966] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2442.993764][  T966] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 2443.024031][  T966] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2443.043754][  T966] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2443.052273][  T966] usb 4-1: Manufacturer: syz
[ 2443.073326][  T966] usb 4-1: config 0 descriptor??
[ 2443.098770][  T966] igorplugusb 4-1:0.0: incorrect number of endpoints
[ 2443.302595][    T9] usb 4-1: USB disconnect, device number 50
[ 2443.473586][  T966] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 2443.656625][  T966] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2443.667926][  T966] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 2443.677214][  T966] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2443.688100][  T966] usb 5-1: config 0 descriptor??
[ 2445.263785][T27526] Bluetooth: hci1: command 0x0406 tx timeout
[ 2445.355199][    T9] usb 5-1: USB disconnect, device number 36
[ 2447.810246][T30421] binder: 30418:30421 ioctl c0306201 200000000180 returned -14
[ 2448.971618][T11909] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[ 2449.437935][T30441] trusted_key: syz.4.7398 sent an empty control message without MSG_MORE.
[ 2450.954042][T11909] usb 4-1: device descriptor read/64, error -71
[ 2450.960557][T27536] Bluetooth: hci1: command 0x0406 tx timeout
[ 2451.023740][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[ 2451.223614][T11909] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[ 2451.245053][    T9] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2451.275594][    T9] usb 2-1: config 1 has an invalid descriptor of length 247, skipping remainder of the config
[ 2451.304006][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2451.322850][    T9] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2451.352013][    T9] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2451.375784][    T9] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2451.404144][    T9] usb 2-1: Product: syz
[ 2451.408375][    T9] usb 2-1: Manufacturer: syz
[ 2451.430595][    T9] cdc_wdm: probe of 2-1:1.0 failed with error -22
[ 2451.816881][T11909] usb 4-1: device descriptor read/64, error -71
[ 2451.980255][   T23] usb 2-1: USB disconnect, device number 4
[ 2452.013934][T11909] usb usb4-port1: attempt power cycle
[ 2452.255856][    T9] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 2452.433783][T11909] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[ 2452.443761][    T9] usb 5-1: Using ep0 maxpacket: 32
[ 2452.461144][    T9] usb 5-1: config 32 has an invalid interface number: 85 but max is 0
[ 2452.471060][    T9] usb 5-1: config 32 has no interface number 0
[ 2452.478112][    T9] usb 5-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2452.490388][T11909] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2452.499949][    T9] usb 5-1: config 32 interface 85 has no altsetting 0
[ 2452.507640][T11909] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 2452.527262][    T9] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2452.536893][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2452.545595][T11909] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2452.556035][    T9] usb 5-1: Product: syz
[ 2452.562894][T11909] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2452.571807][    T9] usb 5-1: Manufacturer: syz
[ 2452.577448][    T9] usb 5-1: SerialNumber: syz
[ 2452.582335][T11909] usb 4-1: Manufacturer: syz
[ 2452.608091][T11909] usb 4-1: config 0 descriptor??
[ 2452.634587][T11909] igorplugusb 4-1:0.0: incorrect number of endpoints
[ 2452.813415][    T9] appletouch 5-1:32.85: Failed to read mode from device.
[ 2453.092579][    T9] appletouch: probe of 5-1:32.85 failed with error -5
[ 2453.106013][  T786] usb 4-1: USB disconnect, device number 53
[ 2453.862042][T30482] ERROR: device name not specified.
[ 2455.316797][T27526] Bluetooth: hci1: command 0x0406 tx timeout
[ 2455.547092][    T9] usb 5-1: USB disconnect, device number 37
[ 2456.244625][    T9] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 2456.537624][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2456.715918][    T9] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 2456.783850][    T9] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 2456.817765][    T9] usb 5-1: Manufacturer: syz
[ 2456.921417][    T9] usb 5-1: config 0 descriptor??
[ 2456.964890][    T9] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[ 2459.336705][T27536] Bluetooth: hci1: command 0x0406 tx timeout
[ 2459.337415][    T9] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[ 2459.416562][T27865] usb 5-1: USB disconnect, device number 38
[ 2459.544961][    T9] usb 4-1: no configurations
[ 2459.549615][    T9] usb 4-1: can't read configurations, error -22
[ 2459.639135][T30529] ERROR: device name not specified.
[ 2459.809010][    T9] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[ 2460.057667][    T9] usb 4-1: no configurations
[ 2460.062308][    T9] usb 4-1: can't read configurations, error -22
[ 2460.068823][    T9] usb usb4-port1: attempt power cycle
[ 2460.469504][T10560] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[ 2460.488908][    T9] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[ 2460.618698][    T9] usb 4-1: no configurations
[ 2460.623716][    T9] usb 4-1: can't read configurations, error -22
[ 2460.779115][    T9] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[ 2460.797959][T10560] usb 2-1: Using ep0 maxpacket: 32
[ 2460.857629][T10560] usb 2-1: config 32 has an invalid interface number: 85 but max is 0
[ 2460.869866][    T9] usb 4-1: no configurations
[ 2460.876377][    T9] usb 4-1: can't read configurations, error -22
[ 2460.883314][T10560] usb 2-1: config 32 has no interface number 0
[ 2460.896412][    T9] usb usb4-port1: unable to enumerate USB device
[ 2460.903005][T10560] usb 2-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2460.949179][T10560] usb 2-1: config 32 interface 85 has no altsetting 0
[ 2461.015882][T10560] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2461.079325][T10560] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2461.281866][T10560] usb 2-1: Product: syz
[ 2461.314582][T10560] usb 2-1: Manufacturer: syz
[ 2461.347150][T10560] usb 2-1: SerialNumber: syz
[ 2461.685146][T10560] appletouch 2-1:32.85: Failed to read mode from device.
[ 2461.696905][T10560] appletouch: probe of 2-1:32.85 failed with error -5
[ 2463.983338][T27536] Bluetooth: hci1: command 0x0406 tx timeout
[ 2464.106652][T10560] usb 2-1: USB disconnect, device number 5
[ 2467.325178][T30583] ERROR: device name not specified.
[ 2467.831245][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 2467.838103][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 2467.844659][T29127] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[ 2468.057323][T29127] usb 4-1: Using ep0 maxpacket: 32
[ 2469.234385][T29127] usb 4-1: config 32 has an invalid interface number: 85 but max is 0
[ 2469.242629][T29127] usb 4-1: config 32 has no interface number 0
[ 2469.263559][T29127] usb 4-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2469.283552][T29127] usb 4-1: config 32 interface 85 has no altsetting 0
[ 2469.298256][T29127] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2469.318730][T29127] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2469.339085][T29127] usb 4-1: Product: syz
[ 2469.343287][T29127] usb 4-1: Manufacturer: syz
[ 2469.361994][T30594] ip6t_srh: unknown srh match flags  4000
[ 2469.368028][T29127] usb 4-1: SerialNumber: syz
[ 2469.589524][T29127] appletouch 4-1:32.85: Failed to read mode from device.
[ 2469.897726][T29127] appletouch: probe of 4-1:32.85 failed with error -5
[ 2471.891985][T29127] usb 4-1: USB disconnect, device number 58
[ 2472.443637][   T23] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[ 2472.552142][T30613] ERROR: device name not specified.
[ 2472.743947][   T23] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2472.753888][   T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2472.771224][   T23] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2472.780728][   T23] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2472.804067][   T23] usb 4-1: Manufacturer: syz
[ 2472.920174][   T23] usb 4-1: config 0 descriptor??
[ 2473.037713][   T23] rc_core: IR keymap rc-hauppauge not found
[ 2473.053853][   T23] Registered IR keymap rc-empty
[ 2473.072557][   T23] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[ 2473.100292][   T23] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input44
[ 2473.217726][   T23] usb 4-1: USB disconnect, device number 59
[ 2474.333596][T30485] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[ 2474.720849][T30485] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2474.805830][T30485] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2475.034606][T30485] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2475.066022][T30485] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2475.143809][T30485] usb 2-1: Manufacturer: syz
[ 2475.934591][T30485] usb 2-1: config 0 descriptor??
[ 2476.244032][T30485] rc_core: IR keymap rc-hauppauge not found
[ 2476.249972][T30485] Registered IR keymap rc-empty
[ 2476.311413][T30485] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 2476.314023][  T966] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 2476.362000][T30485] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input45
[ 2476.450307][T30485] usb 2-1: USB disconnect, device number 6
[ 2476.562862][  T966] usb 5-1: Using ep0 maxpacket: 32
[ 2476.605219][  T966] usb 5-1: config 32 has an invalid interface number: 85 but max is 0
[ 2476.613450][  T966] usb 5-1: config 32 has no interface number 0
[ 2476.658273][  T966] usb 5-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2476.805811][  T966] usb 5-1: config 32 interface 85 has no altsetting 0
[ 2477.148239][  T966] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2477.203555][  T966] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2477.243715][  T966] usb 5-1: Product: syz
[ 2477.247936][  T966] usb 5-1: Manufacturer: syz
[ 2477.252557][  T966] usb 5-1: SerialNumber: syz
[ 2477.539392][  T966] appletouch 5-1:32.85: Failed to read mode from device.
[ 2477.560473][  T966] appletouch: probe of 5-1:32.85 failed with error -5
[ 2481.713803][  T966] usb 5-1: USB disconnect, device number 39
[ 2482.973842][  T966] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[ 2483.165992][T30678] binder: BINDER_SET_CONTEXT_MGR already set
[ 2483.175089][T30678] binder: 30677:30678 ioctl 4018620d 200000004a80 returned -16
[ 2483.240781][  T966] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2483.250888][  T966] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2483.267145][T27536] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2483.280652][T27536] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2483.291533][T27536] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2483.301364][  T966] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2483.311144][  T966] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2483.319593][  T966] usb 5-1: Manufacturer: syz
[ 2483.324747][T27536] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2483.333031][T27536] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 2483.342967][  T966] usb 5-1: config 0 descriptor??
[ 2483.348323][T27536] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2483.453744][  T966] rc_core: IR keymap rc-hauppauge not found
[ 2483.466932][  T966] Registered IR keymap rc-empty
[ 2483.483650][  T966] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[ 2483.505047][  T966] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input47
[ 2483.625202][T25166] usb 5-1: USB disconnect, device number 40
[ 2483.691674][T30679] chnl_net:caif_netlink_parms(): no params data found
[ 2484.218683][T30679] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2484.228229][T30679] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2484.239306][T30679] bridge_slave_0: entered allmulticast mode
[ 2484.250056][T30679] bridge_slave_0: entered promiscuous mode
[ 2484.259638][T30679] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2484.269226][T30679] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2484.277049][T30679] bridge_slave_1: entered allmulticast mode
[ 2484.285231][T30679] bridge_slave_1: entered promiscuous mode
[ 2484.361457][T30679] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2484.376456][T30679] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2485.238984][T30702] netlink: 'syz.1.7469': attribute type 3 has an invalid length.
[ 2485.424424][T27526] Bluetooth: hci2: command tx timeout
[ 2486.423810][T30679] team0: Port device team_slave_0 added
[ 2487.503671][T27526] Bluetooth: hci2: command tx timeout
[ 2487.645084][T30679] team0: Port device team_slave_1 added
[ 2487.851170][T30679] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2487.874709][T30679] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2487.909078][T30679] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2487.958257][T30679] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2487.965864][T30679] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2488.000516][T30679] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2488.144965][T30679] hsr_slave_0: entered promiscuous mode
[ 2488.153691][T10560] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[ 2488.164835][T30679] hsr_slave_1: entered promiscuous mode
[ 2488.171581][T30679] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2488.179991][T30679] Cannot create hsr debugfs directory
[ 2488.356877][T10560] usb 5-1: Using ep0 maxpacket: 32
[ 2488.374756][T10560] usb 5-1: config 32 has an invalid interface number: 85 but max is 0
[ 2488.391201][T10560] usb 5-1: config 32 has no interface number 0
[ 2488.410350][T10560] usb 5-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2488.433770][T10560] usb 5-1: config 32 interface 85 has no altsetting 0
[ 2488.443064][T10560] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2488.453920][T10560] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2488.461935][T10560] usb 5-1: Product: syz
[ 2488.490547][T29652] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2488.494091][T10560] usb 5-1: Manufacturer: syz
[ 2488.532584][T10560] usb 5-1: SerialNumber: syz
[ 2488.669708][T29652] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2488.793637][T10560] appletouch 5-1:32.85: Failed to read mode from device.
[ 2488.801303][T10560] appletouch: probe of 5-1:32.85 failed with error -5
[ 2489.599974][T27526] Bluetooth: hci2: command tx timeout
[ 2489.711509][T29652] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2489.803391][T29652] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2489.943667][T30485] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[ 2490.157940][T30485] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2490.178680][T30485] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2490.244802][T30485] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2490.275828][T30485] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2490.320908][T30485] usb 4-1: Manufacturer: syz
[ 2490.371399][T30485] usb 4-1: config 0 descriptor??
[ 2490.553827][T30485] rc_core: IR keymap rc-hauppauge not found
[ 2490.563686][T30485] Registered IR keymap rc-empty
[ 2490.581259][T30485] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[ 2490.662424][T30485] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input49
[ 2490.755998][T30485] usb 4-1: USB disconnect, device number 60
[ 2491.075782][T10560] usb 5-1: USB disconnect, device number 41
[ 2491.188917][T30747] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7478'.
[ 2491.675358][T27536] Bluetooth: hci2: command tx timeout
[ 2492.161955][T30679] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 2493.381190][T30679] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 2494.034909][T30679] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 2494.248628][T30768] netlink: 'syz.4.7481': attribute type 3 has an invalid length.
[ 2494.270706][T30679] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 2494.533620][T27865] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[ 2495.076092][T27865] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2495.087565][T27865] usb 4-1: config 1 has an invalid descriptor of length 56, skipping remainder of the config
[ 2495.126006][T27865] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2495.167041][T27865] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2495.215919][T27865] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2495.247392][T27865] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2495.257884][T27865] usb 4-1: Product: syz
[ 2495.263954][T27865] usb 4-1: Manufacturer: syz
[ 2495.297943][T27865] cdc_wdm 4-1:1.0: skipping garbage
[ 2495.313215][T27865] cdc_wdm: probe of 4-1:1.0 failed with error -22
[ 2495.544277][T29652] hsr_slave_0: left promiscuous mode
[ 2495.557220][T29127] usb 4-1: USB disconnect, device number 61
[ 2495.582902][T29652] hsr_slave_1: left promiscuous mode
[ 2495.608663][T29652] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2495.616807][T29652] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2495.636864][T29652] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2495.644672][T29652] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2495.704839][T29652] veth1_macvtap: left promiscuous mode
[ 2495.710371][T29652] veth0_macvtap: left promiscuous mode
[ 2495.723694][T10560] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[ 2495.738161][T29652] veth1_vlan: left promiscuous mode
[ 2495.748662][T29652] veth0_vlan: left promiscuous mode
[ 2495.925980][T10560] usb 2-1: Using ep0 maxpacket: 32
[ 2495.943190][T10560] usb 2-1: config 32 has an invalid interface number: 85 but max is 0
[ 2495.984046][T10560] usb 2-1: config 32 has no interface number 0
[ 2495.990761][T10560] usb 2-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2496.016461][T10560] usb 2-1: config 32 interface 85 has no altsetting 0
[ 2496.039913][T10560] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2496.093666][T10560] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2496.110541][T10560] usb 2-1: Product: syz
[ 2496.119419][T10560] usb 2-1: Manufacturer: syz
[ 2496.142004][T10560] usb 2-1: SerialNumber: syz
[ 2496.483719][T27865] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[ 2496.677152][T10560] appletouch 2-1:32.85: Failed to read mode from device.
[ 2496.684867][T27865] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[ 2496.685765][T10560] appletouch: probe of 2-1:32.85 failed with error -5
[ 2496.713054][T27865] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2496.776277][T27865] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 2496.818100][T27865] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 2496.844761][T27865] usb 4-1: Manufacturer: syz
[ 2496.893274][T27865] usb 4-1: config 0 descriptor??
[ 2497.056639][T27865] rc_core: IR keymap rc-hauppauge not found
[ 2497.062607][T27865] Registered IR keymap rc-empty
[ 2497.077404][T27865] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[ 2497.136592][T27865] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input51
[ 2497.247838][T27865] usb 4-1: USB disconnect, device number 62
[ 2500.747085][T10560] usb 2-1: USB disconnect, device number 7
[ 2500.771879][T30713] udevd[30713]: setting owner of /dev/bus/usb/002/007 to uid=0, gid=0 failed: No such file or directory
[ 2501.132271][T30823] sctp: [Deprecated]: syz.3.7493 (pid 30823) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2501.132271][T30823] Use struct sctp_sack_info instead
[ 2501.425637][T27865] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 2501.674586][T27865] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2501.687051][T27865] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 2501.713626][T27865] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2501.745328][T27865] usb 5-1: config 0 descriptor??
[ 2501.834669][T29652] team0 (unregistering): Port device team_slave_1 removed
[ 2502.058598][T29652] team0 (unregistering): Port device team_slave_0 removed
[ 2502.134073][T27865] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[ 2502.341126][T27865] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2502.413046][T30830] netlink: 48 bytes leftover after parsing attributes in process `syz.4.7494'.
[ 2502.507694][T27865] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2502.521505][T27865] usb 4-1: Product: syz
[ 2502.526376][T27865] usb 4-1: Manufacturer: syz
[ 2502.531218][T27865] usb 4-1: SerialNumber: syz
[ 2502.539442][T27865] usb 4-1: config 0 descriptor??
[ 2502.706247][T27865] usb 5-1: USB disconnect, device number 42
[ 2502.727201][T29652] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2502.816084][T29652] .` (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2503.996018][T30845] TCP: TCP_TX_DELAY enabled
[ 2504.253643][T10560] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[ 2504.348556][T29652] .` (unregistering): Released all slaves
[ 2504.440505][T30679] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2504.453873][T10560] usb 5-1: Using ep0 maxpacket: 32
[ 2504.479757][T10560] usb 5-1: config 32 has an invalid interface number: 85 but max is 0
[ 2504.492645][T30679] 8021q: adding VLAN 0 to HW filter on device team0
[ 2504.541283][T23787] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2504.548442][T23787] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2504.556592][T10560] usb 5-1: config 32 has no interface number 0
[ 2504.559044][T23787] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2504.569985][T23787] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2504.614588][T10560] usb 5-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2504.638784][T10560] usb 5-1: config 32 interface 85 has no altsetting 0
[ 2504.665417][T10560] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2504.682818][T10560] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2504.707895][T10560] usb 5-1: Product: syz
[ 2504.747561][T10560] usb 5-1: Manufacturer: syz
[ 2504.755577][T30679] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2504.791887][T10560] usb 5-1: SerialNumber: syz
[ 2504.988197][  T966] usb 4-1: USB disconnect, device number 63
[ 2505.013792][T10560] appletouch 5-1:32.85: Failed to read mode from device.
[ 2505.021022][T10560] appletouch: probe of 5-1:32.85 failed with error -5
[ 2508.013757][T10560] usb 5-1: USB disconnect, device number 43
[ 2508.307368][T30864] ERROR: device name not specified.
[ 2508.604999][T30679] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2508.719024][T30679] veth0_vlan: entered promiscuous mode
[ 2508.753184][T30679] veth1_vlan: entered promiscuous mode
[ 2508.776974][T30867] sctp: [Deprecated]: syz.1.7503 (pid 30867) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2508.776974][T30867] Use struct sctp_sack_info instead
[ 2508.841282][T30871] sctp: [Deprecated]: syz.4.7505 (pid 30871) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2508.841282][T30871] Use struct sctp_sack_info instead
[ 2508.870931][T30679] veth0_macvtap: entered promiscuous mode
[ 2508.881915][T30679] veth1_macvtap: entered promiscuous mode
[ 2509.321999][T30679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2509.354264][T30679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2509.382691][T30679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2509.394734][T30679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2509.405241][T30679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2509.416107][T30679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2509.426252][T30679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2509.436966][T30679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2509.447229][T30679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2509.458422][T30679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2509.499421][T30679] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2509.592155][T30679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2509.606270][T30679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2509.616753][T30679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2509.916695][T30679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2509.932718][T30679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2510.266346][T30679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2510.314758][  T966] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[ 2510.440389][T30679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2510.473905][T30679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2510.493804][T30679] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2510.510080][T30679] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2510.549210][T30679] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2510.631392][T30679] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2510.652217][  T966] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2510.682183][T30679] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2510.691502][  T966] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2510.714250][T30679] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2510.735990][  T966] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 2510.750664][T30679] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2510.763526][  T966] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 2510.790280][  T966] usb 5-1: Manufacturer: syz
[ 2510.907602][  T966] usb 5-1: config 0 descriptor??
[ 2511.043047][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2511.092555][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2511.156044][T15486] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2511.178157][T15486] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2511.336497][  T966] usbhid 5-1:0.0: can't add hid device: -71
[ 2511.352662][   T23] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[ 2511.373743][  T966] usbhid: probe of 5-1:0.0 failed with error -71
[ 2511.398411][  T966] usb 5-1: USB disconnect, device number 44
[ 2511.573839][   T23] usb 2-1: Using ep0 maxpacket: 32
[ 2511.707162][   T23] usb 2-1: config 32 has an invalid interface number: 85 but max is 0
[ 2511.719452][   T23] usb 2-1: config 32 has no interface number 0
[ 2511.730828][   T23] usb 2-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2511.744267][   T23] usb 2-1: config 32 interface 85 has no altsetting 0
[ 2511.754906][   T23] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2511.773767][   T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2511.822817][   T23] usb 2-1: Product: syz
[ 2511.832966][   T23] usb 2-1: Manufacturer: syz
[ 2511.862794][   T23] usb 2-1: SerialNumber: syz
[ 2512.052414][T30893] ERROR: device name not specified.
[ 2512.127359][   T23] appletouch 2-1:32.85: Failed to read mode from device.
[ 2512.137243][   T23] appletouch: probe of 2-1:32.85 failed with error -5
[ 2512.777277][T30901] sctp: [Deprecated]: syz.0.7513 (pid 30901) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2512.777277][T30901] Use struct sctp_sack_info instead
[ 2513.596507][T27526] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2513.608822][T27526] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2513.618004][T27526] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2513.627006][T27526] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2513.637223][T27526] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 2513.645900][T27526] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2514.133733][   T23] usb 2-1: USB disconnect, device number 8
[ 2514.360390][T30909] chnl_net:caif_netlink_parms(): no params data found
[ 2514.581403][T30909] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2514.600622][T30909] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2514.621109][T30909] bridge_slave_0: entered allmulticast mode
[ 2514.636137][T30909] bridge_slave_0: entered promiscuous mode
[ 2514.644874][T30909] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2514.652115][T30909] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2514.663708][T30909] bridge_slave_1: entered allmulticast mode
[ 2514.672396][T30909] bridge_slave_1: entered promiscuous mode
[ 2514.716266][T30909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2514.729618][T30909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2514.771345][T30909] team0: Port device team_slave_0 added
[ 2514.779107][T30909] team0: Port device team_slave_1 added
[ 2514.807420][T30909] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2514.815638][T30909] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2514.841789][T30909] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2514.854167][T30909] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2514.861148][T30909] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2514.888671][T30909] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2514.930856][T30909] hsr_slave_0: entered promiscuous mode
[ 2514.937260][T30909] hsr_slave_1: entered promiscuous mode
[ 2514.943405][T30909] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2514.951235][T30909] Cannot create hsr debugfs directory
[ 2515.033968][T30485] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 2515.100435][T30909] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2515.207685][T30909] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2515.243175][T30485] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2515.263174][T30485] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2515.277768][T30926] netlink: 'syz.1.7519': attribute type 3 has an invalid length.
[ 2515.288111][T30485] usb 5-1: Product: syz
[ 2515.292325][T30485] usb 5-1: Manufacturer: syz
[ 2515.308675][T30485] usb 5-1: SerialNumber: syz
[ 2515.332063][T30485] usb 5-1: config 0 descriptor??
[ 2515.348621][T30909] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2515.500685][T30909] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2515.743749][T27526] Bluetooth: hci4: command tx timeout
[ 2515.817001][T30909] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2515.868576][T30909] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2515.887849][T30909] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2515.905426][T30909] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2516.091918][T30909] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2516.137829][T30909] 8021q: adding VLAN 0 to HW filter on device team0
[ 2516.167906][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2516.175095][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2516.216680][T21912] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2516.223875][T21912] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2516.567048][T30932] ERROR: device name not specified.
[ 2516.936631][T30939] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7521'.
[ 2516.954697][T30909] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2516.990055][T30941] sctp: [Deprecated]: syz.1.7522 (pid 30941) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2516.990055][T30941] Use struct sctp_sack_info instead
[ 2517.497699][T30909] veth0_vlan: entered promiscuous mode
[ 2517.825129][T27526] Bluetooth: hci4: command tx timeout
[ 2517.968104][T30909] veth1_vlan: entered promiscuous mode
[ 2518.029892][  T966] usb 5-1: USB disconnect, device number 45
[ 2518.036443][T30909] veth0_macvtap: entered promiscuous mode
[ 2518.115886][T30909] veth1_macvtap: entered promiscuous mode
[ 2518.141553][T30909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2518.161695][T30909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2518.182126][T30909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2518.200056][T30909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2518.214978][T30909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2518.230405][T30957] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7525'.
[ 2518.239925][T30909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2518.253773][T30909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2518.265048][T30909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2518.275427][T30909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2518.289991][T30909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2518.307298][T30909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2518.321623][T30909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2518.353586][T10560] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[ 2518.395211][T30909] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2518.453891][T30909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2518.479658][T30909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2518.493984][T30909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2518.506370][T30909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2518.519960][T30909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2518.530926][T30909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2518.550402][T30909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2518.553692][T10560] usb 2-1: Using ep0 maxpacket: 32
[ 2518.561340][T30909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2518.586441][T30909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2518.599082][T30909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2518.617456][T30909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2518.638497][T10560] usb 2-1: config 32 has an invalid interface number: 85 but max is 0
[ 2518.656426][T30909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2518.668021][T10560] usb 2-1: config 32 has no interface number 0
[ 2518.677578][T30909] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2518.692840][T10560] usb 2-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2518.722605][T10560] usb 2-1: config 32 interface 85 has no altsetting 0
[ 2518.723004][T30909] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2518.732886][T10560] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2518.755561][T10560] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2518.764512][T10560] usb 2-1: Product: syz
[ 2518.765699][T30909] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2518.777806][T10560] usb 2-1: Manufacturer: syz
[ 2518.782220][T30909] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2518.782442][T10560] usb 2-1: SerialNumber: syz
[ 2518.794910][T30909] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2519.093202][T10560] appletouch 2-1:32.85: Failed to read mode from device.
[ 2519.109200][T27551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2519.130012][T10560] appletouch: probe of 2-1:32.85 failed with error -5
[ 2519.140096][T27551] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2519.209545][ T8721] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2519.223263][ T8721] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2519.907500][T27526] Bluetooth: hci4: command tx timeout
[ 2521.993772][T27526] Bluetooth: hci4: command tx timeout
[ 2523.764316][T10560] usb 2-1: USB disconnect, device number 9
[ 2524.185884][T30990] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7536'.
[ 2524.627689][T30994] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7533'.
[ 2524.714053][   T23] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[ 2525.268444][   T23] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2526.036770][   T23] usb 4-1: config 1 has an invalid descriptor of length 49, skipping remainder of the config
[ 2526.102476][   T23] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2526.187925][   T23] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2527.026382][   T23] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2527.059394][   T23] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2527.081552][   T23] usb 4-1: Product: syz
[ 2527.097900][   T23] usb 4-1: Manufacturer: syz
[ 2527.134457][   T23] cdc_wdm 4-1:1.0: skipping garbage
[ 2527.150640][   T23] cdc_wdm 4-1:1.0: skipping garbage
[ 2527.169591][   T23] cdc_wdm: probe of 4-1:1.0 failed with error -22
[ 2527.383018][T25166] usb 4-1: USB disconnect, device number 64
[ 2529.247120][T31026] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7546'.
[ 2529.268066][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 2529.274592][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 2530.723621][T31036] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7549'.
[ 2531.123549][  T966] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[ 2532.055710][  T966] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2532.083841][  T966] usb 2-1: config 1 has an invalid descriptor of length 49, skipping remainder of the config
[ 2532.183667][  T966] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2532.231069][  T966] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2532.258097][  T966] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2532.273627][  T966] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2532.290039][  T966] usb 2-1: Product: syz
[ 2532.303369][  T966] usb 2-1: Manufacturer: syz
[ 2532.444111][  T966] cdc_wdm 2-1:1.0: skipping garbage
[ 2532.449373][  T966] cdc_wdm 2-1:1.0: skipping garbage
[ 2532.470708][  T966] cdc_wdm: probe of 2-1:1.0 failed with error -22
[ 2533.148494][T10560] usb 2-1: USB disconnect, device number 10
[ 2536.985300][T31074] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7560'.
[ 2540.283568][T11909] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[ 2540.880209][T31113] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7565'.
[ 2540.913735][T11909] usb 4-1: Using ep0 maxpacket: 32
[ 2540.923087][T11909] usb 4-1: config 32 has an invalid interface number: 85 but max is 0
[ 2540.963667][T11909] usb 4-1: config 32 has no interface number 0
[ 2541.003621][T11909] usb 4-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2541.105255][T11909] usb 4-1: config 32 interface 85 has no altsetting 0
[ 2541.114937][T11909] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2541.146856][T11909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2541.198907][T11909] usb 4-1: Product: syz
[ 2541.213406][T11909] usb 4-1: Manufacturer: syz
[ 2541.225477][T11909] usb 4-1: SerialNumber: syz
[ 2541.474077][T11909] appletouch 4-1:32.85: Failed to read mode from device.
[ 2541.493028][T11909] appletouch: probe of 4-1:32.85 failed with error -5
[ 2542.951831][T31128] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7575'.
[ 2543.855685][T11909] usb 4-1: USB disconnect, device number 65
[ 2547.059387][T31156] netlink: 'syz.1.7582': attribute type 3 has an invalid length.
[ 2547.101386][T29127] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[ 2547.622736][T29127] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 2547.636596][T29127] usb 5-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config
[ 2547.660025][T31162] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7584'.
[ 2547.686661][T29127] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 2547.697902][T29127] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2547.725161][T29127] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 2547.760996][T29127] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 2547.803667][T29127] usb 5-1: Product: syz
[ 2547.807896][T29127] usb 5-1: Manufacturer: syz
[ 2547.835573][T29127] cdc_wdm 5-1:1.0: skipping garbage
[ 2547.840800][T29127] cdc_wdm 5-1:1.0: skipping garbage
[ 2547.863679][T29127] cdc_wdm 5-1:1.0: skipping garbage
[ 2547.879181][T29127] cdc_wdm: probe of 5-1:1.0 failed with error -22
[ 2548.072651][T10560] usb 5-1: USB disconnect, device number 46
[ 2548.118084][T31169] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7586'.
[ 2548.303610][T29127] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[ 2548.783705][T29127] usb 4-1: Using ep0 maxpacket: 32
[ 2548.801017][T29127] usb 4-1: config 32 has an invalid interface number: 85 but max is 0
[ 2548.842636][T29127] usb 4-1: config 32 has no interface number 0
[ 2548.849479][T29127] usb 4-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2548.862129][T29127] usb 4-1: config 32 interface 85 has no altsetting 0
[ 2548.883400][T29127] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 2548.898980][T29127] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2548.923355][T29127] usb 4-1: Product: syz
[ 2548.929374][T29127] usb 4-1: Manufacturer: syz
[ 2548.935567][T29127] usb 4-1: SerialNumber: syz
[ 2549.000967][T31178] binder_alloc: 31177: binder_alloc_buf, no vma
[ 2550.355365][T29127] appletouch 4-1:32.85: Geyser mode initialized.
[ 2550.385826][T29127] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:32.85/input/input56
[ 2551.137198][    C0] appletouch 4-1:32.85: appletouch: OVERFLOW with data length 64, actual length is 64
[ 2551.198948][T31190] netlink: 'syz.0.7592': attribute type 3 has an invalid length.
[ 2551.754307][   T23] usb 4-1: USB disconnect, device number 66
[ 2551.754452][    C0] appletouch 4-1:32.85: atp_complete: usb_submit_urb failed with result -19
[ 2552.445677][T31194] vivid-004: disconnect
[ 2552.450629][T31193] vivid-004: reconnect
[ 2553.344748][   T23] appletouch 4-1:32.85: input: appletouch disconnected
[ 2553.640076][T31209] sctp: [Deprecated]: syz.1.7600 (pid 31209) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2553.640076][T31209] Use struct sctp_sack_info instead
[ 2554.486120][T27865] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[ 2554.674700][T31216] netlink: 'syz.1.7601': attribute type 3 has an invalid length.
[ 2554.764962][T27865] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2554.776405][T27865] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 2554.788321][T27865] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2554.816146][T27865] usb 5-1: config 0 descriptor??
[ 2555.079952][T31218] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[ 2555.103851][T31218] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 2555.201369][T31221] netlink: 48 bytes leftover after parsing attributes in process `syz.4.7597'.
[ 2555.221756][T27526] Bluetooth: hci0: unexpected event for opcode 0x1005
[ 2555.450574][T29127] usb 5-1: USB disconnect, device number 47
[ 2558.622116][T31237] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7607'.
[ 2558.673858][T31238] input: syz0 as /devices/virtual/input/input57
[ 2558.828574][T31241] sctp: [Deprecated]: syz.1.7609 (pid 31241) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2558.828574][T31241] Use struct sctp_sack_info instead
[ 2558.943970][T27526] Bluetooth: hci4: link tx timeout
[ 2558.951259][T27526] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[ 2559.869859][T31257] mkiss: ax0: crc mode is auto.
[ 2560.003706][T29127] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[ 2560.197715][T29127] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2560.213701][T29127] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 2560.237127][T29127] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2560.258050][T29127] usb 4-1: config 0 descriptor??
[ 2560.588675][T31260] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7614'.
[ 2560.765905][  T966] usb 4-1: USB disconnect, device number 67
[ 2561.023560][T27536] Bluetooth: hci4: command 0x0406 tx timeout
[ 2561.347457][T31271] sctp: [Deprecated]: syz.3.7619 (pid 31271) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2561.347457][T31271] Use struct sctp_sack_info instead
[ 2561.419178][T31273] tipc: Started in network mode
[ 2561.425524][T31273] tipc: Node identity 86902de861e9, cluster identity 4711
[ 2561.433065][T31273] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2561.472221][T31273] syzkaller0: entered promiscuous mode
[ 2561.477861][T31273] syzkaller0: entered allmulticast mode
[ 2561.484539][T31273] tipc: Resetting bearer <eth:syzkaller0>
[ 2561.499151][T31272] tipc: Resetting bearer <eth:syzkaller0>
[ 2561.553602][T10560] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[ 2561.835641][T10560] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[ 2561.870772][T10560] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[ 2562.068255][T10560] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 2562.079101][T10560] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2562.089236][T10560] usb 5-1: Product: syz
[ 2562.105904][T10560] usb 5-1: Manufacturer: syz
[ 2562.125525][T10560] usb 5-1: SerialNumber: syz
[ 2562.176646][T10560] usb 5-1: config 0 descriptor??
[ 2562.269174][T31269] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 2562.378050][T31269] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 2562.421858][T10560] usb 5-1: ucan: probing device on interface #0
[ 2562.441176][T10560] usb 5-1: ucan: invalid EP count (1)
[ 2562.446917][T10560] usb 5-1: ucan: probe failed; try to update the device firmware
[ 2564.364908][  T966] usb 5-1: USB disconnect, device number 48
[ 2565.523609][T10560] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[ 2565.743226][T10560] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2565.798621][T31298] sctp: [Deprecated]: syz.1.7628 (pid 31298) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2565.798621][T31298] Use struct sctp_sack_info instead
[ 2565.903682][T10560] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 2565.967692][T10560] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2566.100127][T10560] usb 5-1: config 0 descriptor??
[ 2567.045835][T31304] netlink: 48 bytes leftover after parsing attributes in process `syz.4.7627'.
[ 2568.440964][T25166] usb 5-1: USB disconnect, device number 49
[ 2568.629428][T31317] autofs4:pid:31317:autofs_fill_super: called with bogus options
[ 2572.503573][   T23] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[ 2572.745011][   T23] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2572.786426][   T23] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 2572.795883][   T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2572.812408][   T23] usb 5-1: config 0 descriptor??
[ 2573.003302][T31272] tipc: Disabling bearer <eth:syzkaller0>
[ 2573.070362][    T9] tipc: Node number set to 3883478504
[ 2573.141513][T31357] netlink: 48 bytes leftover after parsing attributes in process `syz.4.7643'.
[ 2573.441181][T11909] usb 5-1: USB disconnect, device number 50
[ 2574.007500][T31366] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[ 2574.416603][T31366] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 2574.454498][T27526] Bluetooth: hci0: unexpected event for opcode 0x1005
[ 2575.505173][ T5809] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[ 2575.980167][T31392] fuse: Bad value for 'fd'
[ 2576.016532][ T5809] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2576.025690][ T5809] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2576.034062][ T5809] usb 4-1: Product: syz
[ 2576.038248][ T5809] usb 4-1: Manufacturer: syz
[ 2576.043840][ T5809] usb 4-1: SerialNumber: syz
[ 2576.052113][ T5809] usb 4-1: config 0 descriptor??
[ 2576.274404][T31396] block nbd0: shutting down sockets
[ 2576.529532][ T5809] usb 4-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0)
[ 2576.690363][ T5809] usb 4-1: Firmware version (0.0) predates our first public release.
[ 2577.203553][ T5809] usb 4-1: Please update to version 0.2 or newer
[ 2577.218805][ T5809] usb 4-1: Firmware: build â
[ 2577.905337][ T5809] usb 4-1: USB disconnect, device number 68
[ 2578.420377][T31410] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[ 2578.486199][T31410] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 2578.585402][T27526] Bluetooth: hci1: unexpected event for opcode 0x1005
[ 2578.963555][T11909] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[ 2579.552024][T11909] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2579.643761][T11909] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 2579.698607][T11909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2579.774625][T11909] usb 2-1: config 0 descriptor??
[ 2580.184002][T31429] netlink: 48 bytes leftover after parsing attributes in process `syz.1.7663'.
[ 2580.743486][T11909] usb 2-1: USB disconnect, device number 11
[ 2581.068250][T31440] netlink: 'syz.3.7670': attribute type 39 has an invalid length.
[ 2582.667904][    T9] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[ 2583.198960][T31450] binder_alloc: 31449: binder_alloc_buf, no vma
[ 2583.244432][    T9] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2583.298740][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2583.359673][    T9] usb 5-1: Product: syz
[ 2583.390336][    T9] usb 5-1: Manufacturer: syz
[ 2583.430817][    T9] usb 5-1: SerialNumber: syz
[ 2583.462453][    T9] usb 5-1: config 0 descriptor??
[ 2583.994605][    T9] usb 5-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0)
[ 2584.027803][    T9] usb 5-1: Firmware version (0.0) predates our first public release.
[ 2584.103532][    T9] usb 5-1: Please update to version 0.2 or newer
[ 2584.733940][T11909] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[ 2585.344523][T11909] usb 4-1: Using ep0 maxpacket: 8
[ 2585.624770][T11909] usb 4-1: config index 0 descriptor too short (expected 30, got 18)
[ 2585.633025][T11909] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2585.703589][T11909] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 2588.334504][T11909] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 2588.393522][T11909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2588.483959][T11909] usb 4-1: config 0 descriptor??
[ 2588.513368][T11909] usb 4-1: can't set config #0, error -71
[ 2588.553401][T11909] usb 4-1: USB disconnect, device number 69
[ 2588.967192][T11909] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[ 2589.254056][T11909] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2589.294774][T11909] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 2589.353645][T11909] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2589.394945][T11909] usb 4-1: config 0 descriptor??
[ 2589.760270][T31488] netlink: 48 bytes leftover after parsing attributes in process `syz.3.7681'.
[ 2590.004563][T25166] usb 4-1: USB disconnect, device number 70
[ 2590.709953][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 2590.798413][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 2593.586720][T27526] Bluetooth: hci4: unexpected event for opcode 0x1005
[ 2594.893787][    T9] usb 5-1: USB disconnect, device number 51
[ 2595.304595][   T23] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[ 2595.534803][   T23] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2595.555979][   T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2595.581369][   T23] usb 4-1: Product: syz
[ 2595.592809][   T23] usb 4-1: Manufacturer: syz
[ 2595.603202][   T23] usb 4-1: SerialNumber: syz
[ 2595.634167][   T23] usb 4-1: config 0 descriptor??
[ 2596.634918][   T23] usb 4-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0)
[ 2596.643035][   T23] usb 4-1: Firmware version (0.0) predates our first public release.
[ 2596.681103][   T23] usb 4-1: Please update to version 0.2 or newer
[ 2596.843819][   T23] usb 4-1: Firmware: build â
[ 2597.252470][   T23] usb 4-1: USB disconnect, device number 71
[ 2597.523527][T31540] sctp: [Deprecated]: syz.4.7693 (pid 31540) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2597.523527][T31540] Use struct sctp_sack_info instead
[ 2598.057345][T31542] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[ 2598.135776][T31542] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 2598.948833][T27526] Bluetooth: hci0: unexpected event for opcode 0x1005
[ 2601.538745][T31578] sctp: [Deprecated]: syz.1.7704 (pid 31578) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2601.538745][T31578] Use struct sctp_sack_info instead
[ 2602.137635][T31586] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[ 2602.146437][T31586] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 2602.283069][T27526] Bluetooth: hci0: unexpected event for opcode 0x1005
[ 2604.814465][T31603] ip6t_srh: unknown srh match flags  4000
[ 2608.123661][T31623] sctp: [Deprecated]: syz.0.7716 (pid 31623) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2608.123661][T31623] Use struct sctp_sack_info instead
[ 2608.244236][T27536] Bluetooth: hci2: command 0x0406 tx timeout
[ 2611.575734][T27865] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[ 2611.612562][T27526] Bluetooth: hci4: link tx timeout
[ 2611.620708][T27526] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[ 2611.803473][T27865] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2611.814466][T27865] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 2611.824376][T27865] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2611.858570][T27865] usb 5-1: config 0 descriptor??
[ 2612.195376][T31648] netlink: 48 bytes leftover after parsing attributes in process `syz.4.7719'.
[ 2612.966776][    T9] usb 5-1: USB disconnect, device number 52
[ 2613.145758][T31661] ip6t_srh: unknown srh match flags  4000
[ 2614.305460][T27526] Bluetooth: hci4: command 0x0406 tx timeout
[ 2614.384675][T10560] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[ 2614.617912][T10560] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2614.681391][T10560] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2614.692081][T10560] usb 4-1: Product: syz
[ 2614.709027][T10560] usb 4-1: Manufacturer: syz
[ 2614.739670][T10560] usb 4-1: SerialNumber: syz
[ 2614.771269][T10560] usb 4-1: config 0 descriptor??
[ 2615.033902][T31655] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[ 2615.246956][T10560] usb 4-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0)
[ 2615.282389][T10560] usb 4-1: Firmware version (0.0) predates our first public release.
[ 2615.284007][T31655] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2615.321134][T10560] usb 4-1: Please update to version 0.2 or newer
[ 2615.338232][T31655] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2615.392916][T31655] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 2615.422863][T31655] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 2615.443109][T31655] usb 5-1: Manufacturer: syz
[ 2615.448491][T10560] usb 4-1: Firmware: build â
[ 2615.475833][T31655] usb 5-1: config 0 descriptor??
[ 2616.149937][T31655] uclogic 0003:256C:006D.0031: failed retrieving Huion firmware version: -71
[ 2616.170070][T31655] uclogic 0003:256C:006D.0031: failed probing parameters: -71
[ 2616.203635][T31655] uclogic: probe of 0003:256C:006D.0031 failed with error -71
[ 2616.218343][T31655] usb 5-1: USB disconnect, device number 53
[ 2618.448471][T31691] binder: BINDER_SET_CONTEXT_MGR already set
[ 2618.454731][T31691] binder: 31690:31691 ioctl 4018620d 200000004a80 returned -16
[ 2621.442312][T31706] ip6t_srh: unknown srh match flags  4000
[ 2623.203715][T29127] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[ 2623.394787][T29127] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2623.423575][T29127] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2623.445503][T29127] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 2623.484037][T29127] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 2623.508621][T29127] usb 5-1: Manufacturer: syz
[ 2623.530016][T29127] usb 5-1: config 0 descriptor??
[ 2624.213244][T29127] uclogic 0003:256C:006D.0032: failed retrieving Huion firmware version: -71
[ 2624.222375][T29127] uclogic 0003:256C:006D.0032: failed probing parameters: -71
[ 2624.231427][T29127] uclogic: probe of 0003:256C:006D.0032 failed with error -71
[ 2624.258948][T29127] usb 5-1: USB disconnect, device number 54
[ 2625.050166][T31718] sctp: [Deprecated]: syz.4.7742 (pid 31718) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2625.050166][T31718] Use struct sctp_sack_info instead
[ 2627.178231][T31726] binder: BINDER_SET_CONTEXT_MGR already set
[ 2627.187422][T31726] binder: 31725:31726 ioctl 4018620d 200000004a80 returned -16
[ 2627.738517][T10560] usb 4-1: USB disconnect, device number 72
[ 2628.035433][T31734] ip6t_srh: unknown srh match flags  4000
[ 2630.563584][T27865] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 2630.713619][T31655] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[ 2630.782682][T27865] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2630.814498][T27865] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2630.844742][T27865] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 2630.854075][T27865] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[ 2630.873491][T27865] usb 5-1: Manufacturer: syz
[ 2630.883746][  T966] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[ 2630.912845][T27865] usb 5-1: config 0 descriptor??
[ 2630.934251][T31655] usb 2-1: Using ep0 maxpacket: 32
[ 2630.941071][T31655] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 2630.962877][T31655] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2631.003277][T31655] usb 2-1: config 0 descriptor??
[ 2631.104683][  T966] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2631.124454][  T966] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2631.154947][  T966] usb 4-1: Product: syz
[ 2631.173581][  T966] usb 4-1: Manufacturer: syz
[ 2631.198853][  T966] usb 4-1: SerialNumber: syz
[ 2631.215010][  T966] usb 4-1: config 0 descriptor??
[ 2631.232433][T31655] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 2631.274618][T31655] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 2631.314261][T31655] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 2631.333961][T31655] usb 2-1: media controller created
[ 2631.451468][T31655] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2631.516912][T31655] az6027: usb out operation failed. (-71)
[ 2631.547475][T31655] az6027: usb out operation failed. (-71)
[ 2631.554727][T27865] uclogic 0003:256C:006D.0033: failed retrieving Huion firmware version: -71
[ 2631.567986][T31655] stb0899_attach: Driver disabled by Kconfig
[ 2631.586467][T27865] uclogic 0003:256C:006D.0033: failed probing parameters: -71
[ 2631.594104][T31655] az6027: no front-end attached
[ 2631.594104][T31655] 
[ 2631.610481][T27865] uclogic: probe of 0003:256C:006D.0033 failed with error -71
[ 2631.619125][T31655] az6027: usb out operation failed. (-71)
[ 2631.633210][T31655] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 2631.661833][T27865] usb 5-1: USB disconnect, device number 55
[ 2631.684795][T31655] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input58
[ 2631.756857][T31655] dvb-usb: schedule remote query interval to 400 msecs.
[ 2631.788225][T31655] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 2631.834158][T31655] usb 2-1: USB disconnect, device number 12
[ 2631.847845][  T966] usb 4-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0)
[ 2631.869754][  T966] usb 4-1: Firmware version (0.0) predates our first public release.
[ 2631.893047][  T966] usb 4-1: Please update to version 0.2 or newer
[ 2631.922256][T31655] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 2632.057602][  T966] usb 4-1: Firmware: build â
[ 2632.498987][  T966] usb 4-1: USB disconnect, device number 73
[ 2632.818143][T31766] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7756'.
[ 2634.995275][T31772] ip6t_srh: unknown srh match flags  4000
[ 2638.341552][T31780] vivid-001: disconnect
[ 2638.347038][T31779] vivid-001: reconnect
[ 2643.924483][T31810] ip6t_srh: unknown srh match flags  4000
[ 2646.393110][T31816] sctp: [Deprecated]: syz.3.7770 (pid 31816) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2646.393110][T31816] Use struct sctp_sack_info instead
[ 2648.755327][T31842] sctp: [Deprecated]: syz.1.7778 (pid 31842) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2648.755327][T31842] Use struct sctp_sack_info instead
[ 2648.973687][T31844] sctp: [Deprecated]: syz.4.7779 (pid 31844) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2648.973687][T31844] Use struct sctp_sack_info instead
[ 2652.172149][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 2652.181923][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 2652.638964][T31881] sctp: [Deprecated]: syz.4.7788 (pid 31881) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2652.638964][T31881] Use struct sctp_sack_info instead
[ 2652.716454][T31882] ip6t_srh: unknown srh match flags  4000
[ 2655.103551][T10560] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[ 2655.326375][T10560] usb 2-1: Using ep0 maxpacket: 32
[ 2655.357064][T10560] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[ 2655.365517][T10560] usb 2-1: config 0 has no interface number 0
[ 2655.371617][T10560] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2655.414889][T10560] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 2655.430667][T10560] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2655.463499][T10560] usb 2-1: Product: syz
[ 2655.468433][T10560] usb 2-1: Manufacturer: syz
[ 2655.473266][T10560] usb 2-1: SerialNumber: syz
[ 2655.494613][T10560] usb 2-1: config 0 descriptor??
[ 2655.524803][T10560] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 2655.540119][T10560] em28xx 2-1:0.132: Video interface 132 found:
[ 2655.928113][T10560] em28xx 2-1:0.132: chip ID is em2765
[ 2656.200446][T10560] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 2656.211444][T10560] em28xx 2-1:0.132: board has no eeprom
[ 2656.283550][T10560] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 2656.291626][T10560] em28xx 2-1:0.132: analog set to bulk mode.
[ 2656.297792][  T786] em28xx 2-1:0.132: Registering V4L2 extension
[ 2656.334319][T10560] usb 2-1: USB disconnect, device number 13
[ 2656.368287][T10560] em28xx 2-1:0.132: Disconnecting em28xx
[ 2656.509640][  T786] em28xx 2-1:0.132: Config register raw data: 0xffffffed
[ 2656.517112][  T786] em28xx 2-1:0.132: AC97 chip type couldn't be determined
[ 2656.524420][  T786] em28xx 2-1:0.132: No AC97 audio processor
[ 2656.560798][  T786] usb 2-1: Decoder not found
[ 2656.569446][  T786] em28xx 2-1:0.132: failed to create media graph
[ 2656.594143][  T786] em28xx 2-1:0.132: V4L2 device video103 deregistered
[ 2656.621127][  T786] em28xx 2-1:0.132: Remote control support is not available for this card.
[ 2656.646677][T10560] em28xx 2-1:0.132: Closing input extension
[ 2656.665001][T10560] em28xx 2-1:0.132: Freeing device
[ 2656.975087][T31899] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[ 2656.992045][T31899] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 2657.073962][T27536] Bluetooth: hci1: unexpected event for opcode 0x1005
[ 2657.816548][T31912] ERROR: device name not specified.
[ 2658.895748][T31928] sctp: [Deprecated]: syz.0.7800 (pid 31928) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2658.895748][T31928] Use struct sctp_sack_info instead
[ 2659.243479][  T786] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 2659.488295][  T786] usb 5-1: Using ep0 maxpacket: 32
[ 2659.510799][  T786] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[ 2659.547251][  T786] usb 5-1: config 0 has no interface number 0
[ 2659.591807][  T786] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2659.613827][  T786] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 2659.623337][  T786] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2659.631888][  T786] usb 5-1: Product: syz
[ 2659.643057][  T786] usb 5-1: Manufacturer: syz
[ 2659.650731][  T786] usb 5-1: SerialNumber: syz
[ 2659.661457][  T786] usb 5-1: config 0 descriptor??
[ 2659.696502][  T786] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 2659.710050][  T786] em28xx 5-1:0.132: Video interface 132 found:
[ 2659.758984][T31940] sctp: [Deprecated]: syz.1.7804 (pid 31940) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2659.758984][T31940] Use struct sctp_sack_info instead
[ 2660.113123][  T786] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[ 2660.217962][  T786] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 2660.234983][  T786] em28xx 5-1:0.132: board has no eeprom
[ 2660.303705][  T786] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 2660.375005][  T786] em28xx 5-1:0.132: analog set to bulk mode.
[ 2660.412557][    T9] em28xx 5-1:0.132: Registering V4L2 extension
[ 2660.520876][  T786] usb 5-1: USB disconnect, device number 56
[ 2660.602423][  T786] em28xx 5-1:0.132: Disconnecting em28xx
[ 2660.854946][T31956] ERROR: device name not specified.
[ 2661.275465][    T9] em28xx 5-1:0.132: Config register raw data: 0xffffffed
[ 2661.308693][    T9] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[ 2661.363574][T27536] Bluetooth: hci4: unexpected event for opcode 0x1005
[ 2661.377298][    T9] em28xx 5-1:0.132: No AC97 audio processor
[ 2661.415269][    T9] usb 5-1: Decoder not found
[ 2661.463628][    T9] em28xx 5-1:0.132: failed to create media graph
[ 2661.556164][    T9] em28xx 5-1:0.132: V4L2 device video103 deregistered
[ 2661.586572][    T9] em28xx 5-1:0.132: Remote control support is not available for this card.
[ 2661.605416][T31963] ==================================================================
[ 2661.613523][T31963] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xca/0x430
[ 2661.620994][T31963] Read of size 8 at addr ffff888068a5c738 by task v4l_id/31963
[ 2661.628549][T31963] 
[ 2661.630879][T31963] CPU: 0 PID: 31963 Comm: v4l_id Not tainted syzkaller #0
[ 2661.637994][T31963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2661.648065][T31963] Call Trace:
[ 2661.651349][T31963]  <TASK>
[ 2661.654292][T31963]  dump_stack_lvl+0x18c/0x250
[ 2661.659026][T31963]  ? __lock_acquire+0x7d40/0x7d40
[ 2661.664098][T31963]  ? show_regs_print_info+0x20/0x20
[ 2661.669311][T31963]  ? load_image+0x400/0x400
[ 2661.673854][T31963]  ? _raw_spin_lock_irqsave+0xc0/0x100
[ 2661.679455][T31963]  ? __virt_addr_valid+0x18c/0x540
[ 2661.684601][T31963]  ? __virt_addr_valid+0x469/0x540
[ 2661.689808][T31963]  print_report+0xa8/0x210
[ 2661.694252][T31963]  ? v4l2_fh_open+0xca/0x430
[ 2661.698849][T31963]  kasan_report+0x117/0x150
[ 2661.703399][T31963]  ? v4l2_fh_open+0xca/0x430
[ 2661.708005][T31963]  v4l2_fh_open+0xca/0x430
[ 2661.712432][T31963]  em28xx_v4l2_open+0x157/0x980
[ 2661.717396][T31963]  v4l2_open+0x212/0x360
[ 2661.721656][T31963]  chrdev_open+0x5cc/0x6a0
[ 2661.726088][T31963]  ? cd_forget+0x160/0x160
[ 2661.730597][T31963]  ? fsnotify_perm+0x3ed/0x5e0
[ 2661.735416][T31963]  ? cd_forget+0x160/0x160
[ 2661.739842][T31963]  do_dentry_open+0x8c6/0x1500
[ 2661.744623][T31963]  path_openat+0x27f1/0x3230
[ 2661.749255][T31963]  ? do_sys_openat2+0xda/0x1d0
[ 2661.754029][T31963]  ? verify_lock_unused+0x140/0x140
[ 2661.759238][T31963]  ? do_filp_open+0x430/0x430
[ 2661.763938][T31963]  ? __virt_addr_valid+0x18c/0x540
[ 2661.769077][T31963]  do_filp_open+0x1f5/0x430
[ 2661.773589][T31963]  ? vfs_tmpfile+0x490/0x490
[ 2661.778329][T31963]  ? _raw_spin_unlock+0x28/0x40
[ 2661.783188][T31963]  ? alloc_fd+0x58f/0x630
[ 2661.787534][T31963]  do_sys_openat2+0x134/0x1d0
[ 2661.792258][T31963]  ? do_sys_open+0xe0/0xe0
[ 2661.796693][T31963]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 2661.802692][T31963]  ? lock_chain_count+0x20/0x20
[ 2661.807598][T31963]  ? lock_chain_count+0x20/0x20
[ 2661.812459][T31963]  __x64_sys_openat+0x139/0x160
[ 2661.817324][T31963]  do_syscall_64+0x55/0xa0
[ 2661.821764][T31963]  ? clear_bhb_loop+0x40/0x90
[ 2661.826525][T31963]  ? clear_bhb_loop+0x40/0x90
[ 2661.831218][T31963]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2661.837132][T31963] RIP: 0033:0x7fdd71ea7407
[ 2661.841555][T31963] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 2661.861265][T31963] RSP: 002b:00007ffc5a1538f0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 2661.869791][T31963] RAX: ffffffffffffffda RBX: 00007fdd72583880 RCX: 00007fdd71ea7407
[ 2661.877818][T31963] RDX: 0000000000000000 RSI: 00007ffc5a154f1a RDI: ffffffffffffff9c
[ 2661.885809][T31963] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 2661.893790][T31963] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 2661.901751][T31963] R13: 00007ffc5a153b40 R14: 00007fdd72680000 R15: 0000561f5ebc74d8
[ 2661.909722][T31963]  </TASK>
[ 2661.912723][T31963] 
[ 2661.915027][T31963] Allocated by task 9:
[ 2661.919073][T31963]  kasan_set_track+0x4e/0x70
[ 2661.923648][T31963]  __kasan_kmalloc+0x8f/0xa0
[ 2661.928231][T31963]  em28xx_v4l2_init+0x10b/0x2e70
[ 2661.933156][T31963]  em28xx_init_extension+0x11c/0x1b0
[ 2661.938428][T31963]  process_scheduled_works+0xa5d/0x15d0
[ 2661.943990][T31963]  worker_thread+0xa55/0xfc0
[ 2661.948563][T31963]  kthread+0x2fa/0x390
[ 2661.952615][T31963]  ret_from_fork+0x48/0x80
[ 2661.957015][T31963]  ret_from_fork_asm+0x11/0x20
[ 2661.961797][T31963] 
[ 2661.964106][T31963] Freed by task 9:
[ 2661.967805][T31963]  kasan_set_track+0x4e/0x70
[ 2661.972384][T31963]  kasan_save_free_info+0x2e/0x50
[ 2661.977403][T31963]  ____kasan_slab_free+0x126/0x1e0
[ 2661.982504][T31963]  slab_free_freelist_hook+0x130/0x1a0
[ 2661.987955][T31963]  __kmem_cache_free+0xba/0x1e0
[ 2661.992797][T31963]  em28xx_v4l2_init+0x1670/0x2e70
[ 2661.997814][T31963]  em28xx_init_extension+0x11c/0x1b0
[ 2662.003107][T31963]  process_scheduled_works+0xa5d/0x15d0
[ 2662.008638][T31963]  worker_thread+0xa55/0xfc0
[ 2662.013213][T31963]  kthread+0x2fa/0x390
[ 2662.017264][T31963]  ret_from_fork+0x48/0x80
[ 2662.021667][T31963]  ret_from_fork_asm+0x11/0x20
[ 2662.026416][T31963] 
[ 2662.028726][T31963] The buggy address belongs to the object at ffff888068a5c000
[ 2662.028726][T31963]  which belongs to the cache kmalloc-8k of size 8192
[ 2662.042767][T31963] The buggy address is located 1848 bytes inside of
[ 2662.042767][T31963]  freed 8192-byte region [ffff888068a5c000, ffff888068a5e000)
[ 2662.056720][T31963] 
[ 2662.059028][T31963] The buggy address belongs to the physical page:
[ 2662.065459][T31963] page:ffffea0001a29600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x68a58
[ 2662.075591][T31963] head:ffffea0001a29600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 2662.084517][T31963] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 2662.092499][T31963] page_type: 0xffffffff()
[ 2662.096944][T31963] raw: 00fff00000000840 ffff888017c42280 ffffea0000c04400 0000000000000004
[ 2662.105510][T31963] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[ 2662.114074][T31963] page dumped because: kasan: bad access detected
[ 2662.120496][T31963] page_owner tracks the page as allocated
[ 2662.126190][T31963] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 31273, tgid 31272 (syz.3.7620), ts 2561455283725, free_ts 2540844406644
[ 2662.149269][T31963]  post_alloc_hook+0x1c1/0x200
[ 2662.154058][T31963]  get_page_from_freelist+0x1951/0x19e0
[ 2662.159587][T31963]  __alloc_pages+0x1f0/0x460
[ 2662.164161][T31963]  alloc_slab_page+0x5d/0x160
[ 2662.168833][T31963]  new_slab+0x87/0x2d0
[ 2662.172893][T31963]  ___slab_alloc+0xc5d/0x12f0
[ 2662.177556][T31963]  __kmem_cache_alloc_node+0x19e/0x250
[ 2662.183001][T31963]  __kmalloc_node+0xa4/0x230
[ 2662.187576][T31963]  kvmalloc_node+0x70/0x180
[ 2662.192084][T31963]  pfifo_fast_init+0x238/0x6a0
[ 2662.196882][T31963]  qdisc_create_dflt+0x11e/0x430
[ 2662.201802][T31963]  mq_init+0x2e2/0x680
[ 2662.205869][T31963]  qdisc_create_dflt+0x11e/0x430
[ 2662.211307][T31963]  dev_activate+0x1d0/0x11a0
[ 2662.215879][T31963]  __dev_open+0x347/0x430
[ 2662.220225][T31963]  __dev_change_flags+0x211/0x6a0
[ 2662.225292][T31963] page last free stack trace:
[ 2662.229973][T31963]  free_unref_page_prepare+0x7b2/0x8c0
[ 2662.235427][T31963]  free_unref_page+0x32/0x2e0
[ 2662.240105][T31963]  skb_release_data+0x49a/0x800
[ 2662.244999][T31963]  __kfree_skb+0x57/0x70
[ 2662.249217][T31963]  tcp_ack+0x2114/0x6620
[ 2662.253468][T31963]  tcp_rcv_established+0x7fd/0x1d20
[ 2662.258663][T31963]  tcp_v4_do_rcv+0x4ed/0xb80
[ 2662.263240][T31963]  __release_sock+0x1e5/0x460
[ 2662.267904][T31963]  release_sock+0x5f/0x1c0
[ 2662.272315][T31963]  tcp_recvmsg+0x23c/0x860
[ 2662.276740][T31963]  inet_recvmsg+0x140/0x1f0
[ 2662.281236][T31963]  __sys_recvfrom+0x36a/0x530
[ 2662.285951][T31963]  __x64_sys_recvfrom+0xde/0xf0
[ 2662.290788][T31963]  do_syscall_64+0x55/0xa0
[ 2662.295195][T31963]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2662.301069][T31963] 
[ 2662.303408][T31963] Memory state around the buggy address:
[ 2662.309025][T31963]  ffff888068a5c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2662.317067][T31963]  ffff888068a5c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2662.325107][T31963] >ffff888068a5c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2662.333146][T31963]                                         ^
[ 2662.339047][T31963]  ffff888068a5c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2662.347102][T31963]  ffff888068a5c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2662.355150][T31963] ==================================================================
[ 2662.388438][  T786] em28xx 5-1:0.132: Closing input extension
[ 2662.398891][T31963] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 2662.406114][T31963] CPU: 0 PID: 31963 Comm: v4l_id Not tainted syzkaller #0
[ 2662.413208][T31963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 2662.423259][T31963] Call Trace:
[ 2662.426572][T31963]  <TASK>
[ 2662.429485][T31963]  dump_stack_lvl+0x18c/0x250
[ 2662.434162][T31963]  ? show_regs_print_info+0x20/0x20
[ 2662.439349][T31963]  ? load_image+0x400/0x400
[ 2662.443855][T31963]  panic+0x2dc/0x730
[ 2662.447746][T31963]  ? bpf_jit_dump+0xd0/0xd0
[ 2662.452239][T31963]  ? _raw_spin_unlock_irqrestore+0x111/0x120
[ 2662.458219][T31963]  ? _raw_spin_unlock+0x40/0x40
[ 2662.463064][T31963]  ? print_memory_metadata+0x314/0x400
[ 2662.468599][T31963]  ? v4l2_fh_open+0xca/0x430
[ 2662.473185][T31963]  check_panic_on_warn+0x84/0xa0
[ 2662.478122][T31963]  ? v4l2_fh_open+0xca/0x430
[ 2662.482714][T31963]  end_report+0x6f/0x130
[ 2662.486965][T31963]  kasan_report+0x128/0x150
[ 2662.491458][T31963]  ? v4l2_fh_open+0xca/0x430
[ 2662.496035][T31963]  v4l2_fh_open+0xca/0x430
[ 2662.500435][T31963]  em28xx_v4l2_open+0x157/0x980
[ 2662.505280][T31963]  v4l2_open+0x212/0x360
[ 2662.509538][T31963]  chrdev_open+0x5cc/0x6a0
[ 2662.513943][T31963]  ? cd_forget+0x160/0x160
[ 2662.518344][T31963]  ? fsnotify_perm+0x3ed/0x5e0
[ 2662.523103][T31963]  ? cd_forget+0x160/0x160
[ 2662.527500][T31963]  do_dentry_open+0x8c6/0x1500
[ 2662.532254][T31963]  path_openat+0x27f1/0x3230
[ 2662.536859][T31963]  ? do_sys_openat2+0xda/0x1d0
[ 2662.541616][T31963]  ? verify_lock_unused+0x140/0x140
[ 2662.546796][T31963]  ? do_filp_open+0x430/0x430
[ 2662.551459][T31963]  ? __virt_addr_valid+0x18c/0x540
[ 2662.556560][T31963]  do_filp_open+0x1f5/0x430
[ 2662.561054][T31963]  ? vfs_tmpfile+0x490/0x490
[ 2662.565630][T31963]  ? _raw_spin_unlock+0x28/0x40
[ 2662.570495][T31963]  ? alloc_fd+0x58f/0x630
[ 2662.574812][T31963]  do_sys_openat2+0x134/0x1d0
[ 2662.579480][T31963]  ? do_sys_open+0xe0/0xe0
[ 2662.583884][T31963]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 2662.589851][T31963]  ? lock_chain_count+0x20/0x20
[ 2662.594682][T31963]  ? lock_chain_count+0x20/0x20
[ 2662.599519][T31963]  __x64_sys_openat+0x139/0x160
[ 2662.604366][T31963]  do_syscall_64+0x55/0xa0
[ 2662.608776][T31963]  ? clear_bhb_loop+0x40/0x90
[ 2662.613453][T31963]  ? clear_bhb_loop+0x40/0x90
[ 2662.618120][T31963]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 2662.623996][T31963] RIP: 0033:0x7fdd71ea7407
[ 2662.628395][T31963] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 2662.648091][T31963] RSP: 002b:00007ffc5a1538f0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 2662.656489][T31963] RAX: ffffffffffffffda RBX: 00007fdd72583880 RCX: 00007fdd71ea7407
[ 2662.664531][T31963] RDX: 0000000000000000 RSI: 00007ffc5a154f1a RDI: ffffffffffffff9c
[ 2662.672492][T31963] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 2662.680448][T31963] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 2662.688673][T31963] R13: 00007ffc5a153b40 R14: 00007fdd72680000 R15: 0000561f5ebc74d8
[ 2662.696811][T31963]  </TASK>
[ 2662.700157][T31963] Kernel Offset: disabled
[ 2662.704470][T31963] Rebooting in 86400 seconds..